1.  

    Got given a google home for free and ended up giving it away. Just don’t feel comfortable with google handling this information. Switched to an iphone recently and I feel better about siri just because Apple actually seems to give a shit about user data and privacy.

    1. 14

      Calling someone’s code ’clever should always be understood as an insult.

      1. 2

        I like solving made up programming changes with clever code. Its fun to see how small and wacky you can make the code but I would never put that stuff in a real app.

        1. 1

          In an idiocracy, this would be true.

          It’s like telling a joke to an emperor, he doesn’t get it and so off-with-your-head.

          Maybe the comedian was too clever for his own good, or too dumb to know when to be clever.

          But we don’t live in an idiocracy.

        1. 3

          Did you end up using a state management library for the frontend? If so, how did you get it populated by the backend? I’m just wondering if there are some well known patterns for syncing frontend state to the backend, perhaps especially with a REST API.

          1. 1

            The JSON:API standard for REST API design has a lot of implementations for both the server (e.g. Rails) and the client (e.g. Redux or framework-less JS). From the documentation, it looks like those libraries handle some of the work of transmitting states through the API. I’ve never used JSON:API myself, though.

            1. 1

              I have vuex installed with vapi that does that but I haven’t found a reason why I would need it yet

            1. 65

              This is terrible general security advice, as well as a failure in threat modeling.

              The point of the (very usable!) built-in password manager is to fight phishing and password reuse, which are each orders of magnitude bigger problems than endpoint compromise, which is the attacker position this article relies on. That alone makes this dangerous advice.

              But even if you are somehow focusing on endpoint compromise, on desktop systems the malware can just wait for you to type the password manager master passphrase, and exfiltrate the entire vault. Not 12 lines of code, but maybe 120. In fact, there’s a better argument for calling the latter approach “security by obscurity”; I wouldn’t call using SQLite an attempt at obscurity at all.

              In practice, the passwords that matter are the system FDE one for encryption at rest (which protects the browser passwords as well as the rest), and the sync password to protect the contents from the cloud provider, which the browsers correctly implement.

              The only thing requiring a master password to be typed to unlock the vault locally would do for most users is degrade UX, reducing adoption, and provide a false sense of security (because again if the endpoint is compromised, it will fall to keyloggers or memory inspection).

              1. 11

                Its annoying how so much of this “security advice” is about stuff where you have already been compromised and there are already 100 other ways to get the data or its about such insane things like “Out of office emails are a security risk” because someone might send you and email and then know they can launch an attack while you are on holiday..

                1. 1

                  In practice, the passwords that matter are the system FDE one for encryption at rest (which protects the browser passwords as well as the rest), and the sync password to protect the contents from the cloud provider, which the browsers correctly implement.

                  Firefox doesn’t implement the second properly: passwords are encrypted using a key which is a simple function of the password (which means that Mozilla can attempt to crack them, and will be successful for simple password like ‘open sesame.’

                  Worse, they don’t even have to do that: they sometimes prompt for Firefox passwords on web pages, which means that they can just steal your plaintext password there.

                  Sadly, Firefox used to have a password storage system which really was secure against Mozilla being malicious.

                  I think that Chrome is very slightly better here, because the password-encryption password is never shared with Google.

                  I completely agree with everything else you write, though.

                1. 7

                  There is no reason you have to use server side rendering with rails. My website uses rails to serve a json api to the frontend and I still get all the upsides listed on this post like devise and factorybot. I investigated using rust for the backend for speed reasons but after a few weeks trying it I went with rails because of how insanely fast it is to develop stuff with rails.

                  At the end of the day I would rather have a finished project over a faster one that doesn’t exist.

                  1. 3

                    I never was a rails guy so this may be off target, but I thought the author was suggesting you still have to do more work to write a JS based UI that takes advantage of all the things that Rails can do on the backend. He wants something that has the same ease of use that server rendered Rails apparently had.

