Category Archives: technical

Have your Mastodon and Eat It Too, for free

Posted on by
Reply

HOW TO HOST A LARGE MASTODON SERVER VERY CHEAPLY ON ORACLE CLOUD INFRASTRUCTURE

This is a how-to article. It assumes a basic level of Linux proficiency and skims over a lot of details. If there is a ton of popular request, I may come back and fill in more of those details.

Mastodon, the open source social network software, is a bit resource-hungry. In particular, it wants a fair bit of memory in order to run stably, and it likes to cache an insane volume of media (hundreds of gigabytes is a reasonable expectation).

Fortunately, as of 2022, cloud hosting providers are so desperate to get you onto their service that they are competitively giving away free server capacity, storage and bandwidth.

As a former employee at Oracle, I am happy to use their cloud offering, and that’s what this howto is about. I’m fully aware that not everyone trusts Big Red, and all I can say on the matter is that USB disks are cheap and secure offsite backups are your friend.

At time of writing, the Oracle Cloud free tier includes free Ampere (ARM64) VMs with four whole CPUs and a massive 24GB of RAM. This is where I recommend you put your Mastodon instance and associated database. You can also use the (much smaller) AMD64 parts of the cloud, but I keep those for things like my mail server and this blog.

I’m going to assume you’re comfortable installing and configuring your preferred Linux distro on your cloud VM(s).

The setup instructions at joinmastodon.org are clear, if a bit terse, so I’m going to assume that you can follow those too.

The key missing piece is the object storage. OCI free tier doesn’t include enough disk space for you to just keep your instance’s media cache in the server’s filesystem, and the cost of using normal block storage would be prohibitive, not to mention quite slow.

The answer is in Mastodon’s (very poorly documented) Amazon S3 block storage functionality.

  1. On your Oracle Cloud Infrastructure management page, go to Storage -> Object Storage & Archive Storage -> Buckets
  2. Click on ‘Create Bucket’ and name the bucket –
    1. I named mine after my instance domains, since I have more than one instance.
    2. I have enabled Auto Tiering in the hope of saving some money, although it may have no effect due to Mastodon’s cache TTL.
    3. I left “Encrypt using Oracle managed keys” at the default value.
    4. Leave your bucket visibility at ‘Private’ or this will impact the security of your instance.
    5. Click “Create”
    6. Take a copy of the ‘Namespace’ text for your new bucket.
  3. Under ‘Resources’ on the left, select “Pre-Authenticated Requests”.
    1. Leave the permissions at ‘Bucket’ and ‘Permit object reads’ – this special URL will be used by nginx to serve up the media in your bucket, so it only needs to be read-only.
    2. Select ‘enable object listing’
    3. This is very annoying: Oracle require these links to have an expiry date, and you can’t just type in a new date. You need to open up the date chooser and start clicking. I clicked through to the year 2100. You may have more or less patience than I do.
    4. Click “Create Pre-Authenticated Request”
    5. Copy the URL for the pre-authenticated request and SAVE IT SOMEWHERE!
  4. Now we play the long-and-tedious Oracle Cloud security game. Brace yourself.
  5. Open up the main menu again and select “Identity and Security”
    1. Under ‘Identity’ select ‘Groups’
    2. Click on ‘Create Group’
    3. Name your group whatever you like. Mine is called ‘Mastodon’ because I’m so creative.
    4. Click on ‘Create’
  6. Open up the main menu again and select “Identity and Security”
    1. Under ‘Identity’ select ‘Policies’
    2. Click ‘Create Policy’
    3. Name the policy something like ‘mastodon-bucket-policy’
    4. Under Policy Builder select ‘Show manual editor’
    5. In the manual editor box, paste this text (with your Mastodon group name): 
      Allow group Mastodon to manage buckets in tenancy
Allow group Mastodon to manage objects in tenancy

      Obviously these permissions are far more than is required, but I can at least confirm that they work. If you know this tool better than me and you can suggest a more reasonable set of permissions, please let me know.

