Running web services on a device that hasn't seen a security patch in 3 years seems like a bad idea.
Also, unless you can mount a real hard drive, you are going to very quickly run into I/O bandwidth issues and flash longevity limits
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
Running web services on a device that hasn't seen a security patch in 3 years seems like a bad idea.
Also, unless you can mount a real hard drive, you are going to very quickly run into I/O bandwidth issues and flash longevity limits
@RegalPotoo Maybe I should have been more specific in the wording of my title.
No one planning on hosting public multi-user service that would see some serious traffic would probably benefit from hosting on a phone.
Someone who wants to simply run a single-user instance or their personal nextcloud? I think that's a real possibility.
It's a really cool idea, and the internet would probably be a better place if more people took ownership of their infrastructure rather than relying on ad-supported "free" services, and it's easy to criticise an approach that I've spent maybe 10 minutes actually thinking about - I've got my reservations, but if you can make it work it would be awesome
It is possible nowadays: I'm hosting quite a few services on an 5 years old Android. Just with Termux, no root required. Of course connectef it's just to the internal network due to all the security concerns mentioned in the post.
To solve all the bandwidth/connection issues, I've bought a usbc-ethernet dongle that works like a charm.
To mitigate battery issues I've limited the charging to 85%.
I would never host Jellyfin there, but with webdav and Kodi I can get my media served easily to all my devices at home
The risk that @regalpotoo mentioned is still unmitigated though, single user instance or not. At worst, the personal data can be exfiltrated. At best, the server can be used as a part of a botnet. Even if the software (nextcloud) would be patched, that doesn't help against exploits on a OS level.
Granted, one could run services inside a vpn and have some kind of preventive / monitoring controls, but you're still need to implement some kind of defense in depth in order to protect it.
I'd also be worried about battery issues
Don't want to find it having overheated / turned into a pufferfish
Future news headline: “The web server literally exploded under the DDOS attack.”
I mean, android is fine I guess, but it's being pushed to be less and less able to be separated from Google. I think for a lot of people interested in self hosting, there's a low amount of interest in it because of that.
@southsamurai Oh that's definitely a huge concern, but not just for self-hosting but for privacy in general.
But still, if the average joe wants to self-host something using an old phone is probably the easiest way to get them to try self-hosted alternatives and drop corporate / commercial services.
Maybe not the 'average average joe' such as my parents, but anyone who is minimally curious enough to do stuff such as registering a domain, setting up a game server for friends and maybe has opened the CMD windows console once or twice in the past following a tutorial. That kind of demographic (IDK if it has a name) might be much more inclined to self-host if it was as easy as installing an APK and letting your phone one somewhere at home.
Overall as long as Android doesn't become straight out malicious spyware itself, the benefit of dropping commercial alternatives might very well be a net positive. In a worst-case scenario, any tunnel / vpn configuration necessary to expose a service to the internet could also add an automated step to blackhole requests to google's tracking servers.
Upvoted, but I feel horrified by the notion. I'd much rather have a headless server
@MigratingtoLemmy use a hammer to break the screen, control via adb :vlpn_happy_blep:
Wait are you messaging from mastodon?? Is that why the emoji won't render
@Omniraptor ah yes! Probably that's why.
Actually the whole original post was sent via Mastodon.
I tend to write posts that I share to my Mastodon followers and then at the end I mention a Lemmy community if I believe the community would also find it interesting.
That is so cool I didn't realize lemmy and mastodon were different views into the same database, assumed they were different services with no overlap except some underlying tech (I don't know much about fediverse structure). But how does that work with like, character limits? Iirc lemmy can have much longer comments
IMO, more like Linux. Android for such old devices is unmaintained, but if you're able to run Linux on it you'll still be able to apply kernel updates and security updates for software will continue to exist. Many things are opensource too and you should be able to recompile them on the android device to make it run.
