Anafroj

There hasn’t been a new Git repo launch in almost a decade

Am I the only person annoyed they seem to mistake repositories for forges? It's already annoying when casual users say "git" for "GitHub", but those guys actually want to build a forge, explaining they're going to do better than anyone else. Maybe start by properly using the terms?

Obligatory check : are you sure you really need a forge? (that's the name we use to designate tools like Github/Gitlab/Gitea/etc). You can do a lot with git alone : you can host repositories on your server, clone them through ssh (or even http with git http-backend, although it requires a bit of setup), push, pull, create branches, create notes, etc. And the best of it : you can even have CI/CD scripts as post-receive hooks that will run your tests, deploy your app, or reject the changes if something is not right.

The only thing you have to do is to create the repos on your server with the --bare flag, as in git init --bare, this will create a repos that is basically only what you usually have in the .git directory, and will avoid having errors because you pushed to a branch that is not the currently one checked. It will also keep the repos clean, without artifacts (provided you run your build tasks elsewhere, obviously), so it will make all your sources really easy to backup.

And to discuss issues and changes, there is always email. :) There is also this, a code review tool that just pop up on HN.

And it works with Github! :) Just add a git remote to Github, and you can push to it or fetch from it. You can even setup hooks to sync with it. I publish my FOSS projects both on Github and Gitlab, and the only thing I do to propagate changes is to push to my local bare repos that I use for easy backups, they each have a post-update hook which propagates the change everywhere it needs to be (on Github, Gitlab, various machines in my local network, which then have their own post-update hooks to deploy the app/lib). The final touch to that : having this ~/git/ directory that contains all my bare repos (which are only a few hundred MB so fit perfectly in my backups) allowed me to create a git_grep_all script to do code search in all my repos at once (who needs elasticsearch anyway :D ) :

#!/usr/bin/env bash
# grep recursively bare repos

INITIAL_DIR=$(pwd)
for dir in $(find . -name HEAD -exec dirname '{}' \;); do
  pushd $dir > /dev/null
  git grep "$*" HEAD > /dev/null
  if [[ "$?" = "0" ]]; then
    pwd
    git grep "$*" HEAD
    echo
  fi

  popd > /dev/null
done

(note that it uses pushd and popd, which are bash builtins, other shells should use other ways to change directories)

The reason why you may still want a forge is if you have non tech people who should be able to work on issues/epics/documentation/etc.

Not to sound too pessimistic, but we live in a time where we see Twitter collapsing, despite being one of those "too big to fail" websites. My bet is that none will stand the test of time, the web is ephemeral (and archive.org is an underappreciated wonder of the world). I would rather say that what you really need is a backup routine.

GitHub is a great platform, which has championed open-source for decades, now. I don't think anybody has anything to blame them for (except people not liking the idea that AI is trained on their code, like sibling mentioned), it's more about fears it may go bad. Because basically, it's where most of the code of the world is hosted, it's a single point of failure. People also have questioned the pertinence of having all open-source code hosted on a proprietary platform. And the acquisition by Microsoft also had a chilling effect on those of us who remember Internet Explorer 6's Microsoft more than VSCode's Microsoft.

For those reasons, it is desirable for those who love the idea of decentralization to look up for alternatives. But even there, it's perfectly fine to stay on GitHub, "decentralizing" doesn't require everybody to leave. :) Plus, even when using an other forge, it's still good to keep publishing mirrors on GitHub for visibility and discoverability, currently.

Solving it the unix way:

ls -1 | sort -R | sxiv -f -s f -S 5 -

So it's ls -1 to list the content of current directory (presumably where your pictures are), with one file per line, so we can then pipe it to sort, with the -R option to sort randomly, then piping the result to sxiv, a lightweight image viewer available on most distro (I just checked, it's available on Debian). For its options : -f means it's fullscreen, -s f makes it scale to fit the image on screen as well as possible, -S 5 tells it to start in slideshow mode and change picture every 5 seconds, and - is to tell it to take the files list from stdin (thus from the ls and sort commands).

