• 1 Post
  • 8 Comments
Joined 1 year ago
cake
Cake day: June 18th, 2023

help-circle
  • Standard Form 86
    Revised June 2024

    Section 30 - Video Gaming Product Record
    23.1 In the last seven (7) years have you participated in any video gaming product?
    [ ] YES [ ] NO

    Entry #1
    Video gaming product name:
    Dates of use:
    Provide nature of participation in this video gaming product:

    Was your participation while possessing a security clearance?
    Do intend to participate in this video gaming product in the future?
    Provide an explanation why you intend or do not intend to participate with this video gaming product in the future:




  • It’s easy* to setup Hashicorp Vault with your own CA and do automated cert generation and rotation, if you are willing to integrate everything into Vault and install your root CA everywhere. (*not really harder than any other Vault setup, but yaknow). I may go down this route eventually since I don’t think a device I don’t control has ever accessed anything I selfhost, or ever will.

    I have a wildcard subdomain pointing to my public IP, and forward port 80 to an LXC container with certbot. Port 80 appears closed outside the brief window when certbot is renewing certs. Inside my network I have my PiHole configured to return the local IP for each service.

    Nothing exposed to the internet at all. There is a record of my hostnames on Let’s Encrypt but not concerned if someone will, say, deduce apollo-idrac is the iDRAC service for a Dell rackmount server called apollo and the other Greek/Roman gods are VMs on it. Seemed like a house of cards that would never work reliably, but three odd years later I only have issues if a DNS resolver insists on bypassing my PiHole. And that DNS resolver is SystemD-ResolveD which should crawl back into whatever hellhole it came out of.


  • They could hijack your site at any time, but with a copy of your live private certs they (or more likely whatever third party that will invariably breach your domain provider) can decrypt your otherwise secure traffic.

    I don’t think there’s significant real tangible risk since who cares about your private selfhosted services and I’d be more worried about the domain being hijacked, and really any sort of network breach is probably interested in finding delicious credit card numbers and passwords and crypto private keys to munch on. If someone got into my network, spying on my Jellyfin streaming isn’t what I’m going to be worried about.

    But it is why CSRs are used.


  • The Fun part of ADHD is there’s nothing unique to ADHD. Being overwhelmed with anxiety doesn’t mean you have anxiety disorder. It’s when you have frequent overwhelming anxiety and it’s interfering with your life.

    Having a tendency to put things down and lose them doesn’t mean you have ADHD. Constantly having to find that screwdriver that was just in your hand and realizing that desk has been half complete for six months because you keep spending thirty seconds looking for it before getting distracted by other tasks? That’s ADHD. Unless it’s focus issues rooted in something else. Like anxiety or depression, which can cause ADHD like symptoms. But also ADHD can cause anxiety and depression, or be comorbid.

    That said, you are here voluntarily on an ADHD community finding common ground with an ADHD meme. If you’ve wondered specifically about ADHD or more broadly felt there’s something different about you’ve just never been able to put your finger on - this is your sign. My advice is to find a psychiatrist who really understand it, dig as deep as you can for hard evidence that you have or don’t have it, and keep an open mind to alternative explanations. A diagnosis of “no you don’t have ADHD” is also important information.





  • Embrace, extend, and extinguish (EEE) - We don’t think they can. If anyone can explain how they technically would, please let us know. Even if Meta forks Lemmy and gets rid of the original software, Lemmy will survive.

    It doesn’t start out with maliciousness. The rank and file technical staff at Facebook aren’t evil. Facebook understands the value of top tier tech talent and top dollar buys you smart people.

    The initial federation is rough, but the problems are resolved surprisingly quick. None of the doom and gloom comes to pass, and Facebook consistently acts as a trustworthy actor. Their employees aren’t really different than their open source counterparts. They make good faith contributions to open source codebases. Their collective experience with distributed systems proves useful in solving growing pains as the Federation grows.

    They eventually start to make proposals to ActivityPub. There’s outrage but no one can come up with good technical objections, so they are approved. The doom and gloom didn’t come to pass, and looks like it never will.

    Facebook doesn’t need malicious intent for what’s going down. It slowly, maybe quickly, becomes the dominate actor in the space. Facebook is pouring money into making Threads the best it can be, and what’s wrong with them trying to build an audience?

    Thread’s improvements set an increasingly high standard for what people expect. More uptime, cleaner UI, more responsive API calls, more personalized frontpage algorithms, higher resolution videos - more and more features. More and more cost. Even people who kneejerk reject Facebook recognize how much better their site is. There are still important reasons to go with Lemmy or Kbin over Threads, but FOSS projects have never been good at making their case in ways random-not-technical people can understand, let alone why they should care about them.

    After a while, Facebook starts walling people into their platform. Starts with little things like how Reddit added video and picture hosting to replace Imgur et al. It’s not malicious, but rather from TPMs who are under pressure to increase engagement. After a while what else is there? Just don’t turn the heat up too many degrees at once.

    It’s wrong to think of Facebook as a uniquely bad actor. This isn’t 90s/2000s Microsoft with blatantly transparent EEE aims. There have always been bad actors. There will always be bad actors. There are bad actors with us right now.

    Facebook needs to make money, and they won’t do so by directly charging users. There’s only one path forward for Facebook in this, and it will come at the expense of its users and everyone else in the Fediverse.

    Build something useful, then put up walls around it, and then exploit it for profit; the internet’s monomyth. You don’t have to read the writing on the wall, but it is there. Federating with Threads is signing your own death warrant.

    If the Fediverse experiment is going to survive, it needs to be able to withstand these bad actors. One of the ways it can do so is to recognize and reject them. Facebook has so many resources and so much power and we don’t have to run the experiment to know where this will go. It is important to explicitly say “your goals do not align with what we are trying to build, and therefore we will not voluntarily interact with you.”