Skip Navigation
terribleplan terribleplan

DevOps as a profession and software development for fun. Admin of and

Filibuster vigilantly.

Posts 30
Comments 272
Is it possible to move to another domain?
  • I think it would need to be a mechanism similar to how user moves are handled where the old thing sticks around forever but has a field that says "the new one is over here" and then the new one has a field that says "yes, I am the same as that old one". At least I think that's how e.g. mastodon handles moves of users (just the person/actor, not any of their content. AFAIK nothing in the fediverse can do something like this with anything other than a person/actor at the moment)

  • Is it possible to move to another domain?
  • The problem is the thing has already been federated. Changing the ID in the db will appear to the rest of the fediverse as new things, not as those same things.

  • What are people using for webmail software these days?
  • Snappymail is simple and awesome if you want better webmail than roundcube, I switched and didn't look back. I am also a big fan of native apps, I'm using thunderbird on my PCs and and Fair Email on Android, both of which I am quite happy with.

  • What is your machine naming scheme?
  • Laptops/desktopes: no real naming scheme, they use non-static DHCP leases anyway.

    Physical servers: NATO phonetic alphabet. If I run out of letters something has gone terribly wrong right.

    VMs: I don;t have many of these left, but they are named according to their function and then a digit in case I need more. e.g. docker1, k3s1. This does mean that I have some potential oddities like a k3s cluster with foxtrot, alpha, and k3s1 as members, but IMO that's fine and lets me easily tell if something is physical or virtual. I am considering including the physical machine name in the VM name for new things as I no longer have things set up such that machines can migrate... though I haven't made a new VM in some time.

    Network equipment: Named according to location and function. e,g, rack-router, rack-10g, rack-back-1g, rack-ap, upstairs-10g, upstairs-ap. If something moves or is repurposed it is likely getting reconfigured so renaming at that point makes sense.

  • So, this just happened -- GWAR: Tiny Desk Concert
  • Quoted because those were the first paragraphs from Wikipedia, just sucked to try to credit properly on mobile.

  • So, this just happened -- GWAR: Tiny Desk Concert
  • Identified by their distinctively grotesque costumes, Gwar's core thematic and visual concept revolves around an elaborate science fiction-themed mythology which portrays the band members as barbaric interplanetary warriors, a narrative which serves as the basis for all of the band's albums, live shows and media. With over-the-top violent, sexual, and scatological humor typically incorporating social and political satire, Gwar has attracted both acclaim and controversy for its music and stage shows, the latter of which notoriously showcase enactments of graphic violence that result in the audience being sprayed with fake blood, urine, and semen. Such stagecraft regularly leads Gwar to be labeled a "shock rock" band by the media.

    Tiny Desk Concerts is a video series of live concerts hosted by NPR Music at the desk of All Songs Considered host Bob Boilen in Washington, D.C.


  • Gitea 1.20 is released | Gitea Blog
  • I switched to Fogejo just by swapping out the image. So far gitea hasn't been malicious with its trademarks now being owned by a private company, but I feel better using software that is more closely tied to a nonprofit. I see no reason to switch back.

  • GitHub PAT in docker-compose file?
  • Pretty sure it needs to be https://$user:[email protected]/username/repo.git#branch.

  • Advantages to selfhosting a Lemmy instance?
    1. You host it yourself
    2. You can get a cool domain name
    3. It's pretty low maintenance
  • Thoughts on server/network racks?
  • I have owned and otherwise dealt with a few different Startech 4-post open racks and have been very happy with them. I currently use one of their 25U racks for my lab, but am running out of space...

  • What do you recommend to selfhost code repositories?
  • I started on Gitlab, which was a monster to run. I moved to Gitea, until the developers started doing some questionable things. Now I'm on Forgejo (a fork of Gitea).

  • Legal concerns with self-hosting
  • Yeah, all I know is that I am definitely seeing images loaded in from domains other than that of my instance as I load/scroll pages, which I want to be loaded via my instance for privacy reasons.

  • Legal concerns with self-hosting
  • I believe the Pictrs is a hard dependency and Lemmy just won't work without it, and there is no way to disable the caching. You can move all of the actual images to object storage as of v0.4.0 of Pictrs if that helps.

