Use something that can do TCP, i.e. HAProxy, NGINX or Apache

Support Mullvad.

You should have bought the framework after they put more effort into Coreboot.

Pine64 and Fairphone are good companies too

There’s discord groups but they’re hard to find because of snitches. I got in early so I have some access now but it’s hard for newcomers

Just let her have Gmail if she is willing to divorce you over windows and email (what a handful you’ve caught there lad)

Doubledoubletop

1. Torrents/Usenet
2. Torrents/Usenet … And so on

Just run KODI from anywhere

As they should

This sucks a lot.

I believe the general population will have to become savvy enough to run their own VPNs from their personal VPSes. Also there are affordable seedbox providers which will let you have a decent amount of bandwidth for seeding, but yes I generally agree with your point. We need more upload bandwidth with seedboxes

Let’s see them banning seedboxes LMAO

So, everybody uses IPSec now?

Use a VPN if you’re in the West/Far East. That’s it

If you can only use port 22 for multiple SSH endpoints (for example), then yes your going to need multiple IPs. Or Port-mapping as a compromise

In short, you need a reverse-proxy + traffic segregation with domain names (SNI).

I don’t remember much about ingresses, but this can be super easy to set up with Gateway API (I’m looking at it right now).

Basically, you can set up sftp.my.domain/ssh to 192.168.1.40:22, sftp.my.domain/sftp to 192.168.1.40:121 (for example). Same with Forgejo, forgejo.my.domain/ssh will point to 192.168.1.50:22 and forgejo.my.domain/gui will point to 192.168.1.50:443.

The Gateway API will simply send it over to the right k8s service.

About your home network: I think you could in theory open up a DMZ and everything should work. I would personally use a cheap VPS as a VPN server and NAT all traffic through it. About traffic from your router maintaining the SNI, that’s a different problem depending on your network setup. Yes, you’ll have to deal with port-mapping because at the end of the day, even Gateway API is NodePort-esque when exposing traffic outside.

Ah, I get it. Jabber/IRC over TOR for you

You’d receive traffic on IP:PORT, that’s segregation right there. Slap on a DNS name for convenience.

I might have my MetalLB config lying around somewhere (it’s super easy, I copied most of it from their website), I can probably paste it here if you’d like.

Exposing services publicly on the Internet is a L3-L4/L7 networking problem, unfortunately I don’t know enough about your situation to comment.

Edit: the latter end of your post is correct. You could route to different end-points that way

Why do you need to self-host it if it’s decentralized?

You don’t need to. It connects over TOR and has no back-end servers that it relies on. Briar and Simplex have forward secrecy and are the only two I would personally use

Simplex, Jabber, Briar?

I’m sure there’s something over I2P too

Guys, please move to something using TOR/I2P. I’ve been saying it for a long time now, but clearnet services are just asking to be taken down.

Unfortunately for Europe though, the US has a massive incentive for something like TOR to function appropriately, because their military uses it too.

Ingress controllers like Traefik come across as LB services to IPAM modules like MetalLB (I’ve never used Kube-VIP but I suppose it’s the same story). These plug-ins assign IP addresses to these LB services.

You can assign a specific IP to an instance of an “outward-facing route” with labels. I don’t remember technical terms relevant to Ingresses because I’ve been messing with the Gateway API recently.

MetalLB + map new external IP to sub-domain == profit.

Read some of the other comments: it’s not about your control plane. All you need is multiple external IPs which an IPAM module/plug-in can provide (MetalLB, Cilium and maybe Kube-VIP: I’ve never used it).

They took down Tachiyomi?? I can still visit the website though, and the app seems fine

Do I give a shit? I’ll pirate everything I can till the end of time and if I’m feeling generous I’ll donate to the artists on band camp or something. Nobody but the smaller artists need my money anyway

Which is why not every provider supports BYOIP

SMR vs CMR and drive speeds

There are providers who are OK with public trackers and don’t care about DMCAs.

In principle, torrenting over IPv6 is the same as doing it over IPv4, it’s just that there’s a lot of IPv6 addresses so you might find it cheaper to buy IPv6. Yes there are some differences in the technology but from purely an operational POV, it’s not very different.

The reason I mentioned bringing your own IPs is related to the reason why providers don’t like public torrents: it pollutes their IP space and puts their IP ranges on blacklists. But if you bring your own IPs, suddenly the provider (in theory) is safe and doesn’t care as much. YMMV of course, send an email to your provider of choice to ask more.

I have seen seedboxes with 3, or maybe 4TB of storage under $10 (don’t remember). And that’s recent (about a month ago). Yes, unlimited uploads are definitely an issue. Such cases are best combated with buying an IPv6 slot and putting that on a VPS with a provider friendly to such things (they exist at reasonable prices)

I tend to seed rarer stuff till my ratio reaches 10, sometimes 15 on a case-by-case basis

Get an older Antec cade on Ebay, the one with 6 DVD bays. Load it up as a homeserver + seedbox + media burner.

Get a seedbox with storage. About $5-$10 a month can get you quite decent boxes in torrent friendly countries

I need to try this, thanks

Setting SELinux to permissive is not a good security practice

Why not port knocking over TOR?

We really need to push IPFS and TOR/I2P to keep these websites alive. Fuck the low barrier to entry if it means the website can just be subpoenaed

Well the Star64 from Pine is pretty good, just doesn’t have enough processing power and IO for my liking.

Framework has a laptop in progress if you’re interested

How would they do DPI on DNS packets routed using DoH? It looks like HTTPS traffic, it’s encrypted, and other than size and frequency I don’t see how they can gey anything out of it. Yeah they’ll get the SNI with eCH but that’s supported by FF and by a lot of providers using DoH

Yeah that’s your situation. Some people are fine with it