The author is a bit more forgiving than I’d be. Scripts that get killed, logs that don’t work, et cetera, are problems, not annoyances. When something that has very precisely defined functionality stops functioning as expected, whoever made the change gets the blame, no matter their reasoning.

To be fair, I have nothing good to say about Dreamhost, anyway. They allow tons of malicious activity on their networks and take ages to take action when it’s reported. They don’t seem to care about anything but doing the bare minimum, but as someone who is only seeing the bots on their networks and who isn’t a customer, I can’t speak to the quality of anything but their responses to abuse complaints. But any server, network, NAT implementation, whatever, that times out ssh connections or has inexplicable flakiness is going to get a fist shaken at them, no matter what.

I’ve hosted people on Unix systems (NetBSD) continuously since the late ‘90s and still have some of the people and their content from then. Granted, I stopped trying to make money by hosting and let Unix shells just be a benefit of having servers for other reasons, but I totally get how difficult it’d be to find something similar elsewhere. I also understand how many people these days don’t have a mental model about how it works and have had some rather funny exchanges with people as the light bulb lights up as the pieces start making sense to them.

I’ve tried to discuss the cloud part to people - particularly how you make something that can just work regardless of the hosting platform, and, like asking Android developers how you install a toolchain on an Android device, I get a lot of responses that don’t make sense until I ask the same thing again, but more slowly and with added emphasis, then responses which typically are some variation of “Why?” and/or “I really don’t know.”

But, like anything else that’s good, works well, doesn’t need lots of maintenance and just runs, Unix shell hosting will exist forever, even if younger folks are never taught about it. It’s fun to teach them, though :)

The author is right, there are not many Unix hosting options out there.

However, I personally self-host everything for me, and for my community. We run a small hackerspace and what I ended up doing is something very simple: FreeBSD Jails.

I see the author saying that

I was surprised that it was based on FreeBSD! I use Linux on my local machines, and I prefer my remote machines to be the same.

I don’t want to talk about OS diversity anymore, my doctor does not recommend that, so I’ll skip that part. However, most common Unix hosting providers in the 90s (I’ve been told) were running non-Linux systems, some of them still do, such as SDF.org, which provides free Unix shell for anyone.

I understand why the the author wants to use Linux everywhere, but trying another Unix-like system is never a bad idea.

As to our hackerspace, my setup is pretty simple. Every member of the hackerspace logs in by doing ssh jail@ourhackerspace and they just drop into a Jail, as root, and they can do pkg install postgresql-server if they want to. If needed, they can even create Jails of their own.

The config was very simple:

# cat /home/jail/.ssh/authorized_keys
command="/usr/local/bin/doas /usr/sbin/jexec -l antranigv login -f root",restrict,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,pty,no-user-rc ssh-ed25519 <the_key_here> antranigv@zvartnots

and in nginx I did something as simple as

    server {
            listen 80;
            server_name ~^(?<domain>.+)\.hackerspace.am$;

            location / {
                    proxy_pass http://$domain.hackerspace.local;
            }
    }

There was also some DNS magic, which I don’t remember, but I think it was as simple as a glob match in BIND.

I’m sure you can do the same with Linux and LXC, but most people who are interested in being Unix hosting providers, are, by culture, not interested in doing Linux/LXC. The Linux/LXC people would be more interested in “cloud”-y things, like 2 more levels of abstraction on top of AWS. The BSD/jails/chroot people will be interested in Unix hosting.

This is not a technical holdback, but a cultural one.

Nice article!

Somewhere in there, there was a mention of a VPS but otherwise it was framed as shared hosting vs using cloud services. But I wonder, why not run your favorite Linux distro in a VPS? There are an abundance of suppliers of them, even a real server server is quite affordable at budget providers. I help admin a small forum, and we moved from shared hosting to a VPS because of papercuts from small restrictions that were not showstoppers but made the experience quite unpleasant. Like, just being able to install any package you want or reboot the server is wonderful after being stuck with a shared host.