    6. Click on ‘Create’
  7. Open up the main menu again and select “Identity and Security”
    1. Under ‘Identity’ select ‘Users’
    2. Click on ‘Create User’
    3. Select ‘IAM User’
    4. I called my user ‘Mastodon’ and am using the same user for both Instances / both Buckets. Fill in whatever details you like here.
    5. In the new user, click ‘Add User to Group’
    6. Select the group you created above
    7. Click ‘Add’
    8. Under ‘Resources’ on the left, click on ‘Auth Tokens’
    9. Click ‘Generate Token’. Call it whatever you like.
    10. SAVE A COPY OF THE TOKEN!
    11. Under ‘Resources’ on the left, click on ‘Customer Secret Keys’
    12. Click ‘Generate Secret Key’. Call it whatever you like.
    13. SAVE A COPY OF THE SECRET KEY
  8. That was a perfectly reasonable process, wasn’t it?
  9. When you set up your OCI account, you should have selected a region for your service. Make sure you know what your region is called. It’s listed as ‘Region’ in your compute instance details. Mine is ap-melbourne-1
  10. In your Mastodon server’s .env.production, you will see a bunch of commented-out “S3_…” parameters. When you’re finished editing them, they will look something like this: 
    S3_ENABLED=true
S3_ENDPOINT=https://<your bucket namespace>.compat.objectstorage.<your region>.oraclecloud.com
S3_PROTOCOL=https
S3_BUCKET=mastodon
S3_HOSTNAME=<your bucket namespace>.compat.objectstorage.<your region>.oraclecloud.com
AWS_ACCESS_KEY_ID=<your auth token>
AWS_SECRET_ACCESS_KEY=<your secret key>
S3_ALIAS_HOST=<your media proxy subdomain>
  11. Set up your nginx object storage proxy as documented here, but user the pre-approved request URL you generated earlier here:
    set $s3_backend ‘https://objectstorage.<your region>.oraclecloud.com/p/<your secret magic here>/o’;
    IMPORTANT NOTE: There is no trailing slash after the last ‘o’. If you include the slash, things will break in ways that take a lot of time and sanity to debug. Don’t ask me how I know.

That’s it. If this doesn’t make sense, or doesn’t work for you, or if you just need more detail on some aspect of this, please leave a comment or message me at @thorne and I will do what I have time and spoons for.

Good luck!

Less than zero

Posted on by
Reply

IT Managers, if you learn nothing else in your entire career, learn this:

An unskilled programmer is radically worse than none at all.

A programmer with twice the skills of another will probably get TEN TIMES AS MUCH DONE!

Even with good programmers, adding people to a project doesn’t always help, and it can harm. A lot.

That’s all.

Learn only this, and in my experience, you will already be a better-than-average IT manager.

Geocaching for Nokia Symbian phones!

Posted on by
Reply

This post has been a long long looooong (longcat) time in the making.

I tried a vast multitude of Symbian GPS tools. I found a plethora of mapping tools which don’t quite do the job. I found tools which do the caching part, but not the GPS part. I spent numerous futile dollars on tools which are actually long dead and utterly unsupported ‘ghost-town-projects’. I even began writing my own J2ME tool, with frequent pauses to despair at the grotesque complexities involved.

Compass Rose

Finally though, I came back to a tool I had seen before, and ogled from afar: It was only available for phones on US networks Sprint, SouthernLINC, Nextel and Boost Mobile, at the time. Now though, it is free for Series 60 – 3rd-edition Nokia phones, such as mine!

And lo, it is everything I could hope for: you put your details in, link it to your geocaching.com account, and say ‘show me the nearest ten geocaches’, and it does. 🙂

The only tiny hitch I would war of (so far) is for those who, like me, have a compatible phone with no GPS built in: the ‘download directly to phone’ mechanism won’t work for you; it will spuriously say ‘unsupported device’ or some such. You will need to download the app to your PC and install it to the phone from there.

Laptop convergence idea

Posted on by
1

On a very geeky note, I have been following a number of rather cool new trends in laptop, phone, PMP and PDA design in the last year or so: tiny laptops, cheap laptops, highly sophisticated smartphones, crazy UMPC/PDA crossovers, the relentless rise of increasingly huge Solid-State-Disks, and, of course, the whole iPhone thing.

Just this morning it struck me that there’s a relatively simple way in which one could combine all of these things!

If your modern laptop is going to have a touchpad, a solid-state-disk and a comprehensive set of radio comms gear (wifi/mobile broadband/bluetooth) and so is your uber-phone-PDA, why would you need more than one of each of these things? They’re all relatively expensive bits of electronic kit, you can only use one at a time, and there’s a bunch of very strong reasons why the data in particular should be shared: keeping your music, your calendar, email, etc. in sync between your PC and your PDA is a pain, so why not just have one copy?

