this post was submitted on 16 Sep 2023
194 points (96.2% liked)

Selfhosted

40329 readers
426 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I'm trying to better understand hosting a Lemmy Instance. Lurking discussions it seems like some people are hosting from the Cloud or VPS. My understanding is that it's better to futureproof by running your own home server so that you have the data and the top most control of hardware, software etc. My understanding is that by hosting an instance via Cloud or VPS you are offloading the data / information to a 3rd party.

Are people actually running their own actual self-hosted servers from home? Do you have any recommended guides on running a Lemmy Instance?

you are viewing a single comment's thread
view the rest of the comments
[–] PuppyOSAndCoffee@lemmy.ml 1 points 1 year ago (1 children)

I like how you have a home smartcard. I can’t believe many do.

Why do you think cloud operators are lying?

[–] aard@kyu.de 2 points 1 year ago

I like how you have a home smartcard. I can’t believe many do.

Pretty much anyone should do. There's no excuse to at least keep your personal PGP keys in some USB dongle. I personally wouldn't recommend yubikey for various reasons, but there are a lot more options nowadays. Most of those vendors also now have HSM options which are reasonably priced and scale well enough for small hosting purposes.

I started a long time ago with empty smartcards and a custom card applet - back then it was quite complicated to find empty smartcards as a private customer. By now I've also switched to readily available modules.

Why do you think cloud operators are lying?

One of the key concepts of the cloud is that your VMs are not tied to physical hardware. Which in turn means the key storage also isn't - which means extraction of keys is possible. Now they'll tell you some nonsense how they utilize cryptography to make it secure - but you can't beat "key extraction is not possible at all".

For the other bits I've mentioned a few times side channel attacks. Then there's AMDs encrypted memory (SEV) claiming to fully isolate VMs from each other, with multiple published attacks. And we have AMDs PSP and intels ME, both with multiple published attacks. I think there also was a published attack against the key storage I described above, but I don't remember the name.

I agree that our stuff is unlikely to be victim of an targeted attack in the cloud - but could be impacted by a targeted attack on something sharing bare metal with you. Or somebody just managed to perfect one of the currently possible attacks to run them larger scale for data collection - in all cases you're unlikely to be properly informed about the data loss.