                    1. 1

                      Rails even has “api-only mode” and has webpack integration. It does not save you from burdens of GraphQL and complex state management in React, however. UJS is mostly failed thing. But backend things are still there and it’s still better than most node.js libs, at least if you don’t need cooperative multitasking for handling millions of idle connections.

                    1. 10

                      It’s going to be interesting to see how much this is going to affect the future of how the WWW functions. GDPR sure didn’t manage to be as severe of a measure as we’d hoped it be. Heck, I’m having troubles getting the relevant authorities to understand clear violations that I’ve forwarded to them, where they then end up just being dismissed.

                      But this law here is of course not for the people, no… This is here for the copyright holders, and they carry much more power. So will this actually result in the mess we expect it to be?

                      1. 25

                        GDPR and the earlier cookie law have created a huge amount of pointless popup alert boxes on sites everywhere.

                        1. 10

                          The one thing I can say is that, due to the GDPR, you have the choice to reject many cookies which you couldn’t do before (without ad-blockers or such). That’s at least something.

                          1. 10

                            Another amazing part of GDPR is data exports. Before hardly any website had it to lock you in.

                            1. 4

                              You had this choice before though, it’s normal to make a cookies whitelist for example in firefox with no addons. The GDPR lets you trust the site that wants to track you to not give you the cookies instead of you having personal autonomy and choosing not to save the cookies with your own client.

                              1. 26

                                I think this attitude is a bit selfish since not every non-technical person wants to be tracked, and it’s also counter-productive, since even the way you block cookies is gonna be used to track you. The race between tracker and trackee can never be won by any of them if governments don’t make it illegal. I for one am very happy about the GDPR, and I’m glad we’re finally tackling privacy in scale.

                                1. 2

                                  it’s not selfish it’s empowering

                                  if a non-technical person is having trouble we can volunteer to teach them and try to get browsers to implement better UX

                                  GDPR isn’t goverments making tracking illegal

                                  1. 15

                                    I admire your spirit, but I think it’s a bit naive to think that everyone has time for all kinds of empowerment. My friends and family want privacy without friction, without me around, and without becoming computers hackers themselves.

                                2. 18

                                  It’s now illegal for the site to unnecessarily break functionality based on rejecting those cookies though. It’s also there responsibility to identify which cookies are actually necessary for functionality.

                              2. 4

                                On Europe we’re starting to sign GDPR papers for everything we do… even for buying glasses…

                                1. 12

                                  Goes on to show how much information about us is being implicitly collected in my honest opinion, whether for advertisement or administration.

                                  1. 1

                                    Most of the time, you don’t even have a copy of the document, it’s mostly a tl;dr document full of legal jargon that nobody reads… it might be a good thing, but far from perfect.

                              3. 4

                                “The Net interprets censorship as damage, and routes around it.”

                                1. 22

                                  That old canard is increasingly untrue as governments and supercorps like Google, Amazon, and Facebook seek to control as much of the Internet as they can by building walled gardens and exerting their influence on how the protocols that make up the internet are standardized.

                                  1. 13

                                    I believe John Gilmore was referring to old-fashioned direct government censorship, but I think his argument applies just as well to the soft corporate variety. Life goes on outside those garden walls. We have quite a Cambrian explosion of distributed protocols going on at the moment, and strong crypto. Supercorps rise and fall. I think we’ll be OK.

                                    Anyway, I’m disappointed by the ruling as well; I just doubt that the sky is really falling.

                                    1. 4

                                      I agree that it is not the sky falling. It is a burden for startups and innovation in Europe though. We need new business ideas for the news business. Unfortunately, we now committed to life support for the big old publishers like Springer.

                                      At least, we will probably have some startups applying fancy AI techniques to implement upload filters. If they become profitable enough then Google will start its own service which is for free (in exchange for sniffing all the data of course). Maybe some lucky ones get bought before they are bankrupt. I believe this decision is neutral or positive for Google.

                                      The hope is that creatives earn more, but Germany already tried it with the ancillary copyright for press publishers (German: Leistungsschutzrecht für Presseverleger) in 2013. It did not work.

                                      1. 2

                                        Another idea for a nice AI startup I had: Summarizing of news with natural language processing. I do not see that writing news with an AI is illegal, only copying the words/sentences would be illegal.

                                        Maybe however, you cannot make public from where you aggregated your original news that you feed into your AI :)

                                    2. 4

                                      Governments, corporations, and individual political activists are certainly trying to censor the internet, at least the most popularly-accessible portions of it. I think the slogan is better conceptualized as an aspiration for technologists interested in information freedom - we should interpret censorship as damage (rather than counting on the internet as it currently works to just automatically do it for us) and we should build technologies that make it possible for ordinary people to bypass it.

                                  2. 2

                                    I can see a really attitude shift coming when the EU finally gets around to imposing significant fines. I worked with quite a few organisations that’ve a taken ‘bare minimum and wait and see’ attitude who’d make big changes if the law was shown to have teeth. Obviously pure speculation though.

                                  1. 7

                                    Did we really call the accessibility tag a11y?

                                    1. 16

                                      FWIW, a11y is a fairly industry-standard term for accessibility, since it both serves as a short moniker (a la i18n for internationalization), and evokes being an “ally” for issues relating to accessibility.

                                      1. 3

                                        Accessibility is often abbreviated as the numeronym a11y, where the number 11 refers to the number of letters omitted. This parallels the abbreviations of internationalization and localization as i18n and l10n respectively.

                                        https://en.wikipedia.org/wiki/Computer_accessibility

                                        1. 3

                                          The number of times I have to type I18n in our app makes me glad this happened.

                                          1. 2

                                            Programmers really are the worst. :p

                                            1. 4

                                              Alternatively, it is nice to think of it as being an “ally” to people who use the web differently than we do. It’s cute, easy to type, and overall I don’t think it’s that hard to understand. I do see the concern that to people outside the industry it may not make sense, I just feel like on a highly technical site like lobsters it’s not as big of a concern. The tag description does say “accessibility” for what it’s worth.

                                          2. 2

                                            You know, I never questioned whether that was appropriate until now…

                                            1. 4

                                              Wait, I’m confused (or just ignorant) here - why wouldn’t it be? Is it different from shortening internationalization to i18n?

                                              1. 5

                                                It’s the same idea, but it’s kind of not very accessible in that it excludes people because it needs explanation.

                                                1. 4

                                                  Every field has jargon, and the cost of not having jargon is being unable to talk about that field’s ideas at all. I support Ed Kmett’s approach: use only jargon you understand and always be prepared to explain things to onboard newbies.

                                                  1. 2

                                                    Yeah, I mean, I realize that this term is fairly well-known. It’s a field that’s about people’s lives, so it does have a higher standard to meet than, say, type theory. I suspect that in practice, this abbreviation isn’t a problem. I was just a bit surprised at myself that I never questioned it before. I still don’t even know how it sounds in a screen reader, since I don’t have one set up to test with.

                                                    1. 3

                                                      I still don’t even know how it sounds in a screen reader, since I don’t have one set up to test with.

                                                      Just tested with Windows Narrator, it pronounces it “ay-eleven-why”.

                                          1. 3

                                            When you’re doing a pull request, some random guru-senior-architect might occasionally check your code and suggest few changes. Sounds unlikely but any additional eyes might uncover bugs or architecture mistakes.

                                            Is this true? I would love to have someone review my code but I cant see it ever happening. Do I just open a PR and hope someone comes along to review it? How would they even know I am waiting for public review. It feels quite rude to jump in to someone elses project and start reviewing their changes.

                                            1. 4

                                              “Watchers” of the repo will get notifications, so they can get involved pretty easily if they want to. Also, you can add a label like “needs review” or something like that to attract more attention.

