terribleplan

Pretty sure it needs to be https://$user:$pat@github.com/username/repo.git#branch.

1. You host it yourself
2. You can get a cool domain name
3. It’s pretty low maintenance

I run my own for myself and some friends who don’t really use it. If you are interested in doing so I say give it a shot.

I would still go with one that isn’t one of the biggest. My general advice is to find one that fits the vibe you’re going for, communities you’re interested in (e.g. some are focused on art or cybersecurity, etc), or is somehow tied to your locality. It shouldn’t matter that much, though some servers will be a little more (or less) strict with things like federation, content warnings, alt text, etc. Usually the server will have some info telling you some of this, and their admin should be linked and likely has a post or two pinned to their profile explaining some of this as well.

I am partial to kind.social, though have opted to run my own instead of joining up anywhere.

It depends on what specific thing you want to add geoblocking to, but often something like the MaxMind GeoIP database, which then can feed into a firewall to pre-emptively geo-block at a connection level, or as part of e.g. nginx geolocating the IP a of the connecting IP then making the blocking decision at request time.

There’s a project that works with Traefik’s forward-auth middleware to do this, which is probably how I would go about it if I wanted it at an HTTP level.

Yep, nobody is talking about it at all…

• https://prime8s.xyz/post/3812
• https://lemmy.ml/post/1409164
• https://lemmy.one/post/337062
• https://lemmy.world/post/1079916
• https://lemmy.world/post/1060627
• https://lemmy.one/post/629353

Things don’t get backfilled, so until a new action happens on an old post/comment/etc they won’t show up on your instance. New things should make their way in eventually though.

Taking the link of a specific post/comment from the community instance and searching for it from your instance should populate it on your instance, just like you probably had to do to get this community to show up so you could subscribe/post at all.

There are backfill tools/scripts, but unless you really want old posts I wouldn’t use them. It unnecessarily increases the load on already struggling popular/overloaded instances like lemmy.world.

The EFF is neither right nor left wing, they advocate for privacy and freedom. Free speech includes speech you may not like, and it certainly includes things I do not like. Luckily one of the freedoms generally included in “free speech” is the freedom to ignore, shun, call out, shame, etc. those who say things I don’t like if I so choose (like what you are seemingly trying to do with this post, in fact).

As someone who hosts a bunch of other stuff already including my own email (because I am a madman), does stuff like this as a job, has developer experience, etc. it was simple.

Figuring each of these things out (and how they all work together) for the first time was a hell of a journey.

Asklemmy isn’t really a place to ask about lemmy, it’s for asking general questions to users of lemmy, jut like you wouldn’t ask for Reddit support in /r/askreddit.

Regardless, this question gets asked and talked about in the !selfhosted@lemmy.world community fairly often, here is a (slightly edited) comment I made a while back.

You will need a domain name, you can buy one from a registrar such as hover or namecheap (for the love of all that you consider holy do not use godaddy).

You will need a way to expose the server that you set up via port forwarding or similar on your network.

You will need to set up DNS records on the domain you buy to point to your home IP. You may want to figure out a different way to avoid just handing that information out, cloudflare can help with that. You will want to make sure the DNS records get automatically updated if your IP address changes, which is not uncommon for residential ISPs.

You will need to figure out how to get an SSL certificate, Let’s Encrypt will issue them for free, cloudflare gives you one if you use them as a reverse proxy.

Some of this would likely be easier to do on a cloud provider like digitalocean or linode and could be done reasonably cheaply.

These are all common things for setting up any website, so lemmy docs won’t cover them. In addition to those (this answer was just addressing “how to get a URL”) you will need to install and configure lemmy, lemmy-ui, postgres, and pictrs somewhere (the join-lemmy docs cover this well).

If you want your instance to send emails you will have to figure out how you want to do that (too many options to cover in this answer).

When 0.18.1 gets released if you want captcha you’ll probably have to figure out an mCaptcha provider or set that up yourself.

Not to mention thinking about backups, high availability, etc, etc.

As far as hardware to host on you could get away with like ~$10/mo on most any cloud provider, run it on a Mini-PC in your closet, etc. My instance uses 1-2 GB of RAM, ~13GB of disk (and growing a few hundred MB per day), and ~30% of a CPU (an old i5).

Best of luck.

Not sure if it’s relevant as pretending to be form Germany may be the point here, but “Tor clients” aren’t “from” anywhere you can know, that’s just where the exit node is located.

They have been tuning the algorithm for that in the past releases, so may be related to that. Also, there is/was a bug where if you don’t restart lemmy (on the server) regularly stuff will get stuck at the top of hot and/or active.

Sure, but we were talking about using Unbound, or some other recursive resolver, locally. Unbound doesn’t use DoH or DoT for its queries, and most/all authoritative servers don’t offer DoT/DoH.

You would have to use some local stub resolver, route its traffic over a VPN, and then use public resolver(s) that provide DoH/DoT (and those still use plaintext DNS to do their resolution, the benefit you get there is the shared cache and semi-anonymization due to aggregation). Whether that is good enough is up to you.

If my threat model realistically involved TLAs or other state-sponsored actors I would not be advertising what I do or do not know on a public forum such as Lemmy, haha.

This conversation was in the conext of running Unbound, which is a recursive resolver and AFAIK DNS “encryption” isn’t a thing in a way that helps in this scenario… DoH, DoT, and DNSCrypt are all only concerned/deployed by recursive servers, meaning unbound isn’t using those. DNSSEC only provides authentication (preventing tampering) of the response, not any sort of encryption/hiding.

Sure, which at least increases the burden from observing just your traffic to your ISP to observing your ISP and your VPN provider. That traffic is still unencrypted upon egress from your VPN. If you’re going through the effort of using a VPN I think using a public DNS server could make more sense as they can’t tie your query to your actual IP. (Also this is all thinking about an upstream for PiHole or similar, so always some sort of local server for your clients to use)

The only problem there is that if you are going for privacy all of the traffic between your unbound and the authoritative servers is unencrypted. It us certainly a trade-off involving trusting a 3rd party, but with a busier public DNS server there can be a level of plausible deniability due to the aggregation and shared caching involved.

AFAIK deletes do get federated. Also, it would be trivial to implement soft delete where the data is retained but bot shown.

In some cases soft deletes are good and useful because it allows things “deleted” for spam and rule breaking to be retained and used to build a case against a bad user/bot or train spam filters, etc.

Seems like most of the Tesla shills haven’t really made it over to the fediverse yet, so that’s nice.

Ah yes, the ~50 year fad of SQL that has already survived its heralded death several times already will go away “because UNIX”. I think the article is a joke, but I can totally imagine certain people arguing this…

There are a few completely fair points in there calling out what they are legally allowed to do (e.g. they are not directly violating GPL) and are doing (contributing changes back upstream, they claim “always”), that’s about the only “right” this reader found.

Have some quotes that demonstrate the “wrong”:

I feel that much of the anger from our recent decision around the downstream sources comes from either those who do not want to pay for the time, effort and resources going into RHEL or those who want to repackage it for their own profit. This demand for RHEL code is disingenuous.

Ultimately, we do not find value in a RHEL rebuild and we are not under any obligation to make things easier for rebuilders; this is our call to make.

Simply rebuilding code, without adding value or changing it in any way, represents a real threat to open source companies everywhere. This is a real threat to open source, and one that has the potential to revert open source back into a hobbyist- and hackers-only activity.