I like how they don’t label the y-axis at all to give any sense of scale. This graph could be showing a jump from 10 to 22 people. 🤷

When are people going to realize that billionaires have no moral code and no ethics. The only thing they want is more money and they will do literally anything to get it, even if they destroy the world.

Traefik basically has certbot built in so when you configure a new hostname on a service it automatically handles requesting and refreshing the cert for you. It can either request individual certificates for each hostname or a wildcard certificate (*.yourdomain.com) that covers all subdomains.

The neat trick is that in Docker you configure Traefik by adding Docker tags to the other containers you want to proxy. When you start up a container, Traefik automatically reads the config from the tags, does any necessary setup, then viola it’s ready to go!

Basically the Cloudflare tunnel client connects from the computer running your services (or proxy) out to Cloudflare’s edge servers and your DNS hostname is set to the IP of one of Cloudflare’s edge servers. Cloudflare acts like a reverse proxy by sending incoming SSL requests for your hostname to your tunnel client through their own network. The DNS record doesn’t expose your public IP and the Cloudflare tunnel client easily works behind firewalls, NAT, and doesn’t need a static IP because it connects outbound to Cloudflare’s network.

The biggest limitation is that this only works for SSL traffic because it can be routed by hostname in the SNI without needing a client on the client side. They do offer tunnels for other connections, but that requires their client running on both sides so it’s more like a traditional VPN again.

I’d add that Traefik works even better with Docker because you tag your other containers that have web ports and Traefik picks that up from Docker and terminates the SSL connection for them. You don’t even have to worry about setting up SSL on every individual service, Traefik will take care of that even for services that don’t implement SSL.

It is possible to get wildcard certificates from LetsEnrcypt which doesn’t give anyone information on which subdomains are valid as your reverse proxy would handle that. Still arguably security through obscurity, but it does make it substantially harder for anyone who can’t intercept traffic between the client and server.

The biggest reason to use VPN is that some ISPs may take issue with you running a web server over a residential service when they see incoming HTTP requests to your IP. If you don’t want to require VPN, then Cloudflare tunnels are perfect for this and they also solve the need for dynamic DNS if you want to use static domain because your domain points to the Cloudflare edge servers and they route it to you wherever your tunnel endpoint is running.

Past that, Traefik is a great reverse proxy that can manage getting LetsEnrcypt SSL certificates for you even with wildcard domains and would still work fine with dynamic DNS.

Oh yeah for sure, I’ve run Llama 3.2 on my RTX 4080 and it struggles but it’s not obnoxiously slow. I think they are betting more software will ship with integrated LLMs that run locally on users PCs instead of relying on cloud compute.

Data centres want the even beefier cards anyhow, but I think nVidia envisions everyone running local LLMs on their PCs because it will be integrated into software instead of relying on cloud compute. My RTX 4080 can struggle through Llama 3.2.

They aren’t making graphics cards anymore, they’re making AI processors that happen to do graphics using AI.

User: “Can we get Google?”

Microsoft: “But we already have Google at home!”

The Google at home: [reskinned Bing page]

Get here in time when our day comes

You thought it was gold but it was bronze

Well from personal experience with a small website the biggest things you have to deal with are web crawlers trying to vacuum up every last ounce of data they can find and web crawlers trying to find obvious backdoors like trying default WordPress logins (even if you’re not running WordPress). Make sure your software is properly configured and up to date and you’re safe. Some isolation is still a good idea but don’t lose sleep on which one because they’re all still overkill in this case.

On the other hand if you’re running a service that would be actively targeted by a large government enforcement agency or some other very wealthy and highly motivated entity, then complete physical isolation would be the only acceptable answer but with even more protocols to prevent contamination or identification as there have been attacks demonstrated that could infiltrate even air-gapped environments and that’s assuming you could hide it well enough for them not to just come physically compromise it (without you even knowing).

Keep in mind if you want to use any of these technologies because you want to learn them or just think they’re neat, then please do! I suspect a lot of people with these types of home setups are doing it mostly for that reason and not because it is absolutely necessary for security purposes.

I just run Docker and my router maps ports to it. Container isolation and a basic firewall is more than enough for me.

Like are we talking what’s good enough security for hosting an anime waifu tier list blog or good enough security for a billion dollar corporation?

Except this move is likely less about promoting domestic solar production and more about protecting oil, gas, and coal by making green energy alternatives more expensive.

You mean the corporation you gave boatloads of personal data to is manipulating it to use against you in the pursuit of profit?! [surprised pikachu.jpg]

Yeah, and due to the falling replacement rate the world population itself is starting to level off and may even start to decline. That’s why conservative political parties are all doing everything they can to force people into having children, because large corporations can only exist with a large and ever growing customer base.

I mean the business case is clear: It’s way harder to pirate a game that forces everyone to connect to the server to work at all, then when a new version comes out you shut down the old servers and force everyone to buy the newer one. Welcome to late stage capitalism where you’ll own nothing and be happy!

At it’s core, Salesforce is basically a database. You can create custom objects (tables) and fields (columns) tailored to your business’ needs to store anything and everything. But you can’t just easily replace it with a database because they have tons of layers of automations and workflows built on top to make it insanely user friendly: Customer sends an email and it’s automatically logged and tickets opened, sales person has a call and can create quotes and they are automatically sent to the correct people for approvals, managers can get access to accounts managed by their team but not the entire company, etc. It’s the “works out of the box but still let’s you customize them” business process automations and UI that make Salesforce what it is.

Encrypted data. Could be backups of important service details in case all their servers are seized, leaked or sensitive data they are holding as leverage, or a private porn collection. Nobody knows until they release a decryption key.