When I first got on the internet, self-hosting your personal site or blog was seen as a rite of passage. At least in the communities I frequented. There were certain things you just were supposed to do: use Linux on the desktop, rarely leave the command line, and host your own stuff. The more arcane the better - a never-ending contest for the title of the most “leet”.
I remember those days quite fondly as a formative experience. Even long-held opinions require periodic reexamination though. Here's why I decided against continuing to self-host the vast majority of my online presence.
When Customization Becomes a Liability
I used Linux on my desktops for years and years. I know what goes where, and usually what NOT to do in order to keep the system running. Especially the latter part of my knowledge came from teenage experimentation: breaking my OS, trying to put it back together again, and learning the importance of keeping backups.
I stopped using Linux as my primary OS about a year into my first serious BYOD job. My love for experimentation and customization never really went away. But the customizability suddenly became a detriment: rather than accepting good enough defaults and getting things done, I twiddled with configs. Rather than committing code, I was troubleshooting graphics card drivers.
Once I realized that I was sinking a lot of time into maintaining my workstation rather than doing WORK on it, I gave up and got a Mac. It freed up a bunch of time I could sink back into experimentation - just not with the OS itself.
Deciding What to Control
A popular - and rather solid - argument for self-hosting is not giving up one’s data to a corporation or a government.
I resonate with this logic up to a point. I own a network-attached storage solution I keep under physical lock and key in my home. That’s where the “catastrophic if leaked” class of data goes. Along with much more mundane “this benefits from being physically close” class.
NASes make perfect sense. So do home servers running software that should largely be private, such as home automation.
What I’ve been doing for the past several years doesn’t make sense. I’ve been renting a rather expensive collocation space containing a server filled to the brim with ostensibly public data. A personal source code forge. A business card website. A blog. A wiki. I insisted on hosting it all on a hardware and software stack I controlled.
Is Self-hosting More Secure?
I would argue that while it offers much stronger privacy, it's not always the best choice for security.
Companies offering major SaaS platforms employ really smart people to keep their products secure. For really big companies there's likely an entire team whose full-time job is to defend the platform against attacks.
The attack surface of a personally-owned server is arguably smaller. The rewards for compromising it may be insignificant enough that it'll eludes the gaze of a human attacker. But every time a vulnerability is announced that can be exploited automatically - like last year's regreSSHion - you need to drop everything and batten down the hatches right away.
Keeping up with vulnerabilities in every piece of software you expose to the internet is certainly possible. So is responding to every single one in a timely fashion. I've never had a compromise. But staying on top of it creates unpredictable pockets of urgency that are hard to plan against.
The Cost Argument
Price is a significant aspect in the technology decisions I make. I convinced myself that self-hosting was the cheaper option. I was running one machine and stuffing it full to the brim with services. Surely in aggregate this must be cheaper than getting the same set of services elsewhere?
It looks like I never actually did the math. After factoring in the generous free tiers of available services, the cost argument falls apart immediately. I'll detail where I'm moving the services I hosted below, but the short of it is - I’ll actually save money.
And the financial cost isn't the only expense to consider.
Time Isn’t (Just) Money
I could do the typical calculation of “if I make $X per hour, this is costing me $Y to do.” I won't because I don't think it's appropriate. The time I was dedicating to tinkering with my stack is necessarily taken from the pool of time I wasn't going to put towards directly gainful work.
But let's recognize that pool of unallocated time is finite. And it's impossible for me to directly buy more of. The best I can do is conserve it and spend it wisely. If I'm working to keep my server shambling along, I’m expending hours I could use to better myself, to ideate, to write. Or even to rest and recharge.
For example: running maintenance on that server was usually a fortnightly chore. Meanwhile my blog would usually go for months - or even over a year - without a new post. Not for lack of things to talk about, either.
I recognized the parallel to my experience with Linux on the desktop. I was maintaining my blog, but I wasn’t writing anything. I was tinkering rather than creating.
Transitioning Away
Here's where I'm moving the services I mentioned. While I won't share the price point to beat, you'll note these options shake out - at least currently - to "free, with a chance of vendor lock-in".
Source Code: GitHub
The reigning behemoth in the space, GitHub likely needs no introduction. I'm expecting between $0 and $4 monthly spend. The primary spend I can foresee is CI/CD runtime. However, most of my projects are public anyway, and GitHub actions are free on those.
I recognize that my free use of GitHub isn't _entirely_ free. In a way, I'm handing over my repositories to Microsoft where they can be e.g. scraped for Copilot. I also recognize that even when running a forge myself, trying to prevent my public code from being scraped is playing whack-a-mole.
I considered moving to GitLab's hosted offering. However the free tier is much more restrictive and at $29, the lowest paid plan is rather steep.
Business Card Website: Vercel
With a very generous free tier from Vercel, I'm expecting $0 monthly spend on my business card. There is a little bit of vendor lock-in involved, and a significant spike in popularity can quickly snowball the cost. For now I'm finding e.g. Vercel preview apps for pull requests to easily be useful enough to be worth the risk.
There are plenty of alternatives - even GitHub pages would work in a pinch for my simple, static site. I'll reconsider if the costs start outweighing the benefits.
Blog: Substack
Clearly, since that's where you're reading this. There'll be more posts like this one here - if you like what you're reading, please consider subscribing.
Shameless plug aside - Substack comes with batteries included for not only blogging, but also building a community. Built-in comments and newsletter would already make it a no-brainer. Improved discoverability is a nice bonus.
There is a fair bit of vendor lock-in involved in this decision. It could be argued that's the case no matter which blogging platform I went with; even self-hosted ones enforce specific formats. I believe Substack to be established enough to be a reliable platform for the foreseeable future.
Personal Wiki: Obsidian
I examined the reasons I put my private wiki online in the first place. I primarily want to access it from all devices. Since all personal devices I use are currently in the Apple ecosystem, Obsidian synced over iCloud works just fine.
I'm especially enjoying the community plugin ecosystem. Integrating Excalidraw canvases directly into my notes with a plugin has been a genuine game-changer for the way I record my thoughts.
In the event that I leave the Apple ecosystem in the future, I could move my Obsidian vault to Dropbox. Or I could spend $4 per month to use Obsidian's paid sync offering. And if I need to leave Obsidian for any reason, my vault is just a bunch of folders with Markdown files in them - pretty portable.
No Regrets
Despite having moved on, I don't regret using Linux as a desktop OS for over a decade. It drove me to learn and tinker. It helped me embrace the hacker creed of understanding and customizing that drives me even today.
Likewise I don't regret self-hosting. I'm not moving away from it entirely either - I'm keeping my home NAS, for example. My home network has benefited greatly from these explorations. So has my understanding of how to run, scale and secure services on Linux-based servers.
I think re-examining even long-held beliefs is an important step in the journey of learning. The services I settled on will in time also need to be re-evaluated. They're the current state of affairs, not necessarily the final destination. They may have hidden costs I'm not aware of right now, and circumstances can change.
I'll keep what's working and drop what isn't. In the process, I'm bound to learn something new.