_______ __ _______
| | |.---.-..----.| |--..-----..----. | | |.-----..--.--.--..-----.
| || _ || __|| < | -__|| _| | || -__|| | | ||__ --|
|___|___||___._||____||__|__||_____||__| |__|____||_____||________||_____|
on Gopher (inofficial)
URI Visit Hacker News on the Web
COMMENT PAGE FOR:
URI Pico.sh â SSH powered services for developers
hiatus wrote 29 min ago:
It is strange, I tried to add my public key but received a response
that it was already in use (!). Is there a way to determine the user
associated with a public key? Perhaps it's possible I have previously
created an account but I feel I would remember the UI.
rjurney wrote 1 hour 20 min ago:
This thing is really cool, I want to pipe data between systems... can I
trust you to have that kind of access?
anonfordays wrote 2 hours 8 min ago:
Sadly the CoC states:
Don't upload "hate speech" (i.e. demeaning race, gender, age,
religious or sexual orientation, etc.)
Don't upload material that is threatening, harassing, defamatory, or
that encourages violence or crime
This can be contorted to mean almost anything. In times such as these
where regimes all across the globe are using "hate speech" as carte
blanche to snuff out dissent, it's sad to see others openly follow
suite.
tempfile wrote 2 hours 45 min ago:
That's fun, I found and subscribed to tuns.sh only 2 weeks ago. (I
wrote up my experience, too [1] )
URI [1]: https://danielittlewood.xyz/notes/self-hosting-with-tunnels
Lord_Zero wrote 4 hours 4 min ago:
[1] > Promotion/rollback support
> Managed HTTPS for all projects
> Promotion and rollback support
"Promotion and rollback support" twice...
URI [1]: https://pgs.sh/
benoror wrote 5 hours 9 min ago:
How does it compares with [1] ?
URI [1]: https://bearblog.dev/
oldandboring wrote 6 hours 49 min ago:
Very timely for this to come up. Just this morning I was wiring up a
personal blog with Obsidian -> Hugo -> Github Pages. I might swap
Github Pages out for Pico.sh, it's definitely my kinda service. Well,
either that or self-host it.
gherard5555 wrote 6 hours 57 min ago:
This web design is very nice to look at
qudat wrote 6 hours 1 min ago:
Hey thanks! I stare at our docs site multiple times a day and
sometimes I lose all sense of what looks good so your comment is much
appreciated.
caioariede wrote 9 hours 5 min ago:
I love this! I was about to start using Substack for a
personal/professional blog and I was very concerned about the structure
they "force" you into. I don't want to socialize in the way they want
me to. I just want to write my stuff down, and perhaps help someone,
but at the end, all I want is a place to share things with myself in a
more elaborated way. Looking at it now!
jefurii wrote 3 hours 40 min ago:
If all you want is to scp .html files there's always been shared
hosting.
lynx97 wrote 11 hours 14 min ago:
rsync is no SSH tool. I get how that sentence emerged, but it is still
a turn off, mixing up terminology like that for convenience.
Y_Y wrote 2 hours 39 min ago:
In my experience, any time you're using scp, you'd be better off with
rsync.
bradly wrote 6 hours 59 min ago:
rsync uses ssh for remote communication.
lynx97 wrote 2 hours 23 min ago:
I am sure you know this, but rsync works perfectly fine without
ssh. In fact, it has its own custom protocol for remote
communcation. It can use ssh to talk to remote machines, but so
can any tool via the plain pipe mechanism. Followin that logic,
every Linux CLI tool that does stdio is an ssh tool...
thelittleone wrote 14 hours 5 min ago:
Very cool. Though might want to increase contrast on diagrams, for
example here
URI [1]: https://pico.sh/tuns
saunved_42 wrote 15 hours 19 min ago:
This is a really fun project! I've been trying to think of unique ways
to allow non-devs to publish blog posts easily on their own websites
and this is some great inspiration for it.
sagarpatil wrote 16 hours 41 min ago:
Iâm sold.
this_is_madness wrote 18 hours 25 min ago:
Without being open source this is basically just a walled garden
version of sr.ht.
antoniomika wrote 18 hours 8 min ago:
We're actually fully open source and all development occurs in the
open! Here's the repo [1] and you can find us on Libera IRC
URI [1]: https://github.com/picosh/pico
TheTaytay wrote 18 hours 55 min ago:
I stumbled across this clever service when looking for a âpastebinâ
that handled rendering terminal output with ANSI codes. The irony is
that they donât actually allow that (just plain text can be piped to
their pastes service), but I found their whole site and vibe
delightful!
