The Future is NOT Self-Hosted

⁨223⁩ ⁨likes⁩

Submitted ⁨⁨1⁩ ⁨month⁩ ago⁩ by ⁨ruffsl@programming.dev⁩ to ⁨selfhosted@lemmy.world⁩

https://www.drewlyton.com/story/the-future-is-not-self-hosted/

The future is community-hosted

Related Hacker News thread:

news.ycombinator.com/item?id=44682175

source

Comments

Sort:hotnew top

AA5B@lemmy.world ⁨1⁩ ⁨month⁩ ago
The authors approach to not owning anything digital was to attempt self hosting. But the authors reaction to the amount of work was that he shouldn’t own the “self-hosting”? He does not even realize that he’s back to not owning anything

source
- elDalvini@discuss.tchncs.de ⁨1⁩ ⁨month⁩ ago
  He proposes the cloud be owned by communities, so in a way by everyone. That’s not the same everything being owned by private companies.
  
  source
  - baod_rate@programming.dev ⁨1⁩ ⁨month⁩ ago
    In fact, that model (conceptually, though not technically) is how most fediverse software already work
    
    source
  - NotKyloRen@lemmy.zip ⁨1⁩ ⁨month⁩ ago
    So is he insinuating that communities should have IT people who keep things running for everyone (like a digital librarian of sorts)?
    
    Because that takes time, effort, and money. Like a lot more than one would spend or need for themselves/family/maybe a couple of friends.
    
    Also, community-run self-hosting just seems like a bad idea from a privacy and legality standpoint. One pirate getting caught isn’t usually so bad (usually a warning or small fine). But once you start distributing, then you’re going from a kiddie pool of consequences into an ocean of consequences.
    
    source
    -> View More Comments
philpo@feddit.org ⁨1⁩ ⁨month⁩ ago
Lol. So we trust local governments and communities now?

Has anyone ever worked with them IT wise?

I do so in four different EU countries and know people who do in the US and Canada. And…well…there is a reason local governments often went towards the cloud services. Do people think Joe Admin in Bumfucknowhere can operate what basically becomes a MiniDC? And who controls that?

Sorry. Either go “host at home” and only fuck up things for oneself. Or do it properly with a proper DC. Colocate if you want. But that? Lol.

source
- interdimensionalmeme@lemmy.ml ⁨1⁩ ⁨month⁩ ago
  I can easily host vaultwarden, trillium, docker-mailserver, jellyfin, borgbackup and syncthing instances for my 5 neighbours. Everyone who’s even slightly good with computers can do that for their neighbours. That’s what I think when I hear “community”. Not online fandoms.
  
  source
  - philpo@feddit.org ⁨1⁩ ⁨month⁩ ago
    Yeah. And I am sure you won’t do anything bad.
    
    But we all know how many that will not be the case. There were countless cases of school IT staff being malicious, of healthcare IT staff being malicious. Do you think that won’t be happening regularly on a small community scale? And that goes both ways: What happens when your neighbour suddenly accuses you of stealing passwords from you?
    
    Don’t get me wrong - I am also providing services to my friends and family. But I absolutely do refuse to do so for any vital or financially debilitating services (which I consider vaultwarden for example). And I am seeing large issues with promoting this model as a solution - which need to be addressed.
    
    source
    -> View More Comments
  - JustEnoughDucks@feddit.nl ⁨1⁩ ⁨month⁩ ago
    I think the issue is more that large tech firms can absolutely deal with external security in their applications. The amount of times gmail or Microsoft 365 has been hacked and leaked a bunch of client data is statistically zero when looking at their attack area.
    
    Joe Dirt self hosting a mail server for his neighbors on a salvaged rack server is 1000x more likely to get hacked or lose a ton of his neighbors’ data than a big tech firm.
    