    Other fediverse servers like Mastodon actually (can be configured to) proxy all remote media (for both privacy and caching reasons), so I imagine Lemmy will move that way and probably depend even more on Pictrs.

  • Legal concerns with self-hosting
  • IIRC Lemmy preloads all thumbnails for posts in communities you subscribe to into pictrs to be cached for like a month or something. So, yeah...

  • If anyone is near MN MyPillow is aucioning off some server equipment
  • The servers aren't even identified in the listing as R610s (or E01S, they misread that as "EOLS"), so who knows...

  • Self-hosted lemmy without serving arbitrary federated content?
  • Lemmy has a feature/setting called "Private instance" that I think could be used to achieve this, but I think that got broken at some point because it got tied to turning federation off... not sure what the current state is but may be worth looking into.

  • plex or Jellyfin?
  • I switched from Plex to Jellyfin several years ago and haven't really looked back. Overall I just didn't like the direction plex kept going (pushing shit streaming services, central auth, paywalling features), and dropped it even though I grabbed a lifetime plex pass back in the day. The only thing I miss about plex was the ease of developing a custom plugin for it since you could pretty much just drop python scripts in there and have it work, though their documentation for plugin development was terrible (and I think removed from their site entirely).

  • Would there be any benifit to host another instance?
  • I run my own for myself and some friends who don't really use it. If you are interested in doing so I say give it a shot.

  • Do you have perticular reason for choosing Tailscale over ZeroTier or vice versa?
  • I love tinc, it's so simple. I wish there were something just as easy that leveraged wireguard instead of whatever custom VPN/tunneling stuff tinc uses, as using it scares me with how seemingly little maintenance tinc gets. Like if tailscale/headscale and tinc had a baby, haha.

    Is there a way to run tinc on your phone or similar? To me that's another bonus of tailscale at least.

  • Has lost its domain name?
  • Docker isn't super necessary, there are some scripts out there that hide a good bit of how it works like the official ansible playbook or lemmy-easy-deploy.

    I use docker to easily run many pieces of software in isolation from each other, it's like VMs if you're familiar with those, but different in some key ways that don't really matter for this discussion.

  • Trial and Delight || CheckPoint 513

    A checkpoint? From Mk. VI? And they mention the fediverse? (Well, Mastodon at least). It must be Christmas.


    Lemmy Security Vulnerability - Cross-Site Scripting via post URL's.

    I tried what another user reported and it worked. I submitted a github issue as the security email seems to be unmonitored based on me trying to contact it (regarding a different issue) for over a week now.

    Be careful about links you click in Lemmy, I guess.

    cross-posted from:

    > What is XSS? > > Cross-site scripting (XSS) is an exploit where the attacker attaches code onto a legitimate website that will execute when the victim loads the website. That malicious code can be inserted in several ways. Most popularly, it is either added to the end of a url or posted directly onto a page that displays user-generated content. In more technical terms, cross-site scripting is a client-side code injection attack. > > > Impact > > One-click Lemmy account compromise by social engineering users to click your posts URL. > > Reproduction > > Lemmy does not properly sanitize URI's on posts leading to cross-site scripting. You can see this working in action by clicking the "link" attached to this post on the web client. > > To recreate, simply create a new post with the URL field set to: javascript:alert(1)// > > Patching > > Adding filtering to block javascript: and data: URI's seems like the easiest approach.

    The Ramblings of an Admin terribleplan

    Do not click this link.

    Lemmy is vulnerable to javascript: links, see this post for more details.


    Crab Champions || Crossing the Streams 2023-06-19

    Crank up "Crab Rave" and put your claws in the air, but with guns in them.

    Videos terribleplan

    How to Protect Your Computer from Getting Shot by an MBT

    Can't sleep, time to rewatch this video and others like it.


    LRR Twitch Stream Highlights 2023-06-24

    I was a bit distracted with the whole LRRMans thing, have some highlights.

