I have a single Podman stack & Podman network - ingress via Caddy with crowdsec that forwards stuff to the various things I've got going. All self-contained in the Podman network.

I want to put Caddy in a VM to establish a "DMZ" (separate kernel) as I've seen recommended for directly internet-facing infrastructure. But to do that, I'll break my single Podman network across two "servers".
Because it is across two "servers", I need to publish the ports for the services on the non-VM server so that the VM can address them externally - which allows the services to talk to the internet (even if they don't need it) and allows the services to talk to each other on published ports (before I could have separate networks for each service, so BookOrbit can't talk to Jellyfin for instance).

How can I have the Caddy in the VM that deals with the WWW forward things to the server running everything but retain that closed Podman network topology?

And ancillary Q, what other things should be in that "DMZ" VM? Auth ODIC? Headscale? Just Caddy?
Edit: Caddy forwards everything to the Auth OIDC which forwards it along if the connection attempt is logged in. Will be adding mTLS to bypass that check eventually. That's why I'm thinking Auth ODIC should be in the "DMZ" VM too.

And lastly, Podman networking works just like Docker networking, so any topology is transferable if you've solved this in Docker!

WRT = with respect to

I have some subdomains that go to my home address (I know I should put it through a VPS first but I'll get to that when I have time).

If I connect to example.domain.tld and DNS records point back to my own IP, where does that data go to reach back to my device?

Breaking change in #FreshRSS for those of you with feeds on your local network such as RSS-Bridge or RSSHub: for improving security (SSRF), local addresses must be added to your allowed list. There are a Web UI and an environment variable INTERNAL_HOST_ALLOWLIST, whichever is easiest. Breaking changes in FreshRSS are rare, but this has been made default since not everybody is able to properly isolate their services. This has just landed in the rolling release (edge). Tests welcome.

Hey Hosters!

Just wanted to share that I got Jellyfin installed and set up on my Windows 2022 Server, and it’s working great! I didn't even know there was a version for WIndows. How do you like that?

I know this is probably “the usual” for everyone here, but I’m genuinely excited that I managed to get it all running smoothly.

After getting the server up, I went through the basics (users/permissions, library paths, and making sure everything was reachable on the network) and it all just worked. The interface is super clean, playback is nice and responsive, and it feels like I’ve been missing out on this until now.

Huge thanks to the Jellyfin team and the community! This project is awesome!! If anyone is stuck, please don’t give up. keep poking at the configuration and it’ll pay off. Now I just need to spend some time organizing my libraries!

Happy Hosting!

Does anyone know if it's possible to achieve this? Possibly with an external service that syncs the two?

Basically, the last feature immich can't do that google does is to share albums. Sometimes my family wants to have albums after events, and my ones live in a silo.

Tempus is an open-source and lightweight music client for Subsonic, designed and built natively for Android.

This app works with any service that implements the Subsonic API, including:

• LMS - Lightweight Music Server - personal fave and my backend
• Navidrome
• Gonic
• Ampache
• NextCloud Music
• Airsonic Advanced

https://github.com/eddyizm/tempus/releases/tag/v4.20.0

My last release post was for v4.12.0 so I've included whats changed since that post.

What's Changed

Highlighting these 5 features that people have wanted for some time and were well received.

• feat: tile size manager
• feat: Implement a sleep timer button to the currently playing screen
• feat: offline playlist in dowloads view
• feat: add to queue, edit playlist in main playlist page
• feat: local radio station management, directory search, and radio cover art

And a ton of bug fixes, performance improvements and other features -> Full Changelog: https://github.com/eddyizm/tempus/compare/v4.12.0...v4.20.0

note app-tempo* <- The github release with all the android auto/chromecast features

app-degoogled* <- The izzyOnDroid release that goes without any of the google stuff.

As usual, any dev contributions appreciated as I am not actually a java/mobile dev, so my progress is significantly slower than those who do this on the daily.

Big thanks to all the folks who have been contributing.

Recently, I saw icanhazip.com pop up in my pFsense firewall logs. It was immediately blocked but the name piqued my interest, so I did a little digging which revealed an interesting backstory.

It's owned by Cloudflare:

spoiler

spoiler

...but it hasn't always been theirs: icanhazip: How a simple IP address tool survived a deluge of users. Pretty interesting, at least to me as I have never encountered it before.

I have it still blocked as nothing I'm doing seems hampered by blocking icanhazip.com's ip range. Anyone else ever encounter icanhazip.com?

My old laptop for self hosting just croaked, and I'm thinking of buying a 2nd hand mini pc, but this time I want to do it proper. I want to optimize the electricity consumption and specs needed/ future upgreadability, considering how expensive everything is now.

My use case is just for self hosting files (infrequent access and reducing reliance to google drive), and occasional dev workload via ssh. I'm thinking of buying a used optiplex with at least i6 gen cpu (SFF or micro form factor), but I want to see if there are better options.

There was a link posted in this subreddit about power consumption comparison of different mini pcs (raspberry pi, n100, etc), and I regret not saving it.

If anyone could suggest me better options it would be greatly appreciated. Thanks!

This is an alternative to manually typing your password to decrypt your home server disks.

The idea is that you have a Tang server somewhere on your local network. When your server boots up, it needs to communicate with the Tang server to unlock the disk. Tang doesn't store the key and is stateless, but the client requires Tang's cooperation to compute the key.

For me, I'm thinking about someone breaking into my house and stealing my computer. Currently, I have LUKS read a keyfile from a USB drive... but I almost always leave it plugged in... so a thief would probably accidentally steal that too.

With this setup, I'm thinking maybe I could setup a Pi on the opposite side of my house, ideally hidden. And then if my home server gets stolen, LUKS wouldn't be able to reach my Tang server, and therefore not unlock anything.

In an effort to make the sidebar a bit cleaner, and allow for more thorough explanation of the rules, this post has been made. Comments are disabled, to start a discussion with the community about this post or the rules in general, please make a meta post. Please stick to one specific item to address as your post to keep discussions on topic.

If you see a rule violation, please report rather than interacting with the post/comment.

Rules:

1. Be civil.

This is a community of collaboration. We aren't here to put each other down, but lift each other up - helping to improve efficiencies, find the right solution to deploy, or work through bugs.

Disagreement and strong opinions are welcome, being degrading or disrespectful is not.

A good reference would be the Lemmy.world Terms of Service as well as the ACoC.

Sexism, racism, ethno-supremacy, homophobia, slurs for ethnicities, genders, sexualities, etc, will not be tolerated. If you see it, report it. Don't interact, as the comment chain will likely be nuked.

2. No spam.

Spam is not “I don’t like this”.

Spam would generally be considered:

• Mass-posting - Posting the exact same post across a bunch of of different communities, rapidly. Cross-posting is not spam, but cross-posting to communities where it wouldn't fit, is.
• Repetitive Content (aka karma farming) - repeatedly submitting old popular content. This is completely irrelevant on Lemmy,, but the behavior is still not permitted.
• Bot Activity / AI Abuse - Using scripts/bots/gen AI to automate posts and comments.
• Unsolicited DMs - Mass private messages or chats to users, completely unsolicited

Bots are allowed, but see the Rules of Use for Bots on Lemmy.World, where this community is located. Please be sure to review these rules prior to using a bot in this community.

3. Posts are to be related to self-hosting.

Please ensure it is clear in your post how it relates to self-hosting.

If you see a post where there is a more appropriate place for the discussion to take place, such as a linux or networking community, please feel free to recommend it to the user as well as report.

From a community discussion on this rule:

• Posts that are better off in a different community (not just intent, but also a community thats appropriately supported by activity) will be locked only after that community is noted. Posts will not be deleted though, only locked.
• If there is an influx of simple posts about hardware, pictures of setups, etc., then we can go ahead with a weekly sticky for that content.
• Low effort content is currently well managed with upvotes and downvotes. If there is an influx of low effort content, we can use a different approach.
• Repeated common questions, once enough of them are being seen, will go to an FAQ post or a wiki.

4. Don't duplicate the full text of your blog or readme if you're providing a link.

If everything you're posting is in the link, there isn't much value to adding that text. If you're going to add text, make it contextual. Summarize it, mention why selfhoster's might be interested in the news link, how you're using this software, etc.

5. Submission headline should match the article title.

Add supporting or related information in the post itself rather than the title.

6. No trolling.

Trolling is deliberately posting something offensive, nonsensical, or provocative to bait people into arguments or to get an emotional reaction. Its disruptive and manipulative, and is not permitted here.

A few key characteristics:

• Baiting: Comments / posts to make people angry or confused
• Derailing conversations: Ruining meaningful discussions by steering them off topic

Downplaying this behavior by claiming it was "just a joke" will not impact moderation decisions. See rule 1.

