Hacker News new | past | comments | ask | show | jobs | submit login
Yunohost: A server OS aiming to make self-hosting accessible to everyone (yunohost.org)
66 points by indigodaddy on Sept 16, 2018 | hide | past | favorite | 18 comments



https://yunohost.org/#/security

That is why I no host.

Unless the system is kept up to date automatically it's going to be vulnerable to something.

All the web applications also seem to be exposed to the Internet directly which makes things even more dangerous. They all seem to be running PHP, presumably under the same user, so it probably takes only one security hole to compromise the whole thing.


Yeah, having to keep a bunch of third party applications up-to-date seems at odds with "install a bunch of applications with no work". Sandstorm.io seems like the right way to go here, I wish it would gain more traction.


A system like this, at least the parts that are not public needs to be put behind an authenticating proxy, in the style of Google's BeyondCorp system. That way, there's a very hardened authentication gateway that all the other various implementations can sit behind. The auth implementations of the individual components doesn't multiply your exposure. With CORS implemented, it could be pretty decent out of the box ....


Actually even if the system is kept up to date it's going to be vulnerable to something. That's the fun thing about it.


You can't get in without the key.


Yes, they have been around for quite a while already, although I don't know if they have since updates their tech stack. Back when I played with it apps were formed from a bunch of bash scripts that simply automate install and uogrades. One nice thing though was the self made SSO module for nginx, so everything supporting http basic authentication could easily be integrated.

Nowadays I am running Cloudron for these use cases. Here the big plus in apps is that each app runs on docker and has to use the Cloudron docker vase image (with very few paths having write access), through that apps and the server can easily backed up and restored in exactly the same state (user, data, apps installed).


I looked at Cloudron after comment. It is well done. Cloudron seems to have a monthly charge on top of what you might pay for your cloud hosting provider. Is my understanding correct?


There is a free version where you can only install two apps and have five users:

https://cloudron.io/pricing.html

But it's open source, so if you can life without the automatic updates and the app store (install apps and updates manually through their cli utility) you can still install more apps.


Can you actually install and update more than two apps via CLI with the free plan??


The top of their page: "YunoHost is a server operating system [...]"

Their source repo at https://github.com/YunoHost/yunohost shows that it's a couple scripts bundled into a Debian installer. Their news feed even talks about which Debian version is supported: https://mastodon.social/@yunohost/100220968128029115

I don't trust a software provider that is either lying on their front page, or isn't competent enough to understand what their product is.


That is a server operating system. I suppose it would be more precise to call it a respin or something, but it would also be more verbose and harder for the general public to grok.


In this case Debian provides the operating system, and YunoHost is an administrative tool similar to cPanel or Plesk.


> I'd just like to interject for a moment. What you're referring to as Debian, is in fact, GNU/Debian, or as I've recently taken to calling it, GNU plus Debian. Debian is not an operating system unto itself, but rather another free component of a fully functioning GNU system made useful by the GNU corelibs, shell utilities and vital system components comprising a full OS as defined by POSIX.


What qualifies something as a unique operating system? Debian is just a bunch of userspace apps too.


An operating system provides the lowest stable level of a userspace API to the underlying hardware capabilities. This might be a bare kernel, or a kernel plus bundled runtime libraries. Debian is a versioned and tested copy of GNU/Linux, which is an operating system consisting of the Linux kernel and the GNU libc.

Linux can be also be an OS on its own, because its kernel<->userspace API is stable. This is not true of all kernels, for example macOS does not guarantee stability below libSystem.

Some people extend "operating system" up into userland tools that are bundled by the vendor or specified by a standard like POSIX, for example `ls` or `initd`. I think this is stretching the meaning a bit, because to the kernel there's no difference between `ls` and (for example) Firefox.


Dumb meme for the name. Dumb memes all over the site. No information about who created it. Major contributors who work on altcoins. Mastodon and Diaspora for social media accounts.

Yeaaaaa, no.


> Mastodon and Diaspora for social media accounts.

Of all the things to criticize, this seems like something to praise.


Indeed. Those are the only usable ones if you insist on self-hosting anyway!




Applications are open for YC Summer 2021

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: