this post was submitted on 11 Feb 2025
149 points (98.7% liked)
hexbear
10331 readers
284 users here now
Hexbear Proposals chapo.chat matrix room.
This will be a place for site proposals and discussion before implementation on the site.
Every proposal will also be mirrored into a pinned post on the hexbear community.
Any other ideas for helping to integrate the two spaces are welcome to be commented here or messaged to me directly.
Within Hexbear Proposals you can see the history of all site proposals and react to them, indicating a vote for or against a proposal.
Sending messages will be restricted to verified and active hexbear accounts older than 1 month with their matrix id in their hexbear user profile.
All top level messages within the channel must be a Proposals (idea for changing the site), Feedback (regarding non-technical aspects of the site, for technical please use https://hexbear.net/c/feedback), or Appeals (regarding admin/moderator actions).
Discussion regarding these will be within nested threads under the post.
To gain matrix verification, all you need to do is navigate to my hexbear userprofile and click the send a secure private message including your hexbear username.
founded 4 years ago
MODERATORS
Hello users of hexbear, or shall i say chapo.chat, we fucked up, and i fucked up like three times making this post.
Yes, hexbear.net has expired. Yes, we were aware of this possibility. We have gradually lost contact with the access owner (prior admin) for the domain registration. We attempted to make a migration plan, but we were disarmed by the reappearance of the party in question in September 2024 and repeated assurances that they would a) transfer credentials and b) continue payments until they were able to do the former.
We accept full responsibility for this. We should have been more aggressive about this and continued our alternative despite these reassurances. This is our fuck up, and we can't offer anything besides our continued apologies and our plan of action going forward and an explanation of what happened:
Over the time of chapo.chat and hexbear.net the admins that purchased the domain, established the donation accounts, and the server accounts have left. One of the primary admins has gone inactive and returned many times, over a year ago some of the newer admins began asking the older admins to give full access to the domain, servers, and donations. These requests were not met, despite warnings of this exact event.
At the moment we do not have access to hexbear.net and there is a strong chance we will not get it back without participating in the auction, which is already over $300. Choosing to abandon the hexbear.net domain will cause federation problems and considerable technical issues which would lead to potential extended downtime.
During this downtime we would be reestablishing access to the new domain (or hexbear.net if we win the auction), access to server ownership, and donation accounts. This would be distributed among a number of admins so that we can prevent this from happening again.
Chapo.chat has the same access problem that led to the current state of hexbear.net so it is to be considered temporary.
I will do my best to answer questions
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
About the donations, should people stop contributing to the liberapay/hexbear account?
yes
So hexbear.club is available, you can just
s/hexbear.net/hexbear.club/gin the lemmy setup for federation shit. Annoying I'm sure but not the end of the world.In practice what I want to suggest to you guys is when you're rebuilding the hosting accounts/stack to use either something OSS like KeepassXC or a service like 1Password (which may be easier to admin vs playing around with multiple vaults/access levels for Keepass) so you can manage access to various sites you need to keep the service up.
we had that, however when we had issues with the Keepass the admin would not be available to restore access despite stating they would do so
This is pretty easy to work around:
hexbear.netitself in a magical secret directory and turn off directory access.It's hard to collect all this data.
Even if you find the database you won't crack it in this lifetime.
Even if you find the database and know the password you need the key file.
Even if you find the database and have a keyfile you need the password.
Ideally this data shouldn't change, in practice try to find hosts like AWS that allow you to set up orgs and link accounts and only hold the "root account" details in the database.
Stanza from a song is a bad idea, shit like that got cracked when people used such text for so-called Bitcoin "brain wallets" like a decade ago, and hardware is a lot faster now. Passwords/passphrases absolutely must be randomly generated to be truly secure.
It's formatting should be unique enough that it won't match a rainbow table sure, but overall that's not a hard problem. You just need a small salt. Key file also works as the salt in this case
Nice thanks, also should probably remove the liberapay link from the <3 logo in the site header
i will, thank you
Will you be taking donations to win the domain back in the auction?
My personal stance is that we should try to change domains and use the hundreds it would take to win the auction for !mutual_aid@hexbear.net posts instead
What about the patreon
same
Hope the other 22 contributors see this comment