🇨🇦

  • 10 Posts
  • 321 Comments
Joined 3 years ago
cake
Cake day: July 1st, 2023

help-circle
  • Fair points.

    I’ve been lucky enough to have never been behind cgnat, so I keep forgetting about it.


    My bigger concern with tailscale is being required to install software on the client. Not every device I use, I have permission to install a vpn client, nor would I want to.

    For example, I have a fileshare using Filebrowser where I store work related files that I don’t want to loose access to or need access to from multiple machines (non proprietary info, stuff IT/MGT wouldnt get mad at me for ofc. I’ve actually cleared it with my managers, so no worries). That’s also a handy way to (temporarily) share large files with people or provide a way for friends to upload large files to me.

    I also like to access my emby server (using sufficiently limited accounts), from things like the TV in the work break room, or a friends PC while I’m visiting.

    Tailscale is a hurdle that I just don’t need/want.



  • You don’t need a static IP, you just have to keep track of what your current dynamic IP is.

    You can do this with either a free or a paid DNS service.

    There are a few different ‘free dns’ services that will delegate a subdomain of theirs to you at no cost. Admittedly, I’ve never actually used one of these so their names escape me. Hopefully someone else can point one of those out if that’s what you really want.


    I purchased a domain via google domains, when they existed. It’s now transferred to squarespace, because they bought out google domains a few years ago.

    It was around $13/year when I first got it a decade ago. It’s now around $28/year.

    This allows me full control over the domain: I can use as many subdomains as I want to give each service I use it’s own unique name. (Instead of using their own separate ports that you’ve gotta remember) My domain will also forward all inbound email to my gmail account; this lets me use email addresses like <servicename>@mydomain.example. This way, I don’t share my real email and can immediately tell who sold my info to the highest bidder when I get spam. (I could also host my own email service if I really wanted, but I haven’t bothered)

    Add Cloudflare ontop (for free); and it can filter out known attacks, ddos attempts, geofence your services to regions you’ll actually be in, provide/autorenew ssl certs for https, show you usage analytics, cache static data reducing server/network load, etc.

    Ultimately, the paid option is well worth it IMO. $2/month (which I typically pay in 3-10 year blocks) is hardly anything.

    /edit; vpns are good and all, but they require you to setup software on the remote device to connect to it, and that typically routes most if not all your traffic back to the vpn server then out to the internet. That can create speed/bandwidth issues.

    A domain allows you to access your services from any Internet connection with 0 configuration on the client side. Just accessing it like any other website.

    I also host a vpn directly from my network, that I access/find via my domain. This means I’m not dependent on a public service like tailscale, but can still add additional security to access private only services (stuff I don’t expose to the open internet)



  • If I hit somebody that steps into the street then it’s my fault no matter what.

    This is not at all true. If someone steps out in front of you with little or no time for you to react, they’re just as much at fault. It will be much easier to argue that you’re to blame, when you’ve intentionally disabled the saftey device that would have alerted them to your presence though.

    Even if it was true however: Just because it would be your fault doesn’t mean you should increase the chances of it happening.

    Besides, most people wear earbuds when walking around town.

    This is entirely your own false perception. Many if not most people don’t wear headphones near traffic, or at least only wear one, so that they can still hear their suroundings.

    Regardless; Some people choosing to blockout sounds is no excuse for you putting everyone else in danger.


    You should fix this, or you should be cited for willful public endangerment and the vehicle towed+impounded.


  • Thought the same thing.

    the aircraft appeared to suffer damage before plunging vertically to the ground.

    Half the jumpers were students, the other half teachers. With the plane going straight down, maybe they couldn’t get away from it if they had jumped. Plus, they wouldn’t have been ready to jump yet (they’d be expecting that part to come later), so probably not attached together (tandem jumps I’d guess, being 50/50 students/teachers) with the doors open, combined with chaos and panic of the plane going down…

    Whatever the damage was, could have shook the craft disorienting/destabilising those inside as well.

    Just not enough info yet really.


  • https://en.wikipedia.org/wiki/Network_address_translation#NAT_hairpinning

    TL;DR Your router sees you trying to reach your external address and routes the connection back to your LAN without leaving the network.

    This does still depend on a functional internet connection however, as your client gets your public IP from a public DNS server over the Internet.

    If you were to run a DNS server locally (I use pihole for this), you could have that DNS respond with your local IP, allowing clients within your LAN to resolve the name without needing to reach out to public DNS. This means your local connections will still work when your internet is down; it also provides more privacy by keeping those requests local and can let you make local-only names that aren’t publicly listed.

    Of the ~28 FQDNs in my setup, only 4 are public. The rest is local/vpn only and not publicly listed due the above. The reverse proxy then drops all connections that don’t use one of those recognised names, before even completing the TLS handshake. (So direct connections from someone port scanning my IP or using a domain name someone else has pointed at my IP are completely ignored/dropped without response. The server doesn’t even send the TLS cert so as to not expose the names defined in it.)




  • I try to be in the habit of making a full image onto a demonstrably working spare card every couple weeks.

    That’s a whole lot of writing to an sd card, wearing it out. It may fail by the time you want to read it. You also destroy each previous backup by creating a new one.

    Each of my rpis backup to my main server nightly using dd via ssh. The server then keeps historical backups of those .img files via Borg so I can pull any version from any day of the last year or so.


  • I use Emby instead of Plex or Jellyfin; mostly because it has an Xbox client, and I’ve already got a lifetime licence. One of my most active users only watches via Xbox.

    Really don’t like Plexs centralised user system or the overall direction they’ve been headed for years, so I moved away from that long ago (8+ years ago at least). Jellyfin wasn’t up to par at the time (though they’ve made leaps and bounds of progress in that time), and Emby has always supported more types of devices\clients. Their device limit (the client count limit with premeir) has never come into play for me, but I know there are larger user bases out there where that is a problem.

    Embys development is extremely slow though, taking YEARS to implement simple features or even address major concerns. Plus their support sucks without the community stepping in and providing it on behalf of the staff. Luke (the main dev) is better at copy+pasting candid responses than he is at actually interacting with human beings.










  • Darkassassin07@lemmy.catoAsklemmy@lemmy.ml*Permanently Deleted*
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    1
    ·
    edit-2
    2 months ago

    Pihole is a self-hosted DNS server that filters out domains that serve ads, as well as malware and tracking domains. When clients try to access a blocked domain, the DNS request fails, so the client doesn’t know where to connect and the ads/malware simply fail to load, while the rest of the game/webpage loads just fine.

    Highly customizable, either manually or with various online lists of known domains. It’s also a handy tool to create local-only domain names for accessing your own self-hosted services.

    Alternatively there’s Adguard or Nextdns; public dns servers that perform a similar function, but give you much less control over what is or isn’t blocked.