And the two authors, qudat, and antoniomima are active on HN, as their
responsive comments here demonstrate. Just good work all around.
stego-tech wrote 18 hours 58 min ago:
Love the KISS approach to your services. Simple text files, built on
fundamental services. Honestly also a great way to build SSH (and
associated suite) chops for folks just entering Linux/Unix/BSD/*nix
world or who only know Windows.
Going to poke at it this week myself. Looks like a healthy competitor
to PikaPods for the basic stuff.
Keep up the good work!
scbenet wrote 19 hours 24 min ago:
Big fan of pico.sh, been hosting a few small sites on there for a while
now, no faster way to get something up and running
jwr wrote 19 hours 34 min ago:
Love the idea, but I couldn't find a "pricing" page and wanted to
abandon reading immediately (I have no time for unsustainable
services). Then I learned from the discussion that the pricing is $2/m,
which, two things: 1) I still can't find that price on the web site,
and 2) it seems unsustainable to me, so I'm still worried.
I run a B2B SaaS. Support costs is what eats you alive: in case of a
complex B2B app anything below $40/month is unsustainable. This is of
course better for simpler apps/services, but even there you have to be
super careful.
qudat wrote 6 hours 22 min ago:
Thank you for the feedback and we agree so we have changed the header
nav link from "pico+" to "pricing".
In terms of the costs to run a saas, we are actively monitoring
hardware utilization and resource allocation. Antonio and I have a
lot of experience building and running saas (and paas) products so we
feel confident we can manage whatever usage comes our way. We have
also been strategic in terms of the services we provide in an effort
to keep service support manageable.
cookiemonsieur wrote 13 hours 23 min ago:
> I run a B2B SaaS. Support costs is what eats you alive: in case of
a complex B2B app anything below $40/month is unsustainable
I agree to an extent. But it largely depends on the complexity of
your offering. If all you do is expose flat data through an API, you
can maybe get away with an API Gateway x Lambda x DynamoDB combo,
which would cost virtually nothing as the free tier is very generous.
Just my 2c.
lionkor wrote 13 hours 37 min ago:
$40/month per user, just for support? So for 1000 users, you need to
make $40,000 to be sustainable, i.e. like 10 employees?
conductr wrote 3 hours 4 min ago:
I'm thinking not much support is needed for user's that are willing
and able to do all these tasks over SSH. They've pre-filtered for
low support load
Back in early 2000s I ran a shared webhosting business, most
customer's were savvy at the time and it was kind of a "you're on
your own, let me know if the infra is acting up" type arrangement.
I ran it with about 2000 customers for a year or so solo and only
got about 2 support emails a day. Back then, 24-72 hour response
was acceptable so I never needed to be a 24/7 resource.
blatantly wrote 12 hours 1 min ago:
Yeah I think this why "Book a call" level customers are really
subsidising it. Say $10/m/u and you get 200 seats. You pay $2000/m
but the bugs you hit are likely uniform so you loaf support like
maybe 20 individual users. 20 individual users only bring in 10%.
So you need the whales to keep it going.
jimbosis wrote 19 hours 8 min ago:
I had the same frustration as you with finding the pricing
information. With some serendipitous clicking, I managed to find it!
[1] It does also mention there is a $0 "Starter" tier.
(I found that link on this page: [2] )
EDIT: Mention the Starter tier.
URI [1]: https://pico.sh/plus
URI [2]: https://pico.sh/pgs
jarboot wrote 20 hours 39 min ago:
Love to see a midwest/great lakes business address :)
desireco42 wrote 20 hours 51 min ago:
I have fish shell... took me a little bit to realize that this prevents
it to create account, once I created it using bash, it works well. Just
FYI.
antoniomika wrote 18 hours 57 min ago:
Hrm that's odd! Just tested and everything looks fine. Any logs or
errors you can share?
shnpln wrote 21 hours 24 min ago:
This is awesome!
focusgroup0 wrote 21 hours 39 min ago:
See also:
URI [1]: https://github.com/charmbracelet/wish
antoniomika wrote 21 hours 19 min ago:
I'd actually highly recommend taking a look at vaxis ( [1] ). We've
moved away from wish/bubbletea and have really enjoyed working with
vaxis!
