Security Operations melroy • 2 days ago • 90%

My ipset hash is full!? I'm using Ubuntu Server and I created a separate fail2ban jail that uses "iptables-ipset-proto6-allports" as their ban action (thus using ipset instead of iptables). However, today I seem to hit the limit: `stderr: 'ipset v7.15: Hash is full, cannot add more elements'`. This can be confirmed by running the ipset -t list command: ```sh Name: f2b-manual Type: hash:ip Revision: 5 Header: family inet hashsize 32768 maxelem 65536 timeout 0 bucketsize 12 initval 0xbc28aef1 Size in memory: 2605680 References: 1 Number of entries: 65571 ``` Where the 65571 entries exceeds the maxelem (65536). So what now?? Could I create a banlist in a txt file or something? I just want to ban some large tech corps: https://gitlab.melroy.org/-/snippets/619

Mbin Blog Updates melroy • 3 days ago • 100%

Today I'm planning to upgrade the server from Ubuntu 22.04 to Ubuntu 24.04 (new LTS release). I already proposed it once after reading: https://ostechnix.com/ubuntu-24-04-1-lts-release-delayed/... Hopefully I will not hit any of these RabbitMQ bugs: https://bugs.launchpad.net/ubuntu/+source/rabbitmq-server/+bug/2074309 Mastodon poll is a tie: https://mastodon.melroy.org/@melroy/113135476244781426 So, let's go! What can go wrong?? ~~ Famous last words ~~

Mbin Blog Updates melroy • 1 week ago • 100%

Today we are releasing Mbin v1.7.1. Upgrade your Mbin server now to the latest release: [1.7.1](https://github.com/MbinOrg/mbin/releases/tag/v1.7.1). This version includes tons of fixes (too many to mention here, look at ["What's Changed"](https://github.com/MbinOrg/mbin/releases/tag/v1.7.1)) and introduces also new features like: trusted proxy configuration ([see also docs](https://docs.joinmbin.org/admin/configuration/nginx#trusted-proxies)), activate accounts manually using the admin panel, show an error when the image is too large to upload ([look at the latest .env template file](https://github.com/MbinOrg/mbin/blob/main/.env.example#L42)), improved API end-points (isAdmin, isGlobalModerator is part of the user API, fixed AP context and more) as well as many documentation improvements. **Note:** Due to a dead-lock issue in 1.7.0, which is now fixed in 1.7.1, we strongly recommend upgrading your Mbin server as soon as possible. --- If you want to host your own Mbin server? But you need help? Come and join us at: [Matrix chat](https://matrix.to/#/#mbin-general:melroy.org). We are happy to help! --- I personally want to thank all contributors of Mbin as well as the Mbin community as a whole! We can't do it without all of you.

Mbin Blog Updates melroy • 2 weeks ago • 100%

We are in the final testing phase of Mbin v1.7.1, we hope to release the new stable version this weekend! Which actually brings a lot of improvements (we could have considered it calling v1.8.0, but well). #mbin #updates #release

I never seen such a good YouTube video from Linus Tech Tips: [https://www.youtube.com/watch?v=GsjHMzGl-VY](https://www.youtube.com/watch?v=GsjHMzGl-VY) (jokes on you) If you don't get it? Remove Chrome now and install Firefox (or any fork of Firefox). Then install uBlock Origin now! Add-on here: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/

Mbin Blog Updates melroy • 1 month ago • 100%

We released a new Mbin version: 1.7.0! See: https://github.com/MbinOrg/mbin/releases This is the v1.7.0 release of Mbin and it brings a lot of changes: improved instance wide modlog, new SSO providers, new translated languages, moderator updates in the modlog, new cake day display, better stability and scalability of the messengers, PeerTube support, federating direct messages, federate un-/pinning entries, updated robots.txt, improve the documentation, longer durability of the user session, adding admin notifications for reports, tombstones for deleted remote users, improve the federation of edits, push subscriptions, a new look of the federation page, add public API endpoints for getting de-/federated and dead instances, magazines can now restrict posting to mods, updating magazines and users should now federate instantly, new users and magazines now show a leaf icon next to them, improve the editing of threads, make the maximum image size configurable The Mbin development team now suggests using PHP v8.3. If you are using the docker setup you will automatically be running the new PHP version. A total of 145 reviewed and approved pull requests have been merged into this release! As always, a special thank you to new and existing contributors, without you, future Mbin releases would not be possible!

