The Banality of Servers

Posted on Mar 6, 2022

In the current tech world, if you wanna have a server, you’re just two or three clicks away. It’s almost trivial now to rent a server on any VPS provider. It’s almost trivial now to set your new shiny server up as whatever type of server you want it to be… and if it’s a web server, chances are very high that the provider has a whole Wordpress image available for you, sparing you all the hassle of going through installing PHP, setting up MariaDB, making sure the permissions are safe and correct, etc. On the other hand, destroying a server is also as easy and painless as two or three click away… Servers have become this vapor-like thing…

I’m writing this after I’ve just destroyed an experimental server I was playing with. For some reason my successful assassination of a server made me think of how a thing that in a not so distant past was a piece of hardware is now a fragile and volatile piece of software…

No, don’t get me wrong. I’m not claiming this is bad. I mean… It’s kinda awesome that everyone’s got the chance nowadays to have a server where to deploy the projects to. In the past having a server was indeed a privilege reserved either to whoever could afford the hardware and static IP from their ISP… or to whoever had access to a college or enterprise datacenter. Nowadays a quite capable VPS costs you less than a Netflix subscription… and it’s probably way more worth your money than the latter!

But it’s still kinda worrying, I guess, that most probably all your favorite websites are hosted on virtual servers? And this is especially worrying if you realize that this means that platforms like AWS are gaining increasing control over the internet… If a server is just a piece of software running on a hardware that you don’t own… You’re placing a lot of trust on the platform.

To quote my not-so-beloved-yet-not-hated-either Dr. Jordan B. Peterson,1 trust always entails a risk. And there’s where I do think many, many, many FOSS projects, businesses, etc., make a huge mistake trusting VPS platforms over a Real server.

For instance, I do know Fediverse nodes meant to be publicly used which are running on a VPS on Digital Ocean or on AWS… I see a sorts of conflict there: Fediverse social networks are meant to be more privacy respecting, users should feel safer on them than on the mainstream social media platforms… but if you’re hosting the database on a platform that has the ultimate control over the whole server… Ugh… Bad thing, isn’t it?

If it was a personal Fediverse node where you’re the only user… well, OK, you’re taking a risk with your own data alone, not anyone else’s. Your poison to pick and also, let’s be honest, I do understand the convenience factor in such a situation.

But if you’re offering a service under the FOSS ethos… Are you sure that relinquishing control over the hardware is a good idea?

One thing I remember as a huge oh no moment years ago was when I discovered that my NextCloud database’s master key would be living on the same machine (or on a storage device my machine would have access to anyways) the database itself was on. OK, so files are encrypted on disk, but actually a simple command can decrypt them because the encryption key is also there… awesome stuff, right…? So, why bother with encrypting anything, right? Yeah, I guess there’s a way to somehow source it from elsewhere in a way that an attacker couldn’t intercept it… But I guess that would’ve required an additional file server hosted elsewhere…

Look, a real hardware server at a location I could control or personally trusted would’ve also had the master key and the encrypted files living on the same machine… but I would’ve known who would have access to it… But when it comes to a corporation like DO, AWS, even Linode (although they’ve got a more FOSS-y ethos), just assume there’s a lot of people there who have root access to your VPS. It’s better to be aware than to deny reality… Again, do you trust that for a business, or a FOSS project where you’re dealing with other people’s information…? Your choice. Mine would be no.

I mean, yeah, I understand that it is convenient and that not everyone is willing to set up hardware for a server.2 And I also get that, hey, maybe your project doesn’t really need you to have control over the hardware. Many years ago when I was still working at a Linguistics Department at a university, I rented a VPS (I think it was on Digital Ocean?) just to test out a surveying platform we were playing around with in our research group… It never got a domain pointed to it and I think I killed it a month later. I mean, we were using mock responses, only us on team knew the IP address, so no real user data was involved… and it was a test. Of course you won’t invest on real hardware for that… Would you imagine how the Finances Departament would’ve reacted if we had asked them to buy a new server just for a simple test run? Trust me, we had to wrestle with them for years for them to buy us better office chairs 😂

Or take this very blog itself! This blog is hosted at sourcehut pages. It’s not even on a VPS: It’s shared hosting where I can only upload a static website. No user data involved by defintion. And there’s direct communication with the development team, so I know precisely whom to talk to if anything arises. It’s very similar to having a space on a datacenter run by a small company where you know who works there. OK, yeah, I don’t have control over the hardware, let alone the web server… but it’s all in a more human scale and the nature of this website makes it a very reasonable choice!

Which is funny, because it all boils down to choosing the right tech always depends on what your goals are. No control works awesome for a site like mine: no sysadmin stuff for me to deal with, posting something onto my blog is just a git push, it’s static, and I trust the people running the place. Why on earth would I even bother setting up a server for this? A VPS is not inherently bad, but it’s not like you’re really controlling the thing… You’re just renting a VM on someone else’s (possibly a major corporation’s) computer and you should act accordingly… Honey, don’t tell me I didn’t warn you about it, mmkay?

Convenience, though, has this dangerous effect, hasn’t it? Yeah, you can create a complete web, email, or database server in a couple of minutes thanks to VPSs… and again, I acknowledge that it’s fascinating tech… But that should never make your forget what the real deal is. Not because it’s the easy route it should be the default route, you know?

As a last thing before I go to bed: I do know that there are small, independent, local VPS providers out there in some areas. I’ve come to the conclusion that next time I need a reliable and secure server I’ll check out one of such… because again, setting up hardware at home can be unfeasible for many non-technical reasons… The idea of being able to walk into the place and talk to the people running the stuff is attractive to me for sure: it’d still probably be a VPS… but in a more human, accessible way… I’d dare to say… a more natural way, but I don’t wanna digress into philosophical questions, so I better call it a post here.

Sending you all lots of love, as always! God bless you all 💖 And may Peace always prevail.

  1. I find him half interesting, half annoying, to be honest… He’s got nice intuitions on certain topics, but then he clearly overreaches in many, many other topics. ↩︎

  2. But a good friend of mine told me earlier today, while chatting about this topic, that nowadays setting up a Raspberry Pi as a small server is almost trivial and covers most amateurs’ needs for a negligible consumption of electricity! ↩︎