This won't work for videos, though, only pictures.

That's the name we use to designate software like GitHub, GitLab and similar, which provide repositories hosting and tooling like issue trackers. It's supposed to be named like that because of SourceForge, the oldest of such tools, although I didn't hear the term "forge" before the last 5 years or so, long after SourceForge demise, so I imagine there is a bit of nostalgia in this name (not sure who is nostalgic of SourceForge, though 😂). The wikipedia page : https://en.wikipedia.org/wiki/Forge_(software)

My favorite cost cutting tip is to avoid big webapps running on docker, and instead do with small UNIX utilities (cron instead of a calendar, text files instead of note taking app, rsync instead of a filehosting dropbox-like app, simple static webserver for file sharing, etc). This allows me to run my server on a simple Raspberry Pi, with less than 500mb of used RAM in average, and mininal energy consumption. So, total cost of the setup:

• Raspberry Pi : 77€ x 2 = 144€ (I bought two to have a backup if the first one fails)
• MicroSD 64gb : 13€ x 2 = 26€ (main and backup)
• average energy consumption : 0.41€ (2kWh) per month

With that, I run all services I need on a single machine, and I have a backup plan for recovery of both hardware and software.

Getting used to a UNIX shell and to UNIX philosophy can take some time, but it's very rewarding in making everything more simple (thus more efficient).

as in my experience, most regular users do not have a Matrix client installed

I understand your point, but by that logic, we should use Reddit rather than Lemmy, as most users are there. It's not only about ease of use, it's about being sure users won't be abused. Discord is still in its acquisition phase, but you can be sure enshitification will come next.

I don't think it's a Mastodon problem. It's a generalist social network problem. Facebook, Twitter, Mastodon, why are we using those? For some, it's "to keep in touch" with friends and family, and they're happy seeing any activity, preferably things that makes them smile (that's more Facebook). For others, it's a mean to build street cred in their industry by publicly saying on topic things that sound smart (that was Twitter). But if you look for interesting discussions on things you like, in order to learn something, they're terrible at that. It's where specialized communities, discussing only one topic, shine. It used to be forums, then reddit, now lemmy. RSS is also a very good way to get that kick.

Anyone heard of them being DDOS'd? This certainly sounds like ongoing DDOS and protections kicking in (assuming that by "verify my account" you mean "having to solve a captcha").

Well, the good news is that the "fediverse" is actually built on a web standard (ActivityPub), which you implement in any software you want. :) What that means is that the "the fediverse" is more comparable to "the web" than to a given social network. There are people building websites you won't agree with, same goes with fediverse software. Move on and find those that you like, or build them. The fact that it's built on web standards mean that anyone can decide to add their own software without concerting with anyone else, without asking permission from anyone else, you just build and publish. That's what made the web so strong since its beginning, and that's IMO a core advantage of ActivityPub compared to other decentralization projects.

As a trader, I would say this is a minor correction and we really should not read much into it. :) (of course, this is not a financial graph, but I've seen the similar patterns of impulse/correction in many graphs that measure opinion and/or human activity)

In such a widespread usage, there would probably not be "the fediverse" anymore, but a galaxy of clusters of interconnected instances. Spam would be a serious problem, so instances would switch to whitelisting instances they want to federate with instead of just occasionally "defederating" from them. It would not only happen because of spam, by the way, but also because of political/cultural/ideological divergences. Maybe even because of laws.

There would be a boom of innovations, made possible because of the data openly accessible and the fact that we would finally have a standard on which to build upon to create third party applications (which, from a developer perspective, was the promise of the web-2.0 and its APIs, but never truly materialized). You would see alternative frontends for everything, and applications that allow to get new insights or use your data in new and smart ways.

