https://www.performancemarketingworld.com/article/1754300/reject-cookies-new-google-button-makes-privacy-easier-%E2%82%AC150m-fine

Each AI generated polar bear, kills one real polar bear.

#meme #ai #generated #gemini #openai #dall-e #dalle #midjourney #stablediffusion #chatgpt #deepmind #polar #bear #climatechange #climate #heat #til

So thanks to OpenWRT (it's a fork but still..), we have a Banana Pi Wifi 6 router for just 35 dollars/euros.

I have used many many distros in the past, from Debian to Gentoo, from Ubuntu to Arch, etc. etc.. But I need a system that works and does the job well, hence I'm using Linux Mint for the past few years. Linux Mint XFCE Edition to be precise.

However, always during the end of the Linux Mint support cycle.. I have the issue that it's based on Ubuntu LTS, also known as long term support (instead of the latest release), causing a lot of issues in my daily work.

I just want to use the latest clang format & compiler. Or a newer GCC compiler. And/or other tools I love and use on a daily basis... The problem now I need to add a lot of manual package repos / PPA's to the version I want. Furthermore, it introduce sometimes package conflicts. Do NOT get me started with PHP8 from ondrej + Wine stable from WineHQ.

I do not want an unstable distro like Arch, my time is limited (sorry Arch lovers). I also tried Manjaro. Also broke my system once I think, I do like Manjaro. I like Linux Mint a bit more, except at the end of the support cycle (where we are now at).

That all being said, I think I'm ready for something new... Void Linux! That is right, I think I will move over to Void Linux, created from scratch. Using a rolling release, but focused on stability (we will see). It's therefore also using it's own package manager (XBPS). As well as it's own init system: "runit". Non-free packages might be a bit harder to find, but I mainly use VSCodium, Element (Matrix), Nextcloud, KeePass, Firefox, Telegram, Transmission, Wine (Windows games :P), Mumble, Inkscape and of course various dev tools: npm, go, php, gcc/clang, pip, you name it... I use them all. I think Void Linux will be a good fit. I will keep you posted.

Feel free to leave a comment if you have ideas/feedback or your own story on your distro you're using. Are you planning to distro hop again?

I used to work with Photoshop for years (industry standard, I thought). Moving to Linux, GIMP was the next to go logical step. I was never good in manually drawing vectors or embracing the vector image manipulation tooling in general which I regret now that I didn't move to Inkscape from day one. Yes, I used Inkscape back and forth but I used Gimp more in the past years.

Inkscape is 20 years old and improved a lot in terms of usability in the past 10 years! I still think the right-sidebar options are too much hidden to be honest. For some unknown reason to me the Inkscape UI was just confusing for me. But I get the hang of it now (I think :D). Except exporting to plain SVG is still a bit strange where the image size I entered is not becoming the SVG document size during a SVG export. Inkscape still has a lot of room for improvements in those kind of areas.

That being said, I embrace SVG images more and more! I use it for business logo designs and recently also for Mbin logo designs.

I'm not going back to Gimp for logos that is for sure. And you shouldn't either, use Inkscape!

🩸 A Killing In The Market 📈

(or)

that time in the 1820s when war was traded openly on the stock market 💀

New comic ⬇️
https://www.historyshapes.com/a-killing-in-the-market/

@histodons@a.gup.pe

#History #Histodons #Comics #WebComics #Cartoons #TIL #TodayILearned #DidYouKnow #DYK #Greece #GreekIndependence #OttomanEmpire #1820s #UKHistory #EuropeanHistory #England #EnglishHistory #BritishHistory #ComicStrip

Ledger Live, the most popular crypto hardware wallet software, is tracking and transmitting sensitive user data to third parties.

If you are running big applications on top of PostgreSQL or having a lot of queries your performance might be impacted. By default the default PostgreSQL configuration is to say the least, less than ideal. Same is true for MariaDB but that is out of scope now.

Performance fine tuning your server configuration is key for better overall improvements and making the best use of your hardware! Increasing several key configuration settings in PostgreSQL can already make a huge impact! In the guide below I explain which configuration you need to pay extra attention to and also advise to increase huge pages under Linux when you're using PostgreSQL or MariaDB for that matter.

Please follow the latest PostgreSQL configuration I shared here for Mbin specifically, but can be applied to any application using a PostgreSQL DB: https://github.com/MbinOrg/mbin/blob/main/docs/admin_guide.md#postgresql-configuration

For more information on fine tuning MariaDB, Nginx, PHP or other Linux kernel configurations, I advise you to checkout my snippets on my GitLab instance: https://gitlab.melroy.org/-/snippets/609, https://gitlab.melroy.org/-/snippets/92, https://gitlab.melroy.org/-/snippets/87

Like !pics@lemmy.world

Some people might think you can only use or set environment variable of the service in docker compose eg.:

my-service:
  image: lts-alpine
  environment:
    MY_SECRET_KEY: ${MY_SECRET_KEY}

But the same ${} syntax can be used to set a version of Docker image of PostgreSQL, like in this example below:

my-service:
  image: postgres:${POSTGRES_VERSION:-13}-alpine

If nothing is set, version 13 is the fallback value. Now you can set POSTGRES_VERSION environment via your shell. Or leverage the .env file of Docker:

POSTGRES_VERSION=16

When running: docker compose --env-file .env up, Docker should now use PostgreSQL v16 Alpine as Docker image.

Bonus: The docker-compose.yml filename is an old filename, use compose.yml from now. Same for other Compose files like compose.override.yml.

More info: https://docs.docker.com/compose/environment-variables/set-environment-variables/ and https://docs.docker.com/compose/environment-variables/set-environment-variables/

When you want to cherry pick a specific commit from another remote, you do NOT need to manually copy files or fetch a patch. It's git after all...

So when I try to cherry pick a commit from Kbin and merge it back into Mbin in cases we want changes back in Mbin as well you can use git cherry-pick.

But first follow these steps below, which assumes you already have cloned Mbin repository locally and are in the working directory of Mbin (eg. main branch):

git remote add kbin https://codeberg.org/Kbin/kbin-core.git
git fetch kbin
git checkout -b call-it-what-you-want  # Creates a new local feature branch

# Now check the log on the other remote and other branch
git log kbin/develop

# Finally, cherry pick the commit you want, use the commit hash here
git cherry-pick  <commit_hash>

To all instance owners. If you are using Nginx and use the following security header:

add_header Referrer-Policy "no-referrer" always;

Please, consider changing this setting to (note: same-origin):

add_header Referrer-Policy "same-origin" always;

Which should be safe enough for users, while also fixing all the redirect issues the user (or you) might experience with your own Mbin instance.

Referer headers are used to store the previously requested pages/URLs. This can be used to navigate back from which the user came. There are also alternative methods like putting this information in the query string or adding a cookie or session data.

Either way, for now consider changing to same-origin when using Mbin.

Ps. if you are using Apache or Caddy.. Well you know what to do^^

Yes, I also saw the popup today. Youtube trying to block me because of ublock origin. I will move away from youtube if I can't use ad blocker anymore.

Today Bun v1.0.3 has been released. But it's still not ready for production in most cases. Eg. cluster module is not implemented yet.

I also wrote a blog post about Bun (the pros and cons): https://blog.melroy.org/2023/bun-v1.0/

Whether you will try to migrate to Bun it up to you, just know that Bun isn't a fully drop-in replacement of NodeJS. Maybe it will never be? Just like Deno is also not a replacement of Node.

The new AMD vulnerability discovered by @taviso and his team makes all AMD zen2 processors vulnerable. Also known has Zenbleed.

