What if you could buy off the shelf a box based on #opensource software and hardware that you could plug into your internet connection. You could connect to via Wifi and it would allow an average person to fairly easily configure, via a guided setup, a self hosted Cloud Drive, Social Media server, home automation service, VPN end point, email server and other commonly useful software?
What if that box allowed that person’s friends to authenticate and to that box and link a box they own, either close by or remotely. It could extend connectivity and estabilish a chain of trus, provide a level of encrypted backup of content from that box and make assertions about the users on that box such as - This user account is owned by this person, this user account is over 18?
This is a dream. I know I’m rambling. #openwrt, #yunohost, #seflhost, #chainoftrust, #fediverse
The FreedomBox project started in 2010, and it’s a Debian-based plug and play device that lets you easily self-host useful network services.
@eleijeep Oh interesting hardware at €69 seems quite reasonable - Extendable with a HDD enclosure.
Running this all on one system presents a single point of failure. Separate the router from the server, even if simply for sanity.
If I were a younger man, I’ve always wanted to produce a ‘server in a box’. Something small, powerful, capable, came with a plethora of click to deploy apps, in an environment that would be conducive with the average homeowner’s computer savvy or lack there of. I’ve seen a lot of mini-racks made with Lenovo ThinkCenters that really look good, could fit on a shelf in a closet and serve the household with privacy respecting software.
But I’m far from being a younger man, so one of you guys take the lead and make a million $$.
@irmadlad I think this is beyond one person. I certainly think there has been progress.
I feel this in my bones. I was an English major in college. Now I’m in my late 40s and want to create my ow server so that I can OWN the things I used to own: baby pictures and family photos, movies that I bought, music that I bought. I want to send letters to friends without Amazon, JC Penny and Google knowing what I put in my letter.
I’m starting on my home networking journey. I have a beeline on the way to build my own router…pfSense, OpenSense, OpenWRT…still chewing on that but I’m going to do it.
Fuck it. My dad used to work on his car, I think this is my generation’s equivalent.
Fuck it. My dad used to work on his car, I think this is my generation’s equivalent.
I’ve got a '75 Ford pickup with 3 on the tree. I can work on that. Hell, I can pop the bonnet and sit on the fender and dangle my legs in the engine compartment. Once the automobile industry moved away from that type of design and started incorporating computer blocks, chips, et al, that you needed a metric and imperial tool set replete with a plethora of specialized tools just to work on them, that was outside my field of expertise. My Ford F450? Nope. I can’t even wedge my hamfists in a few inches. The whole engine compartment is slap full.
I’m starting on my home networking journey. I have a beeline on the way to build my own router…pfSense, OpenSense, OpenWRT…still chewing on that but I’m going to do it.
I have a beeline on the way to build my own router…
DO IT!
How nice is column shift tho? I’ve got an '80 van with it.
I like it…I could change out the tranny and insert a standard 4 on the floor, but I’ve tried to keep it as true to the original as I can. I’d call it a resto-mod. I tell people half joking, that I’m saving it for when our government can turn cars off at will, which pretty much has existed for a while now. It’s not a daily driver. The only real driving I do is on the farm. I have had a TBI which blessed me with a seizure condition and tho I do have a valid license, I just couldn’t live with myself if I were cruising at 70 mph down the road and had a seizure, drifted into oncoming traffic and killed someone. So exterior of the farm, I employ the services of my lady friend.
This is my dream as well, but for security I feel like you need multiple independent systems. I’m doing mine with power-hungry recycled 2012-vintage server hardware (Xeon E5-1620s and 2620s and Opteron 6276s, bought for $100 each several years ago, plus a few hundred more to their maximum amounts of DDR3 ECC) but this hypothetical box could easily have raspberry pis or something similar. Public services can become compromised and you’ll only want certain hardware to be trusted to do certain things.
My plan is a terrible one and I’m taking way too long to do it. I really want someone else to build this better and faster, but if my crappy plan ends up being the first usable version of this, that will suck but at least it’s available.