    That is kind of the trade off for community hosting. There are very very few backup and security-literate people in communities.
    
    source
    -> View More Comments
SolarPunker@slrpnk.net ⁨1⁩ ⁨month⁩ ago
Every city should host main public web servicies for its citizens, each one as an instance of a complex system, that’s how anarchy works.

source
- Blue_Morpho@lemmy.world ⁨1⁩ ⁨month⁩ ago
  That quickly becomes a tragedy of the commons. The city pays for it but how do you verify “citizenship”?
  
  source
  - lambalicious@lemmy.sdf.org ⁨1⁩ ⁨month⁩ ago
    If you mean citizenship as being associated to the city whose hosting services you are using, yhe power or water bill pointed at your name and residence should be able to do that. Now, if you want that plus anonimity, the only practical option I can think of for a city-wide physical campaign is some sort of GPG Signature Meetup (“signature party”).
    
    source
    -> View More Comments
  - dangercake@feddit.uk ⁨1⁩ ⁨month⁩ ago
    If every city has the same then why would you even want to?
    
    source
    -> View More Comments
thejml@sh.itjust.works ⁨1⁩ ⁨month⁩ ago
Instead of building our own clouds, I want us to own the cloud. Keep all of the great parts about this feat of technical infrastructure, but put it in the hands of the people rather than corporations. I’m talking publicly funded, accessible, at cost cloud-services.

I worry that quickly this will follow this path:

Someone has to pay for it, so it becomes like an HOA of compute. (A Compute Owners Association, perhaps) Everyone contributes, everyone pays their shares

Now there’s a group making decisions… and they can impose rules voted upon by the group. Not everyone will like that, causing schisms.

Economies of scale: COA’s get large enough to be more mini-corps and less communal. Now you’re starting to see “subscription fees” no differently than many cloud providers, just with more “ownership and self regulation”

The people running these find that it takes a lot of work and need a salary. They also want to get hosted somewhere better than someone’s house, so they look for colocation facilities and worry about HA and DR.

They keep growing and draw the ire of companies for hosting copies of licensed resources. Ownership (which this article says we don’t have anyway) is hard to prove, and lawsuits start flying. The COA has to protect itself, so it starts having to police what’s stored on it. And now it’s no better than what it replaced.
source
- lambalicious@lemmy.sdf.org ⁨1⁩ ⁨month⁩ ago
  Wouldn’t a zero-knowledge hosting solution (you provide hosting, but you can’t see what’s into it past a stream of binary) help with that?
  
  source
  - 0x0@lemmy.zip ⁨1⁩ ⁨month⁩ ago
    Software suggestions?
    
    source
Outwit1294@lemmy.today ⁨1⁩ ⁨month⁩ ago
If you do not have physical access, it is not yours. Trust absolutely no one.

source
Omnipitaph@reddthat.com ⁨1⁩ ⁨month⁩ ago
This guy didn’t want to do the leg work of emailing his photos to his friends, and declares self-hosting isn’t the solution to a social net? I totally see the point in community hosting, in fact I’m all for that.

But really? You don’t have to make your servers public facing, you just white-list the people you want to see your stuff and make sure to organize your drives with public and private pages.

He went through all that and didn’t take it far enough.

source
- gandalf_der_12te@discuss.tchncs.de ⁨1⁩ ⁨month⁩ ago
  
  emailing his photos to his friends
  
  that’s sometimes difficult, e.g. when you have thousands of photos, and emails have a size limit of 20 MB per email. using matrix chat or sth is also not ideal since the other side will have to download images one-by-one. sending a zip file might work, but the matrix protocol might have a size limit for attachments.
  
  an FTP server might work. also consider that you want to store the images somewhere, not just send them once. how do you do that with messaging services?
  
  source
  - spicehoarder@lemmy.zip ⁨1⁩ ⁨month⁩ ago
    Synology shared folder, separate user accounts, and tailscale is how I share media with my friends and family outside my network.
    
    source
  - Omnipitaph@reddthat.com ⁨1⁩ ⁨month⁩ ago
    I feel like I covered my bases with the rest of my comment there. If you have thousands of photos that you want to share, host them on your server and whitelist the people you want to see them :/
    
