If you talk to people about homelessness, they will readily admit they just don’t want to see it. If go to any cheaper grocery store you definitely are rubbing shoulders with people who use foodbanks. Food insecurity doesn’t go away just because you have a roof over your head.

The rub is a foodbank in a grocery store will attract the more visible “unreliable access to showers” type of user, which would be unacceptable.

Honestly, I’d be more curious what topics where the media does nail the nuances of. Are there any at all?

If he’s someone that’s normally good at being funny - that is good at finding humorous observations and wording things that get people to laugh - then I’d say he’s messing with you.

I would mess with him right back by acting like I’m very seriously trying to understanding the joke and ask increasingly dumb questions until he realizes that yes, I knew exactly what he was doing. Or a knowing smirk if that’s too much.

(Yes this comment is very revealing about my childhood)

This might not be what your friend is going for, but I smirked slightly and this is how I interpret it:

I particularly like jokes that take something absurd and launder it through the structure of things that do make sense. Everything in your friend’s joke is factually true. It’s structured as a logically consistent argument.

And yet it is completely nonsensical. No one has ever thought that windows make something move. It invoked a slightly confused response in me, which is why I found it funny.

It’s not a great joke, but I might tell it to feel out someone’s sense of humor plus whether they pick up on that I’m doing so. I think the analogy to Windows makes it a weaker joke, but I would give that as an explanation just to mess with someone a little.

It’s easy* to setup Hashicorp Vault with your own CA and do automated cert generation and rotation, if you are willing to integrate everything into Vault and install your root CA everywhere. (*not really harder than any other Vault setup, but yaknow). I may go down this route eventually since I don’t think a device I don’t control has ever accessed anything I selfhost, or ever will.

I have a wildcard subdomain pointing to my public IP, and forward port 80 to an LXC container with certbot. Port 80 appears closed outside the brief window when certbot is renewing certs. Inside my network I have my PiHole configured to return the local IP for each service.

Nothing exposed to the internet at all. There is a record of my hostnames on Let’s Encrypt but not concerned if someone will, say, deduce apollo-idrac is the iDRAC service for a Dell rackmount server called apollo and the other Greek/Roman gods are VMs on it. Seemed like a house of cards that would never work reliably, but three odd years later I only have issues if a DNS resolver insists on bypassing my PiHole. And that DNS resolver is SystemD-ResolveD which should crawl back into whatever hellhole it came out of.

They could hijack your site at any time, but with a copy of your live private certs they (or more likely whatever third party that will invariably breach your domain provider) can decrypt your otherwise secure traffic.

I don’t think there’s significant real tangible risk since who cares about your private selfhosted services and I’d be more worried about the domain being hijacked, and really any sort of network breach is probably interested in finding delicious credit card numbers and passwords and crypto private keys to munch on. If someone got into my network, spying on my Jellyfin streaming isn’t what I’m going to be worried about.

But it is why CSRs are used.

I’ve found the idea of LXC containers to be better than they are in practice. I’ve migrated all of my servers to Proxmox and have been trying to move various services from VMs to LXC containers and it’s been such a hassle. You should be able to directly forward disk block devices, but just could not get them to mount for an MinIO array - ended up just setting their entire contents to 100000:100000 and mounting them on the host and forwarding the mount point instead. Never managed to CAP_IPC_LOCK to work correctly for a HashiCorp Vault install. Docker in LXC has some serious pain points and feels very fragile.

It’s damning that every time I have a problem with LXC the first search result will be a Proxmox forum topic with a Proxmox employee replying to the effect of “we recommend VMs over LXC for this use case” - Proxmox doesn’t seem to recommend LXC for anything. Proxmox + LXC is definitely better than CentOS + Podman, but my heart longs for the sheer competence of FreeBSD Jails.

Do you have any trouble with cooling or anything with them? Got like a billion unused PCIe lanes in my Dell R730 and can think of a few things that might benefit from a big NVMe ZFS pool.

Likely an attempt to claim there’s fewer calories per slice, even though people will just cut it in quarters instead of fifths.

