Following the spirit of spreading across the Fediverse (and because my main instance is down so many times, because diverse reasons) I’m intrigued about the joining instance process, because I honestly don’t know what criteria to have in order to join another one if I ever want to do it....
It was suggested by the sign up process at the top of which domain I should join. I don’t remember how, it’s already a blur, but afterwards I saw people saying the registration process needed to add a way of directing users to smaller instances as a thing to lighten the load and stop everyone going to lemmy.world and it confused me because that’s literally what happened to me.
Anyway I also noticed it had a steam deck community and that was good enough for me.
I’ve been self-hosting Nextcloud for sometime on Linode. At some point in the not too distant future, I plan on hosting it locally on a server in my home as I would like to save on the money I spend on hosting. I find the use of Nextcloud to suit my needs perfectly, and would like to continue using the service....
I have Nextcloud hosted internally in a podman container environment. To answer some of your more security related questions, here's how I have my environment set up:
Cloudflare free tier with my own domain to proxy outside connections to the public domain name, and hide my external IP.
A DMZ proxy server with a local traefik container with only ports required to talk to the internal Nextcloud server allowed, and inbound 443 only allowed from the internet (cloudflare).
An Authelia container tied to the Nextcloud container using "Two-factor TOTP" app addon. Authelia is configured to point to a free DUO account for MFA. The TOTP addon also allows other methods of you want to bypass Authelia and use a simply Google auth or other app. I'll be honest, this setup was a pain but it works beautifully when finally working.
Note: Using Authelia removes Nextcloud from the authentication process. If you login through Authelia, if set up correctly it will pass the user information to Nextcloud and present thier account. There is a way to have "quadruple" authentication of you really want it, where you log in through Authelia, Authelia MFA, then Nextcloud and Nextcloud MFA, but who would want that? Lol.
Another Note: If Authelia goes down for whatever reason, you can still log in through Nextcloud directly.
I have all of my containers set to automatically pull updates with the latest tag. This bites me sometimes of major changes happen, but it's typically due to traefik or mariadb changes and not Nextcloud or Authelia.
I have my host operating system set to auto update and reboot once a week in the early morning.
My data is shared through an NFS connection from my NAS that only allows specific IPs to connect. I'd like to say I'm using least privileged permissions in the share, but it's a wide open share as my NFS permissions are not my strong suite.
There’s not a great solution to this and it’s a real problem. The easiest way is an app or browser extension that could recognize lemmy domains and swap in your preferred instance. That gets into problem territory with defederation though.
Another way would be federating identity, people would still get log in messages at least the first time per instance, but they could log in as user@myinstance and get a logged in experience then. This is a huge technical pain in the ass, and still not great for user experience though.
You could also share links in a Url shortened style and use that redirect to let someone select an instance or log in to another service to know where to send links. This also isn’t great.
Old-school forums have single points of contact. They’re no more private than ActivityPub, but a takedown to the admin is a takedown of all instances. Obviously public data can be cached or archived, so as always you have to send takedowns to every archival service, search engine, and any CDNs too.
The GDPR “applies” whenever an EU resident’s data is stored. The enforcement requires some presence in the EU by the entity storing the data. For multinational companies that means if they have any banking services there (e.g. taking payments from EU customers) they have a presence. For individual fediverse admins, that’s not necessarily a concern. At worst their instance’s domain would get blacklisted to EU users.
BBSFrom the back of Computer Shopper magazine, we would get a list of phone #'s to call which then connected us to various Wildcat BBS’s that were filled with interesting & squirrelly information and people. Usually 1 at a time could connect, but the fancy ones had multiple phone-lines.
College/Telnet/Usenet Went to college and got access to a telnet account, which let me run Lynx and open a Usenet reader. From there we bounced all around text-based sites (using the book above) because there were no search engines. You had a big list of all the places you liked to visit, and you visited those. Sometimes, someone told you about another spot, or you played whack-a-mole with various .edu domains. A lot of kids started hosting sites on their dorm-room machines. Usenet opened up a whole world of discussion about topics far outside the scope of my tiny little town.
