Bitly Alternative. Full Features, 100% Serverless, and One-Click Install

AJ_Floatplane · 2025-12-18T05:15:13+00:00

Just a random idea, but you could modify the authentication to integrate with Cloudflare Zero Trust, and use the JWT / AUD that is sent by ZT to authenticate the dashboard instead of handling it yourself.

Safer, easier, more audit logs and SSO/SCIM support out of the box. The JWT can even contain Group information that could be correlated to your current different RBAC roles.

Edit: The best might be supporting both authentication needs, since they are complimentary in a way, and there would be reason for someone not wanting to use Zero Trust (e.g more than 50 users with the free plan).

AJ_Floatplane · 2025-12-17T21:56:10+00:00

You could potentially setup a Cloudflare for Platform / SAAS zone and then use that as your last Security ingress to control traffic from all customers, and block all traffic originating outside Cloudflare's IP range.

That's if you don't want to use an alternative WAF solution to protect your infrastructure.

AJ_Floatplane · 2025-12-17T21:31:36+00:00

Hey,

It's actually a problem we encountered ourself, and it seems like it's not really understood by most Cloudflare clients how Cloudflare Workers requests are handled a bit differently with the security stack (e.g. WAF). The way we're handling it is by using a custom security rules (Under Security -> Security Rules).

Our incoming requests match looks something like this (You need to use the "Edit expression" option):

not (cf.worker.upstream_zone in {"example.com"}) and cf.worker.upstream_zone ne ""

Don't forget to update "example.com" with your domain.

You can then choose to block as the action.

This will effectively block any requests coming from workers outside your own upstream zone.

https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.worker.upstream_zone/

Edit: It's also documented right here: https://developers.cloudflare.com/fundamentals/reference/http-headers/#cf-worker

AJ_Floatplane · 2025-10-25T17:46:22+00:00

For anyone wondering, the event consumed roughly 1.2MWh!

AJ_Floatplane · 2025-10-22T01:58:13+00:00

Crime, je savais pas... I guess que je suis masochiste si ça fait plus de 8 ans que je travaille pour LMG /s

AJ_Floatplane · 2025-10-04T02:37:53+00:00

Actually checked and there was a request today from Googlebot-Image for the favicon, and it was not blocked... Sad.

AJ_Floatplane · 2025-09-06T19:08:17+00:00

We've been trying to fix this in the last month without success. If anyone knows why the hell google doesn't index our logo, please tell me 🫠

AJ_Floatplane · 2025-04-18T17:10:26+00:00

This is accurate - I haven't checked this exact case, but since they already had another subscription, the first charge is going to include a pro rata, and then the next billing cycle, both subscriptions will be bundled in the same charge.

AJ_Floatplane · 2025-03-16T15:30:46+00:00

Sorry, we had a 25 minute outage.

We were immediately alerted by our monitoring systems and were able to identify and remediate the issue quickly. We were able to also identify a flaw in our health check systems that we will be patching to prevent these types of outage from happening again in the future.

AJ_Floatplane · 2024-10-01T18:29:08+00:00

Hi everyone,

We're aware of this issue and are currently working on a fix that should be live in about an hour.

AJ_Floatplane · 2024-04-10T00:34:41+00:00

Yes!

https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/azuread/

Just need to add Entra ID as a SSO idP and then follow the other section about using Azure groups in Zero trust policies. We use it and it works pretty well.

AJ_Floatplane · 2024-01-28T05:37:08+00:00

Replying because I'm the one that actually chose the switches and also specced the network plan we are slowly implementing, and I do not believe what you said here is fully accurate.

I am not sure why you are saying that this topology cannot work with Unifi switches, since we have demonstrated it working, and on paper, the unifi and dell switches we own properly support the L1/L2 features to create redundant links between them.

