Looks like a small release, but has some IMO pretty interesting changes, like

Allow users to view their own removed/deleted communities

and

Add backend check to enforce hierarchy of admins and mods

True. I really wonder why they’re not tackling the issue more. It seems that there are several different areas to adress, from farming to industry to vehicles.

The “more toxic than ever” part seems to be based on subjective opinions, not on data.

You can trim it even further:

https://www.amazon.com/dp/B0B6HKB3JF/

For a start, try hosting something in your own home. A raspberry or an older PC or laptop should be enough.

My first projects were a print server (so I can print via wifi) and a file server. Try to find something that is useful for you.

Only start hosting on the internet when you’ve learned the basics and have more experience.

It seems like a tedious workflow, but the end result is quite good.

Interesting. What is tge reasoning behind only fetching the comments vs. a full fediverse integration?

I think counting fediverse users is about as difficult as counting e-mail adresses.

If you vote, post or comment, you count as active user.

They should have split it so both of them can enjoy at least 50% of it.

I agree, but I understood this question in the context of a homelab.

And for me, a homelab is not the right place for a public website, for the reasons I mentioned.

No, with these reasons:

• Bandwidth isn’t plenty
• My “uptime” at home isn’t great
• No redundant hardware, even a simple mainboard defect would take a while to replace

I have a VPS for these tasks, and I host a few sites for friends amd family.

Just one open source example … freeradius has an option to log passwords:

log {
    destination = files
    auth = no
    auth_badpass = no
    auth_goodpass = no
}

Or another example: The apache web server has a module that dumps all POST data, with passwords, in plain text:

mod_dumpio allows for the logging of all input received by Apache and/or all output sent by Apache to be logged (dumped) to the error.log file. The data logging is done right after SSL decoding (for input) and right before SSL encoding (for output). As can be expected, this can produce extreme volumes of data, and should only be used when debugging problems.

I don’t agree that this is “absolutely malice”, it could also be stupidity and forgetfulness.

This is not about facebook not hashing credentials, it is that they appeared in internal logs.

Facebook is probing a series of security failures in which employees built applications that logged unencrypted password data for Facebook users and stored it in plain text on internal company servers.

Source: Krebs on Security

It’s quite obvious from the context

sadly not really

Lemmy alone has about 50k active users.

Source: Join Lemmy

You’re right, Google released their vision in 2023, here is what it says regarding lifespan:

a reduction of TLS server authentication subscriber certificate maximum validity from 398 days to 90 days. Reducing certificate lifetime encourages automation and the adoption of practices that will drive the ecosystem away from baroque, time-consuming, and error-prone issuance processes. These changes will allow for faster adoption of emerging security capabilities and best practices, and promote the agility required to transition the ecosystem to quantum-resistant algorithms quickly. Decreasing certificate lifetime will also reduce ecosystem reliance on “broken” revocation checking solutions that cannot fail-closed and, in turn, offer incomplete protection. Additionally, shorter-lived certificates will decrease the impact of unexpected Certificate Transparency Log disqualifications.

Sorry, I understood you wrong. You’re right!

Nothing of value was lost when EV certificates disappeared.