The person isn’t talking about automating being difficult for a hosted website. They’re talking about a third party system that doesn’t give you an easy way to automate, just a web gui for uploading a cert. For example, our WAP interface or our on-premise ERP don’t offer a way to automate. Sure, we could probably create code to automate it and run the risk it breaks after a vendor update. It’s easier to pay for a 12 month cert and do it manually.

Thanks. Very interesting. I’m not sure I see such a stark contrast pre/post 9-11. However, the idea that the US public’s approach to the post-9-11 conflict would have an influence makes sense and isn’t something I’d ever have considered on my own.

Me too, but I’d put Usenet in there before Slashdot.

As a guy responsible for a 1,000 employee O365 tenant, I’ve been watching this with concern.

I don’t think I’m a target of state actors. I also don’t have any E5 licenses.

I’m disturbed at the opaqueness of MS’ response. From what they have explained, it sounds like the bad actors could self-sign a valid token to access cloud resources. That’s obviously a huge concern. It also sounds like the bad actors only accessed Exchange Online resources. My understanding is they could have done more, if they had a valid token. I feel like the fact that they didn’t means something’s not yet public.

I’m very disturbed by the fact that it sounds like I’d have no way to know this sort of breach was even occurring.

Compared to decades ago, I have a generally positive view of MS and security. It bothers me that this breach was a month in before the US government notified MS of it. It also bothers me that MS hasn’t been terribly forthcoming about what happened. Likely, there’s no need to mention I’m bothered that I’m so deep into the O365 environment that I can’t pull out.

Perfect! Thanks.

My concern is less the VM hosting the docker instance getting compromised but that Lemmy has an exploit and the Lemmy instance getting compromised. I’m quite certain that Lemmy is getting a closer look by the bad guys. You’ve had hundreds of instances spun up in a week, most that have done nothing more than follow an online example of how to spin up a Lemmy instance.

And, I was under the impression that the container and thus the logs were cleared when restarting or redeploying docker. If I’m wrong, I’m horribly embarrassed and will point at that “old school” in the title. I’ll also be doing some testing.

Kids these days with their containers and their pipelines and their devops. Back in my day…

Don’t get me started about the internal devs at work. You’ve already got me triggered.

And, I can just imagine the posts they’re making about how the internal IT slows them down and causes issues with the development cycle.

Nice. I’ll definitely check it out.

I’m intrigued by the phrase “crowdsec security engine on the docker”. Yes, I can Google, but I’d appreciate a bit of comment on what that is and how involved the setup is.

Agreed on all counts. Of course none of that exists on the on the Lemmy docker instance.

It doesn’t stop you from being hacked, but if you are hacked, it helps you to understand how so you can defend against it. So, I agree it doesn’t improve security for your instance, but it can improve security for your future instances.

Yep. I’ve hosted my own mail server since the early oughts. One additional hurdle I’d add to you list is rDNS. If you can’t get that set up, you’ll have a hard time reaching many mail servers. Besides port blocking, that’s one of the many reason it’s a non-starter on consumer ISP.

I actually started on a static ISDN line when rDNS wasn’t an issue for running a mail server. Moved to business class dsl, and Ameritech actually delegated rDNS to me for my /29. When I moved to Comcast business, they wouldn’t delegate the rDNS for the IPv4. They did create rDNS entries for me, and they did delegate the rDNS for the IPv6 block. Though the way they deal with the /56 IPv6 block means only the first /64 is useable for rDNS.

But, everything you list has been things I’ve needed to deal with over the years.

Yeah, my hope is the small learning curve to join the fediverse means we don’t end up with the bulk of the active posters on reddit.

My fear is that Lemmy is about to see some attacks the fediverse isn’t ready to defend against.

It’s ironic that the link on the GitHub to point out the owner of bash-hackers.org goes to a Reddit post that is currently unavailable, presumably because of a subreddit shutdown.

Yeah, Usenet is what my brain mapped Lemmy to. You get your feed and post through your server. You read posts from others on other servers. Each local server decides what feeds it will carry.

Of course, there’s no central hierarchy for the communities like Usenet had.

Great to hear!

That’s my guess too if Lemmy takes off. I’d imagine some will be obvious enough that everyone defedrates from that server, stranding the legit users. I’m not sophisticated enough to know how to defend against this, but I’m intrigued by the concept.

But again, that’s if you are viewing the community via the server you are subscribed to. For me, that would be https://sh.itjust.works/c/apple@lemmy.ml for the community and https://sh.itjust.works/post/8299 for the direct link. I just see 5 posts, which is less than either the original or the server OP is on.

My language settings shouldn’t matter when viewing servers I’m not logged in with. I do have both English and Undefined checked and only see 5 posts on that thread in sh.itjust.works.

The person you are replying to deleted the comment. That said, as I understand it, comments are federated once someone on a server subscribes. So, not all comments will be federated. However, stuff listed in the comments here would seem to break my understanding of how federation works. I’m very curious to hear the answers.

No problem. You’ve probably been here longer than me. We’re all trying to figure this out. The question reveals issues I wasn’t aware of. You actually mentioned something that would be relevant in some situations that taught me something. I was just pointing out that I didn’t think your suggestion applied here.

All of us Reddit refugees are trying to figure out the nuances. I appreciate your comment because it taught me something new.