Max-P

That’s more of a general DevOps/server admin steep learning curve than Vaultwarden’s there, to be fair.

It looks a bit complicated at first as Docker isn’t a trivial abstraction, but it’s well worth it once it’s all set up and going. Each container is always the same, and always independent. Vaultwarden per-se isn’t too bad to run without a container, but the same Docker setup can be used for say, Jitsi which is an absolute mess of components to install and make work, some Java stuff, and all. But with Docker? Just docker compose up -d, wait a minute or two and it’s good to go, just need to point your reverse proxy to it.

Why do you need a reverse proxy? Because it’s a centralized location where everything comes in, and instead of having 10 different apps with their own certificates and ports, you have one proxy, one port, and a handful of certificates all managed together so you don’t have to figure out how to make all those apps play together nicely. Caddy is fine, you don’t need NGINX if you use Caddy. There’s also Traefik which lands in between Caddy and NGINX in ease of use. There’s also HAproxy. They all do the same fundamental thing: traffic comes in as HTTPS, it gets the Host header from the request and sends it to the right container as plain HTTP. Well it doesn’t have to work that way specifically but that’s the most common use case in self hosted.

As for your backups, if you used a Docker compose file, the volume data should be in the same directory. But it’s probably using some sort of database so you might want to look into how to do periodic data exports instead, as databases don’t like to be backed up live since the file is always being updated so you can’t really get a proper snapshot of it in one go.

But yeah, try to think of it as an infrastructure investment that makes deploying more apps in the future a breeze. Want to add a NextCloud? Add another docker compose file and start it, Caddy picks it up automagically and boom, it’s live and good to go!

Moving services to a new server is also pretty easy as well. Copy over your configs and composes, and volumes if applicable. Start them all, and they should all get back exactly in the same state as they were on the other box. No services to install and configure, no repos to add, no distro to maintain. All built into the container by someone else so you don’t have to worry about any of it. Each update of the app will bring with it the whole matching updated OS with the right packages in the right versions.

As a DevOps engineer we love the whole thing because I can have a Kubernetes cluster running on a whole rack and be like “here’s the apps I want you to run” and it just figures itself out, automatically balances the load, if a server goes down the containers respawn on another one and keeps going as if nothing happened. We don’t have to manually log into any of those servers to install services to run an app. More upfront work for minimal work afterwards.

I hope they’re donating big chunks of money to the Internet Archive in return for what’s likely to bring a ton of extra traffic.

Yeah, that didn’t stop it from pwning a good chunk of the Internet: https://en.wikipedia.org/wiki/Log4Shell

IMO the biggest attack vector there would be a Minecraft exploit like log4j, so the most important part to me would make sure the game server is properly sandboxed just in case. Start from a point of view of, the attacker breached Minecraft and has shell access to that user. What can they do from there? Ideally, nothing useful other than maybe running a crypto miner. Don’t reuse passwords obviously.

With systemd, I’d use the various Protect* directives like ProtectHome, ProtectSystem=full, or failing that, a container (Docker, Podman, LXC, manually, there’s options). Just a bare Alpine container with Java would be pretty ideal, as you can’t exploit sudo or some other SUID binaries if they don’t exist in the first place.

That said the WireGuard solution is ideal because it limits potential attackers to people you handed a key, so at least you’d know who breached you.

I’ve fogotten Minecraft servers online and really nothing happened whatsoever.

Isn’t he the same person who calls adblocking piracy?

He’s also got a generally nuanced opinion of piracy, in that it’s justifiable in some situations. If you call it piracy and you’re okay with piracy then it’s not really a contradiction.

Being willing to talk about it despite working against your interests isn’t always bad depending on context.

You can’t, because normies don’t care about tech other than it benefits them directly in some way. They care about the experience they get and doing the same thing everyone does because normies are like sheeps.

Normies barely even get how emails work and it’s been like over 40 years. They know if they sign up for Gmail it’s free, they get a ton of space and an @gmail.com address. That’s it.

