Eh, I wouldn’t go about ‘the self-hosted admins didn’t do anything!’. There never really was a time when the majority (or even a meaningiful minority) of users hosted their own email.

In the beginning, you got your email address from your school or your ISP, and it changed whenever you left/changed providers, so the initial “free” email came from the likes of Hotmail (which rapidly became Microsoft), Yahoo (which was uh, Yahoo), and offerings from the big ISPs of the era, like AOL and whatnot.

You still had school and ISP email, but it just rapidly fell out of fashion because your Hotmail/Yahoo/AOL email never changed regardless of what ISP you used or whatever, so it was legitimately a better solution.

And then Google came along with Gmail and it was so much better than every other offering that they effectively ate the whole damn market by default because all the people who were providing the free webmail at that time didn’t do a damn thing to improve until after Google had already “won”.

So if you want to be mad, this is firmly Microsoft and Yahoo’s fault for being lazy fucks.

Keep in mind that you’re going to be retrieving and storing a huge amount of data running these scripts, and you should expect to need more than a $5 1gb of RAM vps to do it without it being a shitty broken experience for you.

We’re talking dozens of gigabytes of storage for the database, plus effectively a need for an infinite amount of storage for the image caching, plus enough RAM and CPU resources to effectively process the whole Threadiverse.

Anything on the public internet is some amount of risk.

It sounds reasonably configured, and for a single service that’s been fairly robust, the only thing you really should make sure you’re doing is updates - better if you configure automatic updates, so you don’t even have to think about it.

unattended-upgrades is what you’d want on a Debian-alike for updates, and Overseerr depends on how you installed it.

They’re not wrong in that most people aren’t suited to or should be running what is effectively public services for other people from some surplus Dell R410 they found on eBay for $40.

That said, it’s all a matter of degree: I don’t host critical infra for people (password managers, file sharing, etc.) where the data loss is catastrophic, but more things that if it explodes for an afternoon, everyone can just deal with it. I absolutely do not want to be The Guy who lost important data through an oversight on an upgrade or just plain bad luck.

But, on the other hand, the SLA on my Plex server is ‘if it works, cool, if not I’ll fix it when I can’ and that’s been wildly popular I haven’t had any real issues, because my friends and family aren’t utter dicks about it and overly entitled, but YMMV.

TL;DR: self-hosting for others is fine, as long as the other people understand that it’s not always going to be incredibly reliable, and you don’t ever present something that puts them at risk of catastrophic loss, unless you’ve got actual experience in providing those service and can do proper backups, HA, and are willing to sacrifice your Friday evening for no money.

Good news, then: http://canvas.toast.ooo/

UptimeKuma is what I use; it’ll watch tcp connections, docker containers, websites… whatever. And the notifications are pretty comprehensive and probably cover anything in 2023 would want to be using.

IRC is extremely federated: building a network of linked servers sharing the same channels was done pretty early in it’s existance.

If anything, IRC is more decentralized than ActivityPub-based services, because there’s no ‘home’ server for a given IRC channel, and if thus if a server goes down, you don’t lose all the channels that were created on it.

That’s fair; I wasn’t really considering how poorly performing PSUs were at extremely low loads, despite knowing that they are.

Odd that a random brick would be substantially better than a same-era actual PSU, but I suppose it’s hard to say without more specifics.

The T variant is the low-power, lower clocked (3.2ghz vs 2.5ghz) almost half the TDP (65w vs 35w) variant; kinda the whole point is it’s going to use less power.

The answer for your question is ‘no’.

You’re never going to reduce power usage substantially by swapping PSUs, because there’s just not enough efficiency gains to be had even if a Pico PSU was more efficient which they really aren’t.

You say the hardware is ‘nothing too different’ but you mention ddr4 vs 3, which makes me think the Dell is a generation or few older which could easily impact power draw by 10w.

Technically you’re correct: your VPS provider can inspect your network traffic, the contents of RAM and anything on the disk.

Bluntly: you have to trust your VPS provider, and if you’re unsure they’re trustworthy you shouldn’t use them.

(Scaleway is legitimate, bound by actual useful data protection laws, and has a comprehensive privacy and security policy.)

Yeah, I just mentioned it because OCI is kinda wonky and requires some static routing stuff in the iptables on the host to have the platform work as intended (which, as far as I’m aware, no other hyperscaler does), which strikes me as really really lazy engineering, but I’m just a simple computer janitor so maybe I’m wrong there.

