This absolutely. Anyone who actually wants open registration will be configuring their own SSO or whatever backend. The default should be safe for testing and/or hobbyists.

To anyone afraid of the above conclusion, a dedicated $5 VPS with automatic snapshots get you a long way.

Any time you have a server willing to process random data uploaded from randos, just expect it to be compromised eventually and prepare for the eventuality by isolating it, backing it up religiously, and setting up good monitoring of some sort. Doesnt matter if its a forge, a wiki, or like nextcloud or whatever. It will happen.

We also have COW filesystems now. If you need large datasets in different places, used by different projects, etc, just copy them and use BTRFS or ZFS or whatever. It wont take any space and be safer. Git also has multiple ways of connecting external data artifacts. Git should by default reject symlinks.

Theres a HUGE difference between hosting it essentially read-only to the world, vs allowing account creation, uploading, and processing unknown files by the server.

I have thought of blocking access to the commit history pages at the reverse proxy to cut off 99% of the traffic from bots. If anyone wants to look at the history, its just a git clone away.

You can git pull a repo to your machine, make your changes and then use git to submit a patch via email. Its not pretty, but it works. Hopefully federation is built soon and you will be able to submit a pull request from your own forge.

While good, network security isnt the issue. Its running a web service with open registration allowing randos to upload content that gets processed by the server.

Throw this up on a dedicated $5 VPS and you still have a problem. The default should be manual registration by admins.

Its coming: https://codeberg.org/forgejo-contrib/federation/src/branch/main/FederationRoadmap.md

Its always code forges and wikis that are effected by this because the scrapers spider down into every commit or edit in your entire history, then come back the next day and check every “page” again to see if any changed. Consider just blocking pages that are commit history at your reverse proxy.

If you are doing stuff in Linux that requires the terminal, you were probably making edits to the registry in Windows or pasting in wild powershell lines from online guides.

No need for 98% of the user base to ever touch the terminal. Open whatever software store comes with your distro, click install next to whatever you want.

The only exception to that is that sometimes, when a trusted person is supporting you through something, giving them a line to paste into a terminal might be quicker than walking them through all the clicks of a gui. Sometimes.

Someone always chimes into these discussions with the experience of being DDOSed and Cloudflare being the only option to prevent it.

Sounds a lot like a protection racket to me.

Except, if you chose the wrong 1 of that 10 and your company is the only one down for a day, you get fire-bombed. If “TEH INTERNETS ARE DOWN” and your website is down for a day, no one even calls you.

Probably better to use them for their screen, firewalled off from everything except whatever is providing a dashboard or info display (e.g., homeassistant).

Your perspective aligns with a lot of self-hoisters who run things on rpi’s and such, but not the “home labbers”. Also, see the pubnix, tildeverse, smol web, indie web, and to some extent the retro computing communities. You are definitely not alone!

Restic is great, and the de-duplication between snapshots is amazingly good. Same content in different files (e.g. tar files of linux systems) take very little space like magic). Backrest is a nice web frontend for it.

Note that you should use some retention features of your provider to manage the risk of ransomware deleting your backups.

I think the strategy used the world-over, is to surveil everyone and build network graphs. You may work extremely hard to secure your device and communications, but the algorithms will build up a dossier on you based on all of the people you associate with who are less capable or motivated. Machine learning is insanely good at filling in missing data in an information rich dataset.

On the other hand, we live in a golden age of private, end-to-end encrypted communications tools. There are literally too many to list here. The problem is our end-points are extremely vulnerable to surveillance now.

Also, the PGP web of trust was a pretty terrible idea for anyone concerned about authoritarian governments. Especially “key parties” that network based on government IDs. They also barely worked in practice anyway. Web-key discovery actually has decent UX, despite being tied to a purchased domain rather than a drivers license. It works fine for people you don’t know, but know by their domain. For people you know, exchanging keys via QR code or verifying keys via some hash out of band has become standard.

I would be terrified of using a bluetooth mesh network in a situation where private, encrypted communications are illegal. That would be literally walking around transmitting your intent. It’s a great idea in a free country though.

In a dystopia, you want to blend in. Something like deltachat has the right idea there - you have to look like boring email on the network. Maybe even layer on stenography -sending boring emails with cat pictures, but your messages are hidden inside them.

Honestly, I would probably go with sneakernet. A microsd card can be hidden very easily, are difficult to detect electronically, transport virtually unlimited text, and be encrypted in-case the mule gets caught to prevent networks being exposed. The latency is just a necessary evil.

Usually these models are trained on past data, and then applied going forward. So whatever bias was in the past data will be used as a predictive variable. There are plenty of facial feature characteristics that correlate with race, and when the model picks those because the past data is racially biased (because of over-policing, lack of opportunity, poverty, etc), they will be in the model. Guaranteed. These models absolutely do not care that correlation != causation. They are correlation machines.

I cant imagine a model being trained like this /not/ end up encoding a bunch of features that correlate with race. It will find the white people, then reward its self as the group does statistically better.