Hacker News new | ask | show | jobs
by bluish29 993 days ago
> To protect your privacy, as with all Netdata Functions, a free Netdata Cloud user account is required to access it.

I understand that their cloud offering might not do telemetry (they do, but just for sake of argument). I will find it hard to understand how sending anything to the cloud in this case would provide more privacy that being completely offline (as this information is local anyway). I find it insulting to the reader actually, whatever the intent is.
1 comments
ktsaou 992 days ago
Do not compare Netdata with other monitoring solutions that centralize everything to one place, or with single installation applications.

Netdata is a distributed application, and it is installed all over the place. So we needed to find a way to provide SSO.

There are a few alternatives:

1. PAM (then LDAP or a DB), but this would significantly increase the attack surface of your Network, making Netdata an ideal component to test your security. We didn't want this.

2. LDAP, similar to the above and increased complexity. Probably too complex for the average user out there, and it would over-complicate things when you need to run Netdata in private and public clouds concurrently.

We chose to provide a free service to everyone using Netdata, where we manage all this complexity and simplify the process.

Netdata Cloud uses Google SSO, Github SSO, and email verification to authenticate users. It does not store user passwords. Combined with the claiming process of the Netdata Agents:

a) it ensures you are the admin of each server you want to manage b) it verifies your identify c) it provides centralized control on who of the authenticated users has access to your servers.

What happens when you use Netdata Cloud to access a Netdata agent, is that your web browser asks from Netdata Cloud to access this Netdata agent, Netdata Cloud verifies you and if this succeeds and you have trusted the agent before, it asks the agent (via their link) to generate a unique token for you, which is sent back to your browser and is then used as an authorization bearer to access the agent directly. So, your data do not flow through Netdata Cloud. You only get a token from the agent, via Netdata Cloud.

link
bravetraveler 991 days ago
Please consider an offline approach for those willing to take it on.

I can see the benefit of what you've outlined. I really want good representation of journals.

Yet, I'm likely to not start using netdata, because it seems to be 'always online' / dependent on something external. If things are bad enough where I'm looking at logs... maybe I don't have Internet access.

While we retain the data, we don't retain full control over the access to it. This is a pro for some, con for others.

Sure, in this situation, we can go look at the data directly, but that kind of nullifies the point of collection/presentation...

I dare say that most who have needs complicated enough to warrant log collection have auth infrastructure, tooling, or knowledge to manage

link
ktsaou 991 days ago
ok, can we discuss how you see this working for you? How do you believe you can provide SSO to all your Netdata agents?

Please open a discussion here: https://github.com/netdata/netdata/discussions

Even if this may be a niche need, I am open to create such a feature for those that need it, at a small price. But we need some specs.

link
bravetraveler 991 days ago
I'll mull it over and follow up once I have something of more substance, thank you!
link
ktsaou 991 days ago
I started the discussion, and offered a solution too:

https://github.com/netdata/netdata/discussions/16136

link