this post was submitted on 26 Apr 2026
158 points (97.0% liked)

Selfhosted

59939 readers
308 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam.

  3. Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.

  4. Don't duplicate the full text of your blog or git here. Just post the link for folks to click.

  5. Submission headline should match the article title.

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
curbstickle_lw@lemmy.world
158
GitHub - minio/minio: "This repository was archived by the owner on Apr 25, 2026. It is now read-only." (github.com)
submitted 1 month ago by otter@lemmy.ca to c/selfhosted@lemmy.world
61 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] panda_abyss@lemmy.ca 2 points 1 month ago (1 children)

Rustfs is sketchy as fuck though.

[–] hendrik@palaver.p3x.de 1 points 1 month ago (1 children)

Thanks for pointing it out. Yeah it does. I just copy-pasted what I found and didn't check.

[–] panda_abyss@lemmy.ca 2 points 1 month ago (1 children)

For posterity because I didn’t explain why/how it’s sketchy:

  • they just found a hardcoded key that skips all security that was in the wild for like two years
  • significant vibe coding means nobody actually understands the codebase. Hence not finding the backdoor key
  • some of the documentation is only in Chinese, which isn’t sketchy in itself, but given the backdoor key does seem fucking sketchy.
  • they have an X link you cannot remove from the admin console
  • the admin console has minor but stupid bugs: you can’t go from a bucket to the list of buckets, auth is janky, etc.

Just because it’s good a good name doesn’t make it good pedigree (which is a bone I have with rustXYZ named projects). The fact nobody caught serious backdoors for years is damning.

If you’re running this offline, it might be fine for you. I still run it inside my vpn behind auth but I’m looking to move off.

[–] hendrik@palaver.p3x.de 1 points 1 month ago

Thx very much. That's valuable info. I edited my comment and crossed it off my list of software to evaluate for future projects. I already got the vibe-coding and a bit of sketchiness by scrolling through the latest commits and issue tracker.