Everyone (and their mother) have been trying to convince me that I should use one of my less loaded servers to be a Fediverse node. However, all Fediverse software packages I checked only support being installed on complicated systemd + Docker machines. My servers don’t have either of those, because neither systemd nor Docker even exist on OpenBSD and illumos.
I know that it would be possible to manually install (e.g.) Lemmy, assuming that I won’t ever need official support, but I wonder why the world outside a limited subset of the Linux ecosystem is - at most - an afterthought for Fediverse developers.
How can I help to change that?
It’s been a while since I’ve run Illumos, but a quick Google suggests that you can run docker images in an lx zone.
On some illumos-based systems, yes - but an LX Zone is basically a virtual machine with Linux (as it still requires a complete Linux installation).
Ugh, I wanted to make a few sublemmys but if it’s that much work, forget it. One thing that’s lacking around here are the shitposting subreddit equivalents. r/Copypasta, r/shittyaskreddit, r/okbuddyretard, that kind of thing.
Exactly, bring in the shitposting and porn subs and Lemmy will flourish.
Porn is kinda difficult. There are probably few people who want to moderate and more importantly be liable for pornographic content hosted on their servers. Many Hoster also explicitly forbid adult content.
Not impossible but someone would have to do it ^^
I could also totally see something like
naughtyverse.xxx
as domain name.Will probably be defederated though.
Right. Lemmy would need at least an option for admins to not show content from certain instances in the All feed. And overall more sophisticated tools for moderating remote content (e.g. side wide mods that aren’t as powerful as admins but still can remove federated posts)
As far as I understand, you can make a new community (“sublemmy”) on any server, it will be federated.
You can only create a community on the server that you’re on, but you could just make another account and then appoint your account on the foreign server as mod :)
That’s not accurate though is it? Community creation can be enabled/disabled from the owner of the server, but there are some servers that allow it. For example: I’m on sopuli, which is not my server, and I’m able to create new communities.
sorry my explanation was bad. I meant you can create a sub on the server that you’re on. Afaik only beehaw disallows this.
Hmm well if anyone gets around to it before I do, make one called shittyasklemmy. I’ll even help moderate it.
just make one on your server (lemmy.ml), it’s literally only a few clicks. “Create Community” in the very top :)
Oh! Today I learned… thank you!
I wonder why the world outside a limited subset of the Linux ecosystem is - at most - an afterthought for Fediverse developers.
I hate to break this to you, but OpenBSD is an antiquated OS masquerading as a modern one, and OpenBSD’s lack of willingness to support modern standards results in the difficulty you’re having.
OpenBSD feels like it’s been duct taped together for decades. Anything “new” seems to just be, “sorry, not possible.” The OpenBSD kernel doesn’t support WiFi 5GHz. The OpenBSD kernel doesn’t support even the minimum subset of isolation features in order for Docker to function properly. Why? Because OpenBSD refuses to add these features to their kernel. There are very likely other syscalls and basic features any given open source project needs, even if it’s not being run in Docker, that simply do not exist under OpenBSD due to the very limited kernel it provides.
You’re upset because open source projects don’t support a platform that is old and developer-hostile. Turn your frustrations on OpenBSD - these projects would gladly support OpenBSD if they could.
I hate to break this to you, but OpenBSD is an antiquated OS masquerading as a modern one, and OpenBSD’s lack of willingness to support modern standards results in the difficulty you’re having.
Ok, let us assume for a moment that “modern” is the same thing as “great”: why do people still use Linux’s terminal, which emulates an actual 70s line printer, although there have been superior input capabilities since the 80s?
That’s irrelevant to this discussion. I was talking about OpenBSD’s lack of kernel features and driver support.
As for the Linux vs OpenBSD terminal comment, I feel like you’re grasping. What does OpenBSD’s terminal do better? We have had augmentations on top of the Linux terminal for years, adding things like auto complete and syntax suggestions that the 80’s could never have dreamed of.
What does OpenBSD’s terminal do better?
Nothing (well, depending on whether you like the
ksh
), and I never said it was. The point is that a terminal is not modern either, it’s actually the exact opposite of modern, yet you’re happy with it.I was talking about OpenBSD’s lack of kernel features and driver support.
