deleted by creator

My instance’s image cache is like 230GB. Plus a bunch more for the db. Can confirm storage is needed.

(unrelated question 😶 - anyone running pictrs 0.5 on local storage happily?)

I was surprised to see that I could see other users’ documents.

TBH this is how I expected it to work. A shared family document repository. I’m not against having more granular permissions, though!

I use Kavita. I have some minor complaints but in general it works.

I haven’t tried others though, so can’t say if it’s the best or not.

Does your ISP sell static IPs? Maybe they are all static?

For an ISP using all public IPs, in the days of dial up they could rent less IPs than customers because people were online at different times. These days the routers are all online 24/7, so it seems odd to me that some ISPs have everyone on public IPs but they aren’t static. Probably some technical reason why things don’t work how I think they do, but it just feels like a way to sell static IPs as an add-on when it wouldn’t cost them anymore to allocate an IP to a customer for the life of the connection.

Dynamic IPs don’t change very often. Sometimes you can get a new one by restarting your router, which most people don’t do very often. But in my experience they stay the same if you don’t restart it.

If you do end up with a new IP occasionally, it’s typically not too hard to change things to the new one.

Tailscale requires each person be granted access, I.e. it’s private. (Edit:I didn’t know about Tailscale Funnel, which is more like Cloudflare tunnel)

Cloudflare Tunnel gives anyone on the internet access, but to my knowledge only covers HTTP traffic. If what you’re trying to do requires port numbers then I don’t think that will work.

In regards to media traffic, Cloudflare silently removed that section of their Ts & Cs, so hosting Jellyfin, etc should now be OK.

You might be able to use Tailscale on a cheap VPN to forward traffic to your setup, but it might be cheaper and easier to pay your ISP.

It’s worth pointing out that port forwarding happens on your router, but if you don’t have a public IP then it won’t work. Sometimes ISPs will give you a public IP if you just ask, sometimes they tie it to a static IP add-on and charge for it. It sounds like you might be in the latter case. It can vary by ISP, so if you live somewhere where you get a choice, you may find another ISP is a better deal (e.g. where I live some charge $15 a month for a static IP, some charge a one off $40 fee, and some you can just ask and they will give you a public dynamic IP for free. Others will give everyone public dynamic IPs).

For the record, you can use justwatch.com and it will tell you exactly where you can watch it, and which seasons. But I’m still not paying for multiple subscriptions.

If the error is with the UI, then trying a mobile app is a good place to start (since they should connect to the API directly).

Sealed, airtight, and waterproof but what if both banks burn down at the same time? You didn’t mention fire-proof.

I’m not quite sure I get what you’re getting at. If you’re using Cloudflare (for more than just a nameserver), then the client’s browser is connecting to Cloudflare via a Cloudflare SSL certificate. Any password (or other data) submitted will be readable by Cloudflare because the encryption is only between the browser and Cloudflare. They then connect to your reverse proxy, which might have SSL or it might be unencrypted. That’s a second jump done by re-encrypting the data.

How does the reverse proxy help, when the browser is connecting to Cloudflare not to the reverse proxy?

They also say “Cloudflare DDoS protection secures websites and applications while ensuring the performance of legitimate traffic is not compromised.”, with a tick to indicate this is included in the Free tier.

You are honestly the first person I’ve heard complain about Cloudflare failing to protect against DDoS attacks. However, I have no doubt that not having Cloudflare, I would fare no better. So still seems worthwhile to me.

They explicitly use free DDoS protection as a way to get you in the door, and upsell you on other things. Have you seen them “drop your tunnel like a hot potato”?

Now obviously if their network is at capacity they would prioritise paying customers, but I’ve never heard of there being an issue with DDoS protection for free users. But I have heard stories of sites enabling Cloudflare while being DDoSed and it resolving the problem.

If you use DNS with proxy it still applies, you should get a Cloudflare certificate then. But yes, if you use Cloudflare as DNS only, then it should be direct. I believe you get none of the protection or benefits doing this, you’re just using them as a name server.

The Cloudflare benefits of bot detection, image caching, and other features all rely on the proxy setting.

Also if proxying is enabled, your server IP is hidden which helps stop people knowing how to attack your server (e.g. they won’t have an IP address to attempt to SSH into it). You don’t get this protection in DNS only mode either.

Basically if you’re using DNS only, it’s no different to using the name server from your domain registrar as far as I can tell.

I think concerns come in two flavours:

1. Privacy/security: Cloudflare terminates HTTPS, which means they decrypt your data on their side (e.g. browser to cloudflare section) then re-encrypt for the second part (cloudflare to server). They can therefore read your traffic, including passwords. Depending on your threat model, this might be a concern or it might not. A counterpoint is that Cloudflare helps protect your service from bad actors, so it could be seen to increase security.
2. Cloudflare is centralised. The sidebar of this community states “A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.”, and Cloudflare is for sure a service you don’t control, and arguably you’re locked into it if you can’t access your stuff without it. Some people think Coudflare goes against the ethos of self-hosting.

With that said, you’ll find several large lemmy instances (and many small ones) use cloudflare. While you’ll easily find people against its use, you’ll find many more people in the self-hosted community using it because it’s (typically) free and it works. If you want to use it, and you’re ok with the above, then go ahead.

Where I live, many ISPs tie public IPs to static IPs if they are using CG-NAT. But of course there are other options as well. My point was that the other options don’t disappear.

Though I do get the point that Cloudflare aren’t giving away something for nothing. The main reason to me is to get hobbiest using it so they start using it (on paid plans) in their work, or otherwise get people to upgrade to paid plans. However, the “give something away for free until they can’t live without it then force them to pay” model is pretty classic in tech by now.

We start paying for static IPs. If cloudflare shuts down overnight, a lot of stuff stops working but no data is lost so we can get it back up with some work.

Yes and no.

The main benefit of activitypub is facilitating communication between many instances running the same software. Sometimes services are different but do the same thing so work well together (e.g. mastodon and firefish).

When there is overlap between services it can work, such as how you can read lemmy communities from mastodon, but it’s not the same and doesn’t display as nice because they are different content types (microblog vs link sharing and discussion).

Bookwyrm is quite different. Tracking the books you’re reading is not really a fediverse thing and I’m not sure that’s even federated between bookwyrm instances. Reviews on books, well on bookwyrm you can follow users. I guess it’s possible you can follow a bookwyrm user from mastodon? Have you tried? It wouldn’t give you the same experience though, so sometimes it’s nicer to make a new account per service type.

You’ve had answers from others but basically moderation tools are non-existent. When you report something, there’s no way to pick to send to admins or community moderators, so if there’s an issue with a community the moderators can just resolve reports before the admins see them.

There is no site-wide moderator role, so if you want someone able to take action when CSAM (etc) is posted on a remote community you have to make them admin and also give them access to approve accounts or change the name of the website, etc.

The only actions available are to temporarily or permanently ban a user. You can’t restrict new users from posting 100 posts in the first 10 mins or anything like that.

There is not even a way to report a user. If someone makes an account on one instance and starts spamming on a different one, there is no way to report it to the user’s instance admins. The user’s instance admins are the only ones that can ban a spammer in a way that federates to other instances, so if you can’t report it to them then each of the 1000+ instances needs to each ban them. (in reality, admins will normally message each other or post in a spam matrix channel, but the simple option to report a user should exist)

Lemmy does not have basic features, to the point that one of the big instances is considering moving off lemmy.

I think we have a lot more following to do before we can lead with new features.