I compiled the demo code and there we go, I can see lot of information getting leaked from the memory. Not great, it's the AMD variant of the meltdown/spectre bug basically. It uses however an "optimization" operator (cvtsi2sd) to trigger the vulnerability in the CPU allowing to read 30kb/core/second of data. No special permissions required. Works on all platforms, all operating systems, VM or docker, it doesn't matter...

This vulnerability was found using fuzzing, which is an automated way of injecting wrong input values and see when or if something breaks or not.

Currently only EPYC processors have received a fix. All other AMD Zen 2 processors are still fully vulnerable. There are also no BIOS firmware updates yet. I doubt wherever this premature public release from AMD was intentional or not...

More info: https://lock.cmpxchg8b.com/zenbleed.html

Officially HTTP/3 is already released since 2022, but Nginx still didn't created a stable release with HTTP/3 and QUIC support.

However... I'm now using the so called mainline Nginx repository to get the latest Nginx version. Which I use on all my domains as my primary reverse proxy software. I enabled HTTP/3 and QUIC now on all my domains, incl. kbin.melroy.org.

What is HTTP/3 and QUIC???

That is a great question! Currently if you browse a site with HTTPS (TLS) enabled, like basically every website nowadays... The browser starts with TCP connection towards the server, then back a response, then a whole TLS sequence back and forward again between you and the server.. And finally the actual data you want to request and receive..

Both HTTP/3 and QUIC technologies combined will all change this within just 2 requests total instead of 4 requests. Also QUIC will use UDP instead of TCP. See the attachment. I won't go into more details.

TLDR; Browsing the encrypted web just has become faster again.

Today I got CI/CD pipeline of Codeberg Actions working on the Codeberg kbin project. Which is based on GitHub Actions actually.

I'm running my own forgejo-runner. And register a new runner that works together with Codeberg.org. Now new jobs will be automatically picked-up by my runner. This is required to avoid regression on PRs, run automatically build and various tests. In the future also deploy to acceptance environment(s).

The Actions tab is now also enabled as well in the kbin project, showing the current running jobs or completed jobs.

I'm leveraging Docker for the build and unit-tests jobs. Currently requiring both NodeJS, Yarn and PHP in a single Docker image. Forgejo runners can also accept LXC containers, but that comes with vulnerability issues so I only allow Docker.

Officially, Codeberg/Forgejo Actions is still in early beta. They don't provide hosted runners yet. That all being said, it seems to work fine for now. I try to talk with the Forgejo developer to also get the cache action working. Since currently we have an issue with that. Caching should allow us to have faster CI/CD runs and less load on NPM and Composer package registries.

DO NOT OPEN THE “LEGAL” PAGE — lemmy.world is a victim of an XSS attack right now and the hacker simply injected a JavaScript redirection into the sidebar. It appears the Lemmy backend does not escape HTML in the main sidebar. Not sure if this is also true for community sidebars. [https://sh.itjust.works/pictrs/image/707c0f16-3d5c-4888-b865-34228d968ee6.png] EDIT: the exploit is also in the tagline that appears on top of the main feed for status updates, like the following one for SDF Chatter: [https://sh.itjust.works/pictrs/image/2dc8838f-4611-4b62-92d2-ab45d7b1c560.png] [https://sh.itjust.works/pictrs/image/9195ec9c-166e-4190-a991-26d218089602.png] EDIT 2: The legal information field also has that exploit, so that when you go to the “Legal” page it shows the HTML unescaped, but fortunately (for now) he’s using double-quotes. "legal_information":"

Lemmy was/is vulnerable for XSS attacks.

Hackers try to inject JavaScript code that tries to steal your (ideally admin) cookie credentials. It seems that the admin account of lemmy.world was compromised this way (MichelleG). Other instances aren't safe either. Which could point to the custom emojis feature in the federate comments, meaning a lot of external instances could be effected by now.

