Sysadmin/hosting in a nutshell. TY for keeping things going! View quoted note →

Feel free to @ me if you have a decent internet connection and want help running your own hardware stack :) View quoted note →

I just submitted a security disclosure to a tradfi website because I was able to get their graphql backend to send back some interesting errors by playing with these headers and IP addresses. Setting them to private IP ranges gave some interesting results. Nothing of interest leaked, but it was interesting how badly things broke. I was able to trigger certain server and gateway errors. View quoted note →

Reminder that the following http headers are "protected" headers that malicious client's can and will spoof to exploit bad server configuration - X-Forwarded-For - X-Forwarded-Proto - X-Forwarded-Server - X-Real-IP I would suggest if you're developing server software that uses values from any of these headers, it does so only from trusted downstream proxy servers.

Has anyone actually tried running any somewhat modern distro on old/junky equipment? Because I have and it's a horrible experience lately compared to what I was 6-7 years ago. RHEL and related distros require x86_64_v3 now so you can't run anything older than haswell architecture. Likely anything with Gnome or KDE are useless on hardware older than about 2014 or worse than an I7. Fedora 38-42 and Ubuntu 20-25 will not boot with kernel 6.8, 6.12, 6.14 or 6.16. I was able to get kernel 5.14 to boot with UEFI to boot on Sandy Bridge, but less than 4gb of memory still isn't usable for both Gnome or KDE. The cpu spends most of it's time swapping and is basically locked up all the time. Switching to Fedora Budgie with kernel 6.14, did boot with UEFI and disk encryption, although it has lots of network driver issues and is not stable on an Intel I5 650 w/ 8gb of memory. Ubuntu 22+ install iso wouldn't load in bios or UEFI mode, haven't tried older releases. My old AMD Kabini 5350 could run Windows 10 well, but was unusable running any of those distros when I got them to boot. And when I mean ran win10 well, I mean without any frustration watching 1080p media with multiple tabs open and basic multitasking. View quoted note →

Anyone interested in some old server and desktop computer parts in the northeast US? Take a look at my replies to this note :)

Tip for those using nostr #outbox web clients wanting some more privacy. This may cause you not to see some notes if you exclusively use "offline" relays. If you use uBlock origin (if you don't you should consider it), you can add a new filter to your filter list to allow only certain requests. Example: *$websocket,domain=outbox.client.com,denyallow=outbox.client.com|nostr.land|nostr1.com|gitcitadel.com|nostr.build This will block all websockets when you browse outbox.client.com, except those domains listed after denyallow=. More specifically its saying the rule matches (websockets) when those conditions are true (site != denyallow). So you can stack them, get more granular etc. I would suggest taking this a step further and adding another rule, but instead of `$websocket`, you use `third-party` which will block ALL third-party requests, so it will block loading pfps and nip05s and images and CDN content from untrusted websites. Yeah it will make your viewing experience worse, but you can stop telling the world what your doing when you're scrolling your feed. Here are the docs:

GitHub

Static filter syntax

uBlock Origin - An efficient blocker for Chromium and Firefox. Fast and lean. - gorhill/uBlock

I'm sure you could probably give your favorite AI this link and ask it to generate a "new denyallow rule" for you.

So I think I now have a 3-3-2 backup for the important stuff. And a 3-2-0 for less important bulky stuff.

GM. Today's agenda - GitCitadel things :) - Today is a little work fixing CI servers - More work getting my Linux workstation VM going - Maybe some work on the kubernetes cluster - Working on the pickup. I have to get some rust prevention, mirrors stripped and re-painted, some electrical work, and my coolant filter hoses replaced. Not necessarily in that order