dan
@dan@upvote.au
Aussie living in the USA. https://d.sb/
- Comment on Moving from Cloudflare tunnels for media streaming, first plan didn't work out due to double NAT 1 day ago:
There’s no reason your media server needs to be directly exposed to the public internet. Use Tailscale. Get everyone that uses it to sign up for a Tailscale account, and add them all to your Tailnet.
Tailscale will perform better than any tunnel because it’s a direct connection between the two peers - it’s not relaying through an intermediary server like a Cloudflare tunnel would.
- Comment on Based on a true story 1 day ago:
But for there to be used cars, there needs to be new cars… How do the people that buy new cars pay for them?
- Comment on European police say KidFlix, "one of the largest pedophile platforms in the world," busted in joint operation. 1 day ago:
I loved the explosion sound, and the “oh no” when you click the undo button. I have the Windows versions of KidPix on CD somewhere.
- Comment on DOGE official at DOJ bragged about hacking, distributing pirated software. 1 day ago:
I don’t see any mention of torrents in the article?
- Comment on How to secure Jellyfin hosted over the internet? 3 days ago:
Oh yeah, there’ll be some overhead if you’re running Wireguard on a router. Hitting your router’s public IP won’t go out to the internet though - the router will recognize that it’s its IP.
It’s common to run Wireguard on every computer/phone/tablet/etc rather than just on the router, since this takes advantage of its peer-to-peer nature. Tailscale makes it a lot easier to configure it this way though - it’s a bit of work for vanilla Wireguard.
- Comment on How to secure Jellyfin hosted over the internet? 3 days ago:
My point is that since the VPN uses a different subnet, it’s fine to keep it connected even at home. It’ll only use the VPN if you access the server’s VPN IP, not its regular IP.
In any case, Tailscale and Wireguard are peer-to-peer, so the connection over the VPN is still directly to the server and there’s no real disadvantage of using the VPN IP on your local network.
- Comment on How to secure Jellyfin hosted over the internet? 3 days ago:
Yeah, this. Plus if you leave it connected, you can use the VPN IPs while at home instead of having to use a different IP when at home vs when out (or deal with split horizon DNS)
- Comment on How to secure Jellyfin hosted over the internet? 4 days ago:
Headscale is a replacement for the coordination servers, which are only used to distribute configs and help nodes find each other. It won’t change client-side behaviour.
- Comment on How to secure Jellyfin hosted over the internet? 4 days ago:
I did this and it still seems to randomly disconnect.
- Comment on How to secure Jellyfin hosted over the internet? 4 days ago:
If you have a separate subnet for it, then why do you only want it to be connected when you’re not on home wifi? You can just leave it connected all the time since it won’t interfere with accessing anything outside that subnet.
That’s assuming you’re not routing all your traffic through it.
- Comment on How to secure Jellyfin hosted over the internet? 4 days ago:
conditional Auto-Connect. If not on home wifi, connect to the tunnel.
You don’t need this with Tailscale since it uses a separate IP range for the tunnel.
- Comment on How to secure Jellyfin hosted over the internet? 4 days ago:
Yeah my wife and I are both on Android, and I haven’t been able to figure out why it does that.
The Android client is open-source so maybe someone could figure it out. github.com/tailscale/tailscale-android
- Comment on How to secure Jellyfin hosted over the internet? 4 days ago:
Is it just you that uses it, or do friends and family use it too?
The best way to secure it is to use a VPN like Tailscale, which avoids having to expose it to the public internet.
- Comment on Selfhosting Sunday - What's up? 5 days ago:
That and email protocols are outdated and aren’t too secure. For example:
- Neither SMTP nor IMAP have no way to use two factor authentication.
- Spam blocking is so hard because SMTP was not designed with it in mind.
- SMTP has no way to do end-to-end encryption which is why you need to layer things like GPG on top.
IMAP has a modern replacement in JMAP, but it’s not widespread. SMTP is practically impossible to replace since it’s how email servers communicate with each other.
The “solution” has been for companies to make their own proprietary protocols and apps, for example the Gmail and Outlook apps combined with a Gmail or Microsoft 365 account respectively.
- Comment on Selfhosting Sunday - What's up? 5 days ago:
I self-host my email and use a VPS for it. I don’t trust my home server to be reliable enough, and the VPS providers have nicer equipment (modern AMD EPYC CPUs, enterprise SSDs, etc). I use a separate VPS just for my emails - it’s the one thing I want to ensure is secure, so I didn’t want any other random software (that could potentially have security issues) running on it…
I also use an outbound SMTP relay to avoid having to deal with IP reputation. SMTP2Go has a free plan for sending <1000 emails per month.
- Comment on From RSS to Bookmark Manager – how would you integrate? 6 days ago:
You could probably use Hoarder and tag the links with “read later”.
