https://piefed.social/u/Skavau posted on Mar 7, 2026 21:54
You know what doesn‘t disclose your viewing habits with third parties because it doesn‘t even require you to have an account to watch streams? Aye.
You answered it yourself. When hasn’t Amazon tried to eliminate competition?
Disney Star Wars was pretty much doomed the moment they decided to make a trilogy without having any plan for a trilogy.
They were initially able to mask that fact with early financial success that was based entirely on the strength of the brand that they purchased, and not their creative output.
The only real exception was The Mandalorian season 1, which I think primarily speaks to the talent of Jon Favreau, but Baby Yoda doomed that show with its massive merchandising success.
Maybe making a show about a crime lord that doesn’t do crimes wasn’t a good idea
Hey guys, so I’ve been self hosting for 2 years, making small upgrades until I reached this point where I replaced my router with one of those Chinese fanless firewalls running Intel n150 and running a proxmox homelab.
I am self hosting headscale with many of my buddies connected, including ny own services. Everything was working great until I setup OPNsense.
The firewall was not easy to setup, but after I set it up, I discovered odd behaviors from tailscale.
The firewall was blocking all connections from the ip 100.60.0.0/24, I had to explicitly allow it and change the forewall state to hybrid
What happens is that my LXC containers running tailscale would receive requests from tailscale0 interface but respond via LAN.
Apparently as I understood, consumer routers have assymetric NAT so that works fine, but not with opnsense.
Every guide I read online talks about installing tailscale on the opnsense router directly but I do not want to expose it to the tailscale network.
For now temporarily I set an ip route to tailscale0 and resolved it that way temporarily, but I still cannot get a solution that can help without compromising the firewall.
It’s also very cumbersome to do this for 50+ LXC containers over and over, even with running systemd scripts a problem might happen in the future
If you guys have any experience with this it would help a lot.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
| Fewer Letters | More Letters |
|---|---|
| IP | Internet Protocol |
| NAT | Network Address Translation |
| VPN | Virtual Private Network |
| VPS | Virtual Private Server (opposed to shared hosting) |
[Thread #136 for this comm, first seen 6th Mar 2026, 09:50] [FAQ] [Full list] [Contact] [Source code]
I might have a solution for you by doing what I’m doing. I’m running OPNSense as my firewall as well. I have one NAT:Port Forward rule for torrents (I really am seeding linux iso torrents) and that is it. Any services I’m hosting outside the network are done using Cloudflare tunnels from either a Cloudflared instance or from the LXC itself. This method has fixed my issues with Plex outside of my network since I was able to turn off “Remote Access” and make it available to my friends/family through a “Custom server access URL” (in the network settings, looks like: https://plex.domain.url,http://192.168.1.xx:32400/). No messy NAT rules to complicate things.
I am also using tailscale, but I don’t terminate it on my firewall. I terminate Tailscale on another host inside my network, you could probably use an LXC container. It’s a Debian system with Tailscale installed, routing enabled (https://tailscale.com/docs/features/subnet-routers), and set up as an exit node and subnet router. On OPNSense, I set up a Gateway on the LAN interface pointing to my Debian Tailscale router node. Then I pointed the remote networks of my family to the Tailscale router using the routes in OPNSense. Fortunately, for me (and because I set them up), they are all different networks.
The benefit to this method is also that when remotely reaching my services, the traffic looks to the services on my network as if they are coming from the Tailscale router and so return there instead of trying to go out my firewall. Tailscale maintains the tunnel through the firewall so it really isn’t a participant in the tailnet. The only issue I’ve really had had been DNS with the Tailscale Magic DNS wanted to respond instead on my internal DNS servers. I’ve got MagicDNS disabled. but it always messed stuff up. The way I fixed it was to put tailscale on my Adguard container and make it’s tailscale IP the first DNS server, followed by the internal IP addresses of my DNS servers (192. addresses). This has worked for me pretty well.
Please let me know if you want any follow up info. I’ve been doing this for a long time. It’s my main hobby (and directly congruent to my job).
I love to hear about a Canadian alternative.
Detect is way too expensive because of the amount of unique visitors you get. When you federate and post, you’ll see your unique visitors climb fast.
