Even then, that's only immutable for the workflow config. Many workflows then go on to pull in mutable inputs downstream (eg: default to "latest" version).

If only they offered dedicated in the US.

There are plenty of other dedicated server providers that do.

Which comparable US dedicated server providers do you prefer?

I tend to mostly use dedicated servers from Hetzner for my own projects and for my client's projects. Whenever they explicitly want US servers, I tend to go with Vultr's dedicated servers which been serving us well for many years.

OVH has dedicated in USA and Canada

I've read several reports from customers saying that their customer service is really bad. Difficult to know with online reviews of course. Does anyone have positive stories to share? I am looking at Australian hosts specifically and Hetzner doesn't have any data centers here.

We use them heavily for test boxes and running experiments. Standard off-the-shelf machines are provisioned almost instantly, and never had any problems.

More custom stuff (eg 100Gb/s NICs) takes a bit longer, but they've always been super responsive and quick to sort out any issues!

The price / performance you get from something like their AX162 is just crazy, although unfortunately with the whole RAM / NVMe shortage the setup fee has gone up quite a lot.

Using them for production for years, never dissapointed.

What you should be aware of is their new exploration of s3 storage. I mean, the s3 works and everything but it's still too eaely - the servers are kind of slow and sometimes fail to upload/download. They are still tuning out the storage architecture. The api key management is kind of too primitive (although much more headache free than configuring aws), and the online file browser is lacking

But for vps servers - they are battletested veterans

No.

DNS literally would not work if they did that.

I can only comment about the one I work for, but yes. It's also discussed publicly to some degree.

https://cloud.google.com/blog/products/storage-data-transfer...

Cloud Flare supports ECH. https://developers.cloudflare.com/ssl/edge-certificates/ech/

Any examples of Cloudflare client websites that have enabled ECH

China blocks ECH.

do you have a reliable source for this claim?

China's use of SNI-based censorship is well-documented

For example, see

https://censorbib.nymity.ch/pdf/Niere2025a.pdf

China has blocked ESNI

https://gfw.report/blog/gfw_esni_blocking/en/

But SNI is not CH and ESNI is not ECH

Will China block ECH

ECH blocking has been detected in Russia

https://github.com/net4people/bbs/issues/417

According to Niere et al. (2025)

"Additionally, with the ECH extension not yet being widely used [17], [71] and focusing on privacy protection rather than censorship circumvention [60], it can be censored easily by blocking it entirely [14], [76]."

The paper describes various GFW bypass methods that currently work, including removing the SNI extension entirely

It does not mention anyone using ECH to bypass GFW

Perhaps it is too early to conclude "China blocks ECH" because ECH is not in widespread use

Yes, but SNI is not ECH.

> AFAIK the proprietary server can glean your IP, your phone number, who you talk to, and when you talk to them. This type of metadata is valuable information.

To the best of my knowledge, so can matrix.org or whatever servers you connect and federate to. This is required to route messages between users. What is your point?

OK now do a small hatchback.

No.

And every tutorial you could find on how to use PHP with a database was a tutorial on how to add SQL injection to your site.

That was the bigger problem, IMO, in that even once PDO existed and the MySQL extension was "fixed" to have prepared statements, so much of the documentation still did it wrong.

And yet similar classes of bugs still pops up today, even with what I would've assumed to be safe defaults? I'm guessing its non-standard databases or DB clients or something?

This case is more just a pure lack of sanitisation, but it's fascinating to see in 2025 still :)