Bit-breaker working in cybersecurity/IT. Only languages I know are English and Programming ones.

Sometimes I write things about technology.


If I told you the SHA256 for this sentence starts with 'c, 5, four, a, and a', would you believe me?

  • 16 Posts
  • 136 Comments
Joined 2Y ago
cake
Cake day: Mar 12, 2022

help-circle
rss

Proxmox will do 90% of everything you need, coming from VMWare/EsXi. It can import and read your existing vmdks.


Damn good question. No answer for you, but good question.


Exactly. Windows already has this functionality with runas and this implantation doesn’t improve on it at all.


Can’t decide if this response is Absence of Evidence or Black Swan fallacy. Either way, just because you haven’t experienced something, doesn’t mean its false.


Yeah NFC payments don’t work AFAIK with Graphene OS. That sucks, because that’s been my primary use for NFC on Android. Not the end of the world, but less convenient.


Don’t you mean, share my GNU mug with you ? The extra ‘New’ is redundant :P Definitely a smug mug.


Damn that’s rough. See if something like zram can help you.



Thanks for asking. Doing better this week than last; feeling better and handling things better. Kiddos are still annoying, but not as as stressful. Work stuff is still anxiety inducing. trying it ignore it.

How’re you doing Alyaza?


Emacs in org mode can do anything. Doesn’t mean its an easy or good for the use case.


Not at all. I’m a user of the product/service, not the creators friend or even acquaintance. If their product sucks, I’m more apt to speak against that. If the persons worldview sucks, that’s their problem; so long as it does not infect their tech or media. If/when it does, that’s a different aspect.



I think that question is definitely a worthy cause, but entirely misplaced. As others said, they donated to Beehaw not to some other foundation or charity. Rainy day fund is better than an oh shit, we’re broke moment. I am extremely grateful to those who have and continue to donate towards Beehaw’s Cause. We need to make sure that money is used, when needed, as expected.

Let it ride.


Yes, you can. Though as another commenter mentioned, doing it like you currently attempted to, is way too much of a hassle.

That is, don’t try and negotiate your own SMTP session and content. Being POP_OS is Ubuntu based, you should be able to use the mail command from mailutils package

echo "Is this working?" | mail -s "Subject" recipient@email-address.org

Also might want to consider something like Apprise (Everything and the kitchen sink) or NTFY (Does one thing, does it well) for other types of notification methods.


Where are these discussions happening? On the beehaw Lemmy or elsewhere?


Its an on going discussion and not a take our ball and go home situation. I think its important to gather support and insight with a big decision and not play dictator. Also, now the hectic holiday season is mostly over in the states, others opinions may differ from before.



Don’t tell me what kind of year to have.

But happy new years. Take it easy. BEE cool


Thanks, I linked to the overall collection of this saga not a specific article. Should be able to find the Byline when reading one of the listed articles.


Hell of an exploit chain, really interesting to dissect.

Stressful but that’s normal? Less stressful than some other years. Family likes their gifts so much they’re arguing about them. No work today though so win there. I need a break from the break…


The problem when you own a space that if you let certain groups of people in, such as, in this example, Nazis, you’ll literally drive everyone else away from your space, so that what started off as a normal, ordinary space will become, essentially, a Nazi bar.

It’s not only Nazis — it can be fascists, white supremacists, meth-heads, PUAs, cryptocurrency fanboys — some groups will be so odious to others that they will drive everyone else from your space, so the only solution that you can enact is to ensure that they don’t come to your place, even if they’re nice and polite and “follow your rules”, because while they might, their friends won’t, those friends have a history of driving away other people from other spaces.

"you have to nip it in the bud immediately. These guys come in and it’s always a nice, polite one. And you serve them because you don’t want to cause a scene. And then they become a regular and after awhile they bring a friend. And that dude is cool too.

And then THEY bring friends and the friends bring friends and they stop being cool and then you realize, oh shit, this is a Nazi bar now. And it’s too late because they’re entrenched and if you try to kick them out, they cause a PROBLEM. So you have to shut them down.




That’s AJAX

Yes, and that’s what is shown in this article.

