Have your Mastodon and Eat It Too, for free

HOW TO HOST A LARGE MASTODON SERVER VERY CHEAPLY ON ORACLE CLOUD INFRASTRUCTURE

This is a how-to article. It assumes a basic level of Linux proficiency and skims over a lot of details. If there is a ton of popular request, I may come back and fill in more of those details.

Mastodon, the open source social network software, is a bit resource-hungry. In particular, it wants a fair bit of memory in order to run stably, and it likes to cache an insane volume of media (hundreds of gigabytes is a reasonable expectation).

Fortunately, as of 2022, cloud hosting providers are so desperate to get you onto their service that they are competitively giving away free server capacity, storage and bandwidth.

As a former employee at Oracle, I am happy to use their cloud offering, and that’s what this howto is about. I’m fully aware that not everyone trusts Big Red, and all I can say on the matter is that USB disks are cheap and secure offsite backups are your friend.

At time of writing, the Oracle Cloud free tier includes free Ampere (ARM64) VMs with four whole CPUs and a massive 24GB of RAM. This is where I recommend you put your Mastodon instance and associated database. You can also use the (much smaller) AMD64 parts of the cloud, but I keep those for things like my mail server and this blog.

I’m going to assume you’re comfortable installing and configuring your preferred Linux distro on your cloud VM(s).

The setup instructions at joinmastodon.org are clear, if a bit terse, so I’m going to assume that you can follow those too.

The key missing piece is the object storage. OCI free tier doesn’t include enough disk space for you to just keep your instance’s media cache in the server’s filesystem, and the cost of using normal block storage would be prohibitive, not to mention quite slow.

The answer is in Mastodon’s (very poorly documented) Amazon S3 block storage functionality.

  1. On your Oracle Cloud Infrastructure management page, go to Storage -> Object Storage & Archive Storage -> Buckets
  2. Click on ‘Create Bucket’ and name the bucket –
    1. I named mine after my instance domains, since I have more than one instance.
    2. I have enabled Auto Tiering in the hope of saving some money, although it may have no effect due to Mastodon’s cache TTL.
    3. I left “Encrypt using Oracle managed keys” at the default value.
    4. Leave your bucket visibility at ‘Private’ or this will impact the security of your instance.
    5. Click “Create”
    6. Take a copy of the ‘Namespace’ text for your new bucket.
  3. Under ‘Resources’ on the left, select “Pre-Authenticated Requests”.
    1. Leave the permissions at ‘Bucket’ and ‘Permit object reads’ – this special URL will be used by nginx to serve up the media in your bucket, so it only needs to be read-only.
    2. Select ‘enable object listing’
    3. This is very annoying: Oracle require these links to have an expiry date, and you can’t just type in a new date. You need to open up the date chooser and start clicking. I clicked through to the year 2100. You may have more or less patience than I do.
    4. Click “Create Pre-Authenticated Request”
    5. Copy the URL for the pre-authenticated request and SAVE IT SOMEWHERE!
  4. Now we play the long-and-tedious Oracle Cloud security game. Brace yourself.
  5. Open up the main menu again and select “Identity and Security”
    1. Under ‘Identity’ select ‘Groups’
    2. Click on ‘Create Group’
    3. Name your group whatever you like. Mine is called ‘Mastodon’ because I’m so creative.
    4. Click on ‘Create’
  6. Open up the main menu again and select “Identity and Security”
    1. Under ‘Identity’ select ‘Policies’
    2. Click ‘Create Policy’
    3. Name the policy something like ‘mastodon-bucket-policy’
    4. Under Policy Builder select ‘Show manual editor’
    5. In the manual editor box, paste this text (with your Mastodon group name):
      Allow group Mastodon to manage buckets in tenancy
      Allow group Mastodon to manage objects in tenancy

      Obviously these permissions are far more than is required, but I can at least confirm that they work. If you know this tool better than me and you can suggest a more reasonable set of permissions, please let me know.

    6. Click on ‘Create’
  7. Open up the main menu again and select “Identity and Security”
    1. Under ‘Identity’ select ‘Users’
    2. Click on ‘Create User’
    3. Select ‘IAM User’
    4. I called my user ‘Mastodon’ and am using the same user for both Instances / both Buckets. Fill in whatever details you like here.
    5. In the new user, click ‘Add User to Group’
    6. Select the group you created above
    7. Click ‘Add’
    8. Under ‘Resources’ on the left, click on ‘Auth Tokens’
    9. Click ‘Generate Token’. Call it whatever you like.
    10. SAVE A COPY OF THE TOKEN!
    11. Under ‘Resources’ on the left, click on ‘Customer Secret Keys’
    12. Click ‘Generate Secret Key’. Call it whatever you like.
    13. SAVE A COPY OF THE SECRET KEY
  8. That was a perfectly reasonable process, wasn’t it?
  9. When you set up your OCI account, you should have selected a region for your service. Make sure you know what your region is called. It’s listed as ‘Region’ in your compute instance details. Mine is ap-melbourne-1
  10. In your Mastodon server’s .env.production, you will see a bunch of commented-out “S3_…” parameters. When you’re finished editing them, they will look something like this:
    S3_ENABLED=true
    S3_ENDPOINT=https://<your bucket namespace>.compat.objectstorage.<your region>.oraclecloud.com
    S3_PROTOCOL=https
    S3_BUCKET=mastodon
    S3_HOSTNAME=<your bucket namespace>.compat.objectstorage.<your region>.oraclecloud.com
    AWS_ACCESS_KEY_ID=<your auth token>
    AWS_SECRET_ACCESS_KEY=<your secret key>
    S3_ALIAS_HOST=<your media proxy subdomain>
  11. Set up your nginx object storage proxy as documented here, but user the pre-approved request URL you generated earlier here:
    set $s3_backend ‘https://objectstorage.<your region>.oraclecloud.com/p/<your secret magic here>/o’;
    IMPORTANT NOTE: There is no trailing slash after the last ‘o’. If you include the slash, things will break in ways that take a lot of time and sanity to debug. Don’t ask me how I know.

That’s it. If this doesn’t make sense, or doesn’t work for you, or if you just need more detail on some aspect of this, please leave a comment or message me at @thorne and I will do what I have time and spoons for.

Good luck!

28 years later

Tron: 1982

  •  I am 7 years old.
  •  The dawn of personal computing. For the first time, individuals have computers.
  •  Computing is nerdy, specialised. Arcade Computer Games are new and cool.
  •  Life inside the computer is depicted as banal, office-like, yearning to be real.
  •  Clumsy special effects pretend to be too-expensive computer effects.
  •  Completely unique film stock is created to make the film effects possible.
  •  Huge solid sets are painstakingly built and painted to look surreal.
  •  Real actors are clad in suits to make them look unnatural.

Legacy: 2010

  • I am 35 years old.
  • The internet is an inextricable part of life for most of the world.
  • Computing is everywhere, in everything. It’s uncool to not be a nerd.
  • Life inside the computer is depicted as impossibly cool. It mocks the real world.
  • Computer effects are trivial and cheap.
  • No physical film is ever exposed.
  • Hardly any physical sets are even built.
  • The central villain is a flawless digital emulation of Jeff Bridges of 1982.

This is what it must feel like to live through epochal change.

A Response to Doctorow’s ‘Outquisition’

This is all about a particular BoingBoing post which I found particularly irritating. I would have posted something in the comments, or on the site itself, but in either case:

  1. I don’t fancy debating this with some of the more extreme foam-lipped loons who seem to inhabit either forum.
  2. The sheer volume of commentary in either forum would drown me out (yeah, I’m a selfish egoist; this is my blog.) and I shake with fear at the thought of the tsunami of follow-on emails.

So:

The Outquisition idea glosses over a lot of intractable real-world economic and social problems, and, as many, many commenters observed, is vastly arrogant in its assumptions about ‘knowing better’ than everyone else.