@TrenchcoatFullofBats I think this is the winning answer. Looks like it’s about a 1060 6GB, which should be enough horsepower for several desktop VMs, and keeps open my full profile slots should I ever want to install something even more powerful in the future. vGPU support is also nice so I don’t have to juggle which VM gets which GPU.

A little while ago, I read an argument that Traverse City, MI will be the next Portland. I think that’s right. There’s a lot of outdooring within a day drive, and it’s pretty affordable.

Your main downsides are summer wildfire smoke will presumably be a regular thing going forward, and winters are cold with lots of snow thanks to lake effect. Michigan politics are interesting, and Traverse City is in a historically red part of the state - but I think that’s changing.

500k will definitely get you a good house unless you want something extremely new or right downtown. That particular listing is also one block away from one of my favorite breweries of all time.

Only issue I had with a similar setup is turns out the old HP desktop I bought didn’t support VT-d on the chipset, only on the CPU. Had do some crazy hacks to get it to forward a 10gbe NIC plugged into the x16 slot.

Then I discovered the NIC I had was just old enough (ConnectX-3) that getting it to properly forward was finicky, so I had to buy a much more expensive ConnectX-4. My next task is to see if I can give it a virtual NIC, have OPNsense only listen to web requests on that interface, and use the host’s Nginx reverse proxy container for SSL.

If you live by a major university, they likely have property disposition where you can pick up slightly older equipment, sometimes for super cheap.

Absolutely, and you can generalize that to any sort of requirements are worthless if they don’t have as much teeth as the power they are trying to check.

Embrace, extend, and extinguish (EEE) - We don’t think they can. If anyone can explain how they technically would, please let us know. Even if Meta forks Lemmy and gets rid of the original software, Lemmy will survive.

It doesn’t start out with maliciousness. The rank and file technical staff at Facebook aren’t evil. Facebook understands the value of top tier tech talent and top dollar buys you smart people.

The initial federation is rough, but the problems are resolved surprisingly quick. None of the doom and gloom comes to pass, and Facebook consistently acts as a trustworthy actor. Their employees aren’t really different than their open source counterparts. They make good faith contributions to open source codebases. Their collective experience with distributed systems proves useful in solving growing pains as the Federation grows.

They eventually start to make proposals to ActivityPub. There’s outrage but no one can come up with good technical objections, so they are approved. The doom and gloom didn’t come to pass, and looks like it never will.

Facebook doesn’t need malicious intent for what’s going down. It slowly, maybe quickly, becomes the dominate actor in the space. Facebook is pouring money into making Threads the best it can be, and what’s wrong with them trying to build an audience?

Thread’s improvements set an increasingly high standard for what people expect. More uptime, cleaner UI, more responsive API calls, more personalized frontpage algorithms, higher resolution videos - more and more features. More and more cost. Even people who kneejerk reject Facebook recognize how much better their site is. There are still important reasons to go with Lemmy or Kbin over Threads, but FOSS projects have never been good at making their case in ways random-not-technical people can understand, let alone why they should care about them.

After a while, Facebook starts walling people into their platform. Starts with little things like how Reddit added video and picture hosting to replace Imgur et al. It’s not malicious, but rather from TPMs who are under pressure to increase engagement. After a while what else is there? Just don’t turn the heat up too many degrees at once.

It’s wrong to think of Facebook as a uniquely bad actor. This isn’t 90s/2000s Microsoft with blatantly transparent EEE aims. There have always been bad actors. There will always be bad actors. There are bad actors with us right now.

Facebook needs to make money, and they won’t do so by directly charging users. There’s only one path forward for Facebook in this, and it will come at the expense of its users and everyone else in the Fediverse.

Build something useful, then put up walls around it, and then exploit it for profit; the internet’s monomyth. You don’t have to read the writing on the wall, but it is there. Federating with Threads is signing your own death warrant.

If the Fediverse experiment is going to survive, it needs to be able to withstand these bad actors. One of the ways it can do so is to recognize and reject them. Facebook has so many resources and so much power and we don’t have to run the experiment to know where this will go. It is important to explicitly say “your goals do not align with what we are trying to build, and therefore we will not voluntarily interact with you.”

Supervisor cats would also like to remind you to replace the flapper if you don’t know how old it is.