I usually use HTTPS, because a lot of web features only work over HTTPS.

You can use Let’s Encrypt DNS challenges to get real TLS certificates for internal hosts, instead of having to use your own CA or self-signed certificates.

Tailscale has several NAT bypass / hole punching methods for double NAT (including CGNAT) and symmetric NAT, but they don’t work in 100% of cases. https://tailscale.com/blog/how-nat-traversal-works

IPv6 is definitely a good solution since then you don’t have to deal with NAT at all. IPv6 is pretty easily doable in the USA (at long as you’re not using Starlink) but can be harder in other countries that don’t have as robust IPv6 infrastructure.

this means their permissions do not work like docker, and it is not in fact a drop-in replacement for docker

It might a drop-in replacement for Docker if you’re running Docker in rootless mode? Not sure how common that is, though.

If it’s not decentralized then it’s vulnerable to takedowns. Why not decentralize it?

For your sake, I’d strongly recommend not monetizing the site at all. Publishers will come after you if you make any sort of profit from the site especially if you’re located in a western country.

That’s one of the main reasons Nintendo took action against Yuzu - they were making a lot of money from Patreon.

I like Unraid because it’s essentially “just Linux” but with a nice web UI. It’s got a great UI for Docker, VMs (KVM) and Linux containers (LXC).

Don’t. Use a VPN like Tailscale or Wireguard. Tailscale uses the Wireguard protocol but it’s very easy to configure, and will automatically set up a peer-to-peer mesh network for you (each node on the VPN can directly reach any other node, without having to route through a central server).

The only things that should be exposed publicly are things that absolutely need to be - for example, parts of Home Assistant need to be publicly exposed if you use the Google Assistant or Alexa integrations, since Google and Amazon need to be able to reach it.

Hosting in Singapore is definitely more expensive than the USA or Germany, but cheaper than Australia or New Zealand. It’s often a good compromise for web hosting companies since you get good connectivity not just to Australia but to the rest of Asia too (compared to hosting in Australia where you only really get good connectivity to people in Australia).

GPUs are expensive everywhere. I’m an Aussie living in the USA and would offer to buy stuff here and ship it to you, but it’s getting to the point where some stuff here is actually more expensive than Australia now, thanks to significantly worse inflation compared to Australia, and the Trump tariffs.

Renting a dedicated server or VDS with a decent GPU would be pretty expensive too. A lot of people are using them for AI, which has caused a lot of price increases as plenty of people are willing to pay a lot for a server with powerful AI capabilities.

I know this is a piracy community, but if you really do want to do online game streaming, a service like GeForce Now would end up quite a bit cheaper even after factoring in the cost of games. Their highest tier (which comes with a GTX4080 and 16 vCPUs) is $20/month which is significantly cheaper than what it’d cost to rent a similarly specced system.

To the point where light speed limitations means rtts of like 200-300 ms

Consider testing servers that are located in Singapore, especially if you use Optus or if your ISP uses Optus as one of their upstreams.

If you’re lucky, your ISP will route from Australia directly to Singapore and you’ll get around 100-120ms ping, about half what you’d get compared to a US-based server. If you’re unlucky, it’ll be 400+ms, routing to the USA then from the USA to Singapore.

this community is literally built around hosting your own local infrastructure.

That’s part of it, but using a dedicated server, colocated server, or VPS are also considered “self hosted” too. “self hosted” is broader than just having a server at home, and means any server, web service, etc where you maintain it yourself.

Hardware in your own house is generally referred to as a “home lab”.

It really do be like that. I work with some people who are nearly 15 years younger than me (I’m in my mid 30s and some newer employees have just graduated from university) so I feel this.

schwimmflugel

English

🤔

For storing the backups, I use a storage VPS. I got one from HostHatch a few years ago during Black Friday sales, with 10TB space for $10/month. Hetzner have good deals with their storage boxes, too - they offer 5TB space for $13/month if you’re in the USA (you need to add VAT if you’re in Europe).

A good rule of thumb is to never pay more than $5/TB/month, and during Black Friday it’s closer to $2/TB/month. The LowEndTalk forum has the best Black Friday deals.

I use Borgbackup for backups, and Borgmatic to handle scheduling them. Borgbackup is a fantastic piece of software.

Borgmatic has an “append only” mode which lets you configure particular SSH keys to only be able to add data to the backup, not delete it. Even if someone/something (ransomware, malicious users, etc) gains access to your system and tries to delete the backups, they can’t. Essentially, this is protection against ransomware.

This is a very common issue with other backup solutions - the client has full access to the backup, so malware on the client system could potentially delete all the backups.

I have two backup copies of most things. One copy on my home server and one copy on my storage VPS. If you do do multiple backups, Borgbackup recommend doing two separate backups rather than doing one then rsyncing it to another server.

Running ai locally is the same energy as playing a 3d AAA game for the same time

I wonder if they’re factoring in the energy usage to train the model. That’s what consumes most of the power.

Crowdsec is much more efficient than fail2ban. Fail2ban is a lot of old single-threaded Python code with inefficient log parsing/tailing routines. Crowdsec is a more modern Go codebase.

If you’re looking at old-school solutions, there’s also DenyHosts.

Crowdsec blocks login attempts too.

Scary what the government can do

Requiring 2FA is a good idea though.

No worries - it’s a pretty common misconception that tech companies sell data. I’ve worked on ads systems at big tech companies so I’ve seen some parts of how it works. The companies are very protective of their data as it’s essentially their highest-value asset. Employees can’t see any of your data either - it’s very tightly locked down, with strict ACLs and audit logging.

Large advertisers generally don’t get any special access either - the tools/apps that large advertisers use are mostly the same as what small advertisers / individuals can see and use.

less interest than Google in selling data for advertising

Google don’t sell data. The data is what makes them valuable, so it wouldn’t make sense. If they did sell data, the other big tech companies would just buy their data to remove their competitive advantage.

What Google actually sells is your attention. Advertisers can target people based on demographic data, things you like, etc, but the advertiser never sees the data used for targeting.

You can use Google and Facebook’s Ads Manager sites yourself and see exactly what advertisers see.

On the other hand, Apple mostly keep their collected data for their own ad network. Yes, they have one - it’s mostly just used for ads for “recommended” apps in the app store, but last I heard, they have plans to expand it.

I’m curious as to whether the industry will start moving from last-touch attribution to first-touch (or multi-touch) attribution instead.

The only reason last-touch (last affiliate link gets all the credit) is commonplace now is because it’s easy to implement. No need for long-term tracking. What the industry really wants is either first-touch (first affiliate link or ad you click gets the credit) or multi-touch (the payment is split between every affiliate), depending on who you ask.