Self hosting apps for Python people

00:00 The cloud is convenient, until it isn't.

00:02 You upload your photos, you sync your contacts, you click through the cookie banners, then prices go up, or you read about the family that lost their entire Google account over a medical photo sent to their doctor.

00:12 At some point, the question shifts from, why would I run this myself, to why aren't I?

00:18 My guest this week is Alex Kretzmar.

00:20 He's the head of DevRel at Tailscale, the longtime host of the Self-Hosted Podcast, and co-founder of LinuxServer.io.

00:27 We cover what self-hosting really means in 2026, the apps worth running yourself, like Image and Home Assistant, why Docker Compose ties it all together, and how Tailscale lets you reach any of it from anywhere without opening a single port.

00:41 If you've been thinking about pulling your digital life back behind your own walls, this is your roadmap.

00:46 This is Talk Python To Me, episode 546, recorded April 27th, 2026.

00:53 Talk Python To Me, yeah, we ready to roll, upgrading the code, no fear of getting old, async in the air, new frameworks in sight, geeky rap on deck, Quarth Crew, it's time to unite, we started in pyramid, cruising old school lanes,

01:08 had that stable base, yeah, sir.

01:09 Welcome to Talk Python To Me, the number one Python podcast for developers and data scientists.

01:14 This is your host, Michael Kennedy.

01:16 I'm a PSF fellow who's been coding for over 25 years.

01:20 Let's connect on social media.

01:21 You'll find me and Talk Python on Mastodon, Bluesky, and X.

01:25 The social links are all in your show notes.

01:28 You can find over 10 years of past episodes at talkpython.fm, and if you want to be part of the show, you can join our recording live streams.

01:35 That's right, we live stream the raw, uncut version of each episode on YouTube.

01:40 Just visit talkpython.fm/youtube to see the schedule of upcoming events.

01:44 Be sure to subscribe there and press the bell so you'll get notified anytime we're recording.

01:48 Temporal is hosting their yearly conference, Temporal Replay.

01:52 Join your peers at Replay, the conference on orchestrating durable workflows and agents.

01:57 May 5 to 7 in San Francisco.

01:59 Visit talkpython.fm/temporal dash replay and use the code TALKPYTHON75, all one word, all caps, to save up to $449 on your ticket.

02:10 Alex, welcome to Talk Python To Me.

02:12 Well, thanks for having me.

02:13 This is Comfy Surroundings. Hello.

02:15 I'm really excited to be talking about self-hosting, something I have talked around on the podcast a little bit, and I had the Home Assistant guys on for a while long ago when Home Assistant was this little boutique thing that people might find interesting.

02:29 Now it's kind of blown up, but I'm really looking forward to talking about digital sovereignty, running your own apps, not being dependent on huge tech companies for every little thing, and just the joy of finding something in open source

02:44 or just out there and going, hey, what if I just run that myself?

02:48 And so I thought of Alex, thought of you, and I said, hey, we got to talk about this.

02:52 Great, yeah.

02:52 Well, thanks for having me.

02:54 Yeah, you bet.

02:54 So before we dive into all those things, give people a bit of a background about yourself.

02:58 Yeah, well, I'm Alex.

02:59 I, as you perhaps can tell from the accent, originally hail from the UK.

03:03 I live in North Carolina these days, though, for my sins.

03:06 And I work for Tailscale.

03:08 I head up their DevRel department and primarily make YouTube videos for them.

03:13 You know, it's an interesting company to work for because it's all product-led growth.

03:18 So my job is to really get people enthused and excited about the product and all the interesting ways in which they can access their stuff remotely.

03:26 And then, I don't know, people bring it to work and that's how the company makes money.

03:31 So I get paid essentially to make YouTube videos about hacking on self-hosted applications.

03:36 And I still don't quite know how that happened.

03:39 I think you guys over at Tailscale are doing a great job.

03:42 We're going to go into it later when we get into sort of the security and accessing stuff of all the self-hosting things.

03:48 But I started using Tailscale a couple of years ago and yeah, it's fabulous.

03:52 So very nicely done.

03:55 So some other stuff I've done, I used to do a podcast called Self-Hosted, wrapped that up last year.

04:00 But I do a new one now called Bitflip with a few of my buddies.

04:03 And again, from the self-hosting universe, you can find out more about that at bitflip.show.

04:07 I hope some self-promotion's okay.

04:09 But please, yes.

04:10 No, that sounds great.

04:11 Because I was a little disappointed to hear that you shut down Self-Hosted, the podcast, because I was just getting into it.

04:16 And then, so you're back.

04:18 Yeah, we did it.

04:18 How does it differ?

04:19 Well, not much really.

04:21 So the weird thing was about Self-Hosted, and I don't know if you felt this with a show with Python in the name, but I kind of felt a little bit limited by the title because I tend to approach things from a very pragmatic angle.

04:34 We were just talking before we pressed record about how important Linux and open source and all this kind of stuff is.

04:41 And yet I'm using a MacBook to record, not Linux, because it's just bulletproof reliable for media applications.

04:47 And there are all these little compromises we make all throughout our digital lives.

04:50 And so Self-Hosted as a movement, particularly in the subreddit actually, is very opinionated.

04:59 And unless you're doing absolutely everything, lock, stock, 100% yourself, there are some people who say, well, you're holding it wrong.

05:06 You're not doing it properly.

05:08 My approach has always been, it's okay to have DigitalOcean run a VPS for me, but I've still got root to that VPS and I am hosting my own website.

05:17 I'm self-hosting my own websites.

05:18 But to some people that definition doesn't sit right.

05:21 And so- You got to be running on a Raspberry Pi in your basement.

05:25 If that's not the way it is, it's not true.

05:27 Right.

05:27 And we all know that there are just limitations to doing things, like maybe you're moving house and so your website would be offline for two weeks whilst you move house.

05:36 That's probably not okay.

05:38 Or there's a storm in your area or a water pipe bursts or like any number of fates can befall things in your house.

05:45 And I'm not saying these things can't happen to a data center, but there are just mitigations in place between, you know, even just things like ISP pairing and like the data center is probably in the middle of an internet exchange building, whereas my house definitely is not.

05:58 So I kind of wrapped up the self-hosted podcast just a little bit because I felt like, I don't think I feel this way anymore, but sort of 18 months ago when we wrapped it up, that self-hosting had, we kind of said all we needed to say and that as a movement,

06:12 it was just kind of bubbling away in the background and those that had found it were going to find it and it was just sort of ticking over.

06:18 But I don't know, self-hosting is all the line trendy these days.

06:22 I think I heard Linus on the WAN show on Friday literally saying that building a NAS is trendy.

06:28 And I'm like, what?

06:29 Is it?

06:30 Okay, cool.

06:32 Well, I'm here for it.

06:32 Yeah, I'm here for it as well.

06:34 And I'm glad to hear you're still carrying on with the podcast under a different banner.

06:37 Well, the reality is that a lot of this stuff, like I said, like I do for Tailscale and for Bitflip now is this is stuff I'm doing anyway.

06:45 Like my personal YouTube channel as well at KTZ Systems.

06:49 Like I just, I'm just always like, just out of shot over here.

06:52 There is a desk covered with like five of those little Lenovo mini PCs that I'm putting into a little Proxmox Ceph cluster because I woke up last week and my home assistant was down because my little Minis Forum MS01 had lit itself on fire in the middle of the night.

07:07 And I found, ah, where's a single point of failure?

07:09 I can fix that with some clustering and high availability and so the rabbit hole continues.

07:14 Yes, I love that you have a high availability on your home network.

07:18 I'm working on it, which is another story.

07:20 But so it turns out these little Lenovo PCs, you can pick them up for about $150 or so.

07:27 Even today, even in the hardware apocalypse that we're going through.

07:31 These, you know the ones I mean, like the little one liter PCs, right?

07:34 Usually bolted onto the back of a monitor in an office or something.

07:37 And you can pick those up for about $150 and they will run every self-hosted app you could possibly throw at them.

07:43 In reality, certainly just for individual use, they are absolutely all the average person needs as a home server.

07:50 And so one of the things I like to do with them is put what's called Proxmox on it, which is a hypervisor that lets you run virtual machines, something called LXCs, Linux containers, as well as Docker.

08:01 We love us some Docker, I understand.

08:04 Basically, if it doesn't run in Docker, I don't run it.

08:07 I'm just going to trigger some people in the audience, I'm sure.

08:10 You know what?

08:10 I'm with you.

08:11 When I go and look at one of these things that is potentially self-hosted, I'm like, well, where's the Docker Compose file?

08:16 Otherwise, I'm not sure we're going to be continuing down this path.

08:19 I mean, you Python people know all about standardized packaging formats and stuff like that.

08:23 Like the prevalence of pip and then these days, uv, of course.

08:27 Like, you know, these things matter.

08:29 They're like, how users round off those rough edges of how it gets from my keyboard in my lab to your computer and wherever you are.

08:38 Docker kind of closed that last 10%.

08:40 I mean, a lot of the primitives of Docker existed well before, like C groups and namespaces in the Linux kernel.

08:46 All that stuff existed for years before Docker came along.

08:50 All they did really was provide a standardized packaging format, which is really just a tarball, and a standard way of building those tarballs with a Docker file, like a recipe.

08:59 That was all they did, and provided a little bit of plumbing and networking.

09:02 Like, we just ignore all the technical details they did.

09:05 But essentially, they just closed that last 10% of usability, and suddenly, me, as a computer science student, could run any application in the world without having to dive into Systemd and init scripts and database migrations

09:20 and blah, blah, blah, blah.

09:21 It was just...

09:22 Yeah, complex networking, attached volumes.

09:24 Like, there's a lot of stuff going on there, yeah.

09:26 Yeah.

09:26 Docker is life in this house.

09:28 A long time ago now, I co-founded a website called Linuxserver.io.

09:32 I don't know if anybody in the audience has heard that, but it's the largest, I believe, sort of open-source containerization movement project on the internet, and that was born out of the fact that sort of 10, gosh, yeah, maybe 12 years ago

09:45 that Docker was pre-1.0, so it was very sort of nascent at that point, and it was...

09:52 There was just...

09:53 There were no standards.

09:54 Like, the readmes were all over the place, or if there even was one.

09:58 There were no sort of standardized base images.

10:00 People hadn't cottoned on to, like, supply chains, and, you know, today it's a hot topic, but sort of back then, it was, oh, if it runs, I'm happy, you know?

10:09 So Linux Server was sort of my attempt, our attempt, I should say, at fixing some of those issues, and, you know, we packaged up media server apps back in the day, like Plex, and some of the other slightly less salubrious

10:23 applications you might find on the internet, as well as a bunch of other self-hosting stuff, which we should probably get into talking about some of the apps.

10:32 Yeah, absolutely.

10:32 Well, to kind of put a bookend on your introduction, I do just want to quickly ask you about your racing and VIR and stuff like that.

10:43 You know, and I was looking to contact you, I was going through your About page, and I saw a car racing around a racetrack, and I thought, well, can't not talk about that.

10:51 I've had folks from Formula One and from NASCAR on the show before, and I'm a big fan of these kinds of things.

10:57 Yeah, I do too.

10:58 So, that's one of your hobbies?

11:00 That's pretty awesome.

11:01 Yeah, I've followed Formula One since, well, I remember sitting on my dad's knee as a kid watching Damon Hill, Nigel Mansell, go around Silverstone, so it's been a while.

11:12 There's obviously a new crop of F1 fans, which is amazing, thanks to the Drive to Survive stuff, but I've followed it for years.

11:19 I just enjoy watching, I just enjoy watching the sport.

11:22 It's like a nerd soap opera in a way.

11:26 Not a fan, honestly, of these new regs, though, with the sort of the super clipping and all this kind of stuff.

11:32 It'd be interesting to see what happens when we get to, where's the next one?

11:36 Miami, I think.

11:37 Yeah, I believe it is Miami and then Canada.

11:39 So, for people who don't know out there, Formula One is called Formula One because there's one formula on how to build the cars, but then all the teams generally, almost from scratch, build their cars.

11:49 And every couple, every four or five years, they're like, okay, we're completely doing it differently.

11:54 And so, this year, they've completely done it differently and there's a lot of controversy.

11:58 I don't know, it's interesting, but.

12:00 Yeah, they've gone for like this 50-50 split between the combustion engine and the battery power, but the batteries can't harvest enough energy every lap.

12:09 So, I don't know what genius thought of that, but, so they get halfway around the lap and they lose half of their horsepower, which can mean you've got closing speeds between cars of sort of, I don't know, 50 to 100 miles per hour.

12:22 And we saw in Japan in the last race, quite a bad accident as a consequence.

12:27 Right there in Spoon, it wasn't pretty.

12:30 I know all of the electric stuff and like the hybrid things and IndyCar and even way, way more so in Formula One is for environmental friendliness.

12:39 And hey, I drive an electric car, I love electric cars and I'm all about caring about the environment and stuff, but the 20 cars driving around the track is nothing compared to the 300,000 people that took airplanes to get there.

12:51 And then when they ship the cars on planes halfway around the world, like the fuel spent when they're racing, it has nothing to do with, you know, it doesn't even register on the number of the environmental impact of that.

13:02 So I don't know, I kind of long for the Damon Hill days with like, Oh, me too.

13:06 Fast engines, you know.

13:07 On our honeymoon, actually, my wife and I, we ended up in Milan on race weekend, totally by accident, genuinely by accident.

13:15 We were booking this like interrail trip around Europe and my itinerary landed us in Milan on race weekend.

13:21 I didn't actually know at the time and all hotels for that weekend spiked.

13:25 They're like two or three exiting costs and I'm like, what's going on?

13:28 So I just typed Milan events, September, whatever.

13:31 Anyway, turns out, so we went to Monza and I'll never forget we were stood at, it was the Iscari chicane so it's on the opposite side from the start, finish straight and the noise, I think there were V8s, I don't think there were V10s, I think there were V8s then but just the noise of them sitting on the grid

13:45 waiting to go, it was like a bunch of angry wasps and you could hear it and it's half a mile away.

13:52 Amazing, amazing.

13:53 We lost something when they went to the V6 turbo hybrid stuff.

13:56 100%.

13:57 All right, last bit, I mean a lot of people are fans of F1 and racing, not many of them end up on a race track.

14:03 Oh yeah, that's a whole different kind of fresh.

14:05 Yeah, so I've been into, I've owned seven Volkswagen Golfs over the years, culminating in the Golf R a few years ago and I just had to take it on a track.

14:17 Like in England I went on this run what, we call it a run what you brung track evening and I went to Brands Hatch and I literally turned up without even a helmet, without doing any prep or whatever and they just let me untrack.

14:29 Just, I couldn't believe it.

14:30 And then I had the best evening of my life and then we emigrated and came here and I was like, I've got to scratch that itch.

14:36 So I went to the internet and found out to go to VIR you have to do all sorts of training and get like instructors and it all sounded a bit much.

14:44 But anyway, VIR is a serious racetrack.

14:46 Like you can end up I think on the back straight in my little golf I was doing 140 on the back straight and there are moments coming up through the uphill essays at VIR where you're just like, if this goes wrong she's going to hurt.

15:00 And in the end I ended up scaring myself a bit silly but I had real fun but there was just a couple of moments where I was like, you know, I've got a kid at home.

15:08 I should probably, this is a young man's game or an old man's game when you've got nothing left to lose, I guess.

15:14 Yeah, that's true.

15:15 There's a, it's a bimodal sort of experience.

15:18 Yeah.

15:19 But I learned a lot like I learned how to change brake pads, brake fluid.

15:23 I fitted a new intercooler to my car.

15:25 I upgraded the turbo.

15:26 I did tuning.

15:27 Like technical stuff.

15:28 I like learning how things work.

15:30 Same with software, same with cars.

15:31 It's basically just one is slightly more visceral and arguably the stakes are a bit higher if you screw up installing a turbo it can be very expensive.

15:40 It's worse than, oh, I got to reinstall that.

15:43 Yeah.

15:43 Yeah.

15:43 Good fun though.

15:44 No, I'm sure it's amazing.

15:45 That sounds very, very cool.

15:47 So what a great experience.

15:48 Let's talk the main, main topic.

15:51 Like, I guess we've been using the word without really defining it.

15:54 Like what is self-hosting for people who are just like, you know, they, they haven't done these sorts of things.

15:59 I think as I, as I alluded to earlier, there's a broad spectrum of definitions to what self-hosting means to different people, depending on how tightly you hold certain beliefs around definitions.

16:12 But for me, it means the business model that exists is feeding the open source developer or small team that built it.

16:21 Like it's, it's not, are you familiar with Corey Doctorow and his idea of n-certification?

16:27 Yeah.

16:27 The idea that a company will give some, we, we've been accused of this at Tailscale and I don't think it's actually going to happen.

16:34 the CEO at Tailscale, I have great faith in Avery's leadership, honestly.

16:39 I know I sound like a corporate shill saying that, but I genuinely believe it.

16:42 So, the idea of n-certification is that a company takes a bunch of money from venture capital or some other source and gives the product away.

16:51 We saw it with Uber, for example.

16:53 Like they give the product away at a loss leading price point to gain market share.

16:58 We've seen it in multiple industries over the years.

17:00 Walmart is a great example.

17:01 They'll put mom and pop short stores out of business in the local town and then slowly raise the prices.

17:06 Right, right.

17:06 Once everyone's gone, it's, it's, they have no choice but to go there.

17:09 Exactly.

17:10 And so the idea of n-certification in software is, is very prevalent.

17:15 We've, we're seeing it with streaming services right now where they're just gradually turning the screw, lifting the prices, pulling out shows without your control.

17:23 All of these things have, are really boiled around one central point.

17:28 I mentioned the business model.

17:29 That's one thing, but really it's control.

17:31 And do you have control over the services that are running your life?

17:36 If you have Google in your life, you probably don't.

17:38 If you have Apple in your life, you probably don't.

17:40 You feel like you do, but there are countless examples.

17:44 For example, there was one a couple of years ago where, I think this was in the New York Times.

17:49 We definitely covered this on Self-Hosted a while ago where a mother took pictures of their kids, a medical issue of their kids, private areas, and sent it to their doctors through telehealth.

18:03 They also sent the picture to their husband through a messaging app, which then meant that that picture got backed up to, I think it was Google Photos.

18:11 It might have been Amazon.

18:12 Please don't quote me on this.

18:13 I'm just speaking from two-year-ago memory.

18:15 And they got flagged as a CSAM issue, like a child pornography issue.

18:20 And they had most of their digital life cancelled.

18:24 They were locked out of their accounts.

18:25 They were basically banned from that company.

18:28 Might have been Google.

18:29 Let's go with Google.

18:31 And just the idea of being locked out of my Gmail.

18:34 I mean, just stop and think about how much of your life is in your Gmail inbox.

18:37 How long have you had yours?

18:39 15 years.

18:39 I think there's over a quarter million emails in my Gmail account.

18:42 It's ridiculous.

18:43 I mean, it is ridiculous.

18:45 And extrapolate that from email to photos.

18:49 Extrapolate that to music, to videos, to, I don't know, taxis and invoices, all this stuff.

18:56 There are just so many different facets of our lives that we've given up to third parties that are either being used to train the next round of industrial revolution, oligarchy revolution, like AI models, or they're being used to feed an advertiser's

19:11 bottom line and create a profile about you and who you are and what you do and who you associate with.

19:16 Because make no mistake, when your photo gets uploaded to Google Photos, they are making a map of all the faces in that photo.

19:24 Whether you know the person in the background or not, Google will know them because they probably have Google Photos too.

19:29 And they can scan that Alex was stood next to Fred Smith on June the 21st, 1983.

19:36 And like, they can create such incredibly detailed profiles about people.

19:41 And if that doesn't bother you, self-hosting is probably not for you.

19:43 But I don't know about, I don't know about you, but it makes me deeply uncomfortable that I'm giving up these freedoms and this privacy without really appreciating that I'm doing so.

19:53 Like a lot of the transaction is very, what's the word I'm looking for?

19:58 Like it's just not a fair, it's not a fair exchange of value for value.

20:01 It's asymmetric.

20:02 Yeah.

20:03 Asymmetric.

20:03 Very asymmetric.

20:04 Yeah, absolutely.

20:05 Totally.

20:05 And I want to just, while we're sort of setting the stage, I just want to put an idea out there that this kind of stuff is super valuable and a good thing to keep in mind, not just for individuals, which 100% that it is, but also for developers running their software.

20:20 Do you necessarily need to take all of your data and put it into an AWS managed service or an Azure managed service or send all of your users information through, say, Google Analytics to Google to then turn around

20:35 a mine or to other places?

20:37 You don't have, I feel like people think they have to.

20:39 You don't have to.

20:40 It almost feels inevitable, doesn't it, these days?

20:43 That, oh, well, everyone else is doing it.

20:45 I may as well.

20:46 Yeah.

20:47 We'll get the cookie banner.

20:48 We'll put it up.

20:48 People are used to, everywhere they go, they click the cookie banner.

20:52 True.

20:52 But there are entirely serviceable alternatives to almost every single proprietary service that you have.

20:59 Google Analytics, let's start with that one.

21:01 There's an open source app called Plausible.

21:03 It does almost everything that Google Analytics does.

21:07 It just, the analytics stay within your world and they're not, they're not kind of fed into the Google machine.

21:14 And whether that's a, like, on feature parity, there's an argument to be made there about, like, well, Google's more invasive so they have more data.

21:22 I don't see that as a plus point, personally.

21:25 This portion of Talk Python is brought to you by Temporal and the Temporal Replay Conference.

21:31 Previously, I've told you about Temporal's open source framework and I've had Mason Egger on the podcast.

21:36 If you've built background jobs or multi-step workflows, you know how messy things get with retries, timeouts, partial failures, and keeping state consistent.

21:45 This is where Temporal's got your back with their open source framework.

21:49 And if that kind of workload is what you're building, you should definitely consider attending the Temporal Replay Conference.

21:53 It's hosted May 5-7 in Moscone Center in San Francisco.

21:58 Join your peers at Replay.

22:00 Temporal's conference on orchestrating durable workflows and agents.

22:03 You'll learn real-world patterns for reliability, failure handling, and scale from developers building themselves, including speakers from OpenAI, Replit, and Abridge.

22:13 Check out Replay 2026 at talkpython.fm/temporal dash replay and use the code talkpython75 all one word to save up to $449 on your ticket.

22:25 That's talkpython.fm/temporal dash replay and code talkpython75 all one word.

22:32 The link is in your podcast player's show notes.

22:35 Thanks to Temporal for supporting the show.

22:38 I don't either.

22:39 And I think this is an interesting segue to finding some of the interesting apps here.

22:43 So I went to pull up plausible.io and I think you're right.

22:46 I think plausible is really great.

22:48 The one that I'm using is umami.is which is sort of a peer to plausible.

22:55 I believe, I think you can pay for both of them.

22:58 I'm not 100% sure about umami right now.

23:00 Yeah.

23:01 I don't know your ad book must be doing some hard lifting over there because plausible works just fine for me.

23:05 You're using umami, are you?

23:06 Yeah, I'm using umami and I looked at plausible as well and umami seemed a little more oriented towards self-hosting whereas plausible self-hosting seemed like oh, you could do it but we're kind of this like thing that we run in the cloud and you can pay for but you technically could

23:21 and I felt like umami was like self-hosting first with, I don't even, like I said, I'm pretty sure there is a you now can pay for it as well.

23:28 But I wanted to bring up this you, the site can't be reached because I think another interesting thing is like hosting DNS.

23:37 So like pyholes, I have nextdns.io which is why I can't go to plausible right now unless I log in and tell it plausible is okay.

23:45 Same thing for umami by the way.

23:48 I think, what about, let's talk, let's, you're at Tailscale, let's talk networking.

23:52 We'll get back to the use of Tailscale when we kind of wrap things up but like, do you use Pyhole or do you use any of these sort of managed things outside just your browser?

24:00 Well, the modern internet basically requires using an ad blocker.

24:03 I mean, when you, I'm fortunate to work from home so I'm almost always with inside these four walls where I have an AdGuard Home instance running and my DHCP server when, whenever a device requests an IP address from the router,

24:18 it will hand out the DNS server in my local network as the AdGuard Home instance.

24:23 And AdGuard Home's job is to run a list of websites that it thinks are serving ads and it will block those at the DNS level.

24:31 So simply what will happen is you will go to try and load a website and it can't load certain components of the webpage and those components happen to be adverts in this case.

24:40 It's not 100% coverage but I'd say it's sort of in the 80 to 90% range which is still a heck of a lot better than having no ad blocking whatsoever.

24:49 And the idea here is that a lot of these, well, first of all, adverts use a lot of bandwidth.

24:54 They also are probably shoving down a ton of JavaScript into your browser so the performance of loading a webpage is worse.

25:02 It's using more bandwidth, it's using more processing power and on mobile, of course, that matters.

25:07 When I leave the house, I'm not under the umbrella of my AdGuard home instance anymore because it's running on, I don't know, a Raspberry Pi in my basement.

25:15 And so I've got a couple of options.

25:16 One is I can use a hosted DNS service like you do called NextDNS which basically does the same thing as a Pi hole except you pay for it.

25:26 I don't think it's a huge amount of money if I recall.

25:28 It's a couple of bucks.

25:29 It's either $1 or $1.99 a month.

25:32 It's really small, yeah.

25:34 It seems fair.

25:35 And the idea behind NextDNS, like I say, is that it does the same thing as a Pi hole or an AdGuard home.

25:41 It's just a hosted service that you pay for a managed service.

25:44 Or you can use something like Tailscale and tunnel back through your firewall remotely and set your AdGuard home as your Tailnet DNS server and then use your AdGuard home or your Pi hole from your basement that you're already running already configured

25:59 with all of your ad lists and blah, blah, blah.

26:01 You can configure that to be your DNS server.

26:03 And my wife loves these sort of like mobile games like the Candy Crushes of the world.

26:08 And they are just chocked full of ads.

26:10 And we only really talk about it when we're like traveling because she's, oh God, I wish we were at home because then I wouldn't get adverts.

26:17 Yeah, we'll just turn on Tailscale and lo and behold, no ads.

26:20 You're back to good.

26:21 I think one final little note about like running your, either your AdGuard at home or your Next DNS if you register at your router level that's really interesting is you block ads in mobile apps as well like you're mentioning or on my TV all the tracking

26:36 the TV does is short-circuited because everything on the network is subjected to it.

26:42 And I'm, you know, as long as these ad networks are serving up malicious ads, I don't feel bad about blocking them.

26:49 That's another angle of course, yeah.

26:50 Yeah, I mean, if we go to Talk Python, you know, the website, there's, ads are still there.

26:57 Why?

26:57 Because I'm not using some shady network to deliver it.

27:00 I'm just sharing content and someone who happens to talk about what we're doing, you know, and so I think that that's a, I think that's certainly something worth considering, right?

27:10 I feel like this DNS stuff is part of self-hosting at least the personal level a bit.

27:14 It's the, it's one of the fundamentals, yeah.

27:18 Networking is one of those things that you have to have it if you want to do anything in your house, like even, and I use my mother, who I love dearly, as the example of the non-technical person in my life.

27:29 Even if my mum, like she orders a router from her ISP or something like that to get Wi-Fi in her house, well, she's doing networking, she doesn't realise it.

27:39 She's getting a Wi-Fi SSID broadcast, she's getting an IP address from the router every time she connects.

27:45 The DHCP server provides a DNS server, which is probably your ISP's DNS server by default, and they are recording all of your DNS queries and selling them to the highest bidder also, I might add.

27:56 And so there are just so many layers to this onion, and DNS is the, just what, we have a five-year-old in the house, we just watched Shrek this weekend, hence the onion reference.

28:05 There are just so many layers to this onion that you just, you can keep peeling it forever, and this is one of the things that I genuinely love most about Linux, open source, self-hosting, that whole universe is that this conversation, I could literally sit here for eight hours and talk to you about different,

28:20 you know, different things, like DNS is one thing, document management is another, media streaming is another, like each of these things, they're all, they're entire industries in their own right in the real world, but in self-hosting, you can play CIS admin, you can play, you know,

28:35 the person who's running these mega corps offline, fully just in your basement, you know, and there's no, there's no business model to feed, it's literally just open source software, the true spirit of it, running in your house under your control.

28:49 Yeah, we're definitely in danger of going for eight hours, so, I hope not, but we could, right, we definitely could, and by way of, I think that's a perfect transition to talk about this place called Awesome Self-Hosted here, which is a Git repository and a website,

29:04 you know, I do, Alex, I think this is going to be a bit of a fad, it's not really catching on, there's only 288,000 GitHub stars in this.

29:12 And if you look at it, you're familiar with the Awesome Lists, of course, there are dozens of these things, but Awesome Self-Hosted, I mean, it's updated daily, like, I look at the recent Git commits and it was last updated yesterday, and there are,

29:27 how many categories?

29:28 There must be.

29:29 I don't know, but let me scroll, like, there's a couple of pages of just categories of things like e-commerce, DNS, for example, analytics.

29:38 Right.

29:39 You want to replace Jira?

29:40 It's in here.

29:41 You want to replace, I don't know, a wiki?

29:44 It's in here.

29:45 You know, it's honestly kind of overwhelming.

29:49 And so this speaks a little bit to one of my overall philosophies when it comes to self-hosting of find a problem in your life and solve it, like a real problem.

29:59 Don't just contrive one just for the sake of it.

30:01 Photos is always the universal example I go to because everybody takes photos.

30:05 And so you want to look at something like image, I-M-M-I-C-H.

30:09 And that is a self-hosted Google Photos clone, and it lives entirely on your hardware that you control.

30:14 It has machine learning, so it can learn your face.

30:18 It can do, you know, object detection.

30:21 It can do basically anything that Google Photos can do, except it lives on your hardware using your files and your compute until the end of time.

30:30 And that's an end of it.

30:31 Like, that's as deep as the rabbit hole goes.

30:34 I love it.

30:34 But it also makes me nervous.

30:36 Good, it should.

30:37 Because the thing with self-hosting is you get to place this admin, but it also means you own the data, which means when there's an outage or a hardware failure, you're on the hook for that too.

30:48 Yeah, I'm not super concerned about an outage for my self-hosting thing, but I am certainly concerned about an outage of a self-hosted something for my production apps.

30:58 And when I said it makes me nervous, yeah, yeah, but the things that make me nervous are twofold.

31:04 The first thing that made me nervous would be just backup, backup and restore, or kind of losing access to it.

31:11 Like something that I think it takes a while, at least for me, it took a while to learn the lessons through some paper cuts, was, oh, there's a new version of this thing that I'm self-hosting.

31:19 How cool.

31:19 Let's see what it is.

31:20 Docker compose pull, Docker compose up, and then it won't start because there's some incompatible migration or something that I didn't run and I got to go read the docs and it says, oh, did you upgrade from version 1.6 to 1.8?

31:33 You can't do that.

31:33 You got to go to 1.7 and then 1.8.

31:35 I'm like, now I'm an admin.

31:37 But more concerned, like I had all this data, what if I can't get it to work on 1.8, but it's like a half database transition and then neither will run and now what do I do?

31:45 Well, the best answer to that are some of the primitives around things like ZFS and snapshots.

31:52 So there is this concept with, so ZFS, by the way, if you're not familiar, is the Zettabyte file system and it was born out of Sun Microsystems in the early 2000s, I believe.

32:04 It's now unfortunately owned by Oracle, but there is a project called OpenZFS which is dedicated to bringing it to the masses, to normal people.

32:13 There are still some weirdnesses around the licensing with ZFS, so it's not included by default in every single Linux distro, but it is included in things like Proxmox and Ubuntu and you can install it on Arch and NixOS and even Unraid, I think,

32:27 has ZFS these days.

32:29 And so the idea here is you're using what's called a copy-on-write file system.

32:34 Now some of these terms, I will admit, sound a little nerdy and they kind of are, but the idea behind copy-on-write is you take a snapshot at a moment in time and instead of the file system recording everything, you know,

32:48 transactionally forever, it will only record the delta from the previous snapshot.

32:52 And so what that means is that you can fork, you can basically fork file systems on disk and then you can mount the snapshot from three days ago as an actual file system and then restore the files that way.

33:05 So let's say your upgrade scenario, you could restore the database from just before you did the upgrade because as a good sysadmin, you are doing the hygiene of taking a snapshot before you do the risky thing, right?

33:18 You can automate all this stuff with scripts, right?

33:21 And I think there's a pragmatic angle here of how much time do you spend automating versus administering versus just going outside and touching grass.

33:30 But in the age of AI, there's really not, like it's, I installed Arch Linux last night downstairs on my gaming rig.

33:38 I was done, I decided I'm done with Windows for gaming.

33:41 And I thought, right, how far can Codex get me?

33:43 You know, the OpenAI version of Claude Code.

33:46 And I installed Arch myself and then I said, right, I want this desktop to look like this.

33:50 I want this kind of vibe.

33:52 I want like an Ubuntu kind of orange vibe.

33:55 I want Wayland compositor for my display and I want it to all log in seamlessly and blah, blah, blah, blah, blah.

34:03 I want these fonts.

34:04 I want my fan curves to be this.

34:05 And I just let it cook and maybe half an hour later I came back and my system was just configured.

34:10 Wow.

34:10 And it's amazing.

34:11 And you can do the same thing with a lot of like, like backup script.

34:15 You can literally say to Codex, these are my requirements.

34:19 I want you to take a snapshot before you do any kind of Docker compose operation.

34:25 And it will do it, whether it's via an alias or whatever.

34:28 I don't, the mechanics don't matter.

34:31 But the point is a lot of this stuff you can protect yourself from yourself now with so much less cognitive load than you used to have.

34:37 You can then configure it to backup offsite to all sorts of different places.

34:41 There's a, there's a wonderful service called ZFS.rent, which if you're not familiar is a way of, you basically send them a hard drive and they will put it into a server somewhere and you pay, I think it's $10 a month for that hard drive slot.

34:54 And then you can replicate all of your photos encrypted over the internet to ZFS.rent.

34:59 And it's, it's 10 bucks a month.

35:01 And then you've got that peace of mind.

35:03 That's wild.

35:04 I had no idea about this.

35:05 This is a really interesting way.

35:06 It's a great service.

35:08 I have several friends that use it.

35:09 Okay.

35:10 Yeah, that's really cool because backup is certainly one of them.

35:13 And that, that's not just export the data.

35:14 That's like making sure the app runs so that you can actually get to the data that's in the, you know, Postgres DB that's running in the little Docker composed network that it created when you ran it and so on, right?

35:24 There's plenty of other options with backups too.

35:26 Like Backblaze is a decent one, although they were in the news fairly recently for some, I don't know, they stopped backing up OneDrive folders and just did it silently.

35:35 And I don't know, you know how Reddit likes to go, go, go in on people.

35:40 So I don't know, Backblaze, they've been there for a long time.

35:42 They're a pretty reliable option.

35:44 You could also, if you want to do it fully self-hosted, Hetzner, you know, VPS provider, they have what's called a storage box, which you can usually bid on, which I think they cost somewhere typically between 30 to 50 euros a month.

35:56 So it's not the cheapest option, but if you want that level, that amount of storage offsite, it gets expensive.

36:03 That's just the reality of it.

36:04 When the business model is just storage and not farming your data and mining you for advertising stuff, it turns out storage is expensive.

36:14 Yeah, that's what you got to pay for it if you're not the product.

36:16 Yeah, but these things have enough storage that between you and a few mates, you could probably split it up into different ZFS datasets and replicate that way and, you know, split the bill a little bit as it were.

36:27 Are there self-hosting things that really stand out for you that you're a big fan of?

36:31 Like apps?

36:32 The real problem aspect is one for me, I think, that's critical to it, to the success.

36:37 You know, I talked about photos as being one example.

36:40 Home automation is another.

36:41 As you said, you'd have the home assistant guys on this podcast before.

36:45 We actually had Paulus on self-hosted a while ago and, you know, those guys, what they're doing with the Open Home Foundation is amazing.

36:53 Again, they're eschewing the status quo of five different apps for five different ecosystems and making everything talk to everything else and it's amazing.

37:01 And, you know, for me in this studio, for example, I've got one, two, three different ecosystems just for my studio lights and it's all brought under Home Assistant in one place.

37:11 And so for me, that solves a real problem.

37:13 So when Home Assistant is down, okay, it's not the biggest deal.

37:16 I have to walk around and turn three sets of lights off.

37:18 Okay, fine.

37:19 But when you start to add all of the different ecosystems in your house together, like your thermostats, you know, I have a mini split up there that I control through an ESP32 with like a serial connection.

37:31 I then have an Ecobee thermostat downstairs and so that's two ecosystems just for the climate in the house and then my garage doors are another ecosystem and so it continues.

37:41 And so solving real problems and bringing them back behind the firewall really is the idea for me.

37:47 Just, I don't know, it helps me sleep better at night but it's also in many cases just more convenient and less hassle.

37:55 The unification really that Home Assistant brings is really one of the biggest because everybody's got their janky little app that they think is so special, you know what I mean?

38:02 Yeah.

38:04 And I don't blame manufacturers necessarily for going that route because the way the internet was designed is it's, you know, I have something on this desk, right?

38:14 How would the manufacturer talk to it to control it through a smartphone app?

38:19 The only guarantee you've got is that a cloud server exists.

38:23 You can't control whether the user is necessarily on the same Wi-Fi and in fact, we've seen over the last 20 years as technology's evolved that I remember unboxing products 20 years ago that just the usability was just horrid.

38:35 You know, there are so many assumptions the manufacturers have to make about the environment it's going to land in, the Wi-Fi situation, the smartphone it's going to run on, blah, blah, blah.

38:43 And the only way you can really guarantee compatibility is to take control of that link and host the cloud component yourself and then have your users talk to your cloud and then have the cloud talk to the device.

38:55 Even though I can reach out and touch the light that's up here, it has to go to the cloud first to talk to it just because it guarantees that user experience.

39:03 I know.

39:03 My lights that I have for my streaming setup, they don't even have on, you can't physically turn them on.

39:08 The only way you can turn them on is over the network.

39:10 It's weird.

39:11 Yeah.

39:11 Welcome to 2026.

39:14 Exactly.

39:15 How did we accept that that is normal?

39:18 When did that become normal?

39:20 I don't know.

39:21 Now that I think about it, it should at least have an on button.

39:25 Oh, well.

39:25 Right.

39:26 I know.

39:26 So let's talk for a little while.

39:28 Now we've sort of set the stage, talked about some awesome apps and motivation and so on, but let's talk a bit about actually how to do it because I'm sure there's, I don't know, let me throw out, I'll just speculate.

39:39 I bet there's 30 to 40% of the people are like, oh yeah, I'll just SSH into my setup as well and then I know what to do from there.

39:47 And there's like maybe 20% of the people are like, I know what, I know I should SSH in there and the others are like, what is SSH?

39:54 Yeah.

39:54 So there's a lot of hesitation, I think, because you are kind of becoming a DevOps person.

40:01 Like you're running probably in Docker, maybe on Linux.

40:03 It's not on your main machine, most likely.

40:06 And then this whole backup sort of story that we talked about and restore.

40:09 Like talk to people about some of the tech.

40:12 It's inherently still a technical occupation and there isn't still really a great way around some of that.

40:19 Now we're on a Python show.

40:21 We understand that abstractions exist, right?

40:24 Python, of course, itself is an abstraction above something else.

40:27 There are lots of companies that will tell you and will try and sell you abstractions on top of this self-hosting layer that I'm talking about.

40:35 Well, Docker is an abstraction.

40:36 Linux is technically an abstraction, although let's just not talk machine code.

40:42 Let's just deal in, let's just treat Linux as the base.

40:45 Yeah.

40:45 Assume you have an OS.

40:46 Okay.

40:47 Yeah.

40:47 I think that's fair.

40:49 I agree.

40:50 You know, there are, I have a couple of, I don't know if you can see it in camera, probably not.

40:55 I've got a couple of Zima Board 2s on test, which they sent me for review for YouTube.

40:59 And they have a, they have something called Zima OS.

41:02 Z-I-M-A-OS.

41:03 Z-I-M-A-OS.

41:04 And, you know, it's pretty good.

41:07 Like it's a, it's a one click.

41:09 You can, it's got a little app store in it, like you have on your phone and you can install a lot of these apps in one click onto Zima OS.

41:16 You can connect to USB hard drive and within maybe 20 minutes, half an hour, you've got a fairly functional setup.

41:23 Now, is it the most buttoned up, most secure bulletproof thing in the world?

41:28 No, almost certainly not.

41:30 But it gets you started.

41:31 And I think that is the real key is the best way to learn this stuff is to not think about it too much.

41:37 It's just to do it in a fairly low stakes way.

41:41 Don't try and switch from Spotify, for example, and convert your wife and your kids and everyone in your life to your self-hosted music streaming service overnight.

41:52 Softly, softly, slowly, slowly, catchy monkey.

41:54 You know, it's one of those things that you're probably going to need these things running in parallel for a little while until you feel comfortable enough that when you wake up at 7am and the streaming service that you've built in your basement doesn't work and the kid can't

42:09 watch their episode of cartoons before school or whatever, do you want to have to log in at 7am via SSH to your server and fix it?

42:17 No, I never do.

42:18 It turns out that's not something I want to do, but it's something I've had to do a few times because I've made mistakes either in not rotating logs properly or a disk filled up or there was a hardware failure or the list goes on and it's just, you know, you're trading some convenience

42:32 for ownership and the transaction is different and some of the cost there is in you and your time, but I will always advocate for people to learn these skills because I think in the modern world

42:47 they are such basic fundamental skills.

42:49 I wouldn't put them quite in the same bracket as learning how to do plumbing or electrical work or something like that, but this stuff, you know, everybody takes photos everybody listens to music and why should we continue to enrich the pockets

43:03 of Megacorps when we have the tools and the capabilities to do this stuff ourselves if we're just willing to put a few weekends aside and learn it?

43:12 It's a great point.

43:13 I guess start small.

43:15 These little...

43:16 Start small, yeah.

43:17 These home or these self-hosting OSes, I guess they sort of call it, it tries to bring kind of an app store experience to the self-hosting.

43:26 Another one that I would say is Coolify.

43:29 I don't know if you're familiar with Coolify.

43:30 Coolify's great.

43:31 Yeah, I'm sure.

43:32 Yeah, cool.

43:32 I did some stuff with Coolify for a while.

43:35 It's a little similar.

43:35 And you don't even need anything in your house with Coolify.

43:38 They will do hosted versions of these self-hosted apps if that even makes sense.

43:42 But essentially, you're still running the service, you're paying to run the service on their infrastructure.

43:49 And so all of the stuff we talked about around digital sovereignty and privacy and business models all remains true except for the fact the compute doesn't live behind your firewall.

43:58 It lives somewhere else.

43:59 Yeah, and you can even do things with Coolify such as get a server at Hetzner or DigitalOcean, create an account at Coolify, and then basically install their Daemon thing on your app.

44:11 And then through there, a little management.

44:12 You're managing multiple servers running.

44:14 I wanted to love Coolify and I think the idea is great.

44:18 I found that I ended up juggling so much more UI settings where I'm like, you know, if I just had a Docker Compose file, I could just define and replace or something.

44:29 Yeah.

44:29 Such is the life of an abstraction, right?

44:31 You trade certain complexities for certain decisions that the main, I mean, look at Apple, right?

44:39 We're always looking at macOS going, oh, I wish it, why are they doing it that way?

44:44 Well, you outsource that decision and the same is true with Coolify.

44:48 And any other abstraction that you choose as part of this stack, like even Docker, for example, is an abstraction, as I said, and you are making a certain set of, you're outsourcing a certain set of decisions to Docker in how things work.

45:01 It's just a reality of the world.

45:02 Yeah, that's a really good point.

45:03 That's, you know, you choose your abstraction.

45:05 So I bring it up because I do feel like people who are hesitant to do this kind of stuff, this is a really good option to get you started and get you comfortable and like, ah, what if I, maybe I could just run it myself after you're comfortable, you know, you work your way down until you, you know,

45:19 gain some of these skills.

45:21 What about Linux?

45:22 You know, one of the things that I think is both a hesitation for doing this at all, but also a hesitation to use Docker.

45:28 It's like, well, I could just do it on Linux.

45:30 At first you're like, well, I can't do Linux or Linux is intimidating to me.

45:34 Eventually you get that skill.

45:35 You're like, well, I could just put it on my machine.

45:36 Why do I need to actually use all this Docker complexity?

45:39 It is the repeatability for me, at least.

45:44 So what Docker brings to the table is a unified interface to running headless applications.

45:50 I can define using a Docker compose file, which is just a short YAML file in maybe 15 lines.

45:57 I can say, right, this is the name this container is going to get.

46:00 These are the exact directories this application is allowed to access on my system.

46:04 My photos app, for example, doesn't need access to my music library.

46:08 And so you reduce the blast radius of anything going wrong.

46:11 These are the ports it's allowed to access.

46:13 These are the kernel capabilities it's allowed to have if you want to get that deep.

46:18 You can turn off from a security perspective, you know, the photos app, for example, probably doesn't need a huge amount of kernel permissions to operate effectively.

46:26 Turn off the stuff it doesn't need.

46:27 And then that way, if there is a supply chain attack or a vulnerability exposed, the application itself becomes so much less of an attack vector because it literally physically has no access to certain bits of the kernel.

46:42 You know, when you keep going down the list of what Docker Compose can provide for you, within 15 lines you can define an entire application's deployment and then store it in GitHub completely securely, safely.

46:55 Obviously don't put secrets in GitHub, people.

46:57 Please do not do that.

46:58 But there are plenty of ways to sort of store secrets locally.

47:03 I think there's something called OpenBow, which is a local fork of HashiCorp Vault as a secret management.

47:10 You can use Bitwarden CLI, you can use 1Password.

47:13 There's many ways to store secrets.

47:15 Again, for me, it's like, why do we need things like Docker to exist?

47:19 It's because it's a universal language.

47:21 I can ship you a Docker Compose YAML or any developer assistant can ship a Compose file alongside their applications and I don't need to know anything about you or your application.

47:32 I just run Docker Compose pull up and suddenly all of it's like in the Kubernetes where it's like an operator, in the Windows where it's like an installer.

47:41 You're capturing all of the knowledge that you have about how to run your application successfully into this artifact which I then just pull down and deploy and run and it removes all of that complexity.

47:52 Beyond Docker, you mentioned a lot of the Docker Compose stuff.

47:56 You're right.

47:57 I'm going to define the networking, what things can talk to what.

48:00 I'm going to define the storage.

48:01 I'm going to define the visibility over the firewall sort of levels of things and it's great.

48:08 I just looked on my server.

48:10 I have three different versions of Postgres running from different apps that are like, oh no, we use Postgres 16.

48:16 Oh, we use 18 or whatever it is.

48:18 It's like, how are you going to manage that if you install more than just a handful of things?

48:22 They all want these different servers and what a hassle, right?

48:26 But because it's all contained within their own little network that they see, it's fine to run through because they all use the same port but they're not conflicting.

48:33 Yeah, that version of Postgres has no idea.

48:36 You could spin up 20 different Postgres 16s on the same server because all a container is really just process isolation in memory.

48:43 You want to think of it like that as a mental explanation?

48:46 All you're doing is taking your RAM and slicing it up into tiny little boxes and then placing that process inside that box.

48:54 It can't, that process then can't see anything outside of that box unless you give it specific and explicit permissions to do so.

49:01 And that's why containers have taken over the world if you ask me.

49:03 I agree.

49:04 I always thought that they were another level of complexity until I realized all the stuff you put in the Docker file is basically what you would have had to ad hoc type into your Linux machine anyway.

49:13 So you've got to know it anyway.

49:14 Yeah, you do.

49:15 Yeah.

49:15 I mean, the Docker file is basically just a bash script just with bells on.

49:19 Yeah, yeah.

49:20 You just put run or env or something in front of all the commands.

49:24 Let's come back to your comment on codex and AI because for as intimidating as these things are now, they're way less intimidating if you just have cloud code or codex and you say, hey, explain this line to me or I need this to happen.

49:40 Here's the file.

49:40 Why is it not happening or how do I make it happen?

49:42 That is an absolutely achievable thing.

49:45 even stuff like last week, my server was running slowly.

49:50 I didn't know why.

49:51 The CPU wasn't busy.

49:53 The RAM wasn't full.

49:55 I looked at things like disk pressure.

49:57 I looked at all the things I as a 15 year experience sysadmin knew where to look.

50:02 Didn't see anything.

50:03 And so then I had codex go and look at it via SSH.

50:06 I was running it on my laptop and I said, right, you have permission via SSH.

50:09 Go look at this server.

50:10 Tell me what's wrong.

50:11 And it turned out there was some spiking on certain NAND chips on the SSD when it was trying to write to certain sectors of the disk.

50:19 It was causing massive IO weight.

50:22 And I didn't catch that because it didn't make those writes during but codex ran overnight.

50:26 And whilst I was sleeping it was still doing the checks and still finding finding out what was going on.

50:30 And it turned out that the SSD, my boot SSD was on the verge of failing.

50:35 It just hadn't marked itself as failing in smart yet.

50:38 And it presented me this report, gave me all the diagnostics, it ran and yada yada.

50:41 I would never have caught that.

50:43 No.

50:44 Not until it failed.

50:45 And then I'd have caught it.

50:47 But now I have time to go out and research the correct SSD to replace it and not pay rush shipping and all of this stuff because the robots went out and basically did my job for me.

51:01 I mean, it's like, on the one hand, AI is one of these things of like, we're ushering in the very thing that's going to replace us as humanity.

51:08 But I don't see it that way.

51:10 Like, burying your head in the sand and saying, you know, vibe coded, slop this, that and the other.

51:14 Like, it's not, it's not really a mature take on it, in my opinion.

51:17 Yes, there's a lot of, there's a lot of slop out there.

51:19 Yes, there's a lot of, like, but we shouldn't be replacing art with AI.

51:23 Like, art fundamentally is a human endeavor and the reason it is valuable is because of the human effort that went into it.

51:29 You'll never replace that with a robot.

51:31 And, not even including the fact that everything that an AI does by its very nature is derivative of something that's actually being done before.

51:38 So, you're never getting anything truly new and truly revolutionary.

51:42 When it comes to, like, boring, menial tasks, like figuring out why my server's slow, have at it.

51:48 I don't want to, I don't really want to be debugging that all night.

51:52 Yeah.

51:53 The recent thing I did with DevOps, Docker, and AI was I wanted to do a new self-hosting app and I want to serve it out of the same server as some other ones, but I don't want them to interact with each other.

52:05 I don't even want them on the same network, but the NGINX front end has to be able to get to both of them.

52:11 So, I'm like, all right, log code, how do I create a second network that still the one container can see both of the networks, but this one can't see, you know what I mean?

52:20 Like, I'm like, how do I actually make that happen without breaking anything?

52:23 It just knows.

52:24 Yeah, it's like, this is what you do.

52:26 This is the commands you run to, like, create the external network and then here's the settings and all the compose files.

52:30 You restart them in this order so stuff doesn't break.

52:32 I'm like, wow, okay.

52:33 If you know just enough to be dangerous on a topic and you can guide it through the hallucinations that it does, it makes you incredibly powerful and so, for that reason, at least for the foreseeable future, I don't think it's going to replace, you know,

52:48 everybody.

52:49 There are for sure certain tasks and certain things that humans will be less required for and I think, you know, we're on the cusp of either the greatest change in humanity's labor since the Industrial Revolution or,

53:04 and the economics will bear this out one way or the other, you know, forces at play here much bigger than either of us, or it will just turn out to be inordinately too expensive to do that for a very long time and then the progress and investment will stop

53:18 and either a lot of very smart people are betting an awful lot of money and they're all wrong or there is actually something to this and we will see, I guess.

53:28 Yeah, I think it's being misused for a lot of stuff but I also think that there's areas where it's incredibly helpful and this computer stuff in general, programming, DevOps, amazing.

53:39 So we're getting short on time, Alex.

53:41 I feel like we've only scratched the surface like for real but let's talk about Tailscale.

53:46 I want to talk, I want to take one step back before we jump into Tailscale and just put out a warning.

53:51 This is something that really blew my mind when I saw it.

53:54 So when we're running our self-hosted apps, obviously we want to have security, limited access potentially.

54:01 You might be running them at home and so how do you access them?

54:03 There might be a bunch of funky networking things that people do but just as a quick PSA, I want to point out that, from here, other window, if you're using something like uncomplicated firewall in your Docker Compose file, you say,

54:18 listen on 00, just default, like this port maps to that port, that's effectively 0000, that port, like listen on all the things and you're using something like uncomplicated firewall or one of these other things that manipulates the IP tables.

54:32 Docker says, you know, Docker and UFW use firewall rules in ways that make them incompatible.

54:38 That is like, things like UFW don't block access to your Docker stuff so something else, something stronger like a cloud firewall or things like that, right?

54:49 Like on my servers, I have a at the cloud hosting level don't let anything access stuff but 80 and 443 or whatever and, you know, limited access to SSH.

54:59 But if I didn't have that and I just used UFW, that would be not ideal.

55:04 so let's talk about firewalls for a minute.

55:06 I think there's a couple of things at play.

55:08 One is you're hosting a public facing service like a website, right?

55:13 That clearly has to be on the public internet.

55:15 There's no way around that.

55:16 The whole purpose of a website or an API probably is to be hit remotely and provide a response.

55:24 But when we're talking about self-hosted infrastructure, the only customer is you, maybe your family, maybe a few friends.

55:32 And so the idea behind Tailscale is to bring that connectivity back to be a more personal level.

55:40 You know, our free tier, for example, at Tailscale has a six user limit.

55:45 It has unlimited devices.

55:46 And so the idea there is that you and your family all live in the same tail net.

55:51 You make sure that Tailscale is installed on your server in your basement or wherever it happens to be.

55:58 And it's installed on your phone.

55:59 It creates a wire guard tunnel underneath, encrypted, end-to-end.

56:04 And Tailscale makes a direct connection between those two devices with no middleman.

56:08 And so the way that Tailscale remains free is because we ask people, we give it away for free for a lot of it, but then we ask those people to champion us at work.

56:18 And we just crossed 30,000 paying customers just last week, I believe.

56:22 And so each of those paying customers, well, not all of them, but a large number came through that funnel of, well, this is awesome.

56:29 Why are we not using this at work?

56:31 Yeah.

56:31 So let me just sort of give the elevator pitch for people, I think, how cool this is.

56:36 One way to self-host is I've got this running on a spare computer of whatever sort, Mac Mini, small, NUC, whatever, on your home network.

56:44 You want access to it while it's traveling.

56:47 The not great way is just, well, let's just put that on the internet.

56:50 I'm going to open up a port on my router.

56:53 I mean, just think back to the LastPass thing, right?

56:55 How did LastPass get this huge takeover a few years ago?

56:59 The one of the devs was running a Plex server on the open internet and didn't patch it.

57:04 That got taken over.

57:05 They got lateral movement inside the network, gotten the access keys to LastPass, and down it goes, right?

57:11 So that's a bad example of self-hosting.

57:14 Better would be use something like Tailscale, never open any ports at all, but when you're on the Tailscale network, you see into the networks where it's running.

57:23 You see into your home network even when you're away, or you see into your server infrastructure even though zero ports are open.

57:31 And that to me is just kind of magical.

57:33 Yeah, if you want to learn more about it, I won't get into the specifics here, but there is a blog post called How Tailscale Works at tailscale.com.

57:42 I'll send Michael a link to put in the show notes.

57:44 And essentially, the magic there is we abused like stateful firewalls and how they work a little bit to do something called Nat traversal.

57:51 So the idea is that there weren't enough IPv4 addresses for every device in the world to get its own address and sit on the public internet.

57:58 And so we created this abstraction called Network Address Translation.

58:01 Each device sits behind a firewall and gets a local IP address.

58:06 You've probably seen the 192.168.whatever numbers.

58:10 That's a local IP address versus what you get like what'smyip.com or whatever.

58:15 And that'll give you a totally different IP address than what your laptop has with inside the Wi-Fi.

58:20 And so you've got to have something that's doing that translation between those two things and that's called NAT.

58:24 Then Tailscale punches through that NAT and makes a direct connection from your phone at the coffee shop over 5G through your residential firewall with no ports open to your server running under the stairs.

58:35 It's super seamless.

58:36 Yeah, it's super seamless.

58:37 So I use it for things like I have a local LLM running on my Mac.

58:42 Oh, yeah.

58:43 And then if I'm at the coffee shop, then I just make sure I'm on the Tailscale network and I can still run apps that talk to my OpenAI API over my self-hosted LLM as if it was running on my laptop, but it's not, right?

58:56 Yeah.

58:56 Remember what we said at the beginning of the show?

58:58 Like the rabbit hole goes deep and if you can think of a proprietary service, there's almost certainly a self-hosted alternative to it.

59:05 AI is another one that you can self-host.

59:08 So if you have a Mac Mini, we all heard about OpenClaw a few weeks ago, right?

59:12 You can put it on your gaming rig.

59:15 If you have an NVIDIA GPU in your gaming rig, you can use that for local AI.

59:20 I mean, the rabbit hole is, if you're a curious person, I apologize in advance if you've not looked into self-hosting because it will consume you for a little bit.

59:28 It's just how it goes.

59:29 It is definitely how it goes and it's very satisfying as you start to make progress in it.

59:34 Alex, I think that's it for our time.

59:36 Final thoughts for people who want to get started.

59:38 How would they get started?

59:39 Oh, how would they get, oh gosh, that's a broad question.

59:42 Hmm.

59:43 Well, if you want to learn more about building a server in and of itself, I run a website at perfectmediaserver.com where you can learn how to build basically a Linux server with some storage in it to replace Netflix or something.

59:56 I mean, I don't know.

59:57 Awesome self-hosting is a good place to get started.

01:00:00 There are dozens of YouTube guides.

01:00:03 Just type self-hosting in and just watch a couple of hours worth of YouTube and you'll get a pretty good idea.

01:00:09 And then from there, like I say, it's all about figuring out what problems you're trying to solve and then what shape that problem takes versus what your budget is, what your personal risk tolerances are and all that kind of stuff too.

01:00:21 There's a lot that goes into it, but if you want to reach out to me, alex.ktz.me, you can come find me.

01:00:28 I'm on Discord all over the place and I'll say hi.

01:00:30 I'd love to chat.

01:00:31 Yeah, awesome.

01:00:32 I'll certainly link to your connections on the website, on the show notes and I do want to give a shout out to Tailscale.

01:00:39 I think people should certainly consider it as part of the connectivity of all this stuff because it makes it so much simpler and so much safer.

01:00:45 Not a sponsored episode.

01:00:47 Hashtag not sponsored.

01:00:49 Yeah.

01:00:50 I'm just a corporate shill for free today.

01:00:52 For me, I found out about it a couple years ago and I'm like, this solves all the problems and I was just such a fan and so I just want to make, you know, I think it's really a way that things get quite simplified for it.

01:01:05 It was the same for me and I enjoyed it so much and I've been trying to solve this remote access problem as a self-hoster for, I didn't know it, but for 20 years I opened firewall ports to do remote desktop from school to my house when I was a teenager.

01:01:18 You know, like, I've been trying to solve this problem for a very long time and I installed Tailscale one weekend three years ago and was like, holy cow, this is amazing and I got a job here because I liked it so much.

01:01:29 Beautiful.

01:01:30 Well, I really appreciated you coming on the show.

01:01:33 Learned a lot.

01:01:34 Thanks for being here.

01:01:34 It was fun.

01:01:34 Yeah, thanks for having me.

01:01:35 Yeah, see you later.

01:01:37 This has been another episode of Talk Python To Me.

01:01:39 Thank you to our sponsors.

01:01:40 Be sure to check out what they're offering.

01:01:42 It really helps support the show.

01:01:44 Temporal is hosting their yearly conference, Temporal Replay.

01:01:47 Join your peers at Replay, the conference on orchestrating durable workflows and agents.

01:01:52 May 5 to 7 in San Francisco.

01:01:54 Visit talkpython.fm/temporal dash replay and use the code talkpython75, all one word, all caps, to save up to $449 on your ticket.

01:02:04 If you or your team needs to learn Python, we have over 270 hours of beginner and advanced courses on topics ranging from complete beginners to async code, Flask, Django, HTML, and even LLMs.

01:02:17 Best of all, there's no subscription in sight.

01:02:20 Browse the catalog at talkpython.fm.

01:02:22 And if you're not already subscribed to the show on your favorite podcast player, what are you waiting for?

01:02:27 Just search for Python in your podcast player.

01:02:29 We should be right at the top.

01:02:30 If you enjoy that geeky rap song, you can download the full track.

01:02:33 The link is actually in your podcast blur show notes.

01:02:36 This is your host, Michael Kennedy.

01:02:38 Thank you so much for listening.

01:02:39 I really appreciate it.

01:02:40 I'll see you next time.

01:02:41 Talk Python and me.

01:02:52 Talk Python and me.

01:02:53 Can we be ready to roll?

01:02:57 Upgrading the code.

01:02:59 No fear of getting whole.

01:03:02 We tapped into that modern vibe overcame each storm.

01:03:06 Talk Python and me.

01:03:07 I think is the norm.