[HN Gopher] I don't want to host services but I do
___________________________________________________________________
I don't want to host services but I do
Author : thibaultamartin
Score : 99 points
Date : 2023-08-09 15:09 UTC (7 hours ago)
(HTM) web link (ergaster.org)
(TXT) w3m dump (ergaster.org)
| tombert wrote:
| I am basically in the camp of "it is impossible to have readily-
| accessible stuff that you don't have to constantly babysit".
|
| I have a server in my basement with like 35tb of zfs storage to
| hold my blu-ray rips. The movies are backed up onto tapes, and
| those are more or less durable but not really readily-accessible
| (and kind of a pain).
|
| A very large quantity of my time is spent mucking around with
| disks, and fixing data issues. Even when there's no data issues,
| there might be a transient read error which causes a fault and I
| have to spend time dealing with scrubs or at the very least
| checksumming files to make sure that they're fine.
|
| A masochistic part of me kind of enjoys it, but honestly it's
| gotten to a point where I'm debating just paying some money to
| Hetzner or Amazon and selling off the servers.
| fragmede wrote:
| 35TiB on Hetzner or Amazon isn't exactly going to be cheap, but
| regardless of that, even if you don't give up your local
| server, I'd still ask what your off-site backup situation is.
| Two friend's houses got broken into (different cities) and had
| their shit stolen, and another had their stuff destroyed in a
| fire, so at some point, I added cloud storage for off-site
| backup into my strategy.
| meatmanek wrote:
| Serious question: Why go to so much trouble to back up your
| blu-ray rips? Why not just keep the original discs in a binder
| / on a spindle, and re-rip them if your hard drive dies?
| kelahcim wrote:
| For me, it turned our that buying hardware and hosting Minecraft
| server in a garage is simply much cheaper comparing to Cloud
| providers. This is why I am for self hosted stuff.
| aaviator42 wrote:
| One of the 'services' I host is a simple interface on a server
| that allows me to easily upload files and get sharable links to
| them.
|
| At this point it's used by more than just me, a bunch of people
| in my circle use my instance to share files.
|
| In case anyone else finds this useful:
| https://github.com/aaviator42/izi
|
| There's a demo here: https://aavi.xyz/proj/fakeizi/
| ChrisMarshallNY wrote:
| I'm writing an app that relies on four different servers.
|
| I've written 3 of them.
|
| We're unlikely to self-host, but we'll almost certainly be doing
| some kind of cloud service for them.
|
| Thankfully, the scale is minuscule, compared to what a lot of
| folks, hereabouts, are used to.
| om154 wrote:
| I want to self-host all of my data such as calendar, contacts,
| photos and more but I just haven't dedicated the time yet
| stavros wrote:
| Here you go: https://www.pastery.net/xtydav/
|
| apt-get install postgresql, connect it, and you're done.
| jasode wrote:
| _> , and you're done._
|
| It doesn't seem that simple. When I researched Nextcloud in
| the past, I avoided it because of warnings like the ones in
| this thread: https://news.ycombinator.com/item?id=25481465
|
| Ctrl+F search that thread for _" failure"_.
|
| If Nextcloud has solved whatever issues were happening in
| 2020, it still doesn't necessarily instill confidence because
| one can remain skeptical and assume there are _new issues
| still happening in 2023_. E.g.
| https://github.com/nextcloud/server/issues
|
| It's going to take some time to wade through all those Github
| issues to determine if there are any showstoppers that would
| affect one's installation. This doesn't look like a low-
| maintenance solution. The gp's wording of _" dedicated the
| time"_ seems very relevant. Copy&paste of some YAML doesn't
| really address the work involved.
| stavros wrote:
| Well, personally, I've been running it for years and it's
| never had as much as a hiccup, but YMMV.
| fragmede wrote:
| There's just some stuff that to have to host yourself. In my
| case, it's my garage door. Instead of having to be there to press
| the button on my garage door remote, I hooked it into a
| microcontroller and can now control it over the Internet. I then
| expose it via a tiny PHP script and Tailscale, and now, not only
| can I let people into my garage remotely, but they can let
| themselves in with their password. An expensive business feature
| for an apartment complex if I were to make a product out of it,
| but I built it myself and self-host.
