Introducing HexOS Local

[Mobius]

Hello all!

We are excited to announce HexOS Local, powering the new local UI/UX for HexOS and capable of so much more. 

Read more about it on the Blogpost - Introducing HexOS Local

[Ya A Slowpoke]

Great to see the progress being made compared to the early launch last year, I'm exited to see where it goes with the new upcoming roadmap.

While I'll personally will be waiting till a few more curated apps will be available (such as Kometa and Bazarr) it seems at least a good solid foundation will be standing with the 1.0 launch.

Keep it up guys!

[NAS]

Buddy backups looks like it'll cloud only. I hope this is just for coordination once configured the cloud shouldn't be involved.

[jonp]

3 hours ago, NAS said:

Buddy backups looks like it'll cloud only. I hope this is just for coordination once configured the cloud shouldn't be involved.

Def not cloud only. If your isp/network supports peer to peer, we can coordinate that and then get out of the way.  That is what's included in a lifetime license. If we end up having to relay traffic for some users, that will require a subscription as we will have to pay for the relay traffic, but obviously it will still be encrypted. 

[Mawson]

I believe the distinction is that Buddy backups, etc, will need to connect to the cloud for configuration, but not for ongoing use. I can see how that could be confusing for some people.

[ravstar52]

Wahoo! This is great news! Thanks for the update, i'm really excited to hear how the local UI has been coming along!

I'm also really surprised to learn my presumption of how the Command Deck works was completely wrong. I thought deck.hexos.com loaded an application into my browser's cache and then communicated to the NAS locally. I didn't realise it was actually sending calls to a central server. I've been turning on my home VPN for no reason! I suppose having to be on the same network as the HexOS box during first setup / "first flight" preconceived some notions.

Doesn't that mean that I can access my NAS from anywhere in the world though? And, say... anyone else who gets hold of my credentials? Do y'all have plans for enabling/forcing 2fa for the command deck? I'm kinda uncomfortable learning my box of drives can be interacted with from off network, and the only thing stopping anyone is a single factor of authentication.

It's not like I can block the HexOS API address at my router firewall level either, since the Local Command Deck is not currently planned to have the same functionality as the cloud Deck. Am I understanding that right?

Edited 8 hours ago by ravstar52

[jonp]

6 hours ago, ravstar52 said:

Doesn't that mean that I can access my NAS from anywhere in the world though? And, say... anyone else who gets hold of my credentials? Do y'all have plans for enabling/forcing 2fa for the command deck? I'm kinda uncomfortable learning my box of drives can be interacted with from off network, and the only thing stopping anyone is a single factor of authentication.

It's not like I can block the HexOS API address at my router firewall level either, since the Local Command Deck is not currently planned to have the same functionality as the cloud Deck. Am I understanding that right?

As of today, yes, you can access your server from anywhere using deck.hexos.com.  I have a discussion planned with the team to allow you to disable remote access which would be as simple as us verifying the WAN IP of the client device being used to connect to the deck and making sure it matches the server's WAN IP.  When HexOS Local arrives, you will be able to even further reduce your cloud dependency, but there are some features like installing apps/VMs, configuring buddy backups, and e-mail notifications that will require a connection to our deck.  Thankfully that connection is outbound from your server, which doesn't require you to open any ports on your firewall and expose the system to the wider net.

We also do have plans to implement oAuth and 2FA in the future to further enhance security and options.