rufus @ rufus @discuss.tchncs.de

Posts

12

Comments

1,377

Joined

2 yr. ago

Nice. Looks a bit like Revolt, Rocketchat, other standard Matrix clients, maybe even inspired by Discord or whatever people use. I'm curious to find out how they applied the Matrix protocol to power this.

AWESOME! Thanks for linking the Flohmarkt project. I've been looking for something like this for quite some time and all I found was abandoned projects, and things that didn't make it. I'm going to have a closer look at it and install an instance if it proves to be what I was looking for.

If I might add something: We could turn something like testing or unstable into a proper rolling release for desktop machines. It works reasonably well for that. However it is completely unsupported and would require some change to the release model and manpower dedicated to it.

Heise online and their (German) magazines.

Well, I'd for one like to see something new. Not just another clone of an existing platform, since I don't really love any of the social media platforms. I'd like something that simultaneously connects me with friends and people all around the world. With communities like here, just more focused on positive and constructive engagement regarding different topics. Less picking on the news and less just replying if there's something wrong with what somebody said. I'd like to explore some means of democratic engagement. For example electing moderators. Maybe vote on rules instead of transferring power just by choosing instances wisely. And I'd like to do away with the current way of upvoting. It sometimes encourages herd mentality instead of good answers. I'd also like to incorporate blogging longer and well reasoned texts, microblogging and sharing pictures. Both silly memes but also vacation pictures with my friends. I think the concept of friend circles is good, You could choose who gets to see what aspect from your life. And I want different pseudonyms so not everyone knows all the stuff I'm into. And something that's entirely missing is selling used stuff in the neighborhood. Something like NextDoor/Craigslist/Facebook marketplace... You could also combine that with local news and connecting the neighborhood, not just discuss world politics all the time.

I think there is much potential for an enticing platform if we think big and use the concept of federation to our advantage, apply it to use-cases and concepts that haven't yet been explored by the big commercial platforms. We have to do away with the urge of re-creating something to make it possible. And it'd be hard to come up with good concepts to foster good behaviour and solve the technical aspects. But at the same time it'd allow us break free from the constraints of what's already there and just be a smaller alternative to XY. The way it currently often is: We let the major players come up with the new ideas. They have different motivations, mainly growing and making money. We re-create what they came up with and add a bit to it, but the concept stays the same. I think we can do more. But it is difficult. There have been crazy ideas, really new distributed platforms being implemented, lots of it with some crypto tech and in the end it didn't take off or wasn't aligned with what the users want and need or are comfortable with. Or people tried combining every feature into one platform (like I just proposed,) and it fails due to complexity.

Cloudflare, Pagekite, a cheap VPS with a reverse proxy. Maybe IPv6-only access if your CGNat does that, ngrok, serveo, rathole, sish, a VPN... I also found portmap-io, webhook relay, packetriot and countless other smaller companies. There are quite some tools and services available. And which one is right for you might depend on the exact situation and what you're hosting. I'm not an expert on this. I have an internet connection without a NAT, and additionally a really tiny VPS with a mailserver, a small website and wireguard. I just use that to tunnel through NAT if i need to. But that means I haven't compared all the other services since I don't need them (yet.) I've learned a bit about Cloudflare from this discussion.

Thx for explaining. I think I halfway know what this is about now. I don't think I'm their target group. But I learned something about web application firewalls in the process and that is a good thing. I think I'm going to activate that for some of my private services since it's so easy and look up if there are good ip ban lists. It's a bummer that I don't get to see proper documentation on this, since security is all about exact facts and scenarios. But I guess no answer is also an answer. If they just feed buzzwords to me, either my initial skepticism was warranted, or I'm just not their target audience and they only target enterprise users. Either way I'm better off with my current approach. I appreciate I got to learn something :-)

I tried to look it up but I wasn't very successful. What they do in their free tier keeps being a mystery to me. In the $20/month is the the core ruleset from ModSecurity. I don't need to pay them $20 to deploy that for me, the dataset is free and publicly available. I've just installed it on my VPS... It's only a few lines in Nginx to enable that.

And what you're talking about is $200 a month. I seriously doubt anyone here uses that plan for their homeserver. I wouldn't pay $2400 in a year for it.

