We're ornery and we're cantankerous and we're contrary, and we're not yet too old to make a fuss. But we are old enough to have seen pretty much the entire computer revolution. Okay, yeah, we weren't there with Turing and von Neumann...but we were both using the internet and writing software before there were web pages. (Ahh, the good ol' days...before anyone had even dreamed of the horror that was to become javascript!)
And we don't like how it's gone, these past few decades. When tech was driven by ideas instead of dollars, we got the internet. And now that tech is driven by dollars instead of ideas, we get...facebook? (Or whatever equivalent is hot these days.) Everything is owned by the big N: all software, all devices, all "apps", all of our data. User experience is tailored to the lowest common denominator, because that's how you get market share.
So we're opting out -- as much as possible. And it's not easy: can you go a day without using something Google? But we've made great strides.
Our first big step was in 2022, when we acquired a Supermicro blade server. It has a dedicated gigabit fiber line, and we run our network servers using VirtualBox. Goodbye, AWS! This machine has already paid for itself in the money we've saved from reduced AWS/Azure fees.
The host server itself is running Windows, because it came that way -- but we've got the network configured in such a way that the Windows host is not capabable of connecting to the internet, only the hosted virtual machines. No Windows security issues, no patches, no fuss, no mess. The VMs are all imaged from a base Ubuntu setup, and they provide all our required git, web, development, and Pipes hosting.
The one thing we don't have in this configuration so far is failover -- although, we've been running for more than a year with zero downtime. Not a bad accomplishment, especially when you consider that the server lives off-the-grid, and is powered completely by solar! But in the near future, we do plan to add failover by adding one or two more blade servers in distinct physical locations.
For all of our collaboration needs, we require only one port on one VM to be open to the internet: the port that hosts our Pipes nodes. All network traffic is routed via pipes, which means we have an extremely good security posture for VM system. All Pipes traffic is encrypted via ClearCrypto protocols, which we've developed completely in-house: which means that attacks on standard protocols and implementations simply don't apply to us. A dedicated attacker may be able to DoS us, but we're convinced that the cost to hack or infiltrate our systems is easily in the millions of dollars. In the past, we've had servers inflitrated by botnets -- it's not fun. We now rest easy that our infrastructure is secure.
Source control: it's a sad state we're in, when most kids these days can't see any distinction between "github" and "git". We have a VM dedicated to hosting our git repo, with connections to it routed via Pipes. Local "webhooks" are used to provide notifications to our collaboration tool and links to our case management tool.
We've made great strides, but one of our biggest annoyances is that we still rely on Google Apps for email. We're gonna roll-our-own mail server one of these days...y'know, when there's not much else to do. And as R20S matures, we'll eventually be able to move our servers, and then our development laptops, over to R20S...
...and after that -- hmm, hardware?? :)