chris

reginasbread, 1 month ago to random

sometimes, I hit "bookmark" instead of "star" when I want to like a toot, and then I try to figure out why certain posts are in my bookmarks. I mean, they're all bangers, but why did I bookmark a post about wanting to be stuck in a cabin with a bunch of hunks?

chris, 1 month ago to random

So #Covid vaccines are dangerous because #mRNA is dangerous.
#Amatoxin stops mRNA synthesis in the human body very effectively, it is absolutely natural, organic and available for free in wild mushrooms.
#bigPharma is hiding this fact from us and even managed to give the most common of these mushrooms a bad name.
“#FreedomCap not #DeathCap” may be a good campaign slogan!

matt, 1 month ago to random

When in doubt, you can always tell which iPad cost more money by how little color it has.

These are both "pink" iPads, but one costs $150 more than the other…more color is not one of the things you're paying for 😂😭

piefedadmin, 1 month ago to random

Fediverse traffic is pretty bursty and sometimes there will be a large backlog of Activities to send to your server, each of which involves a POST. This can hammer your instance and overwhelm the backend’s ability to keep up. Nginx provides a rate-limiting function which can accept POSTs at full speed and proxy them slowly through to your backend at whatever rate you specify.

For example, PieFed has a backend which listens on port 5000. Nginx listens on port 443 for POSTs from outside and sends them through to port 5000:

upstream app_server {   server 127.0.0.1:5000 fail_timeout=0;}

server {   listen 443 ssl;   listen [::]:443 ssl;   server_name piefed.social www.piefed.social;   root /var/www/whatever;   location / {       # Proxy all requests to Gunicorn       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;       proxy_set_header X-Forwarded-Proto $scheme;       proxy_set_header Host $http_host;       proxy_redirect off;       proxy_http_version 1.1;       proxy_set_header Connection "";       proxy_pass http://app_server;       ssi off;   }

To this basic config we need to add rate limiting, using the ‘limit_req_zone’ directive. Google that for further details.

limit_req_zone $binary_remote_addr zone=one:100m rate=10r/s;

This will use up to 100 MB of RAM as a buffer and limit POSTs to 10 per second, per IP address. Adjust as needed. If the sender is using multiple IP addresses the rate limit will not be as effective. Put this directive outside your server {} block.

Then after our first location / {} block, add a second one that is a copy of the first except with one additional line (and change it to apply to location /inbox or whatever the inbox URL is for your instance):

location /inbox {       <strong>limit_req zone=one burst=300;</strong>#       limit_req_dry_run on;       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;       proxy_set_header X-Forwarded-Proto $scheme;       proxy_set_header Host $http_host;       proxy_redirect off;       proxy_http_version 1.1;       proxy_set_header Connection "";       proxy_pass http://app_server;       ssi off;  }

300 is the maximum number of POSTs it will have in the queue. You can use limit_req_dry_run to test the rate limiting without actually doing any limiting – watch the nginx logs for messages while doing a dry run.

It’s been a while since I set this up so please let me know if I mixed anything crucial out or said something misleading.

https://join.piefed.social/2024/04/17/handling-large-bursts-of-post-requests-to-your-activitypub-inbox-using-a-buffer-in-nginx/

#nginx #webPerformance

Fischblog, 1 month ago to random German

Die Sonne scheint, die Kirschen blühen, die Vögel sitzen in den Bäumen und singen "Fickenfickenficken". Es ist sehr idyllisch.

uastronomer, 1 month ago to random

So here's a question: Scammers are always trying to get people to buy gift cards and then read them the code, so that they can get their money launderer to redeem them online or something?

And there's be some sort of hash function or whatever used to generate the voucher codes to stop people just trying to guess them sequentially?

Sort of like activation codes on software? So why has nobody written apple_gift_card_keygen.exe?

scy, 1 month ago to random

Eek. Apparently liblzma (part of the xz package) has a backdoor in versions 5.6.0 and 5.6.1, causing SSH to be compromised.

https://www.openwall.com/lists/oss-security/2024/03/29/4

This might even have been done on purpose by the upstream devs.

Developing story, please take with a grain of salt.

The 5.6 versions are somewhat recent, depending on how bleeding edge your distro is you might not be affected.

#liblzma #xz #lzma #backdoor #ITsecurity #OpenSSH #SSH

atomicpoet, 1 month ago to fediversenews

The Fedipact table showing which servers are blocking Threads is not accurate!

For example, it says that atomicpoet.org is blocking Threads when, in fact, this is not correct. So view this entire site with skepticism.

https://fedipact.veganism.social/

@fediversenews

Gargron, 1 month ago to random

Fucking Boeing

cstross, 2 months ago to random

There is now a USB memory stick drying in my airing cupboard.

Because @Menhit pushed it off a shelf and straight into my teacup!

Obviously she doesn't want me installing Mint Linux on a spare ultrabook any time soon …

Dianepatterson, 2 months ago to random

Today's pro-tip:

If you have to do a Google search, use “before:2023" at the beginning of your search string. You get a completely different (and IMO much more usable) set of results.

The web has died.

cstross, 2 months ago to random

Hypothesis about busybox: busybox development will only be complete once it includes gcc and a linux kernel that can boot off the bare metal.

vicgrinberg, 2 months ago to random

I made it to Restaurant Ernst in Berlin today - folks, everything I heard about it got topped by the real experience.

I will not call it best because there is no way to compare Vermeer to Van Gogh or El Greco to Mucha, they are too different - but it's definitely among my absolute recommendations.

I had the full menu (their only option) + the non-alcoholic pairing. Wanna come along?

(P.S. Folks, remember, I block ruthlessly if you poop on my party.)

chris, 2 months ago to ai

“#AI” will save us!
https://www.theolognion.com/p/ai-solves-all-political-economic-and-medical-problems-after-parsing-hacker-news-comments

chris, 2 months ago to random German

Ich vermisse das Paralleluniversum ohne Covid mit den ganzen Konzerten von #JasonBartsch, das war schön!

kubikpixel, 2 months ago to web German

deleted_by_author

blindbat84, 2 months ago to random

Never thought I'd be happy about having adentist appointment coming up, but one of my teeth has been bugging me lately when I eat... as much as the idea of whatever it will take to make that stop terrifying me and making me all anxious, I know I'll do it to have pain free eating again. GLad I have a parntner who is so supportive of all my dental anxiety and crap. I just suspect this will be acrown or root canal... the latter of which I've never had and never wanted to have and ugh...

Binder, 2 months ago to cooking

Today I’m #cooking salmon & I’m only allowed to use oil, salt & pepper. So basically exactly the way I’ve been making it 😄

chris, 3 months ago to random

I’d like to file a formal complaint on the total lack of documentation for something useful I set up half a year ago for myself.
I have no idea why it works.