The big businesses would still be around, by the way. They would open their own instances, publish lot of ads and add cool features found nowhere else so that most people join their instances, which would quickly become the go to instances for everyone, dwarving all other instances. We would spend a lot of time evangelizing so that people join smaller instances instead, but our folks would answer that it's less convenient, they would have less easy to use features and their account is already at BigCo anyway. Plus, to fight spam, terrorism, child pornography, nazis or whatever is the scarecrow then, they would severely limit the possibility for small instances to interop with them, adding arbitrary technical barriers that most implementers won't succeed in hoping. But we won't care that much, because we will have our own alternative networks with more content on them than ever.

Basically, yes. You can configure most cron programs to mail task output to you (it's usually done by setting the MAILTO variable in the crontab, provided sendmail is available on your system).

I use that to do things like:

0 9 11 10 * echo 'lunch with John Doe at 12:20'

It sends me a mail, and I can see the upcoming events with crontab -l. If it's not a recurring event, I then delete the rule.

It's a feed protocol for websites. Each time you see that icon, it's a RSS feed :

You have a RSS client, a program you use to display your news. In it, you paste the url of the RSS feed of the various websites you want to follow, and just like that, you have an app in which you can go every morning to see what's new in your favorite websites, all at once.

Now, the problem of course is that not every website, by far, is offering RSS feeds, so you have to look for those who provide one. RSS is popular among techies and journalists, so press and tech blogs are where they are the most common. On top of that, there are many websites having RSS feed without even knowing it, because they use Wordpress or other engines that automatically provide RSS feeds. Those are a bit more tricky to get your hand on, because there is no link anywhere on their page, you have to look in the source code of the page (using Control + u) to find an "alternate rss" or "atom" link. It used to be automatically detected by browsers, showing an icon in the url bar when a RSS feed was detected, but it's not the case anymore. You can still install a browser extension to make them appear, like this (chrome) or this (firefox).

For the record, youtube has RSS feeds for all publishers, reddit has RSS feeds for all subs, most major news websites have RSS site, so it's quite useful, provided you can find the feed urls.

Then, to actually aggregate the news, you need a RSS client in which to paste those feed urls. There are tons of them. Name your favorite platform, there probably are a dozen RSS clients for it. Mobile, web, desktop, it's everywhere. So pick the one you like best. :) You just have to search for "RSS client for ". A couple popular exemples : The Old Reader on the web and Thunderbird (which is also a mai client) on desktop.

Sadly, denigrating other people work is a good way to look smart without having to create anything ourselves. That's why I always measure a new software through the question "what new thing it allows me to do or what does it make simpler?" rather than "what are other people thinking about it?". In the case of the fediverse, the value proposition is quite clear : it allows to have a social life online without being at the mercy of BigTech, through interoperable softwares. And in the case of Lemmy, it allows to do that to replace Reddit. So yeah, some people don't like it, whatever. :)

Yes indeed, giving proper notice seems like minimal etiquette. Then again, life happens. Admin may be caught in some tragedy making maintaining their lemmy instance not exactly a priority, or they may even be dead.

There is not much you can do to just migrate your account somewhere else, that's a limitation of federation (compared to fully decentralized protocols, like Secure Scuttlebutt), but I'd wish Lemmy would implement ActivityPub's following endpoint, so we can easily build scripts to backup the communities we're in.

This. Also, anybody who can identify you as the owner of the host (be it through Whois or through hosting service records) can associate your name to everything posted on that instance, thus profiling you, your tastes and your opinions easily (it's insane the amount of personal information we can leak on social media, even when thinking we're not). Clearly not something to do in countries where you can be harassed or worse for your opinions, and probably best avoided everywhere, if privacy is a concern for you. There is some virtue in being immersed in the masses (that's actually a common anonymisation strategy, from merging streams comes plausible deniability).

I'm going to pass for the crazy person around, but so be it : cron.

