Private and/or cheap places to register a domain
chiisana @ chiisana @lemmy.chiisana.net Posts 4Comments 500Joined 2 yr. ago
chiisana @ chiisana @lemmy.chiisana.net
Posts
4
Comments
500
Joined
2 yr. ago
Although most providers do over provision, due to mostly bursty nature of most services, you’re probably less likely going to notice the shared aspect as opposed to the general age of the system. So it may be a good idea to take a quick peek at your VPS’s processor and compare that against what you’d be auctioning for. 1 older core (I.e. E5-2687W) is not going to be able to put up same amount of work against 1 newer core (I.e. AMD EPYC 7763) — brands and actual models are less relevant, just the idea of age gap that’s more important.
If you want to be absolutely sure, it may be just a good idea to budget for some duration where you’d pay for both services (you’d need some time to migrate everything anyway), and run benchmarks on both systems to see what you’d get out of each, then decide which one to keep.
Being a (FOSS) dev is a badge of honor, not a license to be terrible.
By misleading users to complain to their upstream vendors about faulty “battery concern” when there’s a deeper problem, they’re just sending misguided users to create problems for other (FOSS) devs.
By forcing all clients devs to handle dual auth instead of handling dual auth token structure “because it is hard”, they’re dumping their responsibilities on to other (FOSS) devs.
This not the first and it will likely not be the last time the Lemmy devs do things you don’t want to acknowledge. However, if you get so agitated and feel the need to spell off expletives at someone calling out facts, then it may be a good time to cut back on the koolaid. Software development is not a cult.
Last time this was brought up, I believe the Voyager dev (sorry can’t remember spelling of his account, I think aeharding@lemmy.world ?) mentioned this is dependent on a proper resolution of push notification support from Lemmy itself, and linked to a Lemmy issue on GitHub. Very unfortunately, Lemmy devs doing what they do best — finding creative ways to alienate their user base by choosing a platform that only works on Android, requiring a third party app to background continuously, shoots down open web standards, and mislead iOS users to go create tickets in their chosen upstream project for fictitious “battery concern” when brought up that iOS paradigm does not allow long running background apps.
I’m not holding my breath for this :(
You could use just a simple Apache (or even some simpler static file server) with no authentication what so ever, but only accessible to your own network. Then, add a Reverse Proxy Gateway such as Traefik, Caddy or whatever else, and add Authentik as a Middleware. User heads to the site (I.e.: https://files.yourdomain.ext/), Reverse Proxy Gateway bounces the request to the Middleware (I.e. Authentik), requires the SSO via whatever authority you’ve got setup, gets bounced back, and then your Reverse Proxy Gateway serves up the static content via the internal network without authentication (i.e.: http://172.16.10.3/).
Check out Forward Auth section of Authentik docs here: https://goauthentik.io/docs/providers/proxy/forward_auth
If privacy is the concern, you should really read the breakdown from Mozilla someone shared. Can’t miss it, large wall of text in this thread. Apple ecosystem is much better than others in the privacy department. The other players are much worse when it comes to personal data collection and selling.
Similar to what the other user mentioned, but slightly different … macOS always had special treatment for .app directories, sometimes giving it special treatments as if it is a file instead of a directory. Does running without the -r bit achieve what you’d want, or you are certain there are files deeper within the directory structure that contains files with extended attributes that you’d want to remove? If there’s specific files inside the structure, are you able to target them individually?
FWIW, I think there is a slow push towards a consolidated “TV” experience which may or may not have started as result of Apple launching Apple TV+. Sometime over the last several years, there have been a push towards consolidating the streaming content into one place, so users would theoretically get a unified search and viewing experience. I think the most recent version of tvOS even did away the iTunes Store in favor of having that integrated directly in the TV app.
However, I said may or may not have started as result of Apple TV+ service because that seems like a consistent trend across the board. Even in Plex, I do a search, I get a bunch of content that they’re trying to redirect me towards (Plex’s own FAST TV service, and maybe even purchase else where if memory serves).
