also why would every person need a webpage? i can at least get social media where you can see other peoples pages or posts or whatever and comment on it or chat through the service. but that wont work if we all have different webpages.
Assuming you’re hosting on a cellular network, but actually to run a small site on a local network connected by wifi it would be an option. Not necessarily the best option, but doable and yeah the battery life could be useful for intermittent power situations.
A lot of people have old phones whose batteries are to degraded to be useful for much, those could be used as servers with much less problems then any other phone (no spotty connectivity, no changing mobile network ips, no cutting into the battery life of your phone)
There’s not really anything stopping someone from writing the necessary code to make this work, but why do that when you can use an always-online, non-battery-powered computer as your web server?
I have a couple rooted Android 4 phones that I could use but they would be rather slow and have security vulnerabilities. Unless someone makes a custom ROM for the obscure models I have, these problems won’t go away.
On my non-jailbroken phone it doesn’t. The default port is 8888 and you can change it, but it doesn’t start if you specify 80. I don’t know if jailbreaking allows that.
I have to add that it shouldn’t matter much though. If anyone is around you, which would be the main use case, it provides you with a QR code that they can scan and view your website.
The reason you can’t host as port 80 on unmodified Android isn’t because “Google won’t let you.” Android is open source. You can do what you want with it. Android runs on Linux, and ports 0-1023 are privileged ports that can only be used as root.
Unmodified Android does not allow userland apps to run as root for very good reasons, so you don’t have access to these ports. That’s all there is to it. If you attempted to do the same thing on Ubuntu, you would also not be able to use port 80 without root.
However, this is a naive approach to hosting a website. Production web stacks, when hosted on a machine, typically use a least-privileged model where not only ports are banned, but most file access is, too.
Most dynamic web stacks won’t host on port 80 directly. Most will serve either a socket connection or host multiple ports on threads, i.e. ports 3000 to 3007. These connections would then be proxied via something like Nginx to serve as a load balancer, and Nginx can also manage SSL for you, too.
If Nginx is started as root, it can host on port 80. If not, serve on port 8080 and use NAT to redirect it to port 80 with your firewall. You are using a firewall for publicly-hosted content, right?
I don’t think it’s a great idea to host a website on cellular data. If I had to serve something with a mobile device, I’d use USB networking, or a USB to Ethernet adapter.
I wouldn’t want to reduce security by allowing privileged ports as any user, or running modified operating systems that have lessened security baked-in. This security principle is in place for good reasons, and they should remain in place.
If you are exposing your LAN to your Internet connection, you’re doing something wrong. If you are not, but are using a firewall that doesn’t support NAT, then I don’t trust your firewall. If your firewall supports NAT, and you’re attempting to subvert Linux security measures instead of using it, then you’re doing something wrong.
It’s also not practical. Why would I want outside people connecting to my phone constantly? Security risk? Battery drain? Inconsistent IP Address? Just host it somewhere designed for hosting lol
It would be pretty trivial to do a webv3 IPNS:// website on a phone.
It would be slow, It would consume extra battery, The IPFS network could cache it, if it were under a certain size, You could always pay to pin it but then it doesn’t matter if it’s being hosted from your cell phone anymore.
Yeah I could see that some people don’t have any interest.
To me the true interesting part about it is that there’s no port forwarding, no firewall, The site (under a certain size) automatically gets cached in the network for free. It’s kind of like putting something out in an organized torrent. You don’t have to host it for any one particular IP or place, It solves just about every complaint that everyone was listing in this post for why it’s not reasonable. You simply sign it with your key and the name service keeps the latest version of to date for you, If you bought a new phone or wanted to use a desktop or wherever in the hell you want, your signed content just has to be available once a day to freshen the IPNS record.
What are you talking about? GitHub pages is just one example of a web page host that’s free for everyone, super fast and reliable.
Even if you need to host something that has a backend, there are free options with significantly fewer downsides than hosting on your phone.