URI [1]: https://github.com/rockorager/vaxis
0xcoffee wrote 21 hours 45 min ago:
At risk of scope creep, the greatest selling point Netlify has for me
is automatic form email support for static sites. Would be awesome if
pico.sh supported that.
qudat wrote 5 hours 55 min ago:
[1] was designed to "compete" with netlify. I'm going to look into
this feature and see how it could fit into our service. Thanks so
much!
URI [1]: https://pgs.sh
stouset wrote 22 hours 8 min ago:
I don't seem to be able to add multiple SSH public keys. When I try to
create one, I paste my pub key and hit enter and⦠no key is added.
antoniomika wrote 22 hours 0 min ago:
We recently changed our tui framework and the functionality for focus
is a bit different. You might have to hit until `ADD` is
highlighted. You can also rsync/scp/sftp an authorized_keys file and
we'll add that to your account!
stouset wrote 21 hours 10 min ago:
That did it. Thanks!
hei-lima wrote 22 hours 15 min ago:
This is great! Congratulations.
qudat wrote 22 hours 32 min ago:
Co-Founder here, thanks for the interest in our micro-saas powered by
SSH.
Happy to answer any questions!
swznd wrote 48 min ago:
how to manage / remove paste ?
WinstonSmith84 wrote 4 hours 26 min ago:
So I understand I can redirect my custom domain to Pico Pages, Pico
Prose, etc. Can I however do the other way around? Can I create
somehow a CNAME on my Pico.sh account (such as username-myapp.pgs.sh
points to abc.xyz.com)? In essence, I'd like to be able to get a
certificate and set a secure https connection to e.g. my Load
Balancer my-alb-12345.us-east-1.elb.amazonaws.com or similar.
antoniomika wrote 3 hours 49 min ago:
Yep! tuns would be the service you want since it can support
forwarding arbitrary backends:
URI [1]: https://pico.sh/tuns#custom-domains
memset wrote 16 hours 52 min ago:
I remember seeing this a couple of years ago on HN!
Would you be willing to share how itâs doing on the business side?
Hints on how youâve grown users or how many folks are willing to
subscribe?
Iâd love to build a service (in a different domain) that operates
as simply as this.
qudat wrote 6 hours 3 min ago:
> Would you be willing to share how itâs doing on the business
side? Hints on how youâve grown users or how many folks are
willing to subscribe?
Yes, absolutely. Here's our year-end-review where we talk numbers:
[1] Ultimately, what keeps us going is we want these services to
exist for our own side-project development and it's an extra boost
of motivation when others use our services.
All of our marketing is through HN/lobsters/reddit since that's our
target demo.
URI [1]: https://blog.pico.sh/status-011
raggi wrote 20 hours 5 min ago:
What are you doing about TOFU and MITM?
antoniomika wrote 18 hours 58 min ago:
Our host keys are published here and are durable:
URI [1]: https://pico.sh/host-keys
raggi wrote 14 hours 35 min ago:
So approximately nothing?
kpcyrd wrote 11 hours 25 min ago:
There is nothing that can be done beyond what they are doing?
You can receive their public keys out-of-band through an
https-authenticated connection. Which means their approach to
"the initial trust problem" is _not_ "trust on first use".
squiggleblaz wrote 7 hours 38 min ago:
I don't know what other solutions there are to TOFU, but
maybe it's nice if there's something like a standardised
/.well-known/ssh-keys.json path for public ssh servers like
github and pico.sh.
raggi wrote 1 hour 54 min ago:
Thereâs SSHFP, but itâs off by default and assumes an
attacker canât modify dns, though most mitms would be
executed with dns and dnssec deployment is generally a
disaster.
Currently their host key page is only linked once at the
bottom of their page and isnât referenced in any
onboarding docs, so effectively onboarding encourages
âyoloâ, and if users arenât savvy theyâre likely
putting other things at risk, whatever their keys happen to
also have access to.
The other argument that comes up here then is âwell mitms
are rare so this doesnât seem like a big problem in
practiceâ, however there are actually great targets here,
for example you go to a conference and hijack the WiFi,
then spend your time in hallway track advertising these
services to your targets. This kind of thing has a high
success rate.
The web improves on this problem with PKI, though similar
phishing tactics exist in a similar situation where you
encourage people to sign up explicitly guiding them to an
incorrect domain, but propensity for using search in
address bars strongly helps resist this too.
