Debian is already noiriously lagging behind latest package versions (that’s how they make it so stable : they freeze all package versions when they release a new version of Debian, and only backport security fixes).
Either your AI was trained before Debian 13 came out, or it is giving you really bad advice. I can’t think of a single good reason to use an older Debian for a fresh install…
What’s failed about their newest release ?
I’ve been in a similar situation, and I’m also blocking large ranges of IP addresses in addition to running Anubis in front of my most scraped services (Git/forgejo and Lemmy)
I came up with a hacky python script that watches my fail2ban logs, counts bans for IP ranges going from /28 to /8, applies some heuristics (based on range size n and how offending IPs are split between the 2 /(n+1) subranges) I came up with to detect ranges that should be blocked, the issues a log line that is picked up by fail2ban to manage bans of increasing length on récidive.
It’s quite contrived and I often fear it will be too agressive and block something I rely on, but it has been working really wellin my experience.
It will initially block a lot of small ranges, but over time the ranges will grow larger. Smaller ranges having a lower threshold helps it block only the narrowest ranges needed, which gives some time for larger ranges that contain them to drop out of fail2ban’s watchlist.
I should clean up this mess and make it a git repo, maybe even try to have it merged in fail2ban
I think your post is missing a link
The ISP would only see “encrypted video call”-like traffic between you and the people who connect to Tor through your snowflake.
How/why would a VPN be useful for this ?
This lets people use your computer as an entry point into the Tor network and camouflage the traffic as a video call between you and them (if the regular, publicly known, entry nodes are blocked by their ISP or gouvernement). The snowflake extension will then forward people’s traffic through the Tor network, and services they use will only see a tor exit node’s IP, not yours. As long as you trust Tor to be secure and anonymous (I personally have very high trust in its guarantees), you don’t have to worry about legal consequences or being blocked by services.
I used to run a few (public) tor relays (entry or middle nodes, not exit ones), including one from my home network and IP. Never had any issue except for one service which blocked everything that had anything to do with Tor. I reached out for their admin, who claimed Tor users can show up with any node’s IP (which they definetly can’t, only exit nodes will forward traffic to the regular internet)
I thought funkwhale is dead
Edit: last time I checked, the funkwhale.audio website was offline and I could not find a maintained Git repo, but now the site is online and the Git repo has had recent updates. I don’t know what happened
I don’t know about other homeserver implementations but synapse kinda sucks. It used to randomly eat 100% of 1 or 2 CPU cores (including the database) until I tracked it down to 3 rooms having a messed up state which caused costly SQL queries. I removed the rooms from my server (using a third party admin panel because there’s no proper admin GUI built in, the documentation just mentions curl commands to hit the admin API, with placeholders to manually replace). It has been fine since I did it, but I’m the only user on my server. And I expect other issues to come up at any time…
It also eats a lot of storage, mostly the database. It grew very large quickly, but it’s more stable now
I found out about it while making a Jekyll plugin, the speed improvement is really noticeable
ImageMagick does the job but can be slow. libvips is à faster alternative
Reading the parts of the original report that are shown in the article, it gives me “AI-generated” vibes. Especially the part at the end, where they list other subreddits the user engaged with : this section feels so unnatural and irrelevant to the broader report
Knowing how much this administration loves AI, this seems plausible to me that these reports are auto generated, either from a human flagging specific posts, or from an automatic flagging system
Systemd abstracts so much stuff away that it does not feel like learning Linux “from scratch” :/
(I like having it in my daily driver, but it’s sad LFS had to drop support for a “lower level” init system)
This thread was a fun read. The part where the author tries covering up their BS with force pushes is so messed up…
Looks interesting, but after reading through the readme, I still clueless about the gameplay. Why does it need a container ? Is this some kind of security CTF with a story ?
MAC addresses are only visible on a LAN
This is neat. I’ve intercepted trafic from a few apps in the past, and whenever cert pinning was enabled it was a massive pain to deal with
Blocking or allowing domains should not mess up SSL. Is there anything else filtering or intercepting the trafic ?
I usually have Debian on all my servers for stability, and run almost everything inside containers for convenience. The few things that run directly in Debian are nginx for reverse proxying to container services, fail2ban+firewall, and wireguard for everything that moves data between servers/computers/devices I own