snorremd (u/snorremd)

snorremd commented on End of an era for me: no more self-hosted git kraxel.org/blog/2026/01/t... · Posted by u/dzulp0d

snorremd · 4 days ago

I've recently been setting up web servers like Forgejo and Mattermost to service my own and friends' needs. I ended up setting up Crowdsec to parse and analyse access logs from Traefik to block bad actors that way. So when someone produces a bunch of 4XX codes in a short timeframe I assume that IP is malicious and can be banned for a couple of hours. Seems to deter a lot of random scraping. Doesn't stop well behaved crawlers though which should only produce 200-codes.

I'm actually not sure how I would go about stopping AI crawlers that are reasonably well behaved considering they apparently don't identify themselves correctly and will ignore robots.txt.

snorremd commented on Matrix messaging gaining ground in government IT theregister.com/2026/02/0... · Posted by u/rbanffy

bsaul · 6 days ago

I wonder why matrix isn't more widerspread at this point. It's open, it's e2ee, it works, it has client lib for integration with any tool..

What makes it not more popular ? Is it the federated approach ? The client applications that don't look really fancy ?

snorremd · 6 days ago

When me and a bunch of friends and acquaintances switched away from Slack a little under a year ago (I think) we looked into Matrix. One of the primary requirements was that even our non-technical friends should be able to use it.

At the time Matrix/Element had recently launched their Matrix 2.0 efforts and I tried setting up the whole stack without resorting to their all in one shell-script meant for non-production use. I did not mind hosting four different servers (Synapse, Matrix Auth Service (MAS), Call, etc), but did find the integration and config job a bit tedious. The main blocker though was the lack of an invite-system in the new Matrix Auth Server. Also the fact that the Element X app uses a new Livekit based call server while other clients/apps use a different approach is also something not great.

We ended up going for Mattermost. One service easily hosted with Docker. One app, and easy invites. While I think federation would be cool, right now Mattermost was a bit simpler to get up and running.

Element seems more focused on enterprise and government contracts than self-hosters. I think this is fine, they need to pay their bills. But Matrix 2.0 for self-hosters might need a better story right now.

snorremd commented on Cloudflare acquires Astro astro.build/blog/joining-... · Posted by u/todotask2

nindalf · a month ago

I’ve used Astro on Cloudflare for a few years for my personal website (username.com). They’ve both been absolutely fantastic, I can’t say enough good things about both of them. My website has all 100s on PageSpeed/Lighthouse, and that’s because of the performance focus of both Astro and Cloudflare. No credit to me at all. It was mainly because Astro prioritised shipping 0 JS unless it was absolutely necessary and Cloudflare is exceedingly good at serving static HTML.

But I also see the difficulty that Astro faced here. Despite being happy with the framework, I never paid for it. The paid offerings didn’t strike a chord with me. And it was partly because whatever they offered, Cloudflare already offered on a very generous free tier.

I'm glad the team have got a second life within Cloudflare,. I'm happy for the people who've given me such excellent software for free for years. Thanks folks!

snorremd · a month ago

I'm in the same boat as you. I've built a personal home page with Astro and hosted it on Cloudflare. It has been really cheap, only paying for worker subscription at 5 dollars per month. The site has been running non-stop essentially without downtime. And as you say the user experience of Astro's static HTML, css and minimal JS output on Cloudflare edge CDN network is really good.

But with the events of the world being what they are I have been considering moving my Astro page to BunnyCDN and thus Europe (where I live). The only Cloudflare specific feature I've used is D1 database so migrating now shouldn't be too difficult. I really hope Cloudflare does not make it difficult to use Astro on other providers, either intentionally or by accident. Next.js for a long time was essentially a framework that only ran great on Vercel, and using other providers was asking to become a second citizen. I believe it is somewhat better now with proper provider plugin system, but still.

Astro has been great and I understand they need to find a way to economically sustain their business. Joining a big company like Cloudflare is one way to do that. I can't complain too much never having opted to use Astro's commercial offerings. So I only hope they keep Astro open. I'm building a new product on top of Astro now and would hate to see it become a Cloudflare-only product.

Congratulations to the Astro team!

snorremd commented on Gpg.fail gpg.fail... · Posted by u/todsacerdoti

larusso · 2 months ago

I did the switch this year after getting yet another personal computer. I have 4 in total (work laptop, personal sofa laptop, Mac Mini, Linux Tower). I used Yubi keys with gpg and resident ssh keys. All is fine but the configuration needed to get it too work on all the machines. I also tend to forget the finer details and have to relearn the skills of fetching the public keys into the keychain etc. I got rid of this all by moving to 1Password ssh agent and git ssh signing. Removes a lot of headaches from my ssh setup. I still have the yubi key(s) though as a 2nd factor for certain web services. And the gpg agent is still running but only as a fallback. I will turn this off next year.

snorremd · 2 months ago

I’ve ended up the same place as you. I had previously set up my gpg key on a Yubikey and even used that gpg key to handle ssh authentication. Then at some point it just stopped working, maybe the hardware on my key broke. 2FA still works though.