Next up was a PPoE connection using Trumpet Winsock and suddenly I could load NCSA Mosaic and mIRC and that opened up a graphical web with the easy ability to download software and more communication. Then Businesses all decided they needed to try “internet” for themselves, and you started seeing the rise of commercial endeavors. So early PCMag and other adopters showed up.
Slashdot came along and was primarily a Linux site, with some tech news sprinkled in. I still remember following the threads there for Columbine (when school shootings were still a novelty) and then on 9/11 when just about every site ground to a halt, there was lots of speculation and word-of-mouth, but at least information was still moving. It then expanded its audience with tags so that all sorts of news topics could open up and you could follow specific ones.
Ran with an RSS feed for a while around this point and subbed to all the different sites I liked, so I could get my fix in one place.
Fark came along and was an irreverent alternative to Slashdot. Somewhere between twitter performance art with everyone trying to make the catchiest title for their headline, but also just a lot of goofing off in the comments. Totalfark was $5 a month and worth the money to get at the un-curated content.
Then, just as Tech TV was going south and becoming some sort of wrestling-based channel, Kevin Rose mentions at the end of The Screen Savers about “This new website, Digg!” which in hindsight he was shamelessly plugging. That site offered the upvote/downvote concept allowing the community to create a constant stream of content. Somewhere along those lines Slashdot lost its luster, presumably because all of its content was curated by a handful of people who were in the process of selling out to other investors.
Reddit came along, and further customized the upvote/downvote/commenting experience. It also allowed you to create your own communities/subreddits and follow those. Because its audience was basically “anyone” it allowed for tons of creative content. Right as it started to take off, Digg made a huge faux pas on how they moderated content, which annoyed all the content creators and they moved to reddit as well.
I loved what Reddit could have been without the enshitification taking over. If you look at that list, Slashdot, Digg, Reddit all suffered from busily trying to monetize their users, and all of them died (or are dying) a slow, sad death. Fark is still owned by Drew Curtis, and as far as I can tell, still has a similar feel & userbase.
Lemmy honestly feels like finding Usenet, IRC & Lynx again. There’s a learning curve you have to get over, and then you have to be willing to hunt for your information. But the quality of the content is higher than reddit, and each one of those other services went through the same decline as we jumped ship to the new one.
In a world where every new “service” just annoys me now, because I know it’s going to be frustrating to use, and will likely just steal my data, turn into a content/ad mill and eventually turn to shit Lemmy feels like a big middle finger to those sites. And I’m here for it.
Creating an AD domain carries a substantial amount of extra overhead that they might not want to deal with. The basics of setting one up are simple enough but actually building out/maintaining the infrastructure the correct way can be a lot of extra work (2 DCs for redundancy, sites configuration, users, groups, initial GPOs). There are also licensing and CAL considerations (bare metal and hypervisor, both different), domain and forest options that can paint you into a nasty corner of you’re not careful, and a whole host of other things to think about and plan around. I’m not arguing that a domain is bad, on the whole I agree 100%. I just like to set the record straight that building a new production domain isn’t as simple as a lot of people would have you believe, and OP might not have the time to go through all that.
Lemmy is now a real alternative. When reddit imploded Lemmy wasn’t fully set up to take advantage of the exodus, so a lot of users came over to the fediverse and gave up right away. There were no phone apps, the user interface was rudimentary, and communities weren’t yet alive. Next time reddit screws up in a high profile way, and they will screw up, the fediverse will be ready.
I definitely think having mobile apps is an essential step. I was looking at alternative platforms such as Raddle.me but using a mobile browser was an extra hurdle (similar to using the official Reddit app) that kept me from regularly checking in.
Lemmy has way more potential than reddit. Reddit’s leadership has always been incompetent and slow at fixing problems. The fediverse has been very responsive to user feedback in comparison.
I could see this causing issues later. We’ve already seen issues arise with some instances using the .ml domain or not being updated immediately.
Defederation is another beast all together. Most of an instance might be fine but a few problematic communities could create problems leading to arguments and, as much as I hate the term, drama.
Hi all, I’m a Lemmy FOSS app contributor that’s made a couple of tools for people starting small instances including Lemmy Community Seeder (LCS) for building content on new server’s All Feeds and Lemmy Post Purger (LPP) for clearing old posts on smaller instances....
You forgot people who selfhost single user instances. So they would have to destroy the old instance and create and new one with a new domain, which is a lot of work and resources.