I’ve complained about similar to this on Mastodon. I did a year and a half at AWS and got dumped into their “Containers” (EKS, ECS, Fargate, etc) teams. I went from being an “old-school sysop” type like the author describes to having to learn Kubernetes and cloud absolutely from scratch

It was miserable and it was frankly absolutely traumatic participating in the AWS metrics death marches (naturally I got PIP’d and thrown overboard after just over a year)

Something someone pointed out that has been lost in the transition to the cloud is the satisfaction. Everything is just numbers on a screen. CPU, memory. Charts in Grafana etc

Back in the day there was a genuine sense of pride and workmanship in setting up a rack of servers, drilling right down to the OS, tuning all the knobs and pushing all the dials. Really optimizing the thing you’re working on to fit the workload it’s after

Cloud vendors want to treat compute as an ephemeral abstraction. Just throw your perfect little app into a docker container and punt it into a kubernetes void to figure out how to run it. If it dies because it’s buggy, let Kubernetes restart it! Then wrap it in layers of bubble wrap with logging and metrics and all the other Sisyphean layers of abstraction and misery until it’s an unmanageable boulder of mud, tape and tears and it takes an entire SRE team to push it up a hill

My roommate likened it to Marx’s concept of a worker being alienated from his labor. You’re so divorced from your own acts of creation or operation from the computer that everything just melts into pointless sludge

Heh, 1000 sites per server :-) When I was working on web servers at Demon Internet in the late 1990s, our shared hosting servers had 1000 web sites each. Our “homepages” static website hosting service (included in the dial-up subscription) had more than 50,000 web sites on a cluster of less than 10 servers. Demon was using BSD / Apache / CGI / Perl (it was before Linux was good at networking, and before the rise of PHP and MySQL). So there generally wasn’t a huge CPU load. I have absolutely no idea what contention ratios are like these days; I wonder how it has changed.

I’m a big fan of Mythic Beasts (not just because I’ve known the founders for decades!) After I took over Cambridge University’s DNS, I moved all the vanity domain registrations to Mythic. They could give me monthly billing which reduced the renewal workload from hours per month to minutes, by avoiding university finance office bullshit. I subsequently moved my personal hosting to Mythic as well.

Their job application process involves a kind of escape room challenge http://jobs.mythic-beasts.com/ which I am told is quite fun (tho I have not bothered to do it myself).

I mostly agree. I am confused how access to apache style logs is a not standard anymore.

I think the main thing that changed for the better is the customer isolation requirement. CPUs now support all kinds of useful virtualization thingies that make isolation better.

People have shifted to an incredible amount of complexity into the build environment ala vercel and yet completely refuse to think about hosting implementation.

I finally gave fly.io a try and turns out it is a modern take on cgi-bin. One gets proper control over routing requests, logs in somewhat standard cloud format and firecracker for isolation. Prices are not insane either. However while their stack checks all the cool-modern-features box, it is not sufficiently stable and not at all interoperable with other providers

It’s a sad fact that this is no longer a commodity

Glad to see Mythic Beasts get this recognition.

I use their hosting but hadn’t seen that they support deamons. The linked Python docs likely work for Go too, with https://pkg.go.dev/net#Listen and “unix”.

Reading this makes me wonder, if you did have to come up with a system for shared hosting that was easier to manage nowadays, what would it be? It doesn’t feel like fastCGI is the answer, but is there one?

There are places like SDF: https://sdf.org/ that do shared unix shells and web hosting. Their focus is on community more than anything else though. SDF for instance specifically spells out fastcgi support: https://sdf.org/?faq?WEB?02

Why share Unix hosting, when a whole VM is like $4/mo? It’s like trying to run a business making people share underwear or socks. The amount of extra effort trying to make it hygienic enough, etc. is just not worth it when everyone can just buy themselves their own socks and wear them exclusively.

Unix/Linux is just a complex beast with a gnarly and wide surface area. In the modern times of automatic exploitation, local privilege escalation, hardware bugs, etc. none of this makes any sense anymore. Yes, everyone getting a VM is relatively a waste, but it’s a wast of something we nowadays have an abundance of.

The most important part of optimization is that you need to optimize what is scarce and the bottleneck from the perspective of the whole system. Focusing on “wasted memory by virtualized kernel” is wrong, if it isn’t your bottleneck. And given how cheap compute is, it is definitely not a bottleneck.

