Neither is 80M on a multi-billion multi-national corporation operation. WBD had $6.157B of gross income in FY2022 (FY2023 data aren’t out yet, but it’s close enough as a proxy). Writing off $80M against $6B is like someone with $100K incoming writing off 1.3K of losses. This is a drop in the bucket for them, just like how a couple hundred bucks are drop in the bucket for those of us that are some what privileged.

If you lose $100, you can write off $100 against your other gains. Why’d you need generational wealth?

In both Canada and US, you can write off investment losses that could be used against investment gains. If you’re Canadian or American, you have the same write off capability as they do.

The biggest fear would be when you’re rebuilding, you’re putting extra stress on the other drives, thereby increasing the risk of them, too, dying.

On the product offering page for Free DDoS Web Protection, the features table shows that “Unmetered DDoS Protection” is available for everyone regardless of tier from Free all the way up to Enterprise. This change was rolled out on 2017-09-25, prior to this, there was a certain amount of throughput depending on price point (though, still very generous for the free tier from what I remembered).

Sometimes, people make up their mind about something and never update their knowledge, and it would appear this is one of those case here.

No problem! I appreciate the civil discussion! Thank you!

The free tier rolled out was specifically to address upstream vendors patching Log4J too slowly. They’re able to monitor the requests and intercept malicious patterns before it hits the server running unpatched (due to upstream unavailable yet) applications. They are updating with more rules for the free tier set as far as they’ve stated. The extras from paid tiers are more extra rulesets and more analytics around what was blocked etc.

At the end of the day though, you do you; the benefit for me may not be benefit for you. I’m not selling their service, and have no benefit what so ever should anyone opt into their services.

The difference in my opinion is that doesn’t matter how fast upstream vendors patch issues, there’s a window between issue being detected, patch being implemented, release getting pushed, notification of release gets received, and then finally update getting deployed. Whereas at least on cloud WAF front, they are able to look at requests across all sites, run analysis, and deploy instantly.

There is a free tier with their basic “Free managed ruleset”, which they’ve deployed for everyone with orange cloud enabled when we saw the Log4J issue couple years back. This protection applies for all applications, not just the ones that were able to turn around quickly with a patch.

If you want more bells and whistles, there’s a fee associated with it, and I understand having fees is not for everyone, though the price point is much lower – you get some more WAF feature on the $25/mn ($20/mn amortized when paid annually) tier as well before having to fork out the full $250/mn ($200/mn when paid annually) tier. There’s a documentation page on all the price points and rulesets available.

It’d be a challenge to keep up — 0 days aren’t going to be added to self hosted solution faster than they could be detected and deployed on a massively leveraged system. Economy of scales at full display.

Security.

Cloudflare handles a very large amount of traffic and sees many different types of attacks (thinks CSRF, injections, etc.). It is unlikely that you or me will be individually targeted, but drive-bys are a thing, and thanks to the amount of traffic they monitor, the WAF will more likely block out anything and patch before I’m able to update my apps on 0 days.

Also, while WAF is a paid feature, other free features, such as free DDOS attack protection, help prevent other attacks.

It’s a trade off, sure; they’re technically MITM’ing your traffic, but frankly, I don’t care. Much like no one cares to target/attack me individually, they aren’t going to look at my content individually.

Additionally, it also makes accessing things much easier. Also, it is much more likely I’d find a SME using Cloudflare than some janky custom self hosted tunnel setup. So from a using homelab as a learning for professional experience point of view, it is much more applicable as well.

Thanks for the thought! I’m that case, I’ll wait and implement this on Sublinks later instead. Thanks.

Self hosting email on non-mission critical domain for learning purposes might be okay if your intention is to get into the industry. Self hosting email for others on more production like setting you’re going to find yourself in a world of pain.

All it takes is one missed email (be it not making into their intended recipient’s inbox, or them not receiving an important notice in their inbox) and you’re never going to hear the end of it.

You’d also be liable for content your users send out from your servers — and I don’t mean the spam type, though if you get your IP blacklisted, your provider may want to have a word with you.