| cosinetau wrote:
| If the mods on r/selfhosted could read, they would be very angry
| at this.
| coffee33go wrote:
| A set of valid points especially As self-
| hosters we are not going to change the face of the world. The
| other 98% of the general public is going to use hegemonic
| services: self-hosting is a privilege for those who have the
| education, time and money to put into it. We're only deploying
| solutions that work for us, individually.
| madeofpalk wrote:
| The other benefit is that using self hostable software makes it
| harder for centralised _deployments_ from screwing users over.
|
| It is harder (but not impossible, and not without it's own
| inconvenience) for mastodon.social to do a rug pull because
| there are near-identical alternatives that others (or yourself)
| host.
| 10000truths wrote:
| The other thing to consider is that self-hosting is not a
| binary option - there are degrees to it. On one end, I can
| upload a Docker image/OCI tarball to a cloud provider and get a
| service up and running with plenty of application-level
| customization. Somewhere in the middle, I can get a private
| server and have a bit more low-level control over my
| deployments, like tweaking some sysctl parameters, or running a
| custom-built Linux kernel. On the other end, I can literally
| buy my own rack server, with all the hardware I need or want
| installed in it, and send it to a colo for hosting and upkeep
| (or build my own data center, if I have the money).
| fragmede wrote:
| Stuffing it into your basement, which is the "build your own
| data center" option, isn't prohibitively expensive, not does
| the hardware have to be. There's a gulf of prices between a
| Raspberry Pi and a new Dell or HP server. On top of that,
| getting 5 nines of uptime is costly, but we're not trying to
| self host Google.com here. If my personal file server goes
| down, my friends'll eventually notice but we're talking about
| a service that gets 0 rps (requests per second) when all of
| us are all sleeping, so no nines is sufficient. More would be
| great, but like you said, it's expensive.
| horsawlarway wrote:
| This is the best route, in my experience.
|
| If you're interested in tech or gaming, you usually
| accumulate hardware anyways - putting the old stuff to use
| just makes sense in most cases.
|
| And I actually don't really agree with the article - My
| issue with SaaS products is not privacy. My problems are
| quality and consistency. My self-hosted stuff doesn't auto-
| update to a version that's less capable or dumb itself down
| to shove users into advertising flows or "new" features
| they want me to use. 7
|
| It's not about privacy - it's about having the computer
| serve me. It's the difference between a free "financial
| advisor" peddling scams vs a paid agent with fiduciary
| duty.
| Larrikin wrote:
| It's all niche stuff that only a few people use until there are
| watershed moments like the Twitter and Reddit fuck ups that
| push large swathes of users to look for an alternative. Then
| suddenly it's not a niche product and it's important that the
| kinks, bugs, and onboarding has been worked out during those
| years of being niche.
|
| People are absolutely getting sick of subscriptions. It's also
| getting easier to self host. Tailscale has been a game changer
| for me personally as I just had no confidence in getting my
| services working correctly over the internet without getting
| pwned
| vkou wrote:
| > It's all niche stuff that only a few people use until there
| are watershed moments like the Twitter and Reddit fuck ups
| that push large swathes of users to look for an alternative.
|
| And then after poking around for a week, they go back to
| Twitter and Reddit.
| BestGuess wrote:
| As something of a dumdum myself I think I know why.
| Corporations want people to be able to do their thing as
| easy as possible to make money, while people not directly
| motivated like that and not motivated to make it as easy as
| possible can do anything else. So instead of "make sure
| it's just a button click" it's "what, you didn't read all
| 580 pages of the documentation and all the changelogs and
| the code on github and compile it yourself on a custom
| built $40,000 machine? We don't help your kind around here
| go away" and yeah people go right back to windows or
| twitter or whatever.
|
| Jokin aside I'm just trying to explain there is a real
| problem there. Feeling smug about the result of that
| problem doesn't fix it but it is really easy to do
| fragmede wrote:
| The difference between self-hosting most things, and
| Twitter and Reddit (and Facebook and Slack and Discord) is
| the network effect. If I wanted to self-host my pictures
| that I share with friends, I can still just send them the
| URL. They might be annoyed that they're not on Instagram
| and have to use a web browser instead, but the people that
| want to see how my long weekend went will go see the
| pictures. To self-host something like Reddit, I need to
| convince other people to change their habits and their
| choice of platform. As not-a-million-dollar-corporation, my
| ability to have a polished UX is rather more limited, so I
| can see why someone would go back Twitter and Reddit.
| hinkley wrote:
| I think there's a middle ground for cooperatives but the old
| problem of fairness rears its ugly head. I don't want to pay
| for 20% of something if I'm only getting 5% of the benefit.
| treyd wrote:
| If the cost to help maintain the thing is something nominal
| (say, $20/mo, even as much as $40/mo) to maintain, then I see
| it as as form of mutual aid and am happy to pay it to support
| my friends and friends-of-friends.
| hinkley wrote:
| As long as one guy isn't getting 80% of the benefit, I'm
| game.
| aloer wrote:
| I've recently mentioned* that I believe the serverless model to
| be a great fit for self hosting needs.
|
| It enables a kind of bring your own account (BYOA?) installation
| process. Where self-hostable services would be entirely built
| based on managed services.
|
| - Infrastructure as code. The installer takes in any
| <cloud_vendor> account and provisions + configures the required
| components
|
| - High availability built in
|
| - no need to support old or niche hardware
|
| - On-demand costs structure. Many self-hosted services don't need
| to run 24/7
|
| My biggest fear with raspberry pi or VPS is the security. But
| self-hosting does not mean my-server-hosting. Some amount of
| vendor lock-in is acceptable and using the same APIs and
| processes as enterprise users sounds like a win. At least
| compared to not self-hosting at all.
|
| Of course many things are still missing:
|
| - self-hosted tools that actually work like this
|
| - connection between data center and home. To integrate with
| smart home/IoT and similar things
|
| - a reliable billing model for less technical users. It has to be
| impossible to rack up huge cloud bills
|
| For now I guess it's just not yet mature enough. But I would like
| to see the serverless mentality finding it's way into self-hosted
| software communities.
|
| * https://news.ycombinator.com/item?id=36986980
|
| An example of what I mean: https://github.com/full-stack-
| serverless/conference-app-in-a...
|
| I don't see any reason why that shouldn't also work for more
| typical self-hosted applications
| jfdi wrote:
| Genuine q. The main thing stopping me from self hosting is
| security. Having a box in the cloud get hacked as long as data is
| properly encrypted and secured - not good but also can easily
| destroy and spin up anew.
|
| But having your home server hacked and then presumably your
| entire home network and everything in it - seems way too fraught
| to even attempt it.
|
| Thoughts on that? Am I just too unfamiliar with network security
| and this actually solved now -- and there is already a well-
| defined trusted approach to this?
| PhilipRoman wrote:
| For all its faults, the term "zero trust" applies here - treat
| your local network as untrusted.
|
| Historically the security of Ethernet, IEEE802.11 and other
| such protocols has been full of half measures, laughably weak
| crypto and whatever WPS is supposed to be. Look at the history
| of wireless security if you want to have a good laugh.
|
| In the application layer, on the other hand, we have rock solid
| solutions like SSH which remain the gold standard for security.
| fungiblecog wrote:
| With 3 routers you can isolate your home network from external-
| facing services very securely.
|
| https://www.grc.com/sn/sn-545.pdf
| kyleyeats wrote:
| You have to cheat and compromise your morality somewhere to
| make it work with decentralizing, I've found. Here, the answer
| is a Cloudflare tunnel. Hail corporate.
| bluGill wrote:
| I wish there was someone I could trust to host for me. I use
| fastmail for email after giving up self hosting 15 years ago. I
| like that they take care of applying security updates and
| everything has just worked. They are also big enough that
| everybody accepts email from them so I don't end up in automatic
| spam land. Unfortunately they do email well, but they don't do a
| lot of other services I'd like - backup all my pictures as I take
| them for example.
|
| Google wants me to use them, but they have earn my lack of trust
| - between deprecating services that look useful, the algorithm
| locking a few people out with no way to get back in, random
| changes that make useful workflows break I'm not interested.
