Ugh. Thanks. It’s quite possible, though maybe just a regional one? I did inadvertently block one of the IPs Let’s Encrypt uses for secondary validation, so this may be another case of that.

I get a shitload of bad traffic from the southeast Asia area (mostly Philippines/Singapore AWS) and have taken to blanket blocking their whole routes rather than constantly playing whack-a-mole. Fail2ban only goes so far for case-by-case.

Here’s the image from the meme from an alternate source:

Your IP may unfortunately be inside a CIDR block that largely does nothing but spam my infrastructure with script kiddie tomfoolery. Firewall rules apply to my authoritative DNS servers as well.

Edit: If you would like me to whitelist it, DM me your IP and I’ll add a narrow exception.

:sigh:

1. That doesn’t block obnoxious users from there, only communities
2. New users are still flooded with that and have to block it
3. If you’re a potential new user (which is the topic of this post) and just browsing unauthenticated to see what it’s like here, no, you can’t block instances (or anyone or anything).

Atkinson Hyperlegible is my new jam. I’m dyslexic and it helps tremendously even though that’s not its primary goal. It also looks a lot better than OpenDyslexic which I used to use.

Loaded “Hyperlegible” onto my Kobo, the reader app on my phone, and set it as the default font on my desktop environment.

Also added it as an option in Tesseract UI (which I swear I’ll be releasing “soon”).

Kinda like in recent Trek series where, when an episode begins with a day in the limelight of a non-main character, it’s basically their eulogy.

• DIS: Lt. Miriam Airiam. Stupid autocorrect.
• SNW: Ensign Gamble

I made my own smart outlets with an ESP-01, dual relay board, and ESPHome. Also made some temp/humidity sensors as well as a 20x4 text display. All powered by a bunch of ESP-01s I bought cheap and in-bulk from Ali and programming using ESPHome which handles most of the work interfacing with the components as well as the HomeAssistant integration.

https://esphome.io/

When some rich, Walt Disney-type buys an island and fills it with supercomputers in order to clone a park full of extinct Amy Winehouses?

Find a USB stick in the parking lot? Don’t plug it into your PC and probably destroy it with fire.

Find a USB stick while digging in the park? Plug that baby in, jam to some Back to Black, and watch some vintage porn.

Basically the only thing you want to present with a challenge is the paths/virtual hosts for the web frontends.

Anything /api/v3/ is client-to-server API (i.e. how your client talk to your instance) and needs to be obstruction-free. Otherwise, clients/apps won’t be able to use the API. Same for /pictrs since that proxies through Lemmy and is a de-facto API endpoint (even though it’s a separate component).

Federation traffic also needs to be exempt, but it’s not based on routes but by the HTTP Accept request header and request method.

Looking at the Nginx proxy config, there’s this mapping which tells Nginx how to route inbound requests:

nginx_internal.conf: https://raw.githubusercontent.com/LemmyNet/lemmy-ansible/main/templates/nginx_internal.conf

    map "$request_method:$http_accept" $proxpass {
        # If no explicit matches exists below, send traffic to lemmy-ui
        default "http://lemmy-ui:1234/";

        # GET/HEAD requests that accepts ActivityPub or Linked Data JSON should go to lemmy.
        #
        # These requests are used by Mastodon and other fediverse instances to look up profile information,
        # discover site information and so on.
        "~^(?:GET|HEAD):.*?application\/(?:activity|ld)\+json" "http://lemmy:8536/";

        # All non-GET/HEAD requests should go to lemmy
        #
        # Rather than calling out POST, PUT, DELETE, PATCH, CONNECT and all the verbs manually
        # we simply negate the GET|HEAD pattern from above and accept all possibly $http_accept values
        "~^(?!(GET|HEAD)).*:" "http://lemmy:8536/";

There’s just too many things to support. Rather than pick and choose what I’m going to virtue-signal today, I just…don’t bother. It’s been going on almost 4 years, and in the horror show of the post-2020 world, that’s practically forever and makes it just one thing on a very, very massive pile. Not trying to diminish things there, but it is what it is.

Other than some outright trolls or maybe some rhetoric on instances I refuse to federate with, I haven’t noticed any anti-Ukraine sentiment and have seen plenty of news and updates on the ongoing situation.

FWIW, my work avatar is a sunflower field against a blue sky which is non-political on its own but looks like the Ukranian flag and has been my avatar since 2022.

Probably “copying” Apple’s iNoun naming convention?

It kinda can but not as easily.

Back when I just downloaded everything under the sun on Napster/Limewire, I’d make highly curated CDs of known-hits as well as ones where I sprinkle in some random songs that were in my downloads that I’d never heard before. Not exactly the same, but I’ve definitely listened to a CD I made and been like “what’s that song?! I love it!”.

Plus, for road trips, everyone would usually burn a CD or two of their own to swap in (a precursor to “pass the aux cord”) so there was some novelty/variety.

Nothing hits better on a drive than a good mixed CD. Even making a playlist on your phone, which is basically the same thing, is totally not the same.

Ran into a hiccup while trying to reproduce (there seems to be considerable lag between adding a domain to the filter list and the federation processes handling it), but now that I was able to reproduce it successfully, I made a bug report: https://github.com/LemmyNet/lemmy/issues/6320

Yeah, I think it was changed in Win 10 (or maybe 8/8.1?)

Finally, I’m not the only one noticing this.

I’ve long said that the moment “My Computer” changed to “This PC”, it showed how MS really thought of your computer as theirs that they so graciously allow you to use once in a while.

Granted, I don’t think the instance level URL filters were meant to be used for the domains of other instances like I was doing here. They’re more for blocking spam domains, etc.

e.g. I also have those spam sites you see in c/News every so often in that block list (e.g. dvdfab [dot] cn, digital-escape-tools [dot] phi [dot] vercel [dot] app, etc) , so I never see/report them because they’re rejected immediately.

During one of the many, many spam storms here, it was desired by admins for those filters to stop anything that matched them from federating-in instead of just changing the text to removed on the frontend. So it is a good feature to have. Just maybe applied too widely.

Though I think if a user edited their own description to include a widely-blocked URL (no URLs are blocked by default), they’d just be soft-banning themselves from everywhere that has that domain blocked.

If a malicious community mod edited their communities’ descriptions to a include a widely-blocked URL, then yeah, that could cut off new posts coming in to any instance that has that domain blocked (old posts and the community itself would still be available).

All of those would require instances to have certain URLs blocked. The list of blocked URLs for an instance is publicly available from the info in getSite API call, so it wouldn’t be hard to game if someone really wanted to. Fortunately, most people are too busy gaming the “delete account” feature right now 🙄.

The person who cross-posted it was probably definitely from your local instance.

You only ever interact with your local instance’s copy of any community, even remote ones. If the community is to a remote instance that is either offline or since de-federated, there’s nothing that prohibits you from interacting with it*. Because lemm.ee is no longer there to federate out the post/comments to any of the community’s subscribers, only people local to your instance will see it.

*Admins can remove the community and, prior to it going offline, mods can lock it. But if an instance just disappears, you can still locally interact with any of its communities on your instance; the content just won’t federate outside your instance.

I haven’t looked. Just noticed it earlier today and haven’t had time.

Lol. I guess now I gotta decide which is more annoying: Not having content from c/Books or having to deal with unwanted spillover from .ml. I don’t have the chutzpah to ask the mods to change the community description lol

Just figured this might catch other people off guard like it did me. I never would have expected the community description to be evaluated for the URL filter (only posts/comments).