WEBVTT 00:00:00.000 --> 00:00:02.000 The cloud is convenient, until it isn't. 00:00:02.380 --> 00:00:12.320 You upload your photos, you sync your contacts, you click through the cookie banners, then prices go up, or you read about the family that lost their entire Google account over a medical photo sent to their doctor. 00:00:12.740 --> 00:00:17.560 At some point, the question shifts from, why would I run this myself, to why aren't I? 00:00:18.180 --> 00:00:20.180 My guest this week is Alex Kretzmar. 00:00:20.660 --> 00:00:27.840 He's the head of DevRel at Tailscale, the longtime host of the Self-Hosted Podcast, and co-founder of LinuxServer.io. 00:00:27.840 --> 00:00:41.520 We cover what self-hosting really means in 2026, the apps worth running yourself, like Image and Home Assistant, why Docker Compose ties it all together, and how Tailscale lets you reach any of it from anywhere without opening a single port. 00:00:41.880 --> 00:00:46.140 If you've been thinking about pulling your digital life back behind your own walls, this is your roadmap. 00:00:46.560 --> 00:00:52.440 This is Talk Python To Me, episode 546, recorded April 27th, 2026. 00:00:53.720 --> 00:01:08.140 Talk Python To Me, yeah, we ready to roll, upgrading the code, no fear of getting old, async in the air, new frameworks in sight, geeky rap on deck, Quarth Crew, it's time to unite, we started in pyramid, cruising old school lanes, 00:01:08.400 --> 00:01:09.920 had that stable base, yeah, sir. 00:01:09.920 --> 00:01:14.360 Welcome to Talk Python To Me, the number one Python podcast for developers and data scientists. 00:01:14.800 --> 00:01:16.240 This is your host, Michael Kennedy. 00:01:16.580 --> 00:01:20.220 I'm a PSF fellow who's been coding for over 25 years. 00:01:20.760 --> 00:01:21.900 Let's connect on social media. 00:01:21.900 --> 00:01:25.380 You'll find me and Talk Python on Mastodon, Bluesky, and X. 00:01:25.620 --> 00:01:27.540 The social links are all in your show notes. 00:01:28.240 --> 00:01:35.300 You can find over 10 years of past episodes at talkpython.fm, and if you want to be part of the show, you can join our recording live streams. 00:01:35.460 --> 00:01:39.520 That's right, we live stream the raw, uncut version of each episode on YouTube. 00:01:40.000 --> 00:01:44.520 Just visit talkpython.fm/youtube to see the schedule of upcoming events. 00:01:44.680 --> 00:01:48.340 Be sure to subscribe there and press the bell so you'll get notified anytime we're recording. 00:01:48.340 --> 00:01:52.220 Temporal is hosting their yearly conference, Temporal Replay. 00:01:52.720 --> 00:01:57.080 Join your peers at Replay, the conference on orchestrating durable workflows and agents. 00:01:57.540 --> 00:01:59.220 May 5 to 7 in San Francisco. 00:01:59.740 --> 00:02:09.140 Visit talkpython.fm/temporal dash replay and use the code TALKPYTHON75, all one word, all caps, to save up to $449 on your ticket. 00:02:10.120 --> 00:02:12.000 Alex, welcome to Talk Python To Me. 00:02:12.260 --> 00:02:13.120 Well, thanks for having me. 00:02:13.200 --> 00:02:15.680 This is Comfy Surroundings. Hello. 00:02:15.680 --> 00:02:29.320 I'm really excited to be talking about self-hosting, something I have talked around on the podcast a little bit, and I had the Home Assistant guys on for a while long ago when Home Assistant was this little boutique thing that people might find interesting. 00:02:29.560 --> 00:02:44.140 Now it's kind of blown up, but I'm really looking forward to talking about digital sovereignty, running your own apps, not being dependent on huge tech companies for every little thing, and just the joy of finding something in open source 00:02:44.140 --> 00:02:47.840 or just out there and going, hey, what if I just run that myself? 00:02:48.280 --> 00:02:51.980 And so I thought of Alex, thought of you, and I said, hey, we got to talk about this. 00:02:52.400 --> 00:02:52.740 Great, yeah. 00:02:52.980 --> 00:02:53.880 Well, thanks for having me. 00:02:54.100 --> 00:02:54.520 Yeah, you bet. 00:02:54.760 --> 00:02:58.020 So before we dive into all those things, give people a bit of a background about yourself. 00:02:58.260 --> 00:02:59.100 Yeah, well, I'm Alex. 00:02:59.300 --> 00:03:03.080 I, as you perhaps can tell from the accent, originally hail from the UK. 00:03:03.460 --> 00:03:06.040 I live in North Carolina these days, though, for my sins. 00:03:06.460 --> 00:03:08.180 And I work for Tailscale. 00:03:08.180 --> 00:03:13.240 I head up their DevRel department and primarily make YouTube videos for them. 00:03:13.940 --> 00:03:18.020 You know, it's an interesting company to work for because it's all product-led growth. 00:03:18.380 --> 00:03:26.060 So my job is to really get people enthused and excited about the product and all the interesting ways in which they can access their stuff remotely. 00:03:26.500 --> 00:03:31.000 And then, I don't know, people bring it to work and that's how the company makes money. 00:03:31.160 --> 00:03:36.100 So I get paid essentially to make YouTube videos about hacking on self-hosted applications. 00:03:36.100 --> 00:03:38.500 And I still don't quite know how that happened. 00:03:39.500 --> 00:03:42.380 I think you guys over at Tailscale are doing a great job. 00:03:42.620 --> 00:03:48.380 We're going to go into it later when we get into sort of the security and accessing stuff of all the self-hosting things. 00:03:48.500 --> 00:03:52.480 But I started using Tailscale a couple of years ago and yeah, it's fabulous. 00:03:52.740 --> 00:03:54.640 So very nicely done. 00:03:55.100 --> 00:04:00.000 So some other stuff I've done, I used to do a podcast called Self-Hosted, wrapped that up last year. 00:04:00.240 --> 00:04:03.320 But I do a new one now called Bitflip with a few of my buddies. 00:04:03.320 --> 00:04:07.680 And again, from the self-hosting universe, you can find out more about that at bitflip.show. 00:04:07.980 --> 00:04:09.360 I hope some self-promotion's okay. 00:04:09.700 --> 00:04:10.600 But please, yes. 00:04:10.680 --> 00:04:11.320 No, that sounds great. 00:04:11.560 --> 00:04:16.680 Because I was a little disappointed to hear that you shut down Self-Hosted, the podcast, because I was just getting into it. 00:04:16.800 --> 00:04:18.020 And then, so you're back. 00:04:18.020 --> 00:04:18.380 Yeah, we did it. 00:04:18.500 --> 00:04:19.380 How does it differ? 00:04:19.740 --> 00:04:21.460 Well, not much really. 00:04:21.860 --> 00:04:34.620 So the weird thing was about Self-Hosted, and I don't know if you felt this with a show with Python in the name, but I kind of felt a little bit limited by the title because I tend to approach things from a very pragmatic angle. 00:04:34.920 --> 00:04:40.980 We were just talking before we pressed record about how important Linux and open source and all this kind of stuff is. 00:04:41.360 --> 00:04:47.300 And yet I'm using a MacBook to record, not Linux, because it's just bulletproof reliable for media applications. 00:04:47.600 --> 00:04:50.940 And there are all these little compromises we make all throughout our digital lives. 00:04:50.940 --> 00:04:59.020 And so Self-Hosted as a movement, particularly in the subreddit actually, is very opinionated. 00:04:59.300 --> 00:05:06.400 And unless you're doing absolutely everything, lock, stock, 100% yourself, there are some people who say, well, you're holding it wrong. 00:05:06.480 --> 00:05:08.120 You're not doing it properly. 00:05:08.500 --> 00:05:17.400 My approach has always been, it's okay to have DigitalOcean run a VPS for me, but I've still got root to that VPS and I am hosting my own website. 00:05:17.460 --> 00:05:18.920 I'm self-hosting my own websites. 00:05:18.920 --> 00:05:21.680 But to some people that definition doesn't sit right. 00:05:21.820 --> 00:05:25.280 And so- You got to be running on a Raspberry Pi in your basement. 00:05:25.440 --> 00:05:26.940 If that's not the way it is, it's not true. 00:05:27.200 --> 00:05:27.440 Right. 00:05:27.880 --> 00:05:35.800 And we all know that there are just limitations to doing things, like maybe you're moving house and so your website would be offline for two weeks whilst you move house. 00:05:36.420 --> 00:05:37.400 That's probably not okay. 00:05:38.040 --> 00:05:45.820 Or there's a storm in your area or a water pipe bursts or like any number of fates can befall things in your house. 00:05:45.940 --> 00:05:58.340 And I'm not saying these things can't happen to a data center, but there are just mitigations in place between, you know, even just things like ISP pairing and like the data center is probably in the middle of an internet exchange building, whereas my house definitely is not. 00:05:58.960 --> 00:06:12.420 So I kind of wrapped up the self-hosted podcast just a little bit because I felt like, I don't think I feel this way anymore, but sort of 18 months ago when we wrapped it up, that self-hosting had, we kind of said all we needed to say and that as a movement, 00:06:12.600 --> 00:06:18.580 it was just kind of bubbling away in the background and those that had found it were going to find it and it was just sort of ticking over. 00:06:18.800 --> 00:06:22.340 But I don't know, self-hosting is all the line trendy these days. 00:06:22.460 --> 00:06:28.100 I think I heard Linus on the WAN show on Friday literally saying that building a NAS is trendy. 00:06:28.460 --> 00:06:29.220 And I'm like, what? 00:06:29.740 --> 00:06:30.080 Is it? 00:06:30.520 --> 00:06:31.720 Okay, cool. 00:06:32.000 --> 00:06:32.620 Well, I'm here for it. 00:06:32.880 --> 00:06:34.260 Yeah, I'm here for it as well. 00:06:34.300 --> 00:06:37.620 And I'm glad to hear you're still carrying on with the podcast under a different banner. 00:06:37.880 --> 00:06:45.600 Well, the reality is that a lot of this stuff, like I said, like I do for Tailscale and for Bitflip now is this is stuff I'm doing anyway. 00:06:45.720 --> 00:06:49.340 Like my personal YouTube channel as well at KTZ Systems. 00:06:49.520 --> 00:06:52.440 Like I just, I'm just always like, just out of shot over here. 00:06:52.500 --> 00:07:07.080 There is a desk covered with like five of those little Lenovo mini PCs that I'm putting into a little Proxmox Ceph cluster because I woke up last week and my home assistant was down because my little Minis Forum MS01 had lit itself on fire in the middle of the night. 00:07:07.080 --> 00:07:09.460 And I found, ah, where's a single point of failure? 00:07:09.460 --> 00:07:13.580 I can fix that with some clustering and high availability and so the rabbit hole continues. 00:07:14.080 --> 00:07:17.740 Yes, I love that you have a high availability on your home network. 00:07:18.040 --> 00:07:20.180 I'm working on it, which is another story. 00:07:20.500 --> 00:07:27.380 But so it turns out these little Lenovo PCs, you can pick them up for about $150 or so. 00:07:27.800 --> 00:07:31.000 Even today, even in the hardware apocalypse that we're going through. 00:07:31.260 --> 00:07:33.920 These, you know the ones I mean, like the little one liter PCs, right? 00:07:34.140 --> 00:07:37.200 Usually bolted onto the back of a monitor in an office or something. 00:07:37.460 --> 00:07:43.600 And you can pick those up for about $150 and they will run every self-hosted app you could possibly throw at them. 00:07:43.820 --> 00:07:49.880 In reality, certainly just for individual use, they are absolutely all the average person needs as a home server. 