Big problem: updates for something that is directly exposed to internet
Some low end devices will stop getting security updates 6 months after launch because the OEM launches a new model every two weeks and obviously doesn't have resources to dedicate to it
In some cases, even high end devices don't get updates and are discontinued internally shortly after launch, for example the Xiaomi mix 3 5g
Yes, root and custom ROMs could solve the problem, but not as easy as regular Linux where you just use a package manager to update. First issue is needing to wipe after updates and you have to reinstall and reconfigure everything
Hmm I think my main concern would be lack of kernel/firmware updates, running something like postmarketOS could partly solve that and still be nearly as easy to set up (just unlock and flash a prebuilt image)
But firmware is still almost entirely dependent on the vendor, since it's all signed and unpatchable.
Next issue would be lack of connectivity on a lot of phones, which have gone backwards and include USB 2.0 now. WiFi is an option, but less stable, I personally decided to just go 100Mbps and suffer.
As for the battery, it would help a lot if phones were designed to boot without one and they were removable, it all worked well for about half a year until I found out I had a spicy pillow and had to replace it with direct power to the board, which made the whole setup much less elegant and required soldering.
It all comes down to how devices are designed in the end. If someone took the time to make a computer instead of just a phone, and included features that make it useful past its initial life that aren't that popular (display output, microsd, headphone jack), mainlined all the drivers and maintained firmware, that would be a different story.
But that's not a very profitable model, because it's all about reducing waste and thus selling less. A lot needs to change.
@Wander @selfhosted this whole “We are walking about with entirely reasonable servers in our pockets for reasonable scales - why doesn’t it feel like that?” thing is in my brain quite a bit.
@benjohn @selfhosted 6-8 GB of RAM with powerful CPU and GPU that was designed to run games and can in some cases run small AI models is nothing to scoff at imho.
@Wander @selfhosted I have conversations with peers where they talk about “servers” and “computers” as if they figure them as quite distinct things.
I feel like Android is adding some new power saving "feature" with every version to kill all the useful stuff I want to keep running in the background.
Last stupid thing I remember was when it removed my CalDAV synchronisation because I haven't been "using" the CalDAV app for some months.
Not to mention all the times it decides to kill something you want to use because it thinks the RAM would be more needed elsewhere. Honestly my 128 MB RAM Nokia N900 could run more apps at the same time than my 4 GB RAM Fairphone.
Yeah, android is a lot like Windows in that they make choices that might benefit users who don't know what's going on but interrupts or harms things power users are doing. They are just better at not being as annoying with it and don't beg people to use their default programs.
You're right, that's a feature if you're a regular phone user and a bug if you want it as a server.
Also, even if the application is still running you can have the os almost fully shutdown even if it's charging. Again, it's a behavior tuned for a typical user.
Thanks for the monthly reminder to open DavX5 🤣
Pretty cool concept actually. upcycling old tech does seem to be a selfhosting hobby. I see a lot of criticism that I think doesn't really see the value proposition. You should be able to root the device and install a new OS. I wonder how limited the bandwidth would be though, and whether it'd be worth the cost to get adapters, if they exist, to allow more throughput. I do like the concept though.
Android? No. It's not made for it. You are using a hammer to paint a wall.
Phones? With a different Linux based distro? I can see it happening. For a small niche at least.
Who provides the software and firmware updates for my antique Samsung S4 and Galaxy young?
I hope you will give me some firmware for the old snapdragon.
Don't forget the loads of Exynos CPUs and loads of GPUs from different vendors.
The future? No. A useful niche? Sure.
I run 4 mail servers, 2 game servers, 3 directory/auth servers, a firewall/router, a NAS, a security system server, a media server, a monitoring server, and a couple others. Android ain’t gonna cut it.
The future of selfhosted services might includes phones yes, Android most likely not.
Think about it, those phones might work right now but in 10 years their Android versions will not support anything, they wont even have root certificate updates breaking SSL, the kernel will be missing support for whatever people need and whatnot. Maybe the phones won't even boot because some key will expire somewhere... let alone security vulnerabilities.
People selfhost on 10-year old hardware right now, but they do install modern Linux distros that are well supported and up to date. I believe the most likely scenario is that at some point the "security" of most of that hardware will be broken and you'll be able to run some version of AOSP for older hardware and/or a generic Linux.
