Wander

joined 2 years ago
[–] Wander@packmates.org 2 points 1 year ago

@Omniraptor in theory Mastodon will show a "read more" button for longer comments. Top level posts sent from Lemmy often require clicking the link to view them in full and content isn't ordered by votes because they don't exist.

So, it's a bit messy to read Lemmy from Mastodon, but posting something and then replying to comments on that thread is really easy.

[–] Wander@packmates.org 4 points 1 year ago* (last edited 1 year ago) (3 children)

@Omniraptor ah yes! Probably that's why.
Actually the whole original post was sent via Mastodon.

I tend to write posts that I share to my Mastodon followers and then at the end I mention a Lemmy community if I believe the community would also find it interesting.

[–] Wander@packmates.org 13 points 1 year ago (5 children)

@MigratingtoLemmy use a hammer to break the screen, control via adb :vlpn_happy_blep:

[–] Wander@packmates.org 10 points 1 year ago

@benjohn @selfhosted 6-8 GB of RAM with powerful CPU and GPU that was designed to run games and can in some cases run small AI models is nothing to scoff at imho.

[–] Wander@packmates.org 3 points 1 year ago (1 children)

@leggylav @selfhosted OMG, yes, thank you <3

I finally feel understood now :vlpn_cry:

[–] Wander@packmates.org 7 points 1 year ago* (last edited 1 year ago) (4 children)

@selfhosted Update:

  1. Just to clarify, the the whole point is that Android makes it easy for less tech oriented people to host small single user / family services.

It does not need to be perfect, have massive throughput or allow for massive amounts of read/write cycles.

If people can host their own media server like Jellyfin or note taking apps like Joplin instead of using commercial services by simply installing an APK on an old phone they can leave connected at home, that's already a big win.

  1. Regarding device longevity, Android 13 apparently supports / will support full KVM emulation. Windows can be run if you have root while android based VMs are expected to be possible without the need for root. Since this type of virtualization allows VMs to run their own kernel, keeping the "server app" updated should allow the user to be protected even if the host OS is outdated as long as these server-app-VMs are trustworthy themselves.
[–] Wander@packmates.org 12 points 1 year ago (2 children)

@RegalPotoo Maybe I should have been more specific in the wording of my title.

No one planning on hosting public multi-user service that would see some serious traffic would probably benefit from hosting on a phone.

Someone who wants to simply run a single-user instance or their personal nextcloud? I think that's a real possibility.

[–] Wander@packmates.org 0 points 1 year ago (1 children)

@TCB13 I'm not an expert in the matter but I wonder how large the attack surface actually is for a web service that has a single port exposed via a tunnel which can even contribute to doing some security filtering.

The application / server component can actually be updated since it's just an APK. And someone else in this thread actually linked to whole linux distros that can be installed and run without root. In theory even if the underlying OS is insecure, more secure OSes can be installed on top, or risk can be severely limited by only exposing a single port.

Basically, while flashing a new ROM would be ideal, I think there's likely a way in which a sandboxed and possibly even updated environment with updated TLS cyphers, CA stores, etc... can be run in a secure manner on top of a stock Android ROM.

Furthermore, developers packaging their apps into APKs could run security checks and by the time it says "your OS is insecure" you're already on your third phone and can host stuff on your second. I mean... Android phones are in their prime for two/three years at most in my experience :P

[–] Wander@packmates.org 0 points 1 year ago (1 children)

@ahoyboyhoy @selfhosted How old is the phone and what version of the OS are you using? I was under the impression that modern phones bypass the battery when connected to the charger and having full charge.

Regarding limiting the charge, I believe there's some software calibration you can do which would allow you to set it to 50%. I'm no expert in battery or repairs at all, so someone else might have a better idea.

[–] Wander@packmates.org 2 points 1 year ago

@AMS @selfhosted yes, hopefully we'll see an explosion in self-hostable alternatives that can be installed as easily as syncthing.

