The person isn’t talking about automating being difficult for a hosted website. They’re talking about a third party system that doesn’t give you an easy way to automate, just a web gui for uploading a cert. For example, our WAP interface or our on-premise ERP don’t offer a way to automate. Sure, we could probably create code to automate it and run the risk it breaks after a vendor update. It’s easier to pay for a 12 month cert and do it manually.

Thanks. Very interesting. I’m not sure I see such a stark contrast pre/post 9-11. However, the idea that the US public’s approach to the post-9-11 conflict would have an influence makes sense and isn’t something I’d ever have considered on my own.

Me too, but I’d put Usenet in there before Slashdot.

The South. Just below Indiana, the middle finger of the South. And I say this as a Hoosier for much of my life.

As a guy responsible for a 1,000 employee O365 tenant, I’ve been watching this with concern.

I don’t think I’m a target of state actors. I also don’t have any E5 licenses.

I’m disturbed at the opaqueness of MS’ response. From what they have explained, it sounds like the bad actors could self-sign a valid token to access cloud resources. That’s obviously a huge concern. It also sounds like the bad actors only accessed Exchange Online resources. My understanding is they could have done more, if they had a valid token. I feel like the fact that they didn’t means something’s not yet public.

I’m very disturbed by the fact that it sounds like I’d have no way to know this sort of breach was even occurring.

Compared to decades ago, I have a generally positive view of MS and security. It bothers me that this breach was a month in before the US government notified MS of it. It also bothers me that MS hasn’t been terribly forthcoming about what happened. Likely, there’s no need to mention I’m bothered that I’m so deep into the O365 environment that I can’t pull out.

I’m the opposite. I had my subreddits curated to ones that supplied good deals discussion for posts and good articles for links. For link posts, I primarily read the linked article and ignored the discussion. Here, I’ve been doing both.

RBL’s are nothing more than a way to block problematic servers. And some of those problems are nothing more than they don’t have a rdns.

Yeah, runaway global warming might not happen. Plant monocultures would begin to disappear. New invasive species wouldn’t happen, though existing ones might have a better time for a bit. Major thoroughfares wouldn’t create barriers to migration. Dams might take centuries to collapse, but I think humans going extinct might have one of the biggest impacts.

Upvotes and downvotes.

Right now, I can browse by New on my subscribed communities and see every post since the last time I did that.

I can view or re-view posts and read every response. If the responses are legion, I can play with hot/top and get the meat of the discussion.

Did you notice that last sentence? On the few posts where there are too many responses to view all, I’ll try to get at those that are relevant.

If the Lemmy community grows large enough, I’ll need to do the same for posts. I will no longer be able to regularly view by new and have time to see everything.

So, I’ll need to rely on some sorting method to make certain I see relevant stuff.

Someone with millions of bots that never post have millions of upvotes and downvotes to influence the score used by the sorting algorithm that I’ll use to decide what to read.

But aren’t thumbnails local?

Part of what prompted my question is that I doubt I have the correct worldview because I believe I’m influenced.

No. They can be used in influence campaigns. They can upvote the posts and comments the controllers want you to see and downvote those they don’t.

Spam’s obvious and can be dealt with. Bots altering what shows up in your feed is impossible to combat as an end user.

In some ways, this shows Lemmy is winning. It means Lemmy’s important enough to start trying to influence. It also means we’re about to go through some interesting times.

I migrated to Reddit after Digg imploded. Here’s a few things I think were better.

Feeds weren’t filled with meme posts. Comments weren’t filled with quick one-liners to get upvotes. Back then, there was much more substantive commentary.

Now, over the years, I’ve subscribed to subreddits that contained the type of content I wanted, plus the default subreddits I was subscribed to as a new user back then are much different than today. Open Reddit using a different browser or a private browser window, so that you’re not logged in. How does that compare to your experience of 12 years ago?

Honestly, much of the things I don’t like are because of large entities wanting to influence social media. That same thing will happen (likely is already happening) to the fediverse. I just hope the distributed nature makes it more difficult.

I’ll agree and go one further: the idea of wanting to recreate Reddit is bad.

Most of us left Reddit because of the API crap, but I suspect most of us have not been as happy with the Reddit experience as we once were. The more you recreate a system that’s close to Reddit, the more you make it easier for influence campaigns, spam bots, and disruptive trolls to operate.

Federation, with separate but similar communities, makes it tougher for a massive bot operator to run a monolithic influence campaign. My hope is the design of the fediverse helps to defend against these types of attacks. My fear is the inexperience of server operators with these types of coordinated attacks makes it difficult.

Perfect! Thanks.

My concern is less the VM hosting the docker instance getting compromised but that Lemmy has an exploit and the Lemmy instance getting compromised. I’m quite certain that Lemmy is getting a closer look by the bad guys. You’ve had hundreds of instances spun up in a week, most that have done nothing more than follow an online example of how to spin up a Lemmy instance.

And, I was under the impression that the container and thus the logs were cleared when restarting or redeploying docker. If I’m wrong, I’m horribly embarrassed and will point at that “old school” in the title. I’ll also be doing some testing.

Kids these days with their containers and their pipelines and their devops. Back in my day…

Don’t get me started about the internal devs at work. You’ve already got me triggered.

And, I can just imagine the posts they’re making about how the internal IT slows them down and causes issues with the development cycle.

Nice. I’ll definitely check it out.

I’m intrigued by the phrase “crowdsec security engine on the docker”. Yes, I can Google, but I’d appreciate a bit of comment on what that is and how involved the setup is.

Agreed on all counts. Of course none of that exists on the on the Lemmy docker instance.