(kiranet.org)

221 points finnlab | 1 comments | 01 Apr 25 10:11 UTC | HN request time: 0s | source

Show context

aborsy ◴[01 Apr 25 12:06 UTC] No.43545751[source]▶

I can self host many applications, but their security must be outsourced to a company. I don’t have time to keep on top of vulnerabilities.

Cloudflare Tunnels is a step in the right direction, but it’s not end to end encrypted.

The question is then, how to secure self hosted apps with minimal configuration, in a way that is almost bulletproof?

replies(2): >>43545854 #>>43546213 #

Aachen ◴[01 Apr 25 12:18 UTC] No.43545854[source]▶

>>43545751 #

> security must be outsourced to a company. I don’t have time to keep on top of vulnerabilities.

If the software you host constantly has vulnerabilities and something like apt install unattended-upgrades doesn't resolve them, maybe the software simply isn't fit for hosting no matter what team you put on it. That hired team might as well just spend some time making it secure rather than "keeping on top of vulnerabilities"

replies(2): >>43546306 #>>43547318 #

1. aborsy ◴[01 Apr 25 13:02 UTC] No.43546306[source]▶

>>43545854 #

The concern is zero days. There are probably lots of easy zero days, patched across a host of software, once discovered in one.

The solution is a secure software in front. It could be Wireguard, but sometimes you don’t know your users or they don’t want to install anything.

↑

Self-Hosting like it's 2025