Yeah, what I mean is that it's useless using ports like 2222, that's like the unofficial SSH port! Bots are generally harmless (once you move to key auth), and you get functional the same result with the automatic IP ban on failed auth, minus the bother to change client configurations to your custom port. Anyway, if someone does want cleaner logs, changing port works :)

Since you run already OpenWrt, you can check out https://openwrt.org/docs/guide-user/services/ddns/client

There is a list on this page of compatible services. If you don't want to use one more service (DNS), you can use a domain registrar with an API (like porkbun) and find online tools that work with that.

Be aware of the risks of hosting your websites publicly from home, make sure to run them in very isolated environments. Having your VPS compromised is bad, but having your home network compromised is much worse!

Thanks! I did mention this briefly, although I belong to the school that "since I am anyway banning IPs that fail authentication a few times, it's not worth changing the port". I think that it's a valid thing especially if you ingest logs somewhere, but if you do don't choose 2222! I have added a link to shodan in the post, which shows that almost everybody who changes port, changes to 2222!

I also use porkbun, their API is not a masterpiece but it works and allows you to get, set and update records. In fact their API is now supported by some of the common ddns scripts out there.

I also migrated everything to Porkbun. Gandi used to be good too, we used it extensively at work in my previous org (~3 years ago).

Is the whole sector regressing? It seems these companies aren't happy just earning a profit based on the service they offer. There is always something "more" that they need to do. Often this makes the experience worse. Meh.

Super happy with Porkbun BTW, it just works, does what it's needed and I found the renewals to be 50% cheaper compared to GoDaddy...

I found it on their FAQ.

Yes, it is generally less restrictive, but... I have 4 domains, and now I have renewed all of them for the maximum amount. They will all expire after 2033. So unless I decide to add more domains (which is unlikely), I won't spend a cent in the next ~9 years. I wonder if they really enforce it as it is written or they consider still the renewal an expense "split" over the duration.

Still, I really don't understand. You can - and should - have proper rate limits on the API. You have API keys that uniquely identify the source, what is "the abuse" they are trying to prevent this way...?

ClouDNS

I think I heard of it. I think most DDNS scripts support a lot of registrars as well, if one doesn't want to go with full DNS hosting.

In case of DNS hosting (I also linked it in the post, but it's a good shotout), there is desec.io too. EU-hosted, free (although donations are highly encouraged) and has a ton~~s~~ of features! There is also a Terraform provider!

That quote is from D'Azeglio, not Garibaldi.

But in a new window i don't have the 10-20 pinned tabs that I jump to very often, having tab groups helps in this regard.

Most of the pro-Docker arguments go around security

Actually Docker and the success of containers is mostly due to the ease of shipping code that carries its own dependencies and can be run anywhere. Security is a side-effect and definitely not the reason why containers picked-up.

systemd can provide as much isolation a docker containers and 2) there are other container solutions that are at least as safe as Docker and nobody cares about them.

Yes, and it's much harder to achieve the same. In systemd you need to use 30 different options to get what using containers you achieve almost instantly and with much less hussle. I made an example on my blog where I decided to run blocky in Systemd and not in Docker. It's just less convenient and accessible, harder to debug and also relies on each individual user to do it, while with containers a lot gets packed into the image and therefore harder to mess up.

Docker isn’t totally proprietary

There are a many container runtimes (CRI-O, podman, mirantis, containerd, etc.). Docker is just a convenient API, containers are fully implemented just with Linux native features (namespaces, seccomp, capabilities, cgroups) and images follow an open standard (OCI).

I will avoid comment what looks like a rant, but I want to simply remind you that containers are the successor of VMs (virtualize everything!), platforms that were completely proprietary and in the hands of a handful of vendors, while containers use only native OS features and are therefore a step towards openness.

citizen

Actually I believe it's "residents". You don't need to be a citizen.

Their privacy policy is rock solid, and there is no business incentive for them to do so, at the moment.