[–] Wander@packmates.org 1 points 1 year ago

@ahoyboyhoy @selfhosted Nice. I remember trying it out once. Actually I might use that to follow my own advice and self-host at home once I retire my current phone.

True, I haven't had the need because I know how to run stuff on a server, but for personal files it's probably better to host things at home.

[–] Wander@packmates.org 5 points 1 year ago* (last edited 1 year ago)

@southsamurai Oh that's definitely a huge concern, but not just for self-hosting but for privacy in general.

But still, if the average joe wants to self-host something using an old phone is probably the easiest way to get them to try self-hosted alternatives and drop corporate / commercial services.

Maybe not the 'average average joe' such as my parents, but anyone who is minimally curious enough to do stuff such as registering a domain, setting up a game server for friends and maybe has opened the CMD windows console once or twice in the past following a tutorial. That kind of demographic (IDK if it has a name) might be much more inclined to self-host if it was as easy as installing an APK and letting your phone one somewhere at home.

Overall as long as Android doesn't become straight out malicious spyware itself, the benefit of dropping commercial alternatives might very well be a net positive. In a worst-case scenario, any tunnel / vpn configuration necessary to expose a service to the internet could also add an automated step to blackhole requests to google's tracking servers.

 

The future of selfhosted services is going to be... Android?

Wait, what?

Think about it. At some point everyone has had an old phone lying around. They are designed to be constantly connected, constantly on... and even have a battery and potentially still a SIM card to survive power outages.

We just need to make it easy to create APK packaged servers that can avoid battery-optimization kills and automatically configure an outbound tunnel like ngrok, zerotrust, etc...

The goal: hosting services like #nextcloud, #syncthing, #mastodon!? should be as easy as installing an APK and leaving an old phone connected to a spare charger / outlet.

It would be tempting to have an optimized ROM, but if self-hosting is meant to become more commonplace, installing an APK should be all that's needed. #Android can do SSH, VPN and other tunnels without the need for root, so there should be no problem in using tunnels to publicly expose a phone/server in a secure manner.

In regards to the suitability of home-grade broadband, I believe that it should not be a huge problem at least in Europe where home connections are most often unmetered: "At the end of June 2021, 70.2% of EU homes were passed by either FTTP or cable DOCSIS
3.1 networks, i.e. those technologies currently capable of supporting gigabit speeds."

Source: https://digital-strategy.ec.europa.eu/en/library/broadband-coverage-europe-2021

PS. syncthing actually already has an APK and is easy to use. Although I had to sort out some battery optimization stuff, it's a good example of what should become much more commonplace.

cc: @selfhosted
#selfhosted #selfhosting

 

Quick question about DNS and DoH that I thought about after reading this post:

https://packmates.org/@silvereagle@furry.engineer/111176886781705659

Wouldn't it make sense for Firefox or another third party to bundle and transparently forward all DoH requests to cloudflare so that:

A) Cloudflare doesn't know who made what request due to not knowing the origin

B) Firefox doesn't know who made what request due to TLS

#Infosec #Privacy
CC: @privacyguides

18
submitted 1 year ago* (last edited 1 year ago) by Wander@packmates.org to c/fediverse@lemmy.world
 

Federated wireguard network idea
Any feedback welcome.

Let's keep things stupidly simple and simply hash the domain name to get a unique IPv6 ULA prefix.

Then we would need a stupidly simple backend application to automatically fetch pubkeys and endpoints from DNS and make a request to add each others as peers.

Et voilà, you got a worldwide federated wireguard network resolving private ULA addresses. Sort of an internet on top of the internet .

The DNS entries with the public IPv4 / IPv6 addresses could even be delegated to other domains / endpoints which would act as reverse proxy (either routing or nesting tunnels) for further privacy.

Maybe my approach is too naïve and there are flaws I haven't considered, so don't be afraid to comment.

Exact use cases? Idk, but it sounds nifty.

#privacy #networking #VPN #wireguard #infosec

cc: @fediverse

 

@lemmy I just realized that you can submit posts to any lemmy community from any mastodon / fediverse account. This is pretty cool!

view more: next ›