Hello World!

  • 1 Post
  • 16 Comments
Joined 1 year ago
cake
Cake day: June 12th, 2023

help-circle

  • Many are, but as far as I know, no hosting provider has ever tried something like what was claimed (which is why it made such news).

    It seems like many people didn’t even verify that portion of ToS was new (checking web archive), or wait for Vultr’s response before closing their accounts.

    Even after the official response, it feels like people stuck to their original assumptions and felt justified moving services?

    Companies, and specifically the people in them, make mistakes. What matters is their reaction. I’m scratching my head to think what Vultr could do better in this case (other than creating a time machine to avoid the initial screw up).














  • Interesting article, thanks for sharing!

    I’ve run a (nowhere near as popular) public API for just about 10 years now. Definitely relate to the bit where he mentions people simply retrying the same request when they get an error. 😂

    I get a lot of students using the API for learning projects, which is great! But it also means my rate limiting is more often protecting my server from accidental infinite loops, rather than anything purposely abusive.



  • ArmoredCavalry@lemmy.worldtoSelfhosted@lemmy.worldSecure Access and Android Apps
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    1
    ·
    edit-2
    1 year ago

    You can use Service Tokens with Cloudflare Zero Trust (Access). Unfortunately, the companion App then has to support setting custom request headers, in order to send the token. Not many support this in my experience.

    The only other option would be to use Basic Authentication, instead of Cloudflare Access. This isn’t as secure, but would be supported by most Apps (since you can simply inline user:password in the API URL). You can even setup a Cloudflare Worker to add basic auth to any Route you want.

    Ideally, would love some hybrid of these approaches, where I can keep Access enabled, but override with basic auth for ‘legacy’ apps. Don’t know of a way to do this though.

    Edit: Forgot to mention a third option, if you just want access while home, you can setup a bypass in Cloudflare Access policies for your home IP address. Then if you really need access when remote, you could also use VPN, but not as seamless of course.