There are nearly 1000 open issues and a couple of them are about potential vulnerabilities where the repeated refrain is 'we tried to contact the developer, but there's no response' which makes me... uncomfortable, especially given that NPM was the gatekeeper to a lot of services on my local network.
Again, you CAN work around it but the whole radio silence on issues and ongoing issues just makes me uncomfortable with the project and exceedingly reluctant to continue using it because it's unclear what's going on, and why.
Loved ME and did a playthrough with the Legendary re-release, but when I hit Andromeda, I got to the planet and went 'You know, I don't care about ANY of these people, what we're doing, and I'm not going to drive around for 30 more hours of this' and just kinda... stopped playing.
NPM also looks abandoned right now. There’s some security patches that are not being addressed, and certificate renewal is hit or miss due to the age of NPM’s certbot vs the mainline.
If you’re deploying something new, you might want to consider caddy or nginx by itself or some other reverse proxy at this point since it really looks like the dev has vanished and nobody is taking over maintenance yet.
I noticed that they'll show up eventually where "eventually" could be like, 10-12 hours.
I suspect that they're just absolutely slammed to the point they can't actually push the federated content out to subscribers because EVERYONE is subscribing.
Might be an architectural thing due to not having a sufficiently scalable job queue/worker thread infrastructure, or just like, not enough CPU cycles to do it.
I have to wonder if the real discussion here is between 'pre-internet' or 'not the internet where you're the product being sold and sold to', because I strongly suspect it's the latter that's the issue here.
I'm just barely old enough to recall how things worked before the internet and I don't think people would ever really want to go back to not being able to watch anything they want, any time they want, or not having turn-by-turn directions or even things like ordering a pizza by having to call someone on the phone.
It's not just the difficulty, it's that the fediverse runs on reputation.
If you get a reputation for being an instance that has offensive/illegal content, you'll get defederated and your users will get a materially worse experience than the rest of the instances that are federating with each other - and it really only takes one or two things to get that reputation.
sh.itjust.works is a prime example: it didn't take an awful lot to get them down the defederation road, and I suspect most admins would want to maintain their reputation and an easy way to do it (until we get like... moderation tools) is to just gatekeep what communities show up on your instance.
It's a valid point, and it's really silly that something like a M2-based iPad can't be used to write software it can run.
There's no excuse given that it's fast, you can add a keyboard and even a monitor to it, but you just... can't use it that way because Apple said no.
I know it's to make Apple sell more hardware, and maintain control of the ecosystem to extract their 30% rent, but I mean, you could still do that and have a full IDE on the platform.
As a counterpoint to that: any new community that gets created on an instance is now a possible liability the site admins have to own.
Makes a lot of sense that you wouldn't want anyone to make anything on your site, since that's how you end up with /r/jailbait, and /r/fatpeoplehate and so on.
Seems reasonable you'd want to make sure you understand who is creating what and why on a platform you're ultimately responsible for.
IMO, exec salaries (and any equity grants) should be exclusively tied to company profitability but that's one of those things that'd never happen in a million years.
There's just no incentive to build sustainable businesses when you're working with free money and I think a lot of tech firms (not just social media ones) are going to crash land over the next couple of years.
Yeah, I do. I can imagine if you didn't happen to be close to a major metro area you probably would have a heck of a time finding anything.
As it is, the pickings have gotten slim because the garage sale/estate sale scalpers have figured out that old computers sell on eBay for stupid prices, and they're snatched up by the "pros" pretty fast.
Part of the problem is, IMO, the corporate structure built around these companies.
I've always wondered why Twitch has 1200 employees, or Reddit has 2000, or Twitter had 5,000. What do they all do, and is the cost of carrying so many people justified?
I'm betting (and honestly, the Twitter shitshow kinda has shown) that you maybe don't actually need 1,200 people to run a streaming site, and maybe you don't need 2,000 to run a text-based link aggregation site and that this weird tech company obsession with growth and size is actively counterproductive, at least to some extent, when it means you can't carry the costs of the company without having to absolutely trash the experience of your users to do it.
A lot of the issue is there's not really as much old hardware out there as you might think.