Cloud servers may be a bad solution for things like pinhole, but your phone would be dead in four hours if you were forcing it to stay awake to respond to every DNS request on your network.
If you’re talking about using your phone as a stationary server that you leave plugged in, isn’t that just an extremely overpriced raspberry pi with no free IO ports?
It’s an interesting idea, but it’s just so much worse than any other option that I can’t imagine anyone seriously wanting to do it.
I’ve been using AWS Amplify for the past five years completely for free. You’d have to get a huge website to get to the point where they start charging
Things intended for local use, like Pihole also don’t work on cloud servers without getting banned for DNS abuse.
Are you talking about running a public DNS resolver?
That’s a very different topic that wasn’t part of the original post as far as I can tell.
There have always been (and there always will be) countless solutions for hosting a website for free. Even ignoring the security implications, mobile networks are not designed to do what you want to do. Full stop. If you can’t find a cloud provider in 2023 that will host a free website that will meet your needs, you aren’t looking hard enough.
Mobile providers spend billions in CAPEX every single year to keep up with ever-increasing demand (spectrum, base stations, radios, antennas, etc.) and even then they can barely keep up in some areas.
Every device attached to a given cell shares the resources of that cell. And uplink bandwidth is specifically scarce. Don’t be a bad neighbor.
I suppose I could be convinced, but my gut reaction is this is a bad idea. Most people aren’t security oriented, and would put themselves at risk with poorly updated websites that are an attack vector for bad actors… There’s a lot more at stake in regards to what personal data lives on your phone… the richest concentration of your PII.
Also, my battery life is already precious. And what if you’re out of cell range or the network is overloaded? Your site just stops working?
Here’s what I’m imagining. The phone is listening on port 80, probably running some jacked up plug-in to play a favorite song. The user probably installs it and then forgets it’s there. The plug-in becomes severely out of date, running code with multiple zero day exploits. In the best case scenario it is running your battery down and using up your bandwidth, it’s commonly just unavailable because your metro area cell network is jammed so your visitors can’t access the site at all, and worst case it can be tricked into running local scripts that do nefarious things.
We get it dude; you wanna run servers off of android.
Good thing the base is open source, you can go ahead and build that dream phone OS that doesn’t care about your personal security.
Nobody else wants to do this so I’m not sure why you’re arguing to hard for everyone to be able to do it. Why would I want to self host a website on a phone and expose myself to a million new attack vectors when there’s free hosting available en masse?
I run a server now for lots of local stuff and I still pay for a web server so my home isn’t constantly exposed to the internet at large. Why the fuck would anyone want to do that, IDK. it’s a fucking privacy nightmare.
If you give people this ability, most of the ones who use it are going to put themselves at risk.
Maybe you feel that’s their own problem. Sometimes you need to protect people from themselves. The phone vendors sure as hell don’t want to start seeing news stories of their devices getting hacked all the time.
And how do you feel about your site visitors not being able to hit your page when your local network is overloaded?
The reason I think this is needed is because a large percent of Internet users cannot afford hosting personal websites.
that isn’t really the case these days. there are a bunch of free options available–from companies large and small, non-profits and user groups, shared public servers, etc. you can’t run a large download server or a resource-hogging scripted application off something like that, but you won’t be doing those things off your phone and mobile data, either.
If you’re sticking an old device into a closet stuck to a charger, a phone is like the worst thing for that. Heck, even an old laptop running Linux would probably allow you to charge it, have an external HDD, and Ethernet at the same time, which already puts it miles ahead of a phone.
Android is open source, so if you really want to do this with an old device, you can build yourself a custom rom and do so. But there is no way that it’s a good play for Google to spend engineering time and resources to build something that is at best a poor replacement for countless existing solutions.
I think a root app that runs on Android 4 would work but the devs would have to implement modern standards (TLS 1.2) themselves, the performance would be bad and the phone will probably have known security vulnerabilities.
