If you want DDoS protection you’re gonna need to work with someone who can swallow and filter a whole botnet’s worth of traffic and keep running. That takes some serious infrastructure.

I recommend Cloudflare for small businesses because their terms of service are actually decent, and blending their traffic into that stream makes their website indistinguishable from larger competition.

The next closest things are Pangolin (https://digpangolin.com/) and WireGuard. You’ll need to rent a server somewhere with a public-facing IP to run the server-side software (and DDoS protection is based on the services provided by your datacenter host). Pangolin has a UI similar to Cloudflare, but under the hood, it’s just Wireguard, so if you prefer more direct control, you can just set up a Wireguard tunnel by hand.

For myself, and my own needs, I don’t need all that. I just use DDNS* to point my DNS records to my home’s public ip address & use port forwarding to connect ports 80 & 443 to Nginx Proxy Manager. (When I add Anubis, I’ll port forward to Anubis and then have Anubis redirect valid traffic to Nginx Proxy Manager) This setup offers no protection against DDoS, but for what I use it for, I think it’s an acceptable risk (I’d either have to get someone’s attention and ire or just be cosmically unlucky)

*the server has a cron job to curl the DDNS refresh URL every hour.

Not really. Microsoft compiled a version of their OS for ARM devices - creatively named “Windows on ARM”, but on a Raspberry Pi I’d hardly describe the performance as “running” - walking/crawling would be more apt.

I still wouldn’t recommend it for business. Even when stable, the Arch philosophy is to empower the end user, whereas other distros like Ubuntu/RHEL are focused on getting stuff done. In 90% of situations the difference is immaterial. But if my client is angry and my boss is breathing down my neck, and I can’t work because a thing isn’t thing-a’lating, a support path is essential.

Raw spite. If you’re upset enough to build a whole LinkedIn profile, you’ve already mentally moved on to the next company.

You’re not wrong. And the line between evil and laziness here is too messy for me to sort out. We got into this mess because the internet was originally designed as a communication tool between business, university, and government. Specifically, Bell Labs connecting universities as part of the military project DARPA. Since they were connecting dozens of sites, the 4 billion addresses (2^32) seemed like plenty.

Skipping over dialup and forward to early broadband, the issue of the number of addresses problem was ‘solved’ by a clever firewall technique network address translation (NAT). It was adversited as a security feature, but it allowed ISPs to give one public IP per customer. This standardized things for them - they give you one IP and you multiplex it as you wish. However, since the average customer wanted a turnkey solution, the ISPs would then toss in the modem as a rental. (Also, as enshitification hit this rental modem started getting more user hostile.)

But at this point ISPs are engorged and lazy and redoing everything is a chore, so they got one IPv6 space for everyone, and set up their IPv6 servers to assign chucks of that space based on your assigned IPv4 address. Easy-peasy! Now none of their other management or billing systems have to change! Of course, now your v6 space moves anytime your v4 space does but -they always have those business accounts to sell you …

A diamond in the rough: When I was younger, working at a data center and IPv6 was new, I found this gem coupled with IPv6 world day (via Reddit): https://tunnelbroker.net/

Hurricane Electric was/is happy to give you a free static IPv6 /48 prefix, and you could tunnel your home connection directly to this (like a site to site VPN). Their catch is if you start pushing significant traffic you’ll have to pay market rates. But if your goal is to add a free static IPv6 frontend to your home network, this has been here the whole time.

Similarly, I’ve read Cloudflare’s Terms of Service [privacy policy, et al.] and they’re fairly tame compared to many. I’m also partial to their WARP technology. The idea is the end user’s traffic is encrypted and sent to any of Cloudflare’s servers and from there they can then bounce to anywhere in the world (a handy trick if you need to get around a great firewall or other tools of censorship). If your home lab uses Cloudflare’s tunnel, and your phones use WARP, the only thing a third party can see it that you’re using the largest CDN in the world - which is sorta a ‘well, duh’ statement. Cloudflare’s schtick is they don’t need limits - they can flood you home connection and it wouldn’t be a blip on their radar. However, they need to run variations of these technologies to operate their primary business. So making a copy for you to use is almost trivial. (And if you go viral and suddenly need a CDN, I’m sure they can sell you some)

Tl;dr: you’re not wrong, but the desert has water in it, if you know where to look.