In any case I figured storing an SSH key in 1Password and using the integrated SSH socket server with my ssh client and git was pretty nice and secure enough. The fact the private key never leaves the 1Password vault unencrypted and is synced between my devices is pretty neat. From a security standpoint it is indeed a step down from having my key on a physical key device, but the hassle of setting up a new Yubikey was not quite worth it.

I’m sure 1Password is not much better than having a passphrase-protected key on disk. But it’s a lot more convenient.

snorremd commented on Try Switching to Kagi daringfireball.net/2025/0... · Posted by u/Ch00k

JumpCrisscross · 10 months ago

"Paying for Kagi today feels a lot like paying for HBO back in the cable TV heyday. Part of the deal is that you are paying for ad-free service, yes. But you’re also paying for noticeably higher quality."

This sums up my experience tidily. Kagi is a delight to use.

It doesn't make sense ex ante why one would pay for something that's colloquially free. But then you experience it and it feels luxurious. (Before you notice the productivity and curiosity boost.)

snorremd · 10 months ago

I love that Kagi puts the "monetization" icon right next to results so I can avoid navigating to them. This means I'm much less likely to click on Medium.com links and other monetized blogs and sites. Often times the good content is on some personal website where the creator doesn't really care about earning money off it.

Another neat feature is the possibility to rank results or block them manually so you can lower visibility of certain sites. Really help push the scammy sites down.

Compare this to Google Search where the first half page is paid results (ads) and the rest of the results are of dubious quality. And you don't really have much of a way to influence your search results.

snorremd commented on European Cloud, Global Reach upcloud.com/blog/european... · Posted by u/Sami_Lehtinen

sofixa · a year ago

> Everything they offer is storage, VPS, Load balancer, one managed key-value store and two managed databases. For the price a little higher than, say, Digital Ocean. But where is managed cache, message broker, e-mail service. It is not enough to be European, they need to offer something competitive

And don't forget managed Kubernetes. You can get pretty far with the services they provide and the Kubernetes ecosystem.

For a more complete offering, check out Scaleway - French, regions in a couple of locations, and a wide array of services, up to e-mail service, message broker, quantum computers, AI inference.

snorremd · a year ago

Scaleway is indeed the closest thing we have to AWS, Google Cloud and Azure by a European company. They are fast building out a comprehensive managed cloud with IAM, managed databases, containers, etc. I do hope they succeed. I've only used them for hobby projects, so my experience is limited to lighter workloads. But the UI is pretty good, and they have APIs and CLI for all operations.

snorremd commented on SQL style guide by Simon Holywell sqlstyle.guide/... · Posted by u/thunderbong

abraae · a year ago

IMO in the modern day there is no place for any indentation styling that can't be achieved automatically via a pretty printer such as golang has.

snorremd · a year ago

This. Relying on developers manually trying to follow a style guide is a recipe for not having a consistent style. Instead something like pgFormatter should be used. I'm not sure what the state of SQL formatters and IDE support is these days. Not sure how many command based options there are.

And people who use things like Datagrip or other IDEs will probably format with their IDE's preferences unless there is a plugin for things like pgFormatter. This works well if there is a company mandated editor/IDE, but not so well when you have developers across various editors and IDEs.

snorremd commented on Restic: Backups done right restic.net/... · Posted by u/fanf2

alibert · a year ago

Been using Restic for a while but I was wondering how does it compare to:

- Rustic https://rustic.cli.rs

- Kopia https://kopia.io

snorremd · a year ago

A killer feature rustic has over restic is built-in support for .gitignore files. So all your dependencies and build output is automatically ignored in your backups.

snorremd commented on BorgBackup 2.0 supports Rclone – over 70 cloud providers in addition to SSH borgbackup.readthedocs.io... · Posted by u/AdaX

IshKebab · a year ago

I used to use Borg but the fact that it can't work with a dumb storage device like SMB meant I eventually moved to Rustic, which is even better:

https://github.com/rustic-rs/rustic

snorremd · a year ago

I see they have gotten support for S3 (and other storage providers) via OpenDal. Might need to revisit rustic for my backup needs then! I once started looking at what it would take to build a GUI using Tauri (Rust backend <-> JS/Web frontend), but didn't have time to figure out the APIs.

What I really like about Rustic is that it understands .gitignore natively so you can backup your entire workspace without dragging a lot of dependencies, compiled binaries, and other unnecessary data with you into your backups.

snorremd commented on Show HN: htmgo - build simple and scalable systems with golang + htmx htmgo.dev... · Posted by u/maddalax

maddalax · a year ago

Well when you put it all on one line it doesn’t look great :)

With it properly spaced out and nested, after a few days it started reading exactly like HTML to me, where I can quickly see the hiearchy

snorremd · a year ago

As a developer who has worked extensively with React and Reagent (a ClojureScript wrapper around React) I actually enjoy this kind of syntax. Better that then some custom HTML templating syntax I need to learn in addition to the language.

It doesn't look too bad if one also break the code into multiple functions to make "layouts" and "components".

I have had lots of fun building with Bun, ElysiaJS, and HTMX. Might test your go library out as well. Looks pretty neat.