00:07:50.200 --> 00:08:00.660 And so one of the things I like to do with them is put what's called Proxmox on it, which is a hypervisor that lets you run virtual machines, something called LXCs, Linux containers, as well as Docker. 00:08:01.020 --> 00:08:03.240 We love us some Docker, I understand. 00:08:04.180 --> 00:08:07.320 Basically, if it doesn't run in Docker, I don't run it. 00:08:07.320 --> 00:08:09.580 I'm just going to trigger some people in the audience, I'm sure. 00:08:10.200 --> 00:08:10.680 You know what? 00:08:10.700 --> 00:08:11.180 I'm with you. 00:08:11.320 --> 00:08:16.740 When I go and look at one of these things that is potentially self-hosted, I'm like, well, where's the Docker Compose file? 00:08:16.840 --> 00:08:19.240 Otherwise, I'm not sure we're going to be continuing down this path. 00:08:19.460 --> 00:08:23.580 I mean, you Python people know all about standardized packaging formats and stuff like that. 00:08:23.660 --> 00:08:27.500 Like the prevalence of pip and then these days, uv, of course. 00:08:27.660 --> 00:08:29.760 Like, you know, these things matter. 00:08:29.760 --> 00:08:37.980 They're like, how users round off those rough edges of how it gets from my keyboard in my lab to your computer and wherever you are. 00:08:38.260 --> 00:08:40.300 Docker kind of closed that last 10%. 00:08:40.300 --> 00:08:46.620 I mean, a lot of the primitives of Docker existed well before, like C groups and namespaces in the Linux kernel. 00:08:46.920 --> 00:08:50.300 All that stuff existed for years before Docker came along. 00:08:50.620 --> 00:08:59.520 All they did really was provide a standardized packaging format, which is really just a tarball, and a standard way of building those tarballs with a Docker file, like a recipe. 00:08:59.760 --> 00:09:02.500 That was all they did, and provided a little bit of plumbing and networking. 00:09:02.680 --> 00:09:04.880 Like, we just ignore all the technical details they did. 00:09:05.900 --> 00:09:20.100 But essentially, they just closed that last 10% of usability, and suddenly, me, as a computer science student, could run any application in the world without having to dive into Systemd and init scripts and database migrations 00:09:20.100 --> 00:09:21.100 and blah, blah, blah, blah. 00:09:21.360 --> 00:09:22.080 It was just... 00:09:22.080 --> 00:09:24.260 Yeah, complex networking, attached volumes. 00:09:24.420 --> 00:09:25.980 Like, there's a lot of stuff going on there, yeah. 00:09:26.300 --> 00:09:26.560 Yeah. 00:09:26.840 --> 00:09:28.100 Docker is life in this house. 00:09:28.100 --> 00:09:32.160 A long time ago now, I co-founded a website called Linuxserver.io. 00:09:32.280 --> 00:09:45.260 I don't know if anybody in the audience has heard that, but it's the largest, I believe, sort of open-source containerization movement project on the internet, and that was born out of the fact that sort of 10, gosh, yeah, maybe 12 years ago 00:09:45.260 --> 00:09:52.820 that Docker was pre-1.0, so it was very sort of nascent at that point, and it was... 00:09:52.820 --> 00:09:53.480 There was just... 00:09:53.480 --> 00:09:54.220 There were no standards. 00:09:54.700 --> 00:09:58.140 Like, the readmes were all over the place, or if there even was one. 00:09:58.360 --> 00:10:00.540 There were no sort of standardized base images. 00:10:00.700 --> 00:10:08.920 People hadn't cottoned on to, like, supply chains, and, you know, today it's a hot topic, but sort of back then, it was, oh, if it runs, I'm happy, you know? 00:10:09.540 --> 00:10:23.240 So Linux Server was sort of my attempt, our attempt, I should say, at fixing some of those issues, and, you know, we packaged up media server apps back in the day, like Plex, and some of the other slightly less salubrious 00:10:23.240 --> 00:10:31.780 applications you might find on the internet, as well as a bunch of other self-hosting stuff, which we should probably get into talking about some of the apps. 00:10:32.120 --> 00:10:32.560 Yeah, absolutely. 00:10:32.940 --> 00:10:43.900 Well, to kind of put a bookend on your introduction, I do just want to quickly ask you about your racing and VIR and stuff like that. 00:10:43.980 --> 00:10:51.080 You know, and I was looking to contact you, I was going through your About page, and I saw a car racing around a racetrack, and I thought, well, can't not talk about that. 00:10:51.140 --> 00:10:57.780 I've had folks from Formula One and from NASCAR on the show before, and I'm a big fan of these kinds of things. 00:10:57.900 --> 00:10:58.580 Yeah, I do too. 00:10:58.900 --> 00:11:00.340 So, that's one of your hobbies? 00:11:00.420 --> 00:11:00.960 That's pretty awesome. 00:11:01.240 --> 00:11:10.900 Yeah, I've followed Formula One since, well, I remember sitting on my dad's knee as a kid watching Damon Hill, Nigel Mansell, go around Silverstone, so it's been a while. 00:11:12.280 --> 00:11:19.560 There's obviously a new crop of F1 fans, which is amazing, thanks to the Drive to Survive stuff, but I've followed it for years. 00:11:19.720 --> 00:11:22.320 I just enjoy watching, I just enjoy watching the sport. 00:11:22.440 --> 00:11:25.300 It's like a nerd soap opera in a way. 00:11:26.860 --> 00:11:32.600 Not a fan, honestly, of these new regs, though, with the sort of the super clipping and all this kind of stuff. 00:11:32.680 --> 00:11:36.640 It'd be interesting to see what happens when we get to, where's the next one? 00:11:36.740 --> 00:11:37.540 Miami, I think. 00:11:37.860 --> 00:11:39.520 Yeah, I believe it is Miami and then Canada. 00:11:39.880 --> 00:11:49.480 So, for people who don't know out there, Formula One is called Formula One because there's one formula on how to build the cars, but then all the teams generally, almost from scratch, build their cars. 00:11:49.840 --> 00:11:54.280 And every couple, every four or five years, they're like, okay, we're completely doing it differently. 00:11:54.440 --> 00:11:58.280 And so, this year, they've completely done it differently and there's a lot of controversy. 00:11:58.500 --> 00:12:00.000 I don't know, it's interesting, but. 00:12:00.000 --> 00:12:09.300 Yeah, they've gone for like this 50-50 split between the combustion engine and the battery power, but the batteries can't harvest enough energy every lap. 00:12:09.500 --> 00:12:22.080 So, I don't know what genius thought of that, but, so they get halfway around the lap and they lose half of their horsepower, which can mean you've got closing speeds between cars of sort of, I don't know, 50 to 100 miles per hour. 00:12:22.240 --> 00:12:26.760 And we saw in Japan in the last race, quite a bad accident as a consequence. 00:12:27.840 --> 00:12:29.340 Right there in Spoon, it wasn't pretty. 00:12:30.000 --> 00:12:38.840 I know all of the electric stuff and like the hybrid things and IndyCar and even way, way more so in Formula One is for environmental friendliness. 00:12:39.320 --> 00:12:51.160 And hey, I drive an electric car, I love electric cars and I'm all about caring about the environment and stuff, but the 20 cars driving around the track is nothing compared to the 300,000 people that took airplanes to get there. 00:12:51.420 --> 00:13:01.940 And then when they ship the cars on planes halfway around the world, like the fuel spent when they're racing, it has nothing to do with, you know, it doesn't even register on the number of the environmental impact of that. 00:13:02.000 --> 00:13:06.400 So I don't know, I kind of long for the Damon Hill days with like, Oh, me too. 00:13:06.520 --> 00:13:07.320 Fast engines, you know. 00:13:07.640 --> 00:13:15.560 On our honeymoon, actually, my wife and I, we ended up in Milan on race weekend, totally by accident, genuinely by accident. 00:13:15.560 --> 00:13:21.960 We were booking this like interrail trip around Europe and my itinerary landed us in Milan on race weekend. 00:13:21.960 --> 00:13:25.560 I didn't actually know at the time and all hotels for that weekend spiked. 00:13:25.720 --> 00:13:28.340 They're like two or three exiting costs and I'm like, what's going on? 00:13:28.380 --> 00:13:31.280 So I just typed Milan events, September, whatever. 00:13:31.620 --> 00:13:45.840 Anyway, turns out, so we went to Monza and I'll never forget we were stood at, it was the Iscari chicane so it's on the opposite side from the start, finish straight and the noise, I think there were V8s, I don't think there were V10s, I think there were V8s then but just the noise of them sitting on the grid 00:13:45.840 --> 00:13:51.720 waiting to go, it was like a bunch of angry wasps and you could hear it and it's half a mile away. 00:13:52.180 --> 00:13:53.160 Amazing, amazing. 00:13:53.360 --> 00:13:56.620 We lost something when they went to the V6 turbo hybrid stuff. 00:13:56.880 --> 00:13:57.240 100%. 00:13:57.240 --> 00:14:02.700 All right, last bit, I mean a lot of people are fans of F1 and racing, not many of them end up on a race track. 00:14:03.040 --> 00:14:05.240 Oh yeah, that's a whole different kind of fresh. 00:14:05.540 --> 00:14:17.480 Yeah, so I've been into, I've owned seven Volkswagen Golfs over the years, culminating in the Golf R a few years ago and I just had to take it on a track. 00:14:17.700 --> 00:14:28.960 Like in England I went on this run what, we call it a run what you brung track evening and I went to Brands Hatch and I literally turned up without even a helmet, without doing any prep or whatever and they just let me untrack. 00:14:29.300 --> 00:14:30.340 Just, I couldn't believe it. 00:14:30.740 --> 00:14:36.180 And then I had the best evening of my life and then we emigrated and came here and I was like, I've got to scratch that itch. 00:14:36.520 --> 00:14:44.220 So I went to the internet and found out to go to VIR you have to do all sorts of training and get like instructors and it all sounded a bit much. 00:14:44.500 --> 00:14:46.940 But anyway, VIR is a serious racetrack. 00:14:46.940 --> 00:14:58.980 Like you can end up I think on the back straight in my little golf I was doing 140 on the back straight and there are moments coming up through the uphill essays at VIR where you're just like, if this goes wrong she's going to hurt. 00:15:00.200 --> 00:15:08.620 And in the end I ended up scaring myself a bit silly but I had real fun but there was just a couple of moments where I was like, you know, I've got a kid at home. 00:15:08.800 --> 00:15:14.960 I should probably, this is a young man's game or an old man's game when you've got nothing left to lose, I guess. 00:15:14.960 --> 00:15:15.480 Yeah, that's true. 00:15:15.620 --> 00:15:18.160 There's a, it's a bimodal sort of experience. 00:15:18.400 --> 00:15:18.580 Yeah. 00:15:19.300 --> 00:15:22.540 But I learned a lot like I learned how to change brake pads, brake fluid. 00:15:23.000 --> 00:15:25.560 I fitted a new intercooler to my car. 00:15:25.640 --> 00:15:26.600 I upgraded the turbo. 00:15:26.860 --> 00:15:27.480 I did tuning. 00:15:27.920 --> 00:15:28.840 Like technical stuff. 00:15:28.920 --> 00:15:30.160 I like learning how things work. 00:15:30.300 --> 00:15:31.740 Same with software, same with cars. 00:15:31.840 --> 00:15:40.040 It's basically just one is slightly more visceral and arguably the stakes are a bit higher if you screw up installing a turbo it can be very expensive. 