Nobody kept their old computers safe once they upgraded, they got sold cheap or trashed or whatever. There was never really a time when old computer hardware had a lot of retained value over maybe a year or two from its release because stuff moved so fast that things got obsoleted rapidly and the value hit essentially zero within a reasonably short time.
And a LOT of what's out there doesn't work because, well, working for 20 or 30 or 40 years was never part of any design decision for any computer - if you got 5 years out of it was a good run.
Worse, there are entire generations of hardware that flat-out fail - the capacitor plague, for example.
Basically, nobody 35 years ago thought there would be a time with an IBM 5150 would be valuable, so very few people bothered to keep them when they upgraded.
IANAL, but I did spend a few years handling DMCA/Trademark takedown requests for an IaaS provider.
The answer is 'Yeah, probably, but', in most cases. If your instance is actively sharing copyrighted media, say, a stolen photo, and you get a DMCA and you're in a jurisdiction where the DMCA applies (which is, of course, a US law and not some global copyright cartel) you probably are going to have to comply and remove the content.
If it's just a link to content, say an embedded youtube video, you likely don't need to comply since embedded content isn't hosted on your server and thus isn't something you can 'remove', but that's a situation where shit gets murkier.
TLDR; it's complicated but if the URL for the claimed infringing material is hosted by you and you get a notice you probably have to take action to remove the content in the URL.
It's just a bit more platform enshittification, honestly.
Every social-oriented company is realizing that the Free Money Tree has died, burned down, and is now a rotting stump in the middle of the High Interest Rates woods, and they're in utter panic because not a single one of them is actually profitable, has ever been profitable, or reasonably has a path to profitability.
Reddit, Twitch, Discord, etc. are all living on borrowed money and time and the only way they're going to survive is if they either squeeze money out of the users directly, squeeze it out of their partner/content creators, or find a new investment which isn't something that's happening anywhere.
I've had amazing luck with Facebook marketplace and Craigslist, though not just waiting for listings. I make posts saying I'm buying old computers, and kinda generally sketch out what I'm looking for - nothing specific but things like 'Need PC from late 90s for project' or something.
You will, eventually, get a couple of nibbles here and there and sometimes land a legitimate deal but it does require a lot of time and patience that it didn't require a few years ago when you could just literally go get all the retro computer e-waste you could stuff in your car for $0.
I was a $20 Kickstarter backer of this complete disaster.
Though, at this point, it's been a decade of absolutely hilarious drama, so I really do feel like I got my money's worth out of it even though I literally have never installed nor played any of the "betas".
To piggyback on other comments, a firewall only stops access to services you don't want people to access.
Presumably you WANT people to access your Lemmy install, so a firewall doesn't really offer any added protection.
If there's an exploit in Lemmy, you might get bit, sure. It's always a case of maintaining good backups, having a response plan in place and taking mitigation steps - patch the underlying OS, subscribe to release and security notifications so you know when an update or issue is found, and have a plan to either rapidly patch or disable services until you can patch them.
If you want to dive into more depth, there's an awful lot of tooling from fail2ban to Crowdsec's offerings to a whole slew of SIEM options you could implement to monitor traffic to your host to identify and take action on suspicious and/or outright malicious traffic, but that's going to have to be a case of you deciding how much risk is okay and how much time you want to invest in mitigating.
It's one of those 10% of the time can solve 90% of problems thing, so if it's just a case of 'well if something happens I'd be annoyed' it's maybe not worth investing a huge amount of time beyond updates and basic monitoring.
Yeah I think that's pretty much a universal story: you consolidate things until it breaks, at which point it's impossible to fix anything because absolutely everything is broken all at once.
Routing should probably be separate hardware for most people, as should DNS (if you're running your own) and then you can probably lump most everything else on a single server or so.
There are nearly 1000 open issues and a couple of them are about potential vulnerabilities where the repeated refrain is 'we tried to contact the developer, but there's no response' which makes me... uncomfortable, especially given that NPM was the gatekeeper to a lot of services on my local network.
The cert error is related to outdated python code in the latest shipping version, https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2912 and 2921.
Again, you CAN work around it but the whole radio silence on issues and ongoing issues just makes me uncomfortable with the project and exceedingly reluctant to continue using it because it's unclear what's going on, and why.