An article making the case that the Fediverse is a fantastic communication platform for public institutions - because of its openness, transparency and reach.

Here's the background: I'd been using Gitea for open source project hosting for a quite a while. So when the Forgejo fork started up, I thought to myself: Eh, I'll see how that all unfolds and maybe look into it at some point. After all, Forgejo is a soft fork, so I can just switch over whenever.

But then Forgejo became a hard fork while I was busy with other stuff, and before I knew it, It seemed too late to switch unless I wanted to lose all my tickets and stuff.

Then I saw this post and read this background and decided it was time for me to switch to Forgejo, hard fork be damned.

But I'm very stubborn, and I still wanted to keep all of my Gitea data intact. So here's what I did, and what you could do too if you're as stubborn and reckless as I am!

Step one: Create a SQL "migration" that downgrades the Gitea database from the modern version you're using to the last version that Forgejo supports upgrading, Gitea 1.22.6, from back when Forgejo was still a soft-ish fork. That means you're effectively rolling back each migration from Gitea 1.25 all the way through 1.24 and 1.23.

When I did this, I used an LLM (specifically MiniMax with OpenCode) to generate the reverse mega-migration, pointing it at the Gitea codebase and also feeding it this very outdated starting point as inspiration. But I totally understand if not everyone is comfortable with using AI. In fact, I really wasn't either, but I figured this is a mostly mechanical one-off. If you don't want to use AI, you can generate the reverse migration manually by combing through the migrations linked above.

I did find three mistakes the LLM made: 1. An off-by-one error in UPDATE version ... because the value should be the last migration number (298 in this case) plus one, 2. Some of the steps it generated to back out an individual migration were out of order, e.g. dropping the issue_pin table before copying data out of it, and 3. It apparently missed making one particular column (type in the review table) into an int instead of a varchar.

I should also note that there were some forward data migrations in the original Gitea migrations that could not be backed out, because the data simply wasn't there anymore. I just skipped reversing those, because YOLO.

Once I fixed these issues as best I could (well, the ones I found ahead of time instead of after the fact), the mega-migration was ready to go.

(I'm not including the mega-migration here, because even if it worked for me, I don't want to be responsible for people fucking up their systems if it doesn't work for them. I'd much rather people be responsible for fucking up their own systems.)

Step two: Backup your Gitea database and files!!!

Step three: Stop Gitea and run the mega-rollback-migration against your Gitea database. This effectively downgrades the database to Gitea 1.22.6. You can optionally then deploy the Gitea 1.22.6 binary or container and start it up to poke around the Gitea web UI and verify that the downgrade worked. (Reminder that there are known security issues in this ancient version of Gitea, so maybe firewall off general web traffic temporarily?) Then stop Gitea again.

Step four: Replace the Gitea binary or container with the last release of Forgejo to support upgrades from Gitea, Forgejo 10.0.3. Start Forgejo and try out the web UI to make sure it's working.

Step five: Upgrade your Forgejo binary or container to the latest release of Forgejo, 14.0.3 at the time of this writing. Restart Forgejo and hopefully enjoy your newly "upgraded" instance, complete with all of your repos and ticket history!

Some additional notes:

• You may have to alter any Gitea Action workflows to work with Forgejo Actions. This may be as simple as search and replacing gitea. with forgejo. in your workflow files.
• Forgejo does work with Gitea's Act Runner, apparently. But you may also want to replace any Act Runner instances you have with Forgejo Runner, which should be relatively straightforward since there's no database to migrate.

Pretty wild!

Hi there, I’m looking to get into self-hosting for privacy reasons and I wanted to ask y’all: how inadvisable is it to utilize an ISP-owned router/modem? I feel like they’re able to track everything I do online with their more than likely integrated spyware.

Hello everyone, I recently tried switching my docker torrent client setup from haugene/transmission-openvpn to linuxserver/qbittorrent with gluetun for my VPN.

I have gluetun set up to use port forwarding with ProtonVPN which assigns a random port on every connection. Gluetun provides a VPN_PORT_FORWARDING_UP_COMMAND which can be used in this scenario to update the port used by qbittorrent. While I had issues with the example command in the gluetun wiki to do this, I eventually managed using a bash script I found in another forum.

My issue now is that my server shuts down for the night to reduce noise and after restarting, even though I have the container startup order set up, qbittorrent is no longer reachable on its webinterface. The logs do not indicate any issue though.

As far as I can tell, the stack as I have set it up is extremely finnicky in terms of startup order and time. If I start gluetun first and then wait too long before starting qbit, the port update script will fail because there is obviously no target for it. If qbit is up and running before gluetun is done, I typically can't access its webinterface for some reason and the network interface used by gluetun will set itself to loopback.

The result of this is that basically every morning I have to start and restart the containers in the stack a couple of times until I can access the interface and ensure that the port and network interface of qbit are configured correctly.

If anyone has a similar setup working that they could share or maybe another solution to my current issue that would be great. Thanks.

