upvote

points

by vsgherzi23 hours ago |
comments
upvoteby not_kurt_godel22 hours ago|
[-]
We have had something vastly better than an individual computer since idk, the mid 90s, called a CDN.

I guess if you want to call being informed about the online threat landscape "scared", that's your perogative. For me, it's common sense to avoid completely unnecessary threat vectors to my digital infrastructure, but power to you if you like dealing with extra maintenance overhead and constantly wondering whether you're providing free cryptomining to some random international criminal.

reply
upvoteby vsgherzi22 hours ago|
parent|
[-]
There's threats on the internet, so don't spin up servers? Idk am I reading into that unfairly? That seems pretty fear mongering to me. Lots of engineering goes into making things safe for engineers to build on. Of course you can also just use squarespace and not worry about it at all. Perhaps my security posture is just not as intense as yours but I'm really just not super concerned my blog is going to get pwned. If it does then I get to learn some interesting things.

I'm also not sure that I really need a CDN for a simple blog . I'm not going to benefit from the caching as it's not video or images.

reply
upvoteby not_kurt_godel21 hours ago|
parent|
[-]
Servers are work, including security overhead, so yes, don't spin them up if there is an alternative solution that is superior in every way except for not being able to churn digital butter.
reply
upvoteby vsgherzi21 hours ago|
parent|
next
[-]
Yknow unfortunately I just don't think we're going to see eye to eye on this one. I really don't mind that small amount work and I enjoy owning and operating the entire stack. That dosen't really seem like your cup of tea.

The flexibility and learning is more important for me. For example I want to aggregate HN comments and lobste.rs comments and inject that into the HTML before serving. (on the server side so no CORS or other additions)

I was considering adding additional metrics to see who is hitting the server and how at the reverse proxy level.

This is all stuff I can't really do on a github pages blog.

I see what you're saying if you want set and forget that's fine, but like I said above it's a tradeoff.

The one server I have just has 80 and 443 open with nginx. I expect it to run indefinitely with little maintenance.

reply
upvoteby not_kurt_godel20 hours ago|
parent|
[-]
I mean, obviously we're not gonna see eye-to-eye if you're talking about a non-static, non-hugo site, which was the subject of my comment.

I've owned and operated enough stacks e2e both personally and professionally to have gotten over the novelty. The less shit that can go wrong, the better. I sleep better at night not wondering whether any of the constant stream of IPs in my fail2ban log is wielding a yet-to-be-CVE'd zero-day, or finding out that my site has been down for 6 weeks because of some fucking stupid bug in the latest kernel patch or whatever.

reply
upvoteby jadedragon94217 hours ago|
parent|
next
[-]
Sorry to jump in... But why are you ssh'ing into your hosts over the open net? Why not tailscale? Why not wireguard?
reply
upvoteby MrDOS12 hours ago|
parent|
next
[-]
Assuming password authentication is disabled, why wouldn't you SSH into your hosts over the open net? Why Tailscale? Why Wireguard?
reply
upvoteby not_kurt_godel16 hours ago|
parent|
prev|
[-]
Great question...the answer is I don't, because I don't have any web hosting servers, or even persistent app servers for that matter. I've built 99% serverless for 10 years now and it has been glorious. Will never go back to managing individual hosts ever again if I can help it.
reply
upvoteby vsgherzi14 hours ago|
parent|
prev|
[-]
Good luck with that! I’ll enjoy my servers :)
reply
upvoteby mx7zysuj4xew7 hours ago|
parent|
prev|
[-]
Sounds to me that you're giving bullshit excuses because you lack the skills to run a basic httpd
reply
upvoteby not_kurt_godel2 hours ago|
parent|
[-]
Lol, I have years of experience managing/being oncall for business-critical production hosts that generated thousands of dollars of revenue per minute. While I don't profess to be a particularly skilled sysadmin, I will say the worst incident I was responsible for over those years was a minor 30-minute brownout that cost about $5k in lost revenue. So sure, you can call me a bullshitter if that makes you happy, as long as you're OK with me calling you a bullshitter for understating the cost, risk, effort and complexity of running an Internet-facing server properly, especially compared with the enormous advantages of using a CDN for static content.
reply
upvoteby 49 minutes ago|
parent|
[-]
deleted
reply