7. Promotion posts require your active participation in selfhosting or related communities, and your account must be at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See this link for further details.

• Active participation is defined by the 10% rule - no more than 10% of your posts or comments may be self-promotional, or your post will be removed. That is not per-project, but your account as a whole. If the entirety of your post and comment history is your blog and projects, then your post history is entirely self-promotional.
• Account Age has been added as a requirement to mitigate frequent posts that were being seen within the community. This rule applies in all cases, whether you intend to post about a paid or F/LOSS project. There are no exemptions from this requirement.
• F/LOSS Exception: If your post is about a project that is completely open source & can be self-hosted in full without payment, your post is exempt from the 10% requirement. The exception does not exempt you from the account age requirement.

This post will receive updates as rules are updated.

So, let's try the newly proposed AI tag. If this post is not your cup of tea, I get it.

This is Euros, a minimal expenses splitting software written in Go. The code has been generated in it's entirety with an LLM, as I am not a software developer, just a self hoster.

Motivation

I generated this because I needed an authless, low barrier-to-entry expenses splitting software for my friend groups, similar to Spliit.

I asked for Spliit replacement recommendations here a couple of moths ago, but I didn't find one that would work entirely authelssly and which would allow negative entries, like Spliit does. As you might know, Spliit is unmaintained at the moment, and it already has some CVEs, which discouraged me from using it anymore.

Euros

With this in mind, Euros was made super minimal: just Go with one dependency, sqlite. The UI is just HTML and CSS. The license is AGPLv3-or-later.

The container image offered in the repo is both rootless and distroless, meaning there is no shell, package manager etc. inside the container, and also that the user running the binary is un-privileged.

I've been running this now for a couple of weeks, and I am quite happy with how this turned out. I consider the software to be feature complete, i.e. what you see now is what you'll get. I'll just keep bumping the major Go and major sqlite version up as they drop.

So, if you need an even simpler Spliit, you might like this.

Apologies if this is a rookie question, but I keep wondering what the vulnerabilities section on DockerHub is trying to tell me. Take nextcloud images for instance: The most current images seem to list 3 critical and 22 severe vulnerabilities. Does that mean those vulns are part of the image? If so, why would anyone want to run this?

EDIT: turns out I needed to set mountpoint=legacy, (sudo zfs set mountpoint=legacy <filesystem>) which is the standard way to use ZFS on nixos. Legacy in this context means that the mountpoint is decided by the system rather than ZFS; I guess ZFS was previously refusing to receive the mountpoint because it already had one, but I didn't notice because they happened to be the same.

I'm using ZFS on nixos, with an ext4 boot drive, and a ZFS pool whose key is loaded from the boot disk.

Despite mounting correctly, zfs also causes the system to fail and go into emergency mode. Even if zfs were to fail though, things like sshd and dbus shouldn't depend on it.

In particular, the system waits for about half a second after

         Starting Mount ZFS filesystems...

and the next line is

[FAILED] Failed to mount /ZFSmountpoint.

and then

[DEPEND] Dependency failed for Local File Systems.

A few lines later I get

[  OK  ] Finished Mount ZFS filesystems.

The next line is about emergency mode.

How can ZFS both fail and finish? And why does this affect the remainder of startup?

Hi everyone.

Given some recent.. issues with Bitwarden's leadership, I've been toying with Vaultwarden. It's been great, and supports pretty much everything I need.

I currently locally host the vault, but I'm realizing that this could cause problems for my family if something were to happen to me. While not technologically inept, if my server at home crashed they would have no idea how to access it, and they would lose all of the passwords.

I was thinking that a vps might be a better choice for this, possibly with some reboot automation in case of outages. That would allow them enough time to initiate the emergency access and import everything before anything happens to the passwords.

I've also got encrypted M-disc backups of the most important passwords with timestamps of when they were last set. I've demonstrated and written down instructions on how to decrypt these. Of course I also have other backups, but I doubt they'd be able to retrieve the non-physical copies of the backups.

Anyway, is that what most people here do with Vaultwarden, use a VPS with mTLS or VPN? To add, I would only use a tunnel for this if I go this route, so no open ports.

