LedgeDrop @ LedgeDrop @lemm.ee

Posts

0

Comments

142

Joined

2 yr. ago

I've got a similar set up and everything works. So, I can confirm that your assumptions are sound.

My solution is kubernetes based, so I use cert-Manager to issue/create the Let's Encrypt (using DNS as the verification mechanism), when gets fed into a Traefik Reverse Proxy. Traefik is running on a non-standard port, which I can access from the outside world.

I'd suggest tearing your current system down and verify everything is configured correctly.

For example :

• Take a look at the SSL cert. Is it generated properly?
• Look at the reverse proxy. Is it using the proper SSL cert and is it properly formatted? (I've found curl - -verbose - - insecure https://... to be helpful)
• Maybe add a static file (ie: robots.txt) to nginx. This would allow you to see if the problem is between the outside world and nginx or between nginx and your service.
• You can also use the "snake oil" cert, in a pinch. It's an insecure SSL cert, but it would allow you to confirm that your nginx is properly configured and it would confirm that the issue is with the Lets Encrypt cert (or that process/payload).

... and not to rob you of this experience, but you might want to look into Cloudflare Tunnels. It allows you to run services within your network, but are exposed/accessible directly from Cloudflare. It's entirely secure (actually more so than your proposed system) and you don't need to mess around with SSL.

You will likely want to set up your own instance blocks

As a former Redditor, I gave up on /r/all years before the enshittification (due to the poor signal to noise ratio) and started culling a list of meaningful subreddits. For me this was a game changer.

If you plan on using lemm.ee (or any Lemmy instance) as a pre-curated r/all, I think you're going to have a bad experience. Lemmy, in it's current state, wasn't really made for that (the sorting is too simplistic).

For myself, I simply subscribe to the communities that I'm interested in. If I feel my daily feed is sparse, then I'll look at what's threads are trending in the entire fediverse and add those communities, then repeat. After following this process for a couple of weeks, I seldomly want/need to check the entire fediverse.

I appreciate that Lemm.ee will let me choose the communities that I'm interested in, regardless of they happen to exist on Lemmy.world, hexbear, etc.

I'd definitely add a +1 to lemm.ee

The admin is open and honest, he's got a clear set of goals, which is to make lemmy accessible - nothing more, nothing less.

Lemm.ee doesn't participate in the whole "federate vs non-federate" drama or crippling features (ie: removing downvotes) because it goes against their ethos/mantra.

There are instances that lemm.ee defederates from, but they are usually due to extreme vore, cp, or other content that could expose lemm.ee to some legal problems.

Vampire Survivor: It's fun, easy to pickup, the sessions are short (less than 20 minutes), and lots to unlock.

... Plus, (if you've been living in a cave and didn't know) it's free on Epic Games for the next few hours.

Shit, and here I thought spending my day unblocking people somehow boosted productivity.

There's also the "Unofficial Half Life 2 VR - unleashed" mod, which looks really exciting (I haven't tried it yet).

There's also a trailer for the mod.

edit: wordz edit 2: found a trailer

So, to solve the problem of the left not voting them, they are moving further to the right.

I humbly disagree. This seems to be an overly simplified view.

The origins of "the far left" (as I understood it) was basically promoting heavy government involvement. For example, breaking up monopolies, many government subsidied programs for it's people, which in turn needs higher taxes for it people (so the rich get taxed more, the poor get taxed less).

The origins of "the far right" was the polar opposite. No government involvement. Companies will do "what's right" in order to compete for profit, less tax on it people, as there are fewer government processes/programs (because people have more personal wealth and can afford the programs that are relevant for them).

"the center" was in the middle of these two extremes. The understanding is that there needs to be some government involvement to prevent companies from going unchecked, not all people have equal chances in life resulting in some people needing more/less government assistance, ect. Yet, also acknowledging that the Stalin form of socialism fights against the basic human desire to "work to make their lives better" and companies (when left to their own devices) cannot be absolutely trusted to do "what's right" for society.

The problem with the DNC and the 2024 election is that the media has perverted what "the far left" aka Democrats and "the far right" aka Republicans (and this has been going on for years).

Based on your line of "left vs right", I'd argue that the Republican party is "close to" my definition of "the far right" (fascism aside). Yet, the Democratic Party is actually closer to "the far right" than they are "the far left". I'd even go so far as to say, that the Democratic Party is far "right of center".

So, yeah, I totally support moving the DNC towards the center, because it'll (finally) make the Democratic Party closer to their "far left" ideals.

I think it's related to this issue (re: lemm.ee is fetching and caching images (to improve performance) , but often get is throttled (because the Lemmy's cache implementation was not designed to work with larger Lemmy instances ), which results users seeing broken images).

