Wander ΘΔ :verified_paw:

:therian: Grey Wolf Therian, he/him, 30ish y.o.
Running packmates.org and yiffit.net fediverse instances.

:vlpn_happy_heart: Interests: Tech, therianthropy, furry/feral art, animal books, shamanism & animal-influenced spirituality, SFW & NSFW petplay

I sometimes post or boost NSFW content.

  • 4 Posts
  • 13 Comments
Joined 2 years ago
cake
Cake day: December 28th, 2022

help-circle





  • @selfhosted Update:

    1. Just to clarify, the the whole point is that Android makes it easy for less tech oriented people to host small single user / family services.

    It does not need to be perfect, have massive throughput or allow for massive amounts of read/write cycles.

    If people can host their own media server like Jellyfin or note taking apps like Joplin instead of using commercial services by simply installing an APK on an old phone they can leave connected at home, that’s already a big win.

    1. Regarding device longevity, Android 13 apparently supports / will support full KVM emulation. Windows can be run if you have root while android based VMs are expected to be possible without the need for root. Since this type of virtualization allows VMs to run their own kernel, keeping the “server app” updated should allow the user to be protected even if the host OS is outdated as long as these server-app-VMs are trustworthy themselves.


  • @TCB13 I’m not an expert in the matter but I wonder how large the attack surface actually is for a web service that has a single port exposed via a tunnel which can even contribute to doing some security filtering.

    The application / server component can actually be updated since it’s just an APK. And someone else in this thread actually linked to whole linux distros that can be installed and run without root. In theory even if the underlying OS is insecure, more secure OSes can be installed on top, or risk can be severely limited by only exposing a single port.

    Basically, while flashing a new ROM would be ideal, I think there’s likely a way in which a sandboxed and possibly even updated environment with updated TLS cyphers, CA stores, etc… can be run in a secure manner on top of a stock Android ROM.

    Furthermore, developers packaging their apps into APKs could run security checks and by the time it says “your OS is insecure” you’re already on your third phone and can host stuff on your second. I mean… Android phones are in their prime for two/three years at most in my experience :P





  • @southsamurai Oh that’s definitely a huge concern, but not just for self-hosting but for privacy in general.

    But still, if the average joe wants to self-host something using an old phone is probably the easiest way to get them to try self-hosted alternatives and drop corporate / commercial services.

    Maybe not the ‘average average joe’ such as my parents, but anyone who is minimally curious enough to do stuff such as registering a domain, setting up a game server for friends and maybe has opened the CMD windows console once or twice in the past following a tutorial. That kind of demographic (IDK if it has a name) might be much more inclined to self-host if it was as easy as installing an APK and letting your phone one somewhere at home.

    Overall as long as Android doesn’t become straight out malicious spyware itself, the benefit of dropping commercial alternatives might very well be a net positive. In a worst-case scenario, any tunnel / vpn configuration necessary to expose a service to the internet could also add an automated step to blackhole requests to google’s tracking servers.



  • @fediverse I’ve read that this is called an overlay network. Unfortunately many of the ones I’ve seen documented focus on keeping things in their own private networks which is okay but not fun.

    ULA addresses require no permission and were designed precisely to knit together private networks. We can just use domain names and convert them via checksum into a static ULA /48 prefix. DNS can be used to announce routes, or eventually something more BGP-like given that ownership of a domain can be verified and thus authorization to announce routes.

    If domains ever become a bottleneck one could use private TLDs with some consensus mechanism and even create multi-layer networks this way where packmates.layer.1 and packmates.layer.2 are two different networks even though they might have the same address range.

    Anyways, I’ll go out and touch some grass now.