#indieweb 2020-11-09

2020-11-09 UTC
alex11, rEnr3n, opal, BigShip, KartikPrabhu, a_chou and [Raphael_Luckom] joined the channel
#
[Raphael_Luckom] Do people around here find much use for terraform? I've been using it for about two years now. If people are interested in those kinds of infrastructure things it might make a neat session at IWC East.
KartikPrabhu and [chrisaldrich] joined the channel
#
[chrisaldrich] What is terraform?
#
Loqi It looks like we don't have a page for "terraform" yet. Would you like to create it? (Or just say "terraform is ____", a sentence describing the term)
#
[chrisaldrich] I don't use it [Raphael_Luckom] and there isn't a wiki page. Sounds like something worth exploring at camp though....
#
[chrisaldrich] mayakate: I stubbed out a page on crafting if you'd like to add anything
#
[chrisaldrich] what are crafts
#
Loqi Crafts or crafting is a range of common hobbies about which some IndieWeb sites focus some of their content https://indieweb.org/crafts
[tw2113_Slack_] joined the channel
#
[Raphael_Luckom] Sorry, it's an MPL2.0-licensed DSL (https://www.terraform.io/docs/configuration/index.html) and CLI tool that allows you to express infrastructure configurations. So it's kind of a plugin-based, vendor-agnostic version of AWS CloudFormation or Google's infrastructure bundling tool. It has plugins (https://registry.terraform.io/browse/providers) for a lot of services, sites and infrastructure vendors (github, vmware, etc.).
archwizard, nickodd, nolith, rrix, alex11, [tantek], toupain1, markopasha, gxt, [Rose], swentel and KartikPrabhu joined the channel; nickodd left the channel
#
Loqi Ok, I'll tell them that when I see them next
#
petermolnar !tell [Raphael_Luckom] in my day job, I'm a linux sysadmin (or devops. or sre. whatever is the trendy now), and for a company with a very large web service, terraform might make sense. In my personal life, I went full oldschool, with 2 freebsd nodes, no container, no fancy, not nothing. Why? Because then I can run everything on a passive cooled ThinkCentre micro instead of the abomination called AWS.
schmudde joined the channel
#
nolith petermolnar: are you hosting your site at home?
#
petermolnar I rent a server from Hetzner, and I have a mirror at home
#
petermolnar my home internet was not reliable enough
KartikPrabhu and archwizard joined the channel
#
nolith reliability of home connection is my main concern as well. For now I'm using GitLab pages and I wrote a very minimal micropub server that I run on my wife's VPS, she has a bookstore with an e-commerce.
#
petermolnar nolith I have a broadband monitoring quality set up from https://www.thinkbroadband.com/ - my reliability was abysmal till ~June, and it's a whole lot better since. Trouble is, if I drop the remote server, I drop the off-site backups, and I don't want that.
archwizard, KartikPrabhu, opal, gxt and [Raphael_Luckom] joined the channel
#
[Raphael_Luckom] is it hyperbole to refer to AWS as an abomination or is that a settled idea around here? For my use case I rather like it, but if it's just going to start a fight I'd rather go elsewhere quietly than have the fight.
#
petermolnar concensus not really an indieweb thing, those are my thoughts
#
petermolnar there is no fight, but I stand by my opinion on aws
#
nolith I do understand petermolnar view, but I have a different opinion. But I'm pretty new here
#
Zegnat Plenty people in here using different sorts of clouds :) I do not think we concern us too much with what platforms people opt for, as long as you are creating your own site
#
petermolnar on the why I think of aws (and any other cloud provider) this way: they way they set up billing is so opaque - egress, ingress, i/o costs, etc - that if one makes a mistake, or, say, gets on top of HN, suddenly the previously very cheap hosting becomes an absolutely insane bill. There is no way of setting up hard limits on cost; - as in terminate the service if cost is above X - if that was a thing, I'd probably wouldn't think of aws a
#
petermolnar s bandits on the road.