Edit: Please also notice the problem here is not defederation itself, but shared lists of defederation. Because most likely the list is super long and nobody would check if all instances are legitimately blocked.
In a well-intentioned yet dangerous move to fight online fraud, France is on the verge of forcing browsers to create a dystopian technical capability. Article 6 (para II and III) of the SREN Bill would force browser providers to create the means to mandatorily block websites present on a government provided list....
I’ve started using the block button liberally. Specifically on users that seem to be only interested in stirring the pot and not actually interested in having any kind of actual discussion. I also just blocked a weird influx of porn bots linking the strangest domains on !random that were all created yesterday
Just using their websites can be a pain when links to content and other users or communities or whatever ends up taking you to a new domain because of the federation. Apps allow everything to stay together, so you can keep interacting as your intended user account.
Mastadon was much better for that like. I haven’t touched lemmys web interface on a while. Not a fan of its look or UX personally, so I don’t know if they fixed that.
Since your question is quite basic and general, I’ll try to answer equally.
Hardware: For a single user instance a Pi 3B+ is sufficient. Still, Lemmy can take up some storage space over time because of the images. So make sure you don’t take the smallest SD card you have lying around. I assume you know how install an OS and get basic things running.
Get a domain; there are many providers out there. Consider using a TLD of your country (e.g. .de, .fr). Domains are usually relatively cheap. You’re most likely running your Pi at home, so check if you have a static IP address or if you have a dynamic one. First one? Great, go ahead. Second one: Check if your domain provider offers an API to automatically update the DNS record; example provider api.
Have a look at the Lemmy administration docs. Depending on your experience, it is relatively easy to setup. Make sure you understand what you’re doing, i.e. first get to know Docker for example, then follow the commands. If you don’t understand something, just ask or search online. Lemmy is not very complex to operate, so for every part of the deployment you should be able to find information online.
Set up port forwarding in your router for ports 80 (HTTP) and 443 (HTTPS). You can find information for your specific router online, but for some routers this cannot be done.
Once you have your instance up and running, I would recommend setting it to “private” first. This way you can play around with your instance or reinstall if something goes wrong without having to worry about federation. Once you’ve federated (communicated with other instances, e.g. by subscribing to communities of other instances), you really shouldn’t reinstall!
I hope this helps you with the first steps. Decide for yourself if you want to deal with maintenance and administration “long term”. It’s perfectly fine to use other instances and not host Lemmy yourself if you don’t feel up to it. After all, there is also a security aspect to consider. If you do: have fun with self-hosting!
Dude, same. I’ve never been more productive than working from home specifically because people have to engage with me via teams or email instead of barging into the office and disrupting my work flow.
Shit… Did I commit that router config before Becky needed my help fixing her user error? Oh no, I did but I forgot to change the DNS on the DHCP pool so now I can’t hit the domain for remote authentication because they’re still using public DNS.
Fuck! I’ll just do it tomorrow when I have my coffee in hand and my cat buzzing happily, with lo Fi beats to overhaul WAN circuits to blaring.
Why YSK: It appears several Lemmy Instances are flagged as suspicious and at least 1 instance intentionally using the name of ransomware. A couple of the big enterprise monitoring suites (Fortiguard, ZScaler) will flag your account and may end up with you being pulled into an office for an explanation, or worse....
This does not apply for most european users. Source: I am the one who gets these requests and anyone who isn’t a judge gets jack shit. Go pound sand. Anything else would be illegal under privacy and work laws. Even police wont get ANYTHING (judge will reject it) if the crime in question isn’t worth at least 2 years of jail time.
Suspected malware domains just get blocked, no further action will ever take place.
I think you can go with Yunohost. It is easy to start selfhosting and exposing services to the web. I use it for more than a year, and it is super cool. Especially I love the fact, that it is easy for newcomers, but also it is opened for customisation for more pro users. Yunohost provides domain with ddns, Fail2Ban and tells which ports should be opened (80 and 443 is all you need, maybe another one for ssh). It also provides SSO for hiding services that do not use authentication.
I serve HTTP 403 for all requests to the default vhost and log them, harvest IPs through a log aggregator (or just fail2ban) and tag them as bad bots/scanners, and eternal-ban them on all my hosts. Currently have 98451 addresses or networks in my ipset for these.
