this post was submitted on 09 Jul 2025
1 points (100.0% liked)
technology
23869 readers
5 users here now
On the road to fully automated luxury gay space communism.
Spreading Linux propaganda since 2020
- Ways to run Microsoft/Adobe and more on Linux
- The Ultimate FOSS Guide For Android
- Great libre software on Windows
- Hey you, the lib still using Chrome. Read this post!
Rules:
- 1. Obviously abide by the sitewide code of conduct. Bigotry will be met with an immediate ban
- 2. This community is about technology. Offtopic is permitted as long as it is kept in the comment sections
- 3. Although this is not /c/libre, FOSS related posting is tolerated, and even welcome in the case of effort posts
- 4. We believe technology should be liberating. As such, avoid promoting proprietary and/or bourgeois technology
- 5. Explanatory posts to correct the potential mistakes a comrade made in a post of their own are allowed, as long as they remain respectful
- 6. No crypto (Bitcoin, NFT, etc.) speculation, unless it is purely informative and not too cringe
- 7. Absolutely no tech bro shit. If you have a good opinion of Silicon Valley billionaires please manifest yourself so we can ban you.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Never heard of this ISP, but 1GB will be plenty for a static website, or a rather light-weight web application like WordPress. Most VPS hosts allow you to upgrade your machine in-place, by adding additional memory, disk space, or CPUs (to a degree. At some point you will be forced to transition to a dedicated server, or to spread things like storage to a more specialized object storage host)
Probably the right choice. I do self-host email, and with things like Mail-In-A-Box it is not awful to set-up, but it requires its own VPS (so you're paying anyway) and the IP ranges of VPS providers tend to rank poorly in heuristic counter-spam systems (because people's neglected / amateur shit routinely gets hacked and turned into spam bots).
If using email for organizing, custody and jurisdiction of the email server should be an important consideration. Anything is better than Google, but there are still shortcomings of hosting email on a VPS or a dedicated service (like, they could still receive a subpoena or search warrant without your knowledge, though they are less likely to be directly collaborating in dragnet surveillance or various classified "counter-terrorism" programs like Google or Microsoft).
WordPress is okay, but it has a iffy reputation. It is a very popular web application, and is a popular target for exploits as a result. A lot of people set it up and never think about it again for months/years. Like any piece of web-facing software, you need to keep on top of updates and make sure it is not misconfigured. I have not hosted WordPress in a long time, but if you read the HTTP access logs on any VPS you will see dozens of bots probing and attempting to exploit WordPress installations (along with other popular web applications).
You can configure something like fail2ban to mitigate this noise somewhat. Along those lines, you also should exclusively use key-based SSH access. Disable password authentication completely and have fail2ban throw all the bots into the oubliette.
This is great info, thanks! I deal a decent amount with regular server security so was already planning to do SSH access only.
We're pretty much only using email for contact with people outside the org so not super concerned about opsec on that front, but I agree with you that I would like to move off Google. Institutional inertia can be a motherfucker though so who knows. I'm also looking into self hosting an encrypted messaging app since we still just use WhatsApp but that seems like it's own whole project haha.
Whatsapp can be replaced by Signal at the very least. If you're in a whatsapp chat and somebody decides to use the report feature, your keys get sent to Facebook and the entire chat is decrypted.
Whatsapp also is a bigger vector for scammers and spammers while those have been extremely rare for me on Signal (like once or twice in a few years).
A few years ago I'd recommend an un-federated Matrix server, but I'm not sure what that platform will look like in a few years. It lives and dies by New Vector LTD. At this point, I'd take a good look at XMPP with the OMEMO extension (a forward secrecy "ratchet" algorithm similar to those used in Matrix and Signal).
Something like this could likely live in the headroom of a small webserver, though there are benefits to compartmentalization as well. If you use your DNS wisely, you could give something like this its own sub-domain, and eventually move it to its own server at some point in the future.
+1 for XMPP, hosting an XMPP server is far less intensive than a matrix one and has the same security benefits with OMEMO (if a device's keys get compromised, previous messages can't be decrypted).
Matrix has some iffy history with its zionist past from an Israeli company it also collects tons of metadata and is more complicated to set up.
I ran a Synapse server (the Matrix "reference implementation") for about a year and for a thing used to allow five friends to communicate, it was an abomination. Incredibly heavy application. Nowadays at least there are some other options, but at the time Synapse was the ONLY viable implementation.