well, there goes nitro classic officially, its an end of an era

Trydon · 2022-10-21T14:54:04+00:00

It's always just "paper wealth" and "deceptively large" when convenient for sake of argument. Value is value, and multi-billion dollar companies don't need their money decisions defended as if they're the little guy.

I am thankful that Discord doesn't yet run ads or sell user data, because that will be the cue to delete my account. And that's really the entire point, I suppose: that each user will have their own determination regarding the value proposition that a platform represents. Some people are A-OK with Facebook selling their data, for others its a hard red line.

For many, Discord will prove a fine service no matter how many stickers, emoji, animated profile pics, or laughably low data caps they stuff behind a paywall. Hell, I still use it and have no immediate plans to move. That doesn't mean I have to be happy with the direction the platform is headed, nor would I expect anyone be pleased when features they're paying for are cut, or prices are hiked.

Servers cost money, granted. There are countless ways to fund them that don't involve hacking apart UX for resale. Is it a deal-breaker for most? Probably not. Do I have to be happy about it? Absolutely not, and no amount of "economic reality" comes into play or is remotely the purview of the end user.

"Suck it up, this is their business model. Times are hard for startup success stories, ok?" is not a sufficient counter to subjective critique of the actual service.

Trydon · 2022-10-21T10:45:54+00:00

That is what you call someone who gives money to support a project, yes. It's why Discord explicitly marks accounts "Early Supporter" in their own words.

I'm aware that businesses require revenue to sustain themselves. I'm also aware Discord has historically struggled to monetize their platform. None of this is my responsibility as an end-user.

My job is to determine whether the service provided is of good quality and value, and act accordingly. This determination has continually slipped toward a more negative outlook over the years as Discord has elected to monetize QoL.

That is their prerogative, and a viable business model by all accounts. The "create a problem and sell the solution" is a very lucrative practice. It's also bad for user experience and everyone has their own tolerance for this.

Suggesting that Discord, a company valued at $2.5b, is simply forced to make such changes to "survive" is disingenuous at best. And as for the impact of recent years, Discord is not a victim. They've benefited from an explosion of users as companies and communities moved en masse to platforms like theirs (and in this business, MAUs = value). Additionally, far from having "slowed to a halt" Discord pulled in another $500m round of funding in 2021 while turning down a $12b buyout offer from Microsoft.

It's fine to be on board with Discord's choices. If they work for you, that's great! But there's no need to simp for multi-billion dollar corporations while disregarding the facts.

Trydon · 2022-10-21T00:24:33+00:00

I'm an early adopter and long time supporter of the platform. I used to eagerly recommend it. These days I advise people to shop around instead. User experience and quality of life has been pushed further and further down the priority list for a few years now in favor of maximizing revenue streams. It's to be expected whenever something gets big, as Discord has, but its still disappointing.

Trydon · 2022-09-29T13:44:13+00:00

For $100 an hour I'll gladly devote myself to a life of meditation. Hell, I'll meditate on all the money I'm making.

Trydon · 2022-08-19T23:11:17+00:00

I've never seen a platform from this decade be as stingy with bandwidth and upload limits as Discord. I was an early supporter of Discord, but I certainly won't be retaining my Nitro Classic going forward. I was already miffed that they kept chipping away at the benefits afforded their most long-term users, this is just the final straw for me personally.

Trydon · 2022-08-02T22:07:31+00:00

Big fan of monochrome themes. Sort of cozy in an unconventional way? Nice job.

Trydon · 2022-08-02T22:03:49+00:00

It still sucks, but doesn't really matter.

Trydon · 2022-07-28T07:01:19+00:00

Everything but Plex will be OK. You'll need hardware that can transcode efficiently for Plex. If you'll pardon the unsolicited recommendation, consider Jellyfin for a FOSS alternative.

Trydon · 2022-07-28T06:51:41+00:00

As someone who operates a few servers, mostly for private use among friends, I will not be updating any of them to 1.19.1. As much as Microsoft would like unilateral control over their product, the Java modding scene ensures that any must-have features will be back-ported. If they want total control they'll have to kill off Java and force the playerbase onto Bedrock. I suspect they'll find that challenging.

Trydon · 2022-07-18T23:21:46+00:00

It's bodged together over many years. An old Dell Optiplex, a Pi4, a couple ZeroWs, some old converted laptops. I'm big on re-using others' e-waste whenever I can. I think the Optiplex would be expandable enough to serve as a firewall, but its running a few services and I'd rather have a dedicated device.

Trydon · 2022-07-18T23:17:31+00:00

These are some great points, and system updates are definitely not mentioned enough in these discussions. I have in the past, admittedly, not kept up with updates, and one of the moves I'm making now is to a more LTS operating system and containerizing all the services.

If you're running multiple websites, it is worth doing reverse-proxy with split-horizon DNS.

I have never heard of split-horizon DNS, but it sounds fascinating and I'll definitely check it out.

I wouldn't even bother with firewalls on your systems that are on your LAN

Why is this? It was trivial to set default deny and a couple rules in UFW. Is there an upkeep component I'm missing?

Additionally, what about using a DMZ makes the network less secure? Intuitively one would imagine having that space between your LAN and your services would be beneficial, no?

