Blog Changes
This current iteration of my blog is the result of the straw finally breaking the camels back late last year. I had been using Wordpress as a blogging platform for the better part of two decades, but had become increasingly annoyed by it. This came to a peak when I was hacked sometime in December, and a cryptocurrency wallet distributor had insisted on injecting SEO references to their crypto wallet site into posts from my blog. It took me the better part of a week of my free time to finally track down the injection (hey, it's not my day job) and in the end, I realized that between PHP, plugins, and database management, there were simply too many (and too complex) an attack surface for me to keep track of everything I needed to do to make my blog secure.
So, beginning with Sunaina Pai's excellent makesite.py script I started the current iteration of my blog. I have added a bit of functionality to her basic outline, and moved most of the historic web pages (with some breakage) to Markdown that gets reconstructed as a static directory of files. When I wish to add additional features (like a link to all my github repositories or my archive old podcasts or even a search bar, I could add those. I have ballooned the code to about 1200 lines, which frankly I'll probably work at trimming back slightly.
Anyway... that brings me to today's tinkering.
When I abandoned my previous site and its hosting, I naturally began to think about a new hosting solution.
My needs are incredibly modest. I estimate that views of my site are only double digits or so, and the total
storage is under a couple of gigabytes (and probably less than half of that if I abandon
keeping my photos which probably should have a differnet sharing solution). So,
I wondered if I could get buy with cheap (or even free) hosting?
Free is a good price, so I began there.
My first attempt was surge.sh. If you haven't heard of it, you might go there and check it out. But for reasonw which escape me, when I installed my client side search, it didn't work properly. I also found that wasn't always the most reliable, so I decided to abandon it.
Next (and currently) I found that I could host my blog using Google's Firebase using their free tier. The limits were pretty low, but again, I think the number of users that I get per day is remarkably low, so it probably didn't matter very much. And it's been running well.
Until this week, when I got a notice that I had exceeded the bandwidth limits for the month, and my account was suspended.
Sigh. I decided that I would have to probably spend some actual dollars to stay on the web. For expediency, I went ahead and upgrade my firebase hosting to a pay-as-you-go option (their "Blaze" options). And for now, that is how I am running.
But I went back into my logs, and checked it out.
This wasn't a constant, slow increase in usage. Someone (from Turkey, by examining my logs) decided to be an asshole and not just scrape my blog (the total of which would be about 950MB) but to do so repeatedly. What were they up to? Haven't a clue. Don't care. But it was annoying.
And then I found out the problem with Firebase: it doesn't do much help with abusive actions, and to the extent that they do, it's complicated, fussy, and requires far too much user interaction. I had to install a plugin just to avoid a potentially large bill if my Turkish friend decided to be an asshat again.
And I hate plugins. It gives me Wordpress plugins.
So in my spare time I'm experimenting with other solutions. I could pay some small amounts per month (about the cost of a coffee at Starbucks) to get a site with unmetered bandwidth which would probably be adequate, and I'm thinking that's probably the way I am going to go. But I am spending a little bit of time to try to come up with a cheap and simple solution.
I've got an experiment cooking which appears to be working, and actually results in a simpler setup than I currently use, which is attractive. I'll update with a new post (and maybe an actual HOWTO) with my experience at some point. Stay tuned.
And thanks visiting.
Addendum: This reminds me of early attempts at Wordpress. Of course Wordpress is a full CMS which allows
commenters to create accounts and comment on my postings which seems like it would be cool. But the problem is
that the overwhelming majority (99%+) of all traffic was comment spam. I remember thinking that without comment
spam, I could have run my entire blog on a 2000s cell phone. Indeed, my early experimentation with Jef Poskanzer's
thttpd was running on a single core P5 with some trivial (16MB?) of memory, which was easily able to saturate
my home network. If I had a 10Mbit connection to a Raspberry Pi Pico, I could probably host the entire blog
off of a small MicroSD card. And if I could avoid being hammered by bad actors, nobody would even notice the
blog traffic.
Sigh.
Anyway, hope you all are having a good weekend. Off to the shop.