Frogs do enjoy a good sauna. 😊

If that’s your line, then more power to you. I’m happy to live in a world where people make choices I don’t agree with - but I will always respect those who make an informed choice over people who let fate or advertising make their choices for them.

However, I also wouldn’t blame others for looking for an exit. Or testing other waters. Or at least thinking the grass might be greener elsewhere.

If you do continue to use Plex, consider taking a weekend for a hobbyist project such as a VPN server (OpenVPN or Wireguard are classics and broadly indistinguishable from work traffic) or a reverse proxy web server (nginx proxy manager is a good place to start). Not only are these useful and fun†‡, but they defang one of Plex’s most marketable features - the automatic NAT traversal.

†I put 3 VPNs on all my phones - a split tunnel to home; a full tunnel to home; and a commercial VPN with international egress points. The split tunnel lets my phone access my home services from any network it’s connected to (without impeding traffic destined elsewhere; the other ones are for coffee shop use). I can also give out access to the split tunnel to trusted friends to access my guest network. Also have a site-to site with a friend for off-site backup (with an encrypted tarball of my configs).

‡For the reverse proxy, I enjoy stapling it to my router’s public 80&443 and using DDNS to point vanity.example and *.vanity.example to my home public IP (I like to live dangerously; cloudflare tunnel & pangolin exist, too). Inside my home I have *.internal.vanity.example and *.home.vanity.example for the management webUIs and intranet versions of services so that they can be accessed via https with a secure lock.

Having your own tools to build your own cloud - on a raspberry pi, or an old spare laptop or retired desktop, or a second-hand mini PC is worth the hassle, particularly if you are using Plex baked into an Nvidia shield or other proprietary product, can offer options - and it never hurts to have options.

… But at this point I’m well and good into preaching to the choir.

Tl;dr: No hate to Plex users, but maybe have a plan. 😅

I mean there are a few good actuate positive predictions. The family of laws that collectively are called Moore’s law is decent offhand example.

At least this one follows the advice of his PR team. 🙄 but yeah.

You’re basically right. Back when unions were a thing, they dubbed this behavior “working your wage” I.e. not volunteering for unpaid labor. “Quiet quitting” is a neologism designed by a think tank to shift the burden of responsibility to the employee

It’s a phrase meant to replace the old phrase “working your wage”, because that way of viewing it makes the whole situation less dramatic and more noble … and generates less clicks. Classic newsspeak.

And there’s a huge difference between fifty degrees below zero and absolute zero. But both are lethal to humans if exposed to it for a night.

https://newrepublic.com/series/49/microsoft-three-mile-island-ai-nuclear

Nope. Very real.

No, sadly leopards are eating the proletariat faces, but they’re his proletariat faces

https://alternativeto.net/feature/create-multiboot-usb/ Maybe this will help?

As a rule of thumb, I expect that Asus as a business only cares about adbock from two angles:

1. A feature to slap on the box for advertising.
2. A B2B feature for helping business management make workers more productive.

To the first, there’s little incentive to ever update the lists after you’ve bought the device, so it’s quickly outdated. To the second, it’s like to be far more optimized for Amazon or Newegg, then for Reddit. Between the two, I don’t generally expect them to hold a candle to pi-hole and similar software.

For a fraction of a second, my poor heart skipped a beat, hoping Pushing Daisies had some new news. 😅

I hope this pays off your student loans.

I’m trying out Purely Mail. Unlimited email addresses across unlimited custom domains.

I have a cool setup where I have setup an email account at [email protected], but it’s setup as a catchall for *@service.mydomain.tld (and allows gmail-style tagging). This means I can fill out service forms by inventing addresses on the fly like [email protected] and the email shows up in one unified inbox, the subject line will include [LemonadeStand], and the message will have the flag ‘Signup’.

To add to the archive

Twenty One Pilots’ “Level of Concern” - 117 days 16 hours 10 minutes and 25 seconds

Organ²/ASLAP (639 Years) The next note will be played on February 5, 2024.

Anyone here experiment with Funkwhale? Wondering if it’s a practical choice to make a personal library available in a personal cloud.