If you don’t want to be monogamous, don’t, just be polyamorous and date other polyamorous people. It’s a really bad excuse for cheating when there’s plenty of relationship arrangements where this isn’t a problem. There’s no need to deceive unwilling people and cheat on them when you can find partners who think the same as you and you don’t need to cheat on in the first place. You’re still dealing with other people with feelings on the end.

I’d have to really go out of my way to cheat on my wife when the only rule is to have safe sex (or be safe in general).

I think P2P has stood the test of time. Torrents scale extremely well, any large scale video would have so many peers the server wouldn’t have to participate at all. These days most torrents easily saturate my gigabit connection no problem with just a handful of peers. Torrents tends to spread like wildfire.

The main issue would be storage space, but I think a lot of YouTubers would be perfectly okay with spending $5-10 a month to pay for the storage costs with all the benefits you get from not being tied to YouTube’s ToS and policies. It’s a drop in the bucket compared to the earnings from sponsor spots.

I feel about the same. I don’t particularly care about it, but it’s nice to know how many I helped. It was intentionally removed, I believe so it doesn’t incentivise karma farms. If karma exists it will be used and there will be reasons to farm it.

Nothing a quick Postgres query can’t fix though :p

Another reason to use ~/.local is you can do things like

./configure --prefix=$HOME/.local
make -j$(ncpu)
make install

And then you get your .local/bin, .local/share, .local/include, .local/lib and such, just like /usr but scoped to your user.

and it should mostly just work as well.

Just being able to use moderation tools as an admin would be pretty nice. Whenever I encounter spam I have to report it to myself and then switch to Tesseract to view and action the reports.

A toggle in the sidebar or something to force enable mod mode for admins?

I keep hearing claims that it’s not secure enough to be exposed on the Internet, but I can’t seem to find anything about unauthenticated vulnerabilities. It’s got a fair amount of CVEs but they all seem to affect when you’re an already authenticated user, mainly to XSS an admin as a regular user or the likes.

It’s written in C#, and publicly all you can do is pretty much attempt to log in, this feels like it should be pretty sane compared to some other PHP crap I run.

Do you have any examples of previous exploits or anything else to be concerned about?

The language itself has gotten a bit better. It’s not amazing but it’s decent for a scripting language, and very fast compared to most scripting languages. TypeScript can also really help a lot there, it’s pretty good.

It’s mostly the web APIs and the ecosystem that’s kinda meh, mostly due to its history.

But what you dislike has nothing to do with JavaScript but just big corpo having way too many developers iterating way too fast and creating a bloated mess of a project with a million third-party dependencies from npm. I’m not even making this up, I’ve legit seen a 10MB unit test file make it into the production bundle in a real product I consulted on.

You don’t have to use React or Svelte or any of the modern bloated stuff nor any of the common libraries. You can write plain HTML and CSS and a sprinkle of JavaScript and get really good results. It’s just seen as “bad practice” because it doesn’t “webscale”, but if you’re a single developer it’s perfectly adequate. And the reality is short of WebAssembly, you’re stuck with JS anyway, and WASM is its own can of worms.

And even then, React isn’t that bad. There’s just one hell of a lot of very poorly written React apps, in big part because it will let you get away with it. It’s full of footguns loaded with blanks, but it’s really not aweful if you understand how it works under the hood and write good code. Some people are just lazy and import something and you literally load the same data in 5 different spots, twice if you have strict mode enabled. I’ve written apps that load instantly and respond instantly even on a low end phone, because I took the time to test it, identify the bottlenecks and optimize them all. JavaScript can be stupid fast if you design your app well. If you’re into the suckless philosophy, you can definitely make a suckless webapp.

What you hate is true for most commercial software written in just about any language, be it C, C++, Java, C#. Bugs and faster response times don’t generate revenue, new features and special one-off event features generate much much more revenue, so minor bugs are never addressed for the most part. And of course all those features end up effectively being the 90% bloat you never use but still have to load as part of the app.

It’s literally been working just fine for like a decade? Even for NVIDIA users that’s kind of a stretch.

Maybe if you share more details about your issues and your setup we can help fix it.

At least they’re transparent about it, unlike american companies that hide behind convoluted terms of services and then sell the data behind your back but it’s technically legal.

China’s like “yeah we collect everything”. I can appreciate the honesty.

Paste the URL in the search bar, it’ll fetch it locally on your instance and get you there. No need for link guesswork to find it on a particular instance.

There’s nothing left of AlienBlue with their redesign, it’s basically a glorified web wrapper like many other apps at this point.

