• 0 Posts
  • 237 Comments
Joined 1 year ago
cake
Cake day: June 16th, 2023

help-circle
  • Yes, I’ve had similar experiences recently and similar thoughts. Crossing land borders in Asia is more stressful than it was a few years ago. Lots of redundant security theater and biometrics everywhere. Of course, China is on another level to everyone else. At the immigration booth, your conversation with the official is now translated and subtitled in real time on both sides. And face ID is now so universal in China that I suspect the fingerprinting has become an afterthought. Everyone is being filmed and tracked pretty much everywhere. Not just cash but even ticket numbers are now redundant. Everything is attached to your personal ID and cameras decide whether you enter public buildings, train stations and so on. The day their government decides to really abuse all that power, they’re in deep trouble.

    In my experience the border thing is clearly worst in Asia, but with the exception of China it’s mostly just tiresome theater.

    By contrast I crossed into the Schengen zone from Turkey this summer and was surprised by how little security there was. But then I noticed the police all but dismantling a bunch of heavy goods vehicles in their search for illicit migrants. That was absolutely not security theater.

    PS. This subject got me thinking. I’ve seen a ton of borders because I like to travel by land. Different regions of the world definitely have different priorities at borders. In Asia it’s drugs and contraband. They care what’s in your bag. In Europe and North America, it’s you they care about: why you’re here and when you’re going to leave. In police states like China, borders are a golden opportunity to harvest a ton of data on suspect individuals. In much of the rest of the world, Latin America for example, borders are mainly just an employment scheme, bureaucracy for its own sake.



  • The issue is more general. When dealing with, say, apt, my experience is that nothing ever breaks and any false move is immediately recoverable. When dealing with Python, even seemingly trivial tasks inevitably turn into a broken mess of cryptic error messages and missing dependencies which requires hours of research to resolve. It’s a general complaint. The architecture seems fragile in some way. Of course, it’s possible it’s just because I am dumb and ignorant.








  • You still need encryption between your CDN and your origin, ideally using a proper certificate.

    It can be self-signed though, that’s what I’m doing and it’s partly to outsource the TLS maintenance. But the main reason I’m doing it is to get IP privacy. WHOIS domain privacy is fine, but to me it seems pretty sub-optimal for a personal site to be publicly associated with even a permanent IP address. A VPS is meant to be private, it’s in the name. This is something that doesn’t get talked about much. I don’t see any way to achieve this without a CDN, unfortunately.

    I guess it’s popular because people already use Github and don’t want to look for other services?

    Yes, and the general confusion between Git and Github, and between public things and private things. It’s everywhere today. Another example: saying “my Substack” as if blogging was just invented by this private company. So it’s worse than just laziness IMO. It’s a reflexive trusting of the private over the public.


  • I have some static sites that I just rsync to my VPS and serve using Nginx. That’s definitely a good option.

    Agree. And hard to get security wrong cos no database.

    If you want to make it faster by using a CDN and don’t want it to be too hard to set up, you’re going to have to use a CDN service.

    Yes but this can just be a drop-in frontend for the VPS. Point the domain to Cloudflare and tell only Cloudflare where to find the site. This provides IP privacy and also TLS without having to deal with LetsEncrypt. It’s not ideal because… Cloudflare… but at least you’re using standard web tools. To ditch Cloudflare you just unplug them at the domain and you still have a website.

    Perhaps its irrational but I’m bothered by how many people seem to think that Github Pages is the only way to host a static website. I know that’s not your case.


  • This is a bit fuzzy. You seem to recommend a VPS but then suggest a bunch of page-hosting platforms.

    If someone is using a static site generator, then they’re already running a web server, even if it’s on localhost. The friction of moving the webserver to the VPS is basically zero, and that way they’re not worsening the web’s corporate centralization problem.

    I host my sites on a VPS. Better internet connection and uptime, and you can get pretty good VPSes for less than $40/year.

    I preferred this advice.




  • Can recommend Hetzner (German IP). Good value and so far solid.

    Before that I used OVH (French IP) for years but it ended badly. First they locked me out of my account for violating 2FA which I had not asked for or been told about, and would not provide any recourse except sending them a literal signed paper letter, which I had to do twice because the first one they ignored. A nightmare which went on for weeks. And then, cherry on the cake, my VPS literally went up in smoke when their Strasbourg data center burned down! Oops! Looks like your VPS is gone, sorry about that, here’s a voucher for six months free hosting! Months later they discovered a backup but the damage was done. Never again.