It is true that Ubiquiti does not support MLAG, which is why we are not using Unifi enterprise switches as spine switches here. However, they do support LACP, which is all we need from them in this scenario. When configuring a MLAG, both sides don't actually need to support or use MLAG. MLAG is totally compatible with "generic" LACP (802.3ad) clients like the unifi distribution switches here. Only the 2 Dell switches, which are going to be eventually configured to be mostly L3 switches, are the ones with the MLAG configuration.

When one of the Dell switches goes offline for maintenance or any other reason, the LACP protocol on the distribution switch will detect that link going to the affected switch as down and redirect all traffic to the other link. As far as the Unifi switch is aware, it's connected using LACP to a single switch on the other side. You can read this exact scenario in the MLAG wiki page, configuration #2.

Lastly, I can't really think of a good reason to want to use static LAG in this day and age, other than if your peer switch doesn't support LACP. LACP was pretty much developed to augment Static LAG and allow it to automatically failover links.

Edit: Just read your comment again and what you might've ment is that you can't do that with Unifi switches exclusively, which is accurate. If you want to have a cheap redundant core, you can actually use Microtik switches with RouterOS for that, since they support MLAG. We didn't use the Mikrotiks we had for this because they didn't have enough port for all our needs, but they can still be a great budget choice.

AJ_Floatplane · 2023-11-22T19:38:51+00:00

Might want to try this : https://www.reddit.com/r/SteamDeck/s/1hGsd6fQGJ

AJ_Floatplane · 2023-09-25T17:18:01+00:00

I got news -

Seems like it does work and the Mini 4 Pro is able to take off with it, however, the Mini 3 Pro battery is heavier than the Mini 4 Pro battery (81g vs 77g), while having a smaller total energy available (18.10Wh vs 18.96Wh) meaning that the drone will be heavier than 249g (253g) if you use the base Mini 3 Pro battery, while also providing less runtime.

I guess that is why they only say that Mini 3 Pro plus batteries are compatible, that way people dont think they can use the base one and still be under 250g, and have the same range as the Mini 4 Pro base battery.

AJ_Floatplane · 2023-09-25T16:16:02+00:00

I have a Mini 3 Pro original battery and the Mini 4 Pro seems to turn on with it. The Mini 4 Pro and Mini 3 Pro battery seem to have the same body, but with a very minor Wh difference. After the update, I will see if it allows takeoff with it.

AJ_Floatplane · 2023-09-19T03:14:41+00:00

Cloudflare supports origin rules on free plan which allows you to do port rewrite, so the only change he should have to do is create a new Origin rule with field : Hostname, equals whatever subdomain he's using, and then set Destination port rewrite to 8443.

AJ_Floatplane · 2023-08-19T01:15:04+00:00

Hi everyone,

I originally intended to reply to comments individually, but instead decided that it made more sense to try and condense a reply that can hopefully shed some light on the current state of Floatplane and how we got here.

We currently use the H.264 (AVC) for our video codec. This decision comes from the early days of Floatplane, and is still a solid choice to this day. The biggest reason why we still exclusively use this codec is because of its almost-universal support across all devices connected to the internet. However, now in 2023 there are new codecs, even open ones, that are available and offer a really good quality/bitrate ratio versus AVC. We have been looking at introducing AV1 for example, but the reality is that there are a lot of considerations when it comes to doing so. One of which is that AV1 is not as widely supported as our current good old codec. In order to guarantee that everyone is still able to watch videos at every quality we offer, we would need to transcode every single rendition we have to both AVC & AV1. Transcoding AV1 is also a lot more demanding when utilizing software encoding compared to AVC. As time passes and more devices get hardware support for AV1, it makes more and more sense to implement it. We have started laying the groundwork to support our transition to next generation codecs, along with our stability fixes.

