The future of selfhosted services is going to be… Android?

Wait, what?

Think about it. At some point everyone has had an old phone lying around. They are designed to be constantly connected, constantly on… and even have a battery and potentially still a SIM card to survive power outages.

We just need to make it easy to create APK packaged servers that can avoid battery-optimization kills and automatically configure an outbound tunnel like ngrok, zerotrust, etc…

The goal: hosting services like #nextcloud, #syncthing, #mastodon!? should be as easy as installing an APK and leaving an old phone connected to a spare charger / outlet.

It would be tempting to have an optimized ROM, but if self-hosting is meant to become more commonplace, installing an APK should be all that’s needed. #Android can do SSH, VPN and other tunnels without the need for root, so there should be no problem in using tunnels to publicly expose a phone/server in a secure manner.

In regards to the suitability of home-grade broadband, I believe that it should not be a huge problem at least in Europe where home connections are most often unmetered: “At the end of June 2021, 70.2% of EU homes were passed by either FTTP or cable DOCSIS
3.1 networks, i.e. those technologies currently capable of supporting gigabit speeds.”

Source: https://digital-strategy.ec.europa.eu/en/library/broadband-coverage-europe-2021

PS. syncthing actually already has an APK and is easy to use. Although I had to sort out some battery optimization stuff, it’s a good example of what should become much more commonplace.

cc: @selfhosted
#selfhosted #selfhosting

  • RegalPotoo@lemmy.world
    link
    fedilink
    English
    arrow-up
    73
    arrow-down
    1
    ·
    1 year ago

    Running web services on a device that hasn’t seen a security patch in 3 years seems like a bad idea.

    Also, unless you can mount a real hard drive, you are going to very quickly run into I/O bandwidth issues and flash longevity limits

    • Wander ΘΔ :verified_paw:@packmates.orgOP
      link
      fedilink
      arrow-up
      17
      arrow-down
      4
      ·
      1 year ago

      @RegalPotoo Maybe I should have been more specific in the wording of my title.

      No one planning on hosting public multi-user service that would see some serious traffic would probably benefit from hosting on a phone.

      Someone who wants to simply run a single-user instance or their personal nextcloud? I think that’s a real possibility.

      • RegalPotoo@lemmy.world
        link
        fedilink
        English
        arrow-up
        7
        ·
        1 year ago

        It’s a really cool idea, and the internet would probably be a better place if more people took ownership of their infrastructure rather than relying on ad-supported “free” services, and it’s easy to criticise an approach that I’ve spent maybe 10 minutes actually thinking about - I’ve got my reservations, but if you can make it work it would be awesome

      • krash@lemmy.ml
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        The risk that @regalpotoo mentioned is still unmitigated though, single user instance or not. At worst, the personal data can be exfiltrated. At best, the server can be used as a part of a botnet. Even if the software (nextcloud) would be patched, that doesn’t help against exploits on a OS level.

        Granted, one could run services inside a vpn and have some kind of preventive / monitoring controls, but you’re still need to implement some kind of defense in depth in order to protect it.

    • Otter@lemmy.ca
      link
      fedilink
      English
      arrow-up
      9
      ·
      1 year ago

      I’d also be worried about battery issues

      Don’t want to find it having overheated / turned into a pufferfish

  • southsamurai@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    38
    ·
    1 year ago

    I mean, android is fine I guess, but it’s being pushed to be less and less able to be separated from Google. I think for a lot of people interested in self hosting, there’s a low amount of interest in it because of that.

    • Wander ΘΔ :verified_paw:@packmates.orgOP
      link
      fedilink
      arrow-up
      4
      ·
      edit-2
      1 year ago

      @southsamurai Oh that’s definitely a huge concern, but not just for self-hosting but for privacy in general.

      But still, if the average joe wants to self-host something using an old phone is probably the easiest way to get them to try self-hosted alternatives and drop corporate / commercial services.

      Maybe not the ‘average average joe’ such as my parents, but anyone who is minimally curious enough to do stuff such as registering a domain, setting up a game server for friends and maybe has opened the CMD windows console once or twice in the past following a tutorial. That kind of demographic (IDK if it has a name) might be much more inclined to self-host if it was as easy as installing an APK and letting your phone one somewhere at home.

      Overall as long as Android doesn’t become straight out malicious spyware itself, the benefit of dropping commercial alternatives might very well be a net positive. In a worst-case scenario, any tunnel / vpn configuration necessary to expose a service to the internet could also add an automated step to blackhole requests to google’s tracking servers.

