I want to second Pelican for Python. Really easy to set up and get going. No need to learn a complicated templating language (it’s jinja2, which is what everything uses).

yeah, but it’ll be hard to make those Y Combinator vultures rich at that price

No, I don’t think so.

Tinc has weird limitations and Wireguard completely obsoletes it. There’s zero reasons to ever consider using Tinc when Wireguard exists.

How are the alternatives any better? Download a DEB that executes arbitrary code, signed with some .asc that’s sitting in the same webserver? Download an EXE?

Your comment is so rambley that I can’t understand whether you’re criticizing the distribution method or the packaging. Both of those are very different in terms of attack surface, if you’re talking about supply chain attacks.

I haven’t tried it personally, but Mox looks like a nice modern mailserver. It might do what you want.

Every time I look at this, the value proposition makes no sense to me. The DIY V1 and V2 only have instructions for adding a single HDMI input port (??), and the V3 and V4 are like $350 CAD, which is way more expensive than buying a used KVM on eBay. What am I missing?

I have no experience with portainer, but some apps have an option to disable new user registration, and that’s what I would recommend first. (I do use Keycloak myself too)

I don’t see anyone else actually telling you how to figure out if you’re being DoSed, so I’ll start:

Check your logs. Look at what process is eating your CPU in htop and then look at the logs for that process. If it’s a web application, that means the error and access logs for it. If you see a flood of requests to a single URL, or some other suspicious pattern in the log, then you can try blocking the IPs associated with them temporarily and see if it alleviates the load. Repeat until the load goes down.

If your application uses a database, check your database logs too. IIRC postgres logs queries that take longer than 5 seconds by default, which can make it easy to spot a slow query especially during a time of high load.

I don’t think DNS amplification attacks over UDP are likely to be a problem as I think most cloud providers filter traffic with forged src addresses (correct me if I’m wrong). You can also try blocking all inbound UDP traffic if you suspect a UDP flood but this will likely break DNS lookups for you temporarily. (your machine should not have any open UDP ports in any case though if you’re just running Lemmy).

If you want to go next level, you can use “perf” to generate a system-wide profile and flamegraph which will show you where you’re burning CPU cycles. This can be extremely useful for troubleshooting performance or optimizing applications. (you’ll find that even ipfilters takes CPU power, which is why most DDoS protection happens on dedicated hardware upstream)

I’m not OP but Keycloak is pretty usable for SSO. I’ve configured about 8 different web apps to be integrated with it via OAuth2.

They always say the same opinions because it’s part of a massive astroturfing campaign by Chinese and Russian state actors. They’re both attempting to sow discord in the West and lay the foundation to ramp it up to interfere in the 2024 US election.

Do you remember what a shit show Reddit became in 2016? We’ve seen this exact pattern before, where a deluge of people with the same carefully calibrated opinions on everything appear out of the blue. They want to create the illusion that there’s some popular movement towards all these inane opinions, and you can even see from the comments on this thread. They’re using the same known troll tactics to push this (eg. “Just asking questions”).

This a good test of Lemmy’s moderation and federation model and will be indicative of how it fairs next year when these campaigns really ramp up. Good on the admins for taking this seriously and nipping it in the bud.

Or you know, you could just listen to someone who was in an internment camp:

https://www.theguardian.com/world/2020/sep/04/muslim-minority-teacher-50-tells-of-forced-sterilisation-in-xinjiang-china

(Also your summary sounds like ChatGPT)