Melmi

CGNAT is for IPv4, the IPv6 network is separate. But if you have IPv6 connectivity on both ends setting up WG is the same as with IPv4.

Only giving a /64 breaks stuff, but some ISPs do it anyway. With only a /64 you can’t subnet your network at all.

I really doubt it. We could give everyone on Earth their own /48 with less than 1% of the IPv6 address space.

Giving a /48 is spec, but a lot of ISPs are too stingy :/

Going to other planets would require a total re-architecting of our communications infrastructure anyway. There’s such distance too it’s not really viable to have a shared internet. Even Mars would have up to 22 minute latency at peak. So I don’t think it makes sense to plan our current internet around potential future space colonization.

Even so, IPv6 is truly massive. We could give a /64 to every square centimeter of the Earth’s surface and still have IPs to spare. Frankly, I think the protocol itself will be obsolete before we run out.

All of your temporary privacy addresses will be coming out of the same subnet, so it’s clear they all belong to the same people.

Ultimately the privacy extensions are just bringing IPv6’s privacy back in line with IPv4, because without the privacy extensions every single device has a separate IPv6 address based on its MAC address whereas in IPv4 most consumer networks have every device sharing a single IP.

I think the utility of blocking people on a public platform is kind of fake anyway. If someone is harassing you, and you block them, it’s obvious that you did it so they’ll just log out and suddenly they can see your posts again. Accounts are trivial to make on the fediverse too so they can always just spin up a new one to harass you.

I think silent filtering is better for that reason because they can’t tell that you did it so they won’t just immediately switch to a new account and keep going.

Active blocking like you’re talking about only makes sense if there’s such a thing as “follower-only” posts imo. Otherwise it’s a false sense of security because they can see everything anyway just by logging out or switching to another account.

The free version of ChatGPT is 4o or 4.1-mini at this point. You can’t even access 3.5 without paying, ironically, since it’s legacy now.

Be that as it may, the Plex official guide for setting up “remote streaming” walks you through port forwarding. That implies that when they say remote streaming, they mean port forwarding by default. I then had to go digging to find mention of the Relay service which seems to be a fallback. (Apparently it isn’t even supported by all clients)

Surely if they meant they’d start charging for Relays they’d mention that explicitly, and not use the term “remote streaming”?

It’s the confusing mess of subscriptions and seemingly locking basic functionality behind a paywall that’s skeevy, not paying for software itself. I have happily paid for software before and would again. Plex has never appealed to me though, and they’re certainly doing nothing to make themselves more appealing.

Do you have a source for this claim that the new pricing scheme only applies to the Plex Relays? As far as I can tell it applies to anything they consider “remote access”, regardless of whether it goes through their servers or not.

It seems deeply opposed to the spirit of selfhosting to have to pay for the privilege of accessing one’s own server. If the software itself cost money, that would be one thing, but this whole monetization scheme is skeevy.

It seems like multiple things are being conflated here and I’m not sure what the reality is because I’ve never used Plex.

Some people claim this has something to do with Plex needing to pay for NAT traversal infrastructure. Okay, that seems sort of silly but at least there’s the excuse that their servers are involved in the streaming somehow.

But their wording is very broad, just calling it “remote streaming.” That led me to this article on the Plex support website, which walks people through setting up port forwarding in order to enable “remote streaming”! So that excuse doesn’t really seem to hold water. What exactly is being paid for here then? How do they define what “local streaming” is?

The cursed LLM thing uses buttplug.io on the backend, I just wanted to share it because the premise is very funny to me.

You’re in luck

Tailscale is just a bunch of extra fancy stuff on top of Wireguard. If you don’t need the fancy stuff, using raw Wireguard can be more lightweight, but might require more networking knowledge.

The biggest thing Tailscale brings you the table is NAT traversal. On top of that it uses direct Wireguard tunnels as necessary instead of creating a mesh like you usually would if you were using raw Wireguard. It also offers convenient bits of sugar like internal DNS, and it handles key exchanges for you so it’s just generally easier to configure. When you do raw Wireguard you’re doing all the config yourself, which could be a pro or a con depending on your needs—and you’ll be editing config files, unlike Tailscale which has a GUI for most things. It also supports some more detailed security options like ACLs and I think SSO, while Wireguard is reliant on your existing firewall for that.

Here’s what Tailscale has to say about it: https://tailscale.com/compare/wireguard

I’ve messed around with Tailscale myself, but ultimately settled on running Wireguard. The reason I do that though is because I trust my LAN, and I only run Wireguard at the edge. Tailscale really wants to be run on every node, which in turn is something that raw Wireguard theoretically can do but would be onerous to maintain. If I didn’t trust my LAN, I’d probably switch to Tailscale.

A lot of people have suggested Tailscale and it’s basically the perfect solution to all your requirements.

You keep saying you need ProtonVPN which means you can’t use Tailscale, but Tailscale actually supports setting up an exit node which is what you need. Put Protonvpn on the Raspberry Pi, then set it up as an exit node for your tailnet. There’s a lot of people talking about how they did this online. It looks like they even have native support for bypassing the manual setup if you use Mullvad.

As long as every client has the ability to use Tailscale (I.e. no weird TVs or anything) this seems like it checks all your boxes. And since everything is E2EE from Tailscale, TLS is redundant and you can just use HTTP.

I kinda of lean towards the idea of “private accounts” being a bad idea as a result, just because it creates a false sense of security. But I’m not in the target demographic so idk

The issue is that if you don’t default to federation, it becomes essentially impossible for new instances to join the fediverse. A potential new instance would have to go around to every single existing instance and ask to be allowlisted, which is onerous for both the new instances and for the large server admins who would be getting tons of requests. It would also essentially kill small-scale selfhosting as a result.

A big part of IPv4’s persistence I think is that people insist that IPv6 is complicated, but then refuse to learn it or think outside their IPv4-brain. It’s just different enough that it’s easier to stay in v4, even if it requires a million hackjob fixes to keep around.