                                            1. 3

                                              Wonder if it would be worth offering paid subscriptions as well for larger files.

                                              1. 2

                                                Refining features on my fitness tracking website PikaTrack before I start to work on an android app for it. Been a whole lot of work so far but I think I’m getting close to a decent service.

                                                1. 7

                                                  I would dearly love to flag or downvote this article for just being terribly, terribly bad, but there doesn’t seem to be an option for that. And then I see that 12 people have actually upvoted it. What on earth.

                                                  1. 2

                                                    Yeah I was looking at the flag reasons, its not spam, its not technically off topic. Its just total fluff/garbage.

                                                    1. 3

                                                      spam is how I usually flag this sort of stuff, because it’s low-quality meat.

                                                    2. 1

                                                      It’s the kind of bad programmers like. It’s written to be bad. I spent the last week writing a very complicated post on a critique of the narrative around the programmer job in the west and I had to kill it because it was going nowhere. I had the need to get some easy sweet up votes and wrote this because I knew it’s the kind of cheap humour programmers like.

                                                      Also I believe the expected behavior on lobste.rs is that if you disagree with the opinion of the majority of the voters is just to ignore the post. Down voting is not about the quality of the content.

                                                      1. 4

                                                        The moment lobsters becomes a site for cheap programmer humour is the moment the website dies.

                                                    1. 11

                                                      Here’s the issue:

                                                      • I write a post on kineticdial.com—it receives a couple hundred reads.
                                                      • I write a post on Medium—it receives tens of thousands of reads.

                                                      It really depends on what problem I am trying to solve for. Am I trying to get the content I write to be read by the most people or am I trying to develop a personal brand largely for employers considering hiring me?

                                                      1. 16

                                                        Or you write it on your site and duplicate to medium. Two birds, two stones

                                                        1. 11

                                                          Or write a new post for Medium and link to a ton of old content on your site.

                                                          1. 2

                                                            Very true!

                                                          2. 13

                                                            Genuinely honest question: if it’s a personal blog, why do you care about how many readers you’re getting? I understand that getting absolutely zero views is kinda depressing, but with a few dozen readers, I feel like content. My blog is just my personal space for me to ramble on about things I care. It’s personal.

                                                            I guess it’s human nature to always want more, but I dunno, I just don’t feel that with the number of readers reading my blog.

                                                            1. 11

                                                              Zero views can be depressing only if you measure it :)

                                                              I removed all statistics from my pages a while ago (did not check GA before anyway). While I don’t write as often as I’d like to, when I do, I find obliviousness to my content’s reach liberating.

                                                              1. 5

                                                                I’ve found that just getting higher numbers stops mattering pretty quickly for my personal satisfaction. If someone emails me with a genuine question or complement, it would make my day!

                                                                The other day I gave a training talk to a bunch of new employees via video call. One of them recognized me in the hallways and said he thought it was funny, engaging, and interesting. It really did make my day! Much more so than knowing I’m impacting a dozen products by training a dozen engineers. Same goes for code. I know for a fact code that I’ve written touches millions of people every day. But that stat became pretty meaningless quickly. If one of them said they liked a feature I worked on, that would mean a lot more to me.

                                                                Fuzzy feelings beat pure numbers for me. I suspect looking at blogging from that perspective will push you toward enabling comments and encouraging tweets and email.

                                                                1. 2

                                                                  True. I don’t have any kind of analytics on my blog either. But I have a couple of friends who follow my blog, so that’s how I know :) But it wouldn’t matter if they stopped reading (perhaps they have already and they’re too polite to tell me), I’d still write about the same things at the same frequency with the same writing style. That’s the beauty of the internet. I hope we don’t ever lose that.

                                                              2. 10

                                                                I’ve had the opposite experience: my website pieces got far more readers than my medium pieces. This could just be because I’ve written a lot more and my topic has changed, but it’s still a data point.

                                                                More importantly to me, I’ve gotten more engagement from website pieces. People are more likely to email me about them.

