States have argued successfully to tax cross state commerce. That’s why you get charged local sales tax even when ordering from a company that does not have a presence in your state. I don’t see this as any different, but someone will need to go first to set the precedent.

This is the FTC’s rule, but nothing prevents each and every state from implementing a law to do the exact same thing, except slightly differently than every other state, making it extremely costly for the companies to implement.

I keep my seedbox in the planter at the coffee shop down the road with free WiFi.

I couldn’t afford one of those fancy 2-cassette boomboxes, so I had my friend bring his tape deck and we put them real close together in the quietest room of the house and recorded that way. Having several siblings meant that there were no quiet places, so we used the empty garage when my parents were at work. The audio was autrocious, tons of echo and static, but I played that tape thin until it snapped.

Several countries require proof of ID to purchase a SIM card.

My mantra is “plan to be hacked”. Whether this is a good backup strategy, a read-only VM, good monitoring or serious firewall rules.

It’s a VGA connection and, yes, my primary concern is resource usage. I’m running 2-3 VMs on it so that I can easily migrate the VM around.

I had plain old top and it was boring. I did not know how many alternatives there were.

I’ll also have to check out cmatrix.

This is an excellent idea!

Generally, no. On some cases where I’m extending the code or compiling it for some special case that I have, I will read the code. For example, I modified a web project to use LDAP instead of a local user file. In that case, I had to read the code to understand it. In cases where I’m recompiling the code, my pipeline will run some basic vulnerability scans automatically.

I would not consider either of these a comprehensive audit, but it’s something.

Additionally, on any of my server deployments, I have firewall rules which would catch “calls to home”. I’ve seen a few apps calling home, getting blocked but no adverse effects. The only one I can remember is Traefik, which I flipped a config value to not do that.

Probably true, but there were still some useful bots that I enjoyed on a regular basis like the metric conversion bot, the invidious link switcher and the remindme bot.

I think that Lemmy will allow you to use bots only if you declare them as such which should allow users to block or allow to customize their own experiences.

I was hacked years ago. I was hosting a test instance of a phpbb for a local club. Work blocked SSH, so I opened up telnet. They either got in from telnet or a php flaw and installed password sniffers and replaced some tools (ps, top) with tools that would hide the sniffer service they installed.

After that, I changed my model. My time lab is for learning and having fun. I’m going to make mistakes and leave something exposed or vulnerable and hackers are going to get in. Under this new model, I need to be able to restore the system easily after a breach. I have a local backup and a remote backup and I have build scripts (ansible) so that I can restore the system if I need to. I’ve had to do this twice. Once from my own mistake and one from hardware failure.

Same. I have spent way more time troubleshooting a pipeline than it saves. I like the idea of automation but laziness prevails.

For my own curiosity, how do you perform a build? Is it all done in pipelines, kicked off on change? Do you execute the whole infra build each time you release an update?

As others have said, a traditional off site backup will work. How do you plan to perform a restore, though? If you need the self hosted source repo, it won’t be available until the infrastructure is stood to creating another circular dependency.

I’m still in the early stages of exploring this, too. My solution is to run a local filesystem git clone of the “main” repo and execute it with a Taskfile that builds a docker image from which it can execute the ansible infrastructure build. It is somewhat manual but I have performed a full rebuild a few times after some Big Mistakes.

After breaking “prod” many times, I have a Dev (local machine), Test (small VM) and Prod (big VM). My test is just less RAM and space and I need to spin down certain K8s things to spin up others, but it’s a close mirror of Prod, just less.

I can’t speak to the quality outlook, but from what I understand about enshittification, it typically requires a self-serving entity like a corporation whose interests are not in alignment with its customers/consumers/userbase. In some of Mr. Doctrow’s writings, he indicates that federating cans be a “circuit breaker” for enshittification.

In a well federated platform, when one node begins to act counter to its users, the users can easily move nodes/instances. This is one of the reasons why there needed to be a law to allow phone number portability. Email is similar, but only if you own your own domain. Look for Cory Doctrow’s writings on BlueSky for more examples.

I’d love to see nothing but PeerTube links in the fediverse. YouTube has become almost unusable for me.

Thanks for the feedback. I plan to do some reading on NFSv4 domain mapping this weekend.

I think this is exactly what I’m looking to do. Thanks for such a detailed writeup!

I did some reading last night and think it lines up with what you’re saying. I found docker-mailserver with some configuration. The only thing I need to add is mail filtering to folders and I think that’s included.