• anteaters@feddit.de
    link
    fedilink
    English
    arrow-up
    14
    ·
    1 year ago

    Why use Cosmos?

    If you have your own self-hosted data, such as a Plex server, or may be your own photo server, you expose your data to being hacked, or your server to being highjacked (even on your local network!).

    It is becoming an important threat to you. Managing servers, applications and data is very complex, and the problem is that you cannot do it on your own: how do you know that the server application where you store your family photos has a secure code? it was never audited.

    Even a major application such as Plex has been hacked in the past, and the data of its users has been exposed. In fact, the recent LastPass leak happened because a LastPass employee had a Plex server that wasn’t updated to the last version and was missing an important security patch!

    That is the issue Cosmos Server is trying to solve: by providing a secure and robust way to run your self-hosted applications, you can be sure that your data is safe and that you can access it without having to worry about your security.

    Yeah, no, thanks. That sounds 100% like some snake oil salesman trying to sell me nord vpn or some trash because HaCkeRs.

    • warmaster@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      You know your way around, I’m sure of it. But I don’t, and I don’t have the time.

      I want to self-host but don’t have the time to do it by manually by myself, I really appreciate the container automation it provides. I tried before doing it by using Docker Desktop, Podman Desktop, CasaOS, and failed miserably with all of them, or in the case of CasaOS it just didn’t automate enough. Cosmos targets oblivious users like me and it’s not wrong, it’s just different.

      • anteaters@feddit.de
        link
        fedilink
        English
        arrow-up
        8
        ·
        1 year ago

        Then let me tell you this: Cosmos does not solve any of the risks they paint in their vision. You are lulled into a false sense of “security” after they frightened you.

          • anteaters@feddit.de
            link
            fedilink
            English
            arrow-up
            10
            ·
            edit-2
            1 year ago

            It is becoming an important threat to you. Managing servers, applications and data is very complex, and the problem is that you cannot do it on your own: how do you know that the server application where you store your family photos has a secure code? it was never audited.

            How do they fix this? Do they audit and approve all source code? Do they submit security patches to the apps they have in their repo?

            In fact, the recent LastPass leak happened because a LastPass employee had a Plex server that wasn’t updated to the last version and was missing an important security patch!

            How do they fix this? Auto updates? Those are going to bite you in the ass extremely hard at some point.

            Things like this are completely untrue:

            Additionally, because every new self-hosted applications re-implement crucial systems such as authentication from scratch everytime, the large majority of them are very succeptible to being hacked without too much trouble. This is very bad because not only Docker containers are not isolated, but they also run as root by default, which means it can easily be used to offer access to your entire server or even infrastructure.

            Most tools currently used to self-host not specifically designed to be secure for your scenario. Entreprise tools such as Traefik, NGinx, etc… Are designed for different use-cases that assume that the code you are running behind them is trustworthy. But who knows what server apps you might be running? On top of that, a lot of reverse-proxies and security tools lock important security features behind 3 to 4 figures business subscriptions that are not realistic for selfhosting.

            Scaremongering and lies.

            • RandomLegend [He/Him]@lemmy.dbzer0.com
              link
              fedilink
              English
              arrow-up
              5
              ·
              1 year ago

              The more important question here is: What are you fighting against here? Like you say that you feel like some snakeoil salesman trying to convince you of something.

              But it’s FOSS. You can just install it and you’re good to go. You don’t have to buy any license to get the super duper security features they promise or something.

              It’s a webui for a homeserver that makes it easier to install docker containers and provides you with some pre-configured security measures and that’s it.

              As others said, this is clearly made for people who don’t want to dig into the whole selfhosting thing too deep but want to have their own data and privacy. And that project accomplishes excatly that.

              The “features” they promote are the same “features” everyone has who takes their selfhosted environment serious but automate it. This does things the way the majority of this community does it and gives the power of self host to non-tech-savvy ppl.

              Stop being so hateful just because you find their way of promoting their features to be “snakeoilsalesman-y”

              • anteaters@feddit.de
                link
                fedilink
                English
                arrow-up
                7
                ·
                edit-2
                1 year ago

                wow you are getting in quite a nonsensical defensive mood here. I gave my opinion on it and warmaster asked for clarification. If you want to use it go ahead I just pointed out the red flags. If you think it is hateful that people read the readme of your favorite project you really need to grow up. A readme is not the place for absurd ‘promotion’ like it’s a product sold on TV.

                Also it’s not FOSS but a selfmade variation on Apache 2. Check the reddit link, even the author claims it is not FOSS.

              • geophysicist@discuss.tchncs.de
                link
                fedilink
                English
                arrow-up
                3
                ·
                1 year ago

                Strongly agree. These guys are just so typical in the Linux community. Embarrassing themselves ranting against a project designed to lower the barrier for entry. “If you can’t code your own kernel why are you even trying to set up a Plex server” vibes

  • deepdive@lemmy.world
    link
    fedilink
    English
    arrow-up
    10
    ·
    edit-2
    1 year ago

    I tried it 3 months ago. It looked nice had some cool features, but It didn’t fit into my personal selfhosted Home server.

    This is more or like to help less-tech savy people to secure their infrastructure, which is a good point, but can’t replace a complex wireguard, VPN, opnsense, 2FA , self-signed CA, docker installation.

    It’s a bit like Nginx proxy manager, it’s good enough, does what it is suposed to do with minimal user inputs. Less prone to error, security issues…

    • warmaster@lemmy.world
      link
      fedilink
      English
      arrow-up
      9
      ·
      1 year ago

      Exactly! I am that kind of user. It fits my needs perfectly, where CasaOS falls very short.

