• 0 Posts
  • 18 Comments
Joined 1 year ago
cake
Cake day: July 3rd, 2023

help-circle

  • What they don’t advertise is how many of those “new” subscribers are actually from their “emerging” markets such as India, where a subscription price is peanuts. Also, im fairly certain these numbers are intentionally skewed to paint a better picture as they lump in all the “free” accounts people get with their other subscriptions.

    I get Paramount+ free with Walmart+. I get Hulu/Netflix/AppleTV with Tmobile Mobile. I get Max with ATT Fiber.

    I’m sure that these streaming companies have more new subscribers when they literally give it away and simultaneously strangling their existing consumers. It’s more of a question of how long is it sustainable for them to raise prices every time they’re not going to have a record quarter.

















  • Personally I trust Bitwarden more than myself to keep all my passwords secure AND available. They’ve got a good track record as far as I’m aware.

    For general security hardening though…

    I use Shodan to help me identify if anything is misconfigured and what is visible from the web. You can pick up an account for usually $1 for life when they run a deal, then you can just monitor your DDNS, domain, and IP address and have it email you when any new services are detected.

    Cloudflare Tunnels, to remove the need for a nginx reverse proxy (with the added benefit of easy failover as well as simplifying your stack). Then I’m utilizing Cloudflare’s WAF to handle filtering out known malicious, foreign IP addresses, and other malicious traffic.

    Another route you can go is a Nginx/haproxy reverse proxy behind something like Suricata. Then you can utilize something like fail2ban or crowdsec.

    Authentik. Get everything behind a SSO experience and don’t expose your backend services to unauthenticated local traffic (utilize http basic auth with header passthrough in authentik). So many people setup auth wrong and then have something like auth.domain.com going through auth but then mistakenly have their external IP address setup to allow traffic in authenticated.