> So the only convenient way to have security is to use the cloud version? Got it.
I wouldn't formulate it that way, it's just a bit annoying for me to see this trend of not having even tiny bit of security built in and having to do extra work just to protect the dashboard. Just one admin account and a random generated password would be fine.
That's the key difference between self-hosted and SaaS. If you self-host, you are responsible for setting up the required infrastructure, taking care of updates, backups etc.
If setting up a reverse proxy behind whatever monitoring you've got is too much, then yes, by all means use the SaaS offering -- but that's 100% the user responsibility, and there's no need to be snarky about it.
> If you self-host, you are responsible for setting up the required infrastructure, taking care of updates, backups etc.
Are you speaking about Netdata or in general? Because if the former, then at least the updates part is not true: the installation script turns out nightly updates (and telemetry).
Frankly, the reason there is no basic auth is that Netdata doesn't use a third-party web server but a built-in one, so they would have to add this functionality.
It's not that it's too difficult, but we were accustomed to having this functionality built in in similar products in the past, then things changed. When ELK first showed up there was a big wave of attacks on ELK servers because they were completely unsecured and at that time X-Pack Security was a paid add-on, they changed their mind later, some time after an open source solution appeared.
I wouldn't formulate it that way, it's just a bit annoying for me to see this trend of not having even tiny bit of security built in and having to do extra work just to protect the dashboard. Just one admin account and a random generated password would be fine.