Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
How secure is zerotier in your opinion?
This is a very good read https://blog.reconinfosec.com/locking-down-zerotier
TLDR: Used at hacker conference Defcon 26 in a blue team (defense team) capture the flag.
I think it's pretty secure and it will be getting better soon. In reality, I think it's much more secure than what most people will end up with otherwise.
ZeroTier is open source, long running without incident, and the traffic is encrypted between peers.
The threat model is basically two fold though, in theory someone who has control of the ZeroTier roots (if you're not using your own controller, if you're using your own, then s/their roots/your roots/) could add routes to your devices, and add/remove devices that are part of your confirmation.
The encryption also doesn't currently have perfect forward security, so if there's a compromise in one of your connections, in theory some past state of that connection could be decrypted. In practice, I'm not sure this matters as traffic at a higher level for most sensitive things uses its own encryption and perfect forward security (but hey maybe you have some software that doesn't).
The other thing I will note about that last point is that they're working on a rust rewrite that will have updated crypto, including perfect forward security.
Thank you for the write up! Very helpful.
The use case I was wondering about is batch printing from a cloud solution. The print batch files could be encrypted, but I work with multiple solutions and I’m not confident that all of them encrypt those files. If it’s possible to crack old batches, that could expose sensitive information.
If you send these files over SSH, you're good as that's encrypted by ZeroTier and then encrypted again inside the SSH connection (and SSH does have perfect forward security).
See their cryptography section of their docs for more info.
You can read more here about what they're working on:
It's been to long since I've read that to give anything more than a condensed "they're improving their crypto significantly with ZeroTier 2" (not to mention memory safety via Rust).