        • Wander ΘΔ :verified_paw:@packmates.orgOP
          link
          fedilink
          arrow-up
          4
          ·
          edit-2
          1 year ago

          @Omniraptor ah yes! Probably that’s why.
          Actually the whole original post was sent via Mastodon.

          I tend to write posts that I share to my Mastodon followers and then at the end I mention a Lemmy community if I believe the community would also find it interesting.

          • Omniraptor@lemm.ee
            link
            fedilink
            English
            arrow-up
            4
            ·
            edit-2
            1 year ago

            That is so cool I didn’t realize lemmy and mastodon were different views into the same database, assumed they were different services with no overlap except some underlying tech (I don’t know much about fediverse structure). But how does that work with like, character limits? Iirc lemmy can have much longer comments

            • @Omniraptor @Wander Probably user is limited during writing by own instance limit and longer posts of others could be displayed. I saw this between mastodon/misskey instances with various limits, probably it could be similar for lemmy/kbin federation. Currently I am writing this on small mastodon server with 20k limit (never used this fully yet…)

            • Wander ΘΔ :verified_paw:@packmates.orgOP
              link
              fedilink
              arrow-up
              2
              ·
              1 year ago

              @Omniraptor in theory Mastodon will show a “read more” button for longer comments. Top level posts sent from Lemmy often require clicking the link to view them in full and content isn’t ordered by votes because they don’t exist.

              So, it’s a bit messy to read Lemmy from Mastodon, but posting something and then replying to comments on that thread is really easy.

  • onlinepersona@programming.dev
    link
    fedilink
    English
    arrow-up
    18
    ·
    1 year ago

    IMO, more like Linux. Android for such old devices is unmaintained, but if you’re able to run Linux on it you’ll still be able to apply kernel updates and security updates for software will continue to exist. Many things are opensource too and you should be able to recompile them on the android device to make it run.

    • BearOfaTime@lemm.ee
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      Seems like this is a great use-case for an RPi. At least for single/few user setups

  • Björn Tantau@swg-empire.de
    link
    fedilink
    English
    arrow-up
    17
    ·
    1 year ago

    I feel like Android is adding some new power saving “feature” with every version to kill all the useful stuff I want to keep running in the background.

    Last stupid thing I remember was when it removed my CalDAV synchronisation because I haven’t been “using” the CalDAV app for some months.

    Not to mention all the times it decides to kill something you want to use because it thinks the RAM would be more needed elsewhere. Honestly my 128 MB RAM Nokia N900 could run more apps at the same time than my 4 GB RAM Fairphone.

    • Buddahriffic@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      ·
      1 year ago

      Yeah, android is a lot like Windows in that they make choices that might benefit users who don’t know what’s going on but interrupts or harms things power users are doing. They are just better at not being as annoying with it and don’t beg people to use their default programs.

    • trolololol@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      You’re right, that’s a feature if you’re a regular phone user and a bug if you want it as a server.

      Also, even if the application is still running you can have the os almost fully shutdown even if it’s charging. Again, it’s a behavior tuned for a typical user.

  • Benjohn@todon.nl
    link
    fedilink
    arrow-up
    17
    ·
    1 year ago

    @Wander @selfhosted this whole “We are walking about with entirely reasonable servers in our pockets for reasonable scales - why doesn’t it feel like that?” thing is in my brain quite a bit.

  • awooo@pawb.social
    link
    fedilink
    English
    arrow-up
    14
    ·
    1 year ago

    Hmm I think my main concern would be lack of kernel/firmware updates, running something like postmarketOS could partly solve that and still be nearly as easy to set up (just unlock and flash a prebuilt image)

    But firmware is still almost entirely dependent on the vendor, since it’s all signed and unpatchable.

    Next issue would be lack of connectivity on a lot of phones, which have gone backwards and include USB 2.0 now. WiFi is an option, but less stable, I personally decided to just go 100Mbps and suffer.

    As for the battery, it would help a lot if phones were designed to boot without one and they were removable, it all worked well for about half a year until I found out I had a spicy pillow and had to replace it with direct power to the board, which made the whole setup much less elegant and required soldering.

    It all comes down to how devices are designed in the end. If someone took the time to make a computer instead of just a phone, and included features that make it useful past its initial life that aren’t that popular (display output, microsd, headphone jack), mainlined all the drivers and maintained firmware, that would be a different story.