I can't decide between these two used drives: https://www.cdw.com/product/solidigm-d5-p5336-122.88-tb-solid-state-drive-2.5-internal-u.2-pci-ex/8455168?pfm=srh

and

https://www.cdw.com/product/solidigm-d5-p5336-61.44-tb-solid-state-drive-2.5-internal-u.2-pci-exp/7785193?pfm=srh

sure 61TB doesn't sound like much these days, but I'm only going to be making word docs for a few centuries. Plus the drives are used and so they come at a great discount!

I initially shared a my latest project with you here. A lot have happened in LaManager in the past 2 weeks so I though i would make an update post.

Reminder of what is LaManager: It's a services manager build to use copy on write to reduce downtime when doing offline backups while ensuring that all the data is in a coherent state. It can also create and manage it's own virtual disk images to allow it to work anywhere outside of supported COW filesystems.

First LaManager has now been put in production and as been working without issue since then.

Currently on my homelab it manages : caddy (with anubis), forgejo, jellyfin, jitsi, matrix (including frontend and bridges), nextcloud (including euro-office), pi-hole, qbittorrent, redlib and vaultwarden.

Changes and new features since last time :

• NEW FILESYSTEM SUPPORT: ZFS !
• moved development to my forgejo instance
• shell-completion for bash, elvish, fish, powershell and zsh
• mutithreading of operations applied on multiple services (start, stop, backups, restart, remove)
• new restart command for services
• better error handling with anyhow
• added a lockfile to prevent unmounting during backups or others combinations of incompatible operations
• Licensed under AGPLv3

The forgejo instance is open registration to allow contributions.

With all thoses services the total downtime when doing a backup is under 17 seconds and extremely consistent, even when the remote took more than 20 minutes to sync.

For the entire week since introduction of multithreading daily backups downtime never went bellow 16 seconds or above 18.

As i've seen the discussions around about AI, i can confirm that currently LaManager has been fully created without any use of AI.

A few months ago I decided to self-host everything for my software house instead of paying for cloud infrastructure. Here's what's running on a Raspberry Pi 4B (4GB) at home:

Astro static site + nginx Full mail stack (Postfix + Dovecot + Roundcube) in Docker MariaDB with automated backups GoAccess analytics with custom Python bot/human separation Dynamic IP blocklist generated at every deploy Certbot managed on a separate Orange Pi Zero 3 (HAProxy + SSL termination)

The Orange Pi Zero 3 as a dedicated HAProxy node was the best €25 I spent — SSL overhead completely offloaded from the Pi, all subdomains routed through one config, clean network separation between "what faces the internet" and "what runs the services." Storage: all boards boot from SSD via USB3. No SD cards in production. The ISP situation: Eolo wireless, 20Mbps down / 100Mbps upload. Yes, upload is 5x download. For a web server that's actually ideal. Real stress test — June 22, 2026 A post on r/italy hit 20k views in 24 hours. Numbers that day:

555 human visitors (vs ~180 daily average) 151 unique IPs 72.2% return rate 9.98 MB bandwidth 0 downtime 0 errors in the mail stack

PageSpeed from Google's infrastructure:

Desktop: Performance 100 / SEO 100 Mobile: Performance 97 / SEO 100

No CDN. No Cloudflare. No edge nodes. Just nginx on a Pi. The honest limitations:

Single point of failure — yes, if the Pi dies the site goes down Mail deliverability on residential ISP is hard (Brevo relay helps) No redundancy — we run backups, not replicas

All traffic data is live and public: stats.lake8.dev/geo.html Happy to answer questions on any part of the stack.

I changed my docker installation to rootless. I now installed Patchmon on the host and I wanted to monitor and update my Docker images as well. But Patchmon requires docker.sock to be in /var/run. My current docker.sock is of course in /run/user/{userid}. Are there any security risks, and if so what are they, to making a symlink to have the docker.sock in /var/run as well? The /run/user/{userid}/docker.sock is owned by the user running Docker. The symlink is owned by root because of the privileges needed for /var/run.

I don't have enough knowledge to be doing these kind of things, but I just like to tinker and I want to know how insecure this setup could be.

So...this is very tangentially related to Self Hosting, but hear me out...

We travel frequently, either for work or leisure. As a self-hoster, I always bring an Nvidia shield player on my travel bag, to connect to my Jellyfin host from whichever hotel we might be staying at, to watch at night for example.

