Yes it would. In my case though I know all of the users that should have remote access snd I’m more concerned about unauthorized access than ease of use.

If I wanted to host a website for the general public to use though, I’d buy a VPS and host it there. Then use SSH with private key authentication for remote management. This way, again, if someone hacks that server they can’t get access to my home lan.

Their setup sounds similar to mine. But no, only a single service is exposed to the internet: wireguard.

The idea is that you can have any number of servers running on your lan, etc… but in order to access them remotely you first need to VPN into your home network. This way the only thing you need to worry about security wise is wireguard. If there’s a security hole / vulnerability in one of the services you’re running on your network or in nginx, etc… attackers would still need to get past wireguard first before they could access your network.

But here is exactly what I’ve done:

1. Bought a domain so that I don’t have to remember my IP address.
2. Setup DDNS so that the A record for my domain always points to my home ip.
3. Run a wireguard server on my lan.
4. Port forwarded the wireguard port to the wireguard server.
5. Created client configs for all remote devices that should have access to my lan.

Now I can just turn on my phone’s VPN whenever I need to access any one of the services that would normally only be accessible from home.

P.s. there’s additional steps I did to ensure that the masquerade of the VPN was disabled, that all VPN clients use my pihole, and that I can still get decent internet speeds while on the VPN. But that’s slightly beyond the original ask here.

A couple of options in my opinion, as I just did this myself:

You can use the CLI tool to “upload” them. You can even do this from the server itself. So upload times would be as fast as your network card can process or however fast your server is, whichever is slower. It does require that you create an API key for the user in question though.

Otherwise you can create an external library and link that to your account. Now Immich will still index this library but it won’t move or manage the actual files. I’m not sure though if it looks at those files for duplicates (i.e. if you try and upload the same photo from your phone to the server). This external library will also prevent deleting photos as well, FYI.

There might be other options that I’m not aware of, as I’ve only been using Immich for about a month now.

Edit: link to the CLI documentation: https://immich.app/docs/features/command-line-interface/

https://github.com/LemmyNet/lemmy/blob/d909f3455ddb89d45f35c78c4ce96bd0896469b1/crates/api_common/src/utils.rs#L302

If the honeypot is set the request is simply discarded.

FYI: https://en.m.wikipedia.org/wiki/Honeypot_(computing)

But there should also be a separate endpoint to get an auth token. (I don’t remember it off the top of my head). Then your bot should store that somewhere and send it as the auth parameter in every request.

Fair enough. Sometimes you can’t help but go down these rabbit holes though.

How do you account for the duplicate Riker in TNG? Who’s the real one and where did the extra matter come from then to assemble William vs Tom?

(It’s been a long time since I’ve seen that episode so I don’t remember if they covered that but on-screen)

A similar question could be raised for the Rascals episode…

You can always try constructing the URL manually. I know this sucks, but it might be a workaround.

https://lemmy.ml/c/songaweek@lemmy.world

Long story short you just have to go to lemmy.ml and then add /c/ followed by the community name @ the instance it belongs to.

That looks like 8.8.8.8 actually responded. The ::1 is ipv6’s localhost which seems odd. As for the wong ipv4 I’m not sure.

I normally see something like requested 8.8.8.8 but 1.2.3.4 responded if the router was forcing traffic to their DNS servers.

You can also specify the DNS server to use when using nslookup like: nslookup www.google.com 1.1.1.1. And you can see if you get and different answers from there. But what you posted doesn’t seem out of the ordinary other than the ::1.

Edit just for shits and giggles also try nslookup xx.xx.xx.xx where xx.xx… is the wrong up from the other side of the world and see what domain it returns.

Another thing that can be happening is that the router or firewall is redirecting all port 53 traffic to their internal DNS servers. (I do the same thing at home to prevent certain devices from ignoring my router’s DNS settings cough Android cough)

One way you can check for this is to run “nslookup some.domain” from a terminal and see where the response comes from.

Cloudflare? Namecheap?

Not sure exactly what features you’re after but the vast majority of them support what you mentioned above.

Not that I’m aware of. I already opened a request on the backend to have an API to provide a since= property. But ultimately found a workaround for my needs (not applicable here).

Ya, I’ve got a few public services out there and I would love for a better way to manage them. But the fewer ports I open the better. I think there’s also portainer edge agent that’s more secure for prod environments, but I’ve yet to look into it much.

