Free way - sign up for a cloudflare account. Use the DNS on cloudflare, they wil put their public ip in front of your www.
Level 2 is install the cloudflare tunnel software on your server and you never need to use the public IP.
Backend access securely? Install Tailscale or headscale.
This should cover most web hosting scenarios. If there's additional ports or services, tools like nginx proxy manager (web based) or others can help. Some people put them on a dedicated VPS as a jump machine.
This way using the Public IP can almost be optional and locked down if needed. This is all before running a firewall on it.
The tunnel doesn't have to use the Public IP inbound, the cloudflare tunnel calls outbound that can be entirely locked up.
If you are using Cloudflare's DNS they can hide your IP on the dns record but it would still have to be locked down but some folks find ways to tighten that up too.
If you're using a bare metal server it can be broken up.
It's fair that it's a 3rd party's castle. At the same time until you know how to run and secure a server, some services are not a bad idea.
Some people run pangolin or nginx proxy manager on a cheap vps if it suits their use case which will securely connect to the server.
We are lucky that many of these ideas have already been discovered and hardened by people before us.
Even when I had bare metal servers connected to the internet, I would put a firewall like pfsense or something in between.
What does the tunnel bring except DoS protection and hiding your IP? And what is the security concern with divulging your IP? Say when I connect to a website, the website knows my IP and I don't consider this a security risk.
If I run vulnerable software, it will still be vulnerable through a Cloudflare tunnel, right?
Genuinely interested, I'm always scared to expose things to the internet :-).
With the amount of automated bots that port scan looking for anything/everything that's open, as well as scanning DNS records for server IPs that could be targeted, one of the nice patterns of cloud hosting is how application and data servers are hosted behind firewalls of some kind, to effectively be internal.
As for what's exposed to the web, let's say the payload of a website, if there was something vulnerable in the javascript, that could be a weakness hosted anywhere.
Cloudflare can also help achieve this without too much fuss for self-hosted projects, be it personal, and production grade, assuming the rest of the trimmings are tehre.
> one of the nice patterns of cloud hosting is how application and data servers are hosted behind firewalls of some kind
Oh I see, so that I benefit from the "professional" firewall of Cloudflare, as opposed to my own that I may have possibly misconfigured or forgot to update etc?
Or is there more, like Cloudflare will block IPs that know to come from malicious actors and things like this?
Many ways. Using a "bastion host" is one option, with something like wireguard or tinc. Tailscale and similar services are another option. Tor is yet another option.
The first mission is to start and land on a carrier.
Video games were never even a question: You couldn't copy games and had to pay ridiculous prices for each!
I would have definitely left normally. Just wanted to see the site.
And I know this also likely not Neil's idea of fun, and mostly the silly EU rules that are to blame but still, dialogs without a directly available "refuse all" are the worst
You can drop Windows and keep VSCode. I'm running it on this laptop (Kubuntu 25.04).
To install it, browse to here: https://code.visualstudio.com/ (search: "vscode"). Click on "Download for Linux (.deb)" and then use Discover to install and open it - that's all GUI based and rather obvious. You are actually installing the repository and using that which means that updates will be done along with the rest of the system. There is also a .rpm option for RedHat and the like. Arch and Gentoo have it all packaged up already.
On Windows you get the usual hit and miss packaging affair.
Laughably, the Linux version of VSCode still bleats about updates being available, despite the fact that they are using the central package manager, that Windows sort of has but still "lacks" - MSI. Mind you who knows what is going on - PShell apps have another package manager or two and its all a bit confusing.
Its odd that Windows apps, eg any not Edge browser, Libre Office, .pdf wranglers, ... anything not MS and even then, there are things like their power toy sort of apps, still need their own update agents and services or manual installs.
Yes but winget is not the Windows central package manager. Actually, Windows does not have one but for some reason you have enforced updates from a central source.
Why does Windows not have a formal source for safe software? One that the owner (MS) endorses?
One might conclude that MS won't endorse a source of safe software and hence take responsibility is because they are not confident in the quality of their own software, let alone someoneelses.
I believe that MS wants that to be their own MS Store, though I don't know of a single person who actually uses it as their preferred way to manage software. For what it's worth, VS Code is available there: https://apps.microsoft.com/detail/xp9khm4bk9fz7q
Not who you responded to, but for a GUI editor I tend to like Zed, and for terminal I like Helix. Yes, Neovim is probably better to learn because Vim motions are everywhere, but I like Helix's more "batteries included" approach.
I decided to finally learn a modal editor and installed Helix. Ideal for me since it's very hackable if you're already familiar with Rust. Very easy to build from source. Plus all I need is LSP support and I'm good at work, clangd is all I need for an IDE.
Yeah everyone I've tried to introduce helix to who was already a vim master hated it. It's great for people who don't already have that muscle memory, I found the reversed selection->action model a lot more intuitive personally.
> if you haven't noticed, the people concerned are computer programmers, UI designers, and PMs.
Those are the people who should know best what is meant by "ask visitors for consent before you track them.".
Lawyers and more work is needed if you want to track anyway and look for ways to make people accidentally consent. "Let's ask the question, but hide the unwanted answer as deeply as possibly without breaking the law."
You may blame EU bureaucrats, I blame the unwillingness of the companies to fulfill the spirit of the law and putting all the work into pretending.
Since you asked: I care. I leave sites which insist on tracking me and appreciate that it is now mandatory for said sites to inform me about their intentions. So this is a solution to a problem I actually have.
There are sites which place a "reject all" button above all and make this easy for me. Others try it the sneaky way, by making me turn off every single tracking vendor and then a lot more hidden under legitimate interest. Those are the sites I leave and never come back.
The hurdle in question has a lot of simple solutions. 1, don't use cookies. Github does that AFAIK. 2, be transparent about your tracking intentions and use one of the several premade solutions. 3, design a dark pattern UI that hides the important switches in technical named lists and count on the laziness and confusion of users to use them. That is probably the most expensive way for a 3 person company, as you need devs and UX designers and lawyers to judge if you bended the regulation requirements just enough without breaking them.
iOS6 peak iPhone? Finally someone says it!
Also buttons had titles like “Done“ instead of icons, touches wouldn‘t end in accidental swipes all the time and Safaris toolbar was fixed.
All things I recently failed to explain to an elderly person.
Plus, the iPhone shipped with its own, very distinguishable ringtones which pretty soon signaled to everyone “I have an iPhone”.
And the small switch to silence it was already a feature on the first iPhone, became a standard for all smartphones and vibration only turned out to be a convenient alternative. That said, the current ringtones on my phone are:
-Nokia Attraction
-Nokia Orient
-the ringtone from Luigis mansion 3
-You’re so cool from True Romance
and yes, putting them on the phone with garage band is a pain.
Yes, up to a point, but that's one of those arguments that proves too much. If you take it literally, there's no difference in discussion quality and therefore no point in having guidelines at all.
