They do maintain an x86 build. I haven’t used pfSense but I have used OpnSense so that’s that closest thing I have to compare it to. I think the upside and downside to RouterOS/Mikrotik is the same thing: it allows very granular control over almost everything. Maybe to a fault. It’s probably overkill for most home networks.
Set up a VPS. Create a VPN tunnel from you local network to the VPS. Use the VPS as the edge router by opening ports on the VPS firewall and routing incoming traffic on those ports through the VPN tunnel to servers on your local network.
I used to do this to get around CGNAT. I ran RouterOS in a Digital Ocean droplet and setting up a wire guard tunnel between it and my local Mikrotik router.
It will obscure your local WAN IP and give you a static IP but that’s about the only benefit. And you have to be pretty network savvy to configure it correctly.
It does not make you immune to DDoS attacks and is honestly more headache to maintain (albeit just a small headache).
Mail servers are the one thing I refuse to self host. Years of managing enterprise email taught me that I don’t need that kind of negativity in my life
Oh, I wouldn’t if I could avoid it. The “fun” of tinkering with IT stuff in my very limited spare time vaporized many years ago. If I could pay for services that did exactly what I wanted, respected my privacy, and valued my business while charging a fair price, I would stop self-hosting tomorrow. But that’s not usually how it works.
Self hosting isn’t super high maintenance once you get everything set up but it still takes up probably 10-12 hours per month on average and I would not mind having that time back.
This is a pretty good summary. In enterprise networking, it’s common to have the ‘DMZ’, the network for servers exposed to the internet, firewalled off from the rest of the system.
If you have a webserver, you would need two sets of ports open, often on two separate firewalls. On the WAN firewall, you would open ports 80/443 pointing to the webserver. On the system firewall, between the DMZ and LAN, you would open specific ports between the webserver and whatever internal resources it needs; a database server for example.
This helps limit the damage if a malicious actor hacks into your webserver by making sure they don’t also have unrestricted access to other parts of your system. It’s called a layered security approach.
However, someone self hosting may not have the expertise or even the hardware to set up their system like this. A VPS for public facing services, as long as it’s configured properly, can be a good alternative. It also helps if you have a dynamic WAN IP address and/or are behind CG-NAT.
Edit: maybe good to mention that securing your local network behind a VPN, even one hosted on your local network, is more secure than allowing public facing services. Yes, it means you still have to open a port. But that’s useless to a malicious actor without the encryption keys. Whereas, if you have a webserver exposed publicly, malicious actors already have some level of access to your system. More than they would if that service didn’t exist anyway. That’s not inherently bad. It comes with the territory when you’re hosting public services. It is more more risky though. And, if the exposed server is compromised, it can potentially open up the rest of your system to compromise as well. Like the original commenter said, it’s about managing risk and different network configurations have different levels of risk.
I currently work on a NodeJS/React project and apparently I’m going to have to start pasting “‘any’ is not an acceptable return or parameter type” into every damned PR because half the crazy kids who started programming in JavaScript don’t seem to get it.
For fucks sake, we have TypeScript for a reason. Use it!
The MPAA should give themselves a great big pat on the back. They, and the studios they represent have done much to not only enable piracy, but also to increase the sophistication of piracy tactics and – somewhat by extension – the quality of the material being pirated. Turns out, fucking over your customers at every possible turn has consequences.
Interested to see what you come up with. I manage our personal finances along with my wife’s consulting business. I switched to Quicken about a year ago. I don’t regret switching because it’s does the job better than anything else I’ve used. But I’m not 100% satisfied either and if I found a better solution, I would seriously consider it.
To be clear, Putin never ordered the death of anyone. Some Russians just have shitty windows and are extra susceptible to the effects of gravity. They didn’t choose to be pre-disposed to falling to their deaths. They were just born that way. What are you gonna do?
/s
The next day:
Product Owner: “We need to prevent the user from yeeting their keyboard across the room. This needs to happen within the current sprint.”
Dev Team: “Uhhhh… That’s not possible. How would we even do that?”
Product Owner: “How many more devs is it going to take to make it possible?”
Dev Team: “The number of Devs isn’t the issue here. This is more of a physics problem.”
Product Owner: “Great. Keep me updated on the progress and reach out to the scrum master with any blockers.”
Dev Team: Updating resumes in background
I moved from primarily ASP.Net Core backends, which is a hell of a great backend framework btw, to NestJS. Not my choice. I do what the people who sign my paychecks ask for.
I cannot begin to fathom why anyone would willingly choose JavaScript for backend. TypeScript helps a lot but there are still so many drawbacks and poor design decisions that make the developer experience incredibly frustrating. Features that are standard in ASP.Net Core, Django, or other common backend frameworks just don’t exist.
Also, don’t get me started on GraphQL. Sure, it has performance advantages for websites of a certain size and scale. But 99% of the websites out there don’t have the challenges that Facebook has. The added complexity and development cost over REST is just not worth it.
That asshole gets me every time.
God damnit! Who the fuck wrote this streaming pile of dog shit? Which ignorant fucktard has their head shoved so far up their ass that they would do something this stupid!?
Checks git blame
Ahhh fuck!
“Look how much money we can save productivity we can eliminate by outsourcing IT!”
Most of the time, management is looking for the next “silver bullet” that is going to magically solve all their problems. They will latch onto the latest marketing gimmick and run with it despite having no understanding of how the “silver bullet” works or the impact it will have on their business. A decade and a half ago it was “the cloud”. Now It’s “AI”.
Are there advantages to “hosted solutions” AKA “the cloud” AKA renting someone else’s data center? Sure there are. For example, It’s great for small businesses who need enterprise grade technology but can’t afford their own data center. Cloud providers also offer services and scale that would be very difficult and costly to build out in your own data center(s).
But is it cheaper all the time? The answer to that is a definite “No”. Like most other business decisions it’s situational and there are a lot of facets that impact the cost. In my experience, one downside to hosted solutions is that it’s very easy to make architectural errors that have high costs and no one notices until accounting is on the phone wanting to know why the Azure bill doubled over the last month and “Whoops!” Is not really a satisfactory answer.
Motivation: AKA, Chronic Insomnia.
One way or another, the interest on the technical debt always comes due. When you hear phrases like “we can’t do that without a major refactor” with increasing frequency, you’ll know that day is not far off.
…And I just realized that it might be time for me to start looking for a new job cause the credit line on my current project is about maxed out.
If you want a really good, capable firewall that’s easy to configure, go with OpnSense.
If you want granular control and [near] enterprise grade features for a low price, go with Mikrotik.
Windows Hyper-V Server on the host with most of the VM’s split between Ubuntu and Debian. I also have two Windows VM’s that I keep out of necessity.
Fancy title for the developer that gets yelled at when the CI pipeline is broken. Also a good chance they are the one that broke it.