It's not only Cloudflare, but also other not so tiny CDNs are being blocked - currently an entire Backblaze B2 region is blocked in 3 out of 5 ISPs (!).
Particularly hurtful, the entire Cloudflare R2 is blocked during football matches so you can't pull Docker images or Ollama models.
The amount of resources that goes into soccer in many countries is really astonishing. It can be seen as a modern equivalent to bread and circuses however.
Orange and Vodafone are also implementing the blocking but users are not noticing because they are doing it wrong: instead of blackholing the IPs or only blocking when connecting through ECH, they are blocking by DPI the access when using the IP address as the SNI/Host header.
# curl http://104.21.16.1
<META HTTP-EQUIV="Pragma" CONTENT="no-cache"><META HTTP-EQUIV="Expires" CONTENT="-1"><html>Por causas ajenas a Vodafone, esta web no est� disponible</html>
# curl http://104.21.16.1 --header "Host: blockedsite.com"
error code: 1001
(1001 is the expected output from Cloudflare)
Which is really useless, but I guess fulfills the court order (pandereta meets undefined specifications).
It's not required to have DOCSIS 3.1 to have 100Mbit/s symmetry, 3.0 can provide that.
Vodafone in Spain has a mixture of HFC footprint (the widest), its own small FTTH footprint, and Telefonica (Spain's DTAG) wholesale FTTH. Prices and speeds for the three of them are the same, but if you are on an FTTH zone you get symmetric upload speeds, while on HFC zones they provide 100Mbit/s upload with all their plans (min download is also 100MBit/s).
They argue they will be able to have symmetry on 1Gbit on HFC when they complete their DOCSIS 3.1 rollout, but that has been going on for years with no news. Ironically their own FTTH footprint is pretty small so they end up, in most cases, providing better upload speeds when reselling Telefonica infrastructure than with their own.
Nice! I had been thinking for a while on building something like this but that provided reverse PTR records, too.
Some providers like Tunnelbroker easily allow you to change the delegation for the reverse records for your delegated range: if you have the 1234:5678:9abc:def0::/64 subnet, they let you change the delegation of the *.0.f.e.d.c.b.a.9.8.7.6.5.4.3.2.1.ip6.arpa DNS zone or add records to it as you please.
So having a public service that responded to those (following the example, all you would need is the server to respond to 0.f.e.d.c.b.a.9.8.7.6.5.4.3.2.1.0.f.e.d.c.b.a.9.8.7.6.5.4.3.2.1.ip6.arpa with a PTR record to 1234-5678-9abc-def0-1234-5678-9abc-def0.has-a.name) would enable you to also make reverse DNS work for all your network easily, as long as you delegate your reverse zone to that server.
Unfortunately probably only Tunnelbroker and hosting providers allow you to do this - I don't expect any residential ISP would (they would also probably provide their own reverse DNS, though).
If you want more data that what you can probably get from Google Sheets easily, an alternative could be modifying this script to make it output a Beancount[0]-formatted ledger text file.
The format is pretty readable plain-text (and so you could store it on Git to track changes easily) and you can generate nice reports out of it with the Beancount CLIs and a web interface with Fava[1]. Also adds another additional level of self-hosted :)
Also Beancount has some nice support for implementing importer scripts inside it if need be, although I haven't played with those yet.
I highly recommend Beancount and Ledger-likes[0] too. Mint-style net-worth trackers have limited usefulness. Once you have visibility into your assets, you'll likely want to take more active management of them. Modelling that with spreadsheets is possible but can become complicated quickly and you'll likely end up re-inventing a lot of established accounting practices. A disclaimer: Ledger-like systems are described as whole "all bran" of personal finance - there's steep learning curve but once you get through that you'll have a powerful, life-long tool.
Are you able to find book keepers and CPA's who can deal with this easily? How do you sync data with them and control access? I have a contractor that helps me with invoicing, a book keeper, a CPA, and a partner. Not sure how this would work.
Yep, fava is a very nice base for viewing finances. Currently trying to see how to extend it further for custom reports, though just using its custom links feature can go a decent way.
Also, have heard of some folks using services like tillerhq.com then exporting to a plaintextaccounting tool to presumably help with dealing with messy data that comes from financial institutions. I just download and parse the csvs, using a mix of browser bookmarks and katalon scripts to aid in the process.
Personally think the goal isn’t to have a mint-like experience of constant updates, but to have a habit where you sit down once a month, update things and go through a checklist of actions / write down improvements.
OVH recently received a 150gbps DDoS from the biggest ISP on Spain (Telefonica) not long after they deployed symmetric 300mbps to almost all of their domestic customers at a decent price - OVH had to divert traffic over two different routes to be able to even _filter_ all of the incoming traffic.
As those connections spread (and they will - if you have optic fiber coverage, the slowest you can get is symmetric 50mbps), things will only get funnier
Back in the 2000's (age of J2ME featurephones and when 3G networks were only starting to flourish) there was this Spanish carrier that had a separate APN for sending MMS (with a proxy that only allowed access to the actual MMS server, that billed by sent message) and another one for ordinary data (which was, of course, expensive at the time).
After some fiddling, I found out that the filtering proxy was banning access to anything other than http://mms.provider.es*. Note how there was not a trailing slash.
You could access any domain like http://mms.provider.eswhatever.freedns.org and it would happily proxy you to the outside internet. As the billing was done on the MMS server and not in the proxy, you could pretty much open any HTTP connection to any proxy that had a domain like that pointed to it.
Some deep browsing (too much free time) led to Filipino forums sharing hacked versions of Opera Mini and other popular apps that let you change the Opera proxy endpoint to other custom domain that then was pointed to Opera's own servers - probably because of similar separate tricks.
Hey! could you shoot an invite? We're fighting with Vagrant for our development environments and considering moving slowly into Dockerizing all the things to unify them with production deployment :)
Well, I've found the contrary: at least on Spain their app/web/ATM experience is much better designed than other banks with atrocious UX and WebView-based mobile apps.
https://hayahora.futbol https://tinyuptime.sconde.net
It's not only Cloudflare, but also other not so tiny CDNs are being blocked - currently an entire Backblaze B2 region is blocked in 3 out of 5 ISPs (!).
Particularly hurtful, the entire Cloudflare R2 is blocked during football matches so you can't pull Docker images or Ollama models.