Goodbye, AWS; hello, world!
Let me start at the end – Hello, world! Welcome to my new blog. This is the first time I’ve revamped the terminal.space domain since its inception. It was previously, well, just a terminal, and not a very good one at that. But now, I have an actual (w/root!) webserver and a motivation to write.
As I’m going through the incantations to configure everything (probably incorrectly), I wanted to take a moment to pay homage to my very first website.
You know, actually it hasn’t aged too badly. It resizes well, and even more surprisingly, it’s not <table> based. I remember spending a lot of time in Notepad++ to get the CSS working. Flexbox really is a godsend these days, but I digress. The colors are well.. at least they’re consistent and fairly minimal. Most importantly, there’s some really good content there about how to restore your computer back in the WinXP days to get rid of viruses. Maybe one of these days I’ll write about my nostalgic beginnings to tech. “How I turned an image file into a free domain” will be the hook.
We don’t have time to go all that way back, so let’s hurry along to the beginning instead. How did I get here? Well, as you may know, I think Amazon is a great big turd doing it’s best to exemplify the horrors of capitalism. I’ve slowly been weaning myself off its platforms as best I can (Facebook, you’re next bud), and one of the last ways I’ve been spending money is on AWS. Up until this year, AWS hosted:
- This website (static site + SSL through Cloudfront)
- My DNS records
- Exchange via WorkMail
- An EC2 server that I used for pet projects along the way
So, I’ve had the underlying desire to stop sending Amazon money directly, (as opposed to indirectly when I use like any of the Internet /sigh). The direct motivation came from purchasing a Fairphone smartphone. There will definitely be a future blog post dedicated to this device, so stay tuned for this. The custom OS (CyanogenMod -> LineageOS -> /e/ foundation) doesn’t support Exchange, because of course it doesn’t.
So, what did I choose as replacements, and why?
Originally, I had the following requirements for my email:
- Keep Google away from my data (email + contacts)
- No recovery email for my email to prevent hacking attacks
- Exchange to support mobile push
It’s not 2015 anymore and mobile support has gotten a lot better. POP is still the worst, and IMAP is still terrible but somehow it’s gotten a lot better. Well, anyways there really is no other solution to have my own hosted Exchange server outside of AWS (or maybe Azure I haven’t checked recently), but I’m okay dropping that requirement. I did have some new ones though:
- Android support
- At-rest encryption
- Better guarantees for contacts & calendars (privacy and availability)
I ended up going with Protonmail as my replacement, and it checks a lot of boxes. The price is $50/year, it has 2FA, encryption, no recovery emails, and a pretty seamless importing system.
The downside is pretty painful though: Contact and calendar support doesn’t integrate with Android contacts, so it doesn’t play well with that ecosystem. Maybe this gets fixed somewhere in the horizon, but for now, I needed to find a solution for my contacts.
Contacts
Keeping contacts and calendars secure is actually really important. It’s one of the main ways that Facebook uses to figure out who you know – to suggest friends but more importantly to sell your personal information for $$. Think of the friends you keep – in what ways are they similar? Probably you met a lot of people from shared experiences – school, work, etc. At the very least, most of your friends probably lived in the same place as you at some point. So there’s actually a lot of signal there.
Think about it this way, when you install a new app (FB, but also things like Venmo) the first thing it does is ask you permission to access your contacts. These popup requests on the first startup are actually really costly to apps. Putting up barriers (especially full-screen popups) has the highest impact to user-churn relative to other times you could show the notification. Companies want this information because it’s worth that much to their bottom line.
TL;DR: I’m not about to link my contacts to a Google account, either. Instead, I signed up for an account with EteSync. They host contacts, calendars, and tasks using FOSS software which encrypts the information at rest (similar to ProtonMail). If I want to, I can run the server myself, which is an added bonus in case something changes in the future. For now, I’m happy to support keeping the lights on at $24/yr.
Web hosting
My old website was just a bunch of static files, so almost anything would have worked, but I wanted to keep my LetsEncrypt SSL certificate, and I also wanted access to a shell to tinker with side projects. That meant finding a good Virtual Private Server (VPS). After looking around a bit, I found that 1&1 sells a box with a root shell for $2 a month! I’ve previously used 1&1 before, so I didn’t have any real hesitations once I found the deal. Now, obviously this isn’t for everyone since it means installing everything from scratch and keeping a server up-to-date. I’m in tech so I’m obviously masochist when it comes to wasting time fiddling with software.
Summary
For $8/month, and more time than I care to admit, I now have the ability to send this blog into the void, and useless features such as 2FA for my SSH connection.
@ 10800 IN SOA ns1.gandi.net. hostmaster.gandi.net. 1613239486 10800 3600 604800 10800
@ 900 IN A 74.208.92.166
@ 10800 IN CAA 128 issue "letsencrypt.org"
@ 3600 IN MX 10 mail.protonmail.ch.
@ 3600 IN MX 20 mailsec.protonmail.ch.
@ 3600 IN TXT "protonmail-verification=6f5e2fea7b23bf68599f86cd576f9174868b291e"
@ 3600 IN TXT "v=spf1 include:_spf.protonmail.ch mx ~all"
protonmail._domainkey 3600 IN CNAME protonmail.domainkey.djtnjyus5kebrqhjkjplvdchlxuburrk5wzr26z2marzkkckwxjxa.domains.proton.ch.
protonmail2._domainkey 3600 IN CNAME protonmail2.domainkey.djtnjyus5kebrqhjkjplvdchlxuburrk5wzr26z2marzkkckwxjxa.domains.proton.ch.
protonmail3._domainkey 3600 IN CNAME protonmail3.domainkey.djtnjyus5kebrqhjkjplvdchlxuburrk5wzr26z2marzkkckwxjxa.domains.proton.ch.
www 3600 IN CNAME @