OpenBSD has more reliable WiFi on a ThinkPad than Linux has ever had - at least for me. It seems that “lack” is a highly subjective term.
80/20 rule.
When you are creating something like Lemmy, where you want wide uptake, you need to pander to the masses.
The /r/selfhosted surveys show around half of self-hosters mostly or exclusively use docker. A significant portion of the rest can use docker if needed.
If you’re in the 20% that isn’t covered by the most common setup, then it can be frustrating. But supporting that 20% takes as much effort as supporting the other 80% (see 80/20 rule), and when things are new it’s just not where the effort should be focused.
So you have all those servers, but why can’t you install debian or ubuntu server on one of them?
You could also get a $2/month VPS and run it on that. Beehaw is run on something similar (though apparently $12 a month, but a lot more users).
So you have all those servers, but why can’t you install debian or ubuntu server on one of them?
I could. Personal opinion: Linux is frustrating to use for me, and I prefer my servers to bring me joy.
What pain points do you find with Linux? How does OpenBSD differ?
This question is not as easy to answer as it seems.
Eleven years ago - that was before systemd - I was still using Linux on one of my desktops (Fedora) and my only server at the time (Debian). Independently of each other, both systems refused to start after an upgrade, so I had to replace them; on the desktop I ended up with Windows for a long time (in the meantime I’ve switched to macOS), on the server a FreeBSD worked first. From FreeBSD I later migrated to OpenBSD and illumos, all three systems have their own merits and solve problems that the other systems have.
As to the “OpenBSD vs. Linux” question, I’ll be brief:
- OpenBSD just works. No need to be careful during installation, no surprising problems with the init system after an upgrade.
- OpenBSD’s man pages are exemplary, Linux could take a leaf out of its book.
- OpenBSD largely adheres to standards. The GNU tools do not always do so. This is a pity, especially with the C compiler.
- Because the OpenBSD team maintains a complete system and not just a part of it, OpenBSD does not look like a patchwork, but is self-contained, which also has positive effects on security. OpenBSD itself advertises its good security statistics, not entirely irrelevant for servers.
- sysupgrade is a great tool that has no equal.
I think this list could be continued.
@tux0r @strudel6242 I don’t wanna be that person, but ‘btw i use arch’ and I think you might like Arch Linux (or Gentoo if you aren’t keen on systemd, the only difference being with Gentoo you compile most stuff yourself, whereas with Arch you only compile some stuff yourself) But both Distros have minimal overhead, aren’t junk (like Ubuntu) and have very broad and active support for a lot of stuff. Especially with the AUR, there is almost nothing I can’t get on Arch
I even had a Gentoo installation before I bought a MacBook. (I had a variety of laptops at some point.) However, I also broke Gentoo - by updating the kernel. Apparently my configuration was insufficient somewhere, anyway it didn’t boot up anymore.
I like Gentoo, but it still carries some shortcomings of the Linux ecosystem. On top of that, the necessary compiling of (almost) the whole system takes more productivity than expected.
Thanks for your answer, being fairly out of the loop on all of this it’s quite interesting to hear. I’ve also experienced a number of upgrade pains. I’m quite diligent with storing important data external to the OS, but it still sucks when the only real option is to nuke the drive and install again.
I never had this problem with FreeBSD, OpenBSD or illumos (OmniOS). Upgrade pains are especially awful if you actually use your server for something useful.
Not that I wouldn’t want a Lemmy server to be easier to host and set up, but perhaps the difficulty is one of the things keeping troll and bot servers out in addition to good and common sense moderation.
Never underestimate 4chan.
@tux0r Mastodon is well-documented and I was able to set a node up in an hour or so, don’t know about OpenBSD tho
Mastodon wants Docker.
it likes it but not needs it, an OpenBSD dev has your back https://github.com/qbit/mastodon_openbsd
Last updated in 2018… probably unsupported for current versions?
no it works for the current version but you need to check your playbook vars to just get the new tarballs. If you want to see it in action PHessler runs a node at bsd.network that runs on OpenBSD in vmm on OpenBSD.
Good to know, thank you.
From that site:
Make sure curl, wget, gnupg, apt-transport-https, lsb-release and ca-certificates is installed first
lsb-release does not exist outside Linux.
oh I see
@tux0r https://docs.joinmastodon.org/admin/install/ This is the standalone guide: https://docs.joinmastodon.org/admin/install/
From that site:
Make sure curl, wget, gnupg, apt-transport-https, lsb-release and ca-certificates is installed first
lsb-release does not exist outside Linux.