A more honest, somewhat less arrogant take would be to create a ‘technology evangelism movement’.
This leaves out the naive and pompous idea that new technology can solve everyone’s problems, or that blogging tech-groupies are somehow smarter than everyone else.

Instead, it focuses on the traditional role of the religious missionary: to take some dogma and shiny beads and go use the beads to spread the infectious memes, even (especially?) where they’re not currently wanted or needed. The engadget/BB-gadgets crowd already do this without really thinking about it.

Consider, if you will, a yuppie with a new iPhone, traveling out of his trendy urban home to visit his parents and their friends, trumpeting the virtues of his new toy from the rooftops at every opportunity. The yuppie can list a dozen reasons why an iPhone will change your life and solve all your problems, and he has the technological shiny-beads to dazzle his listeners with.

The dynamic is just the same: the new dogma brings with it a world of complication and ritual which ultimately costs the new converts more than it gives them, destroys their existing skill-sets, culture and traditions, and leaves the newcomers as second-class citizens in the promised land anyway. Those who refuse to adopt the new ways are abandoned, spurned.
The new community absorbs things like access to work and traditional support networks, leaving the outsiders to fend for themselves, often effectively driving them out of town.

To be fair, I would have to point out that I am a devout follower of the cult of tech. As a sysadmin I may even qualify as some kind of clergy. I draw the line, however, at gratuitous evangelism. I find the idea of missionary crusades downright offensive.

This kind of evangelism smacks of insecurity, a desperation to thrust ones own interests on the world and make them mainstream, thus avoiding the question of whether they have any merit.

Just because I’m into it doesn’t make it right.

A misbegotten meme?

I was about to post a follow on from Mododrum’s latest infectious meme, but I always like to adorn my blog posts with links, especially where making any categorical statement of an even semi-official nature. For example:

“The Big Read reckons that the average adult has only read 6 of the top 100 books they’ve printed.”

This particular statement seems to be repeated on a number of personal blogs, all without a link to any original statement to this effect (-that I can find… if you find one, please, comment, and I will update this post). Several people attribute this to the US-government National Endowment for the Arts The Big Read program, an obvious result from a Google search for “The Big Read”.

Not only does the NEA site make no mention of this choice statistic, it also lacks the associated reading list, or any vaguely similar list of 100 books.

The BBC Big Read, on the other hand, does have a similar but not identical list.

In fact, there are some very odd things wrong with the list which accompanies this meme:

  • As Mododrum observes, the list features Chronicles of Narnia – CS Lewis
    and The Lion, The Witch and The Wardrobe – CS Lewis.
  • It lists both Complete Works of Shakespeare and Hamlet – William Shakespeare.

It appears that I’m not the only person to have noticed the oddness of this meme.

In the end, while I hate to be a wet-blanket on such a fun meme, I think I will decline to post my own response to it. Sawry. 🙁

Geocaching for Nokia Symbian phones!

This post has been a long long looooong (longcat) time in the making.

I tried a vast multitude of Symbian GPS tools. I found a plethora of mapping tools which don’t quite do the job. I found tools which do the caching part, but not the GPS part. I spent numerous futile dollars on tools which are actually long dead and utterly unsupported ‘ghost-town-projects’. I even began writing my own J2ME tool, with frequent pauses to despair at the grotesque complexities involved.

Compass Rose

Finally though, I came back to a tool I had seen before, and ogled from afar: It was only available for phones on US networks Sprint, SouthernLINC, Nextel and Boost Mobile, at the time. Now though, it is free for Series 60 – 3rd-edition Nokia phones, such as mine!

And lo, it is everything I could hope for: you put your details in, link it to your geocaching.com account, and say ‘show me the nearest ten geocaches’, and it does. 🙂

The only tiny hitch I would war of (so far) is for those who, like me, have a compatible phone with no GPS built in: the ‘download directly to phone’ mechanism won’t work for you; it will spuriously say ‘unsupported device’ or some such. You will need to download the app to your PC and install it to the phone from there.

