this post was submitted on 22 Oct 2023
101 points (73.5% liked)

Selfhosted

40416 readers
328 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

The future of selfhosted services is going to be... Android?

Wait, what?

Think about it. At some point everyone has had an old phone lying around. They are designed to be constantly connected, constantly on... and even have a battery and potentially still a SIM card to survive power outages.

We just need to make it easy to create APK packaged servers that can avoid battery-optimization kills and automatically configure an outbound tunnel like ngrok, zerotrust, etc...

The goal: hosting services like #nextcloud, #syncthing, #mastodon!? should be as easy as installing an APK and leaving an old phone connected to a spare charger / outlet.

It would be tempting to have an optimized ROM, but if self-hosting is meant to become more commonplace, installing an APK should be all that's needed. #Android can do SSH, VPN and other tunnels without the need for root, so there should be no problem in using tunnels to publicly expose a phone/server in a secure manner.

In regards to the suitability of home-grade broadband, I believe that it should not be a huge problem at least in Europe where home connections are most often unmetered: "At the end of June 2021, 70.2% of EU homes were passed by either FTTP or cable DOCSIS
3.1 networks, i.e. those technologies currently capable of supporting gigabit speeds."

Source: https://digital-strategy.ec.europa.eu/en/library/broadband-coverage-europe-2021

PS. syncthing actually already has an APK and is easy to use. Although I had to sort out some battery optimization stuff, it's a good example of what should become much more commonplace.

cc: @selfhosted
#selfhosted #selfhosting

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 0 points 1 year ago (1 children)

@TCB13 I'm not an expert in the matter but I wonder how large the attack surface actually is for a web service that has a single port exposed via a tunnel which can even contribute to doing some security filtering.

The application / server component can actually be updated since it's just an APK. And someone else in this thread actually linked to whole linux distros that can be installed and run without root. In theory even if the underlying OS is insecure, more secure OSes can be installed on top, or risk can be severely limited by only exposing a single port.

Basically, while flashing a new ROM would be ideal, I think there's likely a way in which a sandboxed and possibly even updated environment with updated TLS cyphers, CA stores, etc... can be run in a secure manner on top of a stock Android ROM.

Furthermore, developers packaging their apps into APKs could run security checks and by the time it says "your OS is insecure" you're already on your third phone and can host stuff on your second. I mean... Android phones are in their prime for two/three years at most in my experience :P

[–] TCB13 2 points 1 year ago* (last edited 1 year ago)

The application / server component can actually be updated since it’s just an APK. And someone else in this thread actually linked to whole linux distros that can be installed and run without root. In theory even if the underlying OS is insecure, more secure OSes can be installed on top, or risk can be severely limited by only exposing a single port.

When you install another one "on top" you're essentially speaking about a very thin layer above the base OS. In most cases that's simply a container that uses the base OS kernel. This is what happens today and it works for a while but it comes a point (way less than 10 years) when you won't be able to have a modern top layer OS sitting on such older base OS because the kernel is way too old to support the requirements of the new OS.

Even if go through the trouble of virtualization in order to have the top layer running a modern kernel it will most likely fail. It would require a LOT more effort coding the support for the old hardware and a ton of other virtualization pains to just end with a very slow system. We've examples of this: it is next to impossible to virtualize Windows 11 in a Pentium 4 that runs Windows XP, for instance a versions of Vmware that supports Windows 11 won't support a host system older than Windows 8. The same applies to VirtualBox.

Basically, while flashing a new ROM would be ideal,

Yes it would but for that you would have to completely break the phone's boot security and that isn't feasible in all cases. Most phones doesn't allow you to unlock the bootloader thus you can't install another ROM/OS. Even on those you can some will only accept software that was signed by the manufacturer so unless there's a leak of the key they use or it gets bruteforced in some way you won't be able to do it.

Take older routers as examples, those don't even protect the firmware, nothing is signed, and yet the time and effort (weeks/months) required to make a simple open firmware to turn a SINGLE model into a dumb switches / routers that it isn't worth it - after all you can get a < 30€ device today that is faster and more power efficient than those old units.

With phones things are considerable worse as modern day devices are way more locked down than those router ever were. There's also way more fragmentation (hundreds of phone models all running very specific hardware and software hacks). It's very likely that in 10 years you'll be able to buy some ARM / RISC board, such as a raspberry pi, that is open, run a modern OS out of the box and most likely cost you 30€.