00:15:40.040 --> 00:15:42.560 It's worse than, oh, I got to reinstall that. 00:15:43.240 --> 00:15:43.460 Yeah. 00:15:43.660 --> 00:15:43.900 Yeah. 00:15:43.920 --> 00:15:44.640 Good fun though. 00:15:44.900 --> 00:15:45.800 No, I'm sure it's amazing. 00:15:45.900 --> 00:15:46.980 That sounds very, very cool. 00:15:47.100 --> 00:15:48.260 So what a great experience. 00:15:48.580 --> 00:15:51.000 Let's talk the main, main topic. 00:15:51.240 --> 00:15:54.700 Like, I guess we've been using the word without really defining it. 00:15:54.760 --> 00:15:59.360 Like what is self-hosting for people who are just like, you know, they, they haven't done these sorts of things. 00:15:59.640 --> 00:16:12.060 I think as I, as I alluded to earlier, there's a broad spectrum of definitions to what self-hosting means to different people, depending on how tightly you hold certain beliefs around definitions. 00:16:12.440 --> 00:16:21.420 But for me, it means the business model that exists is feeding the open source developer or small team that built it. 00:16:21.500 --> 00:16:27.040 Like it's, it's not, are you familiar with Corey Doctorow and his idea of n-certification? 00:16:27.500 --> 00:16:27.560 Yeah. 00:16:27.720 --> 00:16:34.800 The idea that a company will give some, we, we've been accused of this at Tailscale and I don't think it's actually going to happen. 00:16:34.800 --> 00:16:39.520 the CEO at Tailscale, I have great faith in Avery's leadership, honestly. 00:16:39.720 --> 00:16:42.440 I know I sound like a corporate shill saying that, but I genuinely believe it. 00:16:42.540 --> 00:16:51.740 So, the idea of n-certification is that a company takes a bunch of money from venture capital or some other source and gives the product away. 00:16:51.780 --> 00:16:53.020 We saw it with Uber, for example. 00:16:53.020 --> 00:16:57.760 Like they give the product away at a loss leading price point to gain market share. 00:16:58.080 --> 00:16:59.880 We've seen it in multiple industries over the years. 00:17:00.040 --> 00:17:01.120 Walmart is a great example. 00:17:01.240 --> 00:17:05.460 They'll put mom and pop short stores out of business in the local town and then slowly raise the prices. 00:17:06.080 --> 00:17:06.400 Right, right. 00:17:06.460 --> 00:17:09.460 Once everyone's gone, it's, it's, they have no choice but to go there. 00:17:09.600 --> 00:17:09.900 Exactly. 00:17:10.340 --> 00:17:14.880 And so the idea of n-certification in software is, is very prevalent. 00:17:15.100 --> 00:17:23.640 We've, we're seeing it with streaming services right now where they're just gradually turning the screw, lifting the prices, pulling out shows without your control. 00:17:23.980 --> 00:17:28.100 All of these things have, are really boiled around one central point. 00:17:28.360 --> 00:17:29.260 I mentioned the business model. 00:17:29.260 --> 00:17:31.340 That's one thing, but really it's control. 00:17:31.640 --> 00:17:35.780 And do you have control over the services that are running your life? 00:17:36.040 --> 00:17:38.300 If you have Google in your life, you probably don't. 00:17:38.400 --> 00:17:40.540 If you have Apple in your life, you probably don't. 00:17:40.820 --> 00:17:44.280 You feel like you do, but there are countless examples. 00:17:44.440 --> 00:17:49.560 For example, there was one a couple of years ago where, I think this was in the New York Times. 00:17:49.680 --> 00:18:03.580 We definitely covered this on Self-Hosted a while ago where a mother took pictures of their kids, a medical issue of their kids, private areas, and sent it to their doctors through telehealth. 00:18:03.880 --> 00:18:11.160 They also sent the picture to their husband through a messaging app, which then meant that that picture got backed up to, I think it was Google Photos. 00:18:11.220 --> 00:18:11.920 It might have been Amazon. 00:18:12.260 --> 00:18:13.240 Please don't quote me on this. 00:18:13.280 --> 00:18:15.160 I'm just speaking from two-year-ago memory. 00:18:15.920 --> 00:18:20.580 And they got flagged as a CSAM issue, like a child pornography issue. 00:18:20.580 --> 00:18:23.920 And they had most of their digital life cancelled. 00:18:24.200 --> 00:18:25.380 They were locked out of their accounts. 00:18:25.800 --> 00:18:28.260 They were basically banned from that company. 00:18:28.680 --> 00:18:29.520 Might have been Google. 00:18:29.720 --> 00:18:30.380 Let's go with Google. 00:18:31.200 --> 00:18:33.800 And just the idea of being locked out of my Gmail. 00:18:34.020 --> 00:18:37.600 I mean, just stop and think about how much of your life is in your Gmail inbox. 00:18:37.920 --> 00:18:38.680 How long have you had yours? 00:18:39.000 --> 00:18:39.440 15 years. 00:18:39.700 --> 00:18:42.540 I think there's over a quarter million emails in my Gmail account. 00:18:42.860 --> 00:18:43.000 It's ridiculous. 00:18:43.000 --> 00:18:45.020 I mean, it is ridiculous. 00:18:45.860 --> 00:18:49.420 And extrapolate that from email to photos. 00:18:49.820 --> 00:18:56.520 Extrapolate that to music, to videos, to, I don't know, taxis and invoices, all this stuff. 00:18:56.780 --> 00:19:11.580 There are just so many different facets of our lives that we've given up to third parties that are either being used to train the next round of industrial revolution, oligarchy revolution, like AI models, or they're being used to feed an advertiser's 00:19:11.580 --> 00:19:16.740 bottom line and create a profile about you and who you are and what you do and who you associate with. 00:19:16.960 --> 00:19:23.960 Because make no mistake, when your photo gets uploaded to Google Photos, they are making a map of all the faces in that photo. 00:19:24.260 --> 00:19:29.360 Whether you know the person in the background or not, Google will know them because they probably have Google Photos too. 00:19:29.600 --> 00:19:35.500 And they can scan that Alex was stood next to Fred Smith on June the 21st, 1983. 00:19:36.460 --> 00:19:40.840 And like, they can create such incredibly detailed profiles about people. 00:19:41.140 --> 00:19:43.580 And if that doesn't bother you, self-hosting is probably not for you. 00:19:43.800 --> 00:19:53.440 But I don't know about, I don't know about you, but it makes me deeply uncomfortable that I'm giving up these freedoms and this privacy without really appreciating that I'm doing so. 00:19:53.700 --> 00:19:58.280 Like a lot of the transaction is very, what's the word I'm looking for? 00:19:58.360 --> 00:20:01.900 Like it's just not a fair, it's not a fair exchange of value for value. 00:20:01.900 --> 00:20:02.360 It's asymmetric. 00:20:02.700 --> 00:20:02.900 Yeah. 00:20:03.160 --> 00:20:03.520 Asymmetric. 00:20:03.520 --> 00:20:04.220 Very asymmetric. 00:20:04.420 --> 00:20:05.020 Yeah, absolutely. 00:20:05.240 --> 00:20:05.420 Totally. 00:20:05.600 --> 00:20:20.560 And I want to just, while we're sort of setting the stage, I just want to put an idea out there that this kind of stuff is super valuable and a good thing to keep in mind, not just for individuals, which 100% that it is, but also for developers running their software. 00:20:20.940 --> 00:20:35.400 Do you necessarily need to take all of your data and put it into an AWS managed service or an Azure managed service or send all of your users information through, say, Google Analytics to Google to then turn around 00:20:35.400 --> 00:20:36.920 a mine or to other places? 00:20:37.320 --> 00:20:39.680 You don't have, I feel like people think they have to. 00:20:39.940 --> 00:20:40.780 You don't have to. 00:20:40.780 --> 00:20:43.040 It almost feels inevitable, doesn't it, these days? 00:20:43.360 --> 00:20:45.680 That, oh, well, everyone else is doing it. 00:20:45.720 --> 00:20:46.320 I may as well. 00:20:46.660 --> 00:20:46.840 Yeah. 00:20:47.100 --> 00:20:48.080 We'll get the cookie banner. 00:20:48.260 --> 00:20:48.860 We'll put it up. 00:20:48.980 --> 00:20:51.700 People are used to, everywhere they go, they click the cookie banner. 00:20:52.080 --> 00:20:52.360 True. 00:20:52.660 --> 00:20:59.080 But there are entirely serviceable alternatives to almost every single proprietary service that you have. 00:20:59.160 --> 00:21:00.960 Google Analytics, let's start with that one. 00:21:01.680 --> 00:21:03.640 There's an open source app called Plausible. 00:21:03.820 --> 00:21:06.760 It does almost everything that Google Analytics does. 00:21:07.540 --> 00:21:14.100 It just, the analytics stay within your world and they're not, they're not kind of fed into the Google machine. 00:21:14.660 --> 00:21:22.440 And whether that's a, like, on feature parity, there's an argument to be made there about, like, well, Google's more invasive so they have more data. 00:21:22.740 --> 00:21:24.420 I don't see that as a plus point, personally. 00:21:25.880 --> 00:21:30.760 This portion of Talk Python is brought to you by Temporal and the Temporal Replay Conference. 00:21:31.060 --> 00:21:36.180 Previously, I've told you about Temporal's open source framework and I've had Mason Egger on the podcast. 00:21:36.780 --> 00:21:45.260 If you've built background jobs or multi-step workflows, you know how messy things get with retries, timeouts, partial failures, and keeping state consistent. 00:21:45.800 --> 00:21:48.740 This is where Temporal's got your back with their open source framework. 00:21:49.000 --> 00:21:53.960 And if that kind of workload is what you're building, you should definitely consider attending the Temporal Replay Conference. 00:21:53.960 --> 00:21:57.780 It's hosted May 5-7 in Moscone Center in San Francisco. 00:21:58.560 --> 00:21:59.700 Join your peers at Replay. 00:22:00.060 --> 00:22:03.120 Temporal's conference on orchestrating durable workflows and agents. 00:22:03.340 --> 00:22:13.440 You'll learn real-world patterns for reliability, failure handling, and scale from developers building themselves, including speakers from OpenAI, Replit, and Abridge. 00:22:13.880 --> 00:22:25.060 Check out Replay 2026 at talkpython.fm/temporal dash replay and use the code talkpython75 all one word to save up to $449 on your ticket. 00:22:25.700 --> 00:22:32.360 That's talkpython.fm/temporal dash replay and code talkpython75 all one word. 00:22:32.820 --> 00:22:34.640 The link is in your podcast player's show notes. 00:22:35.360 --> 00:22:37.020 Thanks to Temporal for supporting the show. 00:22:38.600 --> 00:22:39.520 I don't either. 00:22:39.800 --> 00:22:43.780 And I think this is an interesting segue to finding some of the interesting apps here. 00:22:43.920 --> 00:22:46.900 So I went to pull up plausible.io and I think you're right. 00:22:46.940 --> 00:22:48.340 I think plausible is really great. 00:22:48.640 --> 00:22:54.640 The one that I'm using is umami.is which is sort of a peer to plausible. 00:22:55.040 --> 00:22:57.800 I believe, I think you can pay for both of them. 00:22:58.080 --> 00:23:00.380 I'm not 100% sure about umami right now. 00:23:00.580 --> 00:23:00.800 Yeah. 00:23:01.080 --> 00:23:05.220 I don't know your ad book must be doing some hard lifting over there because plausible works just fine for me. 00:23:05.540 --> 00:23:06.660 You're using umami, are you? 00:23:06.900 --> 00:23:21.620 Yeah, I'm using umami and I looked at plausible as well and umami seemed a little more oriented towards self-hosting whereas plausible self-hosting seemed like oh, you could do it but we're kind of this like thing that we run in the cloud and you can pay for but you technically could 00:23:21.620 --> 00:23:27.960 and I felt like umami was like self-hosting first with, I don't even, like I said, I'm pretty sure there is a you now can pay for it as well. 00:23:28.200 --> 00:23:37.080 But I wanted to bring up this you, the site can't be reached because I think another interesting thing is like hosting DNS. 00:23:37.720 --> 00:23:45.580 So like pyholes, I have nextdns.io which is why I can't go to plausible right now unless I log in and tell it plausible is okay. 00:23:45.920 --> 00:23:47.440 Same thing for umami by the way. 00:23:48.320 --> 00:23:51.740 I think, what about, let's talk, let's, you're at Tailscale, let's talk networking. 