| kkfx wrote:
| I do as well and I want BUT I dislike two key facts:
|
| - the development and use of services useful at small scale is
| essentially ceased in the last decades, meaning it's harder to
| keep up. We still have emails (even if current antispam solutions
| makes hard to have personal mailserver able to communicate with
| anyone) but feeds are more and more useless since most sites or
| do not offer them or publish just titles and ads and so on;
|
| - older services got abandoned and modern ones try to mimic the
| giants ones, being needlessly complex and heavy for personal use.
|
| Let's talk clear:
|
| - we do not have modern MUAs, comfy enough. Yes, we have notmuch-
| emacs, Mu4E, but a proper setup demands few hundred SLoC at
| least, not something as simple a state: this is the root dir to
| downloads all my messages, keep them on server or delete, few
| filters and auto-refile rules, remote credentials and stop;
|
| - we do not have file sharing stuff the easy way, the least
| obscene is WebDAV that's supported by most OSes, but most people
| do not know it, so we just need web-apps to mimick a file manager
| Google Drive alike to makes others able to reach our files;
|
| - we do lost most of the desktop computing model, with people on
| limited and limiting mobile devices, who happen to be integrated
| only with cloud crap;
|
| - IPv6 is not that widespread in the form a a global per any
| device, and personal domains are not much used by most.
|
| Technically ANYTHING needed is there, but since most people do
| not know it and some bi&powerful want anybody on their servers we
| essentially have very little margin of maneuvers.
|
| Modern telephony is old classic VoIP, but most carriers do not
| offer few settings to connect any softphone or a personal PBX
| (Yate/Asterisk) to them, mails are still there, but for most
| mails means webmails, some big vendors have even buggy IMAP
| (GMail) or no IMAP/POP at all (TutaNota) or try to push their new
| favorite protocol (Proton Mail/JMAP). The value of having
| messages managed on personal iron, locally indexed, having a
| domain name with various subdomains and so on is unknown to most.
| Cars nowadays have wifi and mobile connections but nothing to be
| directly connected to their formal owner, anything goes through
| the OEM server, who happen to be the substantial owner.
|
| In the 2030 "you'll own nothing" is a THREAT TO THE HUMANITY but
| most seems to like it and few like the profitable outcome of
| that. That's the real issue.
| saclark11 wrote:
| This post resonates with me and briefly acknowledges the thing
| that scares me the most about self hosting personal stuff for
| myself and loved ones: the bus factor. I haven't heard many self-
| hosting proponents talk about their strategy to mitigate the bus
| factor. I really want to self-host, but it seems like such a
| headache and a risk.
| skybrian wrote:
| Sandstorm would have been nice, but I think a reasonable way to
| go nowadays might be to write software so that it's easily
| deployed on Netlify or Deno Deploy and encourage people to fork
| your repo and run their own website.
|
| You're still writing software for others to use, but you don't
| take responsibility for their uptime or content.
|
| It's a little bit of a barrier because you need to create two
| free accounts (including GitHub) and learn your way around. Part
| of open source _in practice_ is education and I think teaching
| people enough so they can edit a file on GitHub would be
| empowering, even if that's as far as they go.
|
| Those are services I've used that have a free tier and seem
| pretty low-maintenance. What would be other good choices for this
| sort of thing?
| mg wrote:
| I would love to build my next web project so it will not save any
| data on the server but let the user save it locally via the File
| System Access API.
|
| That would give the user the same experience as with a desktop
| application. Full control over their data, saved locally.
|
| The problem is that, according my tests, Firefox does not support
| it at all. Chrome does not support it on Android and Safari does
| not support it on iOS. Not sure about Safari on the desktop.
|
| Here is a text editor demo which let's you try if it works with
| your browser:
|
| https://googlechromelabs.github.io/text-editor/
|
| If your browser supports it, it will let you load and save files
| just like a desktop application. If it does not support it, it
| will use a download/upload workaround.
| jstanley wrote:
| > according my tests, Firefox does not support it at all
|
| I just tried the text editor example in Firefox and it works
| fine for me, although all the newlines in my file were ignored
| so it looks like garbage. Maybe it assumes Windows-style line
| endings?
|
| EDIT: Oh, no, it just doesn't support line endings at all? Even
| if I press the enter key I just get a space. Maybe it's just a
| proof of concept and not an actual working text editor.