#
Zegnat Though if you want to go deeper into the virtues of different places, I might nudge people to either #indieweb-dev or just #indieweb-chat. It may have a tendency to go places that are a little overly technical/jargony for this general channel :)
#
Zegnat What is AWS?
#
Loqi Amazon Web Services (commonly abbreviated to AWS) is a collection of remote computing services that together make up a cloud computing platform, offered over the Internet by Amazon https://indieweb.org/AWS
#
Zegnat You know if anyone has done a writeup about that, petermolnar? To link on https://indieweb.org/Amazon_Web_Services#Criticism? I feel like I have heard that cost argument before, but it did not stick.
[jgarber] joined the channel
#
[Raphael_Luckom] thanks for clarifying, everyone! That all makes sense. The cost / billing thing is a good point too, it's a good area of focus to call out.
#
petermolnar I just done a quick google search: https://blog.kylegalbraith.com/2018/10/08/how-to-better-watch-your-aws-costs-before-you-forget/ - in comparison, I'm paying for a rented server w/ 20TB in/out traffic, 8 cores, 16GB RAM, 2x3TB HDD, and it's a fix 30€/m.
#
petermolnar AWS << https://www.hivelocity.net/blog/aws-bandwidth-expensive/
#
Loqi ok, I added "https://www.hivelocity.net/blog/aws-bandwidth-expensive/" to the "See Also" section of /Amazon_Web_Services https://indieweb.org/wiki/index.php?diff=73218&oldid=69556
#
nolith Where can I find the triggers to which Loqi starts an action?
#
Zegnat What is Loqi?
#
Loqi Loqi is a friendly and useful bot/digital therapist present in the IndieWeb discussion channels https://indieweb.org/Loqi
#
Zegnat I think they are documented there, nolith ^^^ :)
#
nolith Zegnat++
#
Loqi Zegnat has 15 karma in this channel over the last year (85 in all channels)
#
petermolnar gives Loqi an undocumented feature
#
Loqi crushes the undocumented feature
KempfCreative joined the channel
#
jeremycherfas For what it is worth, I have billing alarms on AWS (where probably the only thing that would bite me is a sudden rush of podcast listeners) and I guess if you kept an eye open you could spin down quickly enough while thinking of a different solution. But a sudden rush of podcast listeners would be a fine thing to have to deal with.
#
petermolnar jeremycherfas: I was on call too many times to know that the real bad thing will happen on a 3am when you're on a vacation on crappy hotel internet
#
jeremycherfas Thanks for those words of encouragement. :)
#
nolith Ahah, this reminds me of an outage we had when I was on a trip in Thailand with no laptop and only my smartphone. My wife still remembers it.
KempfCreative joined the channel
#
[Raphael_Luckom] one thing that would be really cool (but tricky) would be to have a way for your billing alarm to trigger a banner that says "hey everyone, the site is costing more than expected this month. Here's a way for you to donate to keep it running, otherwise it will shut itself down after <time period or further alarm>)
#
[Raphael_Luckom] It's on my list to eventually do something like that, but there's a lot ahead of it on that list
ShinyCyril and [Murray] joined the channel
#
[Murray] Yeah, that's why I've never dabbled in AWS πŸ˜„ Had a friend (not really a dev, just someone who likes playing around with techie things) spin up a small website to do some data scraping with AWS. He'd had it up for a month or two, not really bothering with it, then got a bill in the five-figure range. Either he screwed up his code and it just went berserk or (his thoughts) there was a security flaw that someone exploited to use his instance for
#
[Murray] something else. Whatever it was, over a weekend his usage shot up and he woke up to a shock. To their credit, Amazon ended up waiving the bill, but it nearly cost him a mortgage negotiation he was going through and about two weeks of serious stress over finances... so yeah, scared me right off πŸ˜„
#
[Murray] though tbf that fear is mainly from a place of "I have no clue what any of these words mean" than any specifically anti-AWS stance πŸ˜‰
schmudde joined the channel
#
[Raphael_Luckom] I'd be interested to hear how many of the "massive bill" stories involve VMs vs other things. If you want to run something like Wordpress or another CMS that uses an always-on server, then I don't think AWS makes sense for a personal site--the deal for a server that petermolnar cited seems like a better deal than what aws would give you. OTOH, if you're serving a static site you don't need to rent a VM to do it, and the per-request charges
#
[Raphael_Luckom] are low enough (especially if you used a CDN) that it would take a pretty determined DDOS to move the needle unexpectedly. Though if you were hosting a podcast or big media files the math might change somewhat.
kaun_ joined the channel
#
jeremycherfas [Raphael_Luckom] That is a very cool idea. I could maybe even trigger the visibility of a banner on receipt of the warning email.