Firefox melroy • 2 months ago • 48%

## Sad story ahead Today I fully removed Firefox as my main browser. It's banned from all my devices from now onwards. I used Firefox as my only browser since I was 10 years old. Which is 24 years now (24 years!). I loved Firefox trying to be a good alternative to Chrome, promoting open-source and showing the world that privacy does matter. Sadly not anymore, recently after Mozilla hostile CEO takeover and moving the company forward to an advertisement company. Neglecting privacy. And fully want the other way around, tracking user data sending back to Mozilla. And at the same time Mozilla has also became an ads company just like Google, so there is no difference anymore really. And it only goes down-hill from here. Furthermore, Mozilla is spending more money in AI companies then in the product Firefox itself. So.. Luckily, there are plenty great Firefox forks! Look into some of them yourself and really pick an alternative _rather sooner than later_: - LibreWolf - Floorp (_I went with Floorp_, thus far it's great!!!) - Waterfox - Mullvad Just pick one, anything... from above list! I know, it's sad. It's very sad, after 24 years I didn't went to leave Firefox, but this last moves was the straw that broke the camel's back. I'm out, cya at the fork!

Mbin Blog Updates melroy • 2 months ago • 100%

github.com

Sorry for the late post. This is the 1.6.0 release of Mbin. It brings several changes and improvements including, but not limited to, a new UI filter for sorting threads and microblog posts, a new hashtag system, Microsoft Azure and SimpleLogin SSO additions, private instance mode, framework upgrade to Symfony 7.0, outgoing federation of delete actions, several backend improvements to address federation stability and compatibility, UI fixes and route changes, etc. We are already preparing for release 1.7.0, which is coming along very nicely. See you soon with v1.7.0.

Mbin Blog Updates melroy • 6 months ago • 100%

Mbin patch release 1.5.1 is out. Which is an important update for server admins to upgrade as soon as possible in order to fix sending emails (both during registration form as well as contact form). This patch release was created to fix those email issues. More info: https://github.com/MbinOrg/mbin/releases/tag/v1.5.1

Mbin Blog Updates melroy • 6 months ago • 100%

Mbin release version 1.5.0 is out today. Official release notes: https://github.com/MbinOrg/mbin/releases/tag/v1.5.0 User notice: https://gehirneimer.de/m/mbinReleases/t/192724

Privacy melroy • 11 months ago • 93%

I saw today the infamous pop-up of YouTube again that they will block the video player after 2 more videos if I keep using uBlock Origin. \*\* Google.

Mbin Blog Updates melroy • 11 months ago • 0%

In the past months development of Kbin slowly came to a halt, development was bottlenecked by a single maintainer. I have tried several times to start a discussion about the way of working and trying to address the problems and to come up with a plan to keep development doing and more importantly keep contributors happy! Despite all of this; no response on Matrix and nothing has really changed at Kbin. I saw the project slowly dying over the past months, and I couldn't let this happen. That's why I decided to _fork_ the project called [Mbin](https://github.com/MbinOrg/mbin). I wanted to avoid a fork initially, but I didn't saw any way out. [Mbin](https://github.com/MbinOrg/mbin) is community-focused fork, build upon trust and embracing the Collective Code Construction Contract (C4). Despite the fact I'm the creator of Mbin, I am **NOT** the only maintainer, several contributors already have **owner** rights on the GitHub organization as well as on the [Matrix Space](https://matrix.to/#/#mbin:melroy.org) and Weblate. We are all maintainers, we peer-review each other's code and are allowed to merge pull requests from other external contributors and our own. The community of Mbin will now decide what will be picked-up and resolved, what will be merged or not. The community is in charge. And I am "just" another contributor, following the C4 rules. [Mbin](https://github.com/MbinOrg/mbin) development has been accelerated tremendously over just one week time. With tons of improvements in GUI, backend, security and documentation. We have great internal discussions and a friendly community. We work as a team, sharing knowledge and helping each other out. We review and test our code changes together, we all feel responsible. I think all this is the real reason why I created the fork; it's about the people and about empowerment. Various instances already migrated towards Mbin, see: [https://fedidb.org/software/mbin](https://fedidb.org/software/mbin). Mbin is backwards compatible with kbin, so migration should be straight forward and easy. **Success story:** Jerry almost gave up [fedia.io](https://fedia.io/), if it weren't for Mbin, we would already have lost a big federated instance (I genuinely didn't know he was about to give up). Luckily the fork gave him hope. And hopefully I gave everybody hope again.