Slightly off topic, but are there not security concerns about opening up a portainer instance to the internet? I run portainer for all of my intranet hosted containers but I have reservations about running either the agent or portainer itself on something external to my lan. It seems like an easy attack vector but maybe I’m just overly worried?

Let’s say I just sent a request from my non-existent server with my user id…

Who or what is going to send this request if not some server that implements ActivityPub? This could be a Lemmy or Mastodon or Kbin instance… Or anything else that implements ActivityPub.

…and just every time I wanted to check whether I got replies I would query the other server (which a Lemmy server would do to get notifications about replies or upvotes)

ActivityPub works via pushes. So there’s nothing to query. There HAS to be some server for it to send and store that data.

So you can’t just send data from a domain. There has to be a service running behind that domain name to do something.

Without a server, it’d be like asking “why do I need tires on my car?”. Well it’s not going to go anywhere without them.

Now this could be a private instance with only you as the single user. And it could federated with the rest of the fediverse. But you still have to run some software to do that.

Now in theory someone I guess could come up with a slim version of Lemmy that only has a single user, and you can’t post or comment directly to that instance but again something has to be running on a server behind that domain.

There are APIs that you can use to post and comment, etc… But there has to be an instance at that domain.

That’s how most of the mobile apps work btw, they just send a network request direct to lemmy.world etc… Saying that iopq wants to create a post with this title and this content…

But there’s no need for your own personal domain name in this scenario, you just need an account on the server that you’re trying to post or comment to.

Not sure if that helps.

I’m not an expert, but I thought the issue was generally that big instances like lemmy.world were getting overloaded on the server side, not that they were enforcing a manufactured rate limit on individual IPs.

From what I can see it’s both. lemmy.world and others are getting overloaded, but there is an inherit built-in rate-limit in the code itself. You can see what those limits are via the api/v3/site. Now in theory if you’re actually getting rate-limited you should be seeing HTTP 429 responses from the server. If the server is just overloaded, you’ll get a 5xx response, the request will just timeout or at best you’ll still get a response but after a significant delay (what most people are seeing).

Also, someone else mentioned that on the fediverse even simple things like an upvote are slower and require more work here than in centralized platforms because they must be sent to all the instances that are indexing that user/community. As I understand, that’s inherent to the fediverse, a bug not a feature, designed for redundancy and resilience.

I don’t want to comment on this too much as I’m not an expert here, but here’s how federation / ActivityPub works from what I understand looking at the code:

Whenever you take any action (or activity) your browser will first send that message to your instance. If your instance then owns the community that message is then propagated out to EVERY linked instance listed here: /instances / api/v3/federated_instances. If your instance doesn’t own the community, that message is forwarded off to the instance that does and they sent it out to EVERYONE on their federated instances list. As you can see this creates A LOT of network traffic.

This posing an interesting problem… the number of ActivityPub messages goes up as the number of instances increase. But at the same time as more and more users join a single instance that require that that instance send more and more traffic to individual user’s browsers as they view and respond to posts. So the problem here is trying to find a good balance. And to top it off, the default behavior of most users is going to be to join the largest instances, making that instance incur more and more traffic to view content.

Again uniformed, but Lemmy seems like it should scale fine. Bigger instances will monetize, driving prospective users to smaller instances, and then rate limiting and server lag won’t be so bad anymore.

Will it though? How would an individual instance monetize? They would have to use donations. If an instance tries to add Ads, users will leave to an instance that doesn’t, making it so that they don’t get any income. They could charge a subscription fee, but again users would just leave and the admins get nothing.

The ideal configuration of the fediverse as I see it, is if we had two types of servers 1) content servers that only hosted communities but didn’t have any real number of users, and 2) user servers that have no communities but most of the users. This way the number of API requests between instances is rather limited. When you end up with a server that has both most of the content and the userbase, the workload of that server appears to grow exponentially instead of linearly as the number of new instances rises.

You’ll be able to get an initial set of data from federation but you won’t get any data beyond that.

Federation works via “pushes”, but since your instance would be behind a VPN the other instances in the federation wouldn’t be able to see it to push content updates.

Lemmy is entirely open source, so you can see what their architecture looks like, etc… here: https://github.com/LemmyNet/lemmy.

Rate limits, as I understand them from the code, should only apply on a per-IP basis. So you should only be seeing rate limit errors if:

• your behind a CGNAT and multiple people who use your ISP are using Lemmy
• you’re sending A LOT of requests to your instance yourself
• the admin of your instance has significantly lowered the rate limits (viewable here: /api/v3/site)