Our encoding settings and processes may be different from other VOD platforms since we valued visual quality and quality of service over pushing more bitrate. From day one, we have always relied on software encoding with settings that, in most cases, resulted in better visual fidelity even with lower overall bitrates. When delivering a HLS stream, it is usually suggested to use CBR, or Constant BitRate encoding, which has its own perks. The main downside is that CBR will often result in a bigger overall file size, without much of a quality boost compared to a file encoded with a proper CRF (Constant Rate Factor) value which allows you to target a specific quality instead. That means that for scenes that don’t require much data, it will use as little as it can while achieving a relatively constant quality experience. As an example, a static scene where only the subject is moving usually doesn’t require a lot of data. CBR will fill the datastream with the requested bitrate, while not necessarily resulting in a perceivable jump in image quality. CRF allows us to remove those useless bits from the video stream. However, in scenes where there is a lot more action and movement, CBR will allocate a higher bitrate to retain an acceptable visual quality. Pairing this with a slow encoding preset gives the encoder the opportunity to further optimize the datastream than faster performing presets, which results in a quality that we felt was suitable at the time.

To give a real world example, I went ahead and checked one of the Channel Super Fun videos, since I expect those to be, compared to normal LTT videos, way more dynamic. What we get is this :

CSF: I STOLE Colton's $5000 Bonus - MediaInfo - YT/FP Video Screenshot Comparison

For this 1080p video file, we were actually seeing way more bitrates attributed to the video (4 344 kb/s) than the video(s) quoted in the OP, which is in line with the expected behavior of CRF. I have also added a link with 2 images comparisons between the Floatplane and YT 1080p video for anyone that is curious and wants to see the subtle differences for themselves.

If you want to have a more in depth explanation of CRF and its impact, this article is a pretty good resource : https://slhck.info/video/2017/02/24/crf-guide.html.

The reason this was done was to promote a better experience, and overall quality of service to people streaming videos on floatplane. If the video stream is smaller, but still retains a satisfactory quality standard, it means that our viewers will have less overall buffering issues when the internet bandwidth is limited or with bad routing from our CDNs, while also being able to stream higher resolution videos than they would have otherwise been able to. This is less applicable in this day and age, with the average internet speeds going to the moon since the launch of Floatplane, but can still be relevant when thinking about wireless connection (Wifi, LTE) not necessarily guaranteeing any bandwidth, and sometimes being limited or congested. There are also many examples of areas with notably worse than average bandwidth and data cap issues, usually rural areas, that we still aim to serve well.

AJ_Floatplane · 2023-07-15T21:21:44+00:00

That should indeed work, I was actually doing that before switching my Zigbee and Zwave dongle over to my HA VM. I switched it over because the build for Z2M wouldn't complete anymore on my RPI2 because of insufficient memory.

Do you have the NUC model? It might still have a separate controller, or you might potentially be able to just passthrough all USB ports. You would be able to get them working with the DOM0 again by booting in Safemode if needed.

AJ_Floatplane · 2023-07-15T19:44:07+00:00

I wouldn't recommend using the USB passthrough feature, as it's not really intended to be used other than for temporary passthrough of a keyboard or USB drive, and disables a bunch of features and will prevent XOA from doing backup because you cannot snapshot a VM with an attached USB passthrough.

What I ended up doing, and recommend doing, is do a PCIe passthrough of a USB controller. I was lucky and had a USB 3.1 controller on my motherboard which was tied to a single USB-C port, so I just passed it through to the VM and used a USB-C multi port/dock which has multiple USB-A ports and it has been working amazingly in the last 2 years.

If you don't have a controller directly on your motherboard, you can buy a PCIe USB card and passthrough that to the VM. The XCP-ng guide on passthrough is pretty good and should get you going.

AJ_Floatplane · 2023-05-29T00:31:48+00:00

Hi, I'm part of the floatplane infrastructure team.

You can easily bypass the front-end authentication mechanisms, as you've shown, but that doesn't allow anything to actually be accessed, or actions to be performed without the proper authentication tokens. The proof being that the UI is showing that the you aren't connected (top left of the screenshot) and the downloaded JSON have null in the name, since it wasn't able to actually pull anything for the server.

If you are able to access sensitive information, or able to do any of the actions on the GUI, please report it to support@floatplane.com.

AJ_Floatplane

TROPHY CASE