https://lemmy.world/u/MimicJar posted on Mar 4, 2026 19:43
August 2026
August 2026
I hope Guy and Hal stick around, even if John becomes our primary Lantern. Guy is such a fun character and we don’t know a lot about Hal yet but I’m intrigued. (And obviously John, but like you said he’s our main Lantern.)
Agreed. My only gripe is that I didn’t like when he started beating the man during an interrogation. That’s a trope I’d like to generally retire, but especially as it applies to Hal Jordan.
Hey hey, I am thinking of implementing a lself-hosted office suite and on my radar are OnlyOffice and CryptPad. I just demoed cryptpad.fr as a trial, and noticed it uses OnlyOffice client side. So next I wondered, what does CryptPad add to OO?
On the web site FAQs , CP says:
The CryptPad Document, Presentation & Spreadsheet applications are an OnlyOffice Docs integration. However, this only concerns the client-side code, CryptPad does not make use of the OnlyOffice Document Server. CryptPad’s encrypted collaboration, used for document, presentantion & spreadsheets and other applications, is completely different from the encryption system used in parts of upstream OnlyOffice. Some of CryptPad’s file format conversion tools are based on OnlyOffice code, but substantial work has been done to make it run in the browser rather than on the server, therefore avoiding the need to reveal the contents of users’ documents when converting.
That might help developers but I’m still not clear.
On the OO web site, they say the suite includes:
Three levels of encryption: at rest, in transit, end-to-end
Sounds good on the surface. NB - this is just for my family’s simple docs; I’m not trying to protect government whistleblowers here.
So I am still not clear. Why do I need to add CryptPad to the mix if OO already is the basis for the office suite?
Another NB - a big part of my self hosting is I want as few people I have to trust as possible. So if I don’t need CP to host docs on my VPS, I’d rather not add them to my server.
Thanks for any clues.
CryptPad is encrypted Google Docs/Office 365. Proton has been expanding their offering for this, but it’s not as good in my opinion.
A mobile app would be nice for CryptPad otherwise, it does the job.
I just want to seed torrents. I am not planning to run plex or anything like that. I would like a budget friendly one around $5 to $7.
I’d do as @tal@lemmy.today advised.
I’m suggesting something orthogonal: I’m suggesting specifically rTorrent hosting.
Apparently rTorrent provides the maximum GB served per unit of CPU used, & since seedbox hosting is on such pathetic virtual-machines, this can matter.
_ /\ _
Internet Protocol is the protocol underlying all Internet communications, what lets a packet of information get from one computer on the Internet to another.
Since the beginning of the Internet, Internet Protocol has permitted Computer A to send a packet of information to Computer B, regardless of whether Computer B wants that packet or not. Once Computer B receives the packet, it can decide to discard it or not.
The problem is that Computer B also only has so much bandwidth available to it, and if someone can acquire control over sufficient computers that can act as Computer A, then they can overwhelm Computer B’s bandwidth by having all of these computers send packets of data to Computer B; this is a distributed denial-of-service (DDoS) attack.
Any software running on a computer — a game, pretty much any sort of malware, whatever — normally has enough permission to send information to Computer B. In general, it hasn’t been terribly hard for people to acquire enough computers to perform such a DDoS attack.
There have been, in the past, various routes to try to mitigate this. If Computer B was on a home network or on a business’s local network, then they could ask their Internet service provider to stop sending traffic from a given address to them. This wasn’t ideal in that even some small Internet service providers could be overwhelmed, and trying to filter out good traffic from bad wasn’t necessarily a trivial task, especially for an ISP that didn’t really specialize in this sort of thing.
As far as I can tell, the current norm in 2026 for dealing with DDoSes is basically “use CloudFlare”.
CloudFlare is a large American Content Delivery Network (CDN) company — that is, it has servers in locations around the world that keep identical copies of data, and when a user of a website requests, say, an image for some website using the CDN, instead of the image being returned from a given single fixed server somewhere in the world, they use several tricks to arrange for that content to be provided from a server they control near the user. This sort of thing has generally helped to keep load on international datalinks low (e.g. a user in Australia doesn’t need to touch the submarine cables out of Australia if an Australian CloudFlare server already has the image on a website that they want to see) and to keep them more-responsive for users.
However, CDNs also have a certain level of privacy implications. Large ones can monitor a lot of Internet traffic, see traffic from a user spanning many websites, as so much traffic is routed through them. The original idea behind the Internet was that it would work by having many small organizations that talked to each other in a distributed fashion, rather than having one large company basically monitor and address traffic issues Internet-wide.