00:23:52.080 --> 00:23:59.680 We'll get back to the use of Tailscale when we kind of wrap things up but like, do you use Pyhole or do you use any of these sort of managed things outside just your browser? 00:24:00.080 --> 00:24:03.380 Well, the modern internet basically requires using an ad blocker. 00:24:03.520 --> 00:24:18.240 I mean, when you, I'm fortunate to work from home so I'm almost always with inside these four walls where I have an AdGuard Home instance running and my DHCP server when, whenever a device requests an IP address from the router, 00:24:18.240 --> 00:24:22.900 it will hand out the DNS server in my local network as the AdGuard Home instance. 00:24:23.260 --> 00:24:31.320 And AdGuard Home's job is to run a list of websites that it thinks are serving ads and it will block those at the DNS level. 00:24:31.460 --> 00:24:40.040 So simply what will happen is you will go to try and load a website and it can't load certain components of the webpage and those components happen to be adverts in this case. 00:24:40.280 --> 00:24:48.440 It's not 100% coverage but I'd say it's sort of in the 80 to 90% range which is still a heck of a lot better than having no ad blocking whatsoever. 00:24:49.440 --> 00:24:54.460 And the idea here is that a lot of these, well, first of all, adverts use a lot of bandwidth. 00:24:54.820 --> 00:25:02.060 They also are probably shoving down a ton of JavaScript into your browser so the performance of loading a webpage is worse. 00:25:02.400 --> 00:25:06.460 It's using more bandwidth, it's using more processing power and on mobile, of course, that matters. 00:25:07.120 --> 00:25:15.100 When I leave the house, I'm not under the umbrella of my AdGuard home instance anymore because it's running on, I don't know, a Raspberry Pi in my basement. 00:25:15.420 --> 00:25:16.400 And so I've got a couple of options. 00:25:16.720 --> 00:25:25.380 One is I can use a hosted DNS service like you do called NextDNS which basically does the same thing as a Pi hole except you pay for it. 00:25:26.040 --> 00:25:28.360 I don't think it's a huge amount of money if I recall. 00:25:28.460 --> 00:25:29.380 It's a couple of bucks. 00:25:29.800 --> 00:25:32.480 It's either $1 or $1.99 a month. 00:25:32.560 --> 00:25:34.000 It's really small, yeah. 00:25:34.260 --> 00:25:35.300 It seems fair. 00:25:35.660 --> 00:25:40.820 And the idea behind NextDNS, like I say, is that it does the same thing as a Pi hole or an AdGuard home. 00:25:41.120 --> 00:25:43.940 It's just a hosted service that you pay for a managed service. 00:25:44.760 --> 00:25:59.060 Or you can use something like Tailscale and tunnel back through your firewall remotely and set your AdGuard home as your Tailnet DNS server and then use your AdGuard home or your Pi hole from your basement that you're already running already configured 00:25:59.060 --> 00:26:00.780 with all of your ad lists and blah, blah, blah. 00:26:01.460 --> 00:26:03.660 You can configure that to be your DNS server. 00:26:03.900 --> 00:26:08.160 And my wife loves these sort of like mobile games like the Candy Crushes of the world. 00:26:08.480 --> 00:26:10.140 And they are just chocked full of ads. 00:26:10.540 --> 00:26:17.120 And we only really talk about it when we're like traveling because she's, oh God, I wish we were at home because then I wouldn't get adverts. 00:26:17.800 --> 00:26:20.860 Yeah, we'll just turn on Tailscale and lo and behold, no ads. 00:26:20.860 --> 00:26:21.560 You're back to good. 00:26:21.820 --> 00:26:36.560 I think one final little note about like running your, either your AdGuard at home or your Next DNS if you register at your router level that's really interesting is you block ads in mobile apps as well like you're mentioning or on my TV all the tracking 00:26:36.560 --> 00:26:42.020 the TV does is short-circuited because everything on the network is subjected to it. 00:26:42.520 --> 00:26:48.980 And I'm, you know, as long as these ad networks are serving up malicious ads, I don't feel bad about blocking them. 00:26:49.220 --> 00:26:50.500 That's another angle of course, yeah. 00:26:50.760 --> 00:26:57.220 Yeah, I mean, if we go to Talk Python, you know, the website, there's, ads are still there. 00:26:57.320 --> 00:26:57.500 Why? 00:26:57.620 --> 00:26:59.960 Because I'm not using some shady network to deliver it. 00:27:00.160 --> 00:27:10.320 I'm just sharing content and someone who happens to talk about what we're doing, you know, and so I think that that's a, I think that's certainly something worth considering, right? 00:27:10.480 --> 00:27:14.460 I feel like this DNS stuff is part of self-hosting at least the personal level a bit. 00:27:14.820 --> 00:27:17.740 It's the, it's one of the fundamentals, yeah. 00:27:18.160 --> 00:27:28.940 Networking is one of those things that you have to have it if you want to do anything in your house, like even, and I use my mother, who I love dearly, as the example of the non-technical person in my life. 00:27:29.500 --> 00:27:39.200 Even if my mum, like she orders a router from her ISP or something like that to get Wi-Fi in her house, well, she's doing networking, she doesn't realise it. 00:27:39.200 --> 00:27:44.980 She's getting a Wi-Fi SSID broadcast, she's getting an IP address from the router every time she connects. 00:27:45.300 --> 00:27:55.920 The DHCP server provides a DNS server, which is probably your ISP's DNS server by default, and they are recording all of your DNS queries and selling them to the highest bidder also, I might add. 00:27:56.140 --> 00:28:04.520 And so there are just so many layers to this onion, and DNS is the, just what, we have a five-year-old in the house, we just watched Shrek this weekend, hence the onion reference. 00:28:05.480 --> 00:28:20.420 There are just so many layers to this onion that you just, you can keep peeling it forever, and this is one of the things that I genuinely love most about Linux, open source, self-hosting, that whole universe is that this conversation, I could literally sit here for eight hours and talk to you about different, 00:28:20.600 --> 00:28:34.900 you know, different things, like DNS is one thing, document management is another, media streaming is another, like each of these things, they're all, they're entire industries in their own right in the real world, but in self-hosting, you can play CIS admin, you can play, you know, 00:28:35.180 --> 00:28:49.580 the person who's running these mega corps offline, fully just in your basement, you know, and there's no, there's no business model to feed, it's literally just open source software, the true spirit of it, running in your house under your control. 00:28:49.880 --> 00:29:04.580 Yeah, we're definitely in danger of going for eight hours, so, I hope not, but we could, right, we definitely could, and by way of, I think that's a perfect transition to talk about this place called Awesome Self-Hosted here, which is a Git repository and a website, 00:29:04.580 --> 00:29:11.860 you know, I do, Alex, I think this is going to be a bit of a fad, it's not really catching on, there's only 288,000 GitHub stars in this. 00:29:12.980 --> 00:29:27.540 And if you look at it, you're familiar with the Awesome Lists, of course, there are dozens of these things, but Awesome Self-Hosted, I mean, it's updated daily, like, I look at the recent Git commits and it was last updated yesterday, and there are, 00:29:27.620 --> 00:29:28.500 how many categories? 00:29:28.740 --> 00:29:29.360 There must be. 00:29:29.360 --> 00:29:38.460 I don't know, but let me scroll, like, there's a couple of pages of just categories of things like e-commerce, DNS, for example, analytics. 00:29:38.680 --> 00:29:38.840 Right. 00:29:39.080 --> 00:29:40.020 You want to replace Jira? 00:29:40.340 --> 00:29:40.940 It's in here. 00:29:41.080 --> 00:29:44.340 You want to replace, I don't know, a wiki? 00:29:44.600 --> 00:29:45.560 It's in here. 00:29:45.760 --> 00:29:49.400 You know, it's honestly kind of overwhelming. 00:29:49.840 --> 00:29:59.660 And so this speaks a little bit to one of my overall philosophies when it comes to self-hosting of find a problem in your life and solve it, like a real problem. 00:29:59.720 --> 00:30:01.680 Don't just contrive one just for the sake of it. 00:30:01.960 --> 00:30:05.280 Photos is always the universal example I go to because everybody takes photos. 00:30:05.620 --> 00:30:09.260 And so you want to look at something like image, I-M-M-I-C-H. 00:30:09.620 --> 00:30:14.980 And that is a self-hosted Google Photos clone, and it lives entirely on your hardware that you control. 00:30:14.980 --> 00:30:18.480 It has machine learning, so it can learn your face. 00:30:18.680 --> 00:30:20.740 It can do, you know, object detection. 00:30:21.020 --> 00:30:30.280 It can do basically anything that Google Photos can do, except it lives on your hardware using your files and your compute until the end of time. 00:30:30.480 --> 00:30:31.820 And that's an end of it. 00:30:31.940 --> 00:30:34.000 Like, that's as deep as the rabbit hole goes. 00:30:34.340 --> 00:30:34.720 I love it. 00:30:34.800 --> 00:30:36.140 But it also makes me nervous. 00:30:36.500 --> 00:30:37.160 Good, it should. 00:30:37.320 --> 00:30:47.680 Because the thing with self-hosting is you get to place this admin, but it also means you own the data, which means when there's an outage or a hardware failure, you're on the hook for that too. 00:30:48.120 --> 00:30:57.780 Yeah, I'm not super concerned about an outage for my self-hosting thing, but I am certainly concerned about an outage of a self-hosted something for my production apps. 00:30:58.760 --> 00:31:04.520 And when I said it makes me nervous, yeah, yeah, but the things that make me nervous are twofold. 00:31:04.880 --> 00:31:11.000 The first thing that made me nervous would be just backup, backup and restore, or kind of losing access to it. 00:31:11.060 --> 00:31:19.240 Like something that I think it takes a while, at least for me, it took a while to learn the lessons through some paper cuts, was, oh, there's a new version of this thing that I'm self-hosting. 00:31:19.300 --> 00:31:19.660 How cool. 00:31:19.720 --> 00:31:20.460 Let's see what it is. 00:31:20.460 --> 00:31:33.040 Docker compose pull, Docker compose up, and then it won't start because there's some incompatible migration or something that I didn't run and I got to go read the docs and it says, oh, did you upgrade from version 1.6 to 1.8? 00:31:33.060 --> 00:31:33.580 You can't do that. 00:31:33.580 --> 00:31:35.500 You got to go to 1.7 and then 1.8. 00:31:35.960 --> 00:31:37.240 I'm like, now I'm an admin. 