Stop running servers for your hobby
INEX meeting, Dublin. 15 March 2018.
|
I have a hobby. Medieval reenactment. We do things like hang around in castles, scribe beautiful scrolls, and hit each other with sticks. Something about the medieval reenactor crowd: they like to do things themselves. Make things with their own hands. That's true of a lot of us here. We're techies. Technology is a job, but for a lot of us, it's a hobby too. How many people here run their own personal server? VM? How many are the "technical person" for our sports club or kid's school or an event we help run? |
|
We like to have control. We like to do it ourselves. I'm Anna Wilson, and I'm here to ask you not to do that. Why? Let's look at why we like to run our own stuff. |
|
I think there are three parts to this. Let's look at the first one. Are you sure you want control? Control means responsibility. Have you seen Apache logs these days? It's hordes of zombies. |
|
Then software has crazy vulnerabilities. I'm still not over the fact that you were able to connect to a port and emotely read fragments of previously freed memory. Gonna move on. I'm afraid if you name them all in one place, you might summon them. So that's the inadvertent vulnerabilities. |
|
Wordpress powers 30% of the internet, and deservedly so. It's remarkable software, kept bang up to date by a team responsive to vulnerabilities. But what about plugins? Do you trust the plugins? Are they kept up to date? SOURCE: wordpress.com |
|
Are they being kept up to date by someone who bought the plugin from the original developer and inserted a backdoor? Well, how often does that happen? Surely not more than once or twice, or five times... SOURCES: Bleeping Computer [1], [2], [3]. |
|
This leads in to the second point. I used to be able to do this sort of thing better and cheaper than someone else, maybe ten or fifteen years ago. But now, you need a lot of lines of defence to not screw this up. And other people have made a pretty efficient business out of that. Not just because most people can’t understand how to do it but because they can’t devote the time to it properly. |
|
As as for enjoying it, well, I used to. But when I do my hobby, I kind of want to do my hobby. If I have to spend time on technical stuff that begins "First create the universe" begins to feel like a full time job. There's a reason for that. |
|
Running a service - and running your own server is a service - is making a promise that you will deal with it and upgrade it when needed. It puts you on call 24/7/365. I used to be ok with that. I’m not anymore. |
|
When that second wordpress story hit, I was in Norway. On holiday. Looking at this. There is no way the right answer was to run back to the ship to get on wifi and worry about fixing my stupid hobby website. The first step is admitting you have a problem. The second step is reducing expectations. But only a little. I get asked to build all sorts of little utilities, that I could definitely build. I hate to say no. But the question isn’t “can I build it?” It’s “am I prepared to be the directly responsible individual for this permanently or until I can find another mug to take over the rat’s nest I don’t want to maintain anymore?” Gee, I wonder why we have a tough time recruiting into our hobby? |
|
Dare I mention GDPR? No, never mind. |
|
I think there are three good ways to approach this, depending on why you're doing it. Say you’ve been asked to help make a website, for your kid's school and you don’t want to be involved in future. Spend an hour on squarespace, and they provide (a) hosting, (b) a nice interface to change things, (c) a support line that isn't your mobile phone number. If you want to save a few quid, Wordpress is fine. It runs a third of the web for good reason. But don't try to secure it yourself. Use a hosted version, like Wordpress dot com, where they take care of it for you. And for the love of god avoid plugins You don’t have to like how things are changing to know that this is true, and that even if you do not act, it is acting on you. But... these things, the costs add up. Managed web hosts tend to charge per site per month. My hobby has over a dozen branches in the British Isles alone. We wanted to do something for them. Is there something we can do to bring those costs down? And there is that fizz from doing it yourself. Don’t you miss the good old days? Didn't we get into this racket because we were interested in the tech? |
|
This is where I learned my trade. Running your own server, installing linux, apache, maybe mysql and writing a little bit of PHP. If this isn't your thing anymore, that's fine. Leave it to third party services. But there's still a place for this curiosity. It's just that the tech has moved on. After a couple of bad experiences with Wordpress, I wondered if there were any CMSes that output plain HTML. Then I can upload plain files to a web hosting service and not worry. There's a plugin to do this, but one of my rules is: make sure other people are actually using it this way. The only thing I could find didn't look like something I could easily automate. |
|
I found that there are things called Static Site Generators. Found staticgen.com, and immediately got scared off. There are zillions of these things and I couldn't tell the difference between them. SOURCE: staticgen.com |
|
After a while I discovered that the Obama campaign built a fundraising platform on Jekyll and raised $250 million with it and I thought, if it's good enough for Barack Obama, it's good enough for me. SOURCE: kylerush.net |
|
Then I had to get my head around version control. I'm old enough to have made the leap from CVS to Subversion. But I could never get my head around git. I am here to help. Here's the Git cheat sheet no asshole would tell me for like five years. |
|
Hosting. When your site is static, and you're using git, you suddenly have a ton of options. Both GitHub and GitLab have products where they'll just host your website for free. GitHub runs jekyll in the mysterious background. GitLab runs anything you like in its own Continuous Integration platform. I find that really powerful, because I get a number of minutes on a virtual machine, so I can use that for staging, and then have them automatically slurp it up to my paid web host. SOURCES: pages.github.com, about.gitlab.com |
|
So where I used to learn my trade by running a LAMP stack, now I'm learning this.
It's really brought back the interesting hobby aspect of the tech to me, without putting me on call to run a service. And I've brought this back into my work. I used to think of my job as being running our own infrastructure. In a lot of cases, it still is. It's hard to be an ISP without some routers, and you need something to run the services. But we have a tendency to go "I need to run some software. First I will deploy a VM." Are you sure that's a good idea? When you deploy a VM, you implicitly make a promise that you're going to keep it up to date. That's easier to swallow in a company than it is for an individual in a hobby. But those promises seriously add up. |
|
If, instead, we use ansible and deploy it using GitLab CI using a shared runner, that drastically simplifies the infrastructure that's crucial to our network operations, and even makes it shareable with other teams doing other work. Way to bury the lede, right? Set out to talk about hobbies, ended up talking about work. So just like the LAMP stack ended up teaching me the skills of my trade, I've brought this back into my work too. And they're MUCH more similar than you'd think. If you want to learn the CI/CD tools that everyone raves about, but don't want to start on the network - start with your hobby website. |
|
Thank you very much. (And if you're enthused to try out medieval hobbies, come take a look.) |