SSH is terrible for this use case, no matter how it makes
people feel.
tptacek wrote 1 hour 18 min ago:
DNSSEC would also not work in the conference wifi
scenario.
junon wrote 13 hours 33 min ago:
Perhaps giving a bit more information than throwing out random
acronyms related to SSH would be a bit more fruitful in terms
of responses.
What about TOFU and MITM would you like them to respond to?
TOFU isn't inherently a bad thing. Neither is MITM. It depends
on the threat model, the actors involved, etc.
Your comment (and the snarky followup) imply they're doing
something wrong, but it's unclear what.
hakaneskici wrote 20 hours 57 min ago:
I love your RFC-1, keep up the spirit :)
Where are your servers located?
antoniomika wrote 20 hours 22 min ago:
Ashburn, VA and Nuremberg, DE!
larodi wrote 21 hours 4 min ago:
am I getting this right, that for 2 bucks a month I can publish (okay
tun) my dockers and very-unsafe-postgres-with-ssl publicly to
selected users?
ryao wrote 16 hours 46 min ago:
Cloudflare makes that free through their zero trust stuff and
cloudflared daemon.
antoniomika wrote 21 hours 2 min ago:
Correct! The tunnels are protected using ssh auth as well, so you
can ensure that only the users you want to access it can.
ryao wrote 16 hours 41 min ago:
I am not sure how you avoided collisions (network namespaces?) on
the localhost port space, but for things like this, you would be
better off forwarding to/from UNIX domain sockets. It is more
efficient as local tcp sockets have several times the overhead.
You probably would want to set StreamLocalBindUnlink yes and
StreamLocalBindMask 0117 in sshd_config. Then use UNIX groups
with the group sticky bit set on the directory where the unix
domain socket is made to allow multiple users access. The
directory would be owned by that group while each user with
access would be added to that group. It reduces some network
overhead and is highly secure. I recently used this trick to
connect a bunch of machines to a remote service through a jump
host.
Also, take it from someone who has been running services over
port forwards for years. You want to set ClientAliveInterval and
ClientAliveCountMax in sshd_config on the server (if you have not
already). Users should be encouraged to set ServerAliveCountMax
and ServerAliveInterval In ssh_config on their machines.
Furthermore, it would be best if the tunnels were run by daemon
tools and had ExitOnForwardFailure set as part of the command
that is run. The ssh command used at the client side likely also
should set -nNT. It is also good practice for the machines
running ssh to have dedicated accounts for the tunnels such that
their daemon tools scripts are essentially two lines, a shebang
followed by exec setuiduid user ssh -i ...
Finally, if people want to do very low overhead and highly secure
setups, they should bind the services that they reverse forward
to unix domain sockets locally and reverse forward the local unix
domain sockets over ssh to remote unix domain sockets. They can
use a file mode sticky bit on the parent directory to make the
local Unix domain socket accessible by the ssh command running on
its own user, which locks things down locally fairly nicely. A
typical process running on the machine will not be able to talk
to the reverse forwarded service thanks to the Unix file
permissions. Lastly, using ed25519 or ecdsa ssh keys would make
the initial connection process very quick compared to using RSA.
antoniomika wrote 15 hours 7 min ago:
Weâre actually using Unix sockets as the underlying transport
layer for this. Weâre also not using sshd, we custom wrote
our own daemon thatâs entire job is tunneling. If youâre
curious about this, you can find the project here: [1] sish was
actually my first foray into SSH apps. It was a lot of fun to
write and pretty much implements tunnels with a routing system
on top. It manages connectivity, routing, and reverse proxying
all within user space. No namespaces required!
tuns can actually even tunnel UDP traffic over SSH, also
entirely in user space. Docs for that can be found here:
URI [1]: https://github.com/antoniomika/sish
URI [2]: https://pico.sh/tuns#udp-tunneling
cfebs wrote 21 hours 39 min ago:
Sorry if I didn't catch this on the site, but any new upcoming
services you are excited about?
A ssh or TUI frontend for some git/forge host like: [1] would be
pretty cool!
URI [1]: https://forgejo.org/
vhodges wrote 4 hours 50 min ago:
[1] and [2] :-)
URI [1]: https://pr.pico.sh/
URI [2]: https://github.com/picosh/git-pr
LelouBil wrote 21 hours 59 min ago:
Hey, I was just reading your docs, maybe prose.sh will be what I'll
use to finally start a blog !
