Hacker News new | past | comments | ask | show | jobs | submit login

This is my biggest objection to Slack. Give me an application/container/whatever I can run on our network instead. I do not trust them with my entire company chat history stored in plaintext on the same cluster as every other company.



I feel like more often than not, organizations apply this logic to SaaSes that offers on-prem installations, and choose the on-prem over the hosted solution...

only to leave the installation out of date with critical vulnerabilities and missing features that the hosted installation would be on top of.


There is nothing stopping an on-prem appliance from being able to automatically update. Of course, once you do that, you are again putting trust back into the third party, so you lose some of what you gained.


I don't think I've ever seen an on-prem application that self updated without manual intervention. I'm sure it exists, but it doesn't seem common.

Probably because in general self-updating goes against the control on-prem is supposed to give enterprises, especially when they're afraid of breaking critical workflows.


If it's not exposed to the internet, an out of date on-prem is still better than everything on a massive centralized public vendor server that 5 nation states are hacked into.


GitLab had a permission escalation issue that I saw unpatched on an on-Prem install. Contractors accessing it via VPN (and even local employees) would have been able to access repos and actions they didn’t have permission to access.

And it’s not like nation states can’t attack companies directly.


Nation states only attack companies they care about. That's the point. Once you have your info on slack, you share the fate with the million other companies that nation states might care about.


If 5 nation states hacked into the centralized public vendor they'll find a way to get into someone's on-prem version of the same, especially if they are the type to let it go very out of date.


The difference is that they will only hack into your on-prem solution if you are the target. With a central service, all of slack's million customers get compromised because of one single hack.


Correct, I didn't think of that.


Nowadays there are excellent self-hosted alternatives (Zulip, Mattermost, Rocket Chat...).

That being said: A company-wide Discourse forum works much better for knowledge sharing and discussions.


Has anybody ever merged chat and forums? At least integrate them so tightly that switching back and forth is fluid.


That's not what they are ever going to provide, like the parent comment indicated because it isn't their goal. Companies or individuals which need your requirement should/are already using a competitor that does allow you to do so, with all the limitations that the extra security gets you (search, integrations, etc), e.g. mattermost or rocket.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: