If enough conservatives cross the floor, maybe Canadians will recognize the Liberal party as the progressive conservative party it is and let the NDP own the left.
This absolutely. Anyone who actually wants open registration will be configuring their own SSO or whatever backend. The default should be safe for testing and/or hobbyists.
Any time you have a server willing to process random data uploaded from randos, just expect it to be compromised eventually and prepare for the eventuality by isolating it, backing it up religiously, and setting up good monitoring of some sort. Doesnt matter if its a forge, a wiki, or like nextcloud or whatever. It will happen.
We also have COW filesystems now. If you need large datasets in different places, used by different projects, etc, just copy them and use BTRFS or ZFS or whatever. It wont take any space and be safer. Git also has multiple ways of connecting external data artifacts. Git should by default reject symlinks.
Theres a HUGE difference between hosting it essentially read-only to the world, vs allowing account creation, uploading, and processing unknown files by the server.
I have thought of blocking access to the commit history pages at the reverse proxy to cut off 99% of the traffic from bots. If anyone wants to look at the history, its just a git clone away.
You can git pull a repo to your machine, make your changes and then use git to submit a patch via email. Its not pretty, but it works. Hopefully federation is built soon and you will be able to submit a pull request from your own forge.
While good, network security isnt the issue. Its running a web service with open registration allowing randos to upload content that gets processed by the server.
Throw this up on a dedicated $5 VPS and you still have a problem. The default should be manual registration by admins.
Yep. First austerity, then a populist con man will show up promising to fix everything that was broken by 40 years of neoliberal pain, but will happily do even more.
Its always code forges and wikis that are effected by this because the scrapers spider down into every commit or edit in your entire history, then come back the next day and check every “page” again to see if any changed. Consider just blocking pages that are commit history at your reverse proxy.
I do exactly this, but it doesn’t protect your privacy. That one IP address is literally tied to your credit card number and you are the only person using it.
Small scale version. I heard from some kids that they wanted to play Roblox at school. IT had blocked it on the Wifi. The kids advice to each other was “go on the play store, search VPN, and install whatever one is free.” - IT absolutely isn't making those kids safer.
They are only interested in retail, anonymizing VPNs. If you spin up your own VPN you are still 1:1 linked to that IP address. If you use a work VPN, they fully track everything. The anonymizing ones that dont track users and share an IP between many users are a threat to mass surveilance.
These laws tend to effect any company that does business in the state or country. Any commercial service or company wanting to make money from UK customers will be required to implement the VPN block for all their customers.
Curious, they have been putting ads on the sticker on bananas like this since the 90s ish.