_

Many are, but as far as I know, no hosting provider has ever tried something like what was claimed (which is why it made such news).

It seems like many people didn’t even verify that portion of ToS was new (checking web archive), or wait for Vultr’s response before closing their accounts.

Even after the official response, it feels like people stuck to their original assumptions and felt justified moving services?

Companies, and specifically the people in them, make mistakes. What matters is their reaction. I’m scratching my head to think what Vultr could do better in this case (other than creating a time machine to avoid the initial screw up).

Vultr posted their response to the concerns here - https://www.vultr.com/news/a-note-about-vultrs-terms-of-service/

The portion of the ToS that people were worried about had been in place for years and had nothing to do with server intellectual property. They are removing it to avoid future confusion.

I don’t disagree that it was poorly worded, but the amount of people jumping to the worst possible conclusions on this is concerning. What happened to Hanlon’s Razor?

Weird! For reference one VM I run on only has 1 GB of memory, and Netdata uses 100-200 MB. Could be something going on with UnRAID though. Definitely some sort of bug I’d think, since normally resource usage should be very low across the board.

That’s strange, I’ve run it fine on some very underpowered hardware. Are you adding a specific monitoring integration with it, or just out of the box settings?

As others stated, you can run and access the interface locally (or setup your own reverse proxy) for free. Their Cloud dashboard is also free for up to 5 nodes. They recently added a flat-rate “Homelab” plan as well, if you want to remove the limit. It’s all quite usable for $0 otherwise though!

I’m a huge fan of Netdata, very configurable and monitors just about anything you could want. Great interface and alerts too - https://www.netdata.cloud/

It was a server-side block, from Cloudflare (security rule specifically). I’m very familiar with it, having used the same service over a decade. They are able to tweak the overall security level, or specific WAF rules for the endpoint in Cloudflare. They also have analytics that will show them exactly how many cancellation requests would be blocked. The fact that they totally ignored these details in my ticket, is concerning.

Maybe, but it would also be very easy to blame on misconfiguration / mistake. Honestly, it wouldn’t surprise me if the behavior itself isn’t purposeful, but ignoring / not fixing it is. I’ve definitely seen such behavior at other companies, where they drag their feet on fixing a bug that is bad for the user, but helping them.

On a related note… I went to cancel a membership a few weeks back, and the site displayed a message “you don’t have an active membership to cancel”. I thought it was strange, so I checked out the network requests being made, and turned out the cancel API call was getting blocked for “security reasons”. Nothing else on the site was blocked for me, just the cancellation endpoint.

I opened a ticket, and it took them nearly 2 weeks to respond, and there was zero acknowledgement on why cancellation would be blocked.

Not sure if it’s a purposeful dark pattern, but it sure seems like it!

Worth noting that this should not affect you if you are only using tunnels (no DNS entries / open ports).

Netdata is fantastic, but not sure I’d call the UI mobile friendly (unless I’m missing something? 😂) To me, that’s really one of the only weak points with it.

It isn’t how it works today. I’m talking about sometime in the distant (or near) future. Surely at some point AI will have the capabilities on par with at least a low level hacker.

Or, if you still think that’s a stretch, just imagine all the ways perfectly legitimate software can cost companies money. Not through malicious design, but just by mistakes.

Kurzesagt themselves made a video breaking down where their funding comes from as well, worth a watch - https://youtu.be/1x-i9z617z4

For what it’s worth, they claim one of their conditions for receiving money is complete editorial independence.

They actually recently opened a beta for sending emails from Workers as well. There are already a few projects to make use of this, examples:

• https://github.com/Sh4yy/cloudflare-email
• https://github.com/giuseppelt/emailflare

I’ve looked at mTLS certs as well, but think you’d run into the same issue there as Service Tokens (app needs to support it).

It really is a shame, because Cloudflare Tunnels / Access is great otherwise. Just troublesome to have non-browser access.

Personally the thing that decided between the two for me was Liftoff being open source (Connect is not, afaik?)

You can use Service Tokens with Cloudflare Zero Trust (Access). Unfortunately, the companion App then has to support setting custom request headers, in order to send the token. Not many support this in my experience.

The only other option would be to use Basic Authentication, instead of Cloudflare Access. This isn’t as secure, but would be supported by most Apps (since you can simply inline user:password in the API URL). You can even setup a Cloudflare Worker to add basic auth to any Route you want.

Ideally, would love some hybrid of these approaches, where I can keep Access enabled, but override with basic auth for ‘legacy’ apps. Don’t know of a way to do this though.

Edit: Forgot to mention a third option, if you just want access while home, you can setup a bypass in Cloudflare Access policies for your home IP address. Then if you really need access when remote, you could also use VPN, but not as seamless of course.