    But that’s not a very profitable model, because it’s all about reducing waste and thus selling less. A lot needs to change.

  • Moonrise2473@feddit.it
    link
    fedilink
    English
    arrow-up
    13
    ·
    1 year ago

    Big problem: updates for something that is directly exposed to internet

    Some low end devices will stop getting security updates 6 months after launch because the OEM launches a new model every two weeks and obviously doesn’t have resources to dedicate to it

    In some cases, even high end devices don’t get updates and are discontinued internally shortly after launch, for example the Xiaomi mix 3 5g

    Yes, root and custom ROMs could solve the problem, but not as easy as regular Linux where you just use a package manager to update. First issue is needing to wipe after updates and you have to reinstall and reconfigure everything

  • Appoxo@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    12
    ·
    1 year ago

    Who provides the software and firmware updates for my antique Samsung S4 and Galaxy young?
    I hope you will give me some firmware for the old snapdragon.
    Don’t forget the loads of Exynos CPUs and loads of GPUs from different vendors.

  • TCB13@lemmy.world
    link
    fedilink
    English
    arrow-up
    14
    arrow-down
    2
    ·
    edit-2
    1 year ago

    The future of selfhosted services might includes phones yes, Android most likely not.

    Think about it, those phones might work right now but in 10 years their Android versions will not support anything, they wont even have root certificate updates breaking SSL, the kernel will be missing support for whatever people need and whatnot. Maybe the phones won’t even boot because some key will expire somewhere… let alone security vulnerabilities.

    People selfhost on 10-year old hardware right now, but they do install modern Linux distros that are well supported and up to date. I believe the most likely scenario is that at some point the “security” of most of that hardware will be broken and you’ll be able to run some version of AOSP for older hardware and/or a generic Linux.

    But that might not ever happen, those phones are built like hell and we’ve another category of hardware with similar characteristics that was never repurposed for anything after a decade - routers. It’s common to see older routers that are now too slow when it comes to wifi or even CPU and although they’re way more open and primitive than modern smartphones when it comes to software we usually can’t even repurpose them as dumb switches with alternative / open software. OpenWRT and DD-WRT might work in some case but those are exceptions and usually those models were already supported by those firmwares. For instance there are enough Thomson / Technicolor TG784n ISP provided routers to create a second moon and the effort to break their security and create a usual firmware is so much that nobody did it. It’s just easier to pay 30€ for a cheap router/switch and move on.

    • TCB13@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      People who downvote, care to explain? You clearly never tried to access the Internet / install modern software on a Windows XP computer :)

      • Wander@yiffit.net
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        Am curious. Are you able to run a modern windows 10 virtual machine / virtualbox vm on XP?

        • TCB13@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          edit-2
          1 year ago

          I just talking about that: https://lemmy.world/comment/4731273

          It doesn’t appear to be possible. The Vmware version that supports the latest Windows 10/11 won’t support a host system older than Windows 8. The same applies to VirtualBox.

          The usual issue with that is that the modern OS requires drivers for the virtual devices and if you get a modern version of Vmware it won’t run on Windows XP (https://kb.vmware.com/s/article/90060) if you get an older version of Vmware that does run on XP it won’t have / be compatible with the drivers required for Windows 11 to work.

    • Wander ΘΔ :verified_paw:@packmates.orgOP
      link
      fedilink
      arrow-up
      2
      arrow-down
      2
      ·
      1 year ago

      @TCB13 I’m not an expert in the matter but I wonder how large the attack surface actually is for a web service that has a single port exposed via a tunnel which can even contribute to doing some security filtering.

      The application / server component can actually be updated since it’s just an APK. And someone else in this thread actually linked to whole linux distros that can be installed and run without root. In theory even if the underlying OS is insecure, more secure OSes can be installed on top, or risk can be severely limited by only exposing a single port.

      Basically, while flashing a new ROM would be ideal, I think there’s likely a way in which a sandboxed and possibly even updated environment with updated TLS cyphers, CA stores, etc… can be run in a secure manner on top of a stock Android ROM.

      Furthermore, developers packaging their apps into APKs could run security checks and by the time it says “your OS is insecure” you’re already on your third phone and can host stuff on your second. I mean… Android phones are in their prime for two/three years at most in my experience :P

      • TCB13@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        1 year ago

        The application / server component can actually be updated since it’s just an APK. And someone else in this thread actually linked to whole linux distros that can be installed and run without root. In theory even if the underlying OS is insecure, more secure OSes can be installed on top, or risk can be severely limited by only exposing a single port.