    IRL I’ve never sent nor received more than a handful of pics at a time, and always through email. It would have never occurred to me that people are out there sending the whole family collection to each other digitally. Grandma hordes those pics for a reason; as leverage for people to visit her!
    
    source
  - surph_ninja@lemmy.world ⁨1⁩ ⁨month⁩ ago
    It’s pretty simple to send a Nextcloud share link.
    
    source
  - JadedBlueEyes@programming.dev ⁨1⁩ ⁨month⁩ ago
    Matrix file limits are server-dependent, usually enforced for the uploader only. If you run a server you can set it to several gigabytes lol
    
    Alteernatively, use a tool designed for file transfer: gist.github.com/…/fd6e275e44009b72f64d0570256bb3b…
    
    source
dodos@lemmy.world ⁨1⁩ ⁨month⁩ ago
I’d love to help community host stuff, but I’m terrified of someone posting cp to a server I have or getting breached.

source
- lambalicious@lemmy.sdf.org ⁨1⁩ ⁨month⁩ ago
  Zero-knowledge hosting solutions should help with that, but I’m unsure how the tech and UX has been going for that on FOSS as of yet.
  
  source
Kirk@startrek.website ⁨1⁩ ⁨month⁩ ago
The LinkedIn-styled writing here is hard for me to get through, but I think the general gist is that for profit platforms are easier to onboard which I agree with. This line stands out:

And what do we get in return? A worse experience than cloud-based services.

I have to disagree somewhat, it’s a different experience that is absolutely more difficult in many ways, but for those of us who value privacy, control over our data, and don’t like ads, the trade-off is worth it. Also it goes without saying that the usability of selfhosted apps has exploded in the past few years and it will likely become less and less of an issue.

source
- Vendetta9076@sh.itjust.works ⁨1⁩ ⁨month⁩ ago
  Its funny to say a worse experience because I can confidently say that all the services ive replaced are equal or better than their corporate counterparts. And sometimes better by 10x
  
  source
  - huquad@lemmy.ml ⁨1⁩ ⁨month⁩ ago
    I never wonder, is “X” is on jellyfin? Yes, good. No, give me 5.
    
    source
ehxor@lemmy.ca ⁨1⁩ ⁨month⁩ ago

Companies like Amazon have been playing dirty with Digital Rights Management (DRM) since the Internet’s inception.

False. They came along after the fact and sullied the waters, then lobbied to make it illegal to tinker with the DRM locks, then got richer than God.

source
DieserTypMatthias@lemmy.ml ⁨1⁩ ⁨month⁩ ago
The future is federated.

source
- rottingleaf@lemmy.world ⁨1⁩ ⁨month⁩ ago
  I would say the future is in pooling resources.
  
  Like it happens with torrents. As one p2p protocol very successful.
  
  Self-hosting not applications, but storage and uniform services. Let different user applications use the same pooled storage and services.
  
  All services are ultimately storage, computation, relays, search&indexing and trackers. So if there’s a way to contribute storage, computing resources, search and relay nodes by announcing them via trackers (suppose), then one can make any global networked application using that.
  
  But I’m still thinking how can that even work. What I’m dreaming of is just year 2000 Internet (with FTP, e-mail, IRC, search engines), except simplified and made for machines, with the end result being represented to user by a local application. There should be some way to pay for resources in a uniform way, and reputation of resources (not too good if someone can make a storage service, collect payment, get a “store” request and then just take it offline), or it won’t work.
  
  And global cryptographic identities.
  
  Not like Fediverse in the end, more like NOSTR.
  
  source
  - 0x0@lemmy.zip ⁨1⁩ ⁨month⁩ ago
    
    if there’s a way to contribute storage,
    
    So IPFS and Hyphanet?
    
    computing resources,
    
    BOINC comes to mind.
    
    search and relay nodes
    
    Perhaps SearxNG?
    
    source
    -> View More Comments
- sugar_in_your_tea@sh.itjust.works ⁨1⁩ ⁨month⁩ ago
  I highly doubt that. Each federated node is fairly expensive to host since it basically needs a complete copy of everything on its peers.
  