    Saved You A Click terribleplan - Why is a millennium old fossilised human poop on display at the Archaeological Resource Centre in the UK? | because it "may be the largest example of fossilised human faeces ever found"

    Apparently someone on feels the need to make clickbait out of a very short wikipedia article. And they didn't even answer their clickbait in the post body. smh.

    For added fun seemingly breaks the Lemmy UI, indicating that the community lives for some reason.

    > Created: 9th century

    > "This is the most exciting piece of excrement I've ever seen ... In its own way, it's as irreplaceable as the Crown Jewels"

    Saved You A Click terribleplan

    Scientific American - Is Fukushima Wastewater Release Safe? What the Science Says | probably Is Fukushima Wastewater Release Safe? What the Science Says

    Radiation in water from Fukushima will be diluted to almost background levels, but some researchers are not sure this will be sufficient to mitigate the risks

    The operator of the plant is confident it is safe, some say there are other risks that make not releasing the wastewater worse, most opposition is limited to saying hasn't been enough study, one scientist in particular says it is unsafe. We'll see what ends up happening later this month.

    > “a lack of adequate and accurate scientific data supporting Japan’s assertion of safety”.

    > “The risk of another earthquake or a typhoon causing a leak of a tank is higher, and they’re running out of space.”

    > “The concept of dilution as the solution to pollution has demonstrably been shown to be false, [...] [t]he very chemistry of dilution is undercut by the biology of the ocean.”

    > “I think it is important to evaluate the long-term environmental impact of these radionuclides,”

    > “We have confirmed that the tritium concentrations in the bodies of marine organisms reach equilibrium after a certain period of time and do not exceed the concentrations in the living environment,” [...] The tritium concentrations then decrease over time once the organism is returned to untreated seawater.

    > The IAEA [...] is expected to release a final report on the site and the plan for the wastewater release later in June.

    NrdLi terribleplan

    How to use Lemmy

    Lemmy 101

    A (hopefully not as complicated as the others) introduction to Lemmy

    How do I sign up?

    > Notice: Spam campaigns targeting Lemmy providers are already happening, so we are currently requiring manual approval. Please cut me some slack, I need to sleep occasionally.

    1. If you are viewing this post then that likely means you are on a Lemmy instance already. This post was originally hosted on, a community welcoming anyone who is nerdy about something.
    2. Click Sign Up in the top-right-most corner.
    3. Fill out and submit the information.
    4. Done!

    You have just signed up to Lemmy. Congratulations, welcome to the club. At this point, you should click the name of the provider you're on (at the top-left-most part of the registration page) and bookmark it to your browser. This is where you will be browsing Lemmy from now on. Now you will need to wait for the admin (me) to approve your account, this will likely take less than 24 hours, and usually closer to an hour or two.

    So, what about them federation business I've heard so much about?

    Beyond a few basic quirks, you don't need to care about it yet. That's for Lemmy 102, eventually.

    • Your account is bound to the provider you signed up to. You will only be able to log into it from that place, and that place alone. This is why I recommend bookmarking it.
    • Your provider is not omnipotent, and occasionally needs to be taught about communities and content, especially if it is a new or small one. Read on below on how to do that.
    • You are not limited to content hosted on your own provider. This is the hardest part to grasp so just roll with it even if you don't know what I mean by that yet.

    So, how do I find communities/subreddits/sublemmies/PEOPLE TO TALK TO

    1. Go to
    2. Click the home icon at the top-right-most part of the website, and enter in the provider you signed up with.
      • It should auto-complete and light up green.
    3. Browse the list and click on the names of the ones you find interesting
    4. Click the Subscribe button on the sidebar to add them to your homepage.

    It can't be this easy, right?

    For 90% of cases, it really is this easy. It's the last 10% that's gonna bring your trouble.

    Lemmy just had a big bang of activity and every single admin and developer is running around with their hair on fire, so there will be quirks you will encounter in day to day usage.

    For example:

    I clicked subscribe but nothing happened

    Click it again. If it says Subscription Pending it means you're subscribed.

    Lemmyverse says there are posts but it's a ghost town in here when I open it

    This means your provider just learned about the existence of that community. If you subscribe to it, it will fetch future posts and make it not a ghost town to the people after you. It will not fetch past posts because technical reasons.