                                                                1. 6

                                                                  I speculate, but can’t prove, that it helps that the website is a straight-forward, minimalist design that takes people straight to good content without distractions or asking pardon for interruptions. A better, user experience.

                                                                2. 4

                                                                  Interesting; why do you get so many more reads on Medium?

                                                                  1. 9

                                                                    Medium has tools for discovering interesting content. You can browse blog posts not just by author, but by category and tag, and at the bottom of every post are “related reads” - links to articles by the same author or by other authors that might be relevant to your interests. Combined with the traffic generated by a cohort of popular bloggers, that means impressions on your own writing are much more likely.

                                                                    Compare that with a personal website, where people will only discover it if they go to your site specifically, happen to find you on google, or have you in their RSS feed.

                                                                    1. 3

                                                                      Medium also recently rolled out a feature where you’re not allowed to read more than N articles without paying.

                                                                      No idea if it was a one-time thing, as my wife and I haven’t seen it since. But we were both wtf’ing about it.

                                                                      Beware the shiny tools.

                                                                      1. 9

                                                                        Not the shiny tools: putting trust and data in an organization whose incentives are aligned against you now or potentially in the future. It’s why I strongly push for:

                                                                        1. Open formats and protocols with open-source implementations available to dodge vendor lock-in. Enjoy the good, proprietary stuff while their good behavior lasts. Exit easily if it doesn’t.

                                                                        2. Public-benefit and/or non-profit organizations chartered to do specific good things and not do specific bad things. Ghost is best example in that area. Alternatively, self-hosting something that’s easy to install, sync, and move on a VPS at a good company like Prgmr.com with local copies of everything.

                                                                        Then, you don’t care if the vendor with shiny tools wants to put up a paywall on their version of the service. It will be their loss (No 1) or not happen at all (No 2.) We must always consider economic and legal incentives in our investments of time, money, and data. That’s the lesson I took way too long to learn as a technical person.

                                                                        1. 3

                                                                          You’re referring to the Medium Partner Program to which the author has to explicitly opt in to. If they do, they get a cut of the payday.

                                                                    2. 2

                                                                      what is a read? i have a feeling that most pageloads on medium are not actual reads, unless there are active metrics on the client side.

                                                                      1. 1

                                                                        They distinguish reads from views in their stats page so there’s some sort of client-side logic that tries to determine true reads.

                                                                      2. 1

                                                                        I write on my own website and post it to websites like this. Someone posted a link to my website on hacker news and it hit the top and I got thousands of views without any need for medium

                                                                      1. 3

                                                                        You probably don’t need any particular thing at all. SPAs are a tool, SSR is a tool. There are lots of other tools as well. All of them could probably be done with something else. None of that matters as long as the tool is able to do what you want which they all can.

                                                                        1. 1

                                                                          You can drive in a screw with a hammer too. Or a nail with a screwdriver.

                                                                          For some jobs SPA is not the correct good tool. For others, it is. Right now, SPAs are treated as the only tool anyone would need, which is wrong. SPAs come with a bunch of downsides, are harder to develop, and tricky to get right. Sometimes those downsides are worth it, but frequently they’re not.

                                                                        1. 17

                                                                          if only there was a browser that was committed to the open web

                                                                          1. 5

                                                                            I use Firefox on GNU and Android, which puts me in a tiny minority. See my comment at top level for why I brought up this post.

                                                                            1. 10

                                                                              My frustration with firefox was their support of DRM/EME is a serious violation to the idea of an open web

                                                                              1. 16

                                                                                I agree that the EME is a horrible thing for the open web. However, I think a strong Firefox is one of the most important things for the open web, and people would’ve been switching even faster from Firefox to Chrome if Chrome was the only way to play Netflix/HBO/whatever.

                                                                                At least they implemented it in the best way possible; AFAIK, Firefox ships with no closed source EME blobs, just the infrastructure, and the blobs aren’t downloaded before the user requests it.