  I think the future is distributed. You connect to others, and if the network is large enough, each piece of data only needs to exist on a faction of the nodes to be safe from disappearing. Just think about it, across your various devices (laptop, phone, tablet, desktop, etc) you likely have a couple TB available, and your can buy cloud storage for any extra space you need. And you don’t need to always be online either, it’ll sync when two peers are online at the same time, so it’ll be eventually consistent.
  
  The main barrier here is NAT IMO, you need to be reachable for it to work. That’s getting resolved with IPv6, but it’s rolling out really slowly.
  
  source
vane@lemmy.world ⁨1⁩ ⁨month⁩ ago
The future is P2P

source
- InnerScientist@lemmy.world ⁨1⁩ ⁨month⁩ ago
  The presence is P2W.
  
  source
meh@piefed.blahaj.zone ⁨1⁩ ⁨month⁩ ago
so did the author spent a bunch of money while excited about sticking it to companies upon discovering a company is not your friend. didn't enjoy the work of maintaining the services or have any friends to share them with. then dreamed up federated services so someone would do all that continuing maintenance for them? am i the weird one here for only putting effort into services i have other users for or actually enjoy doing?

source
- CeeBee_Eh@lemmy.world ⁨1⁩ ⁨month⁩ ago
  
  am i the weird one here for only putting effort into services i have other users for or actually enjoy doing?
  
  Absolutely not.
  
  source
eleitl@lemmy.zip ⁨1⁩ ⁨month⁩ ago
No, you could never buy books on Amazon, only rent them. Calibre with DeDRM plugin was a poor way to liberate them, given that formatting in libre formats was often worse than the original.

I stopped doing that and ingnored the Kindle ecosystem in general. I tried a Kobe reader with .epub books from diverse sources but I mostly use tablets (LineageOS and GrapheneOS) to consume content these days. The reader apps are not that great there, sadly.

source
- rumba@lemmy.zip ⁨1⁩ ⁨month⁩ ago
  I’d be pretty surprised if you couldn’t waydroid something decent without googleing up. Certainly moon reader or something should run without the store?
  
  source
  - eleitl@lemmy.zip ⁨1⁩ ⁨month⁩ ago
    I’m limiting myself to only open source applications on the tablets. Strictly nothing from Play Store or Aurora.
    
    source
    -> View More Comments
- XTL@sopuli.xyz ⁨1⁩ ⁨month⁩ ago
  I have bought a few otherwise hard to find books on Amazon. Actual paper books. At least used to be possible.
  
  source
  - eleitl@lemmy.zip ⁨1⁩ ⁨month⁩ ago
    Yes, when I buy books on Amazon it’s the dead tree kind.
    
    source
bitwolf@sh.itjust.works ⁨1⁩ ⁨month⁩ ago
Something that’s always given me trouble is sharing my music.

If I hear a cool song and want to send it to a friend I have to go to YouTube.

And many of my friends send me Spotify tracks. The share feature of Navidrome has been incredible for this.

I can send them a link and have a listen party with them and then erase the link when were done.

It’d be nice to have this feature in more of the self hosted apps.

source
- JustARaccoon@lemmy.world ⁨1⁩ ⁨month⁩ ago
  I wish more services adopted the service Tidal uses that sends 1 link that then points to YouTube, Spotify, Tidal, and Apple music.
  
  source
- MysteriousSophon21@lemmy.world ⁨1⁩ ⁨month⁩ ago
  I’ve had the same problem with audiobooks until I found the soundleaf app - it connects to my self-hosted audiobookshelf server and makes sharing with freinds super easy without having to use mainstream services.
  
  source
- TempermentalAnomaly@lemmy.world ⁨1⁩ ⁨month⁩ ago
  It looks like you can self host Navidrome.
  
  source
  - xistera@lemmy.dbzer0.com ⁨1⁩ ⁨month⁩ ago
    I’ve just been using Jellyfin for my music. Is there a big advantage to this over it?
    
    source
    -> View More Comments
  - bitwolf@sh.itjust.works ⁨1⁩ ⁨month⁩ ago
    Yeah that’s what I’m doing. Its been great
    
    source
sxan@midwest.social ⁨1⁩ ⁨month⁩ ago
E2E usually suffers from the same thing HTTP does: the MITM might not be able to read what you’re saying, but they know who you’re saying it to, and they may know in what context. This is a lot of information that can be used in profiling.

