not quite neckbeard, but…

get this man on a goddamn ballot somewhere.

1,776

oh, ffs! this is just beyond “the twilight zone” levels of stupiid now. everything is a brand.

But when fascism comes it will not be in the form of an anti-American movement or pro-Hitler bund, practicing disloyalty. Nor will it come in the form of a crusade against war. It will appear rather in the luminous robes of flaming patriotism - John Thomas Flynn As We Go Marching

its not, really. and its something you get used to and come to appreciate.

the city analogy is a great one - every town has its own flavor. many towns build roads (federation) between them so all inhabitants can easily travel to each other… as a city.

some towns self-isolate or are isolated from other towns (defederated) for all sorts of reasons and, if you want to see what they have to offer, you can set up a house directly in that town or another town with a road to (federated with) that town. it really does allow some very cool places to thrive - like the internet was before it was purchased.

lemmy{dot}.world chooses to keep things pretty… bland? thats their right, but there is quite a bit of quality spiciness out there if you have a house in a well connected (widely federated) town or decide to set up a few additional houses in some of the more exotic towns.

does anyone have a federation graph up and running right now? should be easy-ish based on instance published federation lists.

small pond :-(

big fish :*)

p.s.

It’s one step up from a single-player game.

I gotta remember to steal that!

“I think the audience of receptive Republicans is a lot bigger than what most folks would think in the Republican party,” Duncan said. “It’s not fun to have to defend Donald Trump.”

W.T.A.F?!

any time I think there just might be some minor redemption for these ghouls, their inner bootlicker congeals and oozes out of their putrid, flapping face-hole.

why did you defend this narcissistic, child raping, snake-oil pimping, murderous megalomaniac in the first place? it certainly wasn’t fun for any of his victims for decades and isn’t fun now. fuck all the way off, you useless sycophantic piece of shit.

at jpeg quality level 1 everything is a donut.

no. I will call it what it is and shame anyone who uses weasel words to excuse the butchery of entire groups of people.

fuck anyone to hell if they choose to do otherwise.

agreed. you are using DNS-01 challenges. so the workflow is…

your local certbot machine initiates an https connection to the letsencrypt servers to start the DNS-01 challenge. during this HTTPS dialog, your local certbot is informed of the key material to insert into your DNS records. your local certbot then modifies your netcup DNS server (hosted remotely, not on your local network) with the keying material and the letsencrypt servers verify that the keys are actually there, proving that you control the domain. the letsencrypt serves then issue you the certificate (again, via HTTPS) and your local certbot stores it in your local host.

the issue is most likely stems from the initial HTTPS connection that certbot tries to make to the let’s encrypt servers. while your firewall allows this traffic out, it does not allow return traffic back in because of your explicit blocking of US (and perhaps other) based addresses.

even through your are using DNS for your domain autentocation, your local host - the machine running certbot - is unable to initiate the certificate transfer because of the firewall blocking return traffic.

the two external networks (and, therefore IP ranges/subnets/etc) that are important here are the let’s encrypt servers and the netcup DNS servers. certbot will have to talk to both of these in order to function.

not sure what you mean by external DNS

not hosting your own DNS server. specifically it sounds like your DNS server is hosted on your domain provider, not your own local network. you have set up certbot to automatically configure your remotely hosted DNS server for the DNS based renewal.

if DNS based recert was working before then it should be working now.

as I said in my edit, you are likely blocking the return https traffic from the US based let’s encrypt acme servers - so your initial diagnostic is correct. your local firewall is likely stopping the acme servers from talking back to your local host.

you are right back where you started, asking for info in how to allow-list the acme IP ranges. but at least we may now know why it is not working and you are seeing an https timeout even though you are using DNS based certificate renewals.

edit: typos

The DNS server/root isn’t in my home network

are you using external DNS hosting? is it in a (now) blocked country? if so, then your local certbot is unable to update the DNS server records (return traffic from your DNS host is being blocked by your iptables/nftables config).

error: HTTPSConnectionPool(host=‘acme-v02.api.letsencrypt.org’, port=443): Read timed out. (read timeout=45)

yeah, that would suggest an https renewal method. had you previously configured web server renewal at all before switching over to DNS? any other suspicious notifications in the logs?

edit: in thinking about this a little more… the renewal has to be initiated by your host, and that is likely done via https (you talk https to the acme server and tell it you want a renewal by DNS). so, if you are blocking the acme servers then the same issue applies - no return traffic.

yeah, I’ll take them (whatever the hell they are) over ice/cbp any fucking day.

“now go forth and make the world a better place!”

the us auto market is seriously cooked. just on the economics alone, every repubiican should be up against the wall right now.

true multi-polar, here we come.

unless something has changed drastically, I pretty sure LMDE is based on official Debian repos, not Ubuntu. LM adds their flavor on top.

die hard Debian user here here, but if LMDE fits the bill, I agree - go for it. its a great distribution.

skipped a few steps there i think.

thanks for the considered reply. didn’t mean to jump all the way down to electrons and sound so flippant.

my claim is that JavaScript arrays are arrays because the spec defines their behavior as such. the implementation details are absolutely interesting from a performance perspective and I was genuinely curious how an internally linked list implementation would actually work, real-world. regardless… almost every interaction I have ever had with a JS programmer has ended in “its strings all the way down”… so… I mean… yes-ish?

loved your poking of the hornets nest in this thread :-)

fucked anyway

and the backing for that is linear or page addressed MOS transistors, spinning rust or flippy-round magnets.

do you have a source that indicates mainstream JS engines internally uses a list structure for arrays? I can’t find one.

🎶her name was lua🎶 🎶she was a coder🎶

indeed. permanently off by 1.