Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
-
No low-effort posts. This is subjective and will largely be determined by the community member reports.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
The Backblaze option is something I've seriously considered.
Any reason this person didn't go with the $99/year personal backup plan? It says "unlimited" and it is for my household only, but maybe I'm missing something about how difficult it is to setup on Unraid or other NAS software. B2's $6/TB/mo rate would put me at $150/mo which is not great.
They only needed about 500GB.
And personal is for desktop systems. You have to use Backblazes macOS/Windows desktop application, and the setup is not zero-knowledge on Backblazes part. They literally advertise being able to ship you your files on a physical device if need be.
Which some people are ok with, but not what most of us would want.
You can ship encrypted files you know…..?
Yes. That's not mutually exclusive with Backblaze having access to your backups.
Them having access to them is irrelevant if they’re encrypted. What’s the issue?
You can do that with B2. Just use an application to upload that encrypts as it uploads.
The only way to achieve the same on the backup plan (because you have to use their desktop app) is to always have your entire system encrypted and never decrypt anything while the desktop app is performing a backup.
Did you not read what I said? You use their app, which copies files from your system as-is. Ensuring it never grabs a cleartext file is not practical.
That doesn’t mean it’s not encrypted on their servers…..
Also doesn't mean it is. Or in a way where only you can decrypt it.
The chain of custody is unclear either way. You're not in control.
It’s pretty clear actually - all data is encrypted at rest on their servers. They specifically say so.
https://www.backblaze.com/cloud-storage/security
https://www.backblaze.com/blog/how-to-make-strong-encryption-easy-to-use/
No shit. But encryption isn't the same as zero-knowledge. Where by the time they handle the data in any way whatsoever, it's already encrypted, by you.
Do you not know what zero-knowledge means? Or are you so focused on my mentioning they'll ship data to you physically that what I actually said went over your head?
From the page you just linked:
It's not zero-knowledge!
That’s really not an issue though.
Yeah. It's almost like I literally said that in my second comment.
What gap in my knowledge are you trying to fill here?
I didn't even mention encryption in my second comment. Just that their backup plan isn't zero-knowledge.
Strongly disagree.
With what?
That self hosting admins on lemmy probably care about their backups not being accessible to third parties?
I don't think you can claim that they wouldn't.
You can claim that YOU don't mind. But that's a sample size of one. And I'm not denying there are people who don't care.
I just don't think they're the type to be self-hosting in the first place.
And that still doesn't answer why the fuck you set out on this series of "well achuallys"?
It seems to me, you're still looking for something to correct me on.
Define “accessible” here. They’re encrypted …..
Being able to download an encrypted file is not the same as being able to download it and unencrypt it, which they can’t do.
...
Sure they can. How else do they enable providing access to the content without the user password?
The data is secured against unauthorized access, but unlike zero-knowledge setups where the chain of custody is fully within user control, the user is not the only one authorized. And even if you are supposed to be, you cannot ensure that you actually are.
OF-FUCKING-COURSE the physical drives, and network traffic are encrypted. That's how you prevent unauthorized physical access or sniffing of data in-flight. That's nothing special.
But encryption is not some kind of magic thing that just automatically means anyone who shouldn't have access to the data, doesn't.
For that to actually be the case, you need solid opsec and known chain of custody. Ways of doing things that means the data stays encrypted end-to-end.
The personal backup plan doesn't have that.
Where do they provide access to the content without the user password?
...
4
Explain to me how they couldn't. Without simply stating "it's encrypted".
On the B2 plan you can use open source solutions like Kopia to KNOW that data is encrypted on your system with keys only you have, before Backblaze ever sees it.
Explain to me, how the personal plan using their closed source application achieves the same.
Linking to a page where they say "it's secure" is not sufficient. Elaborate. In detail. To at least an equal extent I already have.
So your whole point is that you shouldn't trust one of the biggest cloud backup companies on the planet when they say that your data is encrypted, with no proof that they're telling lies...........and you're asking me to prove that they're telling the truth?
The onus is on you to prove that they're telling lies, not on me to prove what they say is true.
They say this about computer backup on one of the pages I linked earlier:
Is that all a lie? Based on what?
No.
I'm saying 99.999999999999999999999999999999999999999999999999999999% ≠ 100%
For some people that's close enough. For some of us it's not.
Prove otherwise. I dare you. I'm done putting in effort explaining the obvius to you. Your turn.
So being encrypted before transmission and at rest isn't enough simply because someone at backblaze can send the encrypted files out to you on a HDD........
lol
You can't use the $99/year plan for that. The authorized client only works as a desktop application on Windows and MacOS.