So you end up with systems like SimpleX, where everyone has a different UID for every contact, but that has its own problems, as anyone who’s used systems like that are aware. We haven’t really solved making that a good user experience for messaging; I don’t see it translating to broader social media any time soon.

Nostr has some really good specs and tooling that neatly addresses these topics, including great cryptography support, signing, ad-hoc IDs, and an entirely voluntary simple naming lookup; it doesn’t exactly solve zooko’s triangle, but it provides a toolset sufficient to mix and match characteristics for whatever your threat model is. Sadly, Nostr is utterly dominated by the crypto crowd (and is associated with some controversial personalities), and even if you’re not cryptocurrency-hostile, it’s a really dull echo chamber with little other content that has prevented people who might otherwise build interesting platforms in it from doing so.

Mastodon was around for ages before (the in practice centralized) Bluesky; why did it take Bluesky to open a mass exodus from X?

This is a hard problem to solve. Throwing E2E at it doesn’t make it easier; it’s just tossing a buzzword in.

source
SincerityIsCool@lemmy.ca ⁨1⁩ ⁨month⁩ ago
I agree that we need to find a way to make this communal rather than individualistic, but government backing isn’t that. It would be nice if that happened and all, but with a thesis like that it feels like it’s missing the mark calling state-hosting "community ". How do we make self-hosted services something that can serve at the level of the community? Like a load balancing reverse proxy that points to the servers those in the community can fun, and everyone invites their friends and neighbours.

source
ikidd@lemmy.world ⁨1⁩ ⁨month⁩ ago
The future (and the past) is piracy.

source
TankovayaDiviziya@lemmy.world ⁨1⁩ ⁨month⁩ ago
Thank fuck I neither desired nor ever used Kindle. I used either my library app to read e-books or getting my booty from the high seas!

source
- hanrahan@slrpnk.net ⁨1⁩ ⁨month⁩ ago
  My partner has a Kindle,. its been connected to Amazon once when she got it… 4 years layer it still hasn’t been reconnected. Everything is just loaded and managed via Calibre. I have a Kobo but the screen on her 4 yr old Kindle is better then my 6 month old Kobo
  
  source
olafurp@lemmy.world ⁨1⁩ ⁨month⁩ ago
Techno feudalism mentioned. Queue a Varoufakis talk

source
CyberChicken@whatcom.social ⁨1⁩ ⁨month⁩ ago
And thus whatcom.social was born.

Thanks for the inspiration @th3raid0r@tucson.social !

source
sugar_in_your_tea@sh.itjust.works ⁨1⁩ ⁨month⁩ ago
End-to-end encryption means the service provider can’t see your data even if they wanted to

Not necessarily. All it means is that intermediaries can’t see the data in transit. You need to trust that the data is handled properly at either end, and most service providers also make the apps that you run at either end. Your library is more likely to buy whatever is cheapest than what respects your privacy the most (e.g. probably Google drive, not Tuta or Proton).

The incentives for even community-hosted services (e.g. if the library spun up its own cloud servers) to share/sell information is just too high. Maybe the library found someone uploading illegal content, and they wanted some monitoring in there to catch service abusers going forward. They’ll probably put something into the client that a third party monitors, and now you have someone snooping on everything.

Instead of this, I think P2P storage is the better option for those who don’t want to self-host. That way there’s an incentive for the person providing storage to not know what it is (reduce liability), as well as the person submitting the data (reduce risk). Unfortunately, most current solutions here are a little shady, because they either rely on volunteers (no guarantees about data integrity) or anonymous payments (again, no guarantees about data integrity).