A CDN is also a position to cut off traffic from an abusive user relatively-close to the source. A request is routed to its server (relatively near the flooding machine), and so a CDN can choose to simply not forward it. CloudFlare has decided to specialize in this DDoS resistance service, and has become very popular. My understanding — I have not used CloudFlare myself — is that they also have a very low barrier to start using them, see it as a way to start small websites out and then later be a path-of-least-resistance to later provide commercial services to them.
Now, I have no technical issue with CloudFlare, and as far as I know, they’ve conducted themselves appropriately. They solve a real problem, which is not a trivial problem to solve, not as the Internet is structured in 2026.
But.
If DDoSes are a problem that pretty much everyone has to be concerned about and the answer simply becomes “use CloudFlare”, that’s routing an awful lot of Internet traffic through CloudFlare. That’s handing CloudFlare an awful lot of information about what’s happening on the Internet, and giving it a lot of leverage. Certainly the Internet’s creators did not envision the idea of there basically being an “Internet, Incorporated” that was responsible for dealing with these sort of administrative issues.
We could, theoretically, have an Internet that solves the DDoS problem without use of such centralized companies. It could be that a host on the Internet could have control over who sends it traffic to a much greater degree than it does today, have some mechanism to let Computer B say “I don’t want to get traffic from this Computer A for some period of time”, and have routers block this traffic as far back as possible.
This is not a trivial problem. For one, determining that a DDoS is underway and identifying which machines are problematic is something of a specialized task. Software would have to do that, be capable of doing that.
For another, currently there is little security at the Internet Protocol layer, where this sort of thing would need to happen. A host would need to have a way to identify itself as authoritative, responsible for the IP address in question. One doesn’t want some Computer C to blacklist traffic from Computer A to Computer B.
For another, many routers are relatively limited as computers. They are not equipped to maintain a terribly-large table of Computer A, Computer B pairs to blacklist.
However, if something like this does not happen, then my expectation is that we will continue to gradually drift down the path to having a large company controlling much of the traffic on the Internet, simply because we don’t have another great way to deal with a technical limitation inherent to Internet Protocol.
This has become somewhat-more important recently, because various parties who would like to train AIs have been running badly-written Web spiders to aggressively scrape website content for their training corpus, often trying to hide that they are a single party to avoid being blocked. This has acted in many cases as a de facto distributed denial of service attack on many websites, so we’ve had software like Anubis, whose mascot you may have seen on an increasing number of websites, be deployed, in an attempt to try to identify and block these:
We’ve had some instances on the Threadiverse get overwhelmed and become almost unusable under load in recent months from such aggressive Web spiders trying to scrape content. A number of Threadiverse instances disabled their previously-public access and require users to get accounts to view content as a way of mitigating this. In many cases, blocking traffic at the instance is sufficient, because even though the my butt web spiders are aggressive, they aren’t sufficiently so to flood a website’s Internet connection if it simply doesn’t respond to them; something like CloudFlare or Internet Protocol-level support for mitigating DDoS attacks isn’t necessarily required. But it does bring the DDoS issue, something that has always been an issue for the Internet, back to prominent light again in a new way.
It would also solve some other problems. CloudFlare is appropriate for websites, but not all Internet activity is over HTTPS. DoS attacks have happened for a long time — IRC users with disputes (IRC traditionally exposing user IP addresses) would flood each other, for example, and it’d be nice to have a general solution to the problem that isn’t limited to HTTPS.
It could also potentially mitigate DoS attacks more-effectively than do CDNs, since it’d permit pushing a blacklist request further up the network than a CDN datacenter, up to an ISP level.
Thoughts?
Now on that last point, there will indeed come a time when simply using the engineering technique of “making things bigger” won’t work if the attacks become sophisticated enough, but at that point networking will have fully become geopolitical tools (more than they are now).
A Layer-3 (network-layer) blacklist risks cutting off innocent CGNAT and cloud users. What you’re proposing is similar to mechanisms that already exist (e.g., access control lists at the ISP level work by asking computer B which requests it wants to reject and rejecting those that originate from computer A). However, implementing any large-scale blocking effort beyond the endpoint (i.e. telling an unrelated computer C to blackhole all requests from computer A to computer B) would be too computationally expensive for a use case as wide and as precise as “every computer on the Internet”.
Also, in your post you mentioned, “A host would need to have a way to identify itself as authoritative, responsible for the IP address in question.” This already happens in the form of BGP though it doesn’t provide cryptographic proof of ownership unless additional mechanisms are in use (RPKI/ROA).
