Also at @me@social.k3can.us on Mastodon.
Consider what a DDOS attack looks like to Cloudflare, then consider what your home server can actually handle.
There’s likely a very large gap between those two points.
For me, my server will start to suffer long before traffic reaches the level of a modern DDOS attack.
Are you using their proxy or just DNS ?
If you have the little orange cloud (proxy) on your DNS entry, go to your public facing webpage and examine the cert. Chances are it’s not what you think it is.
Saying something is “self hosted” when it’s actually hosted by a cloud provider is sort of like saying something was “self coded” when it was actually coded by an LLM.
I think it’s like this:
Imagine Reddit, but every user stores a random piece of reddit in an instance on their device. They’re all still normal users, so they can’t block users from Reddit or from specific subs, even though their instance contributes to the whole. Their instance doesn’t represent the entirety of Reddit, or even the entirety of a single sub, it’s just a random chunk of Reddit.
BUT a user can be made a sub mod, which now gives them extra power over other users, but only in that one sub. It doesn’t matter whether any portion of that sub is stored on their instance, all that matters is that they’re a sub mod.
So you, as a pleb, have no control over what’s stored on your instance, but a mod has full control over their community (which may or may not partially exist on your instance).
That’s my interpretation, at least.
Depending on what you’re hosting, tor might be an option, too.
It’s actually intended to make you anonymous; encryption and vpns aren’t (despite what the marketing may say).
And why is a tower defense game listed under Automation?
Has the word “automation” in the description, so the AI just assumed it belonged.
I recently added Anubis and its validation rate is under 40%. In other words, 60% of the incoming requests are likely bots and are now getting blocked. Definitely recommend.
should it be in NAND or NOR??
Why not both? My initial idea was to flash to NOR and then configure openwrt to a sort of “minimal usable state”. That is, I’d have the basic functions required run my home network: basic routing between local networks and WAN. Then I’d copy that image to NAND and that would be when I installed the “extras”, like SQM and whatnot. That way, if I ever broke it beyond repair, I could just flip the switches and copy the NOR back to NAND and start over with that minimal usable config.
I sort of followed my plan, but I think things have changed enough that it would not be the simple restart that I hoped it would.
I still think it’s a good idea, though.
The Nest ones? I haven’t seen anything online of folks successfully flashing one. The first steps would probably be to solder on a USBC port and see what kind of access you can get over serial. There’s a picture of a Nest board (not the Pro) here, as well as info on what appears to be the correct usb connector. The OP also mentions that the Nest is lacking the developer button, but my guess would be that the function is still accessible by shorting the correct TPs. It doesn’t seem like that OP ever went through with the project, though, so maybe you’ll be the first!
Interesting. Looks like he’s actually using an R4. I’ve got an R3, myself, though. I use mine as my gateway router and it certainly seems under utilized. I’ve got SQM, adblocking, DDNS, DoH proxying, multiple VPN interfaces, and it’s a ‘router on a stick’ for my home networks (at 2.5gbe). Despite all of that, the CPU load never seems to budge and I’m only using a tenth of the RAM. I’m personally a bit torn on the device; on one hand, it certainly seems like it can do a lot more. It even has a m.2 slot for SATA/nvme, so it could definitely provide NAS or even some bigger applications. On the other hand though, I feel like it’s such a critical piece of infrastructure that I don’t want to introduce a bunch of non-router-related functions and risk one of those extra functions crashing the system and bringing down my whole network.
I’m not able to watch the video right now; is this actually using the gopher protocol?
It’s not really “zero trust”, though, right?
Isn’t CF still terminating TLS?
Trying to run a fediverse server on a decade-old Wi-Fi router and encountering some unexpected issues. Making progress, though.
Eh, I agree.
I have root access to the server and can directly interact with the backend DB. Forcing email for a password reset doesn’t protect me from me.
deleted by creator
I have Xfinity now, so uploads are pretty good (300/80), but I used to have Spectrum, which not only cost more but only got about 8 mbps up. My solution was to restrict clients to low bandwidth streams, like 3mbps. I only had a couple users, though, so obviously there’s a limit to how far that will scale.
If you can’t upgrade or switch providers to increase bandwidth nor throttle clients, I think the only other solution would be time restrictions, but it’s really going to depend on your users whether that’s effective.
Here are mine for another example:
Typically on their free accounts they use your cert for communication between them and you, and use cert they issue for communication between them and everyone else.
User -> CF cert -> CF -> your cert -> your server.
That’s why I suggested examining the cert on your external facing page.
Regardless, one way or the other, they need to be able to decrypt your data in order to apply their services (WAF, etc).
Unless, again, you’re just using DNS (grey cloud).