But increasingly, this is becoming a pain in the butt. As most TVs aren't directly hooked anymore to just the antenna or the hotel's connection. No, they usually will be hooked to an Android box handling all sorts of crap, from the hotel welcoming screens to some info, to their pre-set channels. And the android remote works via HDMI-ARC to control the TV, of which they usually hide the damn OEM remote. So, if you unplug their android box to hook up your own player, you lose the TV controls. In some cases (Sony, mostly) you might be in luck finding the 3 physical buttons they include somewhere on the TV itself to navigate inputs and volume. But in some others, you might as well end up stuck in an Android app menu where you can't get out (I'm looking at you Phillips). So I think my next addition would be to get an universal remote to sort all these quirks when traveling. Anyone else went through these considerations? Any recommendations?

Hey, it's been a minute! Dawarich is your favorite FOSS selfhostable alternative to Google Timeline, remember? We've shipped a lot since the last post and I'm here to tell you all about it.

Github: https://github.com/Freika/dawarich

Website: https://dawarich.app/

First, a picture to get your attention:

Before we start with the great stuff, let me talk a bit about good stuff as well. Release 1.8.0 introduced a new mechanism to let you know about new releases. It works through my new application called Chibichange (https://chibichange.com/).

TL;DR: there is a Chibichange widget shipped in Dawarich, which, if you consent, will ping chibichange.com to check if there are new updates for your Dawarich instance. If there is a new version, a green pulsing dot will be shown in Dawarich navbar, click on it, and you'll see what's changed in Dawarich since your current version. Feature suggestion and voting coming to chibichange soon.

Important: this is an opt-in feature, no external requests will be made if you click "No thanks". If you say "no", there will be the usual exclamation mark beside the version if there is a new release on Github, but, sadly, no in-app changelogs.

A bit more context: I built Chibichange to have a way to conveniently deliver changelogs to Dawarich users, and soon it'll also allow you to suggest features, vote them up and provide feedback. Suggested features, if we decide to build them, will be added to our public roadmap. By the way, we recently added a roadmap: https://dawarich.app/roadmap/. Will update it soon with more cool stuff we've planned.

Chibichange will be open-sourced this summer and will have same model as Dawarich: FOSS self-hostable software with an optional cloud service for those who don't want to self-host it. This is a very niche tool, but I hope it will be useful to those in similar position, building self-hostable or otherwise software.

Okay, let's get back to Dawarich news.

The big one this time: we now draw your flights on the map. If you self-host AirTrail, Dawarich can pull your flight history and render it as proper arcs on Map V2. Set it up on the Integrations page, hit "Sync now", and it re-syncs daily on its own. Finally your map knows you didn't teleport across the ocean.

There will be more for flights in the future.

Trips got a full redesign. The whole trip page is now built on MapLibre V2 — a sticky map on the left, and a scrollable day-by-day accordion on the right with per-day distance and times, day-colored routes, a photo overlay toggle, and a replay scrubber to play the trip back. You can also drop a short note on any individual day of a trip now. I'm really happy with how this one came out.

Public sharing is a whole new thing. Trips, tracks, live location and selected time ranges can now be shared via a public, optionally phrase-protected link. Public trip pages look pretty much the same as the in-app ones, with toggles to pick exactly what the page exposes — route, stats, countries, day-by-day, notes, photos, whatever you want.

Here's a public link to my Norway road trip from the screenshot above: https://my.dawarich.app/s/07024d88-0c43-4554-ad89-d7f2916b7d57

Visit detection got rewritten. There's a new opt-in stay-point detector — non-ML, single pass, and it gives each suggested visit a 0–100 confidence score. It fixes the old algorithm's biggest annoyances: missing slow stays, and splitting one visit in two when your phone's battery died for a bit. It's behind a flag for now while I gather feedback, but it'll become the default soon. You can also now label a visit by searching for the real place name right in the Timeline.

What else?

• Multi-device tracks no longer get mangled — if you track from a phone and a watch and a GPS unit, each device stays on its own track instead of becoming one zigzagging mess.
• Fog of War can now reveal per-hexagon, not just per-point.
• Globe view is now on by default.
• Big import improvements: GPX files now stream instead of loading entirely into memory (no more OOM on huge exports), Garmin FIT files are supported, Google's "Timeline Edits.json" Takeout is recognized, and the official Traccar client is now supported directly.
• Fixed Immich photo timestamps that could be off by up to 24 hours, monthly stats now bucket by your local timezone, and a pile of timezone/DST crashes are gone.
• You can now run the containers as a custom user via PUID/PGID, OIDC fixes (trailing slash + PKCE), and a 2FA lockout to keep accounts safe.
• And, as always, literally a TON of other fixes. Bugs too, sorry, one can't go without the other.

