Are there any paid services for either Lemmy or Mastodon? Something where, given it is a subscription service, you would expect them to stick around long-term?

  • @daq@lemmy.daqfx.com
    link
    fedilink
    English
    11 year ago

    I didn’t read the story about how exactly he lost the jwt, but is it still as big of an issue since 2fa was introduced?

    I guess existing jwt hashes will bypass 2fa, but I’m not super worried since my instance has 3 users.

    • @skadden@ctrlaltelite.xyz
      link
      fedilink
      English
      11 year ago

      2fa was in at the time. IIRC the jwt was granted after 2fa so it didn’t matter.

      You’ve got a point though, small instances aren’t gonna be nearly as useful as a giant one to threat actors. Assuming you don’t give them a reason to go after you specifically they wouldn’t have a reason to target such a tiny server.

      Still though, I don’t need that shiny A next to my name so I’m good with how I have it set up.

      • Skankhunt42
        link
        fedilink
        English
        11 year ago

        You could really mess with people and use admin@ctrlaltelite.xyz but not have it as the admin account. hah. You host it at home or out “in the cloud”? Curious what others do.

        I have a couple VPSes for my Tailscale exit nodes and one as an ingress/proxy for my selfhosted stuff at home. They’re all super cheap and have unmetered* network connections. Kubernetes on some PIs and Lenovo tinys support all my services at home.

        • @skadden@ctrlaltelite.xyz
          link
          fedilink
          English
          11 year ago

          I have this one on a Hetzner server that runs me like $6/mo. I’m not comfortable with the federated nature of things potentially putting CSAM or other illegal content on disk in my home.

          I use tailscale so I can still hit my internal (at home) git repos and all that. The rest of my stuff is all hosted on an old gaming PC I turned into a Proxmox host that sits in my spare bedroom. Of those services, I only expose like 3 things to the outside world. Nextcloud being the main one. I don’t route it through my VPS, just proxy it through cloudflare.