#
jeremycherfas I did try once to work out the per-listen cost from AWS, but I didn't get very far.
#
[Raphael_Luckom] Yeah, it's tricky. I've worked as devops-or-whatever in two places that used AWS and one that used GCP, and "cloud spend visibility" was a perennial topic at all of them. I'd be happy to talk more in #indieweb-dev, I love this stuff and take the point that not everyone is interested πŸ™‚
#
[Murray] honestly, if you're just hosting a static site, there are free options like Netlify or GitHub Pages which to me make more sense anyway πŸ€·β€β™‚οΈ
#
petermolnar There is a benefit to the whole everything-costs-you-a-lot-in-the-cloud: maybe, but just maybe, people will, agian, think of resources, and efficiency. By the way, it really smells a lot like the stories on how one could get processing time on IBM mainframes in the 60s.
rmdes_, [chrisaldrich], KempfCreative, archwizard, schmudde, anotheryou, [jgmac1106], [KevinMarks], shoesNsocks, [tantek], [Rose], kensp, swentel, archwizard56 and mauz555 joined the channel
#
[tantek] In case any of you have accounts with or have ever used hotel / booking silos, you may want to reset all those things: https://www.hackread.com/hotel-reservation-platform-data-leak-online-booking-sites/
schmudde joined the channel
#
[tantek] Something something silos / centralization of data = bigger & more attractive target
#
aaronpk it's always this: "The exposed database was originally identified by researchers at Website Planet who noticed a misconfigured AWS S3 bucket..."
KartikPrabhu joined the channel
#
[tantek] Hah! That sounds worthy of documenting as a "Common Pitfall" on the S3 page then
#
[tantek] what is S3
#
Loqi Amazon S3 is a file hosting service from Amazon https://indieweb.org/S3
[Raphael_Luckom] joined the channel
#
[Raphael_Luckom] It definitely _feels_ like there's an anti-cloud consensus here.
KartikPrabhu and [spieper] joined the channel
#
aaronpk anti-cloud? nah just anti-complexity πŸ˜‚
#
[tantek] not at all, if anything IndieWeb practices are very much about using servers to host our personal sites
#
[tantek] the only "anti-cloud" consensus I know of here is naming, that is anti-hyped-marketing-terminology
#
[tantek] see also anti /jargon in the main channel
#
[Raphael_Luckom] Sorry, I don't think I was being clear. I didn't mean to imply that people _actually_ here think one way or another about the cloud. I just meant that as someone who likes the cloud, this seems like a place where if I want to hang out here I should get used to hearing lots of unqualified negative generalizations about it.
[jgarber] and Dieux joined the channel
#
[tantek] more likely to hear that in the #indieweb-dev channel, since knowledge of / about "the cloud" have very little actual practical user-friendly impact on running and using your personal site
#
[tantek] what is jargon
#
Loqi jargon is a specific unobvious word, concept, or technology (like Webmention), or re-use of a word to mean something other than its common meaning (like feed), or sometimes re-using a word as an acronym (like POSSE) https://indieweb.org/jargon
#
mayakate[m] As someone who also likes clouds, I don't think it's so hostile as all that, but YMMV.
