One shiny platform like for example Nextcloud to do it all might be nice for a lot of users when they have someone dedicated to maintain it. But for selfhosting (as in: mainly for myself) the constant attention needed to fix stuff was quite tedious.
I have run nextcloud for many years, I would love to know what this “constant attention” you talk about is.
Occasionally I need to run an “occ” command after an install to fix some indexes, but other than that I don’t do much?
Same, though recently I’ve been using httpie which gives a bit of a cleaner cli.
“I only run artisanal applications built using vi without any plugins”
What does networking have to do with docker? You haven’t explained what you’re trying to achieve.
Npm is a fucking mess…
Too many features
What does that even mean? Are you looking for a bespoke system that does exactly what you want and nothing else?
When that data resides on a third-party SaaS platform, I am trusting their security architecture — which I cannot audit, cannot verify, and cannot modify.
And which was designed by and is operated by dedicated teams of professionals.
Which you are not.
Which would you find easier to explain to a judge - that your client data was part of a larger Google breech and attack or that your bespoke home grown system was misconfigured?
The only things I see it used for are 4chan replacements and crypto bs. This seems to aspire to be the former.
Yeah, “built on ipfs” is a decent red flag.
🤣
Yeah - alt.binaries never worked.
It’s also text-based by design. You can’t upload media directly. If someone wants to share media, they have to link to an external host and the UI just embeds it.
Kids still learning about base64 encoding.
Oh - I like that!
I think you choose a poor example.
When I say long name I wasn’t implying meaningless ones.
Sooo, that example wasn’t exactly “contrived” - it’s based on a standard I see where I work.
DB - it's a database!
DW - and a data warehouse at that!
ORCL - It's an Oracle database!
HHI - Application or team using / managing this database
P - Production (T for Test - love the 1 char difference between names!)
01 - There may be more than one.
This is more what I’m arguing against - embedding meta-data about the thing into its name. Especially when all of that information is available in AWS metadata.
[Site][service][Rack] makes sense for on-premise stuff - no argument there.
I’m just saying long names dont have to be obtuse or confusing.
Agree
In a business with tens of thousands of servers, it makes sense to have long complicated names.
I’m actually not convinced of this approach. It’s one of those things that makes perfect logical sense when you say it - but in practice “DBDWWHORCLHHIP01” is just as meaningless as “Hercules”. And it’s a lot more difficult to say, remember and differentiate from “DBDWWHORCLHHID01”. You may as well just use UUIDs at that point.
Humans are really good at associating names with things. It’s why people have names. We don’t call people “AMCAM601W” for a reason. Even in conversations you don’t rattle off the long initialism names of systems - you say “The <product> database”.
God I hate the “stuff as much information into a server name as you can with no separators in all caps” naming conventions…
I get that - it’s difficult to see the point in it until you’ve gone along without it. Especially as a beginner since you don’t have a strong sense of what problems you will encounter and how these tools solve those problems.
At some point the learning curve for IaaC becomes worth the investment. I actually pushed off learning k8s myself for some time because it was “too complicated” and docker-compose worked just fine for me. And now that I’ve spent time learning it I converted over very quickly and wouldn’t go back… It’s much easier to maintain, monitor and setup new services now.
Depending on your environment something like Ansible might be a good place to start. You can begin even with just a simple playbook that does an “apt update && apt upgrade” on all your systems. And then start using it to push out standard configurations, install software, create users, etc. The benefit pays off in time. For example - recently (yesterday) I was able to install Apache Alloy on a half-dozen systems trivially because I have a set of Ansible scripts that manage my systems. Literally took 10 mins. All servers have the app installed, running, and using the same configuration. And I can modify that configuration across all those systems just as easily. It’s very powerful and reduces “drift” where some systems are configured incorrectly and over time you forget “which one the correct one?” For me the “correct one” is the one in source control.
The fun thing about infrastructure as code is that the terraform, ansible and k8s manifests are documentation.
I only really need to document some bootstrap things in case of emergency and maybe some “architectural” things. I use joplin for that (and many other things).
deleted by creator
Y’all are assuming the security issue is something exploitable without authentication or has something to do with auth.
But it it could be a supply chain issue which a VPN won’t protect you from.
Your vps isn’t doing anything useful security wise… it’s just sending traffic directly to jellyfin.
You’d get the same protection with just port forwarding to a local proxy in front of jellyfin. Or you could even leave out the proxy if you didn’t need it.