I ran a YaCy instance for a while like a decade ago. It does federate index requests, and when you search it propagates the search request across a bunch of nodes. When my node came online it almost immediately started crawling stuff and it did get a bunch of search queries. But the network was still pretty small back then and the search results were… not great. That’s the price of independence from Google’s and Microsoft’s giant server farms, it’s hard to compete with that size.

But at the rate Google and Bing are enshittifying, I think it’s worth revisiting.

Using ActivityPub for this would be immensely wasteful. It’s just not feasable that all instances would have the whole index because it’s so large. Back when I tried it, the network still had several TBs worth of indexed pages. This is firmly in the realm of distributed P2P systems. One could have an ActivityPub plugin however to receive updates from social media near instantly and index those immediately with less overhead. But you still want to index wikipedia, forums, blogs, whatever the crawlers can find.

It depends on what you use on the Python side. Classically that would have been uWSGI or one of the *SGI interfaces, and lately ASGI.

Sure, one can totally make Python apps that serve HTTP directly. The same can be done with PHP (and Ruby and others) as well, but most people still run their PHP through PHP-FPM over FastCGI because you can offload a lot of the work to the much faster NGINX side. A fair amount of apps make use of X-Accel-Redirect to serve private files, so you don’t tie up a PHP worker for an hour serving the user’s 2GB file.

But yes, as those languages all move to async computing and away from worker pools, it’s more common to see those serve HTTP directly, and there’s less and less need for a proxy that supports those other protocols. The async event loop is what made NGINX special when it came out, so naturally languages that moves to that model greatly reduce the need for that as well, they too can easily handle thousands of concurrent connections no problems. Plus these days people slap a CDN in front anyway so static file performance doesn’t matter quite as much.

NGINX can really do a lot of things out of the box while being pretty easy to configure. NGINX can serve static files, it can proxy emails, it can do FastCGI, it can do UWSGI, it can do HTTP proxying, you can run Lua code inside NGINX to do things, there’s a module for RTMP live streaming. You can also implement some stuff like external authentication to protect your services/authenticate them at the proxy level. It can also do caching. Not all that useful with all those Rust and Go apps with their own built-in web server but if you run large legacy apps at scale it’s great, you can offload a lot of stuff away from your slow ass PHP app.

Caddy’s simpler but the current battle tested popular option is NGINX.

HAproxy is good at what it does but it’s only good at proxying and simple rules. For the most part, it’s used as a load balancer and router and doesn’t really process the requests itself. It can alter some things in it but it’s limited, and it only does HTTP and TCP. So you can’t really run PHP or Python or Ruby or whatever applications directly behind HAproxy. That makes NGINX a better choice there because NGINX deals with HTTP and only passes the request details to the application which doesn’t have to do HTTP on its own. I usually see HAproxy load balancing to NGINX hosts with some PHP/Python/Ruby app behind them.

Apache is old. It’s gotten better but the way it works just doesn’t reflect most modern use cases. I remember when NGINX popped off like 15 years ago and just how much more resource efficient it was and how happy I was with the upgrade. So it exists and still works but not very popular anymore. It’s a bit easier to set up but also a bit weird with things like mod_php which runs directly inside Apache instead of a dedicated user that can be better sandboxed.

Traefik is getting traction in big part because it fits well with the Docker ecosystem and just sets itself up automatically.

There’s also Envoy if you want some serious proxying and meshing but setting that one up is truely headache inducing.

They’re all pretty good web servers regardless, it comes down to preference. There’s no right choice because everyone’s needs are different.

One of the main full time Lemmy developer, admin of lemmy.ml and also author of the Jerboa app.

I’ve had my phone for at least 4 years but it runs well,

What’s the exact phone model? I’d be really surprised such a phone wouldn’t support LTE, 5G was about to come out 4 years ago. Even the OG pixel should support LTE. Unless your issue is lack of VoLTE support, which sometimes can be remediated with root or custom roms. Although I find the Internet portion to be more useful anyway, as you can just route the calls over regular VoIP and use Signal or Matrix or Discord or whatever.