They’re just apps not made by Reddit, but made by Reddit users, some of which were paid. And many which were significantly better and more reliable than Reddit’s.

A quick example on Lemmy just with the web, these are all lemmy.world but different UIs:

• https://a.lemmy.world/ - Alexandrite UI
• https://photon.lemmy.world/ - Photon UI
• https://m.lemmy.world/ - Voyager mobile UI
• https://old.lemmy.world/ - A familiar UI

And that one too: https://tesseract.dubvee.org/

And that’s just the web browser ones, there’s a bunch for iOS and Android too. Reddit had even more.

A good app that matches your style of scrolling really makes a difference.

Latest (0.19.8). 0.18 is very old, over a year old, later versions dealt with a lot of scaling/performance problems.

That sounds very typical of YunoHost to have wildly outdated software

1. It seems to make a LOT of calls to other servers. Its almost constantly pinging other servers asking for updates.

The fediverse works the other way around: other instances push activities to yours. If you have a lot of subcriptions to large communities like !technology@lemmy.world it will indeed receive a lot of activities.

2. It gets de-federated almost instantly from popular instances. Which kinda sucks.

Mine’s not been defederated from anywhere, not even Beehaw

3. It uses up quite a bit of CPU compared to other federated applications.

It definitely uses a fair bit of CPU but it is ingesting a fair amount of data, but still not a ton either:

Although I do hear PieFed is a lot lighter.

4. Subscribing to instances seems to work most of the time, but sometimes it just errors out and I have to re-do it.

That settled for me after a week or so of running mine. My subscriptions always go through.

There’s definitely security advantages to running things across multiple instances: if one gets hacked, the others are unaffected.

The networking should be pretty simple for what you’re doing. A few things just change to like 127.0.0.1 to something like 172.31.X.X or whatever IPs your VPC ends up using.

It looks like you’re doing very well, I’ve seen big companies with less security than that.

Misconfigured CORS is no worse than someone using curl, or postman, or any other tool of that kind. What could compromise your server is the backend side of things, the frontend is just a limited HTTP client in the end. The real risk is those making direct requests to your server. CORS is just an ask for browsers specifically to stop cross domain communication, it protects the users not you.

You can help that a lot by using containers like Docker or Podman, but you should also make sure your backend is secure. But the most risk really even then would usually be, break into your database via SQL injection or something like that, still not breaking into the whole instance.

If anything, making sure to use SSH keys, disable root login and general server best practices is way more important than your app. You’re more likely that your server itself will be attacked than the backend. Security comes in layers.

But realistically you’ll be fine, and if you do end up hacked, it’s a learning experience.

I use systemd-boot so it was pretty easy, and it should be similar in GRUB:

title My boot entry that starts the VM
linux /vmlinuz-linux-zen
initrd /amd-ucode.img
initrd /initramfs-linux-zen.img
options quiet splash root=ZSystem/linux/archlinux rw pcie_aspm=off iommu=on systemd.unit=qemu-vms.target

What you want is that part: systemd.unit=qemu-vms.target which tells systemd which target to boot to. I launch my VMs with scripts so I have the qemu-vms.target and it depends on the VMs I want to autostart. A target is a set of services to run for a desired system state, the default usually being graphical or multi-user, but really it can be anything, and use whatever set of services you want: start network, don’t start network, mount drives, don’t mount drives, entirely up to you.

https://man.archlinux.org/man/systemd.target.5.en

You can also see if there’s a predefined rescue target that fits your need and just goes to a local console: https://man.archlinux.org/man/systemd.special.7.en

How’s the disk encrypted? I’ve never heard of anyone setting up an encrypted drive such that you can’t manually mount it with the password. It’s possible but you’d have to go out of your way to do that and only encrypt the drive with a TPM-managed key. It’s kind of a bad idea because if you lock yourself out your data’s gone.

I just have a boot entry that doesn’t do the passthrough, doesn’t bind to vfio-pci and doesn’t start the VMs on boot so I can inspect and troubleshoot.

If you look at it from a different angle and ask: who might be interested by a user being reported, given that each instance operate independently? The answer is all of them.

• The instance you’re on could be interested because it might violate the local instance’s rules, and the admin might want to delete it even if from just that instance.
• The instance hosting the community, because regardless of the other two instances they might not want that there.
• The instance of the user being reported, because it’s their user and if they’re causing trouble they might want to ban the account.

The rest comes naturally: obviously if the account is banned at the source it’s effectively banned globally. If it’s banned on the community’s instance, then you won’t see that user there but might on other instances. And your instance can ban the user, in which case they’re freely posting on other instances but you won’t see it from your perspective.