upvote

points

by xandrius4 hours ago |
comments
upvoteby kennu4 hours ago|
next
[-]
It means you take responsibility of maintaining the server forever, i.e. dealing with TLS certificates, SSH keys, security updates, OS/package updates, monitoring, reboots when stuck, redeploy when VPS retired, etc. Usually things work fine for a year or two and then stuff starts to get old and need attention and eat your time.
reply
upvoteby fnoef1 hours ago|
parent|
next
[-]
Oh no! Issuing SSL certificates! The horror!

I really doubt that people who can’t install an ssh key should be able to practice software engineering. Sometimes, I think that software engineering should be a protected profession like other types of engineering. At least it will filter out the people who can’t keep their OS up to date.

reply
upvoteby kennu1 hours ago|
parent|
next
[-]
This is not about how easy or difficult it is to issue TLS certificates, to configure SSH keys or to update the OS. It's about having to actively maintain them yourself in every possible situation until eternity, like when TLS versions are deprecated, SSH key algorithms are quantum-hacked, backward-incompatible new OS LTS versions are released, and so on. You will always have new stuff come up that you need to take care of.
reply
upvoteby cosmic_cheese24 minutes ago|
parent|
[-]
Exactly. Also, being that my specialty is writing software and not server maintenance, no matter how much of an effort I put forth there's substantial risk of blind spots where holes can lurk.

I felt more comfortable maintaining a VPS back between 2005 and 2015, but at that point attackers were dramatically less sophisticated and numerous and I was a lot more overconfident/naive. At least for solo operations I'm now inclined to use a PaaS… the exception to that is if said operation is my full time job (giving me ample time to make sure all bases are covered for keeping the VPS secure) or it's grown enough that I can justify hiring somebody to tend to it.

reply
upvoteby asadm1 hours ago|
parent|
prev|
next
[-]
Time is a precious (and really expensive for SWEs) resource, why should one spend it on updating certs and instances?
reply
upvoteby nchmy35 minutes ago|
parent|
prev|
[-]
Caddy server even does ssl for you automatically.
reply
upvoteby wouldbecouldbe47 minutes ago|
parent|
prev|
next
[-]
just ask claude to do all that :), he is excellent and installing & managing new servers and making sure all security patches are updated. Just be careful if its a high risk project.
reply
upvoteby ipsento6061 hours ago|
parent|
prev|
next
[-]
certbot and ssh keys are things you set up once

I haven't rebooted my DO droplets in something like 5 years. I don't monitor anything. None of them have been "retired".

reply
upvoteby SoftTalker1 hours ago|
parent|
prev|
next
[-]
vs. trusting someone else to do all that for you, and do you then verify that it gets done properly?
reply
upvoteby kennu1 hours ago|
parent|
[-]
When buying the infrastructure as a managed cloud service, yes, I trust that they've got people handling it better than I could myself. The value proposition is that I don't even see the underlying infrastructure below a certain level, and they take care of it.
reply
upvoteby shimman3 hours ago|
parent|
prev|
[-]
This is extremely easy with tools like dokploy tho... I use dokploy locally to manage all my VPSs + home server. Truly good stuff and I don't believe your quip at the end, it feels like poisoning the open source waters for consolidated anti democratic cloud platforms.

It's way way way way easier managing a basic VPS that can be highly performant for your needs. If this was 2010, I'd agree with you but tooling and practices have gotten so much better over the last decade (especially the last 5 years).

reply
upvoteby kennu2 hours ago|
parent|
next
[-]
Maybe you're right - I've never tried dokploy, but from documentation it sounds like mostly a deployment, monitoring and alerting tool. For me the problem has always been that once you get the alert (or something just stops working), a human needs to react to it and make things work again. In cloud services you mostly pay for them providing the human, and in self-hosting you're the human.

I can see though that today's AI models could eventually replace the human in the loop and truly automatically fix every possible situation.

reply
upvoteby wouldbecouldbe45 minutes ago|
parent|
next
[-]
yeah i've had more downtime on managed db's & cloud servers then on my own managed VPS. And if it happens, with VPS i can normally fix it instantly compared to waiting 20-60 min for a response, just to let you know they start fixing it. And when they fix it, it doesnt always mean your instance automatically works.
reply
upvoteby c-hendricks2 hours ago|
parent|
prev|
[-]
I must be using the wrong cloud services. Whenever a part of our app goes down someone on the team still needs to respond to it.
reply
upvoteby kennu1 hours ago|
parent|
next
[-]
You might be right. I've been mostly using serverless / managed cloud services such as AWS Lambda, API Gateway, S3, DynamoDB for the past 10+ years. When I've needed to respond, it's been because I myself deployed a bad update and needed to roll it back, or a third party integration broke. The cloud platform itself has been very stable, and during the couple of bigger incidents that have happened, I've just waited for AWS to fix it and for things to start working again.
reply
upvoteby bdangubic2 hours ago|
parent|
prev|
[-]
you actually need new ops teammates, not new cloud services :)
reply
upvoteby satvikpendem1 hours ago|
parent|
prev|
[-]
Agreed, Dokploy is great, not sure why you got downvoted for the suggestion.
reply
upvoteby mbesto1 hours ago|
prev|
next
[-]
Or a homelab using Proxmox or Unraid.
reply
upvoteby skydhash4 hours ago|
prev|
next
[-]
No click-ops that way.
reply
upvoteby kami234 hours ago|
prev|
[-]
I just did this over at Hetzner and Claude admins it for me so I don't need to learn the CLI or anything, describe the proxying I want, and it setups up a bunch of small side project pages for me.
reply
upvoteby kamikazeturtles3 hours ago|
parent|
next
[-]
How do you use Claude to admin it? Does Claude SSH into the server and do everything or just write bash scripts?
reply
upvoteby xandrius4 hours ago|
parent|
prev|
[-]
For me I always default to UpCloud, great team and great services. From Finland!
reply