I had an on site interview with the owner of a small IT company. He was 30 minutes late (and I'd arrived 10 minutes early to be... ya know, punctual).

He offered no apologies and had this whole arrogance surrounding him. Complained that he had to drive to the office for this. Then after 5 minutes, it was obvious he didn't even bother to look over my CV and was completely unprepared for the interview. ... and somehow this was my fault.

Of course, the interview didn't go well (for either of us). He offered a lowball 30% less than the average salary, I was looking for 30% above. I rolled my eyes, shook hands and left.

Later, I got a call back from the recruiter "I had no idea you were asking that much. From what X (the owner) said, this was a complete disaster." I said, "I agree" and politely hung up.

In hindsight, I should have probably insisted on rescheduling (or just left) after 20 minutes. But, I was young and didn't have many interviews under my belt. So, I took it as a learning experience.

Facebook, now it's your turn....

... just imagine how far we'd get, if it were funneled into improving public education.

It's the "stringing it all together" that could be problematic.

If you have multiple clients (desktop/cellphone) modifying the same entry (or even different entries in the same "database" ). You need something smart enough to gracefully handle this or atleast tell you about it.

I did the whole "syncing" KeePass and it was functional, but it also meant I needed to handle conflicts - which was annoying. I switched and really appreciate the whole "it just works" with self-hosted bitwarden.

I quickly skimmed the title and got:

"What is the first... mind... reading... question?"

answer: "Do these pants make me look fat?"

From the OP

The China-backed intruders, referred to as Storm-0558, broke into Microsoft’s network and stole a digital skeleton key that allowed the hackers unfettered access to U.S. government emails stored in Microsoft’s cloud. According to a government-issued postmortem of the cyberattack, the State Department identified the intrusions because it paid for a higher-tier Microsoft license that granted access to security logs for its cloud products, which many other hacked U.S. government agencies did not have.

Following the China-backed hacks, Microsoft said it would start providing logs to its lower-paid cloud accounts from September 2023.

Oh great! Until this incident, security is considered a "premium feature". I really want off this "up sell to premium" ride.

It's sad, but I think you're right.

I assumed/hoped that Lemmy's architecture was more decoupled.

According to the ChangeLog, it hints that the image reverse proxy is built-in, maybe using Pict-rs.

Which certainly reeks of Not Invented Here Syndrome, as image uploading/storing, reverse proxies, and caching is a well understood problem.

Wow, thanks for the full transparency. You are awesome!

My opinion would be option 2 (proxy requests) , but with a higher cache TTL or simple a LRU (Least Recently Used) Cache.

If you're getting throttled, it could be mitigated by increasing the cache retention period (or improving the cache hits).

Another improvement : Would it be possible to change the proxy, so that if the proxied requests are throttled, it simply sends the user a http-302 to the origin (instead of a broken image)?

Regarding option 1 (full cache) : I greatly appreciate your desire to hide/protect your users ip, but it is outside the scope of what I expect from a Lemmy server. Maybe you could market and upsell this increased privacy as a subscription based feature. However, if I want privacy - I'll use a VPN.

Regarding option 3 (User fetches content from origin) : From a users perspective, I really don't want my Lemmy experience to be based on hitting a bunch of (potentially) unreliable services. When I, as a lemm.ee User, request a post from Lemmy.world (for example), lemm.ee will proxy and cache that post and the comments. This is the distributed nature of Lemmy (as far as I understand). Why restrict this caching to just posts/threads/comments and not include images (which, let's face it, are as meaningful as pure text - especially wrt memes).

Roku is horrible. I bought a Roku Soundbar (speakers) for my TV and for reasons unknown, I had to (temporarily) hook it up to the internet to "activate" and download the firmware.

It's such a horrible glimpse of the consumers future.

In addition, you can force your cellphone to GSM/2G (ie: super slow internet).

Depending on what your TV does when it "activates", if it just needs to "activate/register" - it should be fine. If it needs to "update/upgrade/add a bunch of crapware" - Your internet will be so slow, you can turn it off before it's finished (note: there is a slim chance that, this could also put your TV in a broken state - if it does, simply do a factory reset and try again)

Oh, I absolutely agree. Licensing is where the big difference is at, but that makes sense though, as ARM and RISC-V are both RISC based processors.

It's loosely akin to comparing AMD vs Intel. Of course, you cannot pop-out an RISC-V and replace it with an ARM. However, the PCB's should contain all the same parts, meaning they'll have both have a similar price.

Unlike Intel/AMD, which you'd need extra capacitor, heat sinks, whatever - to help it handle all that extra power those CISC processors need (which results in heat).

Yeah, but RISC-V also costs 1/10th the price of a Pi.