I noticed this mention here [0]:
Because in our Go SSH server we re-implement rsync, many options
are currently not supported. For example, --delete and --dry-run are
not supported.
But on your front page it says :
Upload your static site to us:
rsync --delete -rv ./public/ pgs.sh:/mysite/
So do you support delete ? One of these pages is outdated or did I
miss something ?
[0]
URI [1]: https://pico.sh/file-uploads
antoniomika wrote 21 hours 2 min ago:
Woops! Delete is supported, will update that as well
whalesalad wrote 22 hours 34 min ago:
this is really cool but something I would want to self-host, especially
for pastebin.
antoniomika wrote 22 hours 23 min ago:
And we'd be happy for you too! All of our code/tools are open source
and available here:
URI [1]: https://github.com/picosh/pico
codetrotter wrote 22 hours 23 min ago:
[1] [2] These looks like they are the code for the pastebin.
Thereâs a bunch of other code related to their other services in
that repo and in their other repos as well.
URI [1]: https://github.com/picosh/pico/tree/main/pkg/apps/pastes
URI [2]: https://github.com/picosh/pico/blob/main/cmd/pastes/ssh/main...
ctippett wrote 22 hours 48 min ago:
I signed up for this awhile back when it was free, it's been hosting
bibbidibobbidi.boo ever since. It's very neat.
antoniomika wrote 22 hours 21 min ago:
And we're still free! Just added some payments to help keep things
running smoothly and allow us to invest in more infrastructure. pgs
(static sites) and tuns (tunneling) are both multi-region for
example.
codazoda wrote 23 hours 5 min ago:
Love the idea.
There are a couple oddities I found in the UI.
1. When you sign up the prompt says âsignupâ. I didnât know what
it wanted. I finally just guessed username and that was right.
2. I couldnât get tokens to create (which they say are highly
recommended). I hit c for create, entered a name, press enter. Nothing.
antoniomika wrote 21 hours 58 min ago:
Sorry, this is a focus issue with a tui which we'll fix up soon!
Should just need to hit until OK is highlighted and then press enter
taylorbuley wrote 23 hours 16 min ago:
Pretty unrelated, but if you are a developer and don't have a lifetime
SDF.org membership, you should.
hebocon wrote 16 hours 16 min ago:
Why SDF over a free limitless VPS?
I joined SDF last year and was disappointed. I was willing to
tolerate the limitations (eg. can't change your shell unless
"validated"; can't even 'touch' a file...) in exchange for community
but it's a ghost town. To make matters worse, IRC for new users is
only available on a Sunday!
I would love to give it another shot but I don't understand what its
value is in 2025.
polishdude20 wrote 18 hours 10 min ago:
So this seems to be a membership to access a remote Unix system and
share it with others?
palata wrote 22 hours 17 min ago:
I had never heard of that. What's your use-case for it?
IgorPartola wrote 8 hours 38 min ago:
It basically dates back to when having access to a Unix system
meant that you needed to be at a university or a big employer or
some such. These guys provided one for free.
Currently you can get some basic email, web hosting, etc. for a one
time $1 donation. You can get more for a one time $36 donation.
They also have internal âforumsâ and chat and such as well as
offering a bunch of related services like VPS, dial up, VPN, a
Minecraft server, etc. Realistically, you can get a lot more for a
lot less with modern hosts but between nostalgia and the limited
environment having a particular kind of charm, it is kinda neat.
mountainriver wrote 23 hours 17 min ago:
Didnât Pico used to be a shell grep like search? Or was that another
project?
codazoda wrote 21 hours 57 min ago:
I thought it was a Windows SSH / terminal tool. Iâm probably
remembering wrong.
Edit: Found it already. I was definitely thinking of Putty.
epscylonb wrote 22 hours 50 min ago:
And a minimal CSS framework.
ctrlp wrote 23 hours 29 min ago:
This looks awesome. Well done.
jarbus wrote 23 hours 55 min ago:
I love this
mxuribe wrote 1 day ago:
How interesting! I'm excited by all the energy lately that i've seen
around more text-based fun stuff, from Gemini to tilde communities to
more TUIs/TUI apps, to this ssh powered set of services! Keep 'em
coming!
bayindirh wrote 23 hours 33 min ago:
pico.sh is not new by any means. I was using them ~3 years ago (or
maybe even for longer), with their lists.sh service.
