1. You host it yourself
2. You can get a cool domain name
3. It’s pretty low maintenance

Docker isn’t super necessary, there are some scripts out there that hide a good bit of how it works like the official ansible playbook or lemmy-easy-deploy.

I use docker to easily run many pieces of software in isolation from each other, it’s like VMs if you’re familiar with those, but different in some key ways that don’t really matter for this discussion.

I would still go with one that isn’t one of the biggest. My general advice is to find one that fits the vibe you’re going for, communities you’re interested in (e.g. some are focused on art or cybersecurity, etc), or is somehow tied to your locality. It shouldn’t matter that much, though some servers will be a little more (or less) strict with things like federation, content warnings, alt text, etc. Usually the server will have some info telling you some of this, and their admin should be linked and likely has a post or two pinned to their profile explaining some of this as well.

I am partial to kind.social, though have opted to run my own instead of joining up anywhere.

Honestly it depends on what your experience level with running software is and what you want out of it. For me things have been rather smooth sailing as I already host a number of things for myself (so know all about domains, DNS, servers, reverse proxies, docker, etc.) and I am the only one actively using my instance right now so (local or admin-level) moderation isn’t really an issue either.

I am very aware of what it takes to run a small instance, you are indeed correct that domain registration is not the hardest part.

Just run your own instance, I say… that way it’s your fault when you forget to renew the domain name instead of the poor soul running vlemmy.

Agreed, I recommended filtering to only http(s) links in the github issue, I just made this x-post. I don’t see a strong reason to let people link to weird things like file: and data:, or deeplink to installed apps on your computer/phone. Filtering the scheme to just http(s) is how Nutomic seems to have fixed it in the backend from what I can tell (I am not a rust dev).

May the Lord have mercy on us all.

As someone who hosts a bunch of other stuff already including my own email (because I am a madman), does stuff like this as a job, has developer experience, etc. it was simple.

Figuring each of these things out (and how they all work together) for the first time was a hell of a journey.

Asklemmy isn’t really a place to ask about lemmy, it’s for asking general questions to users of lemmy, jut like you wouldn’t ask for Reddit support in /r/askreddit.

Regardless, this question gets asked and talked about in the !selfhosted@lemmy.world community fairly often, here is a (slightly edited) comment I made a while back.

You will need a domain name, you can buy one from a registrar such as hover or namecheap (for the love of all that you consider holy do not use godaddy).

You will need a way to expose the server that you set up via port forwarding or similar on your network.

You will need to set up DNS records on the domain you buy to point to your home IP. You may want to figure out a different way to avoid just handing that information out, cloudflare can help with that. You will want to make sure the DNS records get automatically updated if your IP address changes, which is not uncommon for residential ISPs.

You will need to figure out how to get an SSL certificate, Let’s Encrypt will issue them for free, cloudflare gives you one if you use them as a reverse proxy.

Some of this would likely be easier to do on a cloud provider like digitalocean or linode and could be done reasonably cheaply.

These are all common things for setting up any website, so lemmy docs won’t cover them. In addition to those (this answer was just addressing “how to get a URL”) you will need to install and configure lemmy, lemmy-ui, postgres, and pictrs somewhere (the join-lemmy docs cover this well).

If you want your instance to send emails you will have to figure out how you want to do that (too many options to cover in this answer).

When 0.18.1 gets released if you want captcha you’ll probably have to figure out an mCaptcha provider or set that up yourself.

Not to mention thinking about backups, high availability, etc, etc.

As far as hardware to host on you could get away with like ~$10/mo on most any cloud provider, run it on a Mini-PC in your closet, etc. My instance uses 1-2 GB of RAM, ~13GB of disk (and growing a few hundred MB per day), and ~30% of a CPU (an old i5).

Best of luck.

Yeah, I think how most Lemmy clients (including the default web UI) handle display name is a real mistake.

It is worth noting (assuming we are referring to the same incident) the Mastodon data wasn’t the target of the search, the person just happened to be actively working with a database backup when the FBI executed the warrant and took all of the person’s computers and stuff.

Not sure if it’s relevant as pretending to be form Germany may be the point here, but “Tor clients” aren’t “from” anywhere you can know, that’s just where the exit node is located.

They have been tuning the algorithm for that in the past releases, so may be related to that. Also, there is/was a bug where if you don’t restart lemmy (on the server) regularly stuff will get stuck at the top of hot and/or active.

Sure, but we were talking about using Unbound, or some other recursive resolver, locally. Unbound doesn’t use DoH or DoT for its queries, and most/all authoritative servers don’t offer DoT/DoH.

You would have to use some local stub resolver, route its traffic over a VPN, and then use public resolver(s) that provide DoH/DoT (and those still use plaintext DNS to do their resolution, the benefit you get there is the shared cache and semi-anonymization due to aggregation). Whether that is good enough is up to you.

If my threat model realistically involved TLAs or other state-sponsored actors I would not be advertising what I do or do not know on a public forum such as Lemmy, haha.

This conversation was in the conext of running Unbound, which is a recursive resolver and AFAIK DNS “encryption” isn’t a thing in a way that helps in this scenario… DoH, DoT, and DNSCrypt are all only concerned/deployed by recursive servers, meaning unbound isn’t using those. DNSSEC only provides authentication (preventing tampering) of the response, not any sort of encryption/hiding.

Sure, which at least increases the burden from observing just your traffic to your ISP to observing your ISP and your VPN provider. That traffic is still unencrypted upon egress from your VPN. If you’re going through the effort of using a VPN I think using a public DNS server could make more sense as they can’t tie your query to your actual IP. (Also this is all thinking about an upstream for PiHole or similar, so always some sort of local server for your clients to use)

The only problem there is that if you are going for privacy all of the traffic between your unbound and the authoritative servers is unencrypted. It us certainly a trade-off involving trusting a 3rd party, but with a busier public DNS server there can be a level of plausible deniability due to the aggregation and shared caching involved.

AFAIK deletes do get federated. Also, it would be trivial to implement soft delete where the data is retained but bot shown.

In some cases soft deletes are good and useful because it allows things “deleted” for spam and rule breaking to be retained and used to build a case against a bad user/bot or train spam filters, etc.

Is /trees for weed or arborists? Who moderates and decides? You have the same problem on that other site with things like /games vs /gaming vs /gamers vs true_gaming etc.

To me the bigger problem is discoverability. If there is nothing community at /piracy on my local instance something should ve done to show options of communities in the fediverse. Something like an integrated version of browse.feddit.de.