- Comment on Logitech is dropping support for its oldest Harmony remotes 6 days ago:
Yeah this is the part I don’t understand. Does the remote not have onboard storage?
- Comment on Logitech is dropping support for its oldest Harmony remotes 6 days ago:
At work, the IT security team had to block Logitech Options because they added some sort of AI functionality to it without adding a killswitch for enterprise customers…
iTerm added AI stuff but at least they added a killswitch (a setting in a plist file I think) to force it to be disabled.
- Comment on Logitech is dropping support for its oldest Harmony remotes 6 days ago:
Nvidia has been open-sourcing their drivers, but it’s been taking forever.
It’s been taking forever because they’re moving a lot of code into the firmware to keep it closed source. It’s essentially a brand new driver that takes advantage of newer firmware. That’s one of the reasons the open-source driver only works with Turing (2000 series) and newer cards - they don’t want to spend the time updating older firmware to handle the open-source driver.
- Comment on How to Delete Your 23andMe Data. 1 week ago:
I requested a download and am waiting for that to be available before deleting it from 23AndMe.
- Comment on Activision User Research Workers Overwhelmingly Vote to Form Union with CWA 1 week ago:
~This~ ~comment~ ~is~ ~licensed~ ~under~ ~CC~ ~BY-NC-SA~ ~4.0~
You do realise that licensing your comment doesn’t actually do anything, right? If that actually worked, you could license the comments under a license where every reader has to pay $100 if they read it.
- Comment on Definitely didn't waste half an hour making this 1 week ago:
I used number 5 throughout high school and university and they always served me well. Sometimes I thought about trying the fancier ones with gel grips, but old reliable BIC was always there for me. I trusted the BIC.
- Comment on Humming along in an old church, the Internet Archive is more relevant than ever. 1 week ago:
They push the VM images, but there’s a Docker container available too.
- Comment on Someone help me understand the sonarr to jellyfin workflow 1 week ago:
You can’t hard link across drives, so it’s not possible to use hard links if the OP wants torrents and media to be on two separate drives.
- Comment on GM blocks dealership from installing Apple CarPlay retrofit kits in EVs 1 week ago:
That’s true and I hate it. I miss the older days of the internet when protocols were mostly open and people were more focused on collaboration and interoperability.
- Comment on GM blocks dealership from installing Apple CarPlay retrofit kits in EVs 1 week ago:
IMO cars that have their own infotainment system should also allow Android Auto and Apple CarPlay. Give the user a choice. Collect metrics about how many people use Android Auto / CarPlay vs the native infotainment system. Get people to use the native infotainment because it’s better, not because you force them to.
I’ve got a BMW iX and the in-built map is very good, but I like knowing that I can switch to Android Auto if I encounter issues with it.
- Comment on Humming along in an old church, the Internet Archive is more relevant than ever. 1 week ago:
I didn’t realise they do tours every Friday at 1pm. I’ll have to visit some time!
I really hope the lawsuits don’t kill the Internet Archive. It’s an important resource.
- Comment on Cloudflare announces AI Labyrinth, which uses AI-generated content to confuse and waste the resources of AI Crawlers and bots that ignore “no crawl” directives. 1 week ago:
thousands of times a second
Modify your Nginx (or whatever web server you use) config to rate limit requests to dynamic pages, and cache them. For Nginx, you’d use either fastcgi_cache or proxy_cache depending on how the site is configured. Even if the pages change a lot, a cache with a short TTL (say 1 minute) can still help reduce load quite a bit while not letting them get too outdated.
Static content (and cached content) shouldn’t cause issues even if requested thousands of times per second. Following best practices like pre-compressing content using gzip, Brotli, and zstd helps a lot, too :)
Of course, this advice is just for “unintentional” DDoS attacks, not intentionally malicious ones. Those are often much larger and need different protection - often some protection on the network or load balancer before it even hits the server.
- Comment on Purchased an Osborne MPV1024 monitor and it just works 2 weeks ago:
It’s quite amazing he continued using it up to the 2010s
Yeah I’m surprised it lasted that long. He never used the internet or mobile phones and the Windows 3.1 PC was probably the only piece of modern-ish technology he used.
- Comment on Purchased an Osborne MPV1024 monitor and it just works 2 weeks ago:
My grandpa had a monitor like this - it came with a Osborne computer he bought in the mid 1990s. It was either a 486 or Pentium 1 (can’t remember) and came with an Osborne-customized version of Windows 3.1 along with some floppy disks and CDs with Osborne software on them.
He was still using that same computer, with the same OS, until he moved into a retirement home in the late 2010s. I’m not sure what happened to the computer since it was all gone the last time I visited his house after he passed away. I live in the USA but he was in Australia so it was hard for me to try and keep on top of things like that.