I’ve been self-hosting my blog for 21years if you can believe it, much of it has been done on a server in my house. I’ve hosted it on everything from a dusty old Pentium 200Mhz with 16MB of RAM (that’s MB, not GB!) to a shared web host (Webfaction), to a proper VPS (Hetzner), to a Raspberry Pi Kubernetes cluster, which is where it is now.

The site is currently running Python/Django on a few Kubernetes pods on a few Raspberry Pi 4’s, so the total power consumption is tiny, and since they’re fanless, it’s all very quiet in my office upstairs.

In terms of safety, there’s always a risk since you’re opening a port to the world for someone to talk directly to software running in your home. You can mitigate that by (a) keeping your software up to date, and (b) ensuring that if you’re maintaining the software yourself (like I am) keeping on top of any dependencies that may have known exploits. Like, don’t just stand up an instance of Wordpress and forget about it. That shit’s going to get compromised :-)

The safest option is probably to use a static site generator like Hugo, since then your attack surface is limited to whatever you’re using to serve the static sites (probably Nginx), while if you’re running a full-blown application that does publishing etc., then that’s a lot of stuff that could have holes you don’t know about. You may also want to setup something like Cloudflare in front of your site to prevent a DOS attack or something from crippling your home internet, though that may be overkill.

But yeah, the bandwidth requirements to running a blog are negligible, and the experience of running your own stuff on your own hardware in your own house is pretty great. I recommend it :-)

You got the eyes just right!

At the firewall level, port forwarding forwards traffic bound for one port to another machine on your network on an arbitrary port, but the UI built on top of it in your router may not include this.

If it’s not an option in your Fritzbox, your options are:

• Make the service running on your internal network listen on one of those high-number ports instead.
• Introduce another machine on the network that also performs NAT between your router and your machine
• Try to access the underlying firewall in your router to tweak the rules manually. Some routers have an admin console accessible via telnet or SSH that may allow this.
• Get a new router.

The first and last options on this list are probably the best.

It would be absolutely bizarre if you couldn’t connect with WireGuard port and Wireguard obfuscation set to Automatic. Things to try first:

1. Connect without your VPN and try to access a single website like the theguardian.com
2. Once that’s working, enable your VPN and that should do it.
3. If you still can’t get connected, try switching out different countries. Each country listed corresponds to an IP to which your machine will try to connect over a benign port like 443 – so blocking that sort of traffic would be mad unless the IP is explicitly blocked. Therefore, driving to different country targets offers a different IP every time. They’d have to know Mulvad’s whole list and block them all.

If the above somehow doesn’t work, Mulvad offers support through which you can get a temporary Server IP override. You can enter that in the bottom portion of your app’s settings.

That was my takeaway as well. I just wish I had data for the other seasons. It’d be interesting to see how that might change the percentages as they are.

As for GEOGIOU, I’m reasonably sure that this refers to both versions of her.

Honestly, it’s 'cause I forgot to include it! I’ll see if I can add it tonight. Check back in 24hrs :-)

I like it, and I’d bet dollars to doughnuts that you’re talking about Discovery. I’ve said in the past that the show should be called “Star Trek: Michael Burnham” as it would at least be more honest.

To be fair, I think every series has a lot of episodes that would fail this test, some of which were excellent, like DS9’s “In the Pale Moonlight”, and “Far Beyond the Stars” or TNG’s “The Inner Light”, but if used to assess a series, I think this could be a good metric.

Ah yeah, I remember a moment like that in DS9, where Sisko is lamenting the crew’s interest in a holosuite program set in the 50s because of how “our people” were treated back then. It always felt out of place for me, though DS9 is still my favourite Star Trek.

Can you give some examples of this? Admittedly I didn’t much care for Discovery and didn’t pay a lot of attention through it as a result, but I’m not picking up what you’re laying down ;-)

Voyager: One Small Step

It’s one of my top ten favourites, but it’s also a very typical “one off” story.

Has anyone managed to get AM2R working on the Deck? I was thinking of trying it out next.

• Kubernetes Cluster
  • pi-left
  • pi-right
  • pi-centre
• Other Servers
  • pi-katamari (file server & database)
  • pi-athens (DHCP, DNS, pi-hole)
  • Alexandria (Synology)
• Desktops
  • Berlin
• Laptops
  • London
  • Brighton
  • Brussels
  • Cambridge
  • Toronto
• Phones
  • Laconia
  • Vulcan
  • Bajor

Heh. We’ve convinced our kids that Paw Patrol and Cocomelon “don’t work on our TV”. All I had to do was let her select it a few times and then kill the network connection when she wasn’t looking. After that, we marked them as “disliked” in Netflix and now they never appear.

It may not last, but I’m doing what I can :-)

Snowfl has some pretty good results (note the addition of the keyword complete). But you can do a lot better than Paw Patrol! “Bluey”, “The Owl House”, “Hilda”, and “Kipo and the age of the Wonderbeasts” are all far better choices for kids and your own sanity ;-)

Mozilla’s VPN is just reselling Mullvad, so you can support Mozilla and use Mullvad at the same time if you like.

You might want to consider just Dockerising everything. That way, the underlying OS really doesn’t matter to the applications running.

I’ve got a few Raspberry Pi’s running Debian, and on top of that, they’re running a kubernetes cluster with K3s. I host a bunch of different services, all in their own containers (effectively their own OS) and I don’t have to care. If I want to change the underlying OS, the containers don’t know either. It’s pretty great.

What about blog spam though? Surely this would relinquish controls like moderation for your site?

Ahh, yeah that’s about what I remember. Too messy for me. This sounds like it’d be better as an actual package (apt/pacman) then.

Well that looks promising. Last time I looked into it, I was put off by a shell script that called sudo, but if it’s bound to a Flatpak, I can work with that.

I did just that. It’s not about security. It’s about messing with my machine’s setup. I don’t want to run a bunch of rando commands that might mess with how my actual package manager manages my system.