| JohnFen wrote:
| I like that effort!
|
| But it only addresses half of the value of self-hosting (which
| is much better than nothing). The other half is: being able to
| have control over the software itself, when/if it gets updated,
| being able to be sure what's done with the data (if you're
| sufficiently motivated), and not having the service become
| unavailable when the internet is out.
| meiraleal wrote:
| An alternative is to use Electron and ship your app with your
| own chromium.
| madeofpalk wrote:
| There is a middle ground which all browsers do support, and not
| require permission prompts - Origin private file system
| https://developer.mozilla.org/en-US/docs/Web/API/File_System...
|
| If you're not familiar it's a file-system like API for writing
| files to an opaque non-user-accessable file system. Your
| application could probably provide it's own export
| functionality using blob urls, and import using traditional
| file "upload".
| hinkley wrote:
| The problem with these is that nobody has a single user agent
| anymore. Haven't for years. If I need files I need them on my
| phone and tablet, or tablet and laptop. Those services have
| yet to become standardized.
| loughnane wrote:
| I used to expose my services to the internet. Now I use WireGuard
| through OPNsense to connect remotely. The attack surface is small
| and I'm still even able to stream videos that are located at
| home.
|
| I'm not a security expert but it makes me feel like keeping
| software up to date is less urgent. That lets me stick to one
| version for a while once it does everything I like. The stability
| of experience and ease of use is greet.
| brunoqc wrote:
| I don't mind self-hosting, but I dream of a world where FOSS
| desktop and mobile apps have p2p sync (maybe with CRDT) so that
| everyone could use them without hosting, even my mom.
| treyd wrote:
| Syncthing is partly in this direction.
| brunoqc wrote:
| Yeah, Syncthing is awesome. Even more with untrusted share.
| erulabs wrote:
| > My recommendation to most people putting services online would
| be: either do it for yourself only, or do it as a team with
| proper structure and processes. What sounds like an initiative to
| emancipate people could actually alienate them to you, and that
| is a huge responsibility.
|
| Oof, good advice. I run a startup that helps folks self-host, but
| it really does split the audience in two. Folks technical enough
| to swallow the somewhat rough edges become huge fans and part of
| a fun community. Folks just on the other side of that split tend
| to have pretty frustrating experiences...
|
| I dearly wish I had the capital to be able to spend another full-
| time year on making our product better, but self-hosting is a
| really tricky thing to build a company around - the audience by
| definition is looking to avoid paying for services!
|
| I do still fully believe (and hope!) that one day, far from now,
| self-hosting reliably will be trivial, and our kids will all
| think we were a bit slow for relying on a few megacorporations
| hosted services.
| Phurist wrote:
| Hmm.. you mind talking a bit more about it? You are just
| consulting them or getting your hands dirty as well?
| erulabs wrote:
| About my business? Sure! It's at https://kubesail.com and we
| sell our hardware at https://pibox.io (the software works
| with almost anything that can run Linux tho!) :)
|
| Our best feature is that the website will detect if you're on
| the same network as your machine and if so, offer "local"
| links instead of remotely proxied ones. That way non-
| technical users dont need anything fancy or to be aware of
| how NAT traversal works. On top of that, the "local" urls
| still get valid HTTPS certs for free, so non-technical users
| dont get any scary browser warnings.
|
| We started out as a way to make self-hosting easier for
| corporations, and were doing consulting work, but the users
| who joined our community were mostly home-hosters, so we
| leaned into that! Jellyfin is now our most popular app.
| nottorp wrote:
| > 5-bay and desktop HDD compatible models are under
| development and will be coming soon.
|
| The box does look pretty. Any plans for dual/multiple
| ethernet versions? At a quick glance the Pi compute module
| doesn't have any so you must have added the lone one
| yourselves?
|
| And of course the geek in me would like to know the network
| chips and how they're connected to the compute module
| (although I guess usb is the only choice).
| bittercynic wrote:
| The order page says "pre-order your pibox", but later says
| in-stock, and next-day shipping.
|
| Very tempting looking product!
| fragmede wrote:
| Given the market that you're after, why sell it as a SaaS?
