this post was submitted on 29 Sep 2023
62 points (93.1% liked)

Selfhosted

40008 readers
836 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

Just a hint for people searching a tiny selfhosted messenger with encryption and apps for iOS and android.

top 20 comments
sorted by: hot top controversial new old
[–] [email protected] 29 points 1 year ago (2 children)

End-to-End encryption (the hosting admin cannot view sealed topics, default unsealed)

oh no

[–] [email protected] 4 points 1 year ago (1 children)

Could anybody ELI5 this one?

[–] [email protected] 29 points 1 year ago (1 children)

Sounds like end-to-end encryption is opt-in. Thus, a default configuration leaves communications unencrypted and vulnerable to eavesdropping.

[–] [email protected] 4 points 1 year ago
[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (2 children)

It says it's federated. When you are your own provider, e2ee doesn't matter nearly as much (you probably have a bunch of personal files, backups, services running on the same box anyway).

Edit: I would gladly take constructive comments with the downvotes. For a moment I thought we were on "selfhosted", where "you are your own provider" should resonate in with most

[–] [email protected] 7 points 1 year ago (2 children)

The point of federation means your content doesn't only stay on your server. The person you're talking too can be on a different one and their admin can see them too. Also, I wouldn't want to be able to access content from any user - it's a "no trust needed" thing.

[–] [email protected] 2 points 1 year ago

with databag, the content only resides on the hosting node, or on the device of a topic participant. in the case of matrix.org, federation means your content will live on other servers, but that's not the case for databag.

your point about the admin being able to see the content is valid. if the databag node is hosted by someone else, then they to would have access to the content if e2ee is not used.

[–] [email protected] 0 points 1 year ago (1 children)

The person you're talking too can be on a different one and their admin can see them too.

That very much depends on the protocol and type of federation, but a good point indeed

Also, I wouldn't want to be able to access content from any user - it's a "no trust needed" thing.

Sure, but e2ee also comes with lots of trade-offs and strings attached, that almost only ever make sense in case of extreme centralization (i.e. in a non-federation, where trust in the faceless provider is not an option). PFS means that setting up a new device is a PITA because you can't access your full messages history on new devices without off-band synchronization, no server-side search means that clients are either limited in this area or have to carry large histories and inefficiently search themselves, MITM/server-mediated attacks are only mitigated with verification (on top of encryption), which is a UX disaster for users non-versed into crypto (and this complexity is imposed upon such users no matter what), etc, etc.

Of course I'm not advocating against e2ee in the general case (and quite the opposite at that), but if you self host (topic of this community) for yourself and few family members, the downsides quickly outweigh the benefits and so I believe that e2ee should be left at the discretion of the users.

[–] [email protected] 1 points 1 year ago

Right, but when there's third parties involved which you may not trust (which is almost always going to be the case when talking to users not on your server), e2e's benefit starts becoming a lot more enticing. And while you have a point on out of band key sharing being annoying, it makes sense as a default - especially when content is going across servers. Content should be secure with an opt-out rather than insecure with an opt-in. The latter is just more error prone.

Also: while it's not friction free, apps like signal have shown that you can get verified e2e to be usable for the general population.

[–] [email protected] 1 points 1 year ago

Your comment is spot on. e2ee is critical when there is server side replication or when you are using a public server, but neither is typically the case with Databag. e2ee imposes some limitations such as preventing server side processing of content which is useful for streaming. In my opinion e2ee is needed when you don't know where the content resides, but when you do it's overkill.

[–] [email protected] 16 points 1 year ago (2 children)
[–] [email protected] 10 points 1 year ago (1 children)

Dumbest answer: I didn't find a one click solution on casaOS.

[–] [email protected] 8 points 1 year ago (1 children)

No idea what the heck casaOS, but here you get your turnkey XMPP servers (if you really don't want to use a distro that packages prosody/ejabberd, which are all the ones worthy to be used anyways?):

[–] [email protected] 2 points 1 year ago (1 children)

casaOS is a docker-compose simplified one click solution, like unraid or heimdall.

Sure I tried to add xmpp to my apps, but finding the right one on xmpp is like the first experience with Linux ... too many alternatives. I tried openfire because it sounds good with a compose file and proxy all to my caddy server. But I am stuck actually (the last 10 min), and I am unable to decide if ejabberd is better.

[–] [email protected] 3 points 1 year ago

If your system is based on docker, couldn't you just use the official docker image I linked? Besides, I wouldn't recommend openfire, not because it's not a capable server (it's been to long since I tried it to have a meaningful opinion), but because it has less widespread usage than ejabberd/prosody, and by extent, probably less resources to help you configure it to your needs.

I know it's not the topic of this thread, but you are not making a convincing case (to me!) for a "docker-compose simplified one click solution" that pulls you away from the most popular and well maintained alternatives :)
And you will also likely encounter things down the road pertaining to firewall configuration, domain name resolution and port multiplexing that containerization will turn into a configuration and troubleshooting nightmare, so… enjoy! (or not)

[–] [email protected] -1 points 1 year ago (1 children)
[–] [email protected] 4 points 1 year ago

You can absolutely run your own XMPP server. It came with my Yunohost installation.

[–] [email protected] 8 points 1 year ago

How does this compare with matrix?

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

I call it d-bag for short.

[–] [email protected] -1 points 1 year ago