The future is community-hosted
Related Hacker News thread:
You must log in or # to comment.
This guy didn’t want to do the leg work of emailing his photos to his friends, and declares self-hosting isn’t the solution to a social net? I totally see the point in community hosting, in fact I’m all for that.
But really? You don’t have to make your servers public facing, you just white-list the people you want to see your stuff and make sure to organize your drives with public and private pages.
He went through all that and didn’t take it far enough.
emailing his photos to his friends
that’s sometimes difficult, e.g. when you have thousands of photos, and emails have a size limit of 20 MB per email. using matrix chat or sth is also not ideal since the other side will have to download images one-by-one. sending a zip file might work, but the matrix protocol might have a size limit for attachments.
an FTP server might work. also consider that you want to store the images somewhere, not just send them once. how do you do that with messaging services?
I feel like I covered my bases with the rest of my comment there. If you have thousands of photos that you want to share, host them on your server and whitelist the people you want to see them :/
IRL I’ve never sent nor received more than a handful of pics at a time, and always through email. It would have never occurred to me that people are out there sending the whole family collection to each other digitally. Grandma hordes those pics for a reason; as leverage for people to visit her!
It’s pretty simple to send a Nextcloud share link.
Companies like Amazon have been playing dirty with Digital Rights Management (DRM) since the Internet’s inception.
False. They came along after the fact and sullied the waters, then lobbied to make it illegal to tinker with the DRM locks, then got richer than God.
I agree with the premise that selfhosting is not something the layman can or want to do, but the assumption that self-hosters only host software that serve themselves is very, very dumb, and clearly comes from the mouth of someone who self-hosts out of hate for corporate services (same, though) and not for the love of selfhosting.
He complains that the software he uses can’t handle multi-users, but that sounds like a skill issue to me. His solution is to make his government give him metered cloud services. What he actually wants is software that allows multi-users. What he wants, by extension, is federated services.
The bulk of users on the fediverse are on large, centrally/cloud hosted instances, but the vast majority of instances are self-hosted, and can talk to the centrally hosted instances, serving usually more than the 1 user who’s hosting the instance in their attic.
The author conflates self-hosting with self-reliance, and I understand why, but it’s wrong. If you’re part of this community, you’re probably not some off-gridder who wants nothing to do with society, self-isolating your way out of the problems we face. If you’re reading this, you already know that we don’t have to live on our own individual and isolated paradise islands to escape Big Tech. Federation is the future, but selfhosting is fundamental to that, and not everything can or should be federated. Selfhosting is also the future.
That’s an interesting point…
I’d like to share some (holiday) photos with my friends & family, so I can put those onto Pixelfed / Friendica / etc… I don’t necesarily want to share all the photos…
And that’s using the cloud.
Job Done. The self-hosting + federated cloud future is here!
Rejoice.
The photo sharing complaint I don’t understand, unless immich doesn’t have the option to provide public or password protected share and upload links, which would be a real shortcoming for such app.
Immich indeed has that option, I use it frequently. Password protection and upload option
I’ve not looked into it properly yet, but - considering this is still free software - I don’t believe that level of granularity exists.
So, if I wanted to share my holiday photos from last week with 1 friend, and the photos from someone’s party to different friends… nope.
Lol. So we trust local governments and communities now?
Has anyone ever worked with them IT wise?
I do so in four different EU countries and know people who do in the US and Canada. And…well…there is a reason local governments often went towards the cloud services. Do people think Joe Admin in Bumfucknowhere can operate what basically becomes a MiniDC? And who controls that?
Sorry. Either go “host at home” and only fuck up things for oneself. Or do it properly with a proper DC. Colocate if you want. But that? I know it sounds appealing, especially for someone entering selfhosting (like the author did a few weeks ago). But there is a reason hosting is a business once it comes to other peoples data.
I can easily host vaultwarden, trillium, docker-mailserver, jellyfin, borgbackup and syncthing instances for my 5 neighbours. Everyone who’s even slightly good with computers can do that for their neighbours. That’s what I think when I hear “community”. Not online fandoms.
I think the issue is more that large tech firms can absolutely deal with external security in their applications. The amount of times gmail or Microsoft 365 has been hacked and leaked a bunch of client data is statistically zero when looking at their attack area.
