Your point is a bit off-topic but I for one agree with you.

Follow some basic rules so as to avoid making the mess.

Only install standard packages from distro’s repository and Python’s pseudo-official PIP. For both, keep a text file with the installed package names. No compiling from source EVER. Too much hassle to maintain.

Back up config files that I changed. Not all of them.

Keep a text file to record what I did, with exact commands etc, whenever I need to go off-road. Much experience taught me that this is a chore that is very much worth the effort.

But still, the problem you point to is real. It’s the reason for immutable distros. The idea of which I find quite tempting.

Useful. I hate shorts and portrait-format video in general.

NB for those who don’t know: a server is not needed to make Youtube RSS feeds, they exist natively: https://www.youtube.com/feeds/videos.xml?channel_id=UCxxxxxxxxxx. You just have to find the channel_id buried in the page source, which admittedly is a bit of a PITA. But no native way to exclude shorts, though.

Yes yes, I know all that. The fact remains that a permanent IP associated with an individual is personally identifying information. Even the variety in browser requests counts as such according to the GDPR, and that is usually pooled with lots of other users. This is clearly a level above that. It’s why, for example, I would not use the VPS for proxy web browsing: zero privacy.

What’s the downside you see from having a static IP address?

What’s the downside to having one’s phone number in the public directory? There’s no security risk and yet plenty of people opt out. It’s personally identifying information.

I don’t know if any companies provide reverse proxies without a CDN though.

Exactly.

You still need encryption between your CDN and your origin, ideally using a proper certificate.

It can be self-signed though, that’s what I’m doing and it’s partly to outsource the TLS maintenance. But the main reason I’m doing it is to get IP privacy. WHOIS domain privacy is fine, but to me it seems pretty sub-optimal for a personal site to be publicly associated with even a permanent IP address. A VPS is meant to be private, it’s in the name. This is something that doesn’t get talked about much. I don’t see any way to achieve this without a CDN, unfortunately.

I guess it’s popular because people already use Github and don’t want to look for other services?

Yes, and the general confusion between Git and Github, and between public things and private things. It’s everywhere today. Another example: saying “my Substack” as if blogging was just invented by this private company. So it’s worse than just laziness IMO. It’s a reflexive trusting of the private over the public.

I have some static sites that I just rsync to my VPS and serve using Nginx. That’s definitely a good option.

Agree. And hard to get security wrong cos no database.

If you want to make it faster by using a CDN and don’t want it to be too hard to set up, you’re going to have to use a CDN service.

Yes but this can just be a drop-in frontend for the VPS. Point the domain to Cloudflare and tell only Cloudflare where to find the site. This provides IP privacy and also TLS without having to deal with LetsEncrypt. It’s not ideal because… Cloudflare… but at least you’re using standard web tools. To ditch Cloudflare you just unplug them at the domain and you still have a website.

Perhaps its irrational but I’m bothered by how many people seem to think that Github Pages is the only way to host a static website. I know that’s not your case.

This is a bit fuzzy. You seem to recommend a VPS but then suggest a bunch of page-hosting platforms.

If someone is using a static site generator, then they’re already running a web server, even if it’s on localhost. The friction of moving the webserver to the VPS is basically zero, and that way they’re not worsening the web’s corporate centralization problem.

I host my sites on a VPS. Better internet connection and uptime, and you can get pretty good VPSes for less than $40/year.

I preferred this advice.

Can recommend Hetzner (German IP). Good value and so far solid.

Before that I used OVH (French IP) for years but it ended badly. First they locked me out of my account for violating 2FA which I had not asked for or been told about, and would not provide any recourse except sending them a literal signed paper letter, which I had to do twice because the first one they ignored. A nightmare which went on for weeks. And then, cherry on the cake, my VPS literally went up in smoke when their Strasbourg data center burned down! Oops! Looks like your VPS is gone, sorry about that, here’s a voucher for six months free hosting! Months later they discovered a backup but the damage was done. Never again.

If you don’t mind going full back-to-basics, you can do this with standard command-line tools and no cloud server. Contrary to popular wisdom, a server is not necessary to sync files between a computer and a mobile device.

I use ssh and unison over wifi hotspot, no cable required. Works fine though it does require a button to be pressed. It doesn’t sync constantly in the background. Personally, after many years of doing that, I decided that it was an anti-feature.

Seafile is not FOSS, as I understand it. But I tried it anyway, since I also found Nextcloud bloated.

In the end I went back to the purest strategy of all: peer-to-peer. My files are synced between devices over the local network using ssh, rsync and unison and never touch an internet server.

What should they be doing instead? Begging for donations? I do agree in general, tho. Seems they should at least be squirreling away some (or most) of that money into a foundation, because they’re obviously going to need it one day.

Yes, bloat and mission creep is going to be an issue with any big non-profit. But maybe that’s also their advantage: any organization that becomes focused on sustaining itself is going to provide decent long-term stability. I guess it’s a bit like a state.

Specifically, the model should be the Wikimedia Foundation. That is, a non-profit organization with lots of stakeholders and slow procedures to guarantee accountability, and lots of resources to guarantee it won’t go away. This is the pragmatic least-bad solution to the problem of centralization on the internet.

So, biometrics, master password, and USB key - 3 whole options and 3 things I personally will never be letting near Android. Unwarranted caution, no doubt.

Not bothered about the potential for keyloggers or even OS-level snooping on what is presumably your privacy-free Android device? Personally I would never type the master password into anything other than a computer running a FOSS stack that I control, but perhaps that is excessive caution.

If Fail2Ban is so important, why the h*** does it not come installed and enabled as standard?!

Security is the number-1 priority for any OS, and yet stock SSHD apparently does not have Fail2Ban-level security built in. My conclusion is that Fail2Ban cannot therefore be that vital.

Your frustration is warranted. I consider mapping to be the major unsolved problem in the FOSS universe. It’s certain my one, and I have much more limited aims than you. I just want my personal POIs on a map, in colored categories, with access to that map on desktop and mobile, read and write. I’ve gone with the serverless route, just syncing the two devices, but the Nextcloud method is not so different.

Well, it’s hard. Osmand is amazingly powerful, and apparently has the most advanced POI features of any Android app, but still there are catastrophic flaws. For example, in the GPX it marks up POI categories with its own bespoke GPX markup - totally invisible to desktop software (I had to write a Python script to add it to POIs created on desktop, just so that I can actually see their colors in Osmand). Next, syncing the GPX is made unnecessarily cumbersome by the fact that all the DB files and cached tiles are in the same file tree (I literally use an Android file sync tool to sync the GPX within Android to a place where it can be synced again with my desktop).

What a mess. Pretty sure I haven’t overlooked anything for my simple use case of POIs-on-a-map. It just seems not many people want to do this. Or perhaps they tried and then gave up.

Oh well. This rant is not much use to you, but please accept it as consolation.

But rsync can do this fine with --recursive --delete. The mirror will remain an exact replica.