Cron can be easily configured to send mails (MAILTO variable when using standard cron), provided sendmail is available on the system. If a command called by cron outputs anything, it will send a mail with the content, which is useful by itself to warn when something goes wrong with a cron task, but also allows to do things like this:

0 9 28 9 * echo birthday John

It's really easy to get used to the syntax, it's just going from more precise to less precise, so it's "minute, hour, day, month, *". The last one can usually be ignored (it's the day of the week, I must have used it twice in my life). So here, "0 9 28 9", you read it backward and it gives : September, 28th, 9:00. Piece of cake when you get a bit of practice. And cron is everywhere, so no need to install anything. Although, since I run it on my laptop, I use fcron, which has a nice feature to run ASAP tasks which should have ran if the computer was not shut down. This way, I never miss an alert.

I use it for recurring notes (like birthday, paperwork, house cleaning tasks, holidays, etc), but also as reminders of specific dates when I expect a delivery, have a meeting, etc. For the most important messages, I make it use a script that will make a destkop notification (with notify-send) and have a voice read the message (with mimic). And of course, I also use it to actually launch programs. :)

Max-P already provided good options, but I have to ask what I, and probably other people, wonder : why don't you just run that scrapping program from your home server, then?

It's totally not crazy thinking. :) I think the main problem is that while Mastodon and Lemmy implement the server to server part of ActivityPub, they don't implement the client to server part of the standard, and instead build their own REST API and client. This is why, while you can subscribe to actors from an other application, it looks bad : it's supposed to be consumed in their own client, or something that tries to emulate it (that, and the fact that they each implement their own extensions to ActivityPub, it doesn't help).

In a perfect world, ActivityPub based applications would implement the client to server part or the standard too, so that we have a multitude of third party clients that can consume data from any ActivityPub based application without looking broken. I certainly hope we go in this direction in the future, because interoperability looks half-baked, as it is right now, and the fediverse would be just more awesome with such upgrade.

This made me laugh as well, especially given how that concept is prevalent in the US. 😂 OP is probably not a native speaker.

That's true, but only initially. Once you get SPF/DKIM right, that you domain name grows a few years old (enough to be considered established) and that you nailed your configuration, there is no issue anymore. I've been running my own Postfix on a Pi in my home for about 5 years, and It Just Works ™. The only maintenance I do is updating the software (done when updating the rest of the OS), and I don't get shadowbanned mails anymore, even when sending to outlook.com (which is. by far, the worst peer when self-hosting emails).

EDIT : by the way, fun fact : it seems not as related to IP reputation as it's often said (well, unless the IP has bad reputation, of course). I changed my ISP late last year (thus changed my IP), I was very afraid I would lose my good reputation and have to start over with getting my mails shadowbanned, and… nothing happened. My mails just got delivered as usual. So I bet the domain name is at least as important as the IP.

"karma" (as reddit calls scoring) never was more true to its name. :)

I haven't looked at Lemmy's implementation of upvotes/downvotes, but they should be ActivityPub activities, so it means they should appear by making a request to the user's actor.

EDIT: I've just checked random users outbox (that's the ActivityPub name for the list of activities), included mine, they are actually just empty. So that probably means that Lemmy is only publishing the upvotes/downvotes when pushing activities to federated servers, which would make those activities way more private, although not completely : someone could setup their own instance to learn about them, and it's best to be assume that at some point, someone will start such instance and publish an app revealing all votes for everybody (plus, as others mentioned, Kbin is already doing it).

The good news is that with ircv3 being worked on, it may soon(ish) be quite dusted. :) It adds features like reply threads, history from when you weren't connected, message editing and deletion, and more!

That's the same thing. :) If you reduce computing load, you reduce the need for costly hardware and you reduce the need for energy, thus you reduce the amount of money needed to build and run your setup. There's a saying in (software) engineering : "reducing energy consumption and increasing performances requires the same optimizations". Make your code faster (by itself, not by buffing up hardware) and it consumes less energy. Make your application simpler, and it will run faster, and it will consume less energy. It's not an absolute truth (it sometimes happen that you make your code faster and it consumes more energy), but it's true most of the time.

