Nyfure
- 0 Posts
- 27 Comments
As far as i understood tailscale funnel its just a TCP-tunnel.
So you handle TLS on your own system, which makes sure tailscale cannot really interfere.
If you already trust them this far, might aswell do the same with a VPS and gain much more flexibility and independence (you can easily switch VPS provider, you cannot really switch tailscale funnel provider, you vendor-locked yourself in that regard)
I’d connect the VPS and your home system via VPN (you can probably also use tailscale for this) and then you can use a tcp-tunnel (e.g. haproxy), or straight up forward the whole traffic via firewall-rules (a bit more tricky, but more flexible… though not that easy with tailscale… probably best to use TCP-tunnel with PROXY-Protocol).
This way you can use all ports, all protocols, incoming and outgoing traffic with the IP-Address of the VPS.
Tailscale might even already have something that can configure this for you… but i dont really know tailscale, so idk…
And as you terminate TLS on your home-system, traffic flowing through the VPS is always encrypted.
If you want to go overboard, you can block attackers on the server before it even hits your home-system (i think crowdsec can do it, the detector runs on your home-system and detects attacks and can issue bans which blocks the attacker on the VPS)
And yes, its a bit paranoid… but its your choice.
My internet connection here isnt good enough to do major stuff like what i am doing (handling media, backups and other data) so i rent some dedicated machines (okay, i guess a bit more secure than a VPS, but in the end its not 100% in your control either)
Many systems dont support subpaths as it can cause some really weird problems.
As you use tailscale funnels, you really want incoming traffic from the internet. I am not sure thats a good idea for e.g. homeassistant that is limited in access anyways.
Might aswell use tailscale and access the system over VPN.
And for anything serious i wouldnt use something like funnel anyways. Rent a VPS and use that as your reverse-proxy, you can then also do some caching or host some services there. Much simpler to deal with and full support for such things as you then have an actual public IPv4/IPv6 address to use.
Heck, dont even have to pay for it with the Oracle Always-Free system.
When i was with a customer who was using one of ther VPS offers, performance was unexpectedly low and upon contacting support it was clear the small fish dont get great support answers, but rather pushed to the FAQ.
And i personally find their offerings and marketing scummy. Big promotional prices, but always some small print with a higher price after x Months.
Or just stuff thats not included by default.
I never had that with other (also very cheap) providers.
As long as it works great for you, i wouldnt see a reason to leave.
There arent that many providers offering such small ressources at all or at such a price. To be fair, not much one can do with those specs… 10GB storage is very limited already.
But for those specs… always free oracle tier would work too (though requires a credit card).
Ionos… not a good provider.
Great it works for you, but i wouldnt touch them with a long pole.
Created by an old internet provider (which is also not very good…), pulling every shady marketing trick weird “cloud” providers have…
Contabo is very cheap too, but i wouldnt trust them with critical stuff.
Netcup is next, quite good and still cheap.
Hetzner is very nice, but the cloud offers are expensive. the dedicated server offers though… holy sweetness, specially the auction servers.
Dont forget smaller providers either, they can have some good stuff, but cannot really compete with the big players. (i have one for clean ip space for mail)
Over the years hosting i learned that paying slightly more is often worth it depending on the needs.
And as my requirements went up, i moved up in the tiers. If you have a need for the dedicated servers, gets cheaper for what you get (though you need to manage the hardware side then too…)
Oh and dont forget the Oracle free offers. I dont really trust Oracle, but free compute is free… maybe dont store sensitive stuff though
smartctl
But 10.000 seems on the low side, i have 4 datacenter toshiba 10tb disks with 40k hours and expect them to do at least 80k, but you can have bad luck and one fails prematurely.
If its within warranty, you can get it replaced, if not, tough luck.
Always have stuff protected in raid/zfs and backed up if you value the data or dont want a weekend ruined because you now have to reinstall.
And with big disks, consider having more disks as redundancy as another might get a bit-error while restoring the failed one. (check the statistical averages of the disk in the datasheet)
Async is good because threads are expensive, might aswell do something else when you need to wait for something anyways.
But only having async and no other thread when you need some computation is obviously awful… (or when starting anothe rthread is not easily manageable)
Thats why i like go, you just tell it you want to run something in parallel and he will manage the rest… computational work, shift current work to new thread… just waiting for IO, async.
more time into crafting the right prompt
Thats not work to you? My company pays me to spend time to do the right thing, even though most of the work does the computer.
I see where you are going at, but your argument also invalidates other forms of human interaction and creating.
In my country copyright can only be granted if a certain amount of (human) work went into something. Any work.
The difficult part is finding out whats enough and what kind of work qualify to lead to some kind of protection, even if partial.
The difficult part was not to create something, but to prove someone did or didnt put enough work into it.
I think we can hold generated or assisted goods to the same standard.
Putting a simple prompt together should probably not be granted protection as no significant work went into it. But refining it, editing the result… maybe thats enough, thats really up to the society to decide.
At the same time we have to balance the power of machines against human work, so the human work doesnt get totally invalidated, but rather shifted and treated as sub-type.
Machines already replaced alot of work, also creative ones. Book-printing, forging, producing food… the scary part about generative AI is mainly the speed of them spreading.
Index of repositories is held locally, so if you use the same repository with multiple machines, they have to rebuild their index every time they switch.
I also have family PCs i wanted to backup too, but borg doesnt support windows, so only hacky WSL would have worked.
But the worst might be the speed of borg… idk what it is, but it was incredibly slow when backing up.
No, then they only handle your DNS setup, which is still okay in my eyes.
Its certainly far away from scanning all HTTP traffic. Not to forget the juicy metadata they get about the users across a big chunk of the internet, perfect tracking machine in a neat package with easy access by the government.
If it would be hard to do and having to bypass DRM yes, but its actually similar to what the player already does.
A court already ruled here that downloading youtube videos does not break the piracy laws by providing own means of downloading and saving the unprotected data.
Of course that does not include allowing the download feature of the client itself.
Downloading from youtube is piracy? How? If it was like a Youtube Red show, sure, but the normal videos everyone can see for free?
For me piracy begins with aquiring things or features which usually cost money to get whilst also taking into account if its obvious a thing should cost money in such an environment (thats also how our piracy laws are worded here).
So our piracy laws also classify things as piracy if it was obvious the deal was too good to be true like Windows for 2$ on eBay or chinese ROM cards for 5$ with hundreds of games.
Videos on youtube, including music, are a normal occurrence. A full blockbuster movie is usually not.
If its only you and you want best security, setup a VPN system. (Tailscale, Netbird, or others are quite easy)
If someone else should also, and you dont want everyone to have to use a VPN, then you can expose some services directly. Of course behind CGNat you need some third-party system to allow this (e.g. cloudflare or a rented server).
I am not a big fan of cloudflare, they are a huge centralized company, easily allowing tracking across websites with clear-text access and kinda discouraging learning how to secure things yourself (which you have to do anyways, because you are a service provider and only cloudflare is not enough if its still publicly accessible though them)
But in the end its your choice. They easily allow you as service provider to protect yourself from DDoS attacks or allowing IPv4 access when you are behind CGNat, things you just cannot easily do yourself, certainly not without costs.
Not really a problem with putting other stuff on it, apart from adhering to security standards. If you want to separate your personal stuff from hosted stuff, go ahead, but just because its torrent, doesnt make it much different.
Put it in a VM if you dont have a second machine i guess.