                                                                                1. 7

                                                                                  I agree but if this is our biggest frustration with Firefox it is in good shape.

                                                                                  1. 2

                                                                                    there’s also the ssl pushing and deferring to google to say which sites are dangerous

                                                                                  2. 4

                                                                                    You have to pick your battles DRM wasn’t one that could be won right away. Firefox waited out for a long time after all the other browsers added drm. It did not cause drm to be stopped, it just caused everyone to leave firefox to watch videos.

                                                                                    If firefox keeps its users it can use its power to win other battles, right now they are adding tracker blocking and stopping autoplay. If they stuck to having no drm they probably wouldn’t even exist anymore.

                                                                                2. 2

                                                                                  there’s not.

                                                                                1. 3

                                                                                  I have been using the default webpack config that vuecli set up. Has been working well for me. Also I wonder what the performance penalty of multiple files is now with http 2. On the first request the server can send the html and every js/css file at the same time so you don’t have multiple round trips

                                                                                  What seems more efficient to you: downloading 1000 lines of code 10 lines at a time, or downloading 1000 lines of code all at once?

                                                                                  This is a terrible way to explain something. You can’t download 1000 lines all at once. They all come one bit at a time. Also just vague feelings about speed are not useful. Measure the speed before and after the change and then use the results to make your decision. It certainly was true however that multiple JS files did cause slowdowns because browsers would only request a limited number of resources at the same time but I doubt it has much of an effect at all anymore. If I was writing a blog post and posting it here I would actually test this claim however.

                                                                                  1. 1

                                                                                    hey, thanks for the feedback, I’m going to tweak the wording to hopefully be clearer

                                                                                  1. 23

                                                                                    I think sometimes the motivation for doing something as a SPA, whether it really has to be or not, goes like this:

                                                                                    1. Having an API for our service is a business requirement.
                                                                                    2. If we ever do a non-Web app (native mobile, desktop, voice assistant skill, etc.), it’ll have to use the API.
                                                                                    3. To ensure the API doesn’t end up being second-class, our web front-end should use the API as well.
                                                                                    4. I don’t want to go full micro-services already.
                                                                                    5. Having a server-rendered web app access the API over http://localhost just seems dumb.
                                                                                    6. So… SPA.

                                                                                    Has anyone else gone through this thought process?

                                                                                    1. 3

                                                                                      Yeup. At $work we have a bunch of projects on which we’re contracted to deliver a mobile app and a web app using the same backend. This makes NodeJS (server) + React DOM (web) + React Native (app) really attractive. We take advantage of a lot of skill-sharing between React and React Native, and a little bit of skill-sharing between the NodeJS bits and the rest.

                                                                                      1. 3

                                                                                        I think I did #5 recently…

                                                                                        1. 3

                                                                                          Yeah, I’m not really sure what’s wrong with #5. I vehemently object to the use of javascript, so if I were given freedom to design a web interface to an API, that’s exactly what it would look like.

                                                                                        2. 2

                                                                                          Our website at work was built not as a SPA and now our customers require an API. If we just built it off to the side it would end up not keeping up with all the features that the website has. So many APIs today are second class. Now we have to put in a huge effort to convert the existing website in to a spa.

                                                                                          1. 1

                                                                                            Can you use the API on the server side, as an abstraction layer under your existing MVC app?

                                                                                          2. 1

                                                                                            We do software in a similar fashion where I work, but instead of doing SPA’s our server-side MVC endpoints call into Web APIs. Not sure if that’s better or worse than what you describe.

                                                                                          1. 1

                                                                                            I only just convinced myself last week that I don’t need an ergo dox :L

                                                                                            One of the devs at work has one and it looks so nice. I got a regular mechanical keyboard kit for about $150 AUD and I’m not really happy with the build quality.

                                                                                            1. 11

                                                                                              Why not just block all autoplay?