Today I Learned melroy • 11 months ago • 100%

Some people might think you can only use or set environment variable of the service in docker compose eg.: ``` my-service: image: lts-alpine environment: MY_SECRET_KEY: ${MY_SECRET_KEY} ``` But the same `${}` syntax can be used to set a version of Docker image of PostgreSQL, like in this example below: ``` my-service: image: postgres:${POSTGRES_VERSION:-13}-alpine ``` If nothing is set, version 13 is the fallback value. Now you can set `POSTGRES_VERSION` environment via your shell. Or leverage the `.env` file of Docker: ``` POSTGRES_VERSION=16 ``` When running: `docker compose --env-file .env up`, Docker should now use PostgreSQL v16 Alpine as Docker image. *Bonus:* The `docker-compose.yml` filename is an old filename, use `compose.yml` from now. Same for other Compose files like `compose.override.yml`. More info: [https://docs.docker.com/compose/environment-variables/set-environment-variables/](https://docs.docker.com/compose/environment-variables/set-environment-variables/) and [https://docs.docker.com/compose/environment-variables/set-environment-variables/](https://docs.docker.com/compose/environment-variables/set-environment-variables/)

Mbin Blog Updates melroy • 12 months ago • 0%

I didn't really wanna write about this. But there we go anyway now. Yesterday the problems started to occur with the media.kbin.social domain issues with an expired TLS certificate. Causing problems with thumbnails and other media on the main instance. Now the [kbin.social](https://kbin.social) domain instance seems to be fully down. Might be related to the TLS certificate issue or planned maintenance?, that is anybody's guess. Nobody from Ernest to Piotr are responding or seem to be present to resolve the actual problem(s). This affects thousands of people on that instance and damaging the /kbin brand as a whole. I think it's unacceptable. I hope people will **not** migrate towards Lemmy. I do hope if users want to migrate, they migrate to other kbin instances. Spreading the load and users across several instances is never a bad idea anyway. Making it more decentralized in the process. I have wanted to discuss these issues several times before about how we deal with sustainable software development at kbin and recently also the main instance (kbin.social). The the focus on long term and on continuity of the project as a whole. We may have now reached the bottom, and hopefully (some) people will realize that things can and should be better. I do like kbin and all the developers/contributors. I do not want to see it disappear. My hope is that changes will happen rather sooner than later. ~End of my story

You can also use the map feature of [fediverse.observer](https://kbin.fediverse.observer/map) to pick your new kbin instance.

Today I Learned melroy • 1 year ago • 100%

Lemmy was/is vulnerable for XSS attacks. Hackers try to inject JavaScript code that tries to steal your (ideally admin) cookie credentials. It seems that the admin account of lemmy.world was compromised this way ([MichelleG](https://lemmy.world/u/MichelleG)). Other instances aren't safe either. Which could point to the custom emojis feature in the federate comments, meaning a lot of external instances could be effected by now. Incorrect escaping of user input data could lead to these issues. Kbin just recently discovered a [similar regression issue](https://kbin.melroy.org/m/updates/t/5756/Update-your-Kbin-instance-now) and which has been solved by now. But it seems that Lemmy was or still is vulnerable to this attack factor. **Mitigation action Lemmy users:** You might want to disable JavaScript in the meanwhile. **Mitigation action for Lemmy server owner:** Disable custom emoji: ``` DELETE FROM custom_emoji_keyword; DELETE FROM custom_emoji; ``` Clean-up the exploit content: ``` UPDATE comment SET content = '<REMOVED BY ADMIN>' WHERE content LIKE '%![" onload%'; UPDATE private_message SET content = '<REMOVED BY ADMIN>' WHERE content LIKE '%![" onload%'; UPDATE post SET body = '<REMOVED BY ADMIN>' WHERE body LIKE '%![" onload%'; UPDATE post SET name = '<REMOVED BY ADMIN>' WHERE name LIKE '%![" onload%'; ``` Rotate your JWT secret (invalidates all current login sessions): ``` UPDATE secret SET jwt_secret = gen_random_uuid(); ``` *Note:* Even **just opening a link** to a vulnerable Lemmy instance could allow hackers to steal your cookies or sessions credentials. Therefore I will not share or allow people to share URLs of comprised / vulnerable instances.

Videos melroy • 1 year ago • 100%

I notice just recently that Youtube is lowering the quality of the videos (bitrate), and I need to buy Youtube premium to upgrade the bitrate. Sure they claim they don't touch the bitrate for free users, but I can see the difference... I think it's time we all move to PeerTube as well. [#peertube](https://kbin.melroy.org/tag/peertube) [#youtube](https://kbin.melroy.org/tag/youtube)