… return HTML content and use the htmx library to handle the AJAX requests

htmx is not meant to do anything fancy that you can’t do with Ember/Angular/React/Vue/etc.

htmx is simpler though and has a few benefits as I see it, compared to those frameworks:

  • No duplication of data models and routing, and all business logic stays on the server-side where it belongs.

  • No build step, no dependency hell, and no outrageous churn; just include one JS file that browsers should be able to run indefinitely.



Ain’t even a Texan thing, its just y’all.


If there were a good forum software that had decent threading and strong mod tools

Agreed and that is something we are aiming for with whatever software we’ve been looking at. Good user experience and mod tools.



  • EDITL Lemmy-UI deleted my !@#$#% links because I used the standard Markdown of less than and greater than symbols for a link.

1.)

2.)


My comment on a deleted post

These are my opinions, probably not shared with others and surely not the end all be all to ‘why not Rust?’

Rust is hard. Rust is slow to iterate with and compile. Here’s a highlevel overview of the things you’d need to learn to effectively understand Rust code; not even speaking to learning enough of that to write it. Rust gets touted as secure, and it is more secure than other low level languages like C/C++. That does not make it invulnerable to exploits. It gives a false sense of security to developers who think My app can’t be hacked, it’s written in Rust!!. While Rust is better at memory management and protecting against run time errors related to memory issues, that doesn’t make it 100% safe. That removes almost one class of potential exploits, not all of them, and can’t protect the developer against other developer created issues. Rust code is still written by people. People still write insecure code even in Rust. Computers are dumb as hell; but fast. People are smart as hell, but SLOW. Combine the two and you get stupid things faster; not smarter things better.

  • Rust development is hard, hard to learn, very hard to do right
  • Rust is not suited for a web application. Would you tell someone to go write the web application and web page in C/C++? Nope. There’s a reason for that. Not suited to it. Square peg, round hole
  • There’s always exploits being discovered. Rust handles some things better, but uhhh… Go look at some Lemmy Rust code. Definitely still has vulnerabilities; Rust won’t save you from yourself.

Something like Golang is much better choice for development of a web service that has sane API handling. By the time to add in more error handling, more type checking, more passing around of this function or that data, and more checking it on the sender and receiver side…etc. By the time you’re writing Rust safely and correctly; it is much slower than what you may be lead to believe.

Go is primarily designed for speed of development (including compilation times), rather than speed of execution. Go programmers tend to value clear code over fast code. Why does a microsecond longer matter for a website? Maybe in some backend PLC land there’s a damn good use for that performance. For a networked web application; it’s a pointless metric. That is not going to be your bottleneck.


Rust is hard to understand just reading it let alone determine why it’s doing something.


Rust

fn does_what(n: u64) -> bool {
    match n {
        0...1 => false,
        _ => !(2..n).any(|d| n % d == 0),
    }
}

Golang

func doesWhat(value int) bool {
    for i := 2; i <= int(math.Floor(float64(value)/2)); i++ {
        if value %i == 0 {
            return false
        }
    }
    return value > 1
}

Not talking about the functionality merits of the two, but in comparing the _code itself. One of those is much easier to determine what’s going on and what it should be doing versus the other. I don’t feel like fighting my code. Programming is a tool to help. If it takes more work to use the tool to achieve your goal, it’s the wrong tool. Rust is the wrong tool for web development.


why not have it federate?

Because activitypub is a hot mess and Lemmy’s implementation on top of it, is problematic.


Entering in your credentials as an instance admin, mod, or otherwise, into a third party website is an absolute no-go.


Lemmy’s attempt to make unsafe HTML “safe” in markdown, is screwing up the formatting in the code block. Download the actual properly formatted json here. Save to your PC as whatever.json and then import that file. It should work.




Long live daddy Spez. Well said, looking forward to the IPO based on this.


Seriously. Searching google with site:reddit.com is a thing for a reason. Their on site search is atrocious.



