Yea, I don't think this is necessarily a horrible idea. It's just that this doesn't really provide any extra security, but even the first line of this blog is talking about security. This will absolutely provide privacy via pretty good traffic obfuscation, but you still need good security configuration of the exposed service.

This isn't about social platforms or using the newest-hottest tech. It's about following industry standard practices. You act like source control is such a pain in the ass and that it's some huge burden. And that I just don't understand. Getting started with git is so simple, and setting up an account with a repo host is a one time thing. I find it hard to believe that you don't already have ssh keys set up too. What I find more controversial and concerning is your ho-hum opinion on automated testing, and your belief that "most software doesn't do it". You're writing software that you expect people to not only run on their infra, but also expose to the public internet. Not only that, but it also needs to protect the traffic between the server on public infra and client on private infra. There is a much higher expectation of good practices being in place. And it is clear that you are willingly disregarding basic industry standard practices.

Git was literally written by Linus to manage the source of the kernel. Sure patches are proposed via mailing list, but the actual source is hosted and managed via git. It is literally the gold standard, and source control is a foundational piece of software development. Same with not just unit tests, but functional testing too. You absolutely should not be putting off testing.

I somewhat wonder if CloudFlare is issuing two different certs. An "internal" cert your servers use to serve to CloudFlare, which uses a private CA only valid for CloudFlare's internal services. CloudFlare's tunnel service validates against that internal CA, and then serves traffic using an actual public CA signed cert to public internet traffic.

Honestly though, I kinda think you should just go with serving everything entirely externally. Either you trust CloudFlare's tunnels, or you don't. If you don't trust CloudFlare to protect your services, you shouldn't be using it at all.

The entire goal of Server Meshing is fixing the "existing 100 player ones barely function" issue. Server Meshing breaks a single logical "server" into multiple backend servers that are all meshed together to provide a consistent and transparent experience. A 400 player server could actually end up being 10 backend servers, with 40 players each. Thus, it'll run much better.

I think I misunderstood what exactly you wanted. I don't think you're getting remote GPU passthrough to virtual machines over ROCE without an absolute fuckton of custom work. The only people who can probably do this are Google or Microsoft. And they probably just use proprietary Nvidia implementations.

I believe what you're looking for is ROCE: https://en.wikipedia.org/wiki/RDMA_over_Converged_Ethernet

But, I don't know if there's any FOSS/libre/etc hardware for it.

I've heard good things about used/refurb HP (elite desk and pro desk) and Lenovo (m700 and m900) mini-pcs. A quick search shows they're going for ~120-140$ for a quad core with 16 gigs of memory.

Check out minisforum, for example this intel mini-pc. They have a ton of selection, not just that one example.

In the LastPass case, I believe it was a native Plex install with a remote code execution vulnerability. But still, even in a Linux container environment, I would not trust them for security isolation. Ultimately, they all share the same kernel. One misconfiguration on the container or an errant privilege escalation exploit and you're in.

Keep in mind, RAID is fault tolerant, not fault proof. For critical data, keep in mind the 3-2-1 rule. Stored in 3 locations, 2 separate mediums, 1 offsite.

I'll second this. 4k at 25 mbps might be OK for a sitcom or drama without much action or on-screen movement. But as soon as there's any action, it's gonna be a pixelated mess. 25 mbps is kinda the sweet spot for full fidelity 1080p, and I'd much rather watch that than "4K".