this post was submitted on 22 Oct 2023
101 points (73.5% liked)

Selfhosted

40414 readers
242 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

The future of selfhosted services is going to be... Android?

Wait, what?

Think about it. At some point everyone has had an old phone lying around. They are designed to be constantly connected, constantly on... and even have a battery and potentially still a SIM card to survive power outages.

We just need to make it easy to create APK packaged servers that can avoid battery-optimization kills and automatically configure an outbound tunnel like ngrok, zerotrust, etc...

The goal: hosting services like #nextcloud, #syncthing, #mastodon!? should be as easy as installing an APK and leaving an old phone connected to a spare charger / outlet.

It would be tempting to have an optimized ROM, but if self-hosting is meant to become more commonplace, installing an APK should be all that's needed. #Android can do SSH, VPN and other tunnels without the need for root, so there should be no problem in using tunnels to publicly expose a phone/server in a secure manner.

In regards to the suitability of home-grade broadband, I believe that it should not be a huge problem at least in Europe where home connections are most often unmetered: "At the end of June 2021, 70.2% of EU homes were passed by either FTTP or cable DOCSIS
3.1 networks, i.e. those technologies currently capable of supporting gigabit speeds."

Source: https://digital-strategy.ec.europa.eu/en/library/broadband-coverage-europe-2021

PS. syncthing actually already has an APK and is easy to use. Although I had to sort out some battery optimization stuff, it's a good example of what should become much more commonplace.

cc: @selfhosted
#selfhosted #selfhosting

you are viewing a single comment's thread
view the rest of the comments
[–] TCB13 12 points 1 year ago* (last edited 1 year ago) (2 children)

The future of selfhosted services might includes phones yes, Android most likely not.

Think about it, those phones might work right now but in 10 years their Android versions will not support anything, they wont even have root certificate updates breaking SSL, the kernel will be missing support for whatever people need and whatnot. Maybe the phones won't even boot because some key will expire somewhere... let alone security vulnerabilities.

People selfhost on 10-year old hardware right now, but they do install modern Linux distros that are well supported and up to date. I believe the most likely scenario is that at some point the "security" of most of that hardware will be broken and you'll be able to run some version of AOSP for older hardware and/or a generic Linux.

But that might not ever happen, those phones are built like hell and we've another category of hardware with similar characteristics that was never repurposed for anything after a decade - routers. It's common to see older routers that are now too slow when it comes to wifi or even CPU and although they're way more open and primitive than modern smartphones when it comes to software we usually can't even repurpose them as dumb switches with alternative / open software. OpenWRT and DD-WRT might work in some case but those are exceptions and usually those models were already supported by those firmwares. For instance there are enough Thomson / Technicolor TG784n ISP provided routers to create a second moon and the effort to break their security and create a usual firmware is so much that nobody did it. It's just easier to pay 30€ for a cheap router/switch and move on.

[–] TCB13 1 points 1 year ago (2 children)

People who downvote, care to explain? You clearly never tried to access the Internet / install modern software on a Windows XP computer :)

[–] [email protected] 3 points 1 year ago (1 children)

Am curious. Are you able to run a modern windows 10 virtual machine / virtualbox vm on XP?

[–] TCB13 3 points 1 year ago* (last edited 1 year ago)

I just talking about that: https://lemmy.world/comment/4731273

It doesn't appear to be possible. The Vmware version that supports the latest Windows 10/11 won’t support a host system older than Windows 8. The same applies to VirtualBox.

The usual issue with that is that the modern OS requires drivers for the virtual devices and if you get a modern version of Vmware it won't run on Windows XP (https://kb.vmware.com/s/article/90060) if you get an older version of Vmware that does run on XP it won't have / be compatible with the drivers required for Windows 11 to work.

[–] [email protected] 0 points 1 year ago

@TCB13

I have by getting rid of win xp and installing Linux.

[–] [email protected] 0 points 1 year ago (1 children)

@TCB13 I'm not an expert in the matter but I wonder how large the attack surface actually is for a web service that has a single port exposed via a tunnel which can even contribute to doing some security filtering.

The application / server component can actually be updated since it's just an APK. And someone else in this thread actually linked to whole linux distros that can be installed and run without root. In theory even if the underlying OS is insecure, more secure OSes can be installed on top, or risk can be severely limited by only exposing a single port.

Basically, while flashing a new ROM would be ideal, I think there's likely a way in which a sandboxed and possibly even updated environment with updated TLS cyphers, CA stores, etc... can be run in a secure manner on top of a stock Android ROM.

Furthermore, developers packaging their apps into APKs could run security checks and by the time it says "your OS is insecure" you're already on your third phone and can host stuff on your second. I mean... Android phones are in their prime for two/three years at most in my experience :P

[–] TCB13 2 points 1 year ago* (last edited 1 year ago)

The application / server component can actually be updated since it’s just an APK. And someone else in this thread actually linked to whole linux distros that can be installed and run without root. In theory even if the underlying OS is insecure, more secure OSes can be installed on top, or risk can be severely limited by only exposing a single port.

When you install another one "on top" you're essentially speaking about a very thin layer above the base OS. In most cases that's simply a container that uses the base OS kernel. This is what happens today and it works for a while but it comes a point (way less than 10 years) when you won't be able to have a modern top layer OS sitting on such older base OS because the kernel is way too old to support the requirements of the new OS.

Even if go through the trouble of virtualization in order to have the top layer running a modern kernel it will most likely fail. It would require a LOT more effort coding the support for the old hardware and a ton of other virtualization pains to just end with a very slow system. We've examples of this: it is next to impossible to virtualize Windows 11 in a Pentium 4 that runs Windows XP, for instance a versions of Vmware that supports Windows 11 won't support a host system older than Windows 8. The same applies to VirtualBox.

Basically, while flashing a new ROM would be ideal,

Yes it would but for that you would have to completely break the phone's boot security and that isn't feasible in all cases. Most phones doesn't allow you to unlock the bootloader thus you can't install another ROM/OS. Even on those you can some will only accept software that was signed by the manufacturer so unless there's a leak of the key they use or it gets bruteforced in some way you won't be able to do it.

Take older routers as examples, those don't even protect the firmware, nothing is signed, and yet the time and effort (weeks/months) required to make a simple open firmware to turn a SINGLE model into a dumb switches / routers that it isn't worth it - after all you can get a < 30€ device today that is faster and more power efficient than those old units.

With phones things are considerable worse as modern day devices are way more locked down than those router ever were. There's also way more fragmentation (hundreds of phone models all running very specific hardware and software hacks). It's very likely that in 10 years you'll be able to buy some ARM / RISC board, such as a raspberry pi, that is open, run a modern OS out of the box and most likely cost you 30€.