gms - Network

FWIW, running https://github.com/gsauthof/utility/?tab=readme-ov-file#check-dnsbl against a the default Hetzner nameserver also surfaces...

FWIW, running https://github.com/gsauthof/utility/?tab=readme-ov-file#check-dnsbl against a the default Hetzner nameserver also surfaces Spamhaus' warning.

PSA: If you rely on a public Spamhaus blocklist on a server hosted at Hetzneryou may have noticed a slight increase in false-negative spam...

PSA: If you rely on a public Spamhaus blocklist on a server hosted at Hetzner
you may have noticed a slight increase in false-negative spam since February, 19th
due to Spamhaus' attribution requirements:

https://www.spamhaus.org/resource-hub/email-security/query-the-legacy-dnsbls-via-hetzner/

As always, it's recommended to reject only based on well-known
return codes (cf. https://docs.spamhaus.com/datasets/docs/source/10-data-type-documentation/datasets/040-zones.html) and monitor for warnings (cf. https://www.postfix.org/postconf.5.html#warn_if_reject, e.g. `warn_if_reject reject_rbl_client zen.spamhaus.org=127.255.255.[1..255]`).

Fedora announces RISC-V images and build infrastructure support: https://lwn.net/Articles/1010857/

Fedora announces RISC-V images and build infrastructure support:

https://lwn.net/Articles/1010857/

Wow, the superuser stackexchange site has some trigger-happy moderators:I asked about out-of-the-box file decryption support in...

Wow, the superuser stackexchange site has some trigger-happy moderators:

I asked about out-of-the-box file decryption support in Windows:

https://superuser.com/q/1868818/66039

=> my question was swiftly closed as off-topic for bogus reasons, a few minutes later

Meta discussion:

https://meta.superuser.com/q/15359/66039

Finally got around to modernize the dracut-sshd testsuiteand integrate it with github actions,after github enabled nested virtualization...

Finally got around to modernize the dracut-sshd testsuite
and integrate it with github actions,
after github enabled nested virtualization support in early 2023:

https://github.com/gsauthof/dracut-sshd/tree/master/.github/workflows
https://github.com/gsauthof/dracut-sshd/tree/master/test

github actions: job that includes nested virtualization setup and multiple VM reboots completes in 3 minutesalso github actions: man-db...

github actions: job that includes nested virtualization setup and multiple VM reboots completes in 3 minutes

also github actions: man-db trigger triggered by trivial `apt install` invocation runs for 6 minutes

Published a small case study of exploiting arithmetic expansion in a shell script and injecting binary code into a Linux...

Published a small case study of exploiting arithmetic expansion in a shell script and injecting binary code into a Linux process:

https://gms.tf/inject_code.html

New Android theft detection - Android Authority author has some trouble triggering it...

New Android theft detection - Android Authority author has some trouble triggering it ...:

https://www.androidauthority.com/android-theft-detection-lock-test-3491674/

PSA, you might want to check the OOMPolicy setting in your terminal, e.g. via:systemctl --user -p OOMPolicy show $(sed 's@^.*/@@'...

PSA, you might want to check the OOMPolicy setting in your terminal, e.g. via:

systemctl --user -p OOMPolicy show $(sed 's@^.*/@@' /proc/self/cgroup)

With OOMPolicy=stop one command running into OOM may terminate all your terminal sessions!

For example, for Konsole under KDE (Fedora) I use this fix:

$ cat ~/.config/systemd/user/app-org.kde.konsole-.scope.d/override.conf
[Scope]
OOMPolicy=continue
$ systemctl --user daemon-reload

Gnome Shell situation: https://bugzilla.redhat.com/show_bug.cgi?id=2259351

Feature-Policy http header continues to being useless since it's impossible to define a deny-all...

Feature-Policy http header continues to being useless since it's impossible to define a deny-all default:

https://github.com/w3c/webappsec-permissions-policy/issues/189

Bug is open since 6 years ...

Highlights:

https://github.com/w3c/webappsec-permissions-policy/issues/189#issuecomment-452401661
https://github.com/w3c/webappsec-permissions-policy/issues/189#issuecomment-468456752
https://github.com/w3c/webappsec-permissions-policy/issues/189#issuecomment-568304691
https://github.com/w3c/webappsec-permissions-policy/issues/189#issuecomment-2423113117

Created a small Python script for feeding ESTR (Euro Short-Term Rate) daily updates into a...

Created a small Python script for feeding ESTR (Euro Short-Term Rate) daily updates into a database:

https://github.com/gsauthof/feed-util?tab=readme-ov-file#estr

NB: on 2024-09-18 the ECB decreased the deposit facility rate to 3.5 %
(https://www.ecb.europa.eu/stats/policy_and_exchange_rates/key_ecb_interest_rates/html/index.en.html)

However, this didn't stop Mozilla from silently initializing `dom.private-attribution.submission.enabled` to true.

However, this didn't stop Mozilla from silently initializing `dom.private-attribution.submission.enabled` to true.

Disabling Firefox's user tracking for advertisers in standard Firefox on Android was harder than expected.I ended up:1. enabling...

Disabling Firefox's user tracking for advertisers in standard Firefox on Android was harder than expected.

I ended up:

1. enabling `about:config` via going to chrome://geckoview/content/config.xhtml
and toggling `general.aboutConfig.enable` to true
2. browsing to `about:config` and toggling `dom.private-attribution.submission.enabled` to false

The 'Website Advertising Preferences' under 'Privacy & Security' is completely missing from the settings UI, in Firefox on Android version 128.0.1.

Wow, probably the first time someone simply deleted my github issue without any comment.I thus published the text on my blog and added some...

Wow, probably the first time someone simply deleted my github issue without any comment.

I thus published the text on my blog and added some context:

The curious case of nanosleep vs. hr_sleep
https://gms.tf/hr_sleep.html

Can confirm, Datadog still spams hard.cf. https://news.ycombinator.com/item?id=33394059

Can confirm, Datadog still spams hard.

cf. https://news.ycombinator.com/item?id=33394059

I created an ad blocker for podcast audio files:https://gms.tf/blocking-audio-ads.htmlhttps://github.com/gsauthof/cutbynoise

I created an ad blocker for podcast audio files:

https://gms.tf/blocking-audio-ads.html

https://github.com/gsauthof/cutbynoise

Apparently, that Apache issue I reported almost 17 years ago can still be reproduced on current Apache:Bug 43666 - CGI works, but client...

Apparently, that Apache issue I reported almost 17 years ago can still be reproduced on current Apache:

Bug 43666 - CGI works, but client denied error messages in error.log
https://bz.apache.org/bugzilla/show_bug.cgi?id=43666

While searching for something completely different I found this compact mini disc:

While searching for something completely different I found this compact mini disc:

It continues to be surpisingly involved to determine the TSC frequency in user space:https://stackoverflow.com/a/57835630/427158I'm...

It continues to be surpisingly involved to determine the TSC frequency in user space:

https://stackoverflow.com/a/57835630/427158

I'm listing 8 approaches and recently added a cpuid/awk example that works with normal user privileges on recent Intel CPUs.

Recently I learned that a simple Fedora Postfix package update may change your custom /etc/postfix/main.cf in arbitrary ways.In case you are...

Recently I learned that a simple Fedora Postfix package update may change your custom /etc/postfix/main.cf in arbitrary ways.

In case you are explicitly binding Postfix to an IPv6 address while relying on the inet_protocols default (which includes ipv6 on ipv6 enabled systems) this breaks your Postfix service for no good reason.

cf. https://bugzilla.redhat.com/show_bug.cgi?id=2258229