I had a dumb personal domain from June of 2000, tried to make it a public internet site, offered services to people on IRC for internet social points, but after a few years it got ahead of me and I let it die. (I’ve been paying for the same business internet ever since, though, and I still have the same static IPs as from back then.) Time passed, got married, got a computer science degree and a development job with a billion dollar SAAS company.
I can see how they do big public internet hosting. I want everyone to be able to do this, too. Been trying to build the same kinds of architecture with open source tools at home. Struggling, I keep over designing it and getting stuck and frustrated. It takes me a month to do what a competent ops person from work does in a couple days.
OnceI have this working for me, I can share it, because it’s my own work product. It’ll be a guide, a recipe to follow, for creating the kind of secure and isolated web application and general VM hosting environment I see us use at work. This stuff is the difference between “I’m hosting one thing and if it gets hacked, everything is owned” and “I’m hosting a hundred things, all different, and if one gets hacked that will suck - but the other 99 things will stay safe.”
Biggest problem I think with creating this with open-source is just picking a direction for everything and getting the internet to not pitch a fit. “Why did you use postfix?” “I hate Greenbone / GSA and refuse to use it.” “Hardware is expensive, you say I need a jump box for this AND for this, and dedicated hardware for a firewall here AND here? Each of those could clearly be a VM. Your project wastes hardware and I’m not doing it this way.”
Sure, once this is done these decisions are pretty much baked in and I won’t have the energy to redo them yet again. But getting the architecture perfectly designed for your exact scenario … that takes a ton of work. Big companies pay a ton of money in just payroll hours to build this kind of thing bespoke for their needs. I’ll be giving away my version, and I’m afraid the internet won’t care.
But I think we need to keep this ability alive, that private citizens can set up their own DIY hosting that can stand up to hostile internet actors decently well. They can pay (I’ll grant) exploitative rates for business internet connections so they can have static IPs at home as well. If we all stop, we all just decide all hosting should be done by big cloud service companies or big enterprises, we lose a crucial bit of internet freedom. Someone needs to say “yeah this is kinda dumb but I’m doing it anyway.”
And if they could do it with a box you just plug in, instead of my (likely) month-long two hundred step recipe, and still have it stand up to attacks and “Internet background radiation” and stuff, that would be epic. I kind of don’t want my thing to be the way that self-hosting-public-web-services is done.
@mspencer712 On your point regarding a single device - I don’t think that separate hardware necessarily provides security - Though I take your point - perhaps it could be about a compatible - modular architecture - a home server, a router, a home automation hub - that are linked together easily and well.
Agree on the issue with Open source be of the “let a thousand flowers bloom” ( i just saw someone post they have a new “templated based home server” lemmy.world/post/38362941 ) - but I think thats a strength - people try stuff out - things are more loosely coupled and rely on open standards - perhaps that’s a whole philispophical discussion but I think open source and open standards would attract hardware vendors - (I’m seeing plently more Openwrt based routers on chinese marketplaces than I used to - they just don’t want the overhead of having to provide their own fully featured software.
I also get the - at the moment doing it yourself requires knitting together alot of stuff - that’s my point - the components are all there - its more about bringing them together and smoothing the surfaces - something that I think #Homeassistant seem to be quite good at - Perhaps what is required is that kind of organisation - where there is the prospect of picking up some funding and selling some hardware that comes with all the branding.
To add to Onomatopoeia’s excellent post, separate devices also limit the blast radius of any compromise. Attackers pivot when they compromise a system. They use one system to talk to others and attack them from inside your network. So you don’t want everything on the same OS kernel.
Unfortunately I don’t feel like I’m qualified to say what works well yet, not until I have the pieces of my site put together and working, and vetted by whatever security professionals I can get to look at it and tell me what I did wrong.
But right now I think that looks like every service VM on its own VLAN on a /30 net, and ideally the service VM and firewall/router VM serving it on different physical hardware joined by a managed switch. That managed switch shouldn’t let either VM host touch its management VLAN, and (I think, I don’t do this yet) should send monitor traffic to yet another physical host for analysis.
(“I can see why you’re not done yet” - yeah I know.)
@mspencer712 Yeah … though I suspect that perfect could be the enemy of the good enough. I can’t really comment - but whether its a single pyhsical device or modular - for me an integrated solution available to regular people is the key.