    I get 404: couldnt_find_community when I click on a community

    Oh boy, here we go. This is the most complicated thing you will need to do.

    This means your provider does not know about the existence of that community. If you want to subscribe there, you'll have to first teach your provider about it.

    1. On the Lemmyverse website, each community has an additional part under their name that starts with an exclamation mark and [email protected]. Click it to copy it.
    2. Go to your provider's home page.
    3. Click the little magnifying glass at the top-right-most corner.
    4. On the search bar, paste this identifier you just copied.
    5. Search for it.
    6. Ignore it when it says there are no results found. That's a lie.
    7. If it doesn't show up within 10-20 seconds. Search for it again.
    8. It should show up by now.

    Going through this is tiring, yes. But after doing it once, your provider will, in most cases, remember it for anybody else in the future.

    I clicked on a link and it logged me out so now I can't reply/upvote/subscribe

    1. Remain calm.
    2. Copy the URL of the page you are in right now.
      • If you're on the home page of a community, that exclamation mark identifier will be at the sidebar just below it's name. You can take that and use the instructions in the previous section.
    3. Go to your provider's home page.
    4. Click the little magnifying glass at the top-right-most corner.
    5. On the search bar, paste the URL you just copied.
    6. That post/comment/community should pop up in the search results.

    Ok, I got the post but the comment I want to reply to is not there

    1. Yeah, this is getting pretty absurd I know. Growing pains and all
    2. On the comment, there will be this rainbow colored star badge somewhere next to the author's name. Right click it and select Copy Link
    3. Proceed with the above instructions using that link.

    I clicked a link and everything is different and I can't find any of these buttons you are talking about

    Scroll to the very top of the page. Is the strip at the top of the page a dark blue/purple-y color or white/black

    If it's purple-y, you stumbled your way onto kbin instead of Lemmy. That's a different thing.

    If it isn't... I got no clue, sorry.

    I want a mobile app

    All of them are under-baked and have missing features at the present. But if you really want to, you can try Jerboa for Android, and Mlem for iOS.

    You will need to adapt parts of this guide to how the apps work (in particular, where the search box is).

    Any more quirks I need to keep in mind?

    • In your settings there is a box for preferred languages. DON'T TOUCH IT
      • I am serious. You will lose access to half the content in the entire network in one fell swoop. Nobody tags languages correctly.
    • Occasionally submit buttons will start loading infinitely. This may or may not mean whatever you were trying to submit may or may not have happened. Nobody knows. If it keeps spinning for more than 10-20 seconds, just go back to where you tried to post/comment and pray it worked.
    • Hot and Active sorts are broken. Use something like New Comments or one of the Top sorts instead.
    • Sometimes posts will change under you. If you're writing a long reply, double check to make sure the post you're replying to haven't switched out to something unrelated.
      • This is (I believe) the result of a stupid decision that is fixed by the newest yet unreleased version of Lemmy.
      • That same fix will also disable other live update behavior, which causes much more issues than it solves.

    Any more non-quirks I need to keep in mind?

    • Some providers disable downvotes, some do not.
    • Some providers disable community creation, some do not.
    • Expect providers to go down and up and slow down and speed up and run out of money and start begging for donations as more and more people join in and start posting.
    • Expect inter-provider drama, which may result in providers cutting each other off.
      • This is also known as "defederating". Which is both a blessing and a curse.
    • There is no way to transfer your account between providers.
    • You should not need to create accounts on more than one provider unless there is a specific reason to do so (e.g. if your account is on a provider that's defederated from a large one)
    • This entire document is a massive oversimplification

    All of this apply as of June 20, 2023. Hopefully the future is brighter.


    If you have an account you can post in the comments and I will be notified, and will do my best to help however I can.


    This is a slightly modified version of this wonderful document by @[email protected]

    Videos terribleplan

    Transient Hazards: Explosion at the Husky Superior Refinery

    The USCSB does some great animations. Their new intro is radical as well, right up until they use a Red Tailed Hawk's call instead of an actual Bald Eagle's.


