The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,828 other subscribers

fail2ban is yet another “A project some … person … has been thanklessly maintaining since …”; ensure it does not become yet another XZ Utils debacle

Posted by jpluimers on 2024/07/17

https://i0.wp.com/web.archive.org/web/20240711133830if_/https%3A//www.explainxkcd.com/wiki/images/d/d7/dependency.pngEarlier this week there were only three sponsors for [Wayback/Archive] sebres (Sergey G. Brester) Β· GitHub.

You might think “Why is this important?”.

Sergey is the single maintainer of fail2ban, the open source project that protects countless (likely a majority) ofΒ  public facing servers facing on the Internet.

Please don’t let fail2ban become another XZ Utils and support Sergey: we don’t want the project to become unmaintained, or worse: being backdoored like XZ was.

[Wayback/Archive] Sponsor @sebres on GitHub Sponsors Β· GitHub

The fail2ban repository is at [Wayback/Archive] GitHub – fail2ban/fail2ban: Daemon to ban hosts that cause multiple authentication errors

Via [Wayback/Archive] dee πŸ³οΈβ€βš§οΈ: “fail2ban has one core maintain…” – Grafana Social

fail2ban has one core maintainer github.com/fail2ban/fail2ban and he has only 3 Github sponsors github.com/sebres

WTF

I can’t even comprehend how many servers are protected by fail2ban, how many compromises are avoided, how many people who run hobby things all the way up to major sites that get to sleep soundly every night… because of this single project.

Related: XZ 5.6.x are backdoored and present in many systems: downgrade to 5.4.x or earlier now; consider libarchive compromised until proven otherwise

--jeroen

Read the rest of this entry »

Posted in Development, Python, Scripting, Software Development | Leave a Comment »

On my list of tools to try: zhot and tweetzhot (both by Rop Gongrijp and based on puppeteer) to create browser screenshots from the terminal

Posted by jpluimers on 2024/07/17

The feature reminds me on how archive.today saves content.

Both the zhot and tweetzhot repositories are on my list of tools to try. They might make writing blog posts easier.

They are both based onΒ [Wayback/Archive] puppeteer/puppeteer: Headless Chrome Node.js API

Puppeteer is a Node library which provides a high-level API to control Chrome or Chromium over theΒ DevTools Protocol. Puppeteer runsΒ headlessΒ by default, but can be configured to run full (non-headless) Chrome or Chromium.

It demonstrates headless browser usage and canΒ for instance:

  • Generate screenshots and PDFs of pages.
  • Crawl a SPA (Single-Page Application) and generate pre-rendered content (i.e. “SSR” (Server-Side Rendering)).
  • Automate form submission, UI testing, keyboard input, etc.
  • Create an up-to-date, automated testing environment. Run your tests directly in the latest version of Chrome using the latest JavaScript and browser features.
  • Capture aΒ timeline traceΒ of your site to help diagnose performance issues.
  • Test Chrome Extensions.

Note any headless browser will have some trouble rendering single-page applications.

Repositories:

Read the rest of this entry »

Posted in Chrome, Chrome, Development, Google, JavaScript/ECMAScript, Power User, Puppeteer, Scripting, Software Development, Web Browsers | Leave a Comment »

DigiD backend code: GitHub – MinBZK/woo-besluit-broncode-digid

Posted by jpluimers on 2024/07/16

From a few months back: [Wayback/Archive] GitHub – MinBZK/woo-besluit-broncode-digid

Via Bugblauw [Wayback/Archive] Lord Mendel Mobach πŸ’‰πŸ’‰πŸ’‰πŸ’‰πŸ¦ πŸ’‰ on X: “DigiD Backend is openbaar … met dank aan @Logius_minbzk @MinBZK @DigiDwebcare” / X

Comments (on why parts of it is obfuscated):

  1. [Wayback/Archive] Arian van Putten on X: “@bugblauw @Logius_minbzk @MinBZK @DigiDwebcare sorry hoor maar dit is echt een aanfluiting. Ze hebben een soort Regex Search en Replace gedaan en alle URLs verandert met SSSSSSSSSS. Waaronder ook alle XML namespaces dus helemaal niks hieraan werkt. Waarom is dit zo extreem weggelakt allemaal? …”

    [Wayback/Archive] Code search results Β· GitHub

  2. [Wayback/Archive] Lord Mendel Mobach πŸ’‰πŸ’‰πŸ’‰πŸ’‰πŸ¦ πŸ’‰ on X: “@ProgrammerDude @Logius_minbzk @MinBZK @DigiDwebcare Technisch werkt het wel als je maar consistent bent. Hooguit krijg je een warning dat het niet absolute is. Even praktisch: hierin zaten bijvoorbeeld bedrijfsnamen, en men heeft besloten dat per string aan te pakken. Over keuzes die in 2006 of eerder zijn gemaakt …… tjsae..”