I still don't get how that would work. Sure you can filter spam that way. And migitate attacks while the worst wave washes through the net. Or do machine learning and find out if usage patterns change. But how would it extend to 0-days faster than the software gets patched? This sounds more like snake-oil to me. If someone finds a way to inject something into a Nextcloud plugin and change things in the database so they have access... And then they do it to 100 cloudflare customers... How would Cloudflare know? If it's a 0-day, they -per definition- don't know in advance. And they're just WAF, they don't know if a user is authorized by mistake or if they're supposed to have access. And they don't know anything about my database, since it runs on my machine. And they also don't know about the endpoints of the software and which request is going to trigger a vulnerability unless this manifests in some obvious (to them) way. Like 100 machines immediately start blasting spam through their connection and there is one common request in the logfiles. Otherwise all they can do is protect against known exploits. Maybe race the software vendor and filter things before they got patched. I just don't see any substantial 0-day protection that extends to more than "keep your server up to date and don't use unmaintained software." Especially not for the home-user.

https://www.namecheap.com/support/knowledgebase/article.aspx/10128/2237/how-to-create-an-alias-record/

https://kb.porkbun.com/article/85-how-to-connect-your-root-domain-when-your-web-host-wont-provide-an-ip-address

Took me a while to remember... I think other providers don't call it CNAME flattening, but ALIAS records. And namecheap lists them in their documentation. You maybe need to look it up if you're interested, but I think they do in fact offer it. (I mean I'm not advertising for or against anything here. If you're happy with your provider and your setup works, that's fine. It's definitely not available everywhere.)

I mean theoretically... I guess, if they do it right? It depends a bit. Some Linux distributions are crazy fast with patching stuff. And some stable channels have a really good track record of open vulnerabilities. Nowadays that's not the only way of distributing software, vulnerability might depend on your docker container setup etc.

Are there actual numbers what Cloudflare adds on top? What 0-days they focus on? I mean do they have someone sitting there, reading Lemmy CVEs and then immediately getting to action to write a regex that filters out such requests?

And how much does it cost? They also list the same ModSecurity in their lower plans. I don't think 0day protection would help people like me if it's $200 a month.

Thanks. I read a lot of people recommending cloudflare. I believe a substantial amount of that group is on the free tier and not exactly making informed choices. Being a registrar, DNS provider and offering tunneling / port forwarding or some mechanism to traverse your home NAT are valid use-cases.

Ah. Makes sense. I don't think you have to specifically use cloudflare in that case. But I remember CNAME records can't be used for everything... there are some limitations. I know I had issues with dyndns and a domain at some point. I just can't remember the details. I know it didn't work with every registrar / DNS provider. But some of them offer some magic to make some things work. I believe back then we ended up transferring that domain to some other hoster. And my domains are with a company that offers an API. I can just have a small script run in the background that changes around entries and do dyndns that way. But obviously you need to pay attention to things like the time to live for your records and set it accordingly once you do dyndns yourself.

Thx for explaining. I'm not sure if I'm willing to do the same trade-offs. Supposedly their WAF is very good and quite some people use it. Probably for a good reason... It just comes at a hefty price. I'm doing selfhosting to emancipate myself, stay independent and in control. I'm not sure if becoming dependant on a single large company and terminating my encryption on their servers that do arbitrary magic and whatever with my packets is something that aligns with my goals. (Or ethics, since I think the internet is to connect people on a level playing field. And that's no longer the case once many people transfer control to a single entity.) But I don't see a way around that. Afaik you have to choose between one or the other. Are there competitors to cloudflare that handle things differently? Maybe provide people with the WAF and databases to run on their own hardware, let them stay in control and just offer to tunnel their encrypted data with a configurable firewall?

Edit: Just found modsecurity.org while looking that up. But I guess a good and quick database of bad actors' IPs is another thing that would be needed for an alternative solution.

Thx, that is a good reason to do it. I'm eventually going to lose my static IPv4 address, too. But I'm preparing to move some of my services to a VPS instead and in the process set up the firewall and the reverse proxy to the Nextcloud on my homeserver and so on there (on that VPS.)

Why do so many people tunnel their personal data through cloudflare anyways? No port forwarding possible? Or afraid of DDoS attacks? Or am I missing something?

Very well. I must have skipped past that. I agree. Using text to code your slideshow and then switching to a graphical diagram editor isn't the perfect match. You probably want both integrated and then either text or UI for both. PlantUML ties into lots of text-based stuff, TikZ into LaTeX and whatever diagram editor an office suite has into the slide show software of said office suite. Once you mix that or use an external vector drawing program, you lose some/lot of the convenience.

Kubernetes / K8s / K3s.

If your trying to do compute / simulations on it, it depends on your workload... OpenMPI... ClusterKnoppix / LinuxPMI ...

Hehe, you think the words 'administration' and 'productivity' can be used in the same sentence?

Apple is good at advertising. Could just be they hype things and people jump aboard the hype train.

I like reveal.js

Sure there isn't an UI in the common sense. Your UI is your text editor. As a benefit you can edit and run it everywhere and commit it to your git repo easily. I personally like using the text editor for everything and not having lots of separate tools for each task, so (4/5) from me on that UI. Maybe you want to consider something like Reveal-MD and just type it in Markdown. Or Asciidoctor and have one single text file that translates into the slides, a webpage, handouts and everything.

I'd use it for sleek and clean slides. Not for computer science 101 with lots of maths proofs and finite-state machines. I'd use LaTeX, TikZ for that, just stay in that ecosystem and use the beamer package.

There are also tools like Sozi