00:31:37.580 --> 00:31:45.320 But more concerned, like I had all this data, what if I can't get it to work on 1.8, but it's like a half database transition and then neither will run and now what do I do? 00:31:45.320 --> 00:31:52.100 Well, the best answer to that are some of the primitives around things like ZFS and snapshots. 00:31:52.740 --> 00:32:04.620 So there is this concept with, so ZFS, by the way, if you're not familiar, is the Zettabyte file system and it was born out of Sun Microsystems in the early 2000s, I believe. 00:32:04.920 --> 00:32:13.040 It's now unfortunately owned by Oracle, but there is a project called OpenZFS which is dedicated to bringing it to the masses, to normal people. 00:32:13.040 --> 00:32:27.920 There are still some weirdnesses around the licensing with ZFS, so it's not included by default in every single Linux distro, but it is included in things like Proxmox and Ubuntu and you can install it on Arch and NixOS and even Unraid, I think, 00:32:27.980 --> 00:32:29.140 has ZFS these days. 00:32:29.640 --> 00:32:34.280 And so the idea here is you're using what's called a copy-on-write file system. 00:32:34.540 --> 00:32:47.880 Now some of these terms, I will admit, sound a little nerdy and they kind of are, but the idea behind copy-on-write is you take a snapshot at a moment in time and instead of the file system recording everything, you know, 00:32:48.120 --> 00:32:52.560 transactionally forever, it will only record the delta from the previous snapshot. 00:32:52.920 --> 00:33:05.360 And so what that means is that you can fork, you can basically fork file systems on disk and then you can mount the snapshot from three days ago as an actual file system and then restore the files that way. 00:33:05.700 --> 00:33:17.200 So let's say your upgrade scenario, you could restore the database from just before you did the upgrade because as a good sysadmin, you are doing the hygiene of taking a snapshot before you do the risky thing, right? 00:33:18.980 --> 00:33:21.380 You can automate all this stuff with scripts, right? 00:33:21.400 --> 00:33:30.700 And I think there's a pragmatic angle here of how much time do you spend automating versus administering versus just going outside and touching grass. 00:33:30.840 --> 00:33:38.200 But in the age of AI, there's really not, like it's, I installed Arch Linux last night downstairs on my gaming rig. 00:33:38.200 --> 00:33:40.960 I was done, I decided I'm done with Windows for gaming. 00:33:41.300 --> 00:33:43.780 And I thought, right, how far can Codex get me? 00:33:43.920 --> 00:33:45.720 You know, the OpenAI version of Claude Code. 00:33:46.020 --> 00:33:50.780 And I installed Arch myself and then I said, right, I want this desktop to look like this. 00:33:50.860 --> 00:33:52.520 I want this kind of vibe. 00:33:52.620 --> 00:33:55.260 I want like an Ubuntu kind of orange vibe. 00:33:55.260 --> 00:34:02.900 I want Wayland compositor for my display and I want it to all log in seamlessly and blah, blah, blah, blah, blah. 00:34:03.040 --> 00:34:04.020 I want these fonts. 00:34:04.120 --> 00:34:05.440 I want my fan curves to be this. 00:34:05.680 --> 00:34:10.320 And I just let it cook and maybe half an hour later I came back and my system was just configured. 00:34:10.640 --> 00:34:10.720 Wow. 00:34:10.760 --> 00:34:11.420 And it's amazing. 00:34:11.920 --> 00:34:15.700 And you can do the same thing with a lot of like, like backup script. 00:34:15.820 --> 00:34:18.980 You can literally say to Codex, these are my requirements. 00:34:19.520 --> 00:34:25.080 I want you to take a snapshot before you do any kind of Docker compose operation. 00:34:25.460 --> 00:34:28.240 And it will do it, whether it's via an alias or whatever. 00:34:28.420 --> 00:34:31.220 I don't, the mechanics don't matter. 00:34:31.300 --> 00:34:37.760 But the point is a lot of this stuff you can protect yourself from yourself now with so much less cognitive load than you used to have. 00:34:37.940 --> 00:34:41.880 You can then configure it to backup offsite to all sorts of different places. 00:34:41.880 --> 00:34:54.580 There's a, there's a wonderful service called ZFS.rent, which if you're not familiar is a way of, you basically send them a hard drive and they will put it into a server somewhere and you pay, I think it's $10 a month for that hard drive slot. 00:34:54.720 --> 00:34:59.760 And then you can replicate all of your photos encrypted over the internet to ZFS.rent. 00:34:59.940 --> 00:35:01.760 And it's, it's 10 bucks a month. 00:35:01.840 --> 00:35:03.460 And then you've got that peace of mind. 00:35:03.460 --> 00:35:04.280 That's wild. 00:35:04.440 --> 00:35:05.380 I had no idea about this. 00:35:05.440 --> 00:35:06.800 This is a really interesting way. 00:35:06.820 --> 00:35:07.780 It's a great service. 00:35:08.020 --> 00:35:09.240 I have several friends that use it. 00:35:09.440 --> 00:35:09.680 Okay. 00:35:10.020 --> 00:35:12.820 Yeah, that's really cool because backup is certainly one of them. 00:35:13.140 --> 00:35:14.980 And that, that's not just export the data. 00:35:14.980 --> 00:35:24.660 That's like making sure the app runs so that you can actually get to the data that's in the, you know, Postgres DB that's running in the little Docker composed network that it created when you ran it and so on, right? 00:35:24.880 --> 00:35:26.580 There's plenty of other options with backups too. 00:35:26.700 --> 00:35:35.260 Like Backblaze is a decent one, although they were in the news fairly recently for some, I don't know, they stopped backing up OneDrive folders and just did it silently. 00:35:35.880 --> 00:35:39.540 And I don't know, you know how Reddit likes to go, go, go in on people. 00:35:40.000 --> 00:35:42.460 So I don't know, Backblaze, they've been there for a long time. 00:35:42.540 --> 00:35:43.720 They're a pretty reliable option. 00:35:44.080 --> 00:35:56.440 You could also, if you want to do it fully self-hosted, Hetzner, you know, VPS provider, they have what's called a storage box, which you can usually bid on, which I think they cost somewhere typically between 30 to 50 euros a month. 00:35:56.640 --> 00:36:02.900 So it's not the cheapest option, but if you want that level, that amount of storage offsite, it gets expensive. 00:36:03.060 --> 00:36:04.160 That's just the reality of it. 00:36:04.740 --> 00:36:14.200 When the business model is just storage and not farming your data and mining you for advertising stuff, it turns out storage is expensive. 00:36:14.560 --> 00:36:16.360 Yeah, that's what you got to pay for it if you're not the product. 00:36:16.720 --> 00:36:27.580 Yeah, but these things have enough storage that between you and a few mates, you could probably split it up into different ZFS datasets and replicate that way and, you know, split the bill a little bit as it were. 00:36:27.580 --> 00:36:31.500 Are there self-hosting things that really stand out for you that you're a big fan of? 00:36:31.780 --> 00:36:32.340 Like apps? 00:36:32.580 --> 00:36:37.760 The real problem aspect is one for me, I think, that's critical to it, to the success. 00:36:37.860 --> 00:36:40.040 You know, I talked about photos as being one example. 00:36:40.400 --> 00:36:41.440 Home automation is another. 00:36:41.540 --> 00:36:44.580 As you said, you'd have the home assistant guys on this podcast before. 00:36:45.160 --> 00:36:53.060 We actually had Paulus on self-hosted a while ago and, you know, those guys, what they're doing with the Open Home Foundation is amazing. 00:36:53.480 --> 00:37:01.480 Again, they're eschewing the status quo of five different apps for five different ecosystems and making everything talk to everything else and it's amazing. 00:37:01.820 --> 00:37:11.720 And, you know, for me in this studio, for example, I've got one, two, three different ecosystems just for my studio lights and it's all brought under Home Assistant in one place. 00:37:11.880 --> 00:37:13.240 And so for me, that solves a real problem. 00:37:13.320 --> 00:37:16.380 So when Home Assistant is down, okay, it's not the biggest deal. 00:37:16.380 --> 00:37:18.280 I have to walk around and turn three sets of lights off. 00:37:18.480 --> 00:37:19.260 Okay, fine. 00:37:19.260 --> 00:37:30.940 But when you start to add all of the different ecosystems in your house together, like your thermostats, you know, I have a mini split up there that I control through an ESP32 with like a serial connection. 00:37:31.300 --> 00:37:41.660 I then have an Ecobee thermostat downstairs and so that's two ecosystems just for the climate in the house and then my garage doors are another ecosystem and so it continues. 00:37:41.820 --> 00:37:47.900 And so solving real problems and bringing them back behind the firewall really is the idea for me. 00:37:47.900 --> 00:37:54.760 Just, I don't know, it helps me sleep better at night but it's also in many cases just more convenient and less hassle. 00:37:55.100 --> 00:38:02.420 The unification really that Home Assistant brings is really one of the biggest because everybody's got their janky little app that they think is so special, you know what I mean? 00:38:02.720 --> 00:38:03.140 Yeah. 00:38:04.080 --> 00:38:14.400 And I don't blame manufacturers necessarily for going that route because the way the internet was designed is it's, you know, I have something on this desk, right? 00:38:14.460 --> 00:38:19.220 How would the manufacturer talk to it to control it through a smartphone app? 00:38:19.380 --> 00:38:22.720 The only guarantee you've got is that a cloud server exists. 00:38:23.080 --> 00:38:35.360 You can't control whether the user is necessarily on the same Wi-Fi and in fact, we've seen over the last 20 years as technology's evolved that I remember unboxing products 20 years ago that just the usability was just horrid. 00:38:35.720 --> 00:38:43.780 You know, there are so many assumptions the manufacturers have to make about the environment it's going to land in, the Wi-Fi situation, the smartphone it's going to run on, blah, blah, blah. 00:38:43.780 --> 00:38:55.400 And the only way you can really guarantee compatibility is to take control of that link and host the cloud component yourself and then have your users talk to your cloud and then have the cloud talk to the device. 00:38:55.560 --> 00:39:02.940 Even though I can reach out and touch the light that's up here, it has to go to the cloud first to talk to it just because it guarantees that user experience. 00:39:03.340 --> 00:39:03.540 I know. 00:39:03.860 --> 00:39:08.740 My lights that I have for my streaming setup, they don't even have on, you can't physically turn them on. 00:39:08.800 --> 00:39:10.380 The only way you can turn them on is over the network. 00:39:10.500 --> 00:39:10.820 It's weird. 00:39:11.120 --> 00:39:11.280 Yeah. 00:39:11.280 --> 00:39:13.500 Welcome to 2026. 00:39:14.020 --> 00:39:14.380 Exactly. 00:39:15.160 --> 00:39:18.060 How did we accept that that is normal? 00:39:18.480 --> 00:39:20.440 When did that become normal? 00:39:20.760 --> 00:39:21.420 I don't know. 00:39:21.760 --> 00:39:24.860 Now that I think about it, it should at least have an on button. 00:39:25.160 --> 00:39:25.520 Oh, well. 00:39:25.760 --> 00:39:26.080 Right. 00:39:26.300 --> 00:39:26.660 I know. 00:39:26.900 --> 00:39:28.580 So let's talk for a little while. 00:39:28.640 --> 00:39:39.660 Now we've sort of set the stage, talked about some awesome apps and motivation and so on, but let's talk a bit about actually how to do it because I'm sure there's, I don't know, let me throw out, I'll just speculate. 