Gentle reminder: Map V1 (Leaflet) is being sunsetted this August. Everything new is being written for V2, and it's better in basically every way — but if there's something from V1 you'd miss, tell me and I'll figure it out. Vector maps are the future!

Also, a glimpse into the future, I found an awesome tool to generate maps, bent it in couple places to work with Dawarich, and poster generation will be a thing soon!

I was so excited about how well it worked out, that I even researched if it'd be possible to plug an "Order" button into Dawarich, and, well, yes. Probably not gonna automate it right away, will just add the "Order" button beside the "Download" one for created posters, and will see how it goes. Anyway, it could be a good to support the development for anyone willing to do so, while getting a very nice personalized thingy you can actually hang on your wall. Man I love these posters.

We've finally released an update for our mobile apps, with the new logo, bug fixes and a registration flow that will have no use to selfhosters, but still is important thing to have. Annoying bug with the map not being rendered in dark mode is fixed, yay. Also, we had to re-list our Android app in Google Play Store, so the update will require you to download it separately and reauthenticate. Make sure you've uploaded all the data you had not yet uploaded in the old app. New app's page: https://play.google.com/store/apps/details?id=app.dawarich.Dawarich

We'll still release a small update for the old one with a banner suggesting an update. Sorry for this inconvenience.

This mobile release took a lot of efforts and tons of testing, but it opens new possibilities for us, and in the next one we want to focus on battery consumption optimization and, finally, will start making more steps towards feature parity with the web app.

I guess that would be it for today! I actually wanted to write a post every month, but, well, it's also too good to post one every other month :)

Saving you a scroll:

Github: https://github.com/Freika/dawarich

Website: https://dawarich.app/

iOS app: https://apps.apple.com/us/app/dawarich/id6739544999

Android app: https://play.google.com/store/apps/details?id=app.dawarich.Dawarich

Donate: https://www.patreon.com/freika / https://github.com/sponsors/Freika/

P.S. I got my shit together and started tinkering on another app, which, once done and production ready, will open lots of new possibilities for Dawarich, check it out: https://atlas.dawarich.app/. It's basically self-hostable offline maps for homelabbers, built on shoulders of titans: Overpass, Photon, Valhalla and some other great mapping tools, under a single UI and API. I'll create a separate post here once it's mature enough. Map matching comes to Dawarich, baby!

P.P.S If you're in Berlin, I'll be doing a presentation on Dawarich on Geomob, a mapping meetup, 1st of October. Come say hi, I may have stickers for you by then!

Trying to find a way to connect to my home server as well as my VPN at the same time. Doesn't seem like tailscale can. I've started looking at pangolin, has anyone had any luck with this issue?

Thank you

Edit 3:

So 0 and 1 have essentially no support, while 30 day has twice the support of a 7 day account age requirement...

I'm going to have to say the 30 day account age requirement takes it, update to the rules coming.

Given the length of things, I'm also preparing a "rules explanation post" (that will be locked from comments only to keep it clean), to allow the rules list in the sidebar to be shortened up. Meaningful details will be in the post, and comments are - as always - welcomed, either direct or via meta post.

Thanks all for bearing with me in the first few weeks of changes!

Edit 2:

I think the "no minimum" and "1-day minimum" are pretty clearly not going to take the lead at this point, but "no minimum" has a whopping 0 upvotes.

That does not mean that votes are closed!

Please continue to vote. I'll give this a full 24 hours, but in the interest of the community preference I'm going to clean up the past 24hrs worth of posts now, and put the 7 day minimum into the rules as a starting point while we give folks an opportunity to provide their up/downvotes.

I worry this is going to turn the rules into needing a post with full descriptions, but in the interest of the fun being had this week...

I think a mandatory delay on posts for new accounts doing promo, even if they are fully f/loss, can stem the tide.

I'm going to make comments below as a quick poll below for timeframes. Please upvote the ones you'd be ok with, downvote if you're against it. Since this will be quick I'm going to keep comments closed for now - if you have comments please add them to the main thread.

Edit: For the record I've removed the initial upvote from myself by creating the comment, so the net on each is exactly as the community votes on each item.