#
[tantek] exactly mayakate[m], mentions of "cloud" in this channel ought to be about atmospheric phenomena, perhaps posting photos thereof on your own site, not about technology plumbing (that belongs in #indieweb-dev)
#
[Raphael_Luckom] like for instance, I wouldn't make a statement like, "It's always some poorly-secured, non-updated Wordpress site" in regards to the latest dumb phishing email. The fact that people get curious about things, set them up, and leave them running in an insecure mode isn't unique to a technology and doesn't really reflect one way or another on wordpress. If I _did_ say "It's always some poorly-secured, non-updated Wordpress site" I would
#
[Raphael_Luckom] expect any wordpress developer within earshot to feel slighted.
#
[tantek] Good example, and it's not a dichotomy like that.
#
[tantek] we've actually been quite critical of WordPress security (and usability) vulnerabilities here, to deliberately steer new folks away from starting with setting up their own WordPress
#
GWG insert sad face here
#
[tantek] GWG, it's not your fault and you know that πŸ™‚
jjuran joined the channel
#
[tantek] re: dichotomy, [Raphael_Luckom] it's not very helpful to reason with "isn't unique to a technology" because that makes seem like it's binary (unique or not) when the reality is usually a spectrum
[jgmac1106] joined the channel
#
[jgmac1106] Starts everyone on WP as it still feels the easiest... And it makes up the largest install base of different IndieWeb tools
#
[tantek] [jgmac1106] I've seen too many people I see / have started on WP end up being unable to (or forgetting to) maintain their sites, getting taken over by bad actors, and then killing their sites. IMO it's an irresponsible road to lead new folks down, unless you're signing up for being the WordPress admin in perpetuity
#
[jgmac1106] ... Now a days they just say they will use Wix... Which is worse in terms of ownership
#
[jgmac1106] Not an easier free option for me to give people
#
[tantek] WordPress is not a usefully free IndieWeb option
#
[tantek] since you have to pay for a personal domain with WP.com and
#
[tantek] setting it up on your own webhost is certainly not free
#
GWG [tantek]: If you buy a house and then abandon it, it will start to get squatters, wild animals, and weather damage too
#
[tantek] [Raphael_Luckom] we've captured some of the WordPress security problems here: https://indieweb.org/WordPress/Security#Criticism if you have specific citations or a personal anecdote you'd like to contribute
#
GWG I would never claim WordPress is perfect, but maintenance is a necessary evil
#
[tantek] GWG, with a house, the maintenance costs (in money and time) are usually much more apparent.
[chrisaldrich] joined the channel
#
[chrisaldrich] "free" may also not be a good framing since you're going to pay with either money for someone else to maintain it or with your own time. The key is to have some reasonable expectations about what you're getting into.
#
[chrisaldrich] Even if you move to something else later, you may also experience some pain in porting your data over, which isn't always "easy".
#
[tantek] I dislike the framing "necessary evil"
#
[tantek] WordPress has a higher admintax than other approaches for new folks
#
[tantek] ("necessary evil" is also problematic for the same false dichotomy reasons I provided above)
#
[jgmac1106] Am seeing a bit of resurgence in Blogger in US but that could be Google for Education halo
#
[Raphael_Luckom] I really like wordpress! It's an accessible model of a big-ish CMS with a plugin system and a free license! I may not choose to _use_ it, but I think it's an amazing accomplishment and the team that built it should be proud of themselves.
#
[chrisaldrich] On the other hand, with WordPress, there is at least a large enough community behind it that if I search the web with my problem, there's usually a reasonable enough answer that I can find a ready solution or place for help.
#
[jgmac1106] [chrisaldrich] yes not free. I pay in both time and treasure. Still WP only way I could do it. We give websites for free to raise money to provide free computers
#
[tantek] [Raphael_Luckom] agreed, WordPress is an amazing accomplishment for sure and definitely serves many many folks's needs. That can be true and it can have problems being a personal maintainable option for a personal site (when maintenance is not your hobby).
#
[jgmac1106] I am taking the Team version of micro.blog for a spin getting close
#
[jgmac1106] .... Have also been here for years and only met two active theme developers
#
[chrisaldrich] I'm just waking up from my summer's "nap"... there's a Team version of micro.blog?
#
[jgmac1106] Well kinda Chris. You can have multiple people who can publish. I don't know all ins and outs
#
[jgmac1106] Test driving it for my cybersercurity work
#
[chrisaldrich] Multiple people who can manage a single account is a nice feature.
