@Wander
@packmates.orgThe future of selfhosted services is going to be... Android?
Wait, what?
Think about it. At some point everyone has had an old phone lying around. They are designed to be constantly connected, constantly on... and even have a battery and potentially still a SIM card to survive power outages.
We just need to make it easy to create APK packaged servers that can avoid battery-optimization kills and automatically configure an outbound tunnel like ngrok, zerotrust, etc...
The goal: hosting services like #nextcloud, #syncthing, #mastodon!? should be as easy as installing an APK and leaving an old phone connected to a spare charger / outlet.
It would be tempting to have an optimized ROM, but if self-hosting is meant to become more commonplace, installing an APK should be all that's needed. #Android can do SSH, VPN and other tunnels without the need for root, so there should be no problem in using tunnels to publicly expose a phone/server in a secure manner.
In regards to the suitability of home-grade broadband, I believe that it should not be a huge problem at least in Europe where home connections are most often unmetered: "At the end of June 2021, 70.2% of EU homes were passed by either FTTP or cable DOCSIS
3.1 networks, i.e. those technologies currently capable of supporting gigabit speeds."
Source: https://digital-strategy.ec.europa.eu/en/library/broadband-coverage-europe-2021
PS. syncthing actually already has an APK and is easy to use. Although I had to sort out some battery optimization stuff, it's a good example of what should become much more commonplace.
Announcing status.packmates.org and status.yiffit.net
Heya everyone!
I've been mostly silent for some time, but it's all with good reason (I promise!)
Over the last few days I've spent a lot of time on server maintenance. Many of these changes will be invisible to you as users (such as getting a /48 ipv6 range, setting up SLAAC/DHCPv6, reviewing security and firewall rules, etc...)
But today I set up something that I can share: status pages!
Head over to:
- https://status.packmates.org
- https://status.yiffit.net
(they're the same page actually, but the different domain is to make it easier to remember if you're a user of one site and not the other).
There's a slight caveat in that the status page is hosted on the hypervisor itself, so if that goes down, everything goes down but you'll at least know by not being able to load the status page itself!
Ideally I would host this somewhere external but we're not there yet. One day I hope to even have a server cluster for redundancy, but we'd have to host many more services to be able to justify this.
cc: @meta
Quick question about DNS and DoH that I thought about after reading this post:
https://packmates.org/@silvereagle@furry.engineer/111176886781705659
Wouldn't it make sense for Firefox or another third party to bundle and transparently forward all DoH requests to cloudflare so that:
A) Cloudflare doesn't know who made what request due to not knowing the origin
B) Firefox doesn't know who made what request due to TLS
Federated wireguard network idea
Any feedback welcome.
Let's keep things stupidly simple and simply hash the domain name to get a unique IPv6 ULA prefix.
Then we would need a stupidly simple backend application to automatically fetch pubkeys and endpoints from DNS and make a request to add each others as peers.
Et voilà, you got a worldwide federated wireguard network resolving private ULA addresses. Sort of an internet on top of the internet .
The DNS entries with the public IPv4 / IPv6 addresses could even be delegated to other domains / endpoints which would act as reverse proxy (either routing or nesting tunnels) for further privacy.
Maybe my approach is too naïve and there are flaws I haven't considered, so don't be afraid to comment.
Exact use cases? Idk, but it sounds nifty.
#privacy #networking #VPN #wireguard #infosec
cc: @fediverse
We now have hourly snapshots / backups!
I'm happy to inform both packmates.org and yiffit.net users that both sites now benefit from the ZFS filesystem that the new server has been set up with.
I have implemented automated hourly snapshots for 24 hours + daily snapshots for 31 days. In theory they will only grow in size if there's actual changes to the disk of both VMs and I should be able to have enough space.
Furthermore, local snapshots are complemented by the daily offsite backups which allow us to recover even if the full server were to suddenly explode. Full backups are first created on the server itself and then copied offsite so that for a full week we have two independent copies of each day.
Depending on space usage I'll make sure to replicate the offsite repository so that there's two offsite copies for the last 31 days + 7 local copies. That would be 69 individual full backup files + snapshots.
I hope I'll have enough space with deduplication.
cc: @meta
What I've been busy with lately
About three weeks ago I started renting a new dedicated server which is going to host both packmates and yiffit very soon.
Because the server isn't hosting anything yet, I've taken the opportunity to play around and try out different configurations, including ZFS, LXC containers for small services, VLANs for better isolation ( which I did manage to get working ), wireguard tunnels, improved firewall rules, security groups, iGPU passthrough, etc...
Tomorrow I'll wipe the disks, install #proxmox from scratch and make it production ready.
Then it should be as easy as loading a full backup from both yiffit and packmates to complete the migration ( but I'll announce this last step in due time).
Am excited *wags* :dogcited:
cc: @chat
Algorithm-based social media "recommendations" has normalized us putting up with blatant SPAM
Imagine if gmail or outlook were to place emails by 'creators and brands you might like' in your inbox!?
Following the process of enshittification, the algorithm on many social media platforms is becoming an excuse to push blatant amounts of SPAM to users. It starts as a feature that is genuinely useful, but becomes a tool to show you ads, content from paying users or to keep you hooked with rage-bait content as social media platforms seek to extract more value out of its users.
Algorithm-based social media has its benefits, but looking forward it is becoming increasingly necessary that such an algorithm runs client-side and is owned by the user.
cc: @showerthoughts
If you're a user at Packmates or Yiffit, you should know that my current stance regarding #threads is a precautionary defederation.
They'll probably launch with federation whitelist and I doubt they wouldn't defederate from us, but there's too many risks and unknowns right now.
I don't think as an admin I should limit everyone's ability to interact with threads just because they're a for-profit company, but there's some huge red flags in regards to data management and potential spam.
So, if anyone was wondering my stance, I'll place a precautionary domain block for now.
Once we have more info and/or they have started federating, I will start thinking about objective conditions that need to be fulfilled to remove the block. It won't be based on my hatred of corporations but actual criteria in regards to guaranteeing user security and health of the fediverse.
cc: @meta
Testing post from Mastodon to see if federation keeps working correctly.