I self host since a few years, using Exim, Dovecot replicated on 2 different servers at 2 different providers, Rspamd and Rainloop for the few times when I have only a web browser available.
I have SPF, DKIM and DMARC records, I’ve had the chance of inheriting relatively clean IPs from the providers in question (Hetzner and OVH) and I’ve never had any issue in removing those IPs from the 2 or 3 blacklists the previous owners had managed to get into.
For the moment, both Gmail and Hotmail accept my emails (that is, no bounces, no deliveries in spam folders and no email disappearing into thin air).
I do not plan to move to a hosted provider for my email, the only maintenance I perform is staying up to date with the above packages and having some alerts in the logs if something goes wrong.
If I had to do it again, I would use OpenSMTPD instead of Exim, only because reading the configuration file seems way easier.
I’m not sure about Heroku part. I recommend a small instance on Prgmr.com. If you are reading this, then they can handle running Lobsters. They always do. ;)
I’ll ruin the joke in favor of clarity, and to explicitly thank the folks at prgrmr. Lobsters is not only hosted on Prgmr.com, but has @alynpost is the owner of prgrmr and a sysop here.
Thanks for all you guys do - community-wise and tech-wise!
Thank you both. I’ll close the loop by saying that lobste.rs is running as a Xen DomU with 2 vCPUs, 8GiB RAM, and a 50GiB disk. Since beginning to host the site last year we’ve added a 2nd vCPU to deal with contention between the MariaDB work queue and the Ruby / Unicorn work queue. We’ve doubled the memory from 4GiB as traffic and utilization has demanded. The disk is DRBD and replicates to a secondary RAID10 on another physical host in the same rack.
We’re under 50% disk capacity, and sites with less traffic can certainly be tuned to run on machines with less than 8GiB RAM. We use memory in part as cache to improve responsiveness.
All that said, at least one lobste.rs user is a Heroku engineer, @apg. As @355E3B reports the codebase can be deployed to Heroku. I do not know what instance size you’ll need but other folk probably do.
Just curious, but why DRBD and not MariaDB replication? DRBD is very fragile and difficult to get right in my experience.
DRBD works at the block-device level, and so integrates with our cluster management software, Ganeti. That lets us failover or migrate instances between physical hosts ~regardless of what applications those instances are running. It solves a general problem of moving instances between physical hosts for us.
I’ll give database replication a closer look if and when the compute resources required to run the site exceed what we can get with a single physical host.
Some of this answer you can chalk up to path dependency. However, I have not found DRBD to be fragile or difficult to get right. It does what it says on the tin for us.
Your book looks interesting, btw. Congratulations on publishing it.
Oh it’s fine haha. Yeah, let’s go ahead to thank everyone hosting, admining, coding, and moderating the site for their time. I appreciate it a lot. :)
@feoh why the heck is your blog grey on white? I’d love to read this but even after I increase the text size twice it’s still hard on my eyes.
Contrast Rebellion - to hell with unreadable, low-contrast texts!
Please take another look and see what you think of the new theme I installed. It’s the only theme in the default Wordpress arsenal that cites high contrast and accessibility.
I couldn’t figure out how to adjust the text color in and of itself. Sorry, i’m not a web dev :)
This text is much more readable. The layout of the site has lost a bit of ‘style’ and your header graphic is the same as the article graphic now which looks like a bug, but if you’re going for accessibility this is a bit better.
I guess digging through Wordpress theme CSS is not much fun, but your original theme just with a tweaked font colour would have been fine too ;)
(And nothing against Wordpress here, use it when I have certain kinds of projects that need to get deployed v. fast and with certain kinds of user constraints)
Digging through the CSS isn’t an option for me. I’m a System Development Engineer with Amazon Web Services. I mean, I know enough CSS to set a background and maybe change some spacing in HTML, but I haven’t the foggiest about how to dig in and modify a particular CSS attribute in Wordpress.
I’ll play with the theme more, I’d bet dollars for donuts that there’s a way to get the header graphic for my blog back, but accessibility is super important to me, so if I can’t with the time I have available then that’s a price I’m happy to pay.
Thanks again for the report.
Ah. Interesting. In point of fact I CAN’T modify the CSS myself. To do that I’d need to go from paying wordpress.com $100 a year to $200 a year. Not gonna happen :)
I have a dreamhost account which I use for their free unlimited Wordpress hosting, because it’s generally zero hassle and is a ‘proper’ full Wordpress install. Happy to host your WP there if it’s any use, with couple of caveats.
As a reader I thank you very much for taking into account the remarks.
I really enjoyed the article, I’m still a junior in sysadm/ops and I hope I will Learn as much as you do!