Joe Dirt self hosting a mail server for his neighbors on a salvaged rack server is 1000x more likely to get hacked or lose a ton of his neighbors’ data than a big tech firm.
That is kind of the trade off for community hosting. There are very very few backup and security-literate people in communities.
Big Tech is what we need security from !
Prison are very safe, for the guards.
Lol. So we trust local governments and communities now?
I trust my local community more than i trust Amazon, that’s for sure.
Communities might be incompetent with IT (today), but maybe they just need a while to catch up. It could work in 10 years from now, and we gotta work towards that point.
Also, note that “local community” doesn’t have to mean municipality; it can also be your local nerd working part-time at your local library.
And this is somehow better?
There is a lot of room between “BigTech” and “Joe Average” doing it for his neighbours. Mailbox.org, etc. (see my other post here)
If you do not have physical access, it is not yours. Trust absolutely no one.
Every city should host main public web servicies for its citizens, each one as an instance of a complex system, that’s how anarchy works.
That quickly becomes a tragedy of the commons. The city residents pay for it but how do you verify “citizenship”?
If you mean citizenship as being associated to the city whose hosting services you are using, yhe power or water bill pointed at your name and residence should be able to do that. Now, if you want that plus anonimity, the only practical option I can think of for a city-wide physical campaign is some sort of GPG Signature Meetup (“signature party”).
yhe power or water bill pointed at your name and residence
Many people live in cities without owning their house. So they never see those bills. Renters are usually two levels away from the actual owner. Then there are all the people who live and work in cities but aren’t official renters.
End-to-end encryption means the service provider can’t see your data even if they wanted to
Not necessarily. All it means is that intermediaries can’t see the data in transit. You need to trust that the data is handled properly at either end, and most service providers also make the apps that you run at either end. Your library is more likely to buy whatever is cheapest than what respects your privacy the most (e.g. probably Google drive, not Tuta or Proton).
The incentives for even community-hosted services (e.g. if the library spun up its own cloud servers) to share/sell information is just too high. Maybe the library found someone uploading illegal content, and they wanted some monitoring in there to catch service abusers going forward. They’ll probably put something into the client that a third party monitors, and now you have someone snooping on everything.
Instead of this, I think P2P storage is the better option for those who don’t want to self-host. That way there’s an incentive for the person providing storage to not know what it is (reduce liability), as well as the person submitting the data (reduce risk). Unfortunately, most current solutions here are a little shady, because they either rely on volunteers (no guarantees about data integrity) or anonymous payments (again, no guarantees about data integrity).
I’d like to see something in the middle:
- apps that work off buckets of data, that the user configures
- services that provide data guarantees that users can choose (e.g. AWS S3, Backblaze B2, Hetzner Storage boxes)
- common protocol between apps for accessing this data
So if you want more storage, you buy said storage and know who is responsible for protecting it, and your app doesn’t care where it comes from.
That’s possible, but the bigger leap is getting people off the major platforms like Google’s or Microsoft’s cloud.
You can already do what you want. S3 with HTTP, XML + XSL for responsive / dynamic content.
Instead of building our own clouds, I want us to own the cloud. Keep all of the great parts about this feat of technical infrastructure, but put it in the hands of the people rather than corporations. I’m talking publicly funded, accessible, at cost cloud-services.
I worry that quickly this will follow this path:
- Someone has to pay for it, so it becomes like an HOA of compute. (A Compute Owners Association, perhaps) Everyone contributes, everyone pays their shares
- Now there’s a group making decisions… and they can impose rules voted upon by the group. Not everyone will like that, causing schisms.
- Economies of scale: COA’s get large enough to be more mini-corps and less communal. Now you’re starting to see “subscription fees” no differently than many cloud providers, just with more “ownership and self regulation”
- The people running these find that it takes a lot of work and need a salary. They also want to get hosted somewhere better than someone’s house, so they look for colocation facilities and worry about HA and DR.
- They keep growing and draw the ire of companies for hosting copies of licensed resources. Ownership (which this article says we don’t have anyway) is hard to prove, and lawsuits start flying. The COA has to protect itself, so it starts having to police what’s stored on it. And now it’s no better than what it replaced.
Wouldn’t a zero-knowledge hosting solution (you provide hosting, but you can’t see what’s into it past a stream of binary) help with that?