Docker is used by a ton of projects and makes installation very easy in most cases
I’d highly recommend moving to a different distro that has docker
There are no OpenBSD “distros” with Docker.
It’s “annoyingly hard” because you’re not using modern tooling. If Docker is unavailable on your preferred OS, then that OS is stuck in the past. Simple as that.
Docker makes it easy to install a program, including all its dependencies, in a repeatable way. Since you’re familiar with BSD, it’s similar to jails except with better isolation, fewer security holes/issues, and the software you want to run is preinstalled. Docker containers are essentially mmutable which makes upgrades easy - just throw away the old container and replace it with the new version. (persistent files are stored separately, in “volumes”)
You can of course manually install the same software by looking at the Dockerfile and manually performing the same steps, but there’s no guarantee that it’d work well on an unsupported OS.
It’s “annoyingly hard” because you’re not using modern tooling.
Calling Docker “modern” is a stretch, as it’s not much more than glorified Solaris Zones, but please enlighten me: Which feature of a federated web application requires modern tooling?
Since you’re familiar with BSD, it’s similar to jails
OpenBSD does not have jails.
except with better isolation
How so?
fewer security holes/issues
Actually, not using Docker prevents a number of security holes/issues.
and the software you want to run is preinstalled.
If you grab an image with it. You could as well just grab a tar archive with it… with less side effects.
Docker containers are essentially mmutable which makes upgrades easy
And security patches impossible.
Calling Docker “modern” is a stretch, as it’s not much more than glorified Solaris Zone
And yet the OS you’re using doesn’t support it. Hmm.
OpenBSD does not have jails.
Sorry, I didn’t realise that these are FreeBSD-specific (I guess? I’m not too familiar with BSD)
Which feature of a federated web application requires modern tooling?
Deployment. All web apps and APIs are moving towards containerization - Docker for smaller scale deployments, and Kubernetes for large-scale deployments.
except with better isolation How so?
I didn’t think jails had CPU, memory, or process limits similar to what
cgroup2
provides, but it looks like this functionality was added to FreeBSD at some point. Sorry for the incorrect information.Actually, not using Docker prevents a number of security holes/issues.
Sure, Docker has had a few issues, but overall it’s more secure to run your apps in Docker containers. If an app gets compromised, the attacker will generally be stuck inside the Docker container rather than getting access to your entire system. If you’re worried about (very rare) container escape security holes, using unprivileged containers helps - You can run the app inside the container as an unprivileged user, and you can also run the entire Docker container as an unprivileged user on the host system.
And security patches impossible.
Security patches are easier than if you used a tar archive to install the software. With a tar archive you threw into
/opt
or whatever, the app and its config/data are often stored together, so you need to be mindful of things like not overriding customized config files. Since Dockers containers are immutable and all the actual data is stored elsewhere, it’s always safe to delete the container and replace it with a patched version.And yet the OS you’re using doesn’t support it.
It would, but Docker doesn’t support it. I’m not sure how this means that the OS was worse.
Sorry, I didn’t realise that these are FreeBSD-specific
They are, including its descendants (that includes the FreeBSD 4.8 fork DragonFly BSD).
Deployment.
How is “run this black box of arbitrary software, requiring a kernel module and numerous services” a superior deployment than
tar xf application.tgz
? Just because people do it, people could still do the wrong thing. Not every website is Facebook.Sorry for the incorrect information.
No problem. I was genuinely curious.
Sure, Docker has had a few issues, but overall it’s more secure to run your apps in Docker containers.
Docker imposes additional attack vectors to the underlying system, a (for example) backdoored PHP application running inside an OpenBSD
chroot
(OpenBSD runs its built-in web server insidechroot
by default, so web applications can never reach anything outside the web folder anyway) does not, if I understand you correctly. I know that you consider the 1979 technologychroot
to be not modern, but I wonder which security feature is missing.Since Dockers containers are immutable and all the actual data is stored elsewhere, it’s always safe to delete the container and replace it with a patched version.
What if nobody maintains the container anymore, although the software itself is still maintained?