Unless it’s a Samsung, then you’re kind of SoL into the fix by modding department, you’re stuck with what regular Android apps can do.

Depending on the use case there’s usually a temporary system that’s there only to take the update from the user partition and apply it to the system partition. So even if you bork the update it’ll still boot into that environment and install the system again. Valve does provide bootable images to put on a USB stick if you do break it pretty bad. It’s just a PC, it doesn’t do much to stop you from wiping the disk. The route Android took is A/B devices, when you’re using A you update B and then reboot into B, then the next update you’ll be updating the A partition and reboot into it. Plus if the next one fails to boot for some reason you can revert to the old version as if nothing happened, and retry the update from scratch. Except Samsung, because I don’t know I guess they want to turn the updating into a whole experience of anticipation or whatever crap reason they have for it.

Yes, pretty much always has too. /system is normally mounted read-only and all use data is in /data, so when you want to factory reset, you just format /data and reboot and voilà, brand new. Later versions also have a /vendor and a bunch of other partitions but the idea remains the same, as a user you only get to change /data (and /sdcard back before they had any meaningful internal storage, now it’s an overlay mount to /data/media/0).

Fight for your perceived purpose in this world, my perceived purpose is the preservation of truth.

The real truth is that being transgender is much more nuanced and complicated than “there’s men and women”. It’s a mental health issue, and the treatment for it happens to be to transition to match the gender your brain developed into. Because you have XX chromosomes doesn’t mean you can’t grow a man’s brain and vice-versa. Like come on those people don’t even recognize themselves as themselves in the mirror because of gender dysphoria. Who would wish that on anyone?

And that’s it, it’s that simple. All it costs other people is to not be assholes about it.

Everything people fear with their transphobia is that, phobia, fear that’s not based in reality or vastly disproportional to reality. Trans people aren’t there to take over and make cis people illegal, they’re not there to make your cis kids trans, they’re not there to trap you into having gay sex. They just want the same basic respect everyone else gets. Conservatives fear that because that’s how their conservative agendas work: gaslight people into “it’s not that bad” and then proceed to strip as many people’s rights as they can. There is no trans agenda, just like there’s never been a gay agenda. Nobody but cis straight usually white republicans are out there trying to convert everyone to their religion and version of reality.

It’s pretty clear cut too. If you give hormones to a cisgender person, they’ll start experiencing the same kind of mental distress as a trans person until you reverse it back. Thus, even if they wanted to, they couldn’t “groom” cis kids into becoming trans kids. It just doesn’t work that way. Some end up trying it and quickly realize they aren’t trans and that answers their question right there. That’s why we use puberty blockers for kids: if they change their mind they’re only like a year or two behind on puberty and that’s the end of it. Those are used by a wide variety of non-gender related growth issues too, for decades. Just try it yourself: try to imagine yourself as if you woke up the opposite gender. If it freaks you out, congratulations you’re cis. That’s what trans people feel until they transition.

Actually smart people care about much more important issues, because trans people aren’t and never have been an issue. The affordability crisis is much, much more important than oppressing a group of people that literally doesn’t cause any problem to anyone except bigots who just make up whatever nonsense reason to hate them.

I wish too, it’s only deployed for family and family businesses because I’m a couple thousand miles away from them. I cobbled this together for the explicit purpose of being able to reinstall Windows remotely. It works wonderfully though!

My real job is DevOps and 100% Linux, and most of the cloud servers are disposable and can be simply be rebuilt at the push of a button in some dashboard.

You can sign the whole thing, it’s not like you have to turn off secure boot and just drop the user to a root shell. There’s nothing to be gained from it, especially if you have physical access to the machine.

Ugh, totally read that as 2020

deleted by creator

I wish it was more shareable, but it’s also not as magic as it sounds.

