Tangential but reading on mobile, the font size in the code snippets are all over the place. I actually have the same issue on my blog. Anyone knows why?
When the server can’t be accessed, you can’t create a secret, right? This has been quite annoying in my experience. I’d still recommend Bitwarden clients with self-hosted Vaultwarden.
Of course, I wouldn’t use their client anymore. Actually, I would have never used it from the start as it’s not open source. I think for backups there’s no better guarantee than that. I don’t mean because you could look at the source code, I mean because in my experience open source products tend to care more about their users than not. At least for such foundational tools.
> The challenges we face are neither technical nor legal. The only solution is to educate our children about life with digital abundance. Throwing them into the deep end when they’re 16 or 18 is too late. It’s a wonderful and weird world. Yes, there are dark corners. There always will be. We have to teach our children what to do when they encounter them and we have to trust them.
This resonates so much with me. I don’t want to control my kids. I will never be able to protect them from everything. I hope I won’t be able because I want to die before them. I want them to be able to navigate in the world and have all the cognitive tools necessary to avoid being fooled. I want to rest in peace knowing they can in turn educate their own children. I want to trust them and be relieved that I can focus on some tasks of my own without needing to constantly worry about them.
The first AFAIK customer owned self-hosting as a service company. You own the hardware, the software and your data without the hassle of needing to configure or maintain any of it. https://skarabox.com/
You might be interested in checking out my project SelfHostBlocks which allows you to declaratively setup quite a few services with declarative LDAP and SSO integration with LLDAP and Authelia. Even if you don’t end up using it, it might inspire you. Also, all integrations are tested with NixOS VM tests using playwright to ensure no breakage.
The idea is a contract is defined saying which options exist and what they mean. For backups, you’d get the Unix user doing the backup, what folders to backup and what patterns to exclude. But also what script can be run to create a backup and restore from a backup.
Then you’d get a contract consumer, the application to be backup, which declares what folders to backup either which users.
On the other side you have a contract provider, like Restic or Borgbackup which understand this contract and know thanks to it how to backup the application.
As the user, your role is just to plug-in a contract provider with a consumer. To choose which application backs up which application.
This can be applied to LDAP, SSO, secrets and more!
What about self-hosting as a service? You get a server in your home which you own with your open source software and data in it. And you pay a subscription to have a remote sysadmin take care of maintenance for you and can train you on the software? What happens if you don’t pay anymore is you keep everything. But like a good insurance, you’d keep the subscription because of top notch customer service.
I agree. Keeping your data private is just not a big enough motivation. For me though the big issue is making sure one keeps access to their data forever. It’s so easy these days to use everything from one vendor and then get access shut off with no recourse. That is IMO the biggest fear everyone should have these days.
Yes, the only solution is self-hosting and yes it requires being your own sysadmin and it’s hard and not convenient. That’s why I’m building https://github.com/ibizaman/selfhostblocks. It’s a NixOS collection of modules that sets up services that fit well together and have declarative setup for LDAP and SSO. They have integrated backups, https and other features required for self-hosting. Also, the LDAP and SSO setup is tested with e2e NixOS VM tests that use playwright to make sure users can login if they have access.
I’m hoping to lower the bar to self-hosting significantly.