After I opened my blog, they launched prose.sh, and rest of the
services soon after, but since I settled on my blog, and didn't want
to change horses, and they discontinued lists.sh, I had to part ways
with them.
I admire what they've built though, and wish them best of luck.
unshavedyak wrote 1 day ago:
Alright, i had plans to use Github (or maybe something Cloudflare ish)
but your $2/m has me seriously interested. I'm reviewing now.
I hate when i see fun side projects that cost the same as full
subscriptions to other products. There's only a handful of $15/m
services i "want" in my life.. it really raises the barrier to entry
when i'm so aware and averse to subscription costs.
Yet $2/m? Instantly sold on that price. It's a fun price, it looks like
a fun product, it lines up perfectly for me. It's silly that the price
has me almost more interested than the product. Love it
Thanks for this, i plan to try it out!
blatantly wrote 12 hours 8 min ago:
$2 is fun for hobbies but hope you are not running in production for
your customers with that sort of service level!
qudat wrote 6 hours 8 min ago:
Thanks for the comment because I think many -- including myself --
resonate with this sentiment. Our pricing strategy was to be
competitive with a user just provisioning their own VPS VM with a
cloud provider. Our goal is to be competitive on price with a
$5/mo VM.
Further, we are mostly targeting individual/small teams who want to
rapidly prototype on the web. We provide enough convenience
features (e.g. zero-install, multi-region, site analytics, tunnel
connect/disconnect notifications, easy script automation) to entice
users to keep their prototypes running in "prod" as long as
possible before they feel the need to provision their own VPS.
We could go upstream and try to target larger teams/companies, but
honestly, this is just fun for us to do on the side.
We don't make any guarantees about uptime at this point but we take
it very seriously (we have alerting and respond quickly) and treat
it like our day-jobs (I work at a paas and antonio is a platform
engineer wizard).
unshavedyak wrote 6 hours 59 min ago:
For static sites is there that much missing? Throw a good CDN in
front of this and would it matter much who the host was?
blatantly wrote 31 min ago:
At $2/m SRE is powered by love only.
ryao wrote 16 hours 53 min ago:
You could use GitHub pages + cloudflare for free hosting. My neighbor
uses that.
iambrandonm wrote 22 hours 10 min ago:
Totally feel you on this and kudos to these guys, low pricing makes
it so much easier to actually try something without second-guessing.
Iâm working on a similar philosophy with my own project, 99dev â
simple tools for indie devs at just $1/month. Starting with
lightweight analytics (like a mini Plausible), but more tools are on
the way. No bloat, just useful stuff for folks like us who are
building things and watching our budgets.
Really glad to see more projects like pico.sh embracing low cost, no
frills, indie services.
URI [1]: https://99.dev
unshavedyak wrote 1 day ago:
Bandwidth limitations has me chuckling though: [1] Any thoughts on
how the review will happen when that barrier is reached?
URI [1]: https://pico.sh/faq#are-there-any-bandwidth-limitations
wongarsu wrote 23 hours 34 min ago:
Traffic isn't actually that expensive outside of big clouds. No
idea where pico is hosted, but Hetzner gives you "unlimited" 1Gps
connections with a dedicated server, or a 10G uplink charged at
$1.20/TB (plus a fixed monthly fee for the uplink itself).
shishcat wrote 23 hours 28 min ago:
I have good reasons to believe this is hosted on Oracle's free
tier. Apart from the fact that pinging pico.sh points to an
Oracle IP, the 10TB limit is consistent with Oracle Free Tier's
limit.
qudat wrote 22 hours 14 min ago:
You are correct, we are also multi-cloud:
URI [1]: https://pico.sh/regions
wongarsu wrote 23 hours 17 min ago:
Good call. Oracle does charge somewhat reasonable $8.50/TB
after the first 10TB/month. Despite my dislike of Oracle it's
not a terrible choice for this until you get some serious
traffic.
nathants wrote 10 hours 10 min ago:
hetzner is $1.5/TB for us and eu.
amelius wrote 1 day ago:
My company blocks ssh. Is there a way to tunnel this through HTTP?
prmoustache wrote 6 hours 56 min ago:
Use that from home or a mobile phone connection?
You probably aren't supposed to update your personal website and
stuff when you are working for your company anyway.
cuanim wrote 15 hours 57 min ago:
Cockscrew might fit your usecase[1] -
URI [1]: https://github.com/bryanpkc/corkscrew
johnklos wrote 16 hours 19 min ago:
Stupid company!