| The people that want new subscription services, and the
| people that want to self-host feels like an empty set. Why
| not do the more traditional model of selling version 1 of
| the software for $x, and then when version 2 comes out,
| sell that for $y, and people with version 1 can pay $z to
| upgrade, where z < y.
|
| The math could work out to be the same, but the psychology
| of marketing is everything. If I, as a hard-core-self-
| hoster, pay $60 for a version 1 of software that I can use
| forever, and version 2 comes out a year later, and I pay
| $60 for that; I'm _much_ happier to do that, compared to
| having to pay $5 /month for yet another subscription
| service, even though that's exactly the same amount of
| money. I already have so many subscription services! I
| don't want to pay for another one!
| Scene_Cast2 wrote:
| Would you happen to know why your customers choose to self
| host? There's a myriad of potential reasons, and I'm curious
| which ones are the primary ones.
| rollcat wrote:
| I think the main problem is that ordinary people don't even see
| what problems self-hosting is supposed to address; and those
| that do, still need to dedicate significant time and effort to
| "tinkering", even when handed a huge chunk of the solution on a
| plate.
|
| Another huge problem is that there's a home network between
| your product and the user's other devices; most home networks
| are utter crap, and often even tech-savvy people don't have a
| whole lot of control over it (I hate my ISP's modem with
| passion). This seriously limits your potential to provide an
| excellent UX; IMHO it's the UX that makes or breaks a product
| for "the rest of us".
|
| I used to self-host a whole bunch of things on a VPS, including
| my blog, git repos, a DIY blogroll / RSS reader, etc. In the
| end I've decided it was not worth the effort; the blog was
| moved to Netlify, repos to Github, and the RSS kludge got
| swapped for NetNewsWire with iCloud sync. I was paying EUR5 for
| the VPS, yet now I'm paying Apple EUR20 to host my email, sync
| my photos, get access to the music catalogue, etc. I would
| definitely pay EUR20/mo for a box under my desk + an online
| service, provided it gives me similar value without much
| additional effort.
|
| I think the problem that KubeSail/PiBox is aiming to solve
| might be both too broad (run any software you like!), and too
| narrow (if you're an enthusiast!) at the same time. I don't
| want to run Miniflux; I want to have my RSS feeds synced
| between devices. The software that pushes the bytes (and the
| hardware it runs on) should be invisible - unless I decide (out
| of my own free will / curiosity) to pop the cover open and
| start tinkering.
|
| I don't think you can solve this by addressing shortcomings in
| a single piece of the stack. Both the layer below you (your
| average home network), and above you (the apps) have their own
| problems; some are like splinters (tiny but enough to ruin the
| experience), some are fundamental ("what is MySQL and why do I
| need to know"). I don't think it's a lost fight, but I would
| try to start with a vision for a more vertically integrated
| solution; maybe one step of that road is to eventually build
| your own WiFi AP/router (or even become an ISP), maybe to make
| a deal with Spotify (or even directly with EMI/WB/etc)... I
| don't think a task is too big if you can seriously challenge
| Apple/Amazon/Google at the end of the road.
| erulabs wrote:
| I agree! Unfortunately, we pivoted to self-hosting right
| around the time we were running out of money, and around the
| time I had a child and thus, needed money. I'm really glad we
| pivoted to something we love and our users love, but it
| hardly pays the bills.
|
| I've spoken with several people who are starting similar
| companies and who've reached out to me (happy to do that!) -
| my advice is similar to yours: keep it simple, keep it
| focused. KubeSail is a developer tool turned home-hosting
| tool, but if I could rebuild it, I'd make it incredibly
| simple to get Jellyfin and a torrent/VPN client installed and
| that's about it, and then execute insanely hard on making
| that as streamlined and foolproof as humanly possible.
| lifty wrote:
| So do you think there are enough people/companies willing
| to pay for that streamlined experience?
| erulabs wrote:
| I think if you could sell an as-easy-a-chromecast box
| that could do jellyfin, had a nice ui for uploading local
| media, and had an easy guide or built in VPN/torrent
| client, you'd be to build a great business.
|
| Of course - you can't exactly vendor torrent stuff - and
| I'd never suggest anyone to pirate anything. But
| certainly the sky is the limit, and that's just media.