Fundamentally it’s just a Linux install with some heavy customizations so that it does one thing only: boot Linux, and just enough prompts to get it online so that the VPN works, and download the root image into RAM that it boots into so I can SSH into the box, and then a bunch of Linux tools for me to use so I can reimage from there, or run a QEMU with the physical disk passed through so I can VNC into an install even if it BSOD.

It’s a Linux UKI (combined kernel+initramfs into a simple EFI file the firmware can boot directly without a bootloader), but you can just as easily get away with a hidden Debian install or whatever. Can even be a second Windows install if that’s your thing. The reason I went this particular route is I don’t have to update it since it downloads it on the fly, much like the Mac recovery. And it runs entirely in RAM afrerwards so I can safely do whatever is needed with the disk.

This is why every machine I manage has a second boot option to download a small recovery image off the Internet and phone home with a shell. And a copy of it on a cheap USB stick.

Worst case I can boot the Windows install in a VM with the real disk, do the maintenance remotely. I can reinstall the whole thing remotely. Just need the user to mash F12 during boot and select the recovery environment, possibly input WiFi credentials if not wired.

I feel like this should be standard if you have a lot of remote machines in the field.

Wat? What does imgur have to do with Boost and Lemmy?

The problem with this is the probability of your server being available for the next retry is fairly low.

Usually some sort of exponential backoff is used so it might retry after 5 minutes, 15 minutes, an hour, 3 hours, 6 hours, 24 hours, 48 hours, give up.

6-8 hours is probably too much for anything serious where you don’t want emails to just drop. It will work so if you’re just using it to sign up to sites and stuff, you can make sure your server is on to receive the verification emails and stuff. But I wouldn’t use it for anything important.

Apart from automating the quick hop to LTE to turn it on, not really.

Some VPNs stack two VPNs together, one that’s just to get on their network and the other being the real one. It helps a bit.

Although the ones that care about evading firewalls are typically not bargain bin VPNs like AirVPN and IVPN, and typically don’t use WireGuard because it’s terrible at hiding. It’s very good, very secure and very performant, but it also doesn’t try to masquerade as just another website or some form of TLS protocol over port 443. The serious ones have things like WebSockets, ShadowSocks, meek, and whatever one works on China today. But do you really need that much? It’s usually the kind of stuff where you have to make a choice between performance and bypassing most firewalls.

Sometimes OpenVPN will go through, because it can do that so if the firewall isn’t too smart it will miss it. But if WireGuard works by just authenticating over LTE, eh, worth it.

(And even then, if I was in charge of corporate IT and had to lock down the network to prevent exfiltration, you wouldn’t get any VPN past me, because I wouldn’t care about collateral I can just allowlist as it comes up. That’s a tradeoff places like Russia and China can’t quite afford.)

Your work is likely blocking the domains they use for authentication, but once you’re registered and got the peer IP and port, once you’re back on WiFi the corporate firewall doesn’t catch that.

A lot of VPNs just log in over an HTTPS API which isn’t exactly stealthy.

I mean you can make one without the metadata or phony metadata, it’s primarily used by software to validate you. It’s not like it validates any of the info. You can put RatoGBM@lemmy.world as your email of you want, good enough.The general idea is that a PGP key is an identity, not just a key pair. There’s plenty of non-PGP ways to make key pairs.

It’s useful when other people look through their keyring, so I can easily find which key I’m looking for. People don’t usually go find your key every time you want to send a message, they import your key then specify the ID or email of the key to use which is usually automatic based on who you’re emailing. And then when you message back, they want their messaging client to be able to look up your key and validate it automatically. I’m not going to go browse my files to find your key again to verify every single one of your messages. And I’ll be messaging you at some email address or other identifier somewhere anyway, so the key ends up tied to a form of identity regardless.

Same but without all the ads and blogspam wording: https://man.archlinux.org/man/core/shadow/gpasswd.1.en