I don’t think it’s a good idea. Most people are not tech-oriented, which means it will be a huge security risk. And I want my smartphone to be a phone first and foremost. I want it to have a good battery life so that if I need to make an emergency call, I can rely on it.
I use a dumb phone for that, and due to my provider’s oversight, I get 1 MB for free a day on a prepaid card, enough for basic stuff like train timetables on Opera Mini (no email due to privacy concerns but I am frequently enough on Wi-Fi anyway). So I carry two phones: my smartphone has no SIM card and is used most of the time while my Nokia lasts a week while in standby.
So neither phone could work as a server, nor would most of anyone else’s given that everyone expects 100% uptime, which phones don’t really provide.
However, how about using one of the three rooted Android 4.4 phones in my drawer? My home Wi-Fi, a USB charger and a root app that runs a remotely maintainable web server would make it a great website hosting option. Sadly, I don’t know any Java and few people develop for Android versions before 5, among other things because of its bring-your-own-TLS-1.2-implementation necessity.
No thanks. Linode let’s you setup a cheap server for $5 a month, my cellphone is 30$ a month with limited data, and my house is basically a faraday cage.
The end user experience for your website would be terrible and inconsistent, phones don’t have the kind of uptime and availability that you would need, and keeping them plugged in 24/7 in a closet doing computational tasks is a good way to end up with battery bulge and one spicy mini pillow.
There are too many nefarious purposes that could benefit from being able to serve public web services from your smartphone and no consumer benefits that average people would care about.
Fortunately it doesn’t matter what I want to allow and is up to the cellular service providers which have all kinds of stipulations about what constitutes as service abuse and using an inordinate amount of bandwidth is usually one of them.
So for security safety and service stability reasons, yeah, there is no legitimate reason why it SHOULD be allowed. Just spend the $5 monthly on the hardware and bandwidth instead of potentially making your neighbors cell data worse or setting your house on fire/ blowing up your closet just so you can have an unconventional web server.
The end user experience for your website would be terrible and inconsistent
The internet is a massive hodge-podge of different devices. There’s literally no difference in how it’s done now already. Walking through my datacenter I see 10th gen dells still in service.
phones don’t have the kind of uptime and availability that you would need
For homelab? or setting up a personal lemmy instance? It really depends on the purpose. And the premise from the OP has been “personal”.
keeping them plugged in 24/7 in a closet doing computational tasks is a good way to end up with battery bulge and one spicy mini pillow.
Many phones do “only charge to 80%” sort of setting. Negates this nearly completely.
Fortunately it doesn’t matter what I want to allow and is up to the cellular service providers which have all kinds of stipulations about what constitutes as service abuse and using an inordinate amount of bandwidth is usually one of them.
Phones can connect to other services you know… It’s not all about cellular. And many phone companies suppose home/business connections over their network.
So for security safety and service stability reasons, yeah, there is no legitimate reason why it SHOULD be allowed.
There’s tons of legitimate reasons… Such as I want to do what I want with my device.
This is like Apple not allowing you to have root access to your device. Today we’ve computers in our pockets that are more powerful than laptops from 10 years ago yet we can’t use them because they’re locked down. :(
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]
This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.
Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.
Rules:
1: All Lemmy rules apply
2: Do not post low effort posts
3: NEVER post naziped*gore stuff
4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.
5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)
6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist
7: crypto related posts, unless essential, are disallowed
Why though? I see intermittent availability, battery drain and security being issues and I don’t see any up-sides.
also why would every person need a webpage? i can at least get social media where you can see other peoples pages or posts or whatever and comment on it or chat through the service. but that wont work if we all have different webpages.
And it would be complicated to implement when you’re switching networks all the time.
Assuming you’re hosting on a cellular network, but actually to run a small site on a local network connected by wifi it would be an option. Not necessarily the best option, but doable and yeah the battery life could be useful for intermittent power situations.
One man’s “battery drain” is another man’s “built-in UPS.”
