I’ve been self-hosting my blog for 21years if you can believe it, much of it has been done on a server in my house. I’ve hosted it on everything from a dusty old Pentium 200Mhz with 16MB of RAM (that’s MB, not GB!) to a shared web host (Webfaction), to a proper VPS (Hetzner), to a Raspberry Pi Kubernetes cluster, which is where it is now.

The site is currently running Python/Django on a few Kubernetes pods on a few Raspberry Pi 4’s, so the total power consumption is tiny, and since they’re fanless, it’s all very quiet in my office upstairs.

In terms of safety, there’s always a risk since you’re opening a port to the world for someone to talk directly to software running in your home. You can mitigate that by (a) keeping your software up to date, and (b) ensuring that if you’re maintaining the software yourself (like I am) keeping on top of any dependencies that may have known exploits. Like, don’t just stand up an instance of Wordpress and forget about it. That shit’s going to get compromised :-)

The safest option is probably to use a static site generator like Hugo, since then your attack surface is limited to whatever you’re using to serve the static sites (probably Nginx), while if you’re running a full-blown application that does publishing etc., then that’s a lot of stuff that could have holes you don’t know about. You may also want to setup something like Cloudflare in front of your site to prevent a DOS attack or something from crippling your home internet, though that may be overkill.

But yeah, the bandwidth requirements to running a blog are negligible, and the experience of running your own stuff on your own hardware in your own house is pretty great. I recommend it :-)

Canadaland recently did an episode on this very subject and as a once-supporter of these sites, I found it eye-opening.

But there’s nothing stopping you from loading realistic (or even real) data into a system like this. They’re entirely different concepts. Indeed, I’ve loaded gigabytes of production data into systems similar to what I’m proposing here (taking all necessary precautions of course). At one company, I even built a system that pulled production into a developer-friendly snapshot while simultaneously pseudo-anonymising that data so it can be safely (for some value of ${safe}) be tinkered with in development.

In fact, adhering to a system like this makes such things easier, since you don’t have to make any concessions to “this is how we do it in development”. You just pull a snapshot from the environment you want to work with and load it into your Compose session.

It sounds like you’re confusing the application with the data. Nothing in this model requires the use of production data.

High praise! Just keep in mind that my blog is a mixed bag of topics. A little code, lots of politics, and some random stuff to boot.

It’s a tough one, but there are a few options.

For AWS, my favourite one is LocalStack, a Docker image that you can stand up like any other service and then tell it to emulate common AWS services: S3, Lamda, etc. They claim to support 80 different services which is… nuts. They’ve got a strange licensing model though, which last time I used it meant that they support some of the more common services for free, but if you want more you gotta pay… and they aren’t cheap. I don’t know if anything like this exists for Azure.

The next-best choice is to use a stand-in. Many cloud services are just managed+branded Free software projects. RDS is either PostgreSQL or MySQL, ElastiCache is just Redis, etc. For these, you can just stand up a copy of the actual service and since the APIs are identical, you should be fine. Where it gets tricky is when the cloud provider has messed with the API or added functionality that doesn’t exist elsewhere. SQS for example is kind of like RabbitMQ but not.

In those cases, it’s a question of how your application interacts with this service. If it’s by way of an external package (say Celery to SQS for example), then using RabbitMQ locally and SQS in production is probably fine because it’s Celery that’s managing the distinction and not you. They’ve done the work of testing compatibility, so theoretically you don’t have to.

If however your application is the kind of thing that interacts with this service on a low level, opening a direct connection and speaking its protocol yourself, that’s probably not a good idea.

That leaves the third option, which isn’t great, but I’ve done it and it’s not so bad: use the cloud service in development. Normally this is done by having separate services spun up per user or even with a role account. When your app writes to an S3 bucket locally, it’s actually writing to a real bucket called companyname-username-projectbucket. With tools like Terraform, the fiddly process of setting all this up can be drastically simplified, so it’s not so bad – just make sure that the developers are aware of the fact that their actions can incur costs is all.

If none of the above are suitable, then it’s probably time to stub out the service and then rely more heavily on a QA or staging environment that’s better reflective of production.

You got the eyes just right!

At the firewall level, port forwarding forwards traffic bound for one port to another machine on your network on an arbitrary port, but the UI built on top of it in your router may not include this.

If it’s not an option in your Fritzbox, your options are:

• Make the service running on your internal network listen on one of those high-number ports instead.
• Introduce another machine on the network that also performs NAT between your router and your machine
• Try to access the underlying firewall in your router to tweak the rules manually. Some routers have an admin console accessible via telnet or SSH that may allow this.
• Get a new router.

The first and last options on this list are probably the best.

The Liberals are happy to lose elections if it means that they’ll get their turn again in a few years when FPTP guarantees another run for them.

Fuck yeah. More of this please.

So what? What good is a “progressive” party if they prop up genocide? The Conservatives are going to take the next election precisely because of cowardice like this. Why should anyone consider voting for the NDP (or the Liberals for that matter) if their policies are the same where it matters?

This is the thing the NDP doesn’t get: principles and passion are what drive Left-leaning voters. It’s not enough to be “not Conservative”. We already have that party. We need a party that taxes the shit out of billionaires, blocks fossil fuels, and yes, stops selling weapons to genociders. Without the courage to be better, they’re just another meaningless colour on the ballot.

It would be absolutely bizarre if you couldn’t connect with WireGuard port and Wireguard obfuscation set to Automatic. Things to try first:

1. Connect without your VPN and try to access a single website like the theguardian.com
2. Once that’s working, enable your VPN and that should do it.
3. If you still can’t get connected, try switching out different countries. Each country listed corresponds to an IP to which your machine will try to connect over a benign port like 443 – so blocking that sort of traffic would be mad unless the IP is explicitly blocked. Therefore, driving to different country targets offers a different IP every time. They’d have to know Mulvad’s whole list and block them all.

If the above somehow doesn’t work, Mulvad offers support through which you can get a temporary Server IP override. You can enter that in the bottom portion of your app’s settings.

Taking a principled, public stand on a moral issue and then subverting said statement via a backdoor through the US is sadly unsurprising from Liberals. The NDP however:

“Canada must not be fuelling the ongoing genocide in Gaza with Canadian-made weapons,” said Heather McPherson, a Canadian parliament member and foreign affairs critic for the NDP.

Aren’t they still propping up this government? Someone should remind Singh that the NDP are nothing if they can’t have stronger principles than Liberals.

Fucking parasites.

Having used it for work, I really don’t understand the appeal, especially when compared to tools like Poetry. Uv persists in the dependency on requirements.txt, doesn’t streamline the publishing process, and contrary to the claims, it’s not a drop-in replacement for pip, as the command line API is different.

It’s really fast, which is nice if you’re working on a nightmare codebase with 3000 dependencies, but most of us aren’t, and Poetry is pretty damned fast.

If uv offered some of what Poetry does for me, if at the very least we could finally do away with requirements.txt and adopt something more useable – baked into pyproject.toml of course – then I’d be sold. But this is just faster pip.

Personally, I like the Greens, and given that the other parties have demonstrated a lack of willingness to fix things, I say give them a chance.

Maybe vote for a different party then?

“Thing people wanted was made legal, and then the people used it”. Film at 11.

That second one is pretty clear. Thanks for the link. I’m not sure it justifies discounting them forever, but it’s good to keep in mind.

What’d they do?