Playing devil advocate, here : you can expect the life expectancy of bigger instances to be slightly to significantly bigger, if anything because their admins feel more responsibility due to the number of users depending on them. That argument does not hold if we're comparing using a big instance vs self-hosting, though (the life-expectancy of your self hosted instance may be smaller, but if you shut it down it means you're not interested anymore in the fediverse, so no big deal - except maybe for the holes you leave behind you). And anyway, I'm not sure better life expectancy is more important than making sure the fediverse stays decentralized.

The best you can do to know if it was an attack is to inspect the logs when you have time. There are a lot of things that can cause a process going wild without being an attack. Sometimes, even filling the RAM can cause the CPU to appear overloaded (and will freeze the system anyway). One simple way to figure out if it's an attack : reboot. If it's a bug, everything will get back to normal. If it's a DDoS, the problem will reappear up to a few minutes after reboot. If it's a simple DoS (someone exploiting a bug of a software to overload it), it will reappear or not given if the exploit was automated and recurring, or was just a one-shot.

The fact that both your machines fell at the same time would tend to make think it's an attack. On the other hand, it may just be a surge of activity on the network with VPSes with way not enough resources to handle it. Or it may even be a noisy neighbor problem (the other people sharing with you the real hardware on which your VPSes run who will orverload it).

Keep in mind that not everyone is using the upvotes weighting, so it's not just about "those who allow downvotes and those who don't".

Personally, I find the whole upvoting/downvoting thing to be a very toxic feature that encourages hive mind and blaming divergence, so I hide scores and I sort posts and comments by chronological order. I would not use Lemmy if I was forced to be under the influence of social scoring, so defederating from instances which do not apply the same rules on downvoting would feel very detrimental to me.

Upvotes/downvotes were implemented by websites like Reddit as a scaling trick, so they can get millions of users without the need to hire hundreds of thousands of moderators. But it turned out that adding subreddits with volunteer moderators worked better anyway, and this is already what we have on Lemmy, with instance owners and community moderators, so there is really no need for some dystopian scoring of everything someone says.

^^

Oh, my apologies, Sourceforge! Say hi to Myspace for me!

Totally agree, what we really need is a "Uber Eats/Deliveroo for everything", leveraging local businesses. And if we can get a decentralized reputation system, then such platform can be decentralized as well.

While it's not articles, you probably want to follow your favorite projects using Github and Gitlab's RSS feeds for repositories, especially the releases feed. I often learn more about actual trends (not just things people talk about but do not implement) by reading releases changelogs than by reading medium or press articles.

Otherwise, Hacker News (mentioned by temp_user) and Lobster (rss) both are good ways to follow news. HN is more verbose. Lobsters filters what they think is the best content from HN, but it usually comes a day or two later. One interesting aspect of those aggregators is that they help you discover websites that may contain their own rss feed.

StackExchange dumps are available for Kiwix, the project that allows to use a local dump of Wikipedia. You can find all the available dumps there, including the StackExchange ones. You can even build your own search engine through libs allowing to use those zim files (the dumps), if you want.

I've been running my own email server for years, and while it's indeed difficult at first, it is possible and you don't have much to do to maintain it when it works. All the horror stories you hear come from the fact it's difficult to get right, and even when you get it right, you will have deliverability problems the first year, until your domain name gets established (and provided you don't use it for spam, obviously - and yes, marketing is spam).

What you need :

• being willing and serious about reading lot of documentation
• an IP that is not recognized as a home IP. So you'll need a "business ISP", or one that is not well known. You bypass this problem by using AWS.
• choosing a well recognized TLD for your domain name, like .com, .org, .net, etc. Don't use one of those fancy new extensions (.shop, .biz, etc), they are associated with spammers.
• learning how SPF works and getting it right (there are plenty of documentation and test tools for that)
• same for DKIM
• same for DMARC

Start using that for a year without making it your main address. Best is to use it for things not too mainstream, like FOSS mailing lists, discussing with people having their own mailserver, etc, those will not drop your mails randomly. When a year has gone with frequent usage, you can migrate to that email address or domain.