      • skybox@lemm.ee
        link
        fedilink
        English
        arrow-up
        1
        ·
        6 months ago

        After getting burnt on the unRAID license change and the restriction on security updates, I figured there had to be a simple os that I can essentially set, forget, and easily update when I need, which also uses SnapRAID. I might just try this out.

    • Moneo@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      There must be a term for middle-ground people like me. I’ve used computers my whole life, as a kid I portfowarded to host WC3 servers, as a teenager I self-hosted minecraft servers both on my pc and rented linux servers. I’m a software developer and I’ve dabbled in dozens of technologies and have a decent understanding of so many computer/IT related things that most people don’t even know exists.

      I’m trying to say I think I’m a tech wizard but putting me in the “less tech savvy” bucket with my mom feels weird. Self hosting was a nightmare to get setup. There’s just too much shit to learn and when all you want is a Sonarr/radarr/jellyfin setup you’re just figure out the important details and get the damn thing working before you forget it all.

      I like having all the customization available to me but I only want to learn details that are relevant to what I’m trying to do. It’s like game developers using Unity instead of writing their own physics engine. Yeah sure I could study real hard and painstakingly implement my own engine but it’s going to take fucking forever and there will be ever-present hidden issues plaguing me as I make the part of the game I actually care about.

      • DrOmNom@lemmy.ml
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        There must be a term for middle-ground people like me.

        Power user!

        https://en.m.wikipedia.org/wiki/Power_user

        A power user is a user of computers, software and other electronic devices, who uses advanced features of computer hardware,[1][2][3] operating systems,[4] programs, or websites[5] which are not used by the average user. A power user might not have extensive technical knowledge of the systems they use[6] but is rather characterized by competence or desire to make the most intensive use of computer programs or systems.

  • density@kbin.social
    link
    fedilink
    arrow-up
    5
    ·
    1 year ago

    I’ve been slowly dipping my toes into self hosting.

    What are the risks or disadvantages of using something like this? My plan has been to run debian with whatever services. Reading about this, it seems very complex and that makes me worried that it is more to go wrong.

    On the other hand, it’ll be 10 years til I learn how to do all this myself.

    So is it a good idea or not?

    • MangoPenguin@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      The main disadvantage is it will be very hard to debug and fix when something breaks.

      You don’t need 90% of this stuff for starting some services if you wanted to do it from scratch, just learn how to use docker compose and a reverse proxy and you’ll be all set. You can always add more on later.

      • Moneo@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        The main disadvantage is it will be very hard to debug and fix when something breaks

        This has been my experience self-hosting the normal way though lol. Yeah I’ve learned a bit but it’s not really an area of expertise I’m super keen on expanding. Getting my self-hosted server up was a bloody nightmare. Sharing drives, hardware pass-through with proxmox, containers, samba, mounting drives. There’s an endless list of services and configurations that I fucked around with until I got it working, never 100% sure which changes were actually necessary. If an issue comes up I have to relearn the 90% I’ve forgotten and try and remember wtf I did to get it working in the first place.

        All of this is the experience of someone who is more computer literate than 90%+ of the population.

        Even learning docker-compose is a task in itself because you need to become accustomed to linux text editors and the linux file structure (which btw is still a complete fucking black box to me).

        The need for an app like Cosmos is obvious. There are a million ways to fuck up your home server trying to do it yourself and most of the time you’re just following tutorials made by other people. Why not just have an app that follows those tutorials for you and guarantees it’s done correct and securely?

        • density@kbin.social
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          omg I literally had to check if I had written this. We are almost the same.

          Main difference is that I have a working understanding about linux file structure and am comfortable with text files, but I have only on a couple of occasions even attempted anything with docker. it makes me tired to think about.

          Other than that I so feel you on changing things, not knowing what actually fixed the problem. And then having to re-learn everything from scratch on another occasion. I also feel there is a limit to how much I want to learn. I have no aspirations to do this for a living or to become extremely proficient. I have spent the past couple of weekends struggling with drives and shares and permissions etc. It should be simple but it’s hard and takes such a long time.

          On your advice because it sounds like you are in a similar situation I will try it.

          • Moneo@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            FYI I haven’t used cosmos. This post was the first I’ve heard of it, but I’ll likely try to migrate to it at some point.

            • density@kbin.social
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              haha good to know. :)

              I was not able to complete the set up. :( I am not given up on it yet though.

  • FeminalPanda@lemmings.world
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    I’ll have to try it out, I like the monitoring as for my use I didn’t need grafana, and the auto update option so I can remove watchtower. I use npm and portaner so this would take care of them as well.

  • Samsy@lemmy.ml
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    CasaOS user here. This looks amazing, but let’s test before I kick my home.

  • Osiris@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    I really like the idea of cosmos. My first go with it resulted in the app crashing every 10 seconds after I installed Jellyfin. Ill have to give it another go

  • notfromhere
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    And here I am running a bare metal k3s cluster fully managed by custom ansible playbooks with my templatized custom manifests. I definitely learned a lot going that way. This project looks like it has just about everything covered except high availability or redundancy, but maybe I missed it in the readme. Good work but definitely not for me.

  • Briongloid@aussie.zoneOP
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    1 year ago

    [🆕 Cosmos 0.12 - HUGE update! All in one secure Reverse-proxy, container manager with app store, integrated VPN, and authentication provider, now has a Full Monitoring suite with alerts and notifications (including presets for anti crypto miner hacks!) 📈📊 ~reddit

  • dan@upvote.au
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    This looks pretty good! Interesting project. Thanks for the link.