    Scryfall Roulette 3 || TTC 463

    On today's episode of Tap Tap 100...

    The Ramblings of an Admin terribleplan

    On LLM content

    Comments are welcome and appreciated, especially from members of NRDLemmI. For fun here's an (edited) ChatGPT TL;DR:

    • These guidelines try to balance the benefits of LLMs against negative impacts on communities.
    • Follow the rules of the communities and instances you participate in, including rules regarding LLM content.
    • It may be reasonable to seek clarification or leave a community, but don't continue violating rules and don't argue.
    • If you primarily sharing your own thoughts and use an LLM for editing or other assistance, most of this is unlikely to be an issue.
    • Sharing an unedited/unreviewed response solely generated by an LLM adds little to the conversation and is likely to be an issue.
    • Users employing LLMs are welcome on NRDLemmI, but if consistent rule violations occur on other instances, bans or other actions may be necessary.


    The landscape of LLMs and other AI tools is constantly evolving, and the technology will likely never be worse or more inaccessible than it is right now. Regardless of your personal opinions on these tools, they will certainly have an impact on NRDLemmI as well as the broader fediverse. As with many of the decisions I am making regarding how NRDLemmI will run, I hope to strike a balance between the benefits of LLMs and negative impacts the content LLMs generate can have on communities.

    This approach will not be perfect. It will need to evolve alongside the tools and alongside the fediverse itself. The most important thing is that everyone here understand our approach and the reasoning behind it.

    The rules here

    NRDLemmI does not currently have a specific rule against posting content generated by AI/LLMs; however, there are two existing rules that are relevant to the decision-making process when addressing reports or complaints about such content.

    > 3. Don't do things to adversely impact federation with other servers.

    > 6. Respect the rules of the communities in which you participate.

    I may elaborate further on the reasoning behind these rules later. For now, it's important to understand that these rules aim to strike a balance between free speech and the ability of our instance's users to participate in the broader fediverse (As well as limiting legal or hosting-related consequences, as that would impact both).

    Rule 6 can be seen as a corollary to rule 3, as multiple rule violations within external communities could potentially lead to our instance being blocked from federating with those external instances.

    The rules elsewhere

    Regardless of what you are posting, it is essential to be mindful of and do your best to follow the rules of the community and instance you are participating in. This is particularly crucial when posting potentially inflammatory, self-promoting, or LLM-generated content. Specifically, when posting LLM content, be sure to check the sidebar of both the instance and the community for:

    • Specific rules regarding the use of LLMs
    • Rules against "low-effort" content or comments
    • Rules against spamming
    • Rules requiring citations

    If there is a specific rule either for or against the use of an LLM, the answer is straightforward: do not post LLM generated content there. If the rule pertains to any of the other points mentioned, it is up to you to determine whether the mod/admin will view the LLM-generated content as a violation.

    When you break the rules

    Let's suppose a mod/admin takes action against your post. Was the rule clear? If so, you deserved the consequences, as you shouldn't expect to go unnoticed. If the rule was ambiguous or subject to interpretation, the mod/admin's action indicates how they interpret the rule. In such cases, it is perfectly reasonable to:

    • Stop posting or commenting in the community.
    • Leave the community and/or instance.
    • Apologize.
    • Feel sad and/or angry.

    In certain situations, it may also be reasonable to:

    • Seek clarification to better follow their rules in the future.
    • Share your interaction elsewhere, as long as it's not intended/likely to cause brigading or other retributive acts.

    It is never reasonable to:

    • Continue posting LLM content that is likely to violate their rules.
    • Argue with or harass the mod/admin.
    • Complain to the instance's admins about the mod enforcing the community rules.
    • Complain to your admin about an admin on a different instance.

    My interpretation of the "gray area"

    If your post consists primarily or entirely of your original thoughts and you use an LLM only for editing, phrasing, grammar, or to reduce the level of detail, mods/admins are unlikely to have an issue with it. Likely they won't be able to tell that an LLM was involved, just like they can't tell Grammarly or Spelling/Grammar checkers were involved. The thoughts and knowledge remain your own or, at the very least, represent something you researched while writing your post. In this case, you might even be able to bend the rule against LLM content since you're sharing your content with only assistance from an LLM.

