rufus

https://www.namecheap.com/support/knowledgebase/article.aspx/10128/2237/how-to-create-an-alias-record/

https://kb.porkbun.com/article/85-how-to-connect-your-root-domain-when-your-web-host-wont-provide-an-ip-address

Took me a while to remember... I think other providers don't call it CNAME flattening, but ALIAS records. And namecheap lists them in their documentation. You maybe need to look it up if you're interested, but I think they do in fact offer it. (I mean I'm not advertising for or against anything here. If you're happy with your provider and your setup works, that's fine. It's definitely not available everywhere.)

I mean theoretically... I guess, if they do it right? It depends a bit. Some Linux distributions are crazy fast with patching stuff. And some stable channels have a really good track record of open vulnerabilities. Nowadays that's not the only way of distributing software, vulnerability might depend on your docker container setup etc.

Are there actual numbers what Cloudflare adds on top? What 0-days they focus on? I mean do they have someone sitting there, reading Lemmy CVEs and then immediately getting to action to write a regex that filters out such requests?

And how much does it cost? They also list the same ModSecurity in their lower plans. I don't think 0day protection would help people like me if it's $200 a month.

Thanks. I read a lot of people recommending cloudflare. I believe a substantial amount of that group is on the free tier and not exactly making informed choices. Being a registrar, DNS provider and offering tunneling / port forwarding or some mechanism to traverse your home NAT are valid use-cases.

Ah. Makes sense. I don't think you have to specifically use cloudflare in that case. But I remember CNAME records can't be used for everything... there are some limitations. I know I had issues with dyndns and a domain at some point. I just can't remember the details. I know it didn't work with every registrar / DNS provider. But some of them offer some magic to make some things work. I believe back then we ended up transferring that domain to some other hoster. And my domains are with a company that offers an API. I can just have a small script run in the background that changes around entries and do dyndns that way. But obviously you need to pay attention to things like the time to live for your records and set it accordingly once you do dyndns yourself.

Thx for explaining. I'm not sure if I'm willing to do the same trade-offs. Supposedly their WAF is very good and quite some people use it. Probably for a good reason... It just comes at a hefty price. I'm doing selfhosting to emancipate myself, stay independent and in control. I'm not sure if becoming dependant on a single large company and terminating my encryption on their servers that do arbitrary magic and whatever with my packets is something that aligns with my goals. (Or ethics, since I think the internet is to connect people on a level playing field. And that's no longer the case once many people transfer control to a single entity.) But I don't see a way around that. Afaik you have to choose between one or the other. Are there competitors to cloudflare that handle things differently? Maybe provide people with the WAF and databases to run on their own hardware, let them stay in control and just offer to tunnel their encrypted data with a configurable firewall?

Edit: Just found modsecurity.org while looking that up. But I guess a good and quick database of bad actors' IPs is another thing that would be needed for an alternative solution.

Thx, that is a good reason to do it. I'm eventually going to lose my static IPv4 address, too. But I'm preparing to move some of my services to a VPS instead and in the process set up the firewall and the reverse proxy to the Nextcloud on my homeserver and so on there (on that VPS.)

Why do so many people tunnel their personal data through cloudflare anyways? No port forwarding possible? Or afraid of DDoS attacks? Or am I missing something?

Because you rent them and not own them. It's also illegal to sell a book that you rented from the library. Or get a dvd from the library and then copy it. It's a measure they put into place so you're not allowed to duplicate the thing. Hence they don't grant you the same kind of ownership you'd have over a physical item.

I'd say 6-12 years. Maybe including about 1 hard disk failing. I forgot what the mean to failure is for a harddisk. And in a decade I probably have all the disks filled to the brim, my usage pattern changed and a new one has 10x the network speed, 4x more storage and is way faster in every aspect.

I read it's more like 20-200 years. But there are differences. Recorded CD-Rs are worst. Burn DVDs if you can. And bought (pressed(?)) disks perform considerably better. But don't expose them to UV light or scratch them too much.

With books it depends on how people store these. They can mold. But if you take care to store them right... I mean there are books that are hundreds of years old. I think books are usually lost to things like a fire, flooding, or people deliberately getting rid of them. Otherwise, printed information will survive for quite some time. And I too think it's the better collectible. And they are fun to use. I like them better than reading on a screen.

I don't miss the times when my living room had several shelves with movies and CDs and XBox games. Nowadays I have everything stored on a NAS in the basement and a Spoitfy and Netflix subscription.

I find it difficult to compare those concepts, owning vs renting, pirating vs buying. They're all very different and all have their use. I just think I'm not the one who likes to collect movies and music on physical disks. And streaming it to the phone or TV is more convenient anyways.

A hard link won't work across filesystems or across disks. If you want to point to another arbitrary filesystem, you'd need a symlink. I don't know if that's supported in that software stack. But you either move that Download directory to the same filesystem on the USB HDD, or use symlinks, or figure out a different way.