None of these negates what you’ve said though. It has nothing to do with TV+ service, and dude could’ve just ignored the TV app and used the Plex app if that’s their streaming source. In fact, Plex cannot integrate into the TV app because Plex cannot provide searchable metadata about content on your server to Apple in a unified fashion — vaguely recall reading something about Apple requires app to give one search end-point that will return one search result to Movie X, and there’s no way for Plex to differentiate my version of Movie X on my server from your version of Movie X on your server. So even the whole TV app thing is kind of moot.
If you have Apple users at home, the integrated experience and the video quality is going to be very hard to match from other platforms. My parents use Chromecast and it takes so many more steps to send content on to their media system. The video quality when casting also suffers a little, though that may be because they’re using cheap ISP router AP combo box, and I’m using Ubiquiti APs instead. Having said that, I do think the A15 processor in the most recent model is an overkill in the graphics performance department, so I wouldn’t completely rule out device capability compared as the cause of video quality difference.
Based on my readings, I think most recent high end nVIDIA Shield Tv Pro is the only closest in terms of raw performance and even then it may be a bit behind. Tegra X1+ found in the Shield Pro is on Maxwell architecture, which is older than GeForce 1080 series’ Pascal architecture, if I’m not mistaken. This would date it to around 2015-ish; whereas the previously mentioned A15 processor in most recent version of AppleTV 4K was introduced in 2021 with iPhone 13 series.
Another user already gave you the answer, but one thing to bear in mind is that Cloudflare only “speak” HTTP(S), and nothing else. So if for example you want to run Minecraft, CloudFlare’s free plan will not allow you to route it through port 80/443 as they don’t know how to “speak” the Minecraft protocol.
Ah sorry I went down the wrong rabbit hole.
I’d imagine an isolated VLAN should be sufficient good starting point to prevent anyone from stumbling on to it locally, as well as any potential external intruder stumbling out of it?
Changing port is security by obscurity and it doesn’t take much time for botnets to scan all of IPV4 space on all ports. See for example the ever updated list that’s available on Shodan.
Disable password login and use certificates as you’ve suggested already, add fail2ban to block random drive-bys, and you’re off to the races.
Cloudflare tunnel is a thin client that runs on your machine to Cloudflare; when there’s a request from outside to Cloudflare, it relays it via the established tunnel to the machine. As such, your machine only need outbound internet access (to Cloudflare servers) and no need for inbound access (I.e. port forwarding).
but I haven’t find that much information on which labels should I add to set it up.
I’ve not automated creation of records for new services, but I’ve made it easier for myself by making hostname.domain.ext the dynamic DNS (managed by a simple cron job with curl commands interacting with the API), and all service.domain.ext just CNAME to the main record.
I don’t think I’ll be automating the creation of the CNAME records because something tells me I’d end up leaving a bunch of dead service DNS records behind.
Hopefully you’re not in the USA, as those products were taken off the shelves.
Most likely some sum of (cores x Ghz) each processor in all servers? While it kind of makes sense, it feels like a much higher clock speed than what I’m used to seeing.
I have a single quad sock E5-4640 server, I think in terms of me having 4 processors with 8 cores at base 2.4Ghz each; I don’t regularly (or ever, for that matter) think in terms of me having 76.8Ghz.
360G8s should be single or dual sock E5 v2 processors. I can’t really math right now (insufficient caffeine), but I can’t seem to make the math work, so I’d imagine something that to be an aggregated across all three systems, not individual systems?
You can search by feature here: https://ark.intel.com/content/www/us/en/ark/search/featurefilter.html?productType=873&0_QuickSyncVideo=True&0_ECCMemory=True
It will affect everyone. All it takes is one big company deciding they’re better at distributing their apps via some untrusted channel, or better yet, their own channel, and everyone who uses it are required to install the untrusted store.
“But it doesn’t affect me!”
Not true at all. Vast majority of people are forced one way or another to install a third party messenger due to that one older family member who only knows that one app because it’s popular where they live; vast majority of people gets mandated to install something on their phone as required by work place (MFA/VPN/expenses app/HR for PTO etc); vast majority of people are required to install some governmental entity mandated app (passport application/visa exempt entry/social services/etc)….
List of “mandatory” apps goes on. Even if you only need it for a little bit of time, now you’ve got the store on your phone, ready to open up potential to bring in other not so mandatory and less than desirable apps.