But that might not ever happen, those phones are built like hell and we've another category of hardware with similar characteristics that was never repurposed for anything after a decade - routers. It's common to see older routers that are now too slow when it comes to wifi or even CPU and although they're way more open and primitive than modern smartphones when it comes to software we usually can't even repurpose them as dumb switches with alternative / open software. OpenWRT and DD-WRT might work in some case but those are exceptions and usually those models were already supported by those firmwares. For instance there are enough Thomson / Technicolor TG784n ISP provided routers to create a second moon and the effort to break their security and create a usual firmware is so much that nobody did it. It's just easier to pay 30€ for a cheap router/switch and move on.
@selfhosted Update:
It does not need to be perfect, have massive throughput or allow for massive amounts of read/write cycles.
If people can host their own media server like Jellyfin or note taking apps like Joplin instead of using commercial services by simply installing an APK on an old phone they can leave connected at home, that's already a big win.
Just use raspberry pis and Linux. You'll have better support.
Then ditch the raspberry pi and get an sff PC that has an x86 processor in it.
You absolutely want to remove the batteries. Otherwise they would die of old age pretty soon and then it creates danger of fire. Either a new battery for your 'server' every 5 years, or some tinkering solution, maybe supercapacitors.
Then you need an OS with long term support/maintenance. Not stock Android, because it evolves away from old hardware too fast. Maybe something like Lineage.
One problem remains: I have serious doubts about the network interface, if it can handle high throughput or many connections, like a webserver for several users, or even torrenting. A NAS for 1 person seems very possible, though.
It has an UPS builtin 😇
Jokes aside I used to run a few python bots inside termux on my very old S3 Mini a few years ago. It did the job at least.
The latest pixel devices (since 6 I think?) already provide accees to a /dev/kvm
device, so maybe you could even run a normal Ubuntu server VM on your phone for hosting these services.
@Wander @selfhosted also, don't forget that it's easy enough to run Linux on Android: https://f-droid.org/en/packages/tech.ula/
@Wander @selfhosted I have old Pixel phones with LineageOS installed, but I haven't found a good way to prevent battery inflation. I'd love a way to limit charge to 50% or to bypass the battery altogether.
I'd be more inclined to say Raspberry Pi. Low power, small, scalable.
And if you want Android, there's a https://wiki.lineageos.org/devices/#banana-pi
I'm currently designing a sync/backup/mesh network device for family/friends. Something they can simply plugin, and I can manage remotely.
I've already heard of people using Termux to host services on their old phones. Seems to work well.
@Wander @selfhosted This sort of setup is very attractive IMO because of the low power usage. Android phones use much less power than old PCs.
The main con I see is not having ethernet (maybe there's some sort of MicroUSB/USB-C to ethernet adapter, but I didn't look into it yet). That, and there being only one port.
@Wander @selfhosted Sounds like a great way to kill you phone's battery. But maybe if you created an ad-hoc stack... Have you ever heard of @veilidnetwork ?
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:
Fewer Letters | More Letters |
---|---|
NAS | Network-Attached Storage |
PCIe | Peripheral Component Interconnect Express |
Plex | Brand of media server package |
RPi | Raspberry Pi brand of SBC |
SBC | Single-Board Computer |
SSD | Solid State Drive mass storage |
SSL | Secure Sockets Layer, for transparent encryption |
6 acronyms in this thread; the most compressed thread commented on today has 5 acronyms.
[Thread #231 for this sub, first seen 22nd Oct 2023, 22:25] [FAQ] [Full list] [Contact] [Source code]
I think there's some truth to it. But I imagine it will be more AOSP than what android is with google services. AOSP is really a great operating system with very good security and built in features. And with neural engines and high bandwidth emmc, it is mostly just lacking a large amount of storage to make it all complete, but the latest SOCs are most probably powerful enough. Is there something like docker for android? :)
Edit: I do recognize what someone else said, which is that one big challenge would be software updates. We are not that limited by hardware when we consider servers, they can easily run for years with regular software updates.