00:39:39.660 --> 00:39:47.280 I bet there's 30 to 40% of the people are like, oh yeah, I'll just SSH into my setup as well and then I know what to do from there. 00:39:47.540 --> 00:39:54.100 And there's like maybe 20% of the people are like, I know what, I know I should SSH in there and the others are like, what is SSH? 00:39:54.400 --> 00:39:54.560 Yeah. 00:39:54.660 --> 00:40:00.920 So there's a lot of hesitation, I think, because you are kind of becoming a DevOps person. 00:40:01.080 --> 00:40:03.560 Like you're running probably in Docker, maybe on Linux. 00:40:03.700 --> 00:40:05.720 It's not on your main machine, most likely. 00:40:06.040 --> 00:40:09.440 And then this whole backup sort of story that we talked about and restore. 00:40:09.720 --> 00:40:11.780 Like talk to people about some of the tech. 00:40:12.180 --> 00:40:19.760 It's inherently still a technical occupation and there isn't still really a great way around some of that. 00:40:19.980 --> 00:40:21.280 Now we're on a Python show. 00:40:21.520 --> 00:40:24.420 We understand that abstractions exist, right? 00:40:24.660 --> 00:40:27.360 Python, of course, itself is an abstraction above something else. 00:40:27.820 --> 00:40:35.180 There are lots of companies that will tell you and will try and sell you abstractions on top of this self-hosting layer that I'm talking about. 00:40:35.280 --> 00:40:36.240 Well, Docker is an abstraction. 00:40:36.640 --> 00:40:41.860 Linux is technically an abstraction, although let's just not talk machine code. 00:40:42.140 --> 00:40:45.140 Let's just deal in, let's just treat Linux as the base. 00:40:45.480 --> 00:40:45.600 Yeah. 00:40:45.660 --> 00:40:46.480 Assume you have an OS. 00:40:46.600 --> 00:40:46.740 Okay. 00:40:47.040 --> 00:40:47.320 Yeah. 00:40:47.600 --> 00:40:48.680 I think that's fair. 00:40:49.160 --> 00:40:49.420 I agree. 00:40:50.560 --> 00:40:55.340 You know, there are, I have a couple of, I don't know if you can see it in camera, probably not. 00:40:55.440 --> 00:40:58.780 I've got a couple of Zima Board 2s on test, which they sent me for review for YouTube. 00:40:59.180 --> 00:41:01.700 And they have a, they have something called Zima OS. 00:41:02.020 --> 00:41:03.800 Z-I-M-A-OS. 00:41:03.800 --> 00:41:03.940 Z-I-M-A-OS. 00:41:04.280 --> 00:41:07.140 And, you know, it's pretty good. 00:41:07.340 --> 00:41:08.860 Like it's a, it's a one click. 00:41:09.060 --> 00:41:16.440 You can, it's got a little app store in it, like you have on your phone and you can install a lot of these apps in one click onto Zima OS. 00:41:16.820 --> 00:41:23.500 You can connect to USB hard drive and within maybe 20 minutes, half an hour, you've got a fairly functional setup. 00:41:23.660 --> 00:41:28.580 Now, is it the most buttoned up, most secure bulletproof thing in the world? 00:41:28.700 --> 00:41:30.040 No, almost certainly not. 00:41:30.040 --> 00:41:31.300 But it gets you started. 00:41:31.740 --> 00:41:37.860 And I think that is the real key is the best way to learn this stuff is to not think about it too much. 00:41:37.860 --> 00:41:40.960 It's just to do it in a fairly low stakes way. 00:41:41.360 --> 00:41:51.840 Don't try and switch from Spotify, for example, and convert your wife and your kids and everyone in your life to your self-hosted music streaming service overnight. 00:41:52.320 --> 00:41:54.420 Softly, softly, slowly, slowly, catchy monkey. 00:41:54.820 --> 00:42:09.200 You know, it's one of those things that you're probably going to need these things running in parallel for a little while until you feel comfortable enough that when you wake up at 7am and the streaming service that you've built in your basement doesn't work and the kid can't 00:42:09.200 --> 00:42:17.280 watch their episode of cartoons before school or whatever, do you want to have to log in at 7am via SSH to your server and fix it? 00:42:17.460 --> 00:42:18.440 No, I never do. 00:42:18.560 --> 00:42:32.660 It turns out that's not something I want to do, but it's something I've had to do a few times because I've made mistakes either in not rotating logs properly or a disk filled up or there was a hardware failure or the list goes on and it's just, you know, you're trading some convenience 00:42:32.660 --> 00:42:47.140 for ownership and the transaction is different and some of the cost there is in you and your time, but I will always advocate for people to learn these skills because I think in the modern world 00:42:47.140 --> 00:42:49.320 they are such basic fundamental skills. 00:42:49.420 --> 00:43:03.380 I wouldn't put them quite in the same bracket as learning how to do plumbing or electrical work or something like that, but this stuff, you know, everybody takes photos everybody listens to music and why should we continue to enrich the pockets 00:43:03.380 --> 00:43:12.680 of Megacorps when we have the tools and the capabilities to do this stuff ourselves if we're just willing to put a few weekends aside and learn it? 00:43:12.920 --> 00:43:13.400 It's a great point. 00:43:13.820 --> 00:43:15.460 I guess start small. 00:43:15.740 --> 00:43:16.420 These little... 00:43:16.420 --> 00:43:17.460 Start small, yeah. 00:43:17.540 --> 00:43:26.860 These home or these self-hosting OSes, I guess they sort of call it, it tries to bring kind of an app store experience to the self-hosting. 00:43:26.860 --> 00:43:29.220 Another one that I would say is Coolify. 00:43:29.640 --> 00:43:30.560 I don't know if you're familiar with Coolify. 00:43:30.560 --> 00:43:31.200 Coolify's great. 00:43:31.440 --> 00:43:31.940 Yeah, I'm sure. 00:43:32.120 --> 00:43:32.420 Yeah, cool. 00:43:32.620 --> 00:43:34.700 I did some stuff with Coolify for a while. 00:43:35.120 --> 00:43:35.660 It's a little similar. 00:43:35.660 --> 00:43:38.000 And you don't even need anything in your house with Coolify. 00:43:38.360 --> 00:43:42.260 They will do hosted versions of these self-hosted apps if that even makes sense. 00:43:42.400 --> 00:43:48.620 But essentially, you're still running the service, you're paying to run the service on their infrastructure. 00:43:49.160 --> 00:43:58.000 And so all of the stuff we talked about around digital sovereignty and privacy and business models all remains true except for the fact the compute doesn't live behind your firewall. 00:43:58.180 --> 00:43:59.200 It lives somewhere else. 00:43:59.500 --> 00:44:10.960 Yeah, and you can even do things with Coolify such as get a server at Hetzner or DigitalOcean, create an account at Coolify, and then basically install their Daemon thing on your app. 00:44:11.080 --> 00:44:12.600 And then through there, a little management. 00:44:12.700 --> 00:44:14.200 You're managing multiple servers running. 00:44:14.620 --> 00:44:18.520 I wanted to love Coolify and I think the idea is great. 00:44:18.520 --> 00:44:28.480 I found that I ended up juggling so much more UI settings where I'm like, you know, if I just had a Docker Compose file, I could just define and replace or something. 00:44:29.060 --> 00:44:29.460 Yeah. 00:44:29.680 --> 00:44:31.840 Such is the life of an abstraction, right? 00:44:31.860 --> 00:44:39.060 You trade certain complexities for certain decisions that the main, I mean, look at Apple, right? 00:44:39.100 --> 00:44:44.060 We're always looking at macOS going, oh, I wish it, why are they doing it that way? 00:44:44.360 --> 00:44:48.100 Well, you outsource that decision and the same is true with Coolify. 00:44:48.520 --> 00:45:00.900 And any other abstraction that you choose as part of this stack, like even Docker, for example, is an abstraction, as I said, and you are making a certain set of, you're outsourcing a certain set of decisions to Docker in how things work. 00:45:01.040 --> 00:45:02.540 It's just a reality of the world. 00:45:02.700 --> 00:45:03.500 Yeah, that's a really good point. 00:45:03.600 --> 00:45:05.000 That's, you know, you choose your abstraction. 00:45:05.320 --> 00:45:19.700 So I bring it up because I do feel like people who are hesitant to do this kind of stuff, this is a really good option to get you started and get you comfortable and like, ah, what if I, maybe I could just run it myself after you're comfortable, you know, you work your way down until you, you know, 00:45:19.940 --> 00:45:20.820 gain some of these skills. 00:45:21.200 --> 00:45:22.560 What about Linux? 00:45:22.940 --> 00:45:28.640 You know, one of the things that I think is both a hesitation for doing this at all, but also a hesitation to use Docker. 00:45:28.740 --> 00:45:30.220 It's like, well, I could just do it on Linux. 00:45:30.560 --> 00:45:33.700 At first you're like, well, I can't do Linux or Linux is intimidating to me. 00:45:34.020 --> 00:45:34.920 Eventually you get that skill. 00:45:35.020 --> 00:45:36.560 You're like, well, I could just put it on my machine. 00:45:36.760 --> 00:45:39.700 Why do I need to actually use all this Docker complexity? 00:45:39.700 --> 00:45:43.720 It is the repeatability for me, at least. 00:45:44.060 --> 00:45:50.300 So what Docker brings to the table is a unified interface to running headless applications. 00:45:50.520 --> 00:45:57.020 I can define using a Docker compose file, which is just a short YAML file in maybe 15 lines. 00:45:57.160 --> 00:45:59.800 I can say, right, this is the name this container is going to get. 00:46:00.040 --> 00:46:04.420 These are the exact directories this application is allowed to access on my system. 00:46:04.740 --> 00:46:08.080 My photos app, for example, doesn't need access to my music library. 00:46:08.420 --> 00:46:11.640 And so you reduce the blast radius of anything going wrong. 00:46:11.920 --> 00:46:13.640 These are the ports it's allowed to access. 00:46:13.960 --> 00:46:18.320 These are the kernel capabilities it's allowed to have if you want to get that deep. 00:46:18.560 --> 00:46:26.140 You can turn off from a security perspective, you know, the photos app, for example, probably doesn't need a huge amount of kernel permissions to operate effectively. 00:46:26.520 --> 00:46:27.880 Turn off the stuff it doesn't need. 00:46:27.880 --> 00:46:41.180 And then that way, if there is a supply chain attack or a vulnerability exposed, the application itself becomes so much less of an attack vector because it literally physically has no access to certain bits of the kernel. 00:46:42.100 --> 00:46:55.260 You know, when you keep going down the list of what Docker Compose can provide for you, within 15 lines you can define an entire application's deployment and then store it in GitHub completely securely, safely. 00:46:55.640 --> 00:46:57.400 Obviously don't put secrets in GitHub, people. 00:46:57.560 --> 00:46:58.820 Please do not do that. 00:46:58.920 --> 00:47:03.060 But there are plenty of ways to sort of store secrets locally. 00:47:03.320 --> 00:47:10.340 I think there's something called OpenBow, which is a local fork of HashiCorp Vault as a secret management. 00:47:10.500 --> 00:47:13.000 You can use Bitwarden CLI, you can use 1Password. 00:47:13.400 --> 00:47:15.160 There's many ways to store secrets. 00:47:15.920 --> 00:47:19.420 Again, for me, it's like, why do we need things like Docker to exist? 00:47:19.700 --> 00:47:21.500 It's because it's a universal language. 00:47:21.760 --> 00:47:32.060 I can ship you a Docker Compose YAML or any developer assistant can ship a Compose file alongside their applications and I don't need to know anything about you or your application. 