It's no secret that a small handful of enormous companies dominate the internet as we know it. But the internet didn't always have services with a billion users and quasi-monopolistic control over search or shopping. It was once a loose collection of individuals, research labs, and small companies, each making their own home on the burgeoning world wide web.

That world hasn't entirely died out, however. Through a growing movement of dedicated hobbyists known as self-hosters, the dream of a decentralized internet lives on at a time when surveillance, censorship, and increasing scrutiny of Big Tech has created widespread mistrust in large internet platforms.

Self-hosting is a practice that pretty much describes itself: running your own internet services, typically on hardware you own and have at home. This contrasts with relying on products from large tech companies, which the user has no direct involvement in. A self-hoster controls it all, from the hardware used to the configuration of the software.

My first real-world reason for learning WordPress and self-hosting was the startup of a podcast, KmisterK, a moderator of Reddit's r/selfhosted community, told Motherboard. I quickly learned the limitations of fake unlimited accounts that were being advertised on most shared hosting plans. That research led to more realistic expectations for hosting content that I had more control over, and it just bloomed from there.

Edward, co-creator of an extensive list of self-hosted software, similarly became interested in self-hosting as a way to escape less-than-ideal circumstances. I was initially drawn to self-hosting by a slow internet connection and a desire to share media and information with those I lived with," he told Motherboard. I enjoyed the independence self-hosting provided and the fact that you owned and had control over your own data.

Once you're wrapped up in it, it's hard to deny the allure of the DIY self-hosted internet. My own self-hosting experiences include having a home server for recording TV and storing media for myself and my roommates, and more recently, leaving Dropbox for a self-hosted, free and open source alternative called Syncthing. While Ive been happy with Dropbox for many years, I was paying for more than I needed and ran into issues with syncing speed. With a new Raspberry Pi as a central server, I had more control over what synced to different devices, no worries about any storage caps, and of course, faster transfer speeds. All of this is running on my home network: nothing has to be stored on cloud servers run by someone else in who-knows-where.

My experience with Syncthing quickly sent me down the self-hosting rabbit hole. I looked at what else I could host myself, and found simply everything: photo collections (like Google Photos); recipe managers; chat services that you can connect with the popular tools like Discord; read-it-later services for bookmarking; RSS readers; budgeting tools; and so much more. There's also the whole world of alternative social media services, like Mastodon and PixelFed, to replace Twitter, Facebook, and Instagram, which can be self-hosted as a private network or used to join others around the world.

Self-hosting is something I've found fun to learn about and tinker with, even if it is just for myself. Others, like KmisterK, find new opportunities as well. Eventually, a career path started with it, and from there, being in the community professionally kept me personally interested as a hobby. Edward also found a connection with his career in IT infrastructure, but still continues self-hosting. It is nice to be able to play around in a low risk/impact environment, he said.

But beyond enjoyment, self-hosters share important principles that drive the desire to self-hostnamely, a distrust of large tech companies, which are known to scoop up all the data they can get their hands on and use it in the name of profit.

Despite new privacy laws like Europe's General Data Protection Regulation (GDPR) and the California Consumer Protection Act (CCPA), the vast majority of Americans still don't trust Big Tech with their privacy. And in recent years, the countless privacy scandals like Cambridge Analytica have driven some tech-savvy folks to take matters into their own hands.

I think that people are becoming more privacy conscious and while neither these laws, nor self-hosting can currently easily resolve these concerns, I think that they can at least alleviate them, said Edward.

Some self-hosters see the rising interest in decentralized internet tools as a direct result of Silicon Valley excess. The growth of self-hosting does not surprise me, nodiscc, a co-creator and maintainer of the self-hosted tech list, told Motherboard. People and companies have started realizing the importance of keeping some control over their data and tools, and I think the days of 'everything SaaS [Software as a Service]' are past.

Another strong motivator comes from large companies simply abandoning popular tools, along with their users. After all, even if you're a paying customer, tech companies offer access to services at their whim. Google, for example, is now infamous for shutting down even seemingly popular products like Reader, leaving users with no say in the matter.

KmisterK succinctly summarized the main reasons people have for self-hosting: curiosity and wanting to learn; privacy concerns; looking for cheaper alternatives; and the betrayed, people who come from platforms like Dropbox or Google Photos or Photobucket or similar, after major outages, major policy changes, sunsetting of services, or other dramatic changes to the platform that they disagree with. This last one is probably the majority gateway to self-hosting, based on recent traffic to r/selfhosted, he says. Look no further than their recent Google Photos megathread and recent guides from self-hosters on the internet. For me, changes in LastPass, even as a paid user, had me looking elsewhere.

nodiscc also noted the different reasons people self-host, saying, There would be many... technical interest, security/privacy, customization, control over the software, self-reliance, challenge, economical reasons, political/Free software activism. Looking at the growth of self-hosting over the years, Edward says, These aren't comprehensive reasons but I expect that privacy-consciousness, hardware availability and more mainstream open-source software have contributed to the growth of self-hosting.

