Ah! See my brain instead of adding “be” dropped “to” 🤣

DeJoy had pressed to not go forward with the purchase of new gas-powered ones

So, the web uses a system called chain of trust. There are public keys stored in your system or browser that are used to validate the public keys given to you by various web sites.

Both letsencrypt and traditional SSL providers work because they have keys on your system in the appropriate place so as to deem them trustworthy.

All that to say, you’re always trusting a certificate authority on some level unless you’re doing self signed certificates… And then nobody trusts you.

The main advantage to a paid cert authority is a bit more flexibility and a fancier certificate for your website that also perhaps includes the business name.

Realistically… There’s not much of a benefit for the average website or even small business.

Even more so, FBI wants to know where the money grandma gave to get her pictures back from the ransomware went.

All this money tracking stuff AFAIK was originally more about organized crime than tax revenue.

DeJoy had to pressed to not go forward with the purchase of new gas-powered ones

Did you mean to say electric ones? IIRC Dejoy was for new trucks but not electric trucks.

I actually really wish we could flag communities or posts as “excluded from the main feed.”

There have been several posts I’ve made or that my bot has made (from community specific RSS feeds) that get down votes seemingly from people completely outside of the community.

For instance, I had a post about a heavy Standard Notes discount … pretty relevant to Standard Notes users; down voted like crazy in the early days of lemmy.world.

Similarly, the other day Bungie made several post about Destiny around the same time. The bot faithfully posted all of them, but several got down voted, almost definitely because someone who didn’t care about Destiny down voted the “spam” since several posts were about Destiny around the same time in the “main feed” (and they were probably sorting by “New”).

My retort/unpopular opinion: There’s no recommendation algorithm, if it’s not a community you’re subscribed to, and you don’t care about it … what the heck are you doing engaging with it? Move on to the next post or block the community.

Alternatively, we should be able to block interactions from people who haven’t subscribed to the community without limiting federation or making it moderator only.

When you down vote a post of a community you’re not a part of you’re actively hurting its surfacing in the feeds of people in that community that use feed algorithms other than “New” or “Controversial”.

I was watching a documentary on jet engine cars … I was surprised it was Chrysler that had done the work. It would take someone older than me to know if Chrysler really used to be an innovator and turned into a mediocre brand or if it’s been that way all along.

I’d give up any and every gun point in favor of police reform, proper election and transition of power legislation, and climate change.

Actually, I think they have it exactly right. The problem is Republican voters views and priorities have been misaligned with their respective party representatives for at least a decade.

This is no more evident than in evangelical voters jumping through hoops to justify a detestable candidate of poor morals.

What Trump, the tea party before him, etc represents to folks that adore them is quite different than what those things are.

So the local machine doesn’t really need the firewall; it definitely doesn’t hurt, but your router should be covering this via port forwarding (ipv4) or just straight up firewall rules (ipv6).

You can basically go two routes to reasonable harden the system IMO. You can either just set up a user without administrative privileges and use something like a systemd system level service to start the server as that user and provide control over it from other users … OR … if you’re really paranoid, use a virtual machine and forward the port from the host machine into the VM.

A lot of what you’re doing is … fine stuff to do, but it’s not really going to help much (e.g. building system packages with hardening flags is good, but it only helps if those packages are actually part of the attack surface or rather what’s exposed to the remote users in someway).

Your biggest risk is going to be plugins that aren’t vetted doing bad things (and really only the VM or using the dedicated user account provides an insulation layer there – the VM really only adds protection against privilege escalation which is pretty hard to pull off on a patched system).

My advice for most people:

• Make a new user on the system to run each game you want to run
• Run the game using systemd and that user
• Use something like kopia + the root user’s crontab (easier than systemd timers, but systemd timers also work) to backup the files on disk

For Minecraft in particular, to properly back things up on a busy server you need to disable auto save, manually force save, do the backup and then enable auto save again after your backup. Kopia can issue commands to talk to the server to do that, but you need a plugin that can react to those commands running on the server (or possibly to use the server console via stdin). Realistically though, that’s overkill and you’ll be just fine backing up the files exactly as they are periodically.

Kopia in particular will do well here because of its deduplication of baked up data + chunking algorithm that breaks up files. That has saved me a crazy amount of storage vs other solutions I’ve tried. Kopia level compression isn’t needed because the Minecraft region files themselves are already highly compressed.

Do you happen to have a time-stamp?