        When you install another one “on top” you’re essentially speaking about a very thin layer above the base OS. In most cases that’s simply a container that uses the base OS kernel. This is what happens today and it works for a while but it comes a point (way less than 10 years) when you won’t be able to have a modern top layer OS sitting on such older base OS because the kernel is way too old to support the requirements of the new OS.

        Even if go through the trouble of virtualization in order to have the top layer running a modern kernel it will most likely fail. It would require a LOT more effort coding the support for the old hardware and a ton of other virtualization pains to just end with a very slow system. We’ve examples of this: it is next to impossible to virtualize Windows 11 in a Pentium 4 that runs Windows XP, for instance a versions of Vmware that supports Windows 11 won’t support a host system older than Windows 8. The same applies to VirtualBox.

        Basically, while flashing a new ROM would be ideal,

        Yes it would but for that you would have to completely break the phone’s boot security and that isn’t feasible in all cases. Most phones doesn’t allow you to unlock the bootloader thus you can’t install another ROM/OS. Even on those you can some will only accept software that was signed by the manufacturer so unless there’s a leak of the key they use or it gets bruteforced in some way you won’t be able to do it.

        Take older routers as examples, those don’t even protect the firmware, nothing is signed, and yet the time and effort (weeks/months) required to make a simple open firmware to turn a SINGLE model into a dumb switches / routers that it isn’t worth it - after all you can get a < 30€ device today that is faster and more power efficient than those old units.

        With phones things are considerable worse as modern day devices are way more locked down than those router ever were. There’s also way more fragmentation (hundreds of phone models all running very specific hardware and software hacks). It’s very likely that in 10 years you’ll be able to buy some ARM / RISC board, such as a raspberry pi, that is open, run a modern OS out of the box and most likely cost you 30€.

  • PieMePlenty@lemmy.world
    link
    fedilink
    English
    arrow-up
    13
    arrow-down
    2
    ·
    1 year ago

    Android? No. It’s not made for it. You are using a hammer to paint a wall.

    Phones? With a different Linux based distro? I can see it happening. For a small niche at least.

  • MonkCanatella@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    9
    ·
    1 year ago

    Pretty cool concept actually. upcycling old tech does seem to be a selfhosting hobby. I see a lot of criticism that I think doesn’t really see the value proposition. You should be able to root the device and install a new OS. I wonder how limited the bandwidth would be though, and whether it’d be worth the cost to get adapters, if they exist, to allow more throughput. I do like the concept though.

  • CarbonatedPastaSauce@lemmy.world
    link
    fedilink
    English
    arrow-up
    8
    ·
    1 year ago

    The future? No. A useful niche? Sure.

    I run 4 mail servers, 2 game servers, 3 directory/auth servers, a firewall/router, a NAS, a security system server, a media server, a monitoring server, and a couple others. Android ain’t gonna cut it.

  • Eskuero@lemmy.fromshado.ws
    link
    fedilink
    English
    arrow-up
    7
    ·
    1 year ago

    It has an UPS builtin 😇

    Jokes aside I used to run a few python bots inside termux on my very old S3 Mini a few years ago. It did the job at least.

  • simple@lemm.ee
    link
    fedilink
    English
    arrow-up
    7
    ·
    1 year ago

    I’ve already heard of people using Termux to host services on their old phones. Seems to work well.

    • TCB13@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      4
      ·
      edit-2
      1 year ago

      Think about it, those phones might work right now but in 10 years their Android versions will not support anything, they wont even have root certificate updates breaking SSL, the kernel will be missing support for whatever people need and whatnot. Maybe the phones won’t even boot because some key will expire somewhere… let alone security vulnerabilities.

      • beirdobaggins@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Most people get a new phone every 2-3 years. If people use their 2 most recent phones as simple servers, then these are not 10 year old devices.

        • TCB13@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Just look at the past, software and hardware as way simpler and way less locked down and it doesn’t work out. Just try to use a Windows XP to access the Internet and/or install modern software.

        • bustrpoindextr@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          All you have to do is look at the present… Android phones don’t have super long software support. Best you’re looking at is maybe 5 years. So, the user saying 10 years is well past that mark.