For requests to actual domains, I ban after a few unsuccessful authentication attempts. A WAF is nice to have (tedious but fun to set up) - currently working on improving my Modsecurity setup.
Other than that there is already good advice here:
keep OS/packages/installed services up-to-date
only run software from trusted (ideally signed) sources
use host and network-based firewalls
use strong encryption and authentication everywhere
only expose what is absolutely required
implement good privilege separation (even dedicated users for each app/service, proper file ownership/permissions goes a long way)
run scanners to detect possible misconfigurations/hardening measures (systemd-analyze security was mentioned, I also like lynis and debsecan)
Tech experts are starting to doubt that ChatGPT and A.I. ‘hallucinations’ will ever go away: ‘This isn’t fixable’::Experts are starting to doubt it, and even OpenAI CEO Sam Altman is a bit stumped.
The way to solve this is still largely through more focus on the provided context as the space of “facts” from which to operate. This combined with well thought out domain-specific context engines should still get the average user an absolutely enormous amount of utility. All that said I am not sure if OpenAI’s business model will get us that sort of application of the technology. I am looking forward to improvements in the open source space as I think advancement there is necessary for further development of the technology.
With the mass migrations of Reddit users to Lemmy/Kbin, and Twitter now speedrunning its own mass extinction, it seems me that the eventual future of social media is de-centralized. I like how Lemmy is slowing turning out, even if it still has some work to do and growing pains to fix up. It’s still able to inform me of all of...
[Lemmy] servers can be run for only a few hundred dollars per month.
The median seems to be much lower, like 10, 20 or 30 per month. Many admins reported they ran a server for other purposes anyways, and just had to pay for the domain to add a Lemmy instance.
It’s only after a few thousand users that the bill goes 3 digits.
At least that’s the impression I got from reading a few posts about this.
Hey there, dear community, I migrated here from reddit. I wanted to dabble in piracy (Udemy and Art-Courses) for a while, but never knew how to start + a VPN is quite pricey if I don‘t use it/ use it incorrectly....
First, even if you have a good VPN, you can have dns leaks which is where your VPN is masking your ip but they can still id you cz your pc is configured to look up domain names outside of your vpn and your real ip is exposed. The good news is that you can configure things to avoid this and then use sites like ipleak.net / ipleak.org / dnsleaktest.com to verify you don’t have any dns leaks. probably also a good idea - BEFORE you start downloading shit - to use ipmagnet or something similar to do a test torrent to make sure your ip isn’t being leaked by your torrent client.
Second, not all VPNs are equal. Especially the free ones suck. cz what happens is they see some ip from a honeypot torrent, then they subpoena the VPN who owns that ip and demand your real ip. The free ones will roll over instantly and rat you out cz there’s no money or anything else in it for them so why would they help. Not all of the paid ones are automatically good either tho. There’s a lot of lying bastards who say they are “no log VPNs” but aren’t really cz they still turn things over when subpoenaed. So you have to do research to find out which ones are telling the truth. Usually you can find things online about certain VPNs having been takin to court and really not having any logs to give authories (like Private Internet Access aka PIA who got subpoenaed by FBI but had nothing to give them so their users remained safe) or having trusted third party audit firms who have been allowed to visit and look over/confirm their settings really have no logs. These sites are good reading before you pick a true no-log VPN:
I hear Mullvad is one of the best but I think they are a little pricer than some of the others. I used both Nord and PIA before and never had issues with either.
Stuff other guy said about port forwarding is also true if you are using port forwarding (generally this is something you need to set up on the router so you would probably know if you are using it)
Additionally, I don’t think a copyright holder would need to set up a honeypot.
Like you say, they probably don’t need to. But historically, there have definitely been fake torrents out there that are essentially used as honeypots. Varies widely as to how they do it. like some might have a video sample or something, some might just be a bogus file that looks about the right size, and so on.
What made you choose your instance?
Following the spirit of spreading across the Fediverse (and because my main instance is down so many times, because diverse reasons) I’m intrigued about the joining instance process, because I honestly don’t know what criteria to have in order to join another one if I ever want to do it....