    However, if you instruct the LLM to "Write me a comment refuting this post: [post text]," the thinking and opinion belong to the LLM rather than you. Sharing a response you didn't write adds little value to the conversation since you won't be able to further engage. Additionally, longer LLM-generated posts, especially on narrow topics (where they likely don't have much/up-to-date/good training material), often have a discernible "uncanny valley" quality and can be easily identified.

    Contrast this with a situation where someone shares an article written by another person that refutes a post. If someone comments, saying, "Sarah Whatshername wrote an excellent response to this, where she mentioned that [...some info/quotes/whatever...]. I think it's worth reading before fully embracing this viewpoint," they are appropriately crediting the author, highlighting relevant parts of the author's opinion, and, if possible, providing a link to the source.

    How to avoid sticky situations

    If things you post are repeatedly reported as LLM-generated, it suggests that you may be leaning toward misusing these tools, and action may be necessary. If it becomes apparent that you lack expertise in the discussed topic (which should be evident to the mod of a community focused on that subject), action may also be required. However, if someone says, "I heard [X], is it true?" or approaches a topic they are unfamiliar with in a curious and constructive manner, it is less likely to warrant action even if an LLM is somehow involved.

    In general, if someone wants to know what ChatGPT/LLaMA/Bard/whatever "thinks" about a post or how it would refute it, they will ask that thing for a response. Simply regurgitating its answer, particularly when you lack the expertise to assess its quality or accuracy, at best contributes little to the conversation.

    When things get sticky on this instance or in communities I moderate

    Users employing LLMs are welcome on this instance and in any of the communities I moderate, as long as human thinking remains the primary driver. If someone's posts start receiving reports (especially if admins threaten to block my instance), I will review the user's posts and comments then engage them in a conversation covering the topics mentioned above. If, as a result of this discussion, the user consistently fails to comply with community rules on other instances or refuses to adjust their tool usage appropriately, they will be banned from the community/instance.

    NrdLi terribleplan

    NRDLemmI will require captcha until further notice. ❗️Admins: REQUIRE E-MAIL VERIFICATION OR A CAPTCHA FOR REGISTRATION - NRDLemmI

    It is currently possible, through Lemmy’s API, to create accounts automatically and without limit if verification by email address or captcha is not activated. I’d advise you to activate one or both of them NOW! After registering x number of accounts (currently I could do thousands), all you have to...


    Apparently Lemmy's user creation API is wide open, making it trivial to make accounts en-masse. This should not be a huge issue as this instance requires an application to be filled out to create an account.

    To reduce likelihood of such accounts being made and overwhelming my ability to review applications captcha will be enabled until this issue is fixed. The difficulty is currently set to "Medium", which may be adjusted.

    I am guessing this will be fixed in the upcoming 0.18 update which has several significant changes, some of which may require some downtime to apply. Details of what that update entails are currently not clear, including the timeline for its release.


    Restructure the Hugpile || CheckPoint 512

    Yay, an early CheckPoint! Let's hope heather takes an early lunch more often!


    Ravnica Allegiance || Crack-A-Pack - June 13, 2023

    Wow, RNA came out in Jan. 2019... Time has been wonky...


    Local Nonsense || Crapshots Ep740

    The names have been changed to protect the unusual. Crapshots will return in August.

    Saved You A Click terribleplan

    Slate - Here’s How Many Years in Prison Trump Would Be Facing if He Were Treated Like Any Other Defendant | 12.5 to 22

    > For a defendant with no prior criminal convictions, an offense level of 37 yields 210 to 262 months (17 1/2 to almost 22 years). A defendant who accepted responsibility could reduce that range to 151 to 188 months if the prosecution agreed to deduct the third point.


    Lord of the Rings: Tales of Middle-earth Pre-PreRelease

    As solidly indifferent as I am about the new LotR set, it's still fun watching entertaining people playing a game I enjoy.

    Videos terribleplan

    Five historical Gems around Manchester & Salford

    Watching someone exploring the industrial history of a place I will likely never go is surprisingly interesting.