Time once again for me to share something helpful that can be used with one of my favorite extensions

{
    "createdBy": "Redirector v3.5.3",
    "createdAt": "2023-10-12T00:00:00.357Z",
    "redirects": [
       {
            "description": "YouTube>YewTube",
            "exampleUrl": "https://youtube.com/watch?v=ckatAzemRHk/",
            "exampleResult": "https://yewtu.be/watch?v=ckatAzemRHk/",
            "error": null,
            "includePattern": "^(?:https?):\\/\\/(?:\\w+\\.)?youtube\\.com(.+)?\\b",
            "excludePattern": "",
            "patternDesc": "Redirect Youtube",
            "redirectUrl": "https://yewtu.be$1",
            "patternType": "R",
            "processMatches": "noProcessing",
            "disabled": false,
            "grouped": false,
            "appliesTo": [
                "main_frame"
            ]
        },
    ]
}

Nice idea! I’m planning on doing a few smaller soldering/learning projects with the Kiddo. Nothing fancy or major though.


Easy. Kagi cares about the quality of their product giving you the customer good results. Their product is a search engine. Google doesn’t care to make their search engine better currently. Their product is ad placement and sales. You are not their customer.

Kagi already exceeds Google at being a search engine, at this time.



Samesies :P This is awesome. Love being a user and not the product. EDIT:

With the redirector extension you can import the following to help with muscle memory.

{
    "createdBy": "Redirector v3.5.3",
    "createdAt": "2023-09-22T00:00:00.631Z",
    "redirects": [
       {
            "description": "Google->Kagi",
            "exampleUrl": "https://www.google.com/search?q=kagi%20rocks&sca_esv=011101111&source=dv&ei=CN",
            "exampleResult": "https://kagi.com/search?q=kagi%20rocks",
            "error": null,
            "includePattern": ""^(?:https?):\\/\\/(?:www\\.)?google\\.com(\\/?$|(\\/search\\?q=.*?(?=[&])))"",
            "excludePattern": "",
            "patternDesc": "Redirect Kagi",
            "redirectUrl": "https://kagi.com$1",
            "patternType": "R",
            "processMatches": "noProcessing",
            "disabled": false,
            "grouped": false,
            "appliesTo": [
                "main_frame"
            ]
        },
    ]
}

Not sure where to put this in here or DIY. But, finished my TKL build and wanted to show off. I mean I didn't _just finish_ it, but pretty recent. Took a bit longer than I expected and a bit tedious for a perfectionist, but over all not too bad. It works! Through-hole PCB with FR4 plate and case. Pretty nice looking and quality components. I put MX browns on because I like the smooth feeling of them. Not typing on it now; just admiring! Need to let my soldering hand recuperate.

[@alyaza@beehaw.org](https://beehaw.org/u/alyaza) is MIA currently, but this weekly thread has been so awesome to see and keep going; so I am making what would be her typical post for this week. Alyaza; stay safe friend, I hope everything is okay. Beeple, how's your mid week going so far??

> On September 1, 2023, the domains registry for .COM and .XYZ will implement universal price increases of up to 9% for .COM renewals, and up to 9% for .XYZ renewals, registrations, and transfers.

SQLedge - SQLite read replica of a Postgres primary DB
SQLedge uses Postgres logical replication to stream the changes in a source Postgres database to a SQLite database that can run on the edge. SQLedge serves reads from its local SQLite database, and forwards writes to the upstream Postgres server that it's replicating from. This lets you run your apps on the edge, and have local, fast, and eventually consistent access to your data. ----- Should be much faster for reads than hitting the full PSQL DB, but lacks features like aggregation and triggers. Wonder if this could be incorporated into Lemmy for any benefit.

The C Programming Language: Myths and Reality
C is an old language lacking many, many, many modern features. One of the features it does not lack is encapsulation and isolation.

Coroutines for Go
This post is about why we need a coroutine package for Go, and what it would look like. But first, what are coroutines? Every programmer today is familiar with function calls (subroutines): F calls G, which stops F and runs G. G does its work, potentially calling and waiting for other functions, and eventually returns. When G returns, G is gone and F continues running. In this pattern, only one function is running at a time, while its callers wait, all the way up the call stack.