                                                                                              I don’t get why so many news websites have this autoplaying video, which gets pinned when you scroll down 🤦; even without audio this seems like terrible UX design: who wants to be distracted by a bunch of moving images when reading text? I certainly don’t.

                                                                                              Either I am a very special users or there are a lot of really bad web designers. I suspect it’s probably the latter. Autoplaying video is the <blink> and <marquee> of this decade.

                                                                                              1. 10

                                                                                                Its because most “gifs” these days are actually just videos with no sound. This change is aiming to not break that which would cause websites to revert to the much less efficient actual gifs.

                                                                                                1. 1

                                                                                                  I wouldn’t mind blocking actual animated gifs from animating without a click too.

                                                                                                  1. 1

                                                                                                    https://addons.mozilla.org/en-US/firefox/addon/toggleanigif/

                                                                                                    (and I’m sure there’s a variant with a per-image enabling or something…)

                                                                                                2. 8

                                                                                                  I strongly suspect that it is cargo-cult behaviour – someone somewhere heard that video coverts at 17x the rate of text and thus obviously it is the case that any video is therefore better than any other medium. Add in panic over shrinking ad rates, and you have the recipe for a self-destructive feedback loop.

                                                                                                  Advertising is really a scourge.

                                                                                                  1. 3

                                                                                                    In many cases, it may have been a decision based on conversion metrics. Not cargo-culting, actual data-driven decision making.

                                                                                                    Of course, data-driven decisions are only as good as the data. There is some dispute over the extent to which those metrics were real.

                                                                                                    1. 7

                                                                                                      I don’t even mind the autoplay video on the top of the page. I get that this can be useful.

                                                                                                      What I don’t get in particular is the small video in the bottom-right corner that so many websites add. If I scroll down, then I’m clearly not interested i your fecking video, so why continue forcing it upon me? I simple stopped visiting websites that do this. It’s obnoxious beyond belief.

                                                                                                      In fact, when utilized correct, autoplay doesn’t need to be bad, if it only start playing when the user focuses the tab/window and stops playing when people scroll past it.

                                                                                                      It’s not very hard really.

                                                                                                1. 4

                                                                                                  I used mail-in-a-box with a 1gb linode.. worked well. FF, DDG for search. Started all a year or so ago, honestly don’t miss any of G’s services. Had written this back in ’13 -> https://medium.com/@hitchhiker2010/weve-given-google-far-too-much-power-32ba2b38c219

                                                                                                  1. 2

                                                                                                    I used to self-host my mail server on Linode and would occasionally hear that my emails were being marked as spam (even after setting up SPF, DKIM, etc.). Have you had this issue? Maybe it was just bad luck w/ the IP I was assigned.

                                                                                                    1. 1

                                                                                                      I used to self-host, but I had problems with email not getting through. I switched to pobox.com. They have a decent webmail service, decent spam filtering, and their business model does not involve harvesting personal information or advertising. Instead, I pay them $50 per year. They are pretty strict about keeping their IP address range “clean”, so that their addresses don’t get added to DNS blackhole spam filtering lists. So my email isn’t marked as spam. In order for a hosting service to provide you with clean IP addresses, that service needs to perform mandatory spam filtering on any email sent from their addresses.

                                                                                                      1. 1

                                                                                                        I similarly stopped self-hosting and now I use FastMail. I’d love to move back to self-hosting though if I can find a good hosting provider.

                                                                                                      2. 1

                                                                                                        I self host using mailinabox with a super cheap vps on vultr. I had about 2 emails get marked as spam in the beginning but never had any issues after.

                                                                                                    1. 3

                                                                                                      I have been planning on finding a friend with a NAS and offering that we exchange some amount of storage on our NASes so that we both get an off site backup.

                                                                                                      1. 3

                                                                                                        Instead of trading space what about attaching an external drive you own to your friends NAS where you can backup your data to? This might make it easier and the probability of this disk failing while you have a problem with your NAS should be low enough. But then again… Murphy’s Law.. :/