A lot of people have old phones whose batteries are to degraded to be useful for much, those could be used as servers with much less problems then any other phone (no spotty connectivity, no changing mobile network ips, no cutting into the battery life of your phone)
deleted by creator
Of course, they are more than capable enough (if you remain connected to the network and don’t care about the battery drain).
However, society is so used to “THE CLOUD” that this seems backwards.
deleted by creator
There’s not really anything stopping someone from writing the necessary code to make this work, but why do that when you can use an always-online, non-battery-powered computer as your web server?
deleted by creator
The battery in a phone only functions as a UPS if it’s plugged in 24/7, in which case it isn’t usable as a phone.
deleted by creator
I have a couple rooted Android 4 phones that I could use but they would be rather slow and have security vulnerabilities. Unless someone makes a custom ROM for the obscure models I have, these problems won’t go away.
I just found ServeIt on fdroid. I tried it with a simple html website and it works on my phone. It does exactly what you ask.
deleted by creator
On my non-jailbroken phone it doesn’t. The default port is 8888 and you can change it, but it doesn’t start if you specify 80. I don’t know if jailbreaking allows that.
I have to add that it shouldn’t matter much though. If anyone is around you, which would be the main use case, it provides you with a QR code that they can scan and view your website.
Yeah and if you really want it to be accessible from WAN, just forward port 80 on your router to the phone.
The reason you can’t host as port 80 on unmodified Android isn’t because “Google won’t let you.” Android is open source. You can do what you want with it. Android runs on Linux, and ports 0-1023 are privileged ports that can only be used as root.
Unmodified Android does not allow userland apps to run as root for very good reasons, so you don’t have access to these ports. That’s all there is to it. If you attempted to do the same thing on Ubuntu, you would also not be able to use port 80 without root.
However, this is a naive approach to hosting a website. Production web stacks, when hosted on a machine, typically use a least-privileged model where not only ports are banned, but most file access is, too.
Most dynamic web stacks won’t host on port 80 directly. Most will serve either a socket connection or host multiple ports on threads, i.e. ports 3000 to 3007. These connections would then be proxied via something like Nginx to serve as a load balancer, and Nginx can also manage SSL for you, too.
If Nginx is started as root, it can host on port 80. If not, serve on port 8080 and use NAT to redirect it to port 80 with your firewall. You are using a firewall for publicly-hosted content, right?
The other issue is phones would not typically have a public IP without ipv6. You are also unlikely to have a static (consistent) IP address.
I don’t think it’s a great idea to host a website on cellular data. If I had to serve something with a mobile device, I’d use USB networking, or a USB to Ethernet adapter.
deleted by creator
I wouldn’t want to reduce security by allowing privileged ports as any user, or running modified operating systems that have lessened security baked-in. This security principle is in place for good reasons, and they should remain in place.
If you are exposing your LAN to your Internet connection, you’re doing something wrong. If you are not, but are using a firewall that doesn’t support NAT, then I don’t trust your firewall. If your firewall supports NAT, and you’re attempting to subvert Linux security measures instead of using it, then you’re doing something wrong.
deleted by creator
It’s also not practical. Why would I want outside people connecting to my phone constantly? Security risk? Battery drain? Inconsistent IP Address? Just host it somewhere designed for hosting lol
It would be pretty trivial to do a webv3 IPNS:// website on a phone.
It would be slow, It would consume extra battery, The IPFS network could cache it, if it were under a certain size, You could always pay to pin it but then it doesn’t matter if it’s being hosted from your cell phone anymore.
I stopped reading at webv3.
Yeah I could see that some people don’t have any interest.
To me the true interesting part about it is that there’s no port forwarding, no firewall, The site (under a certain size) automatically gets cached in the network for free. It’s kind of like putting something out in an organized torrent. You don’t have to host it for any one particular IP or place, It solves just about every complaint that everyone was listing in this post for why it’s not reasonable. You simply sign it with your key and the name service keeps the latest version of to date for you, If you bought a new phone or wanted to use a desktop or wherever in the hell you want, your signed content just has to be available once a day to freshen the IPNS record.
