melroy

Mbin released a new version: Mbin v1.7.4.

This is the v1.7.4 release of Mbin and it brings a lot of documentation updates and bug fixes (especially in the backend): documentation for the Nginx setup has been altered a lot (allowing you to rate limit on Nginx level), PostgreSQL has also seen a few edits, most Symfony commands are now documented, we improved the federation backend, we "revive" dead instances when we get activities from them, the search experience is now improved when searching for URLs, we now support strike through HTML to markdown and a lot more.

The most important thing for developers is that the automated tests are now working and required for PRs to be merged.

Again, see full release note at: https://github.com/MbinOrg/mbin/releases/tag/v1.7.4

Thank you!

Setting commit_delay = 300 (which is 300 microseconds) in PostgreSQL allows you to group write commits. And flush them by a single transaction.

This is in particularly useful if you have a lot of writes to the disk in a short time window, this will reduce the disk I/O bursts.

You could also set synchronous_commit = off as well. So there will not be a flush earlier than the specified wal_writer_delay. However, only turn this off, if your performance is more important than your data integrity. That being said, it will not cause corruptions, unlike the fsync setting (which I would strongly advise to NOT change, so keep fsync on the default setting).

And then we have wal_writer_delay. Which is the time in milliseconds how often the WAL gets flushed. This option only works when synchronous_commit if set to off!! You most likely do not need to increase the wal_writer_delay value (in fact, you might even want to lower this value).

Official docs: https://postgresqlco.nf/doc/en/param/commit_delay/

Settings to point out are in random order:

• https://postgresqlco.nf/doc/en/param/shared_buffers/
• https://postgresqlco.nf/doc/en/param/effective_io_concurrency/
• https://postgresqlco.nf/doc/en/param/max_worker_processes/
• https://postgresqlco.nf/doc/en/param/max_wal_size/ & https://postgresqlco.nf/doc/en/param/min_wal_size/

See more PostgreSQL fine-tuning at: https://gitlab.melroy.org/-/snippets/610

We are excited to announce the latest release of Mbin; v1.7.3! It's a big patch release once again. This version is focused on bug fixes and improvements rather than new features. Notable improvements in random order are:

• Improved PHP (max_children), Nginx (improved logging using map, upstream block for Mercure and open_file_cache) and PostgreSQL documentation (adding commit_delay config option and better defaults).
• Better RabbitMQ messenger defaults
• Fixed security Symfony audit & update all Symfony packages
• Fixed self-delivery looping
• Improved delivery handler by not rolling back InvalidApPostException exceptions
• Fixed private comments retrieval via API
• Fixed dead instance query (by allowing lastSuccessfulDeliver to be NULL)
• Fixed markdown toolbar editor during editing a thread
• Improved federation page
• New/improved npm audit and composer audit checks in GitHub Actions workflow

More details can be found at: https://github.com/MbinOrg/mbin/releases

We are excited to announce the release of Mbin v1.7.2! This version is packed with important bug fixes and performance improvements, focused on bug fixes rather than new features.

The main improvements are:

• Fixing many PHP undefined, null or other errors that admins might see in their production logs.
• Resolving several templating null issues.
• Removing CSRF tokens from public forms (when user isn't logged-in), reduce unnecessary large amount of sessions.
• Migrating Symfony sessions from Redis to PostgreSQL to avoid race conditions.
• Increase session & cookies duration to 4 months (so people stay logged-in).
• Adding a down-vote mode in .env.
• Add stricter requirements on the routes configuration (reducing invalid requests are making it to the controller).
• Introducing a scheduler for removing deleted user messages & pruning the dead letter queue in RabbitMQ.
• Various other bug fixes and updating package dependencies and translation improvements.

Read the full release note at: https://github.com/MbinOrg/mbin/releases/tag/v1.7.2

We are still searching for PHP developers, feel free to join our Mbin project! Join our matrix space or pick-up a 'good-first-issue'.