These are all good reasons why self-hosting is so essential. Self-hosting brings freedom and empowerment to users. You own what you use: you can change it, keep it the same, and have your data in your own hands. Much of this derives from the free (as in freedom to do what you like) nature of self-hosting software. The source code is freely available to use, modify, and share. Even if the original author or group stops supporting something, the code is out there for anyone to pick up and keep alive.

Despite the individualistic nature of self-hosting, there is a vibrant and growing community.

Much of this growth can be seen on Reddit, with r/selfhosted hitting over 136,000 members and continuing to rise, up from 84,000 just a year ago. The discussions involve self-hosting software that spans dozens of categories, from home automation, genealogy, and media streaming to document collaboration and e-commerce. The list maintained by nodiscc and the community has grown so long that its stewards say it needs more curation and better navigation.

The quality of free and easy-to-use self-hosting software has increased too, making the practice increasingly accessible to the less-technically savvy. Add to that the rise of cheap, credit card-sized single-board computers like the Raspberry Pi, which lower the starting costs of creating a home server to as little as $5 or $10. Between high-available hosting environments, to one-click/one-command deploy options for hundreds of different softwares, the barrier for entry has dramatically been lowered over the years, said KmisterK.

Of course, even the most dedicated self-hosters admit that it isn't for everyone. Having some computing knowledge is fairly essential when it comes to running your own internet services, and self-hosting will never truly compete with big-name services that make it exponentially easier," KmisterK said.

But while self-hosters may never number enough to put a serious dent in Big Tech's offerings, there is aclear need and benefit to this alternative space. And I can't think of a better model for the kind of DIY community we can have, when left to our own devices.

Read the original:
Meet the Self-Hosters, Taking Back the Internet One Server at a Time - VICE

This is a significant bug in the Atlasian Association, which is being actively exploited worldwide, according to the American Cybercom Organization.

Error CVE-2021-26084 discussed at Atlasian Association wiki software. The vulnerability is so serious that US cybercom, the Department of Defenses cyber security, has issued a warning. The massive exploitation of the Atlasian Association error CVE-2021-26084 is ongoing and is expected to accelerate further, read a statement released Friday. Therefore, the company advises companies to close this breach as soon as possible, but the United States is enjoying a long weekend. Therefore, it is a privilege moment for cyber attacks because it often takes a long time before a company employee notices something unusual.

Sangamam is a popular wiki software. A series of misguided gangs aimed at infiltrating corporate networks are currently scanning violations. Atlasian announced on August 25 that a critical bug had been detected in various versions of the association server and data center, allowing a user to use unauthorized run code in the software. Revised version has been published. The defect appears to affect only servers on campus, not the cloud-provided versions of the association.

Error CVE-2021-26084 discussed at Atlasian Association wiki software. The vulnerability is so serious that US cybercom, the Department of Defenses cyber security, has issued a warning. The massive exploitation of the Atlasian Association error CVE-2021-26084 is ongoing and is expected to accelerate further, read a statement released Friday. Therefore, the company advises companies to close this breach as soon as possible, but the United States is enjoying a long weekend. So this is an important time for cyber attacks because it takes a long time before a company employee notices anything unusual. Sangam is a popular wiki software, often used for communication purposes. Atlasian announced on August 25 that a critical bug had been detected in various versions of the association server and data center, allowing a user to use unauthorized run code in the software. Revised version has been published. The defect appears to affect only servers on campus, not the cloud-provided versions of the association.

// Additional initialization code such as adding Event Listeners goes here FB.Event.subscribe('edge.create', function (href, widget) { if (href.indexOf('facebook.com') == -1) { headjs.ready("bp_bt", rmgBtTrackerCallBack(1, "fb")) } } ); };

// Load the SDK asynchronously (function () { // If we've already installed the SDK, we're done if (document.getElementById('facebook-jssdk')) { return; }

// Get the first script element, which we'll use to find the parent node var firstScriptElement = document.getElementsByTagName('script')[0];

// Create a new script element and set its id var facebookJS = document.createElement('script'); facebookJS.id = 'facebook-jssdk';

// Set the new script's source to the source of the Facebook JS SDK facebookJS.src="https://connect.facebook.net/fr_FR/all.js"; // Insert the Facebook JS SDK into the DOM firstScriptElement.parentNode.insertBefore(facebookJS, firstScriptElement); }());

Read more here:
US government warns of error in union - ICT News - The Press Stories

With most workers nowadays operating in a hybrid model, small and medium-sized businesses (SMB) are being forced to rethink their IT infrastructure. This is according to a report from data center specialists ServerChoice, which claims that SBMs are turning to cloud to support their employees.