Literally one of the _worst formats_ I deal with daily, from a security standpoint are PDFs. Very useful and predictable for the end user; yes, but very dangerous for the capabilities it allows. > Dangerzone works like this: You give it a document that you don't know if you can trust (for example, an email attachment). Inside of a sandbox, Dangerzone converts the document to a PDF (if it isn't already one), and then converts the PDF into raw pixel data: a huge list of RGB color values for each page. Then, in a separate sandbox, Dangerzone takes this pixel data and converts it back into a PDF.

Information Overload - Beehaw style
## Improving Beehaw > **BLUF**: The operations team at Beehaw has worked to increase site performance and uptime. This includes proactive monitoring to prevent problems from escalating and planning for future likely events. --- **Problem**: Emails only sent to approved users, not denials; denied users can't reapply with the same username * Solution: Made it so denied users get emails and their usernames freed up to re-use #### Details: * Disabled Docker postfix container; Lemmy runs on a _Linux host_ that can use postfix itself, without any overhead * Modified various postfix components to accept localhost (same system) email traffic only * Created two different scripts to: * Check the Lemmy database once in while, for denied users, send them an email and delete the user from the database * User can use the same username to register again! * Send out emails to those users (and also, make the other Lemmy emails look nicer) * Sending so many emails from our provider caused the emails to end up in spam!! We had to change a bit of the outgoing flow * DKIM and SPF setup * Changed outgoing emails to relay through Mailgun instead of through our VPS * Configure Lemmy containers to use the host postfix as mail transport All is well? --- **Problem**: NO file level backups, only full image snapshots * Solution: Procured backup storage (Backblaze B2) and setup system backups, tested restoration (successfully) #### Details: * Requested Funds from Beehaw org to be spent on purchase of cloud based storage, B2 - approved (_thank you for the donations_) * Installed and configured restic encrypted backups of key system files -> b2 'offsite'. This means, even the data from Beehaw that is saved there, is _encrypted_ and no one else can read that information * Verified scheduled backups are being run every day, to b2. Important information such as the Lemmy volumes, pictures, configurations for various services, and a database dump are included in such * Verified restoration works! Had a **small** issue with the pictrs migration to object storage (b2). Restored the entire pictrs volume from restic b2 backup successfully. Backups work! _sorry for that downtime, but hey.. it worked_ --- **Problem**: No metrics/monitoring; what do we focus on to fix? * Solution: Configured external system monitoring via external SNMP, internal monitoring for services/scripts ##### Details: * Using an existing self-hosted Network Monitoring Solution (thus, no cost), established monitoring of Beehaw.org systems via SNMP * This gives us important metrics such as network bandwidth usage, Memory, and CPU usage tracking down to _which process are using the most_, parsing system event logs and tracking disk IO/Usage * Host based monitoring that is configured to perform actions for known error occurrences and attempts to automatically resolve them. Such as Lemmy app; crashing; **again** * Alerting for unexpected events or prolonged outages. Spams the crap out of @admin and @Lionir. _They love me_ * Database level tracking for 'expensive' queries to know _where_ the time and effort is spent for Lemmy. Helps us to report these issues to the developers and get it fixed. With this information we've determined the areas to focus on are database performance and storage concerns. We'll be moving our image storage to a CDN _if possible_ to help with bandwidth and storage costs. Peace of mind, and let the poor admins sleep! --- **Problem**: Lemmy is _really slow_ and more resources for it are **REALLY** expensive * Solution: Based on metrics (see above), tuned and configured various applications to improve performance and uptime ##### Details: * I know it doesn't seem like it, but really, uptime has been better with a few exceptions * Modified NGINX (web server) to cache items and load balance between UI instances (currently running 2 lemmy-ui containers) * Setup frontend varnish cache to decrease backend (Lemmy/DB) load. Save images and other content before hitting the webserver; saves on CPU resources and connections, but no savings to bandwidth cost * Artificially restricting resource usage (memory, CPU) to prove that Lemmy _can run_ on less hardware without a ton