IOW you’ve turned it into a thought-terminating cliche.
A number of cloud providers offer an always-free tier.
https://github.com/cloudcommunity/Cloud-Free-Tier-Comparison
deleted by creator
What are you talking about? GitHub pages is just one example of a web page host that’s free for everyone, super fast and reliable.
Even if you need to host something that has a backend, there are free options with significantly fewer downsides than hosting on your phone.
Cloud servers may be a bad solution for things like pinhole, but your phone would be dead in four hours if you were forcing it to stay awake to respond to every DNS request on your network.
If you’re talking about using your phone as a stationary server that you leave plugged in, isn’t that just an extremely overpriced raspberry pi with no free IO ports?
It’s an interesting idea, but it’s just so much worse than any other option that I can’t imagine anyone seriously wanting to do it.
I’ve been using AWS Amplify for the past five years completely for free. You’d have to get a huge website to get to the point where they start charging
Are you talking about running a public DNS resolver?
That’s a very different topic that wasn’t part of the original post as far as I can tell.
There have always been (and there always will be) countless solutions for hosting a website for free. Even ignoring the security implications, mobile networks are not designed to do what you want to do. Full stop. If you can’t find a cloud provider in 2023 that will host a free website that will meet your needs, you aren’t looking hard enough.
Mobile providers spend billions in CAPEX every single year to keep up with ever-increasing demand (spectrum, base stations, radios, antennas, etc.) and even then they can barely keep up in some areas.
Every device attached to a given cell shares the resources of that cell. And uplink bandwidth is specifically scarce. Don’t be a bad neighbor.
I suppose I could be convinced, but my gut reaction is this is a bad idea. Most people aren’t security oriented, and would put themselves at risk with poorly updated websites that are an attack vector for bad actors… There’s a lot more at stake in regards to what personal data lives on your phone… the richest concentration of your PII.
Also, my battery life is already precious. And what if you’re out of cell range or the network is overloaded? Your site just stops working?
deleted by creator
Here’s what I’m imagining. The phone is listening on port 80, probably running some jacked up plug-in to play a favorite song. The user probably installs it and then forgets it’s there. The plug-in becomes severely out of date, running code with multiple zero day exploits. In the best case scenario it is running your battery down and using up your bandwidth, it’s commonly just unavailable because your metro area cell network is jammed so your visitors can’t access the site at all, and worst case it can be tricked into running local scripts that do nefarious things.
deleted by creator
You are commenting as if everyone who would turn this feature on would have the technical acumen to understand how any of it works.
deleted by creator
We get it dude; you wanna run servers off of android.
Good thing the base is open source, you can go ahead and build that dream phone OS that doesn’t care about your personal security.
Nobody else wants to do this so I’m not sure why you’re arguing to hard for everyone to be able to do it. Why would I want to self host a website on a phone and expose myself to a million new attack vectors when there’s free hosting available en masse?
I run a server now for lots of local stuff and I still pay for a web server so my home isn’t constantly exposed to the internet at large. Why the fuck would anyone want to do that, IDK. it’s a fucking privacy nightmare.
The boat is already full of holes, so let’s poke more!
I wouldn’t expect anything like this proposal to be mandatory. I’d want it as something I could turn on if I felt I needed it.
If you give people this ability, most of the ones who use it are going to put themselves at risk.
Maybe you feel that’s their own problem. Sometimes you need to protect people from themselves. The phone vendors sure as hell don’t want to start seeing news stories of their devices getting hacked all the time.
And how do you feel about your site visitors not being able to hit your page when your local network is overloaded?
Having my phone not be able to do something I want it to do is my problem.
That’s why you have it turned off by default.
Compared to how it is right now, when I can’t run a site on my phone at all? It would be a significant improvement.
I meant, it’s arguable that if people use this feature and expose themselves, that’s their own fault. I’m not sure what you thought I meant.
It’s off by default, but still there for uneducated and unskilled people to turn on and leave themselves exposed.
