view the rest of the comments
Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
I personally like Nextcloud even though it is a pain
I personally will never use nextcloud, it is nice interface side but while I was researching the product I came across concerns with the security of the product. Those concerns have since then been fixed but the way they resolved the issue has made me lose all respect for them as a secure Cloud solution.
Basically when they first introduced encrypting folders, there was a bug in the encryption program, and the only thing that ever would be encrypted was The Parent Directory but any subfolder in that directory would proceed to not be encrypted. The issue with that is that unless you had server-side access to view the files you had no way of knowing that your files weren't actually being encrypted.
All this is fine it's a beta feature right? Except for when I read the GitHub issue on the report, they gaslit the reporter who reported the issue saying that despite the fact that it is advertised as feature on their stable branch, the feature was actually in beta status so therefore should not be used in a production environment, and then on top of , the feature was never removed from their features list, and proceeded to take another 3 months before anyone even started working on the issue report.
This might not seem like a big deal to a lot of people, but as someone who is paranoid over security features, the projects inaction over something as critical as that while trying to advertise themselves as being a business grade solution made me flee hardcore
That being said I fully agree with you out of the different Cloud platforms that I've had, nextCloud does seem to be the most refined and even has the ability to emulate an office suite which is really nice, I just can't trust them, I just ended up using syncthing and took the hit on the feature set
Ugh. I know that feeling. That’s why I’ve blacklisted salt stack.
https://news.ycombinator.com/item?id=5993959
There’s a particularly toxic combination of ignorance, laziness, NIH and hubris that you need to make a mistake like that, and I want it nowhere near my servers.
If you own the hardware it isn't a issue
Saying files are encrypted when it is not true is an issue, regardless of who owns the host box. Even for a small instance that is private family or friends.
Someone could simply modify Nextcloud to lie about encryption. If you don't control the server there is no way to know.
It all depends on your threat model, I own my Hardware as well but I'm still not going to use a software that is shown to me that they don't take security seriously but I'm also more paranoid than most
Yes, it is. If people are relying on files to be encrypted they may dispose of their disks differently. Or the NAS might be stolen.
Or an threat actor might just turn it off