But lemmy doesn’t use “plain json”, it annotates some fields with the schema, just not all of them, which makes it a mess. You either do json-ld proper, or you don’t do it at all.

no Federation with instances that use altered versions or proprietary versions of AP.

It’s especially funny given (the last time I checked) neither kbin nor lemmy actually followed the spec properly. They ignore the jsonld requirements and resort to field names, that, by the spec, should be dropped.

I can easily imagine the future where “good” instances will then stop federating with the ones that don’t have threads blocked, all thanks to these lists.

isn’t threads already several times larger than the whole of the “fediverse”?

In iOS 13 or later and iPadOS 13.1 or later, devices may use an Elliptic Curve Integrated Encryption Scheme (ECIES) encryption instead of RSA encryption

(from apple docs).

If you’re curious about it all, I’d suggest studying some notes from the protocol researchers instead of taking to the pitchforks immediately. Here’s one good post on the topic.

FWIW Sourcegraph chrome extension adds a neat “open in Sourcegraph” to github pages and SG is just superior. Why would you use Github’s mediocre search either way ¯\_(ツ)_/¯

Regarding firewall stuff, disable it on your machine and you are fine.

How do you know OP doesn’t have a bunch of unsecured services sticking out into their LAN ready to be a target for the next cryptolocking scam?

Slightly sarcastic, but yeah, OP, do not just turn your firewall without understanding pros and cons of doing such. At the very least, see what your server exposes to the network (ss -tunlp will give you a good starting point), and see if there’s nothing unexpected in there that might be abused.

IANAL and you really should ask a lawyer about this. The answer very much depends on your work contract and country of residence (the latter due to the fact that some generic contracts’ statements might be legally unenforceable in specific jurisdictions).

I’ll throw in a random fact: the contract might say that whatever you write as a programmer is still company’s property even off the clock and it will be legal in some US states.

I went looking into how that works, and, apparently, tailscale adds individual node routes (in table 52). So yeah, you have very low chances of getting into trouble even if you have an interface with 100.64/10.

Yeah, you’re absolutely correct. I misread that thinking OP would have the CG NAT endpoint and taikscsle on the same physical device, which, I still think, would be a problem: you’d have two interfaces for 100.64.0.0/10. But if CG NAT terminates on the modem and you run taikscale on devices connected to it them there’s surely no issue at all.

Sorry, I meant the OPs modem.

I’m actually not sure you can easily get tailscale up and running om such as a setup as it uses the same cgnat ip range.

Not an answer, but a clarification. You seem to be messing up two things. DoH is basically encrypted DNS, i.e. no one other than your DNS provider can see what domains you ask for. It’s orthogonal to ad blocking; there are various service that provide one, or another, or both.

With public keys the attacker can encrypt the message for you, but only you can decrypt it, still.

Streaming JSON parsers are a thing, e.g. pdjson for C. It’s, of course, a different approach and it’s generally slightly trickier to work with those, but that’s what you would use of you have unbound document size and you can process it in chunks.

Hetzner machine in that article is bare metal. It’s much harder to extract the certificates from a running server without anyone noticing.

Unreal Tournament and Deus Ex both come to mind. Alexander Brandon was involved in both and his work is absolutely amazing.

If we talk specific singles, though, it’s Morrowind (Nerevar Rising), Control (Take Control), and, recently, Baldur’s Gate 3 (Raphael’s Final Act). Morrowind’s tune is so ingrained in my mind that it’s my to-go whenever I get my hands on a keyboard.

That’s somewhat similar to how apple private relay works.

iOS 17 installs on a 5 years old iPhone though. I don’t think that’s an unreasonable window of deceives supported.

I wouldn’t quite call Lemmy’s protocol much friendly either. I’m trying to implement it and it’s a bit of a mess, honestly. There’s absolutely no documentation, private database specifics leaking into the public interfaces, and an absolutely horrendous authentication scheme.