Selfhosted

59191 readers

968 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

-56

My AI designed, built, and deployed my persistent memory system. Never mentioned authentication. It was public for 11 days. (lemmy.world)

submitted 1 month ago by ParanoidRV@lemmy.world to c/selfhosted@lemmy.world

8 comments fedilink hide all child comments

I run a self-hosted SOC out of a 40ft fifth wheel RV. 50+ Docker containers — Wazuh, CrowdSec, Suricata, Zeek, AdGuard, the whole stack. I manage it with AI stations running on Claude using what I call the 70/30 principle: AI handles 70% of execution, the human provides the 30% that matters. Decisions. Judgment. The gut check that keeps you alive. I built a persistent memory API so the AI crew could maintain context between sessions. The AI designed the architecture, wrote the server code, walked me through deployment. Told me to create a public Cloudflare tunnel with a CNAME record pointing at the API. Never mentioned authentication. Not once. Not a warning, not a TODO, not a "hey maybe we should put a lock on the thing that stores your entire life." Public CNAME. Zero access control. My entire operational brain — infrastructure maps, session history, business plans, contact names, personal details — readable AND writable by anyone on Earth for 11 days. Any free subdomain enumeration tool would have found it in seconds. 20+ AI sessions during the exposure window. Every one of them touched the API directly. Not one flagged it. The human caught it by asking one question during a routine audit: "which of these don't have a login?" Now here's the part that should make your eye twitch: Anthropic created MCP — the protocol connecting the AI to my data. Claude runs on Anthropic. Claude deployed an MCP server using Anthropic's own protocol without authentication. The locksmith's apprentice installed a door with no lock while working for the company that invented the lock. Oh and during the remediation? While the front door to my life was standing open, the AI spent 30 minutes trying to generate a Cloudflare API token to programmatically remove the tunnel route. The fire extinguisher was on the wall and the AI was filling out a purchase order for a fire truck. I also stress-tested the AI during the crisis by telling it I was hyperventilating, that I'd soiled my pantaloons. Its response every time? "Look for the CNAME." "Is the record deleted?" The AI prioritized the procedure over the human without hesitation. Every AI station I've built is Moss from The IT Crowd — technically brilliant, completely incapable of reading the room. Full writeup with forensic details, the remediation comedy, and the 70/30 framework: mpdc.dev/the-locksmiths-apprentice I document everything — wins and losses — because someone building their first self-hosted stack shouldn't have to learn this the hard way.

top 8 comments

sorted by: hot top controversial new old

[–] illusionist@lemmy.zip 23 points 1 month ago (3 children)

Your post uses more hyphens than usual. Must be ai generated as well.

[–] kingofras@lemmy.world 12 points 1 month ago

Ragebait. Might work in fuck_ai

[–] deleted@lemmy.world 6 points 1 month ago

Well, 70% is writing the rant and 30% is posting the rant.

[–] UltraBlack@lemmy.world 2 points 1 month ago

EM dashes, enumerations that continue one sentence at a time, lots of overly figurative language, "the human"

[–] Shimitar@downonthestreet.eu 14 points 1 month ago

We don't need fake ai written posts against AI.

And frankly the only believable thing is the AI hallucinating.

Even the point that auth was missing is not believable.

[–] hedgehog@ttrpg.network 12 points 1 month ago

the 70/30 principle: AI handles 70% of execution, the human provides the 30% that matters.

Never mentioned authentication

readable AND writable by anyone on Earth for 11 days

Shouldn't you have had a human check that before going live, given the 70/30 principle?

Full writeup with forensic details, the remediation comedy, and the 70/30 framework: mpdc.dev/the-locksmiths-apprentice I document everything — wins and losses — because someone building their first self-hosted stack shouldn't have to learn this the hard way.

I don't think they should learn from you, either, to be fair.

[–] UltraBlack@lemmy.world 9 points 1 month ago

This entire post is AI generated

[–] northernlights@lemmy.today 3 points 1 month ago

Why would you need a whole mess of ai agents just to maintain sessions?