
YunoHost: Aiming to make hosting accessible - kload
https://yunohost.org/
======
oliwarner
What I'm about to say applies just as much to appliances but making people
think they can do everything with one-click breeds a load of ignorant and lazy
"sysadmins" with very capable, very connected and extremely exploitable Linux
servers sitting exposed (by design) on home networks.

The commoditisation of VPS (and cloud) servers brings exactly the same
problem. Updates aren't automatic by default and so many VPS holders are devs
sitting in Windows without a clue about anything past the `sudo apt-get
install lamp-server^` they read on a forum. Months pass without updates and
before you know it, there's a remote update a script can catch.

Webapp updating is another thing altogether. Relatively few are well packaged
and even fewer have nice automatic update migrations. So they go stale and get
exploited.

The [immediate] future of internet security looks pretty dismal.

~~~
userbinator
I think there's a need for a small, self-contained system that is just so
simple that it should be inherently secure and thus never need updating; HTTP
and many of the related protocols are over a decade old, if not more. They
should be so well-understood enough by now that a simple, correct
implementation is possible. Maybe it will not have the latest features, but
that's not the goal here - reliability and simplicity is.

Being able to host a personal site comprising a few static pages, which is
something that would fit well with the goals of this project, shouldn't
require all that much in the way of software; maybe even a full Linux kernel
is overkill.

~~~
amirmc
I definitely think you'd find the unikernel approach interesting and should
take a look [1]. I've got a version of my website deployed this way too [2].

[1]
[http://queue.acm.org/detail.cfm?id=2566628](http://queue.acm.org/detail.cfm?id=2566628)

[2] [http://amirchaudhry.com/from-jekyll-to-unikernel-in-fifty-
li...](http://amirchaudhry.com/from-jekyll-to-unikernel-in-fifty-lines/)

~~~
lbotos
I've wanted to play around with this. Thanks for the great write up. Anyone
know of a hosting provider/layer focusing on this workflow?

~~~
amirmc
Deploying to EC2 is an option [1]. In general, we want to make it easy for
people to deploy to the public cloud and will release tools to aid this.

[1] [http://www.somerandomidiot.com/blog/2014/04/23/verb-your-
own...](http://www.somerandomidiot.com/blog/2014/04/23/verb-your-own-noun/)

~~~
lbotos
I guess what I meant was there any "heroku" like platforms that offer mirage.
I've been kicking the idea around for a while (I think unikernel is the future
of PaaS/SaaS/Cloud) and wondering what the field looks like. :)

~~~
amirmc
Yup, I did understand what you meant but I stopped short of saying 'Heroku for
Unikernels' (even though this how I think of it). I didn't want to give you a
false impression of the first steps, which will be FOSS tools for anyone to
deploy to the cloud. Ultimately, we may be able to run something as a service
with much more fine-grained billing than current providers.

------
amirmc
I applaud efforts to make self-hosting easier and more accessible for people
but I think using the existing toolstacks for this is fundamentally flawed
(security, deployment/maintenance, provenance, etc). FWIW, I'm working with
others on new tools for building resilient, distributed systems, which you can
read about at [http://nymote.org](http://nymote.org). There's more technical
info at [http://openmirage.org](http://openmirage.org).

~~~
fredsted
OpenMirage and YunoHost looks to me like they serve two completely different
audiences/purposes.

If an average user (non full-time server admin) wants to set up a server that
has common apps like Wordpress, Roundcube and Transmission, YunoHost seems
like the OS for the job.

How would a user like that go about this with OpenMirage? Is there a similar
web interface for setting up mail, web and torrents (for example)? There's a
lot of technical documentation, but how would they actually set up these
services?

After reading the overview link, I'd wager that most users still don't really
know why it's better than YunoHost, or even what OpenMirage actually is.

~~~
chubot
I think the point is that any system which is meant for people to self-host
AND which is based on a Linux distro (Debian, Red Hat, etc. -- YunoHost is
based on Debian) is broken by design.

Running "sudo apt-get update" and "sudo apt-get upgrade" in a cron job is not
a security solution.

Operating systems have to be designed so that a security hole in a single
application can't compromise the entire system. If not, I would argue they are
unsuitable for the average user to "self host". Modern Linux distros don't
meet this criteria.

OpenMirage is solving some of the same problems as YunoHost, just on a longer
time scale and with real solutions rather than hacks piled on top of hacks
(I'm not affiliated with the project). apt-get is a big hack and not suitable
for distributed computing.