I find myself wanting to stare out of the window for at least 2 mintues straight, committing the whole view to my memory, for many spaces I’m in. The higher up off the ground it is, or the further you can see, the better it is.
If I don’t get my 2-5 minutes of window time the window will distract me every time I’m in that room. I’ll steal glances, convinced that something changed without me noticing.
We used to be in an 11th floor office on the water and the view out of those windows was like eating a piece of cake, it was so beautiful. And once at the job before that, the shipping manager came to laugh at me & my coworker, grown-ass women, because we were watching a construction crane out the window at work, we were both fascinated with it. Because it was fascinating!
I’ve always been really into clouds, so I get distracted fairly often.
But I think it’s really awesome to just look outside. I feel like people aren’t as keen to just absorb the world around them or to be curious about all that’s around us.
I stopped my partner on a walk recently to listen to the bees in the freshly blooming tree we were under. She said she never would have noticed.
I’ve gotten that same answer from others when I’ve said that I love walking through neighborhoods and smelling when someone is doing laundry. It just smells really good and it makes me feel good.
First, I’d like to thank you all for keeping the wetshaving fediverse active with interesting and delightful content! We are approaching the 1000th daily SOTD thread since the inception of the wetshaving Lemmy, and during those 1000 days a lot has changed!
Scrolling through this post it’s evident that most of our users have switched to PieFed. In observing this trend, I believe it’s an acceptable time to switch things up.
Ensure that you are subscribed to !wetshaving@wetshav.ing. You can still use Lemmy of course, as the activity will federate.
::: spoiler Hint for PieFed users If you’re using PieFed, there’s also a Topic that I’ve built available here. A topic is a group of related communities. You can’t edit Topics, but you can use the topic to create your own “Feed” of wetshaving stuff. Just thought I’d mention the option. :::
Daily SOTD threads will begin to be posted to !wetshaving@wetshav.ing in the coming days. !wetshaving@sub.wetshaving.social will continue to exist.
Free Talk Friday posts will begin to be posted to !wetshaving@wetshav.ing in the coming days.
Just as soon as I sit down and make the changes. Ideally you won’t even notice since federation is slick and refined at this point. I will make a sticky post on !wetshaving@sub.wetshaving.social directing people towards !wetshaving@wetshav.ing when it’s done.
Don’t like it? Sound off in the comments!
Did I miss something? Any big downsides that I haven’t considered? Let me know below!
it’s not letting me post on the piefed server. I can see wetshav.ing, can see posts thrre, can like posts, just can’t comment at the moment.
like can i send a dm to someone and talk to them here?
Made me curious, are there any lemmy instances with embedded matrix protocol? Does it even work like that?
It’s a different protocol altogether so unless someone went out of their way to build a bridge between Lemmy and Matrix, probably not.
On Mastodon’s new Share button, and protocol ownership.
An unusually clear explanatory article. This problem needs fixing. As a layperson it looks to me like the “discussion” mentioned needs to crystallize into a proper meeting of all stakeholders so as to get a binding decision about how to fix it.
One problem with the whole C2S thing is you can easily end up in the Matrix/XMPP situation where some clients and servers implement some smattering of standards and it just becomes confusing to navigate and use.
This is approximately the situation in the fediverse today, with Mastodon in the role of Gmail. The difference is that email has IMAP and SMTP, client protocols that are not only standardized but universally adopted. Every email server implements them and every email client expects them.
Tuta has entered the chat.
Online Romance Scam Warning 💔
It often starts with a friend request or message on Facebook, Instagram, or Threads.
They ask if you’re single, ask about your family, even check if you’ve eaten. Soon, they say everything you want to hear—and may even talk about marriage.
Then comes the red flag 🚩
They try to move the conversation to private apps like Telegram, Google Chat, or Skype. They share sad stories and eventually ask for money.
Remember:
They don’t love you — they want what you have.
✅ Block them
✅ Report them
✅ Hold your head high and smile
Your kindness is your strength. Stay smart. Stay safe. ❤️ Report
It’s high time we teach them a lesson
Report
You got it boss. @nieceandtows@programming.dev @nieceandtows@lemmy.world
maintenant looks interesting 🤔
Zero-config auto-discovery for Docker and Kubernetes. Every container is tracked the moment it starts — state changes, health checks, restart loops, log streaming with stdout/stderr demux. Compose projects are auto-grouped. Kubernetes workloads (Deployments, DaemonSets, StatefulSets) are first-class citizens.
config based on labels. sounds good for a moving selfhosting world…