#
[jgmac1106] But it isn't what I do with each user on a subdomain
#
[jgmac1106] Yeah. Good corporate or family solution. Would want to assign subdomains to users
#
[jgmac1106] What I really need is the ability to just spin up micro.blog at the school or library and then allow them to control where kids syndicate
mauz555 joined the channel
#
[chrisaldrich] It's been interesting to see just how locked down one can make a google account in a classroom setting as I'm watching a 4th grade class every day...
#
[chrisaldrich] [jgmac1106] we should get a grant to help a library, local newspaper, or small municipality go IndieWeb as a test case...
[KevinMarks] joined the channel
#
petermolnar (sorry in advance) [Raphael_Luckom] "I just meant that as someone who likes the cloud" I recently watched the Yivo episode of Futurama, and in my head, that sentence of yours happened in Fry's voice, similar to "love the tentacle"
#
petermolnar [tantek]: the WP admintax is exaggerated​, it's by far one of the most simple ones in the league of web-ui CMSes
#
[KevinMarks] It has got better, certainly. Blogger is surprisingly useful still too.
#
petermolnar [Raphael_Luckom]: on a more serious tone, from my point of view, the public clouds are extremely complicated. Many of us run simple site: throw in some PHP, maybe a database, and it's good to go. Nobody wants to deal with the 191 AWS services (the internet is telling me this number) when all someone needs is nginx/apache, php-fpm, and, maybe MySQL.
#
petermolnar on the other hand, it doesn't mean one can't or shouldn't; if it's your cup of tea, then why not?
#
petermolnar however, as with all things in indieweb /plurality is good, so both full on cloud and total homebrew, should, ideally be present here.
#
petermolnar I do wonder though - is anyone running their stack on some sort of "proper" mainframe?
#
aaronpk "people get curious about things, set them up, and leave them running in an insecure mode"... running production services on a public S3 bucket that should have been protected is far beyond "get curious and leave it running"
#
aaronpk this gets to the complexity issue. if you're using a tool that's so complex that you are using it wrong by default then maybe it's worth reevaluating if you actually need that tool
#
petermolnar looks at the open-by-default-on-all-ips Redis madness from a few years ago
#
aaronpk and yes *so many* of the password "hacks" are actually just that someone left an S3 bucket public
#
aaronpk or MongoDB
#
[KevinMarks] AWS permissions are so annoying that 'open it up to get it working, then lock it down' ends up being a common practice.
#
petermolnar that's what people do with firewalls, and is indeed the wrong approach
#
[KevinMarks] Right, but with firewalls it is mostly ports and ip addresses, whereas AWS has 3 other models too.
#
[chrisaldrich] Can we move this conversation to #indieweb-dev? Way too much /jargon....
alex11 joined the channel
#
petermolnar jargon, maybe, but nothing really -dev specific imo
rrix and [Jan_Lukas_Else] joined the channel
#
[Jan_Lukas_Else] I finally relaunched my blog with my new custom IndieWeb-focused CMS πŸŽ‰ πŸ˜… https://jlelse.blog/posts/new-blog-goblog
#
Loqi [Jan-Lukas Else] My new GoBlog-Blog is finally alive πŸŽ‰
#
[tantek] petermolnar, agreed that WordPress is perhaps one of the easier to use CMSs out there, and no longer one of the easier to use blogging tools.
#
[tantek] (which it set out to be originally, and eventually at some point transitioned)
[schmarty] joined the channel
#
[schmarty] [Jan_Lukas_Else] ++ congrats!
#
Loqi [Jan_Lukas_Else] has 1 karma over the last year
KempfCreative joined the channel
#
[jgmac1106] [chrisaldrich] I got 10k grant from Yale to keep camp going. I am pitching the state to fund it through libraries
opal and [grantcodes] joined the channel
#
[tantek] wow awesome! congrats [jgmac1106]++
#
Loqi [jgmac1106] has 13 karma in this channel over the last year (56 in all channels)