------
oDot
Reminds me of arkOS:

[https://arkos.io/](https://arkos.io/)

[https://news.ycombinator.com/item?id=6699567](https://news.ycombinator.com/item?id=6699567)

[https://news.ycombinator.com/item?id=6316888](https://news.ycombinator.com/item?id=6316888)

[https://news.ycombinator.com/item?id=5838873](https://news.ycombinator.com/item?id=5838873)

------
logn
Eben Moglen gave a great speech on what we're giving up by using centralized
services. His call to action was to basically build what YunoHost now is. This
video of the speech is an hour long but a good one:
[https://www.youtube.com/watch?v=QOEMv0S8AcA](https://www.youtube.com/watch?v=QOEMv0S8AcA)

~~~
gdewilde
Thanks, that was intersting.

------
lukasLansky
There is a common sentiment that web is being centralized nowadays and this is
a threat to its formerly open nature. It's not hard to complain about it as
it's probably true, but the problem is, unfortunately, not in awareness. Lot
of simple tools are missing, so: huge kudos to this effort! It's a hard thing
to do.

------
hippich
People interested in that, might also find this interesting -
[https://github.com/al3x/sovereign](https://github.com/al3x/sovereign)

------
asiekierka
It seems to hook itself into the Back arrow and doesn't let me go back without
right-clicking on Firefox.

That's not nice.

~~~
nfoz
I consider it a flaw in the web-browser to allow those keys to be overridden.

------
vomitcuddle
With more personal storage/NAS oriented features, a more desktop-like
interface with file management features and this could become a nice open-
source competitor to the likes of Synology. If this ever becomes a direction
you'd like to take with this project, I'd love to contribute. My email address
is aniki [at] pantswrestling [dot] com. My relevant skills/experience include:
ZFS/btrfs/ext[2-4], Linux/*BSD hacking of all sorts, Python/Ruby/Node/etc.

------
currysausage
Is this:
[https://yunohost.org/images/home_panel.jpg](https://yunohost.org/images/home_panel.jpg)
part of the actual UI? If so, I would suggest adding a line of info on what
each of these apps does. Most users will probably know what Wordpress and
Owncloud do; beyond that, most of the names are not exactly self-explanatory.

~~~
smoyer
Round cube looks just like Zimbra and is clearly an e-mail client ... I agree
with the rest of your comment completely. There is a description ofmeach on
the "apps" page but when I tried to get to Roundcube's documentation I found
that the page hadn't been written yet.

------
69_years_and
This looks cool - I just tried an install on a Ubuntu server - but it seems
Debian really is needed, I guess that's why they said that :) - So going to
spin up a Debian vps and try again.

------
jonathanwallace
Ha, I assume the name is a play on "Y U NO HOST". Well done.

------
jqm
Breaking the back button should be punishable by a day in the stockades with
the entire village throwing rotten tomatoes at you.

Maybe someone else finds it cute. I didn't.

------
Jack5500
1\. The demo user has changed its password as it seems atm. 2\. I installed it
and it's really nice, but why can't i add other dynamic dns services? Why do I
even have to have a domain for that and can't just use my digital ocean ip?

------
known
[http://ubuntu-snippets.blogspot.com/2008/06/tasksel-
install-...](http://ubuntu-snippets.blogspot.com/2008/06/tasksel-install-all-
related-packages-in.html)

------
0x006A
It lists services (i.e. postfix) but I can not see any way to configure them.
Services like postfix, slapd don't just work, they need to be configured
first.

------
mthoms
Isn't self-hosting forbidden by the terms of use in most consumer level
internet packages these days?

~~~
webmaven
Most but not all, and that won't change without consumer pressure in that
direction. Projects like this, if they become popular, can help create that
pressure.

------
mnx
The documentation links in the app list are mostly dead.

~~~
beudbeud
i fix it :)

~~~
99tester22
I wasn't able to install openvpn, error: argument @args: expected one argument

------
bradleysmith
noticed the "Datalove <3" at the bottom.

I'm familiar with this through Telecomix, but nowhere else, really. Seems to
fit the bill of a Telecomix op.

------
0x006A
Looks like the demo is down.

------
general_failure
Site down?

------
mihai_ionic
Y U break my back button? Seriously hate sites that do that.

------
acc00
I was confused for a moment, since where I come from, "self-hosting" means
something different.

[http://en.wikipedia.org/wiki/Self-hosting](http://en.wikipedia.org/wiki/Self-
hosting)

~~~
dang
We've taken "self-" out of the title, since it's ambiguous, as you point out,
and doesn't seem necessary here.

We also took "is an operating system" out of the title for similar reasons.

------
dethstar
Nice job, at breaking browser features such as the back button.

~~~
dang
Please don't be rude on Hacker News.

This comment would be better if instead of "Nice job at breaking", it simply
said "This breaks".