00:47:32.460 --> 00:47:41.040 I just run Docker Compose pull up and suddenly all of it's like in the Kubernetes where it's like an operator, in the Windows where it's like an installer. 00:47:41.260 --> 00:47:52.660 You're capturing all of the knowledge that you have about how to run your application successfully into this artifact which I then just pull down and deploy and run and it removes all of that complexity. 00:47:52.660 --> 00:47:56.620 Beyond Docker, you mentioned a lot of the Docker Compose stuff. 00:47:56.860 --> 00:47:57.320 You're right. 00:47:57.600 --> 00:48:00.280 I'm going to define the networking, what things can talk to what. 00:48:00.360 --> 00:48:01.480 I'm going to define the storage. 00:48:01.640 --> 00:48:08.700 I'm going to define the visibility over the firewall sort of levels of things and it's great. 00:48:08.920 --> 00:48:10.380 I just looked on my server. 00:48:10.520 --> 00:48:15.860 I have three different versions of Postgres running from different apps that are like, oh no, we use Postgres 16. 00:48:16.000 --> 00:48:18.160 Oh, we use 18 or whatever it is. 00:48:18.560 --> 00:48:22.320 It's like, how are you going to manage that if you install more than just a handful of things? 00:48:22.320 --> 00:48:26.340 They all want these different servers and what a hassle, right? 00:48:26.380 --> 00:48:33.620 But because it's all contained within their own little network that they see, it's fine to run through because they all use the same port but they're not conflicting. 00:48:33.900 --> 00:48:35.940 Yeah, that version of Postgres has no idea. 00:48:36.100 --> 00:48:43.580 You could spin up 20 different Postgres 16s on the same server because all a container is really just process isolation in memory. 00:48:43.820 --> 00:48:46.340 You want to think of it like that as a mental explanation? 00:48:46.880 --> 00:48:53.620 All you're doing is taking your RAM and slicing it up into tiny little boxes and then placing that process inside that box. 00:48:54.240 --> 00:49:01.140 It can't, that process then can't see anything outside of that box unless you give it specific and explicit permissions to do so. 00:49:01.360 --> 00:49:03.620 And that's why containers have taken over the world if you ask me. 00:49:03.920 --> 00:49:04.160 I agree. 00:49:04.260 --> 00:49:13.480 I always thought that they were another level of complexity until I realized all the stuff you put in the Docker file is basically what you would have had to ad hoc type into your Linux machine anyway. 00:49:13.580 --> 00:49:14.560 So you've got to know it anyway. 00:49:14.880 --> 00:49:15.520 Yeah, you do. 00:49:15.840 --> 00:49:15.960 Yeah. 00:49:15.960 --> 00:49:19.740 I mean, the Docker file is basically just a bash script just with bells on. 00:49:19.760 --> 00:49:19.980 Yeah, yeah. 00:49:20.160 --> 00:49:24.460 You just put run or env or something in front of all the commands. 00:49:24.700 --> 00:49:39.600 Let's come back to your comment on codex and AI because for as intimidating as these things are now, they're way less intimidating if you just have cloud code or codex and you say, hey, explain this line to me or I need this to happen. 00:49:40.040 --> 00:49:40.840 Here's the file. 00:49:40.980 --> 00:49:42.860 Why is it not happening or how do I make it happen? 00:49:42.860 --> 00:49:45.540 That is an absolutely achievable thing. 00:49:45.940 --> 00:49:50.460 even stuff like last week, my server was running slowly. 00:49:50.780 --> 00:49:51.460 I didn't know why. 00:49:51.740 --> 00:49:53.440 The CPU wasn't busy. 00:49:53.740 --> 00:49:54.780 The RAM wasn't full. 00:49:55.100 --> 00:49:57.400 I looked at things like disk pressure. 00:49:57.640 --> 00:50:02.440 I looked at all the things I as a 15 year experience sysadmin knew where to look. 00:50:02.560 --> 00:50:03.300 Didn't see anything. 00:50:03.580 --> 00:50:06.620 And so then I had codex go and look at it via SSH. 00:50:06.800 --> 00:50:09.340 I was running it on my laptop and I said, right, you have permission via SSH. 00:50:09.520 --> 00:50:10.620 Go look at this server. 00:50:10.960 --> 00:50:11.740 Tell me what's wrong. 00:50:11.740 --> 00:50:19.660 And it turned out there was some spiking on certain NAND chips on the SSD when it was trying to write to certain sectors of the disk. 00:50:19.760 --> 00:50:21.900 It was causing massive IO weight. 00:50:22.220 --> 00:50:26.200 And I didn't catch that because it didn't make those writes during but codex ran overnight. 00:50:26.780 --> 00:50:30.860 And whilst I was sleeping it was still doing the checks and still finding finding out what was going on. 00:50:30.940 --> 00:50:35.220 And it turned out that the SSD, my boot SSD was on the verge of failing. 00:50:35.420 --> 00:50:38.020 It just hadn't marked itself as failing in smart yet. 00:50:38.280 --> 00:50:41.900 And it presented me this report, gave me all the diagnostics, it ran and yada yada. 00:50:41.900 --> 00:50:43.740 I would never have caught that. 00:50:43.900 --> 00:50:44.000 No. 00:50:44.420 --> 00:50:45.600 Not until it failed. 00:50:45.940 --> 00:50:47.120 And then I'd have caught it. 00:50:47.180 --> 00:51:00.820 But now I have time to go out and research the correct SSD to replace it and not pay rush shipping and all of this stuff because the robots went out and basically did my job for me. 00:51:01.100 --> 00:51:08.860 I mean, it's like, on the one hand, AI is one of these things of like, we're ushering in the very thing that's going to replace us as humanity. 00:51:08.860 --> 00:51:10.500 But I don't see it that way. 00:51:10.640 --> 00:51:13.960 Like, burying your head in the sand and saying, you know, vibe coded, slop this, that and the other. 00:51:14.060 --> 00:51:17.080 Like, it's not, it's not really a mature take on it, in my opinion. 00:51:17.200 --> 00:51:19.280 Yes, there's a lot of, there's a lot of slop out there. 00:51:19.400 --> 00:51:23.520 Yes, there's a lot of, like, but we shouldn't be replacing art with AI. 00:51:23.760 --> 00:51:29.600 Like, art fundamentally is a human endeavor and the reason it is valuable is because of the human effort that went into it. 00:51:29.760 --> 00:51:31.360 You'll never replace that with a robot. 00:51:31.720 --> 00:51:38.500 And, not even including the fact that everything that an AI does by its very nature is derivative of something that's actually being done before. 00:51:38.800 --> 00:51:41.640 So, you're never getting anything truly new and truly revolutionary. 00:51:42.520 --> 00:51:48.360 When it comes to, like, boring, menial tasks, like figuring out why my server's slow, have at it. 00:51:48.860 --> 00:51:52.660 I don't want to, I don't really want to be debugging that all night. 00:51:52.940 --> 00:51:53.080 Yeah. 00:51:53.300 --> 00:52:05.080 The recent thing I did with DevOps, Docker, and AI was I wanted to do a new self-hosting app and I want to serve it out of the same server as some other ones, but I don't want them to interact with each other. 00:52:05.080 --> 00:52:10.680 I don't even want them on the same network, but the NGINX front end has to be able to get to both of them. 00:52:11.240 --> 00:52:20.280 So, I'm like, all right, log code, how do I create a second network that still the one container can see both of the networks, but this one can't see, you know what I mean? 00:52:20.320 --> 00:52:23.740 Like, I'm like, how do I actually make that happen without breaking anything? 00:52:23.900 --> 00:52:24.400 It just knows. 00:52:24.760 --> 00:52:26.060 Yeah, it's like, this is what you do. 00:52:26.160 --> 00:52:30.600 This is the commands you run to, like, create the external network and then here's the settings and all the compose files. 00:52:30.740 --> 00:52:32.880 You restart them in this order so stuff doesn't break. 00:52:32.880 --> 00:52:33.920 I'm like, wow, okay. 00:52:33.920 --> 00:52:48.280 If you know just enough to be dangerous on a topic and you can guide it through the hallucinations that it does, it makes you incredibly powerful and so, for that reason, at least for the foreseeable future, I don't think it's going to replace, you know, 00:52:48.400 --> 00:52:48.960 everybody. 00:52:49.760 --> 00:53:04.160 There are for sure certain tasks and certain things that humans will be less required for and I think, you know, we're on the cusp of either the greatest change in humanity's labor since the Industrial Revolution or, 00:53:04.680 --> 00:53:18.820 and the economics will bear this out one way or the other, you know, forces at play here much bigger than either of us, or it will just turn out to be inordinately too expensive to do that for a very long time and then the progress and investment will stop 00:53:18.820 --> 00:53:28.320 and either a lot of very smart people are betting an awful lot of money and they're all wrong or there is actually something to this and we will see, I guess. 00:53:28.320 --> 00:53:38.920 Yeah, I think it's being misused for a lot of stuff but I also think that there's areas where it's incredibly helpful and this computer stuff in general, programming, DevOps, amazing. 00:53:39.160 --> 00:53:40.980 So we're getting short on time, Alex. 00:53:41.100 --> 00:53:45.920 I feel like we've only scratched the surface like for real but let's talk about Tailscale. 00:53:46.280 --> 00:53:50.980 I want to talk, I want to take one step back before we jump into Tailscale and just put out a warning. 00:53:51.240 --> 00:53:54.120 This is something that really blew my mind when I saw it. 00:53:54.120 --> 00:54:00.760 So when we're running our self-hosted apps, obviously we want to have security, limited access potentially. 00:54:01.200 --> 00:54:03.500 You might be running them at home and so how do you access them? 00:54:03.540 --> 00:54:17.940 There might be a bunch of funky networking things that people do but just as a quick PSA, I want to point out that, from here, other window, if you're using something like uncomplicated firewall in your Docker Compose file, you say, 00:54:18.240 --> 00:54:31.860 listen on 00, just default, like this port maps to that port, that's effectively 0000, that port, like listen on all the things and you're using something like uncomplicated firewall or one of these other things that manipulates the IP tables. 00:54:32.280 --> 00:54:38.560 Docker says, you know, Docker and UFW use firewall rules in ways that make them incompatible. 00:54:38.660 --> 00:54:49.400 That is like, things like UFW don't block access to your Docker stuff so something else, something stronger like a cloud firewall or things like that, right? 00:54:49.460 --> 00:54:59.820 Like on my servers, I have a at the cloud hosting level don't let anything access stuff but 80 and 443 or whatever and, you know, limited access to SSH. 00:54:59.980 --> 00:55:03.700 But if I didn't have that and I just used UFW, that would be not ideal. 00:55:04.220 --> 00:55:06.080 so let's talk about firewalls for a minute. 00:55:06.240 --> 00:55:08.460 I think there's a couple of things at play. 00:55:08.840 --> 00:55:13.700 One is you're hosting a public facing service like a website, right? 00:55:13.700 --> 00:55:15.580 That clearly has to be on the public internet. 00:55:15.800 --> 00:55:16.600 There's no way around that. 00:55:16.680 --> 00:55:24.500 The whole purpose of a website or an API probably is to be hit remotely and provide a response. 