I tried to use their UX. Its bad. And the worst is I fell asleep watching something like Project Bluebook once. And the Prime Reccomendations streamed a SHITLOAD of alien conspiracy content while i slept. It ruined the recs etc. And you cant delete the primary account profile....only the sub-profiles.
Frankly i only go on it to see what I should maybe load into Sonarr/Radarr at this point. fuck em.
Not free as in foss. But free as in beer.
You can use xpenology or just a synology disk station with active backup for business. It does quite well with windows and just runs in the background.
Before using that I use urbackup ,which is FOSS. It also worked quite well.
mmm. thats debateable.
If theres vulnerabilities in the software, like RCE's or SQL Injections that can lead to access...Cloudflare wont do much for you. For example Kbin has already have PRs for SQL injections and even XSS vulns.
These will get flushed out with time and more people maintaining them of course. But I dont know if I would want that on my personal network even if on a DMZ. If for no other reason than if your instance starts spamming outbound traffic and you get flagged by your ISP.
Heck I had one of my domains flagged by my works Cisco Umbrella instance and the dang thing wasnt even in prod yet.
Kbins build docs are a nightmare. I have experience with Linux and docker. Can’t get them to work at all. Closest I get are 500 errors and one can’t find a log tossing errors to explain it to save my life.
Maybe I’m not as well familiarized with the parts and pieces as I thought, though I’ve built plenty of Drupal stacks and the like, even using docker and Ansible etc.
Then I look at PRs showing sql injection fixes and XSS fixes and I’m like…oh
I was going to say “are we in a simulation” but this would work too.
And a single place to find communities.
Thats what they are doing
My truck is white because it’s hot AF outside and it there is a LOAD of difference between dark colors and white in the sun.
I mean there’s precedence. Avian bird flus have been known to infect humans.
Browser.feddit doesnt include kbin right? Also it got removed from the main page....couldnt find the link...lol
As someone that has spent the better part of the week mucking with it.... the kbin build docs have multiple gaps in the documentation and are functionally broken unless you have some better understanding of the setup. I WAS able to get the system built, but could never get it online. Best i got was 500 errors where the UI was up but there was a break somewhere in Redis, Postgres, Nginx etc. All the logs were clean though. This was with the docker method and build from source method on both Ubuntu 22.04 and Debian 11 (which are what he specifically referenced)
Lemmy was much easier to setup using the ansible method. I have an instance online. Though im still working out the federation thing and some other kinks. I figured it would just reach out to Activity pub and federate with everyone but now it seems I have to build a static list...If if search for an instance i know exists I get a
404: couldnt_find_community
So there are some gaps but it seems much more mature. For example you cant mark your instance private AND have federation enabled. If you do that and restart the instance will fail to come up, but theres no warning or error in the UI.
I like the kbin dev better as people. But the lemmy code is definately more polished, even if the devs are turd sammiches.
Im currently on the 4GB dedicated. However heres an htop of it.
I am currently the only user. Im considering opening it up to limited users but not really having communities once i get a lot of the instances cached and indexable.
Others like @leopardboy@netmonkey.tech are running on a 2GB shared just fine. I will likely move to that if i choose to keep it solo for sure, or under 100 users and no communities.
I dont have the time to really moderate others or content on the instance. So i dont think I plan to host any communities at all. I do wish you could federate/sync specific communities to your instance to make searching/subscribing easier.
Yeah it is in a way. Thankfully it doesn’t leech into my main Amazon shopping reccomendations.
Subscribe to the communities. They aren’t clones. Just different instances. There’s a few links on how to subscribe.
My reccomendation is to go here, hit the home icon and type your instance name. Then search for instances that interest you and join.
Yeah. I like the kbin dev as a person much better. And I can empathize with what he is going through. Its why i wanted to setup an instance and help spread the load. But I just couldnt get it working and didnt have the time to really dig in (I have a lot going on otherwise with work).
He did announce he is onboarding a sysadmin/netadmin to handle the stability and scaling issues so he can focus on commits which is good. Ill keep an eye out for updates and maybe migrate then.
Worse. It went off into other conspiracy subjects like 9/11 and all sorts of crap. Theres frankly a lot of weird stuff on amazon prime for free that i would have never seen had i not dozed off.
Most of the other apps (netflix, plex, etc) and even the streaming platform (roku) have measures to combat falling asleep. Whether its disabling auto-play (which amazon didnt have) or bandwidth saver features that will periodically ask if you are still there (which amazon appears to somehow bypass or disable, or did).
These days though i set a sleep timer to shut off the lights and TV at midnight.
At this point, considering all the tomfoolery that’s occurred. It’s probably the best after we have painted our selves into a corner.
Im surprised they havent just performed takovers of the private subreddits and installed new mods.
Maybe they have but are doing it at a slow pacing, either because its manual or because it may attract less attention.
I haven’t. But now I’ve seen a couple. I believe they did /r/tumbler or something dirty too.
It’s a shame. Totally antithetical to their culture they (Reddit) started and grew with as a freedom of speech platform.
It wont. They are going to step in.
I have a lab at home and do host some stuff for myself from there in a small DMZ (ie: Miniflux RSS readers, Plex through Reverse proxy etc).
But I used a linode for my lemmy/kbin stuff. Reason being is that the code is fairly new and there may be exploits bugs and
I dont want to deal with my ISP made an instance is exploited and becomes some type of C2 box or spews out spam. Kbin specifically already has PRs to fix XSS and Sql injection stuff, the former of which is usually avoidable if you just follow some pretty basic principles. So its a concern.
Linode has better bandwidth than my non-symmetrical ISP uplink and is on its own quota.