I keep a machine which has sshd listening on the IMAPS port (993) for
when I'm traveling. It's amazing how many free networks don't allow
ssh, but with -J and sshd on port 993, that really doesn't matter.
lormayna wrote 15 hours 51 min ago:
A NGFW, frequently used in the enterprise environments will block
it. They are checking the package signatures, not only the YCP
ports.
palata wrote 22 hours 15 min ago:
I agree. Something like what GitHub offers?
URI [1]: https://docs.github.com/en/authentication/troubleshooting-ss...
chasil wrote 1 day ago:
I have heard that SSH could be tunneled over DNS UDP packets.
This looks like a decent article, will read later.
URI [1]: https://medium.com/@rogergalo/learn-how-easy-is-to-bypass-fi...
palata wrote 22 hours 14 min ago:
Not sure if it has to go that far. Probably it's just blocking port
22.
mbreese wrote 19 hours 30 min ago:
Agreed. You can host both SSH and HTTPS on port 443. I know this
used to be possible with HAProxy, but now Nginx can do it as
well. This way you are hosting normal HTTPS traffic when a
browser is used and SSH otherwise.
Now, if your company is actually blocking the SSH protocol,
youâll have to do something like tunneling SSH through SSL,
which is also possible⦠but not as easier IIRC.
mrbluecoat wrote 1 day ago:
> Upload your static site to us
How do you prevent abuse, like illegal material?
qudat wrote 5 hours 57 min ago:
Good question.
Right now we run some ML models to check for illegal content and then
respond immediately with the ban hammer.
We also monitor content published on our platform with some admin
tools we built.
ashishb wrote 23 hours 54 min ago:
And that's why no one can offer this sustainably for $2/month. There
is a cost of policing for illegal stuff as well as outright terrible
stuff that requires fair bit of effort.
rendx wrote 23 hours 6 min ago:
You can even get full 'root' on a virtual machine for that price,
and plenty of webhosting options. [1] For many years now I've been
hosting my IRC bouncer on a $13/yr VPS at netcup and it has been
more stable than some of my other VPSes.
URI [1]: https://lowendbox.com/blog/2-usd-vps-cheap-vps-under-2-mon...
wongarsu wrote 23 hours 22 min ago:
Granted, the market for shared hosting has settled closer to $6,
but OVH, Hetzner and Netcup all still offer shared hosting for
$2/month, with a free domain on top. And all three are in this
market for ages now. They limit you to static pages, PHP and a
MySQL database, but you can do plenty of illegal stuff with that.
ashishb wrote 15 hours 36 min ago:
Wait till they get popular, and then they will abandon this.
jorams wrote 13 hours 49 min ago:
I'm not sure about netcup, but Hetzner and OVH are very large,
very popular hosting providers that have been in this game for
decades.
Andoryuuta wrote 1 day ago:
I'm not sure why it would be different from any other hosting
provider. They do clarify what they consider abuse / forbidden
content, and their operational policies though:
[1]
URI [1]: https://pico.sh/abuse
URI [2]: https://pico.sh/ops#code-of-content-publication
Helithumper wrote 1 day ago:
Could be useful to have a tool similar to
URI [1]: https://git.0x0.st/mia/0x0#moderation-ui
aitchnyu wrote 13 hours 16 min ago:
Tangential, how heavy is a NSFW classifier for a VPS? This link
leads to a HuggingFace model with Telegram id of author offering
premium model.
diggan wrote 8 hours 39 min ago:
> how heavy is a NSFW classifier for a VPS?
Not heavy at all, they're really tiny in the grand scale of
things and can easily run on CPU only unless you're wanna
classify 100s of items per second.
jkingsman wrote 1 day ago:
This is the challenge. This is tiny and delightful, but most hosting
systems are monsters from a compliance perspective not because of a
hunger for bureaucracy but that content moderation is SUPER hard.
diggan wrote 8 hours 41 min ago:
> content moderation is SUPER hard
That's a bit over-exaggerated, it certainly isn't fun, nor very
interesting, but it's doable, even for smaller organizations. Today
is even easier as classification/labeling ML models are pretty good
even without any fine-tuning/training on your own dataset.
kupopuffs wrote 20 hours 53 min ago:
people assuming that LE are going after smalltime hosting
shishcat wrote 23 hours 30 min ago:
you can easily find entire VMs for 2â¬/month on sites like LES
DIR <- back to front page