| Other tools like Monica CRM, Tandoor Recipes, Mastodon,
| etc are their own markets too!
|
| We're too far in the technical side to be mass appeal,
| and our UI/UX is far from "mom-friendly". Still - I'm
| optimistic a better entrepreneur than myself will conquer
| this one day.
| fragmede wrote:
| > I hate my ISP's modem with passion
|
| What is their modem doing that you haven't been able to work
| around?
| rollcat wrote:
| It's a modem+router+switch+AP that technically does
| everything you need, but does all of it badly - really just
| getting in my way. E.g. it obviously has a builtin DHCP
| server, but it won't let me set custom DNS. I _want_ to use
| custom DNS, to block at least some of the ads /tracking on
| _all_ of the devices on my network; so I have to disable
| that DHCP and use my own. But the modem resets that setting
| back to enabled every reboot! (Took me a while first time
| around to notice there 's two DHCP servers on the network,
| argh). So I've disabled the internal AP, brought my own,
| and I'm connecting the rest of the network through a
| managed switch that blocks DHCP to the router.
|
| So I've got one device that tries to do the job of four...
| but instead I need three devices to do the job of one. I
| try not to think about it.
| rcme wrote:
| This is my dream for the blockchain: a massive global computer
| that no one controls. I can run my own services on it, using
| cryptography to maintain privacy when necessary, and I don't need
| to worry about all the annoyances of self hosting. Everything
| will "just work" in perpetuity.
| zabzonk wrote:
| > a massive global computer that no one controls
|
| who is paying for this?
| rollcat wrote:
| I know it's meant as a rhetorical question, but I think it
| deserves an answer for everyone around here who still doesn't
| get it: you and I, and every other person on Earth, no matter
| whether they are a blockchain enthusiast, or actively
| interested in its demise.
|
| Proof of waste is a colossal externalised cost; you think
| you're trading "your" electricity and dollars for "your"
| imaginary money; but the fact is, you're wasting _my_ planet.
| Cryptocurrencies have already caused enormous harm, and even
| as the fad is waning, it couldn 't die soon enough.
| dale_glass wrote:
| No such thing.
|
| First, blockchains are terribly limited capability-wise. You'd
| be much better off with a raspberry pi.
|
| Second, there's no such thing as "no one controls". There's
| always control. Somebody is at the top of every blockchain in
| existence, and their interest probably doesn't align with your.
|
| Eg, Ethereum being expensive is a problem for the users, but
| the people who get paid the fee love it, so there's no reason
| for them to be interested in decreasing costs.
| rcme wrote:
| This is like the "horses are faster than horseless carriages"
| argument.
| dale_glass wrote:
| How so?
| johnsbrayton wrote:
| Great article. While it mentions monitoring, it took me a long
| time to appreciate how beneficial it is to do monitoring really
| well. Things like:
|
| * Knowing when disk space, inode usage, or memory usage get high,
| long before it's an emergency.
|
| * Automated monitoring of SSL certificate expiration dates,
| letting you know days before a certificate expires. Whether or
| not you use something like certbot, have a separate process that
| automatically tells you a certificate is close to expiration.
|
| * Automated periodic end-to-end testing of moving parts. Like if
| you run an email server, a process that sends something from your
| server to a gmail.com address, and then checks the gmail.com
| inbox to find the message.
|
| * Automated periodic testing that unexposed ports remain
| unavailable from outside the device or private network.
|
| * Automated checking that a Linux instance is successfully
| checking for and installing security updates, and is not waiting
| for a reboot. * Automated checking that backups are working as
| expected. You might not be able to automate periodic restore
| testing, but at least check that backups do not appear to be
| silently failing. * Separating out low priority alerts from high
| priority alerts. You want to get woken up when necessary, but not
| for an issue that can wait until you are at your desk.
| 3np wrote:
| Aside from (and secondary to) monitoring, one thing it took me
| years to realize the benefits and ease of setting up early and
| i think other selfhosters commonly neglect: caching proxies and
| removing default internet routes.
|
| Benefits include:
|
| - Security
|
| - Ease of configuring traffic control: As long as you're not
| redirecting UDP (have fun lol), steering apps with HTTP or
| SOCKS5 forward-proxies is so much more straightforward than
| routing.
