bear

joined 1 year ago
[–] bear@slrpnk.net 8 points 2 weeks ago (3 children)

Something you might want to look into is using mTLS, or client certificate authentication, on any external facing services that aren't intended for anybody but yourself or close friends/family. Basically, it means nobody can even connect to your server without having a certificate that was pre-generated by you. On the server end, you just create the certificate, and on the client end, you install it to the device and select it when asked.

The viability of this depends on what applications you use, as support for it must be implemented by its developers. For anything only accessed via web browser, it's perfect. All web browsers (except Firefox on mobile...) can handle mTLS certs. Lots of Android apps also support it. I use it for Nextcloud on Android (so Files, Tasks, Notes, Photos, RSS, and DAVx5 apps all work) and support works across the board there. It also works for Home Assistant and Gotify apps. It looks like Immich does indeed support it too. In my configuration, I only require it on external connections by having 443 on the router be forwarded to 444 on the server, so I can apply different settings easily without having to do any filtering.

As far as security and privacy goes, mTLS is virtually impenetrable so long as you protect the certificate and configure the proxy correctly, and similar in concept to using Wireguard. Nearly everything I publicly expose is protected via mTLS, with very rare exceptions like Navidrome due to lack of support in subsonic clients, and a couple other things that I actually want to be universally reachable.

[–] bear@slrpnk.net 2 points 2 weeks ago

I envy your life, as it feels like every year the browser assimilates and consumes more and more.

[–] bear@slrpnk.net 3 points 4 weeks ago* (last edited 4 weeks ago) (1 children)

You're greatly overestimating how many people that is; additionally, it was largely people that aren't very committed to FOSS that got mad. The project maintainers and most users are fine with it. People who are committed to FOSS ideals are overwhelmingly progressive to leftist. That's why those codes of conduct were added in the first place, and were largely uncontroversial amongst most actual contributors of those projects.

[–] bear@slrpnk.net 5 points 4 weeks ago (3 children)

Agree with the former, not the latter.

[–] bear@slrpnk.net 12 points 1 month ago* (last edited 1 month ago) (1 children)

Use lemmy.ml how you want to use it, and if you want to participate in other political leanings, go to a different instance. No one is really stopping you, and that's the whole idea of the fediverse. And there really isn't any value lost, because this isn't a "choose one and only one" situation. You've got all of the fediverse at your fingertips.

Until you make the mistake of replying with the wrong kind of comment to the wrong sub, and get banned from the entire instance and lose the ability to post on many of the largest subs on this side of the fediverse. Or maybe they just see you out and about and decide to ban you on sight because they don't like what you said. There's nothing stopping that.

Admin overreach and abuse is a major issue for the fediverse because it affects more than just the user in question. Admins of large instances get to decide who has access to the users and communities on their instances, and very often the users of the instance aren't even aware of the actions taken on their behalf. Mastodon recently implemented a notification for when blocks and defederation remove your follows or followers, and this is a great first step. Users deserve to know when they are impacted by decisions such as these.

I love the fediverse and want to see it thrive, so we need to stop putting our heads in the sand on this issue. It's always discussed as if it's an issue with a few problematic instances rather than the systemic issue in need of a solution that is is. Admins need the tools to protect their instances from real abuse, but we need to balance that with the right of the users to know what's going on and not be unfairly deprived of the social aspect of this social media experiment, especially without knowing.

[–] bear@slrpnk.net 3 points 3 months ago (1 children)

No that's true, open source is superior is proprietary

[–] bear@slrpnk.net 22 points 3 months ago (1 children)

"Let's remove the social element of our social movement"

Great so what's left at that point, the free value FOSS provides to corporations?

[–] bear@slrpnk.net 1 points 4 months ago* (last edited 4 months ago)

Criticizing people's past and current actions relating to the subject and bringing up their direct history relavent to the subject is not a personal attack, nor is it out of line to point out he does his to advance his political agenda within the project, which is why he got banned in the first place. All of this directly relates to the subject at hand.

You know what doesn't relate to the subject at hand? Your random little "sjw gender terrorists" comment. But it does make it rather clear why you want to obfuscate the facts about Srid's history with the project, subsequent ban, and continued amplification of drama and general shit-stirring ever since.

[–] bear@slrpnk.net 0 points 4 months ago

You made one reply to me whining that I attacked the person by pointing out his beliefs, and then made another reply to me about "gender terrorist SJWs". Do you just lack any form of self-awareness?

[–] bear@slrpnk.net 0 points 4 months ago (2 children)

I attacked his beliefs which is perfectly valid. You should critically examine the motives and biases of people who feed you information.

[–] bear@slrpnk.net 38 points 4 months ago (10 children)

You should know that the guy you cited in the second link, Srid, is a well-known right-wing shit-stirrer who is banned from basically all NixOS spaces because he cannot peacefully coexist. He literally gets up day after day with the seemingly sole purpose of fueling drama and causing problems. Don't take his opinion at face value, he wants to see the project burn down and this colors his interpretation of events.

NixOS is going through a rocky moment for sure, but there's no indication it will implode currently.

[–] bear@slrpnk.net 6 points 5 months ago

Incredibly funny story, incredibly awful website.

view more: next ›