Elvith Ma'for
Former Reddfugee, found a new home on feddit.de. Server errors made me switch to discuss.tchncs.de. Now finally @ home on feddit.org.
Likes music, tech, programming, board games and video games. Oh… and coffee, lots of coffee!
I � Unicode!
- 0 Posts
- 144 Comments
So, the beautiful original that was opened 1982 has a cheap copy opened in 1836?
That could have worked out, had you used e.g. the arch of Macedonia that opened in 2012…
13·1 month agoFor me it was usually that the config that I need to serve a site with TLS is quite short, there are sensible defaults and many things (e.g. websockets) just work without further declaration. That’s especially important if you want to host a container that has some lacking documentation about usage of reverse proxies, as most things “just work fine” for me.
And using a simple include directive, you can even replicate ‘sites-available’ and ‘sites-enabled’ behaviour. My standard Caddyfile just sets up the log file format and location and basic Let Encrypt values. Then it includes
/foo/bar/sites-available/*. Every deployment/container now has its own Caddyfile that just gets linked there.
4·1 month agoFound the problem, it’s just the app Jerboa that somehow renders it strangely. Lemmy itself seems to behave fine
~/.ssh/config or ~/.ssh/known_hostsas
<sub>/.ssh/config or </sub>/.ssh/known_hosts
If you click through to the original advisory it becomes clear, why this is rated quite low: because of what you said. Quote:
An attacker may leverage this arbitrary file write to achieve unauthorized access/code execution, such as by overwriting a user’s SSH keys or .bashrc file
You can write to whatever the user has access, but that’s usually your home. To wreak havoc you need to either be lucky, or use some somewhat known files and paths that you can reasonably expect to exist - such as
~/.ssh/configor~/.ssh/known_hostsor maybe a private ssh key. Otherwise you could add an alias to the shell profile for a command that you expect the user to run (e.g. aliaslstorm -rf ~). You could get quite creative with the last one (e.g. aliasapt,dnf,zypper, etc. to any executable you want to run with sudo).Edit: Why the fuck does Lemmy change a tilde to whatever attempt at turning it into an html tag that is?!
To be fair, when I open that link, I get light gray text on a dark brown-or-yellow-greyish background which isn’t that easily readable for me - at least contrast wise.
6·2 months agoRule 34 for FLOSS ¯\_(ツ)_/¯
Everything’s important and because that overwhelms you and you do not know what to prioritize, nothings important to you in the end
Do you happen to know of any self hosted report-ingestion, that allows me to check my csp and somewhat visualize them? I know there are services like report-uri and such, but they do cost a monthly fee and probably also have a privacy impact for my visitors
I get LFTP and somewhat cron, but why OpenSSH? You can also SSH to the host and get into the container from there.
ITry to keep containers minimal, meaning only add what you absolutely need. Also I advise you to keep/consider the content of the container as immutable. If something’s wrong, throw it away and restart with aa clean container. Data that you download should reside on a volume mapped to the container and this can usually also be accessed from the host. Same for any LFTP/cron config, etc.
So, what exactly is you plan why you need to SSH into the container itself? This post smells a bit like a XY Problem.
A quick google reveals that there are ready to go docker images with LFTP (which weighs about 7.5MB), which might be completely suitable for your need depending on your use case? https://hub.docker.com/r/minidocks/lftp/
7·2 months agoI was initially searching for even another one, but couldn’t find it - where aliens invade earth and request a number of people to conduct experiments on. Only to have them delivered in a short amount of time. The humans reveal that they just posted the alien’s request to several kink forums on the internet and there were many people willing to participate.
Won’t somebody think of the shareholders?
6·2 months agoSo… Millions will be gettig ‘big beautiful bills’?
The door is obviously open. Not sure about the wheel, though…
assert IsEven(-2);
Yeah, but tomatoes are berries and thus fruit, not vegetables