[Question] Security considerations when self-hosting Nextcloud
I’ve been self-hosting Nextcloud for sometime on Linode. At some point in the not too distant future, I plan on hosting it locally on a server in my home as I would like to save on the money I spend on hosting. I find the use of Nextcloud to suit my needs perfectly, and would like to continue using the service....
Phishing campaigns are using Google AMP URLs to avoid detection (www.malwarebytes.com)
Summary...
What are some downsides of software being federated?
How many of you were using Digg during its prime?
Software management for Windows Server
cross-posted from: lemmy.ml/post/2956502...
On the future of Lemmy vs reddit
Please indulge a few shower thoughts I had:...
Lemmy Defederation Sync (LDS) to keep your block list up to date (github.com)
Hi all, I’m a Lemmy FOSS app contributor that’s made a couple of tools for people starting small instances including Lemmy Community Seeder (LCS) for building content on new server’s All Feeds and Lemmy Post Purger (LPP) for clearing old posts on smaller instances....
[HN] Will Browsers Be Required by Law to Stop You from Visiting Infringing Sites? (lemmy.dbzer0.com)
In a well-intentioned yet dangerous move to fight online fraud, France is on the verge of forcing browsers to create a dystopian technical capability. Article 6 (para II and III) of the SREN Bill would force browser providers to create the means to mandatorily block websites present on a government provided list....
Domains Kagi users create personalization for (kagi.com)
It’s quite interesting watching what domains Kagi users are creating personalizations for in the search engine....
PSA for Lemmy instance admins: in backend v0.18.3 there is a bug that causes your instance to stop federating properly and to stop sending out outgoing messages
cross-posted from: yiffit.net/post/868741...
PSA for Lemmy instance admins: in backend v0.18.3 there is a bug that causes your instance to stop federating properly and to stop sending out outgoing messages
This new version introduced a system so that your instance stops sending out content to other instances that are supposedly dead / offline....
Do you feel this place has gotten more.. reddit-y lately?
Of course, that’s to be expected, with people migrating from Reddit and all, but the title is kind of badly worded....
Now that Sync and Infinity are out, which do people prefer? Also, how do they compare to the existing lemmy apps?
I have about 5 different apps installed right now, and while I plan to test them all out, curious what people’s conclusions are thus far.
[Solved] How can i host my own lemmy instance just for myself on a single raspberry pi 3b+?
I don’t have any other servers that i could run the whole time so it should just be based on one single device,...
PLEAAASSEE PLEASE COME BACK TO THE OFFICE PLS (lemmy.world)
They can all fuck right off. Here’s the article if anyone’s interested: forbes.com/…/working-from-home-leads-to-decreased…
YSK: Browsing "ALL" at work might get you pulled into an office, even with NSFW off.
Why YSK: It appears several Lemmy Instances are flagged as suspicious and at least 1 instance intentionally using the name of ransomware. A couple of the big enterprise monitoring suites (Fortiguard, ZScaler) will flag your account and may end up with you being pulled into an office for an explanation, or worse....
Considerations for a homeserver thats open to the internet? (Jellyfin / Nextcloud)
Hey guys,...
Tech experts are starting to doubt that ChatGPT and A.I. ‘hallucinations’ will ever go away: ‘This isn’t fixable’ (fortune.com)
Tech experts are starting to doubt that ChatGPT and A.I. ‘hallucinations’ will ever go away: ‘This isn’t fixable’::Experts are starting to doubt it, and even OpenAI CEO Sam Altman is a bit stumped.
I feel called out (sh.itjust.works)
[Question] Please help troubleshooting my Caddy server. Can't get it to work since changing from IPv4 to IPv6
cross-posted from: feddit.nl/post/1094546...
PeerTube has a federation problem
With the mass migrations of Reddit users to Lemmy/Kbin, and Twitter now speedrunning its own mass extinction, it seems me that the eventual future of social media is de-centralized. I like how Lemmy is slowing turning out, even if it still has some work to do and growing pains to fix up. It’s still able to inform me of all of...
Help for an absolute noob
Hey there, dear community, I migrated here from reddit. I wanted to dabble in piracy (Udemy and Art-Courses) for a while, but never knew how to start + a VPN is quite pricey if I don‘t use it/ use it incorrectly....