Incorrect escaping of user input data could lead to these issues. Kbin just recently discovered a similar regression issue and which has been solved by now. But it seems that Lemmy was or still is vulnerable to this attack factor.

Mitigation action Lemmy users: You might want to disable JavaScript in the meanwhile.

Mitigation action for Lemmy server owner: Disable custom emoji:

DELETE FROM custom_emoji_keyword;
DELETE FROM custom_emoji;

Clean-up the exploit content:

UPDATE comment SET content = '<REMOVED BY ADMIN>' WHERE content LIKE '%![" onload%';
UPDATE private_message SET content = '<REMOVED BY ADMIN>' WHERE content LIKE '%![" onload%';
UPDATE post SET body = '<REMOVED BY ADMIN>' WHERE body LIKE '%![" onload%';
UPDATE post SET name = '<REMOVED BY ADMIN>' WHERE name LIKE '%![" onload%';

Rotate your JWT secret (invalidates all current login sessions):

UPDATE secret SET jwt_secret = gen_random_uuid();

Note: Even just opening a link to a vulnerable Lemmy instance could allow hackers to steal your cookies or sessions credentials. Therefore I will not share or allow people to share URLs of comprised / vulnerable instances.

Without proper CI/CD workflow jobs, errors are easily made without noticing it (or noticed too late). Especially when multiple developers are contributing towards your code base. Maybe your project is open-source?

When developing in a (large) piece of software, automated building & testing are crucial aspects to avoid regression impact of the code archive and even deployment.

The latest best practices are to setup a good and stable continues integration. Ideally also add a continues delivery setup for your project. Meaning that each pull request you receive will automatically try to build, test and deploy the code.
With testing I mean unit testing, functional tests, integration and E2E tests. And maybe UI tests if your application has a frontend as well.

Personally, I use GitLab for all my own projects, GitLab has a great CI/CD pipeline feature built-in their software. I'm running multiple GitLab runners, ready to pick-up requests. Which could be a unit-test running a Docker container, software build using GCC compiler or deploying my code live towards dev, acc and production.

Lacking such a well thought out CI/CD pipeline might result is build issues, regression issues or in the worst case down-time or unhappy users. Try to avoid this by using CI/CD for each of your open-source projects.

Have fun programming!

Kbin moderation tools are still in the making. In the meanwhile Kbin admins should not be afraid of PostgreSQL....

TIL I learned that the magazine table has a visibility column that can be set to "trashed". It will not remove the magazine, but it will hide the magazine on your site.

You can use the psql command to login with your username/password credentials (eg. psql -U kbin or using the default user: psql -U postgres). Then connect to the kbin database using: \c kbin. Then try this SQL query:

UPDATE magazine set visibility ='trashed' where name ='blala@lemmy.ml';

Replace the name with the magazine you want to hide on your server. You can exit this command using \q.

One of the main instances of Lemmy (lemmy.ml) is blocking 'kbinbot' user agent requests on their instance. Basically, they are blocking kbin instances. This is not a bug, but on purpose.

I couldn't find anything related in their source-code, so this is block is only present on lemmy.ml (or maybe some other Lemmy instances).

This is causing quite a lot of federation issues with Kbin instances. Resulting in various failed messages (from the messenger handler).

$ curl -I --user-agent "kbinbot" https://lemmy.ml
HTTP/2 403
server: nginx
date: Wed, 28 Jun 2023 18:35:27 GMT
content-type: text/html
content-length: 146
vary: Accept-Encoding

$ curl -I --user-agent "notkbin" https://lemmy.ml
HTTP/2 200
server: nginx
date: Wed, 28 Jun 2023 18:35:42 GMT
content-type: text/html; charset=utf-8
content-length: 163388
vary: Accept-Encoding
x-powered-by: Express
content-security-policy: default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src *
etag: W/"27e3c-LCqXylkqSkDOy3K+3w2TijtMn14"
strict-transport-security: max-age=63072000
referrer-policy: same-origin
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block