It’s quiet because I’m on holidays

…and I typically can’t be bothered blogging, as it involves using a computer, using my brain, and giving a stuff.

Also, blogging is easier when your computer works. Mine has decided to become unbootable for the second time in as many weeks, and in the same way as last time, so I am ignoring it, as the process of diagnosing and fixing it reminds me uncomfortably of work.

I still have this laptop, but it’s uncomfortable, and it reminds me even more strongly of work, so I may not touch it much either.

I may blog again between now and 2008, but don’t count on it.

p.s. On a completely unrelated note, I just want to say that desperate, failed, elitist neurotics like Andrew Keen and statistically uninformed doom-criers like Doris Lessing can, how shall I put this most succinctly, go fuck themselves.

Prettified, Unified, Gnarlified

Those who check here with any regularity will notice that things have changed lately:

  • First, I updated WordPress MU to the latest version, thereby bringing a number of WordPress 2.0-isms into availability.
  • This broke about 2/3 of my existing themes for some reason, including the ‘grass roots‘ one I was using, so I failed back to the default WPMU theme for a few weeks.
  • As a result, my duplicator script, which makes this blog page appear in similar form on my homepage, broke.
  • I was already cranky about the ugliness of the code underlying my old homepage, so I duplicated all the sub-pages off it here, in WordPress, and put up a ‘nobody home!’ message on the old page.
  • I wasn’t totally happy with the default theme either, so I downloaded K2, and went a little bit mad playing with the infinite variety of customizable gadgets.

Now, as you can see, this page looks far more like a page where someone actually lives. 🙂

Next, I intend to diddle Apache into displaying the same page at /~thorin/ and /blog/thorin/ (just for me, although if other people turn out to want it, it can be copied).
O ye who have blogs here (or want a blog here), be advised that if you want the full scope of K2 magic for your own blog, ask me. It is not 100% automatic, owing to the nature of WPMU.

I do wibble, quietly to myself about the sheer colossal mass of code that now underlies this page, but hey, it doesn’t seem to have hurt performance. YMMV. Please complain if it’s bad for you…

Transhuman medicine

Follow-on from yesterday’s post led me to read today, at lunch-time, about Democratic Transhumanism, a disturbing name for a political label which I suspect I might actually like to adopt. The idea that we can just plain outsmart our own limitations is one very dear to me, one that seems self-evident to me from the shape of human technological history.

With this roiling about in my head, I take an end-of-day glance at ye-olde bucket-O-morons, Slashdot, and find a link to this article.

DNA vaccine could help MS sufferers: study

The cause (of Multiple Sclerosis) is unknown, but evidence suggests the immune system of MS patients attacks the myelin that covers and protects nerve cells in the brain and spinal cord.”

“(The Vaccine) incorporates the DNA sequence of myelin basic protein into cells, which then start to make the protein.

Say what?!? If I understand this correctly, there’s a disease where sub-part X of body-part Y breaks down and goes away… so we engineer a vaccine which introduces DNA into body-part Y which enables it to re-grow sub-part X. HOLY FARK!

Needless to say, this strikes me as pretty frickin’ “transhuman”.

Environmentalism, Space and The Spin-Doctor

I generally avoid environmentalism as an issue on my blog because I fear the power of fatigue and denial: Everyone in the world who hasn’t been living in a skinner box for the past thirty to sixty years is suffering from some kind of fatigue and living in some level of denial about sustainability, pollution, global warming and the mind-buggeringly vast array of potential issues that flock with them. You think you’re not fatigued by them or in denial about them? Convince me that your whole life really is zero-impact then, go on. Convince me that you still stop and read every piece of news you can get your hands on regarding global warming (to pick one single issue) and the political machinations that go with it. Then, having done that, tell me how your plans take into account the actions of the rest of humanity in order to guarantee a safe and happy future for yourself.