|
| - Performance/effieciency (global package cache for your
| network!)
|
| - Resilience (apt upgrades and docker image pulls can keep
| working despite your entire network being offline)
|
| My rough starting kit for a Linux-based network here would be:
|
| - Some caching forwarding internal DNS server. If you already
| have an internal recursor or forwarder great, but it's good to
| let the DNS server serving your clients be separate anyway.
| dnsmasq/unbound/technitium/coredns/powerdns/yadifa.
|
| - Internal NTP for syncing time. May be provided by your DNS or
| DHCP server already. chrony is good.
|
| - apt-cacher-ng or other caching forward HTTP proxy for your
| apt/dnf/pacman/apk/whathaveyou updates.
|
| - docker-registry-server in mirror mode and set up as mirror
| for any docker/podman hosts you have.
| roblh wrote:
| Do you have any recommendations or resources you think are
| great for learning more about this? I think I'm right at the
| beginning of this journey and looking for where to start.
| johnsbrayton wrote:
| I wish I did. My approach is that I have a ruby script that
| runs every five minutes and does a bunch of tests. The script
| takes a couple minutes to execute. It connects to servers via
| SSH to check things out, does end-to-end-tests, then it
| writes its result to a JSON file.
|
| It runs on a Linode instance with a webapp whose sole
| responsibility is to respond to Pingdom requests. There are
| two URLs that Pingdom looks for: one that returns a 500 if
| the JSON file indicates an issue that warrants texting me. A
| second that returns a 500 if the JSON file indicates an issue
| that warrants emailing me for a lower priority issue. Pingdom
| is configured accordingly.
|
| If for any reason the JSON file has not been written in the
| past 10 minutes (?) or cannot be read and parsed, both URLs
| return a 500.
|
| The script has a log file, so when I get an alert I can check
| the log file to determine what is wrong.
|
| This is likely atypical, but it works really well for me. My
| scripts do the work of monitoring the heck out of everything.
| I only need Pingdom (or a service like it) to monitor two
| URLs and do the texting/emailing.
|
| But my overall approach is to think of monitoring like unit
| tests or integration tests: when I think of something that
| could go wrong, I try to make sure there is monitoring that
| can detect it and alert me. When possible, before it becomes
| urgent. And when something _does_ go wrong that is not
| automatically detected, it 's a high priority to add
| monitoring around that.
| js4ever wrote:
| I have created Elestio (https://elest.io) to address this pain,
| we take care of all aspects (infra, deployments, security, dns,
| smtp, backups, monitoring, alerts, updates, migrations ...) and
| we do it for a catalog of 233 open source software and also for
| CI/CD pipelines to deploy your own code from a Github/Gitlab repo
| samsquire wrote:
| Wow this looks really good. Well done! Good work!
|
| Could you share how you think you compare to cloudron? Are you
| kind of a IaaS host coordinator?
| miramba wrote:
| I have a few hand-written node apps with a small express API.
| Can I deploy those on elest.io without having to worry about
| the underlying OS and its security and network setup? That
| would be very interesting for me. Kind of like a simple and
| cheap webhoster with php: Upload your files, forget about the
| rest. Is it that what you offer?
| lifty wrote:
| This looks great! I see on your website that you have corporate
| users. Do you see a lot of interest from companies for this
| kind of product?
| PaulKeeble wrote:
| I feel the same way. The way companies have abused the privacy of
| the public is awful and I am in the position to run my own
| services but its not something most people can or should do.
|
| I think docker has made this a lot easier than it was and the new
| NAS operating systems making deploying common popular containers
| really easy so its more accessible than it once was.
| turtlebits wrote:
| The biggest reason for me is costs - for personal use, cloud/SaaS
| pricing is way to expensive.
|
| The second is having to read and learn provider specific
| documentation is a waste of time (ie deploying on
| fly/supabase/heroku/netlify, which all have their own cli tools
| and their own config syntax)
| codazoda wrote:
| True for me too. The costs for cloud services _seem_ like
| they're higher to get started _and_ I worry about the cost runs
| you hear horror stories about.
___________________________________________________________________
(page generated 2023-08-09 23:01 UTC)