And even then, people looked at me weird back in 2007 when I made my Gmail account because “everyone uses Hotmail, why wouldn’t you use Hotmail, everyone uses it so it must be the best”. Heck just yesterday, the teller at the mechanic shop looked at me weird because I used $storename@max-p.me to place the online order, they were utterly confused. They thought I made a Gmail or Outlook for all of those aliases. People don’t think about using emails, they think about using Gmail or Hotmail/Outlook.

Same with Reddit, it didn’t become popular until normies felt like they were missing out by not being on Reddit, and arguably that was Reddit’s downfall flooding the site with the same repeated arguments and opinions over and over. And for that too, I’ve been told my “Reddit looks weird” because I use a third-party app. People want to use Reddit so they download Reddit.

Normies don’t use Twitter because they want to microblog, they use Twitter because their idols are on Twitter and they want to mimic them. If Taylor Swift opened a Mastodon account and posted exclusively there, we’d get a massive spike of users. And they all would want to register on the same instance as her and it would be the only viable instance to them.

They just want to fit in and do the same as the others, using the same services and same apps and everything. “Influencers” are everything these days.

The best way to get normies on the Fediverse is IMO, endorsing Threads and BlueSky, which will effectively force them to integrate because those platforms integrate.

Only time will tell. They’ve definitely done their own share of EEE like for a while you could use Facebook Messenger over XMPP then closed it down.

Definitely can appreciate the carefulness here. Imagine they just open the floodgates and now some random Mastodon instance on a $5 VPS is getting hammered with millions of activities because they followed an account with millions of followers on Threads, and now it’s federating millions of likes and thousands of posts.

Meta is trying to be a good fediverse participant here. They could just come in and crush the entire fediverse and be like “lol should have gotten beefier servers”.

If your stuff is all Docker then yeah, immutable makes sense as it makes the entire box declarative and immutable: you can get back the exact same operating Docker environment on the server, and then you can get back the exact same Docker workloads going with the Docker compose configurations.

If you ever need to run stuff you’d run on Debian, you can just shove it in a Debian container.

That said, if most of the stuff is containers, the risk of just the core Debian breaking is fairly low. Pick whatever is easiest for you to deal with based on your needs. Immutable distros have a bit of a learning curve.

I learned it accidentally trying to get root on an encrypted dataset working with systemd init without sd-zfs. This turns out to be how the zfs utility works internally to signal the driver “hey it’s okay, I’m a ZFS utility the user isn’t using mount directly”, and how you deal with mounting your root dataset to the temporary /sysroot while having its mountpoint set to / while in initramfs before pivoting root.

Obviously, don’t use that other than recovering your data, if you want to use this array you should figure out the mountpoints properly so ZFS does it automatically. It shouldn’t break anything but it’s gross, either set mointpoint=legacy and use fstab or set its mountpoint in ZFS and use zfs mount.

The trick for this one is mount -t zfs -o zfsutil internal /mnt/some/path

Assuming the root dataset is mountable. If you have a -o canmount=off on the dataset it will refuse to mount.

If it’s -o mountpoint=legacy then you don’t need -o zfsutil, but still need to provide both the source and destination paths. Otherwise you’ll get the fstab error because mount can’t figure out what to mount or where to mount it.

Profiles, yes that’d be nice as that’d bridge the gap with Mastodon and enable users to do standalone posts but see it threaded instead of the horrible microblogging UX for that.

Chat, I don’t think belong to ActivityPub, it works alright for direct messages but that’s it. It wouldn’t scale well for this amount of traffic for a chat. But you can however put your Discord/Matrix/IRC on your profile, and communities can put their own Discord/Matrix/IRC rooms link in the description to form a chat community around the Lemmy community. Maybe an option would be adding dedicated fields for those so that it can be added to the UI to direct you to those transparently. UIs could implement some support for those and embed the chat rooms in the page.

Yep there’s a reason I reached directly for that configuration. WireGuard uses UDP, that’s one of the first things that gets blocked.