Apple is not great at vetting apps, there are terrible apps on the App Store that I’d like see removed, but they’ve got decade+ of experience in heuristic detections to prevent most bad apps from making it to our phones. They’ve also got way more resources to act against bad actors than any other company in the world. I can trust that I’m not going to get a fake / modified bank app when I download it from the official App Store. That same guarantee isn’t there with third party untrusted channels.
It will likely be very unpopular opinion here, given how Lemmy is much more FOSS and self hosted happy (I’d know, I’m self hosting it and spends more time in those communities than anywhere else), but I for one do not want side loading or third party stores to become a thing.
Edit:
Ironically, the bad third party stores will be waaaaay more popular to non-tech savvy people, because “Mark says to get apps here for cheaper” or “Mav said this is better”. The actual tech savvy users will have better security awareness, but vast majority of people aren’t, and will end up getting hurt by this.
Edit 2, after @therealrjp@lemm.ee already downvoted but staying quiet:
I forgot this earlier. In order to gain access to certain features, such as being allowed to render on CarPlay display, you'd need a special entitlement signed by the App Store, just like IAP receipts etc. -- in the current case, that is Apple; in unofficial third party case, that'd be the third party running the store. iOS doesn't only gate public features like CarPlay rendering using entitlements; many security features are bypassed for official apps using the same mechanism. If you search for security in the extracted entitlement database, you'll see things like com.apple.private.security.bootpolicy, com.apple.private.security.no-container, com.apple.private.security.no-standbox, com.apple.private.security.storage.CallHistory, com.apple.private.security.storage.Location, com.apple.private.security.storage.Lockdown, com.apple.private.security.storage.Messages, com.apple.security.device.camera, com.apple.security.device.microphone, com.apple.security.personal-information.addressbook,com.apple.security.personal-information.calendars, com.apple.security.personal-information.location,com.apple.security.personal-information.photos-library and many many other fun entitlements that grants things you'd otherwise not want untrusted parties to get access to. We've already touched on government entities might require you to install some specific app. It is also well known that Russia runs their own App Store. I wonder how long it would take before any rogue entity running a store start to distribute legitimate spywares?
On incoming side of things:
In between your IP change, your script update your DNS record, and finally sender’s server gets the new IP address, you may lose emails coming to you. Most mail providers will eventually, at their chosen cadence and frequency, attempt to re-deliver the messages, so you might get them eventually on a delay. There is no way of knowing what you’re not missing in the event the sender’s server not retrying. Mails coming to you is delivered into folders per your configuration, and should not end up in spam because of your IP change.
On the outgoing side of things:
Every IP address has some reputation attached to it. Residential addresses tends to score lowly because of people getting virus/malware and become part of a bot net to spam. As you’ve got no control over the IP address you’d receive from your provider, there’s no guarantee if you will receive a clean IP or not. Worst case scenario here is you might end up with a blacklisted IP, and your mail never gets accepted (or silently discarded) by receiver’s mail server. You may also run into SPF record needing the IP address but you can probably get your DDNS script to update this as well or, maybe just use an A record.
If your intention is to receive emails, it might work, but you might miss a message or few.
If your intention is to send mails, it is cheaper and easier to just get a transactional mail provider and pay pennies per thousand mails, and never worry about it.
If your intention is to make a full fledged mail service with send and receive… it’s just not worth the hassle and headache.
So sad to see the pervasive misunderstanding of ad targeting :(
iOS doesn’t even allow devices access to camera/mic unless the permissions have been granted; and background process barely allows applications any time to do anything, there’s just no way for it to listen to the users in background and upload that data elsewhere.
There’s a vocal handful group of people disliking CloudFlare because of their irrelevant “privacy” concern here — you can absolutely use the registrar without using their CDN features. Also, reality check: with CloudFlare’s market reach, there’s zero chance nothing they do online isn’t already MITM’ed already. Having said that, Cloudflare uses their registrar as loss leader, so they give their wholesale price to end users registering, and as such you’ll have the cheapest price available for the domain extensions they support. You can then just set your DNS without their orange cloud and traffic on your domain aren’t going to flow through their CDN.