That is actually a really interesting approach to moderation, huh.

Yeah but why would I make myself dependent on Cloudflare.

To be fair, you can simply selfhost MinIO.

And what is the advantage of that?

Also I am pretty sure I have at least some secrets in my shell history

Lol, exact same situation here.

Quick question, did the migration to continuwuity break calls for you as well?

This comment section is… something.

If you host the bridges yourself, it makes no difference to privacy.

It’s simply convenient to have all chats in one place 🤷🏼‍♀️

Grew up on it. My dad set up a Ubuntu 4.10 PC for my brother and I when we were 3/5 (no internet, obv), and it stuck.

Used Windows for a brief time in highschool to be able to play online with friends.

Went right back to Linux when going to university. Will never change back, both for ideological reasons and because Linux is just better.

Next step: NixOS on a phone

A substantial amount of open source devs will probably just give up working on their projects if they can no longer be installed by most users.

That will also affect Graphene users.

Graphene will also only work until Google one day says “You know what… No!” and stops allowing it on their (new) hardware. I don’t think that’s far in the future.

Lmao I kept thinking you forgot to put quotes and was waiting for the inevitable “…this is what too many idiots think, even though it is obvious bullshit”, and yet it just…never came. Amazing. This might be the single most stupid comment I’ve ever read, and I’ve been on the internet for a while.

You will simply not be able to install anything, unless the FOSS dev is cool with providing their ID to Google, and agrees to its ToS, and Google likes the app and signs it.

Which many devs (myself included) will definitely NOT be.

My ISP blocks incoming data to common ports unless you get a business account.

Oof, sorry, that sucks. I think you could still go the route I described though: For your domain example.com and example service myservice, listen on port :12345 and drop everything that isn’t requesting myservice.example.com:12345. Then forward the matching requests to your service’s actual port, e.g. 23456, which is closed to the internet.

Edit: and just to clarify, for service otherservice, you do not need to open a second port; stick with the one, but in addition to myservice.example.com:12345, also accept requests for otherservice.example.com:12345, but proxy that to the (again, closed-to-the-internet) port :34567.

The advantage here is that bots cannot guess from your ports what software you are running, and since caddy (or any of the mature reverse proxies) can be expected to be reasonably secure, I would not worry about bots being able to exploit the reverse proxy’s port. Bots also no longer have a direct line of communication to your services. In short, the routine of “let’s scan ports; ah, port x is open indicating use of service y; try automated exploit z” gets prevented.

I am scratching my head here: why open up ports at all? It it just to avoid having to pay for a domain? The usual way to go about this is to only proxy 443 traffic to the intended host/vm/port based on the (sub) domain, and just drop everything else, including requests on 443 that do not match your subdomains.

Granted, there are some services actually requiring open ports, but the majority don’t (and you mention a webserver, where we’re definitely back to: why open anything beyond 443?).