TL;DR: she works on the speech to text AI product on Azure, which is used by Israel for some of their operations.
Look, I understand her desire to stop fighting in Palestine, but by that logic, we should also be protesting every software and computer manufacturer.
I like iOS shortcuts. This week, I created an iOS shortcut to scan my Plex library. Now this may seem weird since there is an option to scan a library from the official Plex iOS app and there are also options to scan the library automatically or periodically. For various reasons (excuses), I didn’t like that the official app only lets you scan one library at a time and I have automatic/periodic scans turned off to avoid network drive access, so I created the shortcut to scan from my phone any time I felt like I wanted to trigger it.
https://{ip_address}:{port}/library/sections/all/refresh?X-Plex-Token={plex_token}
I tend to agree. Don’t blow this out of proportion. If you dig deep enough, you will not like the CEO of ANY company… so don’t let some comments from the CEO of Proton get you worked up.
I’ll be honest, this kinda feel like the wrong move. If correct information is the antiseptic to misinformation, wouldn’t X be the exact place you should be posting your journalism to?
5). Hey OP, don’t worry, this can seem kind of scary at first, but it is not that difficult. I’ve skimmed some of the other comments and there are plenty of good tips here.
2). Yes, you will want your own domain and there is no fear of other people “knowing it” if you have everything set up correctly.
1b). Any cheap VPS will do and you don’t need to worry about it being virtualized rather than dedicated. What you really care about is bandwidth speed and limits because a reverse proxy is typically very light on resources. You would be surprised how little CPU/memory it needs.
1a). I use a cheap VPS from RackNerd. Once you have access to your VPS, just install your proxy directly into the OS or in Docker. Whichever is easier. The most important thing for choosing a reverse proxy is automatic TLS/Let’s Encrypt. I saw a comment from you about certbot… don’t bother with all that nonsense. Either Traefik, Caddy, or Nginx Proxy Manager (not vanilla Nginx) will do all this for you–I personally use Traefik unless for some reason I can’t. Way less headaches. The second most important thing to decide is how your VPS in the cloud will connect back to your home securely… I personally use Tailscale for that and it works perfectly fine.
3). Honestly, I think Fail2Ban and geo restrictions are overdoing it. Fail2ban has never gotten me any lift because any sort of modern brute force attack will come from a botnet that has 1000s of unique IPs… never triggering Fail2ban because no repeat offenders. Just ensure your VPS has a firewall enabled and you know what ports you are exposing from Docker and you should be good. If your services don’t natively support authentication, look into something like Authelia or Authentik. Rather than Fail2Ban and/or geo restrictions, I would be more inclined to suggest a WAF like Caddy WAF before I reached for geo restrictions. Again, assuming your concern is security, a WAF would do way more for you than IP restrictions which are easily circumvented.
4). Have fun!
EDIT: formatting
Thanks for your … er… um… reply? I guess? For what seems like a response to a different question than the one asked?
Nice try… North Korea. j/k. IDK man, because I watched “The Undeclared War”. Give it a look.
Several other comments called me out for the same thing and you are right, I didn’t mean to imply that there are not domestic bad actors also.
It was not my intention to suggest there are not “domestic bad actors”. I live in America, and yes, that is a blanket term that we use to generalize countries that are antagonistic to “American values”. We have plenty of domestic bad actors. I was painting with too broad of a brush and that was my bad.
State-sponsored
In another comment I was accused of being a brainwashed American, so take this for what it is, but some posts — mostly of a political nature — just seem to defy any mainstream thinking across the spectrum. Looking at some user profiles when I come across these, it seems their post history is entire based around fueling arguments, with no agenda, other than breed discontent.
Your point is fair and I didn’t mean to imply that bad actors are purely foreign. There are plenty of domestic bad actors. Please excuse the “propaganda framing”.
This was my subjective opinion based on the kinds of discussions and posts I see.
I think what you’re looking for is what is sometimes called a “dns load balancer”. Offerings like Azure Traffic Manager or AWS Route 53 do this. You can set up health checks that the service will use to determine if one of your locations is down and then automatically update the DNS record to point to the other one. You can also get clever and do things that allow the DNS to resolve the IP of whichever of your servers is physically closer so you get the best performance. I’m not sure what options there are for selfhosting a DNS service like this, however, these services are extremely affordable – pennies – and run on very reliable infrastructure, which is what you want.
If you were using derp servers with Tailscale/Headscale, that would explain why it was slow.