Are there any paid services for either Lemmy or Mastodon? Something where, given it is a subscription service, you would expect them to stick around long-term?

  • daq@lemmy.daqfx.com
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    I did the same thing for the same reason. Admin approval for everything and I’m the only admin. Basically a personal instance for me and my friends if they’re too lazy to host but want to try Lemmy.

    • skadden@ctrlaltelite.xyz
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      Exactly. I went one step further and decided not to use my admin account as my main. I don’t run around as root on servers so I try not to do that with apps. It’s easier with Lemmy because once it’s set up all the admin tasks hit my email.

      I also wanted to avoid that vulnerability that hit Lemmy World a few weeks ago that was only possible because the server admin got their jwt stolen, which wouldn’t have been so impactful if they weren’t on the admin account.

      • daq@lemmy.daqfx.com
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I didn’t read the story about how exactly he lost the jwt, but is it still as big of an issue since 2fa was introduced?

        I guess existing jwt hashes will bypass 2fa, but I’m not super worried since my instance has 3 users.

        • skadden@ctrlaltelite.xyz
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          2fa was in at the time. IIRC the jwt was granted after 2fa so it didn’t matter.

          You’ve got a point though, small instances aren’t gonna be nearly as useful as a giant one to threat actors. Assuming you don’t give them a reason to go after you specifically they wouldn’t have a reason to target such a tiny server.

          Still though, I don’t need that shiny A next to my name so I’m good with how I have it set up.

          • Skankhunt42@lemmy.ml
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            You could really mess with people and use admin@ctrlaltelite.xyz but not have it as the admin account. hah. You host it at home or out “in the cloud”? Curious what others do.

            I have a couple VPSes for my Tailscale exit nodes and one as an ingress/proxy for my selfhosted stuff at home. They’re all super cheap and have unmetered* network connections. Kubernetes on some PIs and Lenovo tinys support all my services at home.

            • skadden@ctrlaltelite.xyz
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              I have this one on a Hetzner server that runs me like $6/mo. I’m not comfortable with the federated nature of things potentially putting CSAM or other illegal content on disk in my home.

              I use tailscale so I can still hit my internal (at home) git repos and all that. The rest of my stuff is all hosted on an old gaming PC I turned into a Proxmox host that sits in my spare bedroom. Of those services, I only expose like 3 things to the outside world. Nextcloud being the main one. I don’t route it through my VPS, just proxy it through cloudflare.