Max-P

A lot of them got sucked into the whole “the government is forcing it on you to control the population”, and they simply can’t comprehend that anyone would voluntarily wear what they now consider being the symbol of submission to the government. In their mind it doesn’t work and never worked and you’re just virtue signalling your support of the government. It’s wild and a lost cause.

I’d expect it to get much worse now.

That should be mostly the default. My secondary Vega 64 is reporting using only 3W which, on a laptop would be worth it but I doubt 3W affects your electricity. It’s nothing compared to the overall power usage of the rest of the desktop, the monitors. Pretty sure even my fans use more.

The best way to address this would be to first take proper measurements. Maybe get a kill-a-watt and measure usage with and without the card installed to get the true usage at the wall. Also maybe get a baseline with as little hardware as possible. With that data you can calculate roughly how much it costs to run the PC and how much each component costs, and from there it’s easier to decide if it’s worth.

Just the electric bill being higher isn’t a lot to go with. Could just be that it’s getting cold, or hot. Little details can really throw expectations off. For example, mining crypto during the winter is technically cheaper than not for me because I have electric heat, so between 500W in a heating strip or 500W mining crypto, they both produce the same amount of heat in the room but one of them also made me a few cents as a byproduct. You have to consider that when optimizing for cost and not maximizing battery life on a laptop.

One thing to be careful with allowing some bending of the rules, is some are going to start testing how far they can bend the rules. Everytime you bend a rule you create a precedent for it as well, and you get into nasty fights of why was I banned but not them and have your clemency hit you right back in the face.

If it’s okay to bend some rules, then that should explicitly be the rule instead. Offtopic discussions for example, you can have a rule be “all top level comments should be on topic” as a balance, so offtopic discussions can happen, just not take over the whole comment section. If you allow something, make a mod comment explaining why for transparency and set the right expectations: “This post is off-topic but is generating on-topic discussion so we’re keeping it.”

Similarly, well designed punishments goes a long way. For example, automatic ban after N warnings can be unfair. What you’re really after is, you don’t want to be warning that user every day to stay on topic. So the punishment can be more like “more than 3 warnings within 10 days results in a 7 day ban”. But sometimes the situation is such, you can rack in 10 warnings in the same threads. So you can make the punishment account for that: “If you get warned more than 3 times during a 14 day period, you will be banned for 7 days”. Or per thread, whatever makes sense. Understand common mistakes community members do and how you can steer them in the right direction without being unnecessarily harsh.

With those two combined, it shouldn’t matter if you moderate like a robot or not. The expectations are clear, forgiving and fair while enforcing some order for repeat offenders. The rules have the flexibility you need baked in so you don’t have to bend the rules.

Guarantee there will be questions of cost of setup, maintenance, and risks.

And time moderating it, especially if they run their own. At least with Twitter/Facebook/YouTube, you get a lot of moderation for free whether you agree with it or not.

And if they use another instance, there’s other liability questions about the particular instance to choose. If they’re gonna represent an official city account, you’d expect some cybersecurity certifications to be a requirement and all kinds of stuff, even if it’s a free service. The instance admins interfering, possibly steering opinions during city elections, etc.

Nobody cares about decentralized social networks, the technology, or how terrible the other outlets are. For a municipality, you may want to focus on maintaining multiple channels of communications and ways to reach and engage the most users. You could then fold the fediverse into it as one more channel. Something they should keep an eye on. They’ll need a way to post the same content to all those channels with the least effort. Something easy that a trained intern or clerk can do.

In this case IMO it might even be better to use something like Wordpress with the ActivityPub plugin, or alternatives to that. I imagine a city mostly posts announcements and stuff, so a blog that serves as both an official website and you can follow and interact with it from the comfort of your preferred social service sounds a lot more appealing than just another social media without that many users. Can even use more plugins to post to Facebook and Twitter as well, all from one place. Given the age of the board, they’re also more likely to know and care about Threads and Bluesky compatibility just because they have more users, and bureaucratic decisions are based on numbers. A nice graph showing if they join the fediverse they capture all the users fleeing Twitter by supporting AP and AT.

Yeah, that didn’t stop it from pwning a good chunk of the Internet: https://en.wikipedia.org/wiki/Log4Shell

IMO the biggest attack vector there would be a Minecraft exploit like log4j, so the most important part to me would make sure the game server is properly sandboxed just in case. Start from a point of view of, the attacker breached Minecraft and has shell access to that user. What can they do from there? Ideally, nothing useful other than maybe running a crypto miner. Don’t reuse passwords obviously.

With systemd, I’d use the various Protect* directives like ProtectHome, ProtectSystem=full, or failing that, a container (Docker, Podman, LXC, manually, there’s options). Just a bare Alpine container with Java would be pretty ideal, as you can’t exploit sudo or some other SUID binaries if they don’t exist in the first place.

That said the WireGuard solution is ideal because it limits potential attackers to people you handed a key, so at least you’d know who breached you.

I’ve fogotten Minecraft servers online and really nothing happened whatsoever.

Yeah slightly misleading but I guess they did mention a card specifically, not GPU.

But for a moment I was like wow, 100FPS in software rendering, that’s impressive even for an EPYC.