I have a $6/mo VM in Hetzner running NixOS, and I’m running a whole zoo of stuff on it: blog, Matrix server, Radicle server, some of my little web apps, and bunch of other stuff, and it just works, all fits without a problem, and it’s all mine. I upgrade it when I want it, run versions of everything that I require, customize what I need customized, from the kernel to ever bit of configuration. A waste would be for me to have to look for individual “shared hosting” for each piece that it’s there, read their docs, workaround all the little details of everything and so on.

I would like to mention GraalOS as a related development, as it’s not too well known (not affiliated, just follow GraalVM)

It would allow the safe hosting of applications without virtualization, in a way maybe similar to CGI, but with Graal-supported languages as scripts (JVM languages, Javascript, Python, Ruby, but also LLVM languages).

The Oracle-written documentations/ads are pretty bad, so let me link to a HN comment which describes what it actually is: https://news.ycombinator.com/item?id=37613065

I think the idea is quite clever.

I use and love NearlyFreeSpeech. Ever since they got TLS working on their service (which basically lines up with widespread client SNI support), I don’t have a bad word to say about them, and I have lots of good ones.

I think there could be a really interesting space for a thing like shared hosting but with containers that the users could upload. For example, the main reason I wouldn’t want to host one of my little django sites there is that it’d be so much work to twist the site until it worked there, and it might just run afoul of their limits if I ever accidentally submitted a bad title image and pillow ran amok resizing it. But I don’t really need a full VPS for that site; it could work just fine if I got to upload a container that could be run under strict limits, connect over TCP to some database, and access some shared filesystem.

I’d try it out if someone offered it at a nicer-than-VPS price.

I don’t really get the intention of this post. Is it a rant? Is it “you all don’t know what you’re missing”? Or is it more of a factual observation than I manage to grasp right now.

Yes, of course it sucks if something that some people find useful is not/hardly available anymore. But there’s usually a reason - in my case everyone I know who did this (back then) has long since moved on, mostly to VPS (because of the flexibility), some to static hosting, some to shared hosting. But I think I can name like 3 people I know who were running cgi-bin or “custom fcgi” stuff in the last 5 years, everyone else didn’t.

We should get rid of the entire CGI thing and have a hosting standard where we can run anything compiled to WASM.

I’m locked into a standard hosting provider for another year and I tried to see if I could run anything other than PHP crap there and turns out… no. No way to run anything there that isn’t PHP crapware. So I guess that thing will be underused there and some server farmer will harvest a final year of margin off me.

I think this is giving Unix way, way too much credit.

Wouldn’t it be silly if Unix came with a canned set of programming languages?

It does. They’re C, Unix shell and awk.

Moreover, imagine that each Unix machine had incompatible syscalls.

They do. That’s why you can’t just run a Linux binary on OpenBSD or vice-versa. The standard interface that’s relatively compatible across Unixen is not the syscalls (heck, almost everyone except Linux doesn’t even have stable syscalls across different versions of the same Unix!), it’s libc. Which is absolutely tied to a single programming language.

Having to go through libc means everyone needs to care about weird C-isms like varargs functions, null-terminated strings, errno and (not least due to how errno is commonly implemented) the C preprocessor. It’s not that Unix is meaningfully language-agnostic, it’s just that we’ve been in this situation long enough that everything else has evolved enough C mimicry to mostly work anyway.

Unix didn’t set out to be an open standard, it started out as a single, proprietary OS implementation. Then projects like GNU showed up trying to reimplement its API. The need for standardization (which eventually culminated in POSIX) only became apparent when users of different Unixen started getting annoyed by incompatibilities.

And we’re starting to see a similar sort of “predatory compatibility” with cloud services, at least the ones that have been around for a while. AWS S3 has a “proprietary”, “nonstandard” protocol, but it’s stable and well-documented enough that by now it has become the de-facto standard for key-value stores. Both open source reimplementations and commercial cloud services are simply providing the S3 API now. Similarly, Docker has been cannibalized to within an inch of its life by other, better container runtimes that reimplemented its API (now known as “the OCI runtime spec”).

Off-topic (if I may) on naming: “oils” sounds weird to me because it sounds plural but is actually not (I think). I catch myself having this thought almost every time when reading the blog ever since the project was renamed.

What do you think about this? Have you heard of this from others? Have you considered a different name?

I see you mention “Making it plural is a subtle change that also results in a different connotation” in a different post of yours, but this doesn’t make it better for me.