view the rest of the comments
Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
@TCB13 I'm not an expert in the matter but I wonder how large the attack surface actually is for a web service that has a single port exposed via a tunnel which can even contribute to doing some security filtering.
The application / server component can actually be updated since it's just an APK. And someone else in this thread actually linked to whole linux distros that can be installed and run without root. In theory even if the underlying OS is insecure, more secure OSes can be installed on top, or risk can be severely limited by only exposing a single port.
Basically, while flashing a new ROM would be ideal, I think there's likely a way in which a sandboxed and possibly even updated environment with updated TLS cyphers, CA stores, etc... can be run in a secure manner on top of a stock Android ROM.
Furthermore, developers packaging their apps into APKs could run security checks and by the time it says "your OS is insecure" you're already on your third phone and can host stuff on your second. I mean... Android phones are in their prime for two/three years at most in my experience :P
When you install another one "on top" you're essentially speaking about a very thin layer above the base OS. In most cases that's simply a container that uses the base OS kernel. This is what happens today and it works for a while but it comes a point (way less than 10 years) when you won't be able to have a modern top layer OS sitting on such older base OS because the kernel is way too old to support the requirements of the new OS.
Even if go through the trouble of virtualization in order to have the top layer running a modern kernel it will most likely fail. It would require a LOT more effort coding the support for the old hardware and a ton of other virtualization pains to just end with a very slow system. We've examples of this: it is next to impossible to virtualize Windows 11 in a Pentium 4 that runs Windows XP, for instance a versions of Vmware that supports Windows 11 won't support a host system older than Windows 8. The same applies to VirtualBox.
Yes it would but for that you would have to completely break the phone's boot security and that isn't feasible in all cases. Most phones doesn't allow you to unlock the bootloader thus you can't install another ROM/OS. Even on those you can some will only accept software that was signed by the manufacturer so unless there's a leak of the key they use or it gets bruteforced in some way you won't be able to do it.
Take older routers as examples, those don't even protect the firmware, nothing is signed, and yet the time and effort (weeks/months) required to make a simple open firmware to turn a SINGLE model into a dumb switches / routers that it isn't worth it - after all you can get a < 30€ device today that is faster and more power efficient than those old units.
With phones things are considerable worse as modern day devices are way more locked down than those router ever were. There's also way more fragmentation (hundreds of phone models all running very specific hardware and software hacks). It's very likely that in 10 years you'll be able to buy some ARM / RISC board, such as a raspberry pi, that is open, run a modern OS out of the box and most likely cost you 30€.