I'm running mine on a ~$33/year VPS at GreenCloudVPS. It's a small instance (just me) but it federates with all the major instances which means it still does a bunch of work (since it has to handle incoming posts and comments from federated servers). It's a decently powerful VPS with an AMD EPYC Milan CPU, 10GB RAM, and 100GB NVMe storage.
For a medium-sized instance, I imagine you could get pretty far with a single <$100/month dedicated server from Hetzner or a similar provider.
Some servers have ECC. If you get a cheap one (like a Hetzner auction server), it's less likely to have ECC. ECC protects against bitflips, but it won't help if the RAM is starting to die. ECC isn't magic - it just has an extra 8 bits of parity data per 64 bits of data. It still uses the same type of RAM chips.
It is encrypted at their end - they say the data is encrypted both in transit and at rest.
However, it's not end-to-end encrypted, in the usual meaning of the term. E2EE usually means that only the sender and intended recipients of the data can decrypt the it, not the company running the service, their affiliates, or any intermediaries.
If you don't mind a web UI, Netdata is great. It collects a bunch of metrics once per second and can retain them for a long period of time. The web UI is pretty good. Their Github readme links to some example servers so you can try it out first. Just click the link to use it without an account (that's optional).
It's mainly designed for servers, but there's no reason you couldn't run it on a client system. They're focusing a lot on AI/ML-based anomaly detection as well as their cloud offering at the moment, but you don't have to use either and can just stick to the open-source agent.
I like my local libraries. They're decently funded (through property tax in an area where it's very common to see multi-million dollar houses), and they have 4K Blu-rays and recent releases. They've got things like 3D printers, too.
why is a tower defense game listed under Automation?
and two of the most popular automation programs are missing (n8n and Node-RED).
who on earth needs customer live chat and a lot of business-scale website analytics, webshop systems and CRM and ERP in their homelab??
Maybe not in a homelab, but plenty of people self-host these. I'm setting up customer live chat (Chatwoot) and invoicing and account (Bigcapital) for my wife for example. I self-host website analytics (Plausible) and bug tracking (used to be Sentry but it got too complex to host, so now I'm trying Bugsink and Glitchtip) for my personal sites/projects, too.
This is one of the reasons they're reducing the validity - to try and convince people to automate the renewal process.
That and there's issues with the current revocation process (for incorrectly issued certificates, or certificates where the private key was leaked or stored insecurely), and the most effective way to reduce the risk is to reduce how long any one certificate can be valid for.
A leaked key is far less useful if it's only valid or 47 days from issuance, compared to three years. (note that the max duration was reduced from 3 years to 398 days earlier this year).
In the ballot, Apple makes many arguments in favor of the moves, one of which is most worth calling out. They state that the CA/B Forum has been telling the world for years, by steadily shortening maximum lifetimes, that automation is essentially mandatory for effective certificate lifecycle management.
The ballot argues that shorter lifetimes are necessary for many reasons, the most prominent being this: The information in certificates is becoming steadily less trustworthy over time, a problem that can only be mitigated by frequently revalidating the information.
The ballot also argues that the revocation system using CRLs and OCSP is unreliable. Indeed, browsers often ignore these features. The ballot has a long section on the failings of the certificate revocation system. Shorter lifetimes mitigate the effects of using potentially revoked certificates. In 2023, CA/B Forum took this philosophy to another level by approving short-lived certificates, which expire within 7 days, and which do not require CRL or OCSP support.
Yes, this requirement comes from the CA/Browser Forum, which is a group consisting of all the major certificate authorities (like DigiCert, Comodo/Sectigo, Let's Encrypt, GlobalSign, etc) plus all the major browser vendors (Mozilla, Google, and Apple). Changes go through a voting process.
Google originally proposed 90 day validity, but Apple later proposed 47 days and they agreed to move forward with that proposal.
Tailscale serve might work; I haven't tried it so I don't know what it's capable of.
Usually I'd recommend getting a real domain name and using Let's Encrypt. .com domains are around $10/year but some TLDs are even cheaper. If you don't mind which TLD you use, go to tld-list.com and sort by renewal price.
Edit: I forgot to mention - a server does not need to be publicly exposed to use Let's Encrypt. You can use a DNS challenge instead of a HTTP one.
dan @ dan @upvote.au Posts 10Comments 3,615Joined 2 yr. ago 
Yeah, a Black Friday sale.
They do have some deals always available, but the specs aren't as good as the Black Friday ones: https://greencloudvps.com/billing/store/budget-kvm-sale
RackNerd also have some deals that are always available on their site. .