Regarding the architecture of your network : do you read your emails on several machines (like, on mobile and laptop)? If not, you can dramatically simplify your design by using pop3 instead of imap, connecting your client to the AWS server, downloading all your emails to computer and removing them from the server at the same time. There, you have all your mails locally and you don't need dovecot. :)

I do enjoy the zen of NMS (nothing like piloting alone on the surface of a planet with the sound of the rain falling on the cockpit), but even after all those years and cool upgrades, it still feels so empty… If you enjoy tabletop RPGs and have an opportunity to play one with like-minded friends, I recommend you try Traveller. It's all those things you mentioned, in a way, way bigger and denser scope. :) Also with actual civilizations, empires, politics, commerce, wars, fleets, etc.

This. Nothing is more difficult than understanding someone's else code and architecture, and even if you manage that, you're now stucked with the choices somebody else made and nobody wants that (we want to make our terrible choices!).

More than a final app, the best thing to publish as FOSS is libraries extracted from it to help other developers build there own products faster. That's something other may want to maintain when we abandon it. And on top of that, it still help to publish your app using this lib to serve as practical example about how to use your it, of course.

The worst part is that this is a direct quote from Harness' CEO, not from TechCrunch author. :) Maybe they have a great product, I don't know, but it certainly feels like an amateurish launch. :D

Gladly, fail2ban exists. :) Note that it's not just smtp anyway. Anything on port 22 (ssh) or 80/443 (http/https) get constantly tested as well. I've actually set up fail2ban rules to ban anyone who is querying / on my webserver, it catches of lot of those pests.

Well I didn’t want google to read my mails

Sadly, it only works if no one in the recipients of the mail is on gmail (or if everyone use pgp, which I would tend to think is even more rare).

I host my own mailserver as well, and I would add as benefits:

• creating as many email address as you want easily, possibly regexp based address (awesome to give every site a different address and know where the spam comes from, without using the well known schema username+something@host). That also makes routing/filtering mails way more easy, you just have to match the recipient address.
• delivering mails to software, to put email at the center of interapps messaging (basically, that means that postfix pass a matching email to the executable of your choice on your system instead of storing it in your mailbox)
• advanced rules for handling emails. When I want to block a spammer that managed to get my real email, I use regexps to match their mails and reject it with a "REJECT 5.1.1 Recipient address rejected: User unknown in local recipient table" error, imitating the error for unknown users, which often triggers a mail system to remove your address from their database
• easily configure apps to send me email. When I write an application that will send emails to me and only me, I configure it to use my smtp on port 25 without authentication instead of the usual smtps configuration they expect. It connects to it and asks to send a mail to me, which is accepted since I'm a local user. It makes everything way easier (try to do that with gmail and get your IP banned)
• easy backups. Both of the mail system (I backup the whole sdcard of the pi) and of the emails. Never lose an email again.

Thanks for raising the issue.

Most probably, people who made that decision are not aware of the implications and made that choice in good faith, so it's worth giving reasons why you want them to avoid proprietary software, rather than just frowning at them.

To the admins of lemmy.world and anyone who feels confuse about why this is an issue : it is about freedom. You all know how Facebook, Twitter, Reddit, etc are turning ugly, and you can't do anything about it. With FOSS (Free and Open Source Software), when it turns ugly, you can do something about it. You (or any technical person who agrees with you) can take the code and go your own way with it (we call that "forking"). No decision of the authors can be forced upon you. Similarly, if you think something is not working right, you can fix it yourself, and send the changes to the maintainers of the code, who usually are happy to get some help. So it's also about freedom of fixing your own problems, instead of waiting and praying the authors do something about it.

And this is the whole spirit of the Fediverse : taking matters in our own hands instead of being betrayed once more by a company which decides that their bottom line requires to be user hostile. One day, this will happen to Discord to, it always ends up there. That's why people using Lemmy who are aware of those problems are not happy with seeing lemmy.world use Discord.

Thanks to the admins of lemmy.world for all the work they provide to the Fediverse.