Polling more than 900 SME business leaders, ServerChoice found that most of them (72 percent) are considering creating a private cloud solution, while 19 percent are eyeing up colocation. The remaining nine percent will most likely go down the public cloud route.

SMB leaders are in no rush to get this done, however, as there are major roadblocks along the way. While many are worried about the cost of moving their servers and setting up cloud-based infrastructure, some are also wary of the potential downtime during the move. There are also concerns about possible breakdowns during the move, which would not only prolong the process, but also make it more expensive.

SMEs are undergoing a rapid shift in working patterns with four in ten of these businesses moving offices. This has become a driver for businesses to relook at their IT server estate and our research found that SMEs are using the office move as an opportunity to shift IT servers off-premises, said Adam Bradshaw, Commercial Director at ServerChoice.

SMEs remain unconvinced by public cloud, with colocation found to be twice as popular as public cloud. This is unsurprising as perfectly good IT hardware does not need to be replaced with colocation. It is a solution that not only maximizes the potential of existing hardware but provides a more secure, and often more reliable, foundation for a business core infrastructure.

The rest is here:
More SMBs are shifting IT infrastructure as part of hybrid working plans - ITProPortal

SAN FRANCISCO, Aug 26 (Reuters) - Microsoft (MSFT.O) on Thursday warned thousands of its cloud computing customers, including some of the world's largest companies, that intruders could have the ability to read, change or even delete their main databases, according to a copy of the email and a cyber security researcher.

The vulnerability is in Microsoft Azure's flagship Cosmos DB database. A research team at security company Wiz discovered it was able to access keys that control access to databases held by thousands of companies. Wiz Chief Technology Officer Ami Luttwak is a former chief technology officer at Microsoft's Cloud Security Group.

Because Microsoft cannot change those keys by itself, it emailed the customers Thursday telling them to create new ones. Microsoft agreed to pay Wiz $40,000 for finding the flaw and reporting it, according to an email it sent to Wiz.

"We fixed this issue immediately to keep our customers safe and protected. We thank the security researchers for working under coordinated vulnerability disclosure," Microsoft told Reuters.

Microsoft's email to customers said there was no evidence the flaw had been exploited. "We have no indication that external entities outside the researcher (Wiz) had access to the primary read-write key," the email said.

This is the worst cloud vulnerability you can imagine. It is a long-lasting secret, Luttwak told Reuters. This is the central database of Azure, and we were able to get access to any customer database that we wanted.

Luttwak's team found the problem, dubbed ChaosDB, on Aug. 9 and notified Microsoft Aug. 12, Luttwak said.

A Microsoft logo is pictured on a store in the Manhattan borough of New York City, New York, U.S., January 25, 2021. REUTERS/Carlo Allegri

Read More

The flaw was in a visualization tool called Jupyter Notebook, which has been available for years but was enabled by default in Cosmos beginning in February. After Reuters reported on the flaw, Wiz detailed the issue in a blog post.

Luttwak said even customers who have not been notified by Microsoft could have had their keys swiped by attackers, giving them access until those keys are changed. Microsoft only told customers whose keys were visible this month, when Wiz was working on the issue.

Microsoft told Reuters that "customers who may have been impacted received a notification from us," without elaborating.

The disclosure comes after months of bad security news for Microsoft. The company was breached by the same suspected Russian government hackers that infiltrated SolarWinds, who stole Microsoft source code. Then a wide number of hackers broke into Exchange email servers while a patch was being developed.

A recent fix for a printer flaw that allowed computer takeovers had to be redone repeatedly. Another Exchange flaw last week prompted an urgent U.S. government warning that customers need to install patches issued months ago because ransomware gangs are now exploiting it.

Problems with Azure are especially troubling, because Microsoft and outside security experts have been pushing companies to abandon most of their own infrastructure and rely on the cloud for more security.

But though cloud attacks are more rare, they can be more devastating when they occur. What's more, some are never publicized.

A federally contracted research lab tracks all known security flaws in software and rates them by severity. But there is no equivalent system for holes in cloud architecture, so many critical vulnerabilities remain undisclosed to users, Luttwak said.