Yeah how familiar are you with linux?
You dont run the ansible stuff on the instance itself. You do it from your personal machine or something with ansible installed.
Though I guess in theory you could run it on itself if you dont have another linux box, or something with ansible installed. https://www.middlewareinventory.com/blog/run-ansible-playbook-locally/
But I am happy to walk you though the basics of setting up a securing the box.
I’ve run linodes for years. My blog runs on them. I still host a variety of other services on them. They are good for everything from gaming servers to a blog etc.
They did get bought out by akamai a while back. And have raised their prices but they are still solid.
Nanodes are awesome deals frankly.
Yes the ansible config worked fine for me. I worked for days to get an kbin instance up. Ansible worked first go.
I have yet to get email working but otherwise its solid. Linode will block email btw if you account is new (and frankly may be blocking mine now). You just have to put in a case and justify and it should be fine. My account should be old enough to be exempt but I will likely do it anyhow. Their support is pretty good.
Getting federation crawled and communities added is a bit slow. Mostly because the other instances are a bit slow.
A few pointers if you havent done admin yet.
Put nothing in the federation allow list unless you want to go whitelist only. Over time as other instances hit yours and you search others, the linked list of instances will grow. Just use the blocklist if you want to block certain instances. I havent found a good way to block the growing number of instances in case they have some illegal content like CSAM. So...i may just go whitelist anyhow
Searching for instances seems to be CPU heavy on mine. Its not a problem though. You just cant simply plug in a URL of a community in another instance if you havent linked. You will get a 404 if you do. So you have to go to search, looking for that community by hitting search a few times until it shows up, then you can join and it will start crawling
I have no idea what "Private instance" does other than i believe it will keep your instance form starting in the future if you have it checked AND federation turned on. I saw some logs in dockers startup when i did it but nothing in the UI.,
that would be perfect.
WIth Debian I would install UFW for a firewall. Set SSH to whatever your home IP is. You can always use the Linode SSH console for external access.
UFW is easy to configure and just translates iptables.
sudo ufw allow from any to any port 80 proto tcp
sudo ufw allow from any to any port 443 proto tcp
sudo ufw allow from HOMEIP to any port 22 tcp
If you want leave SSH open. Then i would probably only do Key based auth in /etc/ssh/sshd_config
you also want to edit that file (sshd_config) to disable root access once setup. I often turn on the following
LoginGraceTime 2m
PermitRootLogin no
StrictModes yes
MaxAuthTries 6
MaxSessions 10
AllowGroups somegroupname
then create a user and a group and add the user to the group. This ensures only that user has SSH access.
sudo adduser someusername
sudo addgroup somegroupname
sudo usermod -aG somegroupname someusername
You can also use visudo to edit sudoers. The first like will require a password. If you use the second line, you can sudo without a password. I would only do the latter if you only use key-based auth though.
someuser ALL=(ALL:ALL) ALL
someuser ALL=(ALL) NOPASSWD: ALL
I also edit /etc/hostname to my server name. Update and reboot. From there run through ansible instructions and make edits as necessary.
Correct. Connect to for example connect to lemmy.ml and pull their communities so it shows in your communities page locally. Dont have to sync the posts etc. Just the base stats (subs, post, comments. Basically exactly what this is doing. https://lemmyverse.net/communities
note: I hadnt seen that page until after my comment... But im getting a lot of 404's on specific communities, so i have to put in their ! name in search...spam that, click to open the community and subscribe.
Here’s the catch with email via privacy. Unless you are gpg encrypting the email even photon doesn’t matter, as whoever you are sending to likely has it unencrypted at rest on their server.
And while tls in transit is better than it used to be with their smpts or starttls, plenty of mail servers don’t do it. So even transport is an iffy game sometimes.
At the end of the day, it’s better to
A. GPG encrypt the email. Which requires both ends to be technically competent. B. Consider it to be quasi public, like talking quietly in a coffee shop. Most won’t hear it but if someone does shrug
Pretty much. Its kinda nuts. I just host with Google at this point. Its easier though privacy is a disaster. I consider email to be public at this point though after the Snowden stuff. Have considered moving to something like Photon but their lack of support for contact syncing makes it tough, specifically for my wife. She uses Apple Mail as well, which i THINK photon can now support via IMAP or something, but not having contacts synced is hard.
That said I back up all of my Google workspace stuff, email included, to a local synology using their app. So i have copies of everything should I need it (ie: google decides to suspend me for no reason.)
I stopped running my own a while ago. Its no longer really decentralized and the big players (google/microsoft) will often just blacklist you for little reason.
That said I DO maintain my own domain and backups. So i can take my email to whatever hosting provider I want.
I also noticed, during the migration, that if you simply register your domain with one of the big players (ie: Google Workspace or M365) you will often get whitelisted and email will flow easier. This was easier when they had a free tier though.
He had a dry run with the attempt on his life. He knew nothing would come of it. That the rest of the world would do nothing.
Hell Russia has since pushed the boundaries much further with no recourse.
I can respect that he’s principled and still recognize the total lack of forethought in the move.
This guy has to be one of the dimmest folks I have ever seen. Putin straight tried to kill him, failed and the world did nothing and yet he still turned himself in as some type of martyr. The world was going to do nothing and they were going to torture him and trump up any charges they felt to ensure he never sees the light of day again and for what? Nothing.
He could have done more even in exile.
Frankly i find it inconsiderate to the social contract to go out on holidays, and sometimes around them.
Its frankly why i always found Black Friday and the "scope creep" of this festival of consumerism partially so repulsive. I mean its repulsive on its own just in the way people act, but doubly so in that it runs right through a national holiday.