of problems. Need to reduce the cost of running Beehaw ##### THE DATABASE This gets it's own section. Look, the largest issue with Lemmy performance is currently the database. We've spent a lot of time attempting to track down why and _what_ it is, and then fixing what we reliably can. However, none of us are rust developers or database admins. We know where Lemmy spends its time in the DB but not why and really don't know how to fix it in the code. **If you've complained about _why is Lemmy/Beehaw so slow_** this is it; this is the reason. So since I can't code rust, what do we do? Fix it where we can! Postgresql server setting tuning and changes. Changed the following items in postgresql to give better performance based on our load and hardware: ``` huge_pages = on # requires sysctl.conf changes and a system reboot shared_buffers = 2GB max_connections = 150 work_mem = 3MB maintenance_work_mem = 256MB temp_file_limit = 4GB min_wal_size = 1GB max_wal_size = 4GB effective_cache_size = 3GB random_page_cost = 1.2 wal_buffers = 16MB bgwriter_delay = 100ms bgwriter_lru_maxpages = 150 effective_io_concurrency = 200 max_worker_processes = 4 max_parallel_workers_per_gather = 2 max_parallel_maintenance_workers = 2 max_parallel_workers = 6 synchronous_commit = off shared_preload_libraries = 'pg_stat_statements' pg_stat_statements.track = all ``` --- Now I'm not saying _all of these_ had an affect, or even a cumulative affect; just the values we've changed. Be sure to use your [own system values](https://pgtune.leopard.in.ua/) and not copy the above. The three largest changes I'd say are key to do are `synchronous_commit = off`, `huge_pages = on` and `work_mem = 3MB`. [This article](https://www.enterprisedb.com/postgres-tutorials/introduction-postgresql-performance-tuning-and-optimization) may help you understand a few of those changes. With these changes, the database seems to be working a damn sight better even under heavier loads. There are still a lot of inefficiencies that can be fixed with the Lemmy app for these queries. A user [phiresky](https://github.com/phiresky/lemmy/branches) has made some huge improvements there and we're hoping to see those pulled into main Lemmy on the next full release. --- **Problem**: Lemmy errors aren't helpful and sometimes don't even reach the user (UI) * Solution: Make our own UI with ~~blackjack and hookers~~ propagation for backend Lemmy errors. Some of these fixes have been merged into Lemmy main codebase #### Details * Yeah, we did that. Including some other UI niceties. Main thing is, you need to pull in the lemmy-ui code make your changes locally, and then _use that custom image_ as your UI for docker * Made some changes to a custom lemmy-ui image such as handling a few JSON parsed error better, improving feedback given to the user * Remove and/or move some elements around, change the CSS spacing * **Change the node server to listen to system signals sent to it**, such as a graceful docker restart * Other minor changes to assist caching, changed the container image to Debian based instead of Alpine (reducing crashes) ---   ### The end? No, not by far. But I am about to hit the character limit for Lemmy posts. There have been many other changes and additions to Beehaw operations, these are but a _few of the key_ changes. Sharing with the broader community so those of you also running Lemmy, can see if these changes help you too. Ask questions and I'll discuss and answer what I can; no secret sauce or passwords though; I'm not ChatGPT. **Shout out to [@Lionir@beehaw.org](https://beehaw.org/u/Lionir) , [@Helix@beehaw.org](https://beehaw.org/u/Helix) and [@admin@beehaw.org](https://beehaw.org/u/admin)** for continuing to work with me to keep Beehaw running smoothly. Thanks all you Beeple, for being here and putting up with our growing pains!

Huffman dismissed the mod protesters with similar language to how he referred to the mobs that came for Ellen Pao (_“a toxic minority”)_. Huffman’s scramble to increase revenue underlines something he’s previously admitted to—that he isn’t really sure how to run Reddit like a business, and he’s adjusting his leadership style to try to get there

Overall, a release more for engineering than language. Even the new API's are mainly optimizations, but a large improvement.

More fun with VIM, it only takes six key strokes to save and quit.

RedHat dropping support for LibreOffice
I get that LibreOffice isn't really needed on a server or Windows based enterprise; but i take it as this means RHEL is going to remove these packages from official repositories. Does this mean LibreOffice won't have RH as a supporter and maintainer?

Personally trying to learn more Rust programming, but awesome to see the cadence of their releases. What's been your experience with Rust development?