

Lemmy is t-i-m-eless.
Just a techie guy running feddit.online to allow people to communicate, make friends and acquaintances. Odd coming from a happy introvert, right? (https://jerry.hear-me.blog/about)
I also own these publicly available applications:
Mastodon: https://hear-me.social/
Alternative Mastodon UI: https://phanpy.hear-me.social/
Peertube: https://my-sunshine.video/
Friendica: https://my-place.social/
Matrix: https://element.secure-channel.net/
XMPP/Jabber: https://between-us.online/
Bluesky PDS: https://blue-ocean.social/ (jerry.blue-ocean.social)
Mobilizon (Facebook Events Alt): https://my-group.events/
and more…


Lemmy is t-i-m-eless.


This is supposed to be a gifted article and so no paywall.


So many companies claim “collaboration” is a prime reason for Return To Office and yet these same companies gladly use offshore teams for development work if they believe they can save money, proving that collaboration as a goal is a lie. A short overlap in time, if any, between onshore and offshore teams proves the claim is gaslighting.


If you’re able to connect to other websites, then I doubt it’s you.


Both the client and the server machines must have reasonably accurate system clocks for an SSL/TLS handshake to succeed. Either your machine or their machine probably needs a time adjustment.


If successfully attacked and the hacker has elevated rights on your Pi, they are now in your local network and can potentially cause all sorts of grief in the router and on other connected devices. Or it can become part of a DDoS device farm.


Things like this that play games scare me. This itself opens a wider attack vector on your server. I’m thinking of possibilities:
In Linux, each TCP connection is a file descriptor. PortTripper holds connections to waste scanner threads, which means it’s holding file descriptors. This could be a good DDOS attack vector. Hit every port with connection requests, requiring a slew of file descriptor creations, and boom, you cause the server to hit the server ulimit cap. New connections cannot be made. The server is half dead.
Memory and CPU consumption. Maintaining thousands of open TCP states takes RAM and CPU. A massive flood can consume all memory. And for what? To annoy a hacker?
Interestingly enough, just these 2 things can make PortTripper a hacker’s tool.
If a service crashes or reboots, is down for maintenance, or is slow to come up, PortTripper might grab the port before the application comes back up. And then it can’t come back up.
Who’s to say there won’t be vulnerabilities in PortTripper that can cause a buffer overflow, memory leak, or parsing vulnerability in PortTripper’s code or a library it uses? Playing this game opens another attack vector into your server.
If PortTripper can bind to ports 1 through 1023, then it’s running as root or has elevated capabilities. If an attacker exploits a bug in PortTripper or a library it uses, they can get high-level control of the server.
While PortTripper “discards datagrams without replying” in a reflected DDOS attack, millions of discarded packets come in, which means millions of CPU interrupts at the kernel level. This can choke the NIC.
I think PortTripper is too risky to run just to become a nuisance to someone, IMHO.


feddit.online has always been de-federated from maga.place, since the beginning.


Welcome to Microsoft’s co-pilot dream.


According to the Google Play Store, there are 467 reviews (4.8 stars) but “0+” downloads. Like everything else about the White House, it doesn’t add up.
And maybe most people know to keep it off their phones.



You are asking a reasonable question that many ask.
Each account will be a unique and separate account on each instance. Instances do not share accounts.
Although you can, on some applications, authenticate with a federated account, like Google or even a Mastodon account, you still will have an entirely different account on the server.


Wine requires Linux knowledge to get the configurations correct. I don’t think many Windows users will be able to get any Windows applications running under Wine. And it’s the same Wine that any Linux user can install for free.
If Zorin came packaged with Crossover, then maybe it would run Windows apps better because Crossover would manage the Wine configurations and the required Windows infrastructure installs.
Maybe.
But not many old machines will have the capacity to run Linux, Wine, and a Windows application. But Zorin’s hype leads one to believe that a 15-year-old machine won’t struggle.


I tried it about a month ago and found it had nothing more than what you get with an Ubuntu install, save for the look of the screen. I couldn’t understand why the media was making a big deal about it. And I saw no reason why anyone should pay for Pro. My conclusions matched what is in the article.


Another reason to use a VPN


This is definitely the best protection. If the provider drops you, you move your domain to another provider. But, as far as I know, while almost all email providers will host your personal domain, none that I know of will do it on the free plans. But your email is your identity. You should be willing to pay for it, especially if you host it on a provider that otherwise won’t make any money on you.
There are a couple of downsides. If you forget, or are unable, to renew your domain, you lose it and your emails. Make sure another family member or friend can pay the renewal for you if, for some reason, you cannot.
While your own domain makes it far less likely that your email will be canceled (because you can move it), abuse of your domain can result in your losing your domain name and your email, especially before it has earned a reputation.
Which brings up another IMPORTANT point. If you use your own domain name, then you must set up your DNS records to protect your domain from spoofers and spammers so it doesn’t get blacklisted or, worse, doesn’t cause cancellation of your domain name. Scammers and spammers WILL try to send email using your domain name. You need to tell email clients to toss these rogue emails and give them the means to determine spoofing and unauthorized use. Read this: https://www.valimail.com/blog/dmarc-dkim-spf-explained/
Also, be aware that SpamAssassin considers .com, .net, and .org TLDs to be far safer than .world, .online, .blog, and most others. Using one of these newer TLDs results in a higher spam score, and your email is more likely to end up in the spam folder if it reaches the magic score of 5. A new age TLD can add as much as 1 point to the spam calculation depending on the email provider receiving your email.
So your own domain name is safer but costs money and requires more work.


https://hear-me.social/ is one possibility. It has the added benefit of a 12,000-character posting size as well, especially nice if the 500-character limit at .social was frustrating.


They did eat them. That was part of the cycle.
I deleted what I wrote before. If it federated, ignore it.
Your browser is trying to find startpage.com on your local machine instead of the Internet.
While on the VPN, open a command window and ping startpage.com. Does it return localhost or the real IP address? If it returns the real IP address, then the problem is related to the browser. Try another browser to see if it’s Vivaldi-related.
If it returns localhost then maybe it’s a setting in protonVPN?
This is strange. Just try to find clues.
There are two answers to this depending on what the reason is for asking.
If you are asking because you are concerned about scrapers reading your posts and violating your privacy and your rights, then understand that even if an instance is 100% effective at blocking them, the post is sent all over the place in clear text anyway. It doesn’t matter for them which of the federated servers your post is read from. They will read your post many times over. For this case, then, there is little incentive for a server owner to block bots if it’s just to protect your posts from ingestion.
If you are asking because you are concerned about scrapers sucking the life out of a server because there are multiple different AI companies trying to read every single post in the database multiple times over for training, which ends up causing gateway timeout errors and poor performance, then admins, for this reason, should take action.
On my PieFed server, feddit.online, as of yesterday, the firewall discarded 99K requests it deemed were for AI scraping while processing the remaining 300K requests. Those 99K requests would have been expensive requests, not just upvotes and such, but requests asking for huge amounts of text, and so the impact on the server and infrastructure would have been much more than a 25% tax on the system.
And if the bots realize your server is not well protected, it gets worse. 3 months ago I peaked at 1.2 million requests in one day, of which over 700K were AI bots. Now it’s down to consistently under 100K from bots because many of them have given up, I like to believe.