Test 123 xD

By Jeremy Hsu on September 24, 2024

Popular smart TV models made by Samsung and LG can take multiple snapshots of what you are watching every second – even when they are being used as external displays for your laptop or video game console.

Smart TV manufacturers use these frequent screenshots, as well as audio recordings, in their automatic content recognition systems, which track viewing habits in order to target people with specific advertising. But researchers showed this tracking by some of the world’s most popular smart TV brands – Samsung TVs can take screenshots every 500 milliseconds and LG TVs every 10 milliseconds – can occur when people least expect it.

“When a user connects their laptop via HDMI just to browse stuff on their laptop on a bigger screen by using the TV as a ‘dumb’ display, they are unsuspecting of their activity being screenshotted,” says Yash Vekaria at the University of California, Davis. Samsung and LG did not respond to a request for comment.

Vekaria and his colleagues connected smart TVs from Samsung and LG to their own computer server. Their server, which was equipped with software for analysing network traffic, acted as a middleman to see what visual snapshots or audio data the TVs were uploading.

They found the smart TVs did not appear to upload any screenshots or audio data when streaming from Netflix or other third-party apps, mirroring YouTube content streamed on a separate phone or laptop or when sitting idle. But the smart TVs did upload snapshots when showing broadcasts from the TV antenna or content from an HDMI-connected device.

The researchers also discovered country-specific differences when users streamed the free ad-supported TV channel provided by Samsung or LG platforms. Such user activities were uploaded when the TV was operating in the US but not in the UK.

By recording user activity even when it’s coming from connected laptops, smart TVs might capture sensitive data, says Vekaria. For example, it might record if people are browsing for baby products or other personal items.

Customers can opt out of such tracking for Samsung and LG TVs. But the process requires customers to either enable or disable between six and 11 different options in the TV settings.

“This is the sort of privacy-intrusive technology that should require people to opt into sharing their data with clear language explaining exactly what they’re agreeing to, not baked into initial setup agreements that people tend to speed through,” says Thorin Klosowski at the Electronic Frontier Foundation, a digital privacy non-profit based in California.

https://www.newscientist.com/article/2449198-smart-tvs-take-snapshots-of-what-you-watch-multiple-times-per-second/ (paywall!!)

testing double form submit...2

#testing

testing double form submit...

#testing

My ipset hash is full!? I'm using Ubuntu Server and I created a separate fail2ban jail that uses "iptables-ipset-proto6-allports" as their ban action (thus using ipset instead of iptables).

However, today I seem to hit the limit: stderr: 'ipset v7.15: Hash is full, cannot add more elements'.

This can be confirmed by running the ipset -t list command:

Name: f2b-manual
Type: hash:ip
Revision: 5
Header: family inet hashsize 32768 maxelem 65536 timeout 0 bucketsize 12 initval 0xbc28aef1
Size in memory: 2605680
References: 1
Number of entries: 65571

Where the 65571 entries exceeds the maxelem (65536). So what now?? Could I create a banlist in a txt file or something? I just want to ban some large tech corps: https://gitlab.melroy.org/-/snippets/619

Private properties are counterparts of the regular class properties which are public, including class fields, class methods, etc. Private properties get created by using a hash # prefix and cannot be legally referenced outside of the class. The privacy encapsulation of these class properties is enforced by JavaScript itself. The only way to access a private property is via dot notation, and you can only do so within the class that defines the private property.

Today I'm planning to upgrade the server from Ubuntu 22.04 to Ubuntu 24.04 (new LTS release).

I already proposed it once after reading: https://ostechnix.com/ubuntu-24-04-1-lts-release-delayed/...

Hopefully I will not hit any of these RabbitMQ bugs: https://bugs.launchpad.net/ubuntu/+source/rabbitmq-server/+bug/2074309

Mastodon poll is a tie: https://mastodon.melroy.org/@melroy/113135476244781426

So, let's go! What can go wrong??

~~ Famous last words ~~