Vs just paying a few bucks for linode that’s got multiple 9s of uptime? It doesn’t seem worth it.
Even if your security oriented it seems many frown upon any self hosting whatsoever.
from the linked article:
that isn’t really the case these days. there are a bunch of free options available–from companies large and small, non-profits and user groups, shared public servers, etc. you can’t run a large download server or a resource-hogging scripted application off something like that, but you won’t be doing those things off your phone and mobile data, either.
deleted by creator
If you’re sticking an old device into a closet stuck to a charger, a phone is like the worst thing for that. Heck, even an old laptop running Linux would probably allow you to charge it, have an external HDD, and Ethernet at the same time, which already puts it miles ahead of a phone.
Android is open source, so if you really want to do this with an old device, you can build yourself a custom rom and do so. But there is no way that it’s a good play for Google to spend engineering time and resources to build something that is at best a poor replacement for countless existing solutions.
I think a root app that runs on Android 4 would work but the devs would have to implement modern standards (TLS 1.2) themselves, the performance would be bad and the phone will probably have known security vulnerabilities.
This might be possible using cloudflared: https://news.ycombinator.com/item?id=37086455#37101789
I don’t think it’s a good idea. Most people are not tech-oriented, which means it will be a huge security risk. And I want my smartphone to be a phone first and foremost. I want it to have a good battery life so that if I need to make an emergency call, I can rely on it.
I use a dumb phone for that, and due to my provider’s oversight, I get 1 MB for free a day on a prepaid card, enough for basic stuff like train timetables on Opera Mini (no email due to privacy concerns but I am frequently enough on Wi-Fi anyway). So I carry two phones: my smartphone has no SIM card and is used most of the time while my Nokia lasts a week while in standby.
So neither phone could work as a server, nor would most of anyone else’s given that everyone expects 100% uptime, which phones don’t really provide.
However, how about using one of the three rooted Android 4.4 phones in my drawer? My home Wi-Fi, a USB charger and a root app that runs a remotely maintainable web server would make it a great website hosting option. Sadly, I don’t know any Java and few people develop for Android versions before 5, among other things because of its bring-your-own-TLS-1.2-implementation necessity.
deleted by creator
Why would anyone want this
No thanks. Linode let’s you setup a cheap server for $5 a month, my cellphone is 30$ a month with limited data, and my house is basically a faraday cage.
So just because it doesn’t make sense for you… it shouldn’t be allowed at all?
The end user experience for your website would be terrible and inconsistent, phones don’t have the kind of uptime and availability that you would need, and keeping them plugged in 24/7 in a closet doing computational tasks is a good way to end up with battery bulge and one spicy mini pillow.
There are too many nefarious purposes that could benefit from being able to serve public web services from your smartphone and no consumer benefits that average people would care about.
Fortunately it doesn’t matter what I want to allow and is up to the cellular service providers which have all kinds of stipulations about what constitutes as service abuse and using an inordinate amount of bandwidth is usually one of them.
So for security safety and service stability reasons, yeah, there is no legitimate reason why it SHOULD be allowed. Just spend the $5 monthly on the hardware and bandwidth instead of potentially making your neighbors cell data worse or setting your house on fire/ blowing up your closet just so you can have an unconventional web server.
The internet is a massive hodge-podge of different devices. There’s literally no difference in how it’s done now already. Walking through my datacenter I see 10th gen dells still in service.
For homelab? or setting up a personal lemmy instance? It really depends on the purpose. And the premise from the OP has been “personal”.
Many phones do “only charge to 80%” sort of setting. Negates this nearly completely.
Phones can connect to other services you know… It’s not all about cellular. And many phone companies suppose home/business connections over their network.
There’s tons of legitimate reasons… Such as I want to do what I want with my device.
This is like Apple not allowing you to have root access to your device. Today we’ve computers in our pockets that are more powerful than laptops from 10 years ago yet we can’t use them because they’re locked down. :(