Briefly, the idea is to plug your iPhone-like PDA into a hole in front of the keyboard in your otherwise hard-drive-less, radio-less laptop.

When unplugged, your PDA runs some dinky little PDA OS on the same disk you run your laptop from, using the same organizer database, email storage, web-browser cache, contacts database, etc. When you plug it in, the PDA becomes a rather nifty touchscreen with built-in second display. The disk hooks up and boots into your real OS, or restores it from a sleep-state, or whatever. It runs and recharges off the great big battery in your laptop, provides all the wireless comms functions for your laptop, and so on.

Problems:

  • There is some serious software development to be done for an idea like this, but the hardware is patently already with us, but for a little matter of chassis-fabrication and one hell of a docking-plug-connector.
  • The release which disconnects the PDA from the laptop chassis is going to need some manner of software-controlled lock, to ensure that the ‘big’ OS can suspend or shut down before handing over to the PDA. Likewise, the PDA OS will have to have control after it’s plugged in, to get itself packed away before the ‘big’ OS takes over.

Benefits:

  • Only paying for one SSD means you can afford to have a much larger chunk of storage in the first place. I like the idea of my cameraphone having a fast 120GB+ disk in it.
  • Your PDA can plug into more than one chassis! You can plug it into your laptop at work, into a PDA-slot on your desktop PC at home, your friend’s PC at their place, and so on. You carry the canonical copy of all of your data with you wherever you go, and access it at full fast-disk speed.
  • You only need one account/ID with all your various communications providers. One 3G data account for your PC, your PDA and your phone. One wifi-MAC address for your laptop and PDA. One bluetooth device ID to bond your headset to.
  • Your laptop gains a snazzy new UI device, a big (multi-touch?) touchscreen.

I would so buy such a device!

disclaimer: I lay absolutely no claim to this idea whatsoever. If you like it, I wholeheartedly assign all rights to you, go nuts, patent it, call it yours, whatever, I don’t care.

…CHANGE THE WORLD…

Posted on by
6

Screen-capture from YouTube: Google Tech TalksI am frequently guilty of ranting, panic, and gross hyperbole on this blog. I get carried away with some ideas, especially political ones, and make a bigger noise than is in any way warranted. I’m not sorry: This is my blog and I’ll rant if I want to, because it’s fun.

In my opinion, this post is not hyperbole and not a rant:

In my considered opinion, I honestly believe that I have just watched the dawn of a new age.

WARNING: This video is blurry footage of a wizened old physicist with lots of charts and diagrams and high-energy-physics jargon. If you’re not into the physics (which are seriously funky if you are into that kind of thing) then the ramifications of this system are beautifully summed up in the ten minutes from 59:30 to 1:10:00, and the practical considerations and somewhat embarrassing politics of the matter are well discussed in the questions after 1:10:00.

For those disinclined or unable to do the streaming-video thing for ten minutes, I would sum it up thus:

Dr Robert Bussard’s research group have been looking at a lateral approach to the magnetically confined fusion problem for the past eleven years. They have been doing this in a DARPA-funded laborotory in relative secrecy because their approach is practical, feasible and relatively cheap, making it anathema to the dual vested interests of conventional Tokamak-based fusion research and fossil-fuel economics.

Their system uses a spherical magnetic containment field to produce a clean (radiation free) fusion reaction, without molten lithium or multi-billion dollar building-sized toroids.

The important point of the video is that they’ve already done it. They made it work in a machine the size of a domestic oven, on a shoestring budget, with a team of five people.

Some weeks ago, when I started reading Wizard: The Life and Times of Nikola Tesla I was struck by the attitude of the great minds of the time, one which saw physical science as malleable and controllable, a field in which one brilliant idea in one ordinary human mind in one brief human lifetime could reshape the world.
This attitude, I recall saying to PFH at the time, is something which seems to be missing in modern science: That kind of glory is seen as being firmly beyond the reach of individuals, or even individual research groups. Everything is to be refined and tested in infinitesimal steps, and there will never be another great revolution like Tesla’s AC power system, or so our scientific community is expected to believe.

Seeing this talk has convinced me that I was wrong, or at least partly wrong. A lot of Dr. Bussard’s concluding comments say exactly the same thing: he’s been closeted with his research group behind closed doors for eleven years, and now it’s very rare to find anyone experienced in this kind of science.

I was wrong though, because Bussard and his team exist. As he says during the questions, somewhere, somehow, the concluding research is being done. A viable fusion power source is being perfected, and I will probably live to see it come to fruition.