Reporting by Joseph Menn; Editing by William Mallard

Our Standards: The Thomson Reuters Trust Principles.

Read the rest here:
EXCLUSIVE Microsoft warns thousands of cloud customers of exposed databases - Reuters

Software-driven IT organizations generally rely on a tool chain made up of commercial and home-grown solutions to develop, deploy, maintain and manage the applications and OSes that their business depends on. Most IT shops have preferred tools for needs like application monitoring, data protection, release management or provisioning and deprovisioning resources. But are those tools always the best options?

While tool chains do evolve over time, its rare for IT organizations to conduct a full, top-to-bottom review of the tools they are comfortable using with an eye toward optimization or new capabilities. One motivator is when companies are considering moving workloads from the data center to the cloud. The inherent differences in how applications are developed and managed for on-premise vs. cloud environments is a strong reason to reassess whether the current tools in your arsenal are the best alternatives available or, just as important, whether theyre well-suited to a more cloud-centric software lifecycle.

When it comes to reevaluating your tool chain, it helps to have a process. Heres one approach:

Its important to start with a full audit of your current stack, including areas such as:

Obviously, its important to assess how well each product meets your current needs as they stand today. (Are there capabilities you wish it had or weaknesses youve become accustomed to working around?) Then consider how those needs will change as workloads move to the cloud. A good first question to ask is whether the tool is still supported by the vendor. Given how infrequently IT teams switch tools, theres a not insignificant likelihood that one or more of your tools has become an orphan. Second, does the license agreement for the tool accommodate or restrict its use in the cloud? For instance, some tools are licensed to a specific physical server and some vendors require their hardware to be owned by the same entity that holds the license. Both of these scenarios are problematic for cloud-based deployments. Third, does moving to a cloud base tool open up new possibilities that you want to take advantage of? Removing the constraints of on-premise solutions and gaining capabilities like nearly unlimited compute and storage, dynamic workloads and multiple regions around the world can provide much needed flexibility. But the advantage of moving to a cloud-based tool (replacing, say, an on-premise application log reporting solution with Azure Log Manager), needs to be balanced against the added management required solution as well as the need to retrain teams.

There are also non-technical factors to consider when looking at new tools. Do teams enjoy using the tool? Does it make them more productive (or conversely, slow them down)? Does it meet the business needs of the organization? How much work will adopting a new tool take and will it be worth it in the long run? While these may not be the most important considerations, they shouldnt be overlooked.

There is almost always going to be an alternative to any individual tool and, potentially, one tool that can do the work of several, making it possible to consolidate. One way to get a sense of whats available is to start by asking other teams in your organization what they use in the destination cloud. There are often cloud-based tools (offered by cloud vendors or sold as separate SaaS products) that offer pay-as-you-go licensing, can be easier to scale up or down, move workloads around, and can expand to other regions. Today, some legacy vendors even offer consumption-based options to better match up against cloud-based competitors, while others stick with more traditional perpetual licenses. Last, consider if a new tool will give IT teams the opportunity and motivation to expand their skill set. Offering the chance to learn and use new products could actually increase job satisfaction and improve your organizations ability to retain engineering talent.

Before you pull the trigger on a new solution it often pays to check in with the existing vendor. To keep your business they may offer more generous or flexible terms. Of course, vendors that see the cloud as a threat are probably going to be less inclined to give you a break on licensing. But the conversation doesnt lead to new or better terms, talking to your vendors on a regular basis can provide insights into how they see their customers and the market.

Once youve completed the previous steps, youll have a good idea of the tools youre likely to keep and those youd like to upgrade. At that point, its important to create a plan for adopting each new tool. Start by separating products that need to be replaced soon from those where more research is required; it also helps to compile any other useful information learned during the process so that the larger IT team can access it. Youll want to assess whether teams will need training, whether internal documentation or playbooks need to be updated, and how new tools will plug into existing authorization/authentication solutions. Finally, you will also need a migration plan for each tool that details how and when the organization will move from the old product to the new one, what scripts will need to be rewritten, and what to do with historical data like log files from the old product.

While cloud-based tools offer meaningful benefits in terms of flexibility, cost savings and ease of scalability, they may not be the best solution for every organization. The only way to be sure is to do the kind of analysis outlined above. For companies that have already made the decision to move workloads to the cloud, the potential long-term benefits of adopting new solutions is worth the effort.

Skytap

More:
Rethinking Your Tool Chain When Moving Workloads to the Cloud - Virtual-Strategy Magazine