Perhyte

No idea about the Lemmy hosting bit, but I highly doubt that .com you got will renew at $1 going forward. Judging by this list it’ll most likely be $9+ after the first year.

At $1/year, the registrar you used is taking a loss because they pay more than that to the registry for it. They might be fine with that for the first year to get you in the door, but they’d presumably prefer to be profitable in the long term.

Clearly he’s actually the BBEG lich in disguise. Time for a phylactery hunt! ;)

Have you also enabled Bot Fight Mode? (There’s a setting to “Block AI bots” that seems useful in your situation)

If you don’t mind using a gibberish .xyz domain, why not an 1.111B class? ([6-9 digits].xyz for $0.99/year)

Any chance you’ve defined the new networks as “internal”? (using docker network create --internal on the CLI or internal: true in your docker-compose.yaml).

Because the symptoms you’re describing (no connectivity to stuff outside the new network, including the wider Internet) sound exactly like you did, but didn’t realize what that option does…

It also means that ALL traffic incoming on a specific port of that VPS can only go to exactly ONE private wireguard peer. You could avoid both of these issues by having the reverse proxy on the VPS (which is why cloudflare works the way it does), but I prefer my https endpoint to be on my own trusted hardware.

For TLS-based protocols like HTTPS you can run a reverse proxy on the VPS that only looks at the SNI (server name indication) which does not require the private key to be present on the VPS. That way you can run all your HTTPS endpoints on the same port without issue even if the backend server depends on the host name.

This StackOverflow thread shows how to set that up for a few different reverse proxies.

Is this just placing them vertically, nothing else?

I currently use the Tree Style Tab extension and really like how it handles sub-tabs and allows collapsing the tree nodes. If I can’t have that this is probably not directly useful to me unless extensions can add that functionality.

I guess I’ll be watching how this evolves though.

If there happens to be some mental TLS handshake RCE that comes up, chances are they are all using the same underlying TLS library so all will be susceptible…

Among common reverse proxies, I know of at least two underlying TLS stacks being used:

• Nginx uses OpenSSL.
  • This is probably the one you thought everyone was using, as it’s essentially considered to be the “default” TLS stack.
• Caddy uses crypto/tls from the Go standard library (which has its own implementation, it’s not just a wrapper around OpenSSL).
  • This is in all likelihood also the case for Traefik (and any other Go-based reverse proxies), though I did not check.

This is probably the only type of rules violation that could be fixed by creating another account, so this was exactly my thought.

Then they probably wouldn’t say it was okay to make another alt though.

Have you considered putting alias htop=btop (or equivalent) in your shell profile?

And, interestingly, they lost $91 million last year. If the CEO had instead earned $100 million last year, the company have made a multi-million dollar profit (if only just). If it had been $10 million (still way overpaid for any single person, I’d argue), they’d be nearing the hundreds-of-millions-per-year profit scale.

I’ll never understand companies paying their CEOs hundreds of millions while they’re losing money hand over fist…

It’s nice in theory, but I’ve had very little luck using it for the last few days.

I wouldn’t be surprised if whatever instances it picks to send people to are soon afterwards rate limited because demand is too high relative to supply.

If this is something you run into often, it’s likely still only for a limited number of servers? ssh and scp both respect .ssh/config, and I suspect (but haven’t tested) that sftp does too. If you add something like this to that file:

Host host1 host2
  Port 8080

then SSH connections to hosts named in that first line will use port 8080 by default and you can leave off the -p/-P when contacting those hosts. You can add multiple such sections if you have other hosts that require different ports, of course.

Aurora is no longer maintained, but it still works just fine. It’s a Windows app, so not web-accessible or anything, but it’s free. It only contains the SRD content by default (probably for legal reasons), but there’s at least one publicly-accessible elements repository for it that you can find using your favorite search engine.

Assuming they went to signed 64-bit time, it should be about 3:28:32 pm UTC on Sunday, December 4, 292277026596. Yes, that last number is a year.

If they have the root access typically needed to reboot a server¹ they could also just wipe the logs without rebooting.

¹: GUIs typically have a way to reboot without such privileges, but those are typically not installed on machines just used as servers.

!distrohopping@lemmy.world - no posts yet though.

That domain currently hosts a “this domain may be for sale” page, but it’s been registered since 2005 so it’s definitely not because of this post.

I’m pretty sure they lost that at least 4 years earlier, assuming they ever had it in the first place.