It’s hard to be calm in the face of such things.

A spot of idle futurism

Posted on by
3

There’s a lot of speculation on the net, all the time these days, about the Next Big Gadget. People seem to be constantly photoshopping up new fake images of the next model of iPod as they want everyone else to believe it will look.

I am not immune to this: I still occasionally sit down and try to work up a plausible design for an unobtrusive, powerful, useable wearable computer. I also ponder the profusion of technologies like the iPhone’s screen or the latest stab at stylus-based input, and think to myself: what is the ideal handheld interface, anyway?

Today though, a news article about a display that functions as an image sensor, courtesy of Slashdot, has collided with something I remember reading a long time ago, about flat, lensless 3D image-capture devices, and a real, marketed 3D display technology I’ve seen more recently.

The collision of ideas is obvious if you think about it:

  • A possible future iPhone, courtesy of the gimp, CC, and flickrThe camera on your camera phone mostly captures images for transmission and/or electronic display, even if you don’t have a videophone.
  • Transmission of images is helped by good compression. One such method of transmission (presently infeasible) would be to break a real-world image down into a 3D mesh or similar abstract vector-based model. If I understand the ScienceDaily article aright, this is precisely the kind of data that your lensless camera gives you first! Making that into a 2D image would take work, but why bother if your display is 3D anyway?
  • A common way to look at those images, especially on a videophone, is on the screen of the same, or another such phone.

The potential phone-of-the-future that this presents is really obvious: It looks just like an iPhone; a flat little tablet with a screen covering its entire surface, except that there’s no little port for a camera on this one, the screen is the camera. So long as phones continue to be used as cameras as well, there will probably be a screen/camera on both sides of your future-phone. If you like, the screen on the back can display a precise 3D rendition of your head when you hold it up to your ear, so that it looks transparent. In fact, why not do that all the time, so that the phone always looks transparent? Take that Aqua! To take a photo you just hold up your empty phone-frame, and press the button on the side…

And that’s just a nifty side-effect. The main reason for doing this would be the 3D video-phone functionality! Not to mention crazy little tricks like each surface being an image scanner. You want to show someone an article you’re reading, or save it for later? You don’t need to line up a photo of it and hope your camera resolution doesn’t give you blurry text, you just slide the phone over the page. Either way up, it doesn’t matter.

This is, of course, wild speculation, as these things always are. I can think of half a dozen reasons why this might not work as suggested just off the top of my head.

That’s not to say I wouldn’t buy one if someone were to build it. 🙂

Prettified, Unified, Gnarlified

Posted on by
Reply

Those who check here with any regularity will notice that things have changed lately:

  • First, I updated WordPress MU to the latest version, thereby bringing a number of WordPress 2.0-isms into availability.
  • This broke about 2/3 of my existing themes for some reason, including the ‘grass roots‘ one I was using, so I failed back to the default WPMU theme for a few weeks.
  • As a result, my duplicator script, which makes this blog page appear in similar form on my homepage, broke.
  • I was already cranky about the ugliness of the code underlying my old homepage, so I duplicated all the sub-pages off it here, in WordPress, and put up a ‘nobody home!’ message on the old page.
  • I wasn’t totally happy with the default theme either, so I downloaded K2, and went a little bit mad playing with the infinite variety of customizable gadgets.

Now, as you can see, this page looks far more like a page where someone actually lives. 🙂

Next, I intend to diddle Apache into displaying the same page at /~thorin/ and /blog/thorin/ (just for me, although if other people turn out to want it, it can be copied).
O ye who have blogs here (or want a blog here), be advised that if you want the full scope of K2 magic for your own blog, ask me. It is not 100% automatic, owing to the nature of WPMU.

I do wibble, quietly to myself about the sheer colossal mass of code that now underlies this page, but hey, it doesn’t seem to have hurt performance. YMMV. Please complain if it’s bad for you…

Word Pressure

Posted on by
Reply

A word of apology: if anyone’s wondering why my blog looks odd at present, it’s because my former favourite wordpress theme, ‘Benevolence’ died when I upgraded WPMU, and I cannot find a new up-to-date copy of it, so I have reverted back to the default for now.

I have a long-standing to-do to help E brighten up her wordpress theme, so there is a bit of work to be done. If anyone has WordPress (especially WPMU) theming expertise they would like to contribute, please comment or mail me or sumfin’.

Kthxbye 🙂