Welcome to the fold! It’s an incredible career path and I love my job to bits and am regularly excited to get up and go to work in the morning :)
I’m partially blind so I’m super sensitive to this. Thanks for letting me know, I will choose a different theme post haste.
If you can manage to refrain from taking the usual dump on Wordpress (It’s what I use and like. Please deal appropriately :) do you have any suggestions on higher contrast themes you like? Or even other Wordpress blogs you find more readable?
I like almost all of Anders Noren’s themes: http://www.andersnoren.se/teman/
The code quality is better than the average WordPress theme, and every one of those looks clean and readable (to me at least).
I’m gonna confess to using wordpress.com so I pretty much only use themes they provide by default, but thanks for the pointer. If I get time and if I can install random themes I’ll definitely look into it!
Between DNS-based blocklists, anti-spam filters and general inbox overload, email is a very fragile medium for communicating anything, let alone authentication credentials.
There’s absolutely zero guarantee than an email would be delivered at all: Gmail and Office 365, to cite just a couple of the big email providers, sometimes drop incoming email without any notification for the sender.
Also, there’s absolutely zero guarantee that an email will be delivered quickly enough for this scheme to work.
I also run my own DNS server, but I prefer to maintain just the master. I pay ~$15/yr to outsource the slaves to a third party company who specializes in such things, and I don’t have to worry as much if my VPS provider decides to go down for a few hours, etc. I get a more reliable DNS system, and I still get to maintain control, graph statistics, etc, to my heart’s content.
Glad to see the discipline of self-hosting isn’t completely going the way of the dodo in this day and age!
Any recommendation for a good third part company for such outsourcing?
I also run my own DNS. The main reason is that I run my own mail using https://mailinabox.email/, which has been a reasonably simple and pain-free experience. Paying someone to get better stability could be interesting.
I have added nameservers from BuddyNS to my secondary DNS. For the moment I’m just using their free plan since I’ve delegated to only one nameservers out of the 3 which are serving my zones, and the query count is low enough to keep me on the free plan.
I loved BuddyNS but I went over their query limit and the only payment they accept is PayPal and I boycott PayPal after they stole $900 from me… I wish they would take other forms of payment
I asked for some recommendations online. My biggest requirements were a ‘slave only’ offering, DNSSEC/IPv6 support, and ‘not Dyn’ (I just can’t give Oracle money these days). With all that in mind, I ended up choosing dnsmadesimple.com (edit: looks like they’re $30/yr, not $15 as above. Mea culpa) It was seriously easy to get everything set up (less than 20 minutes!) and now I don’t have to worry about what happens when my master goes down.
Do you mean dnsmadeeasy.com or do you mean dnsimple.com?
dnsmadesimple.com doesn’t exist
My deepest apologies, this is what I get for Internetting when I’m about four cups of coffee short.
dnsmadeasy.com is the correct one.
Hello everyone! This is my first post. :)
I’m Vitalie from LuaDNS. We don’t offer slaves right now (only AXFR transfers), but if you don’t mind to fiddle with git, you can add your Bind files to a git repository and push them to us via GitHub/Bitbucket/YourRepo. You can keep using your DNS servers for redundancy as slaves.
You get backups via git and free Anycast DNS for 3 zones. :)
Interesting - that’s not a bad idea.
If I were a corp I wouldn’t want this method, but for the single user, the investment has been well worth the pay-off - even if I decide to go with a vendor in future, I’ll understand what I’m paying for.
I really dislike pairing, it takes away all the fun in programming and replaces it with a theatrical show.
Programming for me is 95% thinking (when writing and debugging) and 5% typing. My train of thought is orders of magnitude faster than my speech, so when pairing I get bored after 30 minutes and my productivity falls down.
The ordinary domain owners amongst us would probably like a registrar that used real 2FA (i.e. no SMS tokens masquerading as 2FA) and had a phone tree that couldn’t be trivially socially engineered.
Anyone have any recommendations?
I use NameSilo. They have 2FA (with TOTP) and an additional Domain Defender option that notifies you of changes.
NameSilo certainly makes it very difficult to transfer a domain out to another registrar.
If you use their domain privacy service you’ll never get the emails of the other registrar, they only allow you to cancel the outgoing transfer and not to expedite it, and finally once you pass all the hurdles the actual transfer takes 7-8 days instead of the standard 5.
I was with them for all of my domains, but after that recent transfer experience I’ll move everything elsewhere, regardless of how painful they try to make it.
Hover has TOTP.
I use Hover. I switched to them about a year or so ago, specifically because they had TOPT/2FA, and my previous registrar did not. Hover is pretty ok so far.
I’ve been using NameCheap for a while for all of my domain names, and they just started using a custom phone app to do their 2FA instead of only SMS. Never tried to check the security of their phone tree though.