Lemmy.ca gets it free I think because they are a non profit and deflect is being generous.
I posted this over at https://discuss.tchncs.de/c/navidrome, but I thought I’d post it here, maybe someone has had experience with this.
I’ve been noticing demo.navidrome.org showing up in my firewall:
pFsense: https://discuss.tchncs.de/pictrs/image/3829f59a-fe76-4fd0-b988-c8b8896f2dd3.png
abuseipdb.com: https://discuss.tchncs.de/pictrs/image/fd0b1738-8a21-4cfc-a996-36b109268c28.png
As with anything entering or exiting my network, I am cautious and curious why my instance of Navidrome has the need to contact demo.navidrome.org.
I am running Navidrome as a Docker Instance. I have combed my compose file and can find nothing in that itself that would trigger Navidrome to ‘call home’.
Is this for stats, or other? As of right now, I have demo.navidrome.org blocked until I’ve gathered some information.
BTW, sweet piece of opensource software. I tip my hat to the dev team(s).
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
| Fewer Letters | More Letters |
|---|---|
| FTS | Flight Termination System |
| IP | Internet Protocol |
| UDP | User Datagram Protocol, for real-time communications |
| WDR | Wet Dress Rehearsal (with fuel onboard) |
[Thread #147 for this comm, first seen 8th Mar 2026, 16:20] [FAQ] [Full list] [Contact] [Source code]
Ahah! Ok that makes sense. Thank you so much for clearing that up. I guess I can now unblock demo.navidrome.org.
Hi all, The other day, I posted here asking about recommendations on audiobooks servers and clients for iOS, and I got so many nice and very helpful responses from you all. I really, really appreciated the sense of community and help that you all showed me. Some of you mentioned Android clients and I checked them out since I do have an Android phone and the iOS one was for my wife. I appreciated the two Android clients I saw, the official ABS and Lissen but they weren’t what I was looking for (with the utmost respect to their developers of course).
A kind soul here recommended the app Still for iOS. I checked it out and it was such a nice app. The wife loved it too. I was bummed that it was iOS only. So, I decided to make one for Android (with the help of my butt for transparency of course). I’ve been working on it nonstop for over 2 weeks now. When I say nonstop, I mean I stay up until 1AM daily working on it. I’ve got something working really well now.
I wanted to share that with you all in the hope that someone will find it useful. It’s completely free and open source (GPLv3). Completely private. Nothing leaves your device beside the calls the app makes to your own server. I won’t ask for donations or anything. I just want to share. I welcome any feedback and contributions.
Get it here and let me know.
Please do it, there is a big part of the foss community that only install apps from fdroid, including me.
Request has already been submitted to their gitlab page :)
Which is why I specified for Star Trek. Like DS9, though it had a lot of good, it chipped away at the Roddenberry’s vision of the future, which I think was more scifi than DS9 and ENT were, so those shows didn’t contribute to the ST universe, but instead gave us things like Section 31.
That’s not true, they don’t ignore canon.
They go through great pains to deconstruct it, erase it, and just generally shit all over it.
If anything, Kurtzman was incredibly focused on canon and his desire to destroy it, and supplant it with his own version.
They canceled The Recruit, but kept this.
A lot of people simply don’t have time to go the extra steps.
Instead you should be focused on secure by default design. E.g. not setting a static router password to admin admin.
It’s stupid in this day and age to continue to see default logins occur still.
simply don’t have time
Sorry, but that is no reason. That’s a bit akin to having a dog and saying: “Nah I don’t have time to walk the dog now”. Selfhosting something that is publicly available (not as in “everyone can use it” but “everyone can access it”) bears some level of responsibility. You either make the time to properly set up and maintain it, or you shouldn’t selfhost stuff.
Sitting still just feels empty.
can i ask which publication you read? i found many diff versions and am unsure which
This audiobook/radioplay of Ulysses is one of the greatest feats of literature, it is beautiful and freely available.
https://archive.org/details/Ulysses-Audiobook-Merged/
I don’t think you can go wrong with which print version you get personally, but I would recommend the Oxford edition.
https://global.oup.com/academic/product/ulysses-9780192855107?cc=us&lang=en