Turns out that’s also the kind of protocol corporate VPNs use, reusing port 443 over TCP. They call those “SSL VPN”. They get to weed out all commercial VPNs used to bypass their firewalls as well as most torrent/game activity while still mostly catering to their business guests.

Best bet is probably going to be using something like OpenVPN on port 443 in TCP mode, which basically looks like regular HTTPS. It’s a hotel, I doubt they’re going to be doing deep analysis to detect signs it’s OpenVPN. It’s detectable easily but they wouldn’t spend the money on that advanced of a firewall.

My guess is they went for an allowed list of ports rather than blocked, so it lets DNS (53), HTTP (80), HTTPS (443), probably also POP/IMAP/SMTP (110, 995, 143, 993, 465)

A functional desktop Linux is hard. Getting desktop Linux to boot and run stuff isn’t that hard in itself.

The problem is mostly drivers. They’re made for Android specifically, and often for that device specifically as well, so getting them working outside of Android is hard. The second problem is of course manufacturer obstacles, they really don’t want you to do that.

Technically getting a kernel and a working framebuffer is fairly “easy”, because it’s mostly already there, you could just replace the initramfs and run whatever init and software you want. It’s getting the GPU to do stuff that’s a lot harder. WiFi is alright but cellular is a complete nightmare. A lot of those are Java native libraries, which makes it non-trivial to use outside of the Android Framework. But all the kernel stuff, you already have ready to steal right from the manufacturer, or you can take the ones LineageOS uses. It’s only a matter of getting a useful userspace.

And the phone landscape on Linux isn’t that interesting, so people’s attention have been around improving Android itself as it’s much more capable and mature, and is open-source. If Android was closed source we’d have Linux phones already, but for many FOSS entheusiasts, Android is fine and much better polished.

If you’re lucky, PostmarketOS might support your device well. If you’re less lucky you might get a kernel that boots but you can only get a serial shell to it over USB. If you’re unlucky, nothing exists, and you have to do it yourself.

Firstly, remember than each piefed account only has one alt account and it’s always the same alt account doing the votes with the same gibberish user name. It’s an open source project so the mechanics of it cannot be kept secret and they can be verified by anyone with intermediate Python knowledge.

That implies trust in the person that operates the instance. It’s not a problem for piefed.social, because we can trust you. It will work for your instance. But can you trust other people’s PieFed instances? It’s open-source, I could just install it on my server, change the code to make me 2-3 alt accounts instead. Pick a random instance from lemmy.world’s instance list, would you blindly trust them to not fudge votes?

The availability of the source code doesn’t help much because you can’t prove that it’s the exact code that’s running with no modifications, and marking people running modified code as suspicious out of the box would be unfair and against open-source culture.

I also see some deanonymization exploits too: people commonly vote+comment, so with some time, you can do correlation attacks and narrow down the accounts. So to prevent that, you’d have to remove the users mapping 1:1 to a gibberish alt by at least letting the user rotate them on demand, or rotate them on a schedule, and now we can’t correlate votes to patterns anymore. And everyone’s database endlessly fills up with generated alt accounts (that you can’t delete).

If the person is always downvoting or always voting the same as another person you’ll see those patterns in their alt and the alt can be banned.

Sure, but you lose some visibility into who the user is. Seeing the comments is useful to get a better grasp of who they are. Maybe they’re just a serial fact checker and downvoting misinformation and posting links to reputable sources. It can also help identify if there’s other activity beside just votes, large amounts of votes are less suspicious if you see the person’s also been engaging with comments all day.

And then you circle back to, do you trust the instance admin to investigate or even respond to your messages? How is it gonna go when a big, politically aligned instance is accused of botting and the admin denies the claims but the evidence suggests it’s likely? What do we do with Threads or even an hypothetical Twitter going fediverse, with Elon still as the boss? Or Truth Social?

The bigger the instance, the easier it is to sneak a few votes in. With millions of user accounts, you can borrow a couple hundred of your long inactive user’s alts easily and it’s essentially undetectable.