This is my docker-compose stack for the new setup

version: '3'
services:
  gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
    ports:
      - 8080:8080 # qbittorrent webinterface
      # - 6881:6881 # qbittorrent, only needed without port-forwarding
    environment:
      - VPN_SERVICE_PROVIDER=protonvpn
      - OPENVPN_USER=${OPENVPN_USERNAME}
      - OPENVPN_PASSWORD=${OPENVPN_PW}
      - SERVER_COUNTRIES=Switzerland
      - VPN_PORT_FORWARDING=on
      - PORT_FORWARD_ONLY=on
      - TZ=Europe/Berlin
      # From gluetun wiki: https://github.com/qdm12/gluetun-wiki/blob/main/setup/advanced/vpn-port-forwarding.md
      - VPN_PORT_FORWARDING_UP_COMMAND=/bin/sh -c 'sh /gluetun/update-port.sh "{{PORTS}}"'
      - VPN_PORT_FORWARDING_DOWN_COMMAND=/bin/sh -c 'echo "Execution port forwarding down command" && wget -O- -nv --retry-connrefused --post-data "json={\"listen_port\":0,\"current_network_interface\":\"lo\"}" http://127.0.0.1:8080/api/v2/app/setPreferences'
      - QBIT_ADDRESS=http://localhost:8080/
      - QBIT_USERNAME=${QBIT_USER}
      - QBIT_PASSWORD=${QBIT_PW}
    volumes:
      - /mnt/truenas/qbittorrent/update_port.sh:/gluetun/update-port.sh
    labels:
      - "com.centurylinklabs.watchtower.enable=true" # Auto update using watchtower

  qbittorrent:
    image: lscr.io/linuxserver/qbittorrent:latest
    container_name: qbittorrent
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
      - WEBUI_PORT=8080
      - TORRENTING_PORT=6881
    network_mode: "service:gluetun"
    depends_on:
      - gluetun
        # condition: service_healthy
        # restart: true
    volumes:
      - /home/poseidon/qbittorrent:/config
      - /mnt/truenas/qbittorrent:/downloads
    # ports:
    #   - 8080:8080
    #   - 6881:6881
    #   - 6881:6881/udp
    restart: unless-stopped

And this is the script I use for updating the qbittorrent ports

#!/bin/sh
# update-port.sh
port="$1"
retries="${UPDATE_PORT_RETRIES:-5}"
interval="${UPDATE_PORT_RETRY_INTERVAL:-10}"

echo "Attempting to update qBittorrent port to $port..."

for i in $(seq 1 "$retries"); do
  response=$(wget --quiet --save-cookies=/tmp/cookies.txt --keep-session-cookies \
                  --post-data="username=$QBIT_USERNAME&password=$QBIT_PASSWORD" \
                  --header="Referer: $QBIT_ADDRESS" \
                  "$QBIT_ADDRESS/api/v2/auth/login" -O -)

  if [ "$response" = "Ok." ]; then
    break
  fi

  echo "Login attempt $i/$retries failed. Retrying in $interval seconds..."

  sleep "$interval"
done

set -e

if [ "$response" != "Ok." ]; then
    echo "Unable to log in to qBittorrent."
    rm -f /tmp/cookies.txt

    exit 1
fi

wget --quiet --load-cookies=/tmp/cookies.txt \
     --post-data="json={\"listen_port\": $port, \"current_network_interface\":\"$VPN_INTERFACE\", ,\"random_port\":false,\"upnp\":false}" \
     "$QBIT_ADDRESS/api/v2/app/setPreferences" -O /dev/null

rm -f /tmp/cookies.txt

echo "qBittorrent port updated successfully to $port."

Research Opinion Article.

Within groups and societies, cognitive diversity bolsters creativity and problem-solving, say the researchers. However, cognitive diversity is shrinking worldwide as billions of people are using the same handful of AI chatbots for an increasing number of tasks, they add. When people use chatbots to help them polish their writing, for example, the writing ends up losing its stylistic individuality, and people feel less creative ownership over what they produce.

I have one and I have been enjoying it.

cross-posted from: https://lemmy.world/post/44340504

Our actions and voices do make a difference! Keep AI out of games and reward original creative work.

Hey,

Im using openwrt with banip to only allow certain countries to access my services. Im not familiair with banip and im having issues finding documentation about it so thats why i came here.

I need to allow a certain path to allow cert-manager to get me new certificates using http challanges. If im not mistaking i have to allow the path: .well-known/acme-challenge/*.

Is their an option to allow this from any country but block all other requests?

My current config is as following:

root@OpenWrt:~# uci show | grep ban
banip.global=banip
banip.global.ban_enabled='0'
banip.global.ban_debug='0'
banip.global.ban_autodetect='1'
banip.global.ban_allowlistonly='1'
banip.global.ban_fetchcmd='curl'
banip.global.ban_protov4='1'
banip.global.ban_ifv4='wan'
banip.global.ban_protov6='1'
banip.global.ban_ifv6='wan6'
banip.global.ban_dev='eth0'
banip.global.ban_fetchretry='5'
banip.global.ban_nicelimit='0'
banip.global.ban_filelimit='1024'
banip.global.ban_deduplicate='1'
banip.global.ban_nftpriority='-100'
banip.global.ban_icmplimit='25'
banip.global.ban_synlimit='10'
banip.global.ban_udplimit='100'
banip.global.ban_nftpolicy='memory'
banip.global.ban_nftretry='5'
banip.global.ban_blockpolicy='drop'
banip.global.ban_nftloglevel='warn'
banip.global.ban_logprerouting='0'
banip.global.ban_loginbound='1'
banip.global.ban_logoutbound='0'
banip.global.ban_loglimit='100'
banip.global.ban_autoallowlist='1'
banip.global.ban_autoallowuplink='subnet'
banip.global.ban_autoblocklist='1'
banip.global.ban_country='us'
banip.global.ban_logterm='Exit before auth from' 'luci: failed login' 'error: maximum authentication attempts exceeded' 'received a suspicious remote IP .*'
banip.global.ban_vlanallow='br-lan'
banip.global.ban_allowurl='https://www.ipdeny.com/ipblocks/data/aggregated/be-aggregated.zone' 'https://www.ipdeny.com/ipv6/ipaddresses/aggregated/be-aggregated.zone'
banip.global.ban_geoip='1'
banip.global.geoip_src='dbip'
banip.global.geoip_mode='allowlist'
banip.global.ban_feeds='country:US' 'country:US' 'geoip:US'
banip.global.ban_all='1'
banip.global.allow_country='US'
banip.global.ban_feedin='country'
banip.global.ban_feed='hagezi' 'tor' 'vpn'
wireless.radio0.band='2g'
wireless.radio1.band='5g'

Thanks for your time and have a great day!

It is as if you have walked into a branch of one of Vietnam’s banks. A row of customer service desks, divided by plastic screens, with landline phones, promotional leaflets and staff business cards. A seated waiting area and a private meeting room. All of it features the OCB bank’s logo, or its trademark green colour.

This is not a genuine bank branch, however. It’s one of various “mock up” rooms inside a sprawling compound on the Thai-Cambodian border, where criminal groups are accused of using elaborate and industrial-scale fraud schemes to trick victims into handing over money.

The scammers behind the compound targeted people not just in Vietnam, but across Asia, Australia and South America, according to documents and props discovered inside.

Within the six-floor building, in the Cambodian border town of O’Smach, there are rooms designed to look like offices for police forces from Australia, Singapore and China. There are even fake uniforms, badges and scripts to be read over the phone to victims.

I mostly lurk here, and I know we've had this discussion come up a number of times since Discord's age verification changes were announced, but I figured this video offers value for the walkthrough and comparative analysis. Like me, the video authors aren't seasoned self-hosters, and I've still got a lot to learn. Stoat and Fluxer both look appealing to me for my needs, but Stoat seemingly needs self-hosted servers to route through their master server (unless I'm missing something stupid) and I replicated the 404 for Fluxer's self-hosting documentation seen in the video, so it's looking like I'm leaning toward a Matrix server of some kind. Hopefully everyone looking for the Discord exit ramp is closer to finding it after this video.

Hey everyone,

I'm running into a frustrating issue and could use some guidance on how to pinpoint the faulty component.

My system completely locks up every few hours. It's not just a DE crash; the entire machine becomes unresponsive. The mouse and keyboard are completely dead (no cursor movement, Caps Lock key doesn't toggle). I've tried waiting 10-15 minutes to see if it recovers, but it never does.

REISUB does not work. Holding Alt + SysRq and pressing the keys in order does nothing. The only way out is a hard reset using the case button.

The last time this happened, I ended up buying components for a new computer and replaced them one by one until I found the faulty one. I'd rather try a more targeted approach this time. Though if it takes too much effort, I do have another computer I can fall back on.

Any advice on how to diagnose this efficiently? Logs to check, stress tests to run, or hardware to suspect first?

Thanks in advance!

Song is Giant Claw & Galen Tipton – Trauma John.

• Research— Meta Page;
• Poster;
• Video;
• PDF.

Using a single 3D deep learning model, researchers are able to detect three major causes of road accidents simultaneously; blood alcohol concentration, fatigue and expression, such as anger.

I want to watch a play through of RE9. I’ve played almost all the games in the series, but this one is kinda priced high and I want to give watching someone else play it a chance.

I’m looking for a streamer who isn’t very noisy and distracting. I hope they can be focused on the game and less on chat and stuff.

I’m hoping they take the time to look around and not just rush through everything.

Based on this, is there a streamer you recommend?

Hi, i'm looking for a VPN that:

• is easily deployable via a docker-compose
• has an Android App and it doesn't drain the battery too much
• hides as regular HTTPS traffic so it's not blockable by Firewalls. (I don't need strong censorship resistance; it just has to work in offices and hotel WiFis.)
• Bonus: A server like caddy can also accept HTTPS traffic for some regular websites next to the VPN server.

https://github.com/TrustTunnel/TrustTunnel sounds interesting, but the PR for docker compose was closed.

Do you know something else?