chameleon

You go to the settings and verify it. You don’t have to host anything, just verify that you own the domain via text file or DNS record and choose to set it as your handle. Bluesky’s ATProto has a couple extra layers of indirection and it’s very easy to get a custom handle as a result.

The downside of this setup is that running your own complete network is completely impossible. If you want to follow theonion.com, anyone can find did:plc:a4pqq234yw7fqbddawjo7y35 in the DNS without too much work. That’s the identifier for The Onion’s Bluesky account, and even if they swapped back to .bsky.social, that ID number would stay. But that DID tells you absolutely nothing about where the data is currently hosted.

So how do you figure that out? Well, you register it with https://plc.directory/ which is ran by Bluesky and cannot currently be replaced. There’s fancy cryptography involved that makes it hard for them to spoof data, but they are perfectly capable of simply not giving any data out for any given DID.

Most paid certs aren’t worth much anyway. Payment and delivery info for DV certs isn’t validated by anyone, it’s literally the same concept as Let’s Encrypt. OV and EV are the only ones that theoretically have any value, but nobody is using those ever since they got rid of the URL bar labeling; even Amazon is on DV nowadays.

Gonna add a dissenting “maybe but not really”. YT is really aggressive on this kinda stuff lately and the situation is changing month by month. YT has multiple ways of flagging your IP as potentially problematic and as soon as you get flagged you’re going to end up having to run quite an annoying mess of scripts that may or may not last in the long term. There’s some instructions in a stickied issue on the Invidious repo.

Personally, I do believe that rootless Docker/Podman have a strong enough security boundary for personal/individual self-hosting where you have decent trust in the software you’re running. Linux privilege escalation and container escape exploits fetch decent amounts of money on the exploit market, and nobody’s gonna waste them on some people running software ending in *arr when Zerodium will pay five figures for a local privilege escalation or container escape. If you’re running a business or you might be targeted for whatever reason (journalist or whatever) then that doesn’t apply.

If you want more security, there are container runtimes that do cooler security stuff under the hood, like Firecracker/Kata Containers implementing a managed VM, or Google’s gVisor which very strongly intercepts kernel syscalls and essentially reimplements Linux in userspace. Those are used by AWS and Google Cloud respectively. You can integrate those into Docker, though not all networking/etc options are supported.

For that card, you probably have to set the radeon.si_support=0 amdgpu.si_support=1 kernel options to allow amdgpu to work. I don’t have a TrueNAS system laying around so I don’t know what the idiomatic way to change them is.

Using amdgpu on that card has been considered experimental ever since it was added like 6 years ago, and nobody has invested any real efforts to stabilize it. It’s entirely possible that amdgpu on that card is simply never gonna work. But yeah I think the radeon driver isn’t really fully functional anymore either, so I guess it’s worth a shot…

.eu has custom rules for whois. You’re not allowed to use privacy/proxy services for anything other than the mandatory publicly shown email field, but for domains registered by an individual, that email field and the user’s preferred language are the only things displayed. They’ve had those rules even prior to GDPR.