I’m sorry for the pessimism but I’ve come to expect the worst from people. Anything that can be exploited, will be exploited. I do wish this problem to be solved, and it’s great that some people like you go ahead and at least try to make it work. I’m not trying to discourage anyone from experimenting with that, but I do think those what-ifs are important to discuss before everyone implements it and then oops we have a big problem.

The way things are, we don’t have to put any trust in an instance admin. It might as well not be there, it’s just a gateway and file host. But we can independently investigate accounts and ban them individually, without having to resort to banning whole instances, even if the admins are a bit sketchy. Because of the inherent transparency of the protocol.

Apple is Apple, it’s not a super great example. They already had iBoot from the iPhones and iPads that they just adapted for the laptops, which is also what the M chips are. Apple’s firmware has always been rather quirky compared to more standard machines.

If you look at the cloud, like AWS and their Graviton instances, they use plain old regular UEFI but ARM, which then can load GRUB and the kernel as usual there. Completely generic and basically the same as x86_64 UEFI. You can load any generic ARM distro there. We already know what ARM PCs would look like.

The main thing here isn’t really x86 vs ARM, it’s embedded vs PCs. You can totally have non-BIOS and non-UEFI compatible machines with x86 CPUs in them, but I only saw this being done embedded in devices, in my case those were industrial machines. With ARM you’ll also see U-boot which is common in stuff like routers and IoT devices because it’s fairly easy to get working and can be controlled with serial ports. But for PCs, it’s gonna be UEFI if anything because Windows support. In the end, CPU is CPU, it runs code.

Why not UEFI everywhere then? Because it’s overkill most of the time, and orders of magnitude more code and complexity which you just don’t need for a router. Your router can start executing its operating system directly from flash. You know in advance where the kernel is located, you don’t need to start initializing PCIe devices and a SATA controller and scan disks for GPT headers and find an EFI partition formatted as FAT32 to find an executable to load into memory and execute, no graphics card to initialize, no keyboard and mouse to monitor for menu, no menus to display because there’s no options, etc. UEFI firmwares aren’t small. The arm64 OVMF firmware for QEMU is a whopping 64MB, that’s more flash than my router even have.

The problem with this approach is trust. It works for the users, but not admins. If I run a PieFed instance with this on, how can lemmy.world for example can trust my tiny instance to be playing by the rules? I went over more details in this other comment.

Sure, right now admins can contact you, for your instance. But you can’t really do that with dozens of instances and hundreds of instances. There’s a ton of instances we tolerate the users, but would you trust the admin with anonymous votes? Be in constant contact with a dozen instance admins on a daily basis?

It’s a good attempt though. Maybe we’re all pessimistic and it will work just fine!

Plus, if you know your votes are public, maybe it’ll incentivise some people to maybe skip upvoting that kind of content. People use anonymity to say and promote absolute vile things that would never dare say or support openly otherwise.

Phones don’t brick with installing a ROM wrong just the same PCs don’t brick when you fail to install an OS correctly on it. It just doesn’t have a bootable OS on it.

Most phones have a download mode / fastboot which does exactly what you’re asking for. You can pretty much always reflash a valid OS with fastboot.

BIOS on PCs is used for compatibility because most hardware manufacturers want to be compatible with existing operating systems. ARM does support UEFI.

Phones just don’t have UEFI, because 99.999% of the time it will run only one operating system: the manufacturer’s flavor of Android. Skipping an UEFI makes it boot faster because it can load directly into the Linux kernel which will initialize the hardware and already knows the precise hardware it’s expecting to be present through its device tree. Chromebooks do that on x86 as well: they skip the firmware part and boot into Linux as early as possible, because it boots faster and it’s a ton of code you don’t need when you can just let Linux deal with it. Both are purpose built to run Linux, there’s no point wasting time with a whole firmware interface nobody should ever need. Fastboot is a perfectly fine low-level bootloader interface that lets you flash ROMs just fine.