I’d like to see something in the middle:

apps that work off buckets of data, that the user configures

services that provide data guarantees that users can choose (e.g. AWS S3, Backblaze B2, Hetzner Storage boxes)

common protocol between apps for accessing this data

So if you want more storage, you buy said storage and know who is responsible for protecting it, and your app doesn’t care where it comes from.
source
- ShortN0te@lemmy.ml ⁨1⁩ ⁨month⁩ ago
  
  End-to-end encryption means the service provider can’t see your data even if they wanted to
  
  Not necessarily. All it means is that intermediaries can’t see the data in transit. You need to trust that the data is handled properly at either end, and most service providers also make the apps that you run at either end.
  
  This is incorrect. End-to-End is defined as from “User to User” and not “User to Service provider”. That would be just transport encryption.
  
  en.m.wikipedia.org/wiki/End-to-end_encryption
  
  source
  - sugar_in_your_tea@sh.itjust.works ⁨1⁩ ⁨month⁩ ago
    Right, and that’s what I mean too.
    
    For example, let’s assume Google Drive is E2EE, the client apps on both sides have access to unencrypted data, and they can absolutely index it or whatever to sell to advertisers. The statement in the article was overly broad, because the service provider can see your data, assuming they also control the client apps.
    
    source
- monogram@feddit.nl ⁨1⁩ ⁨month⁩ ago
  Compute has become so ubiquitous it’s silly that we need to pick between server-client and p2p
  
  Syncthing is a good example of being both, with options you can enable for your server version, but it’s way too basic compared to immich or nextcloud
  
  source
  - sugar_in_your_tea@sh.itjust.works ⁨1⁩ ⁨month⁩ ago
    Eh, Syncthing is only stuff you control, which doesn’t exactly fulfill what OP is talking about: extending the benefits of self-hosting to those who can’t or don’t want to self-host. It also doesn’t expand storage, it just keeps your storage in sync between devices.
    
    P2P solves a lot of this. It provides expanded storage, can be easy to get into (add nodes as you go/pay others for nodes), etc. But there’s the perennial issue w/ trusting others w/ your data.
    
    That’s why I think a hybrid is better. Buy storage from trusted providers as needed and use apps that work w/ that. Unfortunately, that doesn’t seem to really be a thing, but I think it could be super cool. Places like libraries can provide libraries to underprivileged people, who can then add to it w/ something from the market.
    
    source
- deur@feddit.nl ⁨1⁩ ⁨month⁩ ago
  You can already do what you want. S3 with HTTP, XML + XSL for responsive / dynamic content.
  
  source
  - sugar_in_your_tea@sh.itjust.works ⁨1⁩ ⁨month⁩ ago
    Sure, but where are the apps?
    
    source
pineapple@lemmy.ml ⁨1⁩ ⁨month⁩ ago
This is really cool. And I would say a good replacement for current cloud setups. Since it’s unreasonable to expect everyone to self-host. Although I think this could only really be a cost saving measure since there are already services like protondrive that offer end 2 end encryption. And I would probably trust the reliability of proton drive over the community hosting my stuff.

source
MrTolkinghoen@lemmy.zip ⁨1⁩ ⁨month⁩ ago
I like the article, but agree with so many of the comments here as well.

Ultimately I think one thing I’d love for would be a way to simply provide services (like Immich) for people but where the client is end to end encrypted, and neither the user nor the service has to worry about the how.

Example: how can I share an Immich with my family and friends, but where I don’t have access to any of their data. I.e. what signal does, but immich or any other service. I want to share my server with friends/family, but I don’t want access to any of their data. It isn’t a lack of trust, it’s that I don’t want that as even something they have to worry about

That same concept then extends here to community hosting. If we can solve the problem for a few, it should be scalable to many.

source
LovableSidekick@lemmy.world ⁨1⁩ ⁨month⁩ ago
snot?

source
Evotech@lemmy.world ⁨1⁩ ⁨month⁩ ago
«legally aquired» lol

source
gblues@lemmy.zip ⁨1⁩ ⁨month⁩ ago
Great article!

source