The fatigue and denial are natural things. It makes me a little sad to see people like Jeremy Clarkson becoming actively hostile in their denial, but it doesn’t surprise me, and I don’t hold it against him: This kind of reaction is inevitable.

I would usually like to think of myself as an environmentalist (to some extent) and a communist (likewise), but readers will note that this blog has a marked lack of references to The Revolution or The People (except in jest). This is because, while I think Communism is an archetype of the ideal government, I fail to see:

  • A practical way to get there from here, right now.
  • A complete or consistent model for how it’s going to be made practical.
  • A sufficiently large or urgent demand for radical change.

Instead, I have leanings: I like to encourage communal organizations and economic structures where they crop up. I am always careful to vote with socialist leanings in mind. I try to foster an interest in others in concepts like how industrialization makes the agrarian work-ethic increasingly inappropriate. I frequently tout Iain M Banks’ “Culture” novels (or Ursula Le Guin) to friends. 🙂 I avoid even mentioning the strong left-wing papers or classic Communist writers for the same reason that sane modern Chrisitians don’t like to talk about Jack Chick or carry a bible for the purpose of quoting it. Why is it, do you think, that in a world where open-source software is a vast and growing industry, so fe people know or care about Richard Stallman and the FSF, who arguably started it all? People get tired. People especially get tired of being told that their hard work, their glories, their achievements and their luxuries, generally earned in good faith, are wrong and bad, and must be given up or undone. In fact, I think people get tired of being told that anything is bad and wrong in a generalised or dogmatic kind of way.

Wow! Long rant. Apologies for the fatigue, folks. 🙂

My point in all of this is that environmentalism, arguably one of the most important causes in human history, has really bad spin. I never really understood what spin was until I met my first expectation manager

Businesses that Sell something usually aim to achieve Customer Satisfaction. i.e. ensuring that the Quality of the Product meets The Customer’s Expectations. All the obvious parts (the parts any business wants us, the public to see) of said business are about ensuring the Quality of the Product. You know; making sure that the product lives up to expectations. The secret part is that this is a two-way process. Roles like Marketing and Sales are tinged with it, but only the role of Expectation Manager is really frank and honest about this part.

An Expectation Manager is someone who ensures that the buying public’s expectations are kept on a par with what the company actually makes. This is not about selling the product as the be-all and end all, but it’s not about negativity either. It’s about finding the strengths in what you have, and elaborating on them. The customer has never felt the need for a hard-drive in their pocket before, but having their own music collection to play wherever they go, that’s cool. How did they live without it?

So, how do we spin environmentalism? Same way you spin anything.
(warning: may contain traces of sarcasm)

  1. Environmentalism is not hard. It’s easy.
    (Marketing and Engineering can worry about making this true, or making it seem true).
  2. Environmentalism is not boring, sad, or angry. It’s fun.
    (State-of-mind stuff. Sell the whole package right, and it will be true).
  3. Environmentalism is not nerdy, fringe or elitist. It’s cool.
    (Say it loud enough, often enough and it becomes true. Brainwashing is your friend).

As long as Environmentalism takes the form of trying to punish the naughty consumers for buying stuff and using stuff, to berate the naughty companies for making a (profitable) mess, it will continue to have all the sex-appeal of a jail term. To sell it, it has to be a positive thing. It has to look easy, fun, and worthwhile. I’m not being defeatist or cynical about this: maybe mankind does possess enough wit to react intelligently to a threat like global warming, maybe it doesn’t. The odds are that such a reaction will be late, half-hearted, and involve euqal parts bitterness and suffering. For certain though, humanity knows how to follow trends and learn new tricks. We know how to rise to technical challenges, to manage impossibly expensive things like the space race. We know how to suddenly start using radios… and telephones… and TVs… and mobile phones… and eBay… and iPhones… and… and…

Environmentalism (maybe under an assumed name, the old one has cooties) just needs to be the next killer product, or products. How? That’s engineering’s problem. 🙂

For example, we could be Colonizing Planet Earth.

Oooh. I ranted. Sawry…