u_tamtam @ u_tamtam @programming.dev

Posts

6

Comments

454

Joined

2 yr. ago

Imagine (insults put aside) being so out of touch with the real world to think 1940's geopolitics constitutes a reasonable case to portray Russia, a different state, as a well-meaning player in the region today, all the while Russia, being in an open war of aggression with its neighbours, is very much exerting the kind of "neocolonialism" and expansionism it accuses its enemies of doing.

I could give you plenty of reasons why you would be worse-off deploying from docker without deep understanding of what's going on, but to only list a few out of the obvious pile:

• your container ships a bunch of things that you do not need and that take-up significant server resources. Not just nextcloud apps that you will never need but get loaded nonetheless, but also things like redis and a full-fledged collabora server that only make sense in a large-scale instances.
• your container isn't tuned for your server because whoever made the container had no way to know that in advance. For instance, It might be that your php-fpm forks beyond your multithreading or IO capabilities, that your application cache isn't adequate wrt. your system's RAM memory, etc
• your containers duplicate functionalities from each other and from the operating system. You don't need more than one http server, database, application process manager, interpreter, … but they add-up nonetheless and reduce the pool of available resources from the rest of the system and containers.

Yeah and all those Russian flags and "vive Poutine" signs just happened to have been found laying around, a country that's "just" 5000km away. How delusional must you be :)

Edit: almost forgot https://mediabiasfactcheck.com/republic-world/

I second that. I can't say mine runs fast because my hardware is very modest, but it runs very decently considering it's sharing resources with many other services.

In general, it wouldn't come to my mind to expect good performance by default out of anything pulled from docker. As soon as one starts hosting multiple services and apps simultaneously, containers get in the way or even make impossible proper resource allocation and tuning.

That's your problem, just there: you deployed a one size fits all blackbox of a container that, by definition, on top of pulling all the inefficiencies and redundancies of docker, isn't tuned for your specific hardware and operational needs. I get the appeal of containers, but if you want to self-host responsibly, you've got to be in control of what's running and how.

Sorry if this sounds harsh.

Hmm, so we have Russia sponsoring a coup and installing a military junta, and somehow this is western neocolonialism?
Those mouthpieces and farmed trolls really don't pretend to be trying hard anymore. Sure thing this is helping the population of Niger, one of the poorest in the world, right?

Because depending on what I'm sharing and with whom, I may not always want to send 30+ MPix images if I know it's going to be viewed on a phone/tablet or downloaded from a data network (typically, family reunion stuff that nobody wants a 15MB ultra sharp file of). If the photos might end up on the open internet, I don't necessarily want my camera's serial number and other "global IDs" present in the EXIF to be kept, but I might want to share "straight out of the camera" JPEGs with full metadata with my photography enthusiasts friends. That's one area of the workflow I feel I want to be in control, because it is very contextual.

Fair. Like I wrote previously (either here or in another thread) it's likely that most self-hosters would at some point consider nextcloud given how versatile it is, and then it pays-off to tune for your config. If you do without, good for ya!

Brave and Vivaldi (and edge) have no say in the matter, they are practically in the business of rebranding chrome for what it is and contributed to reinforcing goggle's monopoly. I have absolutely no sympathy for them.

Up to date firmware?

IIRC unless you go ecotank-tier, you are pretty much guaranteed some surprises. Good that they have a "reasonable" range, though.

To be totally fair, in my long history with it, I've been complaining more about the bad performance of nextcloud than the opposite (I still do), but things improved quite significantly after I moved (a long time ago) to postgresql+pgbouncer, which made it acceptable. Tuning did the rest.

There can be several reasons why your experience with nextcloud is not optimal. For instance, if you have a slow mechanical drive and a weak 2-cores CPU like I do, it's enough to hit a large folder with many pictures for the first time to have it grind to a halt: the server will become IO and CPU starved while php-fpm fork bombs (on a default config) way too many imagemagick processes to render miniatures of the photos, which, when those are large, will make sure to eat the little amount of RAM you had left, further pushing you into swap and memory-compression territory, making things even worse IO & CPU-wise. This is easily mitigated by rendering the miniatures asynchronously via a cronjob and making sure that there is a reasonable limit to php-fpm's parallelism to keep your app, navigation and overall system responsive.

Honestly, this is basic sysadmin/tuning stuff, that only you (with the knowledge of your hardware) can do right (and should do, the reward is immense). And it might very well be that nextcloud is (much) more demanding than other apps due to its inherently bad design & stack. It does the job, though, and isn't afraid of taking hundreds of thousands of files.

They'll brute force ssh against any port, tbf, changing 22 to something else will not buy you much :)

I'm sure HP didn't ramp up their bullshit from 0 to 11 overnight, the question now is how much we can trust Brother not to be walking the same path and mandating more and more restrictive firmwares in the future. I think them opensourcing drivers and firmwares would help mitigate that, and if their business model is really to be that sole good guy and antagonize the likes of HP/Epson/... they don't have anything to lose and a lot to win (or as a minimum, myself as a customer).

I heard they stopped allowing that recently.

Last time this came up, people were quick to bring up brother, and others (and that was new) to mention that brother started to do the same crap (limiting 3rd party toners). So I really don't know what to think of them anymore.

I could be in the market for a b&w laser printer/scanner soon so I'll keep an eye on replies here.

You get spammed with ssh attempts no matter what. Just set up fail2ban with harsh firewall rules, key-only auth, and live happy!

And so damn easy to self-host in general. Ejabberd is batteries included down to offering stun/turn for audio/video calls, Erlang is just unrivaled when it comes to hot reloading so updates are effectively zero-downtime (unsurprising considering all the business critical environments it's deployed).

At first (and especially because I went with Matrix originally) I wouldn't think of self hosting all my instant messaging, but in retrospect, ejabberd is one of the easiest services I've got to maintain. I highly recommend everyone to give it a shot, especially to all the matrix refugees to whom it was a surprise/disappointment.

As soon as you put something up online, you will de facto become a target with nowhere to hide except offline. Your IP will be known and constantly hammered by more or less serious threats.

If you don't know the basics of Linux system administration and typical security measures, I would propose 2 approaches: you can go "the NAS way" and purchase something turnkey like a Synology (or anything on which you can easily spin up containers to host your services). You can expect a large part of the administration to be taken care of with sound default settings.

Another approach is to use a beginner friendly distro like https://yunohost.org/ , perhaps more involving, more risky, bit more rewarding.

Also, don't put anything up there like personal or valuable information (except if encrypted with local-only keys), expect to be hacked, expect to be wiped, and think early on about (off-site) backups.

use… bookmarks? And if it's a concern that the pages you want to bookmark might disappear, you can use something like wallabag: https://github.com/wallabag/wallabag