I have a single Nginx setup which is the frontend for all my web services. So I only need to deploy it there (and to its HA partner). My renewal script just scp’s it to the secondary and does an nginx -s reload on both.

I do generate separate certs/keys for my non-web servers, but there’s only two of those.

You could also, if you wanted, just generate one cert and distribute it and its key to everything with a script or other automation tool (Ansible is what I used to use).

Is there a way I can get Let’s Encrypt to dole out a wildcard certificate

Yep. Just specify the domains yourdomain.com and *.yourdomain.com in the certbot request. Wildcard domains require the DNS-based challenge, but you’ve said you’re already good there. You don’t technically need the apex domain (yourdomain.com) but I always add it since I do have services running there.

Any subdomains under the wildcard can use internal DNS or internal IPs on the public DNS (I do the former, but the latter works too).

I used to run an internal CA, and it wasn’t too hard to setup a CA and distribute my root cert. Except on mobile devices. On Android it was easy, but there was a persistent warning that my network traffic could be intercepted (which is true when there’s a custom root cert installed), but it since it was my cert, it got annoying seeing that all the time. Not sure if Apple devices can even do that, but regardless, it wasn’t practical for friends who wanted to use my self-hosted services to install a custom cert when they were over.

Fuckin’ crawlers, man.

There’s not even a reason to crawl Wikipedia. You can literally download dumps and feed them in, and those dumps are mirrored as to not DDoS Wikipedia itself.

😁 Wherever I goddamned like! 😁

The first time I saw that, I just about spit out my drink. Hands down, that’s the best non sci-fi moment of the entire series.

They’re just something very ASMR about how Chrissy says “proto-molecule”

Quantum immortality postulates that when you “die” in one universe, your consciousness continues in another. (in a nutshell)

What it doesn’t specify is that your consciousness can ever go back to an earlier point in time (that you remember, anyway)

Alcohol is great for nostalgia (e.g. “Hey, daytime whiskey, wanna meet my record collection?”).

Is there EV support?

Looks like it, yeah:

The UI still shows Fuel, but it seems like you can enter the kWh and it should calculate. Maybe plug some values into the demo to be sure. If you do, let us know!

I use Fireflyiii for my money and budgeting.

I don’t see why not. I haven’t stood it up yet, but I’ve played with the demo. It does have a section for parts/repairs/upgrades.

Give the demo a try, and let us know.

Yeah, building a simpler version of something like that was on my ever-growing “to do” list but came across this today. Probably going to deploy it this evening or maybe this weekend (whichever day it’s supposed to rain lol).

That’s pretty much how I buy my phones: Look at the LineageOS device list, find the newest ones I can find/afford.

For a website, forum, blog, etc, at least the damage caused by poor security would be limited to just that platform. Unfortunate, but contained. With federation, that poor security becomes everyone else’s problem as well. Hence my gripe lol.

It’s been so long since I setup my instance, I honestly don’t recall what the default “Registration mode” is.

I’m but a small drop in the larger fediverse, but I do develop a frontend for Lemmy. I actually coded the “Registration” section in the admin panel to nag you if the config is insecure. lol

It will still let you do it, just with a persistent nag message on that page.

Basically, yeah. Not all admins would defederate, so they probably wouldn’t be completely isolated off, but they would definitely have a very reduced audience for their, uh, antics.

Yup, and I’ve probably still got a lot of those instances on my federation blocklist.

One of my ongoing gripes with the fediverse is that people run instances with little/no oversight and leave registrations wide open. It’s just irresponsible to have open registrations when you don’t have an admin available 24/7.

Add to this: Intentionally loud aftermarket exhausts / fart cannons.

Add to that: Revving their motorcycle at a stop light just to be loud.

So let’s say instance A and B are defederated from each other, but both are federated with instance C. After a user from A posts something on C does every user from B get to downvote everything?

Yes. Instance A will not see the downvotes from instance B, but instance C would. Also, anyone federated with all 3 would see the downvotes from B for content posted by someone on A.

The only defense is that mods and admins can see the votes and, if something like that is suspected, they can take action (ban the accounts, mods report the behavior to admins, consider defederating from instance B, etc). Seeing a pattern of mass-downvotes only from a particular instance would be considered a red flag for most admins.

This scenario is less likely than what we see in practice, though, since the overhead to create an instance and the “eggs all in one basket” make it easy to take action against (admins would quickly coordinate to block that instance). Tools like Fediseer would also be used to censure that instance and bring its behavior to light.

In the wild, it’s far more common for them to just spin up a bunch of accounts across “good” instances (particularly those without registration applications) and coordinate.

One example of that: https://dubvee.org/post/1878799

1. Have an actual mission statement beyond just being a general purpose instance (e.g Beehaw, my instance, most of the topic-based ones, etc)
2. Replace the default frontend with anything better than Lemmy-UI
3. Building on #1, try to curate the experience into something positive.
4. Block the toxic aspects as best you can by default. Don’t make new users discover and deal with the toxicity on their own. There’s plenty of other general purpose instances that will let people rawdog everything (and everyone) on the Fediverse if that’s what someone wants.
5. Focus on “quality over quantity” and block all the content repost bots / defed from the instances that do nothing but repost Reddit content. Disallow AI slop in all its forms and focus on human interactions.
6. Consider hiding/disallowing Politics communities and don’t allow accounts who post with an obvious agenda.
7. Systematically Identify and ban accounts that do nothing but downvote (if everything here displeases them so much, perhaps they should go elsewhere, ya know?)
8. Clean up duplicate posts; even if they’re slightly different, seeing the same story posted 10 times gets old for users.

• New Yak City
• Chicag-Oh, shut up already
• Utter Pradesh
• Talky-o (Talk-yo?)

Interesting. One of my instance’s guiding philosophies is “Quality over Quantity”. I’ve taken different steps toward achieving that (defederate from the Reddit repost instances, disallow pretty much all content bots, manually/locally mod duplicate posts, etc).

Do you plan to publish your algorithm/filter? Would be interested in seeing if it could be tuned and possibly reduce some of the workload for me.