The most infuriating thing at my last job was people sending in a ticket freaked out that their database was stolen and ransomed, and us going ‘Well, we sent you 15 emails over the last 3 months telling you that you had the database open and improperly secured, so what exactly are you wanting us to do now?’

A list of who an instance federates with or is blocking is at https://an.instance.youre.wondering.about/instances (replace with the proper site name)

That’s not really the right approach on OCI, unfortunately: if you just flush the rules you also break a lot of their management plane.

You’d want to modify the /etc/iptables/rules.v4 and rules.v6 files to add any rules you want to load on boot (and, of course, if you just flush the rules without saving them, then it won’t persist and a reboot will break things, again).

It’s an arguable benefit: I’m a fan of having the security policies AND iptables sitting between me and doing something stupid, but I also spent most of the last decade dealing with literally thousands and thousands of compromised hosts that just whoopsie oopsed redis/jenkins/their database/a ftp service in a publicly accessible state, got hacked, then had the customer come crying to us asking why we didn’t keep them from blowing their foot off - which, basically, is what the OCI defaults do.

If you go old PC and use it for Jellyfin, you probably want hardware that can do accelerated video transcoding so you probably want to aim for 8th gen or newer Intel CPUs (with integrated graphics), because that gets you 10bit h265 transcoding, which I’d say is probably the bare minimum you should aim for these days.

Granted that’s 5 or 6-year-old hardware, so it’s hardly new, but it took me a bit to figure out why in the world the transcoding performance and quality sucked and what’s supported where and at what gen of hardware is… hilariously unclear.

Their whole product looks weird: it just looks like you can pay extra money to ensure you get the same exit IP every time.

I don’t know WHAT the use case is for that, but if people want to give someone money for it, might as well take it.

The constant politics argument is tiring. Do you know the politics of the guy who made your favorite game? What about the guy who made your text editor? Or your browser? Or the software in your microwave? Or grew your food? Or the guy who made that song you like? What about the owner of the last convenience store you bought your mtdew from?

Even if the commentary is coming from an honest point of view and not just shitty astroturfing (and it very much isn’t), it doesn’t matter. If you don’t like it, use an instance that’s not run by them and who cares.

I’m not a Postgres expert but a quick look at the pgsql limits looks like it’s 4 billion by default, which uh, makes sense if it’s a 32 bit limit.

Soooo 5 million users would need to make… 800 posts? ish? I mean, certainly doable if nobody caught it was happening until it was well into it.

Wait wait, Oracle took someone’s stuff and did a lazy half-assed job of slapping Larry’s name on it and then shipped it as a product they then sell seven-figure support contracts on?

Well, I do declare.

I think that’s likely to cover common uses outside of just ‘for the lulz’.

The for the lulz resonates a lot with me - though I know that a decade of dealing with a lot of these types assuredly biases me to at least some degree - because it’s easy enough to do what they’re doing now AFTER you figure out how you’re going to monetize it and signups this aggressive and so widespread doesn’t really make sense to me.

In my experience with content moderation/fraud/abuse work, I found that you’d often have a very slow trickle of accounts sign up over weeks/months/and, in one situation, years, and THEN they’d all break bad and you’d have entire servers and instances all light on fire at once and result in a mess that’ll take a very long time to clean up.

If you have 5,000 users that signed up all at once you can literally just delete all those rows from the database and probably not impact too many real people vs. if you have 5,000 users sign up over 6 months then you have the data dispersed in good data and now have much more of an involved spelunking expedition to embark on. I also found that it was typically done in waves as well, so you can’t do a single clean and go ‘well all the accounts that weren’t doing thing must be okay’ because eh, maybe not.

And, also, there’s a lot of hand-wringing about developer and instance politics from various blog posts, “news” sources, the fediverse, traditional social media and so on from all sides of the spectrum, and while I’d never claim to be a centrist or even remotely moderate, the more embedded in one extreme or another you find yourself you can start justifying doing all sorts of stupid shit, and a DDoS (which, quelle surprise is ongoing right now) is SO trivial to do when there’s not a whole lot of preventative measures in place that don’t require a bunch of squabbling internet humans to cooperate and work together to block signups, clean up the mess that’s already there, and work with each other on mitigation tools that do things everyone agrees with.