I’d strongly advise against going down this path, but if you do, be sure to have ways to legally shield yourself from any sort of potential liabilities.

Only if their DMM enables options. There are many stocks without options. In that case, the only alternative would be to borrow shares from your broker and sell those shares instead. You’d then have an actual short position that could be recalled by the lender.

Either ways, I’d probably not touch it. I wouldn’t want the theta burn or the risk of getting recalled while price actions tries to figure out a direction.

There’s a vocal handful group of people disliking CloudFlare because of their irrelevant “privacy” concern here — you can absolutely use the registrar without using their CDN features. Also, reality check: with CloudFlare’s market reach, there’s zero chance nothing they do online isn’t already MITM’ed already. Having said that, Cloudflare uses their registrar as loss leader, so they give their wholesale price to end users registering, and as such you’ll have the cheapest price available for the domain extensions they support. You can then just set your DNS without their orange cloud and traffic on your domain aren’t going to flow through their CDN.

Although most providers do over provision, due to mostly bursty nature of most services, you’re probably less likely going to notice the shared aspect as opposed to the general age of the system. So it may be a good idea to take a quick peek at your VPS’s processor and compare that against what you’d be auctioning for. 1 older core (I.e. E5-2687W) is not going to be able to put up same amount of work against 1 newer core (I.e. AMD EPYC 7763) — brands and actual models are less relevant, just the idea of age gap that’s more important.

If you want to be absolutely sure, it may be just a good idea to budget for some duration where you’d pay for both services (you’d need some time to migrate everything anyway), and run benchmarks on both systems to see what you’d get out of each, then decide which one to keep.

Being a (FOSS) dev is a badge of honor, not a license to be terrible.

By misleading users to complain to their upstream vendors about faulty “battery concern” when there’s a deeper problem, they’re just sending misguided users to create problems for other (FOSS) devs.

By forcing all clients devs to handle dual auth instead of handling dual auth token structure “because it is hard”, they’re dumping their responsibilities on to other (FOSS) devs.

This not the first and it will likely not be the last time the Lemmy devs do things you don’t want to acknowledge. However, if you get so agitated and feel the need to spell off expletives at someone calling out facts, then it may be a good time to cut back on the koolaid. Software development is not a cult.

Last time this was brought up, I believe the Voyager dev (sorry can’t remember spelling of his account, I think aeharding@lemmy.world ?) mentioned this is dependent on a proper resolution of push notification support from Lemmy itself, and linked to a Lemmy issue on GitHub. Very unfortunately, Lemmy devs doing what they do best — finding creative ways to alienate their user base by choosing a platform that only works on Android, requiring a third party app to background continuously, shoots down open web standards, and mislead iOS users to go create tickets in their chosen upstream project for fictitious “battery concern” when brought up that iOS paradigm does not allow long running background apps.

I’m not holding my breath for this :(

You could use just a simple Apache (or even some simpler static file server) with no authentication what so ever, but only accessible to your own network. Then, add a Reverse Proxy Gateway such as Traefik, Caddy or whatever else, and add Authentik as a Middleware. User heads to the site (I.e.: https://files.yourdomain.ext/), Reverse Proxy Gateway bounces the request to the Middleware (I.e. Authentik), requires the SSO via whatever authority you’ve got setup, gets bounced back, and then your Reverse Proxy Gateway serves up the static content via the internal network without authentication (i.e.: http://172.16.10.3/).

Check out Forward Auth section of Authentik docs here: https://goauthentik.io/docs/providers/proxy/forward_auth

Also aim for non-networked TVs or they might be doing ACR and phoning home, even if you’re watching your own physical content. A former coworker on ad selling side mentioned before ACR on smart TVs, companies like Nielsen and alike would track content using digital fingerprints hidden in the overscan part of your TV. So there’s all sorts of creepy tracking tech all over.

If privacy is the concern, you should really read the breakdown from Mozilla someone shared. Can’t miss it, large wall of text in this thread. Apple ecosystem is much better than others in the privacy department. The other players are much worse when it comes to personal data collection and selling.