Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
scubbo 4 days ago

> exposing our services to the public internet

You yourself have hand-waved away an important part - security. It's not (just) about the friction of signup (though, I'll get to that later) - it's the fact that you'd be utterly insane, as an individual developer without a full-time security team, to expose a self-hosted application to the Internet.

And sure, you can give them a login to your VPN, but that doesn't negate the next part...

> and forcing our friends to signup for our weird app > in the standards, OIDC overcomes this

It's not the signup that's the hurdle. It's the fragmentation. Sure, if you implement OIDC, your friends can sign up to your photo app. And they can sign up to Sam's, and Joe's, and the app of the cute bakery on the street, and a couple others. What then? The whole value of a network is that the components are interconnected and can intercommunicate. If I have to upload my photos seventeen times to seventeen different partitioned applications for my various social groups to see them, I'm just as likely to not bother.

Fediverse-like ideas go some way towards addressing that, but they don't seem to be in any state of usability for anyone non-technical (I say that as someone who was using Mastodon as my only social media for the last couple of years)

pdonis 4 days ago | parent | next [-]

> you'd be utterly insane, as an individual developer without a full-time security team, to expose a self-hosted application to the Internet.

You don't have to. The article mentions Tailscale--the whole point of which is to not have any Internet-facing app exposed. Everything is done peer to peer between clients that are behind firewalls. There's nothing listening on an Internet exposed socket for random connections to come in.

scubbo 2 days ago | parent [-]

Read on in my comment for the more important point about fragmentation. Average non-technical users won't - and shouldn't have to - accept having to switch between different Tailnets to access different instances of similar apps hosted by different people. Heck, most average users would bounce off of the idea of having to install and use Tailscale in the first place.

(I use Tailscale myself for accessing my own private applications while on the go - but I don't believe it's a practical solution for generic widespread access)

dzikimarian 4 days ago | parent | prev [-]

Apparently I'm utterly insane for years with no consequences.

SaaS/cloud providers propagate this FUD 24/7 and then Okta, which should be pinnacle of security gets hacked and has issues with disclosure.

Relax. Most companies has security team incapable of operating beyond checklist.

scubbo 2 days ago | parent | next [-]

> [it's fine to expose your services to the Internet, there will be] no consequences.

> and then Okta, which should be pinnacle of security gets hacked and has issues with disclosure.

Pick one. If even the "big boys" can't protect themselves, why do you believe you can?

dzikimarian 11 hours ago | parent [-]

I think both cases pose similar risk from security standpoint. I'm not perfect, they aren't either. There's a lot of nuance about attack surface, available tech/resources, effort of average employee vs mine etc. But all in all let's call it roughly equal.

I just prefer to host by myself and I think it's perfectly reasonable alternative. Far from "utterly insane".

2 days ago | parent | prev [-]
[deleted]