00:55:24.820 --> 00:55:32.360 But when we're talking about self-hosted infrastructure, the only customer is you, maybe your family, maybe a few friends. 00:55:32.680 --> 00:55:40.100 And so the idea behind Tailscale is to bring that connectivity back to be a more personal level. 00:55:40.460 --> 00:55:45.080 You know, our free tier, for example, at Tailscale has a six user limit. 00:55:45.380 --> 00:55:46.820 It has unlimited devices. 00:55:46.820 --> 00:55:51.300 And so the idea there is that you and your family all live in the same tail net. 00:55:51.560 --> 00:55:57.300 You make sure that Tailscale is installed on your server in your basement or wherever it happens to be. 00:55:58.080 --> 00:55:59.580 And it's installed on your phone. 00:55:59.720 --> 00:56:03.980 It creates a wire guard tunnel underneath, encrypted, end-to-end. 00:56:04.240 --> 00:56:08.280 And Tailscale makes a direct connection between those two devices with no middleman. 00:56:08.620 --> 00:56:18.160 And so the way that Tailscale remains free is because we ask people, we give it away for free for a lot of it, but then we ask those people to champion us at work. 00:56:18.480 --> 00:56:21.920 And we just crossed 30,000 paying customers just last week, I believe. 00:56:22.220 --> 00:56:29.820 And so each of those paying customers, well, not all of them, but a large number came through that funnel of, well, this is awesome. 00:56:29.900 --> 00:56:31.000 Why are we not using this at work? 00:56:31.260 --> 00:56:31.360 Yeah. 00:56:31.620 --> 00:56:36.260 So let me just sort of give the elevator pitch for people, I think, how cool this is. 00:56:36.480 --> 00:56:44.780 One way to self-host is I've got this running on a spare computer of whatever sort, Mac Mini, small, NUC, whatever, on your home network. 00:56:44.980 --> 00:56:46.840 You want access to it while it's traveling. 00:56:47.240 --> 00:56:50.220 The not great way is just, well, let's just put that on the internet. 00:56:50.480 --> 00:56:53.400 I'm going to open up a port on my router. 00:56:53.760 --> 00:56:55.900 I mean, just think back to the LastPass thing, right? 00:56:55.920 --> 00:56:58.940 How did LastPass get this huge takeover a few years ago? 00:56:59.340 --> 00:57:04.380 The one of the devs was running a Plex server on the open internet and didn't patch it. 00:57:04.500 --> 00:57:05.400 That got taken over. 00:57:05.660 --> 00:57:11.300 They got lateral movement inside the network, gotten the access keys to LastPass, and down it goes, right? 00:57:11.300 --> 00:57:14.140 So that's a bad example of self-hosting. 00:57:14.480 --> 00:57:23.840 Better would be use something like Tailscale, never open any ports at all, but when you're on the Tailscale network, you see into the networks where it's running. 00:57:23.940 --> 00:57:31.560 You see into your home network even when you're away, or you see into your server infrastructure even though zero ports are open. 00:57:31.880 --> 00:57:33.280 And that to me is just kind of magical. 00:57:33.280 --> 00:57:42.140 Yeah, if you want to learn more about it, I won't get into the specifics here, but there is a blog post called How Tailscale Works at tailscale.com. 00:57:42.220 --> 00:57:44.120 I'll send Michael a link to put in the show notes. 00:57:44.740 --> 00:57:51.400 And essentially, the magic there is we abused like stateful firewalls and how they work a little bit to do something called Nat traversal. 00:57:51.780 --> 00:57:58.340 So the idea is that there weren't enough IPv4 addresses for every device in the world to get its own address and sit on the public internet. 00:57:58.640 --> 00:58:01.800 And so we created this abstraction called Network Address Translation. 00:58:01.800 --> 00:58:05.740 Each device sits behind a firewall and gets a local IP address. 00:58:06.060 --> 00:58:09.780 You've probably seen the 192.168.whatever numbers. 00:58:10.120 --> 00:58:15.500 That's a local IP address versus what you get like what'smyip.com or whatever. 00:58:15.760 --> 00:58:19.980 And that'll give you a totally different IP address than what your laptop has with inside the Wi-Fi. 00:58:20.280 --> 00:58:23.780 And so you've got to have something that's doing that translation between those two things and that's called NAT. 00:58:24.140 --> 00:58:34.580 Then Tailscale punches through that NAT and makes a direct connection from your phone at the coffee shop over 5G through your residential firewall with no ports open to your server running under the stairs. 00:58:35.220 --> 00:58:36.260 It's super seamless. 00:58:36.440 --> 00:58:37.200 Yeah, it's super seamless. 00:58:37.360 --> 00:58:42.680 So I use it for things like I have a local LLM running on my Mac. 00:58:42.680 --> 00:58:43.000 Oh, yeah. 00:58:43.360 --> 00:58:56.180 And then if I'm at the coffee shop, then I just make sure I'm on the Tailscale network and I can still run apps that talk to my OpenAI API over my self-hosted LLM as if it was running on my laptop, but it's not, right? 00:58:56.240 --> 00:58:56.400 Yeah. 00:58:56.560 --> 00:58:58.160 Remember what we said at the beginning of the show? 00:58:58.160 --> 00:59:05.620 Like the rabbit hole goes deep and if you can think of a proprietary service, there's almost certainly a self-hosted alternative to it. 00:59:05.900 --> 00:59:08.200 AI is another one that you can self-host. 00:59:08.320 --> 00:59:12.020 So if you have a Mac Mini, we all heard about OpenClaw a few weeks ago, right? 00:59:12.780 --> 00:59:15.080 You can put it on your gaming rig. 00:59:15.160 --> 00:59:19.980 If you have an NVIDIA GPU in your gaming rig, you can use that for local AI. 00:59:20.380 --> 00:59:28.680 I mean, the rabbit hole is, if you're a curious person, I apologize in advance if you've not looked into self-hosting because it will consume you for a little bit. 00:59:28.860 --> 00:59:29.560 It's just how it goes. 00:59:29.860 --> 00:59:34.460 It is definitely how it goes and it's very satisfying as you start to make progress in it. 00:59:34.720 --> 00:59:36.000 Alex, I think that's it for our time. 00:59:36.420 --> 00:59:38.300 Final thoughts for people who want to get started. 00:59:38.400 --> 00:59:39.120 How would they get started? 00:59:39.820 --> 00:59:42.080 Oh, how would they get, oh gosh, that's a broad question. 00:59:42.760 --> 00:59:43.120 Hmm. 00:59:43.440 --> 00:59:55.280 Well, if you want to learn more about building a server in and of itself, I run a website at perfectmediaserver.com where you can learn how to build basically a Linux server with some storage in it to replace Netflix or something. 00:59:56.160 --> 00:59:57.560 I mean, I don't know. 00:59:57.720 --> 01:00:00.440 Awesome self-hosting is a good place to get started. 01:00:00.640 --> 01:00:02.500 There are dozens of YouTube guides. 01:00:03.000 --> 01:00:08.820 Just type self-hosting in and just watch a couple of hours worth of YouTube and you'll get a pretty good idea. 01:00:09.320 --> 01:00:21.720 And then from there, like I say, it's all about figuring out what problems you're trying to solve and then what shape that problem takes versus what your budget is, what your personal risk tolerances are and all that kind of stuff too. 01:00:21.800 --> 01:00:28.500 There's a lot that goes into it, but if you want to reach out to me, alex.ktz.me, you can come find me. 01:00:28.540 --> 01:00:30.580 I'm on Discord all over the place and I'll say hi. 01:00:30.780 --> 01:00:31.280 I'd love to chat. 01:00:31.560 --> 01:00:32.040 Yeah, awesome. 01:00:32.160 --> 01:00:39.140 I'll certainly link to your connections on the website, on the show notes and I do want to give a shout out to Tailscale. 01:00:39.480 --> 01:00:45.620 I think people should certainly consider it as part of the connectivity of all this stuff because it makes it so much simpler and so much safer. 01:00:45.860 --> 01:00:47.360 Not a sponsored episode. 01:00:47.880 --> 01:00:48.880 Hashtag not sponsored. 01:00:49.220 --> 01:00:49.360 Yeah. 01:00:50.300 --> 01:00:52.660 I'm just a corporate shill for free today. 01:00:52.660 --> 01:01:04.840 For me, I found out about it a couple years ago and I'm like, this solves all the problems and I was just such a fan and so I just want to make, you know, I think it's really a way that things get quite simplified for it. 01:01:05.100 --> 01:01:18.120 It was the same for me and I enjoyed it so much and I've been trying to solve this remote access problem as a self-hoster for, I didn't know it, but for 20 years I opened firewall ports to do remote desktop from school to my house when I was a teenager. 01:01:18.320 --> 01:01:29.600 You know, like, I've been trying to solve this problem for a very long time and I installed Tailscale one weekend three years ago and was like, holy cow, this is amazing and I got a job here because I liked it so much. 01:01:29.940 --> 01:01:30.300 Beautiful. 01:01:30.720 --> 01:01:32.900 Well, I really appreciated you coming on the show. 01:01:33.260 --> 01:01:33.740 Learned a lot. 01:01:34.000 --> 01:01:34.300 Thanks for being here. 01:01:34.300 --> 01:01:34.440 It was fun. 01:01:34.620 --> 01:01:35.400 Yeah, thanks for having me. 01:01:35.600 --> 01:01:36.360 Yeah, see you later. 01:01:37.100 --> 01:01:39.400 This has been another episode of Talk Python To Me. 01:01:39.560 --> 01:01:40.520 Thank you to our sponsors. 01:01:40.720 --> 01:01:42.000 Be sure to check out what they're offering. 01:01:42.180 --> 01:01:43.560 It really helps support the show. 01:01:44.120 --> 01:01:47.340 Temporal is hosting their yearly conference, Temporal Replay. 01:01:47.820 --> 01:01:52.200 Join your peers at Replay, the conference on orchestrating durable workflows and agents. 01:01:52.620 --> 01:01:54.320 May 5 to 7 in San Francisco. 01:01:54.840 --> 01:02:04.240 Visit talkpython.fm/temporal dash replay and use the code talkpython75, all one word, all caps, to save up to $449 on your ticket. 01:02:04.740 --> 01:02:16.920 If you or your team needs to learn Python, we have over 270 hours of beginner and advanced courses on topics ranging from complete beginners to async code, Flask, Django, HTML, and even LLMs. 01:02:17.160 --> 01:02:19.600 Best of all, there's no subscription in sight. 01:02:20.020 --> 01:02:21.780 Browse the catalog at talkpython.fm. 01:02:22.420 --> 01:02:27.100 And if you're not already subscribed to the show on your favorite podcast player, what are you waiting for? 01:02:27.500 --> 01:02:29.580 Just search for Python in your podcast player. 01:02:29.680 --> 01:02:30.540 We should be right at the top. 01:02:30.900 --> 01:02:33.860 If you enjoy that geeky rap song, you can download the full track. 01:02:33.860 --> 01:02:35.880 The link is actually in your podcast blur show notes. 01:02:36.440 --> 01:02:38.000 This is your host, Michael Kennedy. 01:02:38.200 --> 01:02:39.500 Thank you so much for listening. 01:02:39.680 --> 01:02:40.460 I really appreciate it. 01:02:40.860 --> 01:02:41.620 I'll see you next time. 01:02:41.620 --> 01:02:52.960 Talk Python and me. 01:02:52.960 --> 01:02:53.700 Talk Python and me. 01:02:53.700 --> 01:02:55.660 Can we be ready to roll? 01:02:57.040 --> 01:02:58.400 Upgrading the code. 01:02:59.160 --> 01:03:00.860 No fear of getting whole. 01:03:02.220 --> 01:03:05.840 We tapped into that modern vibe overcame each storm. 01:03:06.580 --> 01:03:07.840 Talk Python and me. 01:03:07.840 --> 01:03:09.260 I think is the norm.