Comment by kornhole
3 years ago
It is a 'when' not 'if' since it is becoming easier and easier to self-host, and more people are realizing the benefits. I did it this year and convinced many others to do the same or use mine.
Hackers go after value targets which are companies or organizations holding a lot of valuable data. My little home server with social media, XMPP, Home Assistant and Nextcloud for pictures and such is not something they can do anything with. Good enough security is built into most self-hosting platforms.
Hackers go after two kinds of targets: centralized high-value targets and distributed targets with common failure modes, via scripting. There's definitely risk in centralization, but there's risk in distribution as well: known exploits take forever to patch out of the distributed ecosystem. There's a reason Microsoft became so aggressive about patching Windows: without the aggression, people didn't put the effort in and internet-connected desktops became weaponized.
I predict a correlation between small self-hosting projects and more entries on shodan.io. Your small home server is probably secure enough... Probably. But you're the sort of person that posts on a site called "hacker news..." How much should we trust the average soul to do the bare minimum to not get owned? Do we imagine they're checking in regularly on https://www.cvedetails.com/vulnerability-list/vendor_id-1723... ?
Keeping things patched to latest was difficult in the past, but it is much easier these days. Unattended upgrades run every day on my server, and I get an email from my server that tells me any issues and if packages or applications have updates available. I open the web UI on my phone and make a couple clicks to update them all. The community at Yunohost is one of a few maintainers who have really simplified things.