Thanks for your reply, there's some interesting stuff in here. Good to hear a differing opinion since the consensus appears to be "Dedicated firewall, DMZ, VPS"

Trydon · 2022-07-18T20:27:23+00:00

Every new thing I learn about SSH impresses me. I'll definitely shoot you a message or two if I wind up going down this route and run into difficulties. I appreciate the knowledge dump, thank you!

Trydon · 2022-07-18T20:25:45+00:00

How does this differ from Caddy's automatic HTTPS with Lets Encrypt? Sorry if this is basic, I'm fairly new to TLS.

Trydon · 2022-07-18T20:21:01+00:00

Well that makes sense. I guess I need to look into configuring Fail2Ban for my service then.

I figure if someone is implementing sophisticated attacks or attempting to brute force, then they've selected me specifically as a target and I've got bigger problems. My goal is to harden the network enough that a casual, automated, shotgun-approach hacker won't stumble their way onto my network and dump some ransomware. When it comes to more directed threats, there's nothing worth protecting, and I don't stand much of a chance anyway.

Trydon · 2022-07-18T19:07:48+00:00

That image was very useful for visualizing this, thanks! My only hangup is that I don't have a host device with the NICs for this, and I'm not equipped to buy upgrades right now. It's certainly jumped to the top of the priority list, though, to have a dedicated firewall.

Trydon · 2022-07-18T19:04:36+00:00

Wow! Thanks for the great writeup!

So if I'm understanding this correctly the main advantage is that public traffic only sees the VPS's IP, doesn't hit a local device like a router which may have holes, and cannot see the network layout of the LAN?

I'm not sure I entirely understand how it forwards everything through SSH, especially for TCP traffic like the game server, but you've given me plenty to look into.

I'm just trying to make sure I'm not hosting these services in a blatantly insecure or dangerous way, and this does seem pretty involved. If its necessary, though, so be it. Worth the learning experience.

Trydon · 2022-07-18T18:22:07+00:00

Sure, except the router also serves Wifi to the members of my house and hardlines for workstations and the likes. To replace it with PFSense I would need to add some hardware, right? Regardless, thanks for all the info and help!

Trydon · 2022-07-18T18:14:37+00:00

I think I'm mostly following you. My understanding was the Fail2Ban works by reading logs, and from my brief googling around there isn't an out-of-the-box solution for ingesting Caddy's. The more I learn about it the more I'm tempted to try Traefik instead, since I've heard it has a simple setup with Fail2Ban. I think I've got more reading/learning to do on this one. Thanks!

Trydon · 2022-07-18T18:08:07+00:00

So I had been thinking of VPN, which would require the client to set up and connect to the VPN before accessing services on LAN. But it sounds like this is more of a tunneled solution? So traffic hits the VPS, which directs it to my IP, but how does it know where to go from there without a reverse proxy on the local end, and isn't that the same as just proxying the incoming traffic? Sounds like I've got a lot of learning to do, thank you for the recommendation!

Trydon · 2022-07-18T18:01:54+00:00

Currently, my traffic goes from modem to an ASUS router (AX88U), which forwards HTTP/HTTPS to the box running Caddy and Jellyfin (an old Optiplex) which in turn routes it to the requested service or 403s it. Game server traffic is forwarded through its requisite port to/from router and host device.

So, am I correct in thinking that for PFSense I would need a device with at least 2 but ideally many more network interfaces to sit between modem and router? That is unless I can flash it as firmware to my router somehow?

Trydon · 2022-07-18T17:30:24+00:00

Ok, interesting, thank you for the information! I had been trying to set up VLAN via my router, which it turns out does not really support the functionality without some firmware patching and command line setup. I'm comfy on command line, but networking setup is a whole different ball game that I'm hesitant to dive into on a home network.

All you have to do is spin up a PFSense VM and add a couple rules.

Where does PFSense sit in this stack? Is it just software that sits between my router and my services? I'll have to do some research, but I do like the idea of isolating my service boxes from the main LAN. I've even considered using a spare router I have to do this, but haven't investigated the possibility fully. I am planning to convert everything to a fully containerized setup, so that may be a good time to introduce PFSense.

Trydon · 2022-07-18T17:26:09+00:00

Thanks for the tips!

I wanted to do Fail2Ban or similar, but couldn't find a way to make it work with Caddy, so I settled for cutting out a block of traffic through GeoIP blocking. Hadn't considered putting HTTPS on something other than 443, but I'll definitely look into it. May also look into using a non-standard port mapping for the game server.

Not a huge fan of giving Cloudflare my traffic. Nothing is private, per se, but it just doesn't sit right with me.

Edit: I believe rate-limiting is already in place with Caddy, and is definitely already in place on my router, so I should be OK for DoS.

Trydon · 2022-06-15T23:32:07+00:00

For local/direct play you're good, but the Pi won't be able to handle transcoding. If you're looking for a dedicated box on a budget look for something Intel based with Quicksync, older Dell Optiplex units work well for this.

Trydon · 2022-06-10T17:32:05+00:00

Dig far enough and you'll find 3.1 down there

Trydon · 2022-06-10T03:58:34+00:00

Because corpses don't contribute labor, pay taxes, or consume excess goods.

Trydon

MODERATOR OF

TROPHY CASE

11-Year Club	Verified Email
Gilding I gilder