--jeroen

Posted in Development, Java, Java Platform, Ruby, Software Development | Leave a Comment »

s3-ocr: Extract text from PDF files stored in an S3 bucket

Posted by jpluimers on 2024/07/16

For my link archive: [Wayback/Archive] s3-ocr: Extract text from PDF files stored in an S3 bucket

One reason is archival of books. Even (or maybe especially) in IT, books already have historic meaning especially in narrower fields where they often are not available in the Internet Archive or have been scanned by Google Books.

Via/related:

Read the rest of this entry »

Posted in Amazon S3, AWS Amazon Web Services, Cloud, Cloud Apps, Development, Infrastructure, Internet, Power User, Python, Scripting, Software Development | Leave a Comment »

Ends in a few hours: The Jordan Mechner Prince of Persia Challenge! | ThecePlay

Posted by jpluimers on 2024/07/15

Memories of the Apple ][ and //e past, though I won’t participate (my eye hand coordination is mediocre at best, so even completing a game will be a challenge:

[Wayback/Archive] The Jordan Mechner Prince of Persia Challenge! | ThecePlay

Via [Wayback/Archive] Jordan Mechner on X: “@sarsij @sujoygolan Hi, you can play 1990 @princeofpersia in your browser or in emulation via @internetarchive. Links are posted here (for @TwinGalaxies Prince of Persia challenge, with prizes–ends midnight tonight)”

More links:

Read the rest of this entry »

Posted in //e, 6502, Apple, Apple ][, Games, History, Power User, Retrocomputing | Leave a Comment »

When you need USB 3 downstream ports on your monitor, be wary of LG monitors

Posted by jpluimers on 2024/07/15

After researching the below tweet, I found out that many LG monitors have this limitation on downstream ports, depending on how the upstream USB-C port is connected:

Their manuals phrase it like this:

  • When the USB C-C cable is connected between Upstream port of monitor and Host PC, the Downstream port of
    monitor support USB 2.0 device.
  • When the USB C-A cable is connected between Upstream port of monitor and Host PC, the Downstream port of
    monitor support USB 3.0 device.
    However, Host PC must support USB 3.0 function.

This means that in USB C-C land (for which Apple was basically a driving force, but nowadays many laptops only have USB-C connections) your monitor downstream ports are limited to USB 2.0.

If I read the various comments correctly, the additional limitation is that in the USB C-C case, the downstream ports are non-powered.

Which means I will avoid LG monitors at all cost.

Tweet: [Wayback/Archive] anna (arar) meow 𓃠 on X: “i have this monitor connected to my mac with a single USB C-C cable. why can’t i have USB 3.0 speeds on the downstream ports??? why does it work with the USB C-A cable?? is there a way around it? or is there just not enough bandwith for both video and these silly ports?”

Read the rest of this entry »

Posted in Displays, Hardware, LG Monitors, LifeHacker, Power User, USB, USB-C | Leave a Comment »

How Old Are You in CO2?

Posted by jpluimers on 2024/07/15

I’m from 326 CO2.

[Wayback/Archive] How Old Are You in CO2?

Read the rest of this entry »

Posted in Awareness, History, LifeHacker, Power User | Leave a Comment »

funnymonkey: “To disable Mozilla’s data grab, enter:…” – Free Radical

Posted by jpluimers on 2024/07/14

[Wayback/Archive] funnymonkey: “To disable Mozilla’s data grab…” – Free Radical

To disable Mozilla’s data grab,

  1. enter:

    about:preferences#privacy

    in the address bar.

  2. Then, scroll down to “Website Advertising Preferences” and
  3. DESELECT the option for “Allow websites to perform privacy-preserving ad measurement

--jeroen

Posted in Firefox, Power User, Web Browsers | Leave a Comment »

/dev/null: MicrosoftDocs kills the usage of GitHub issues in favour of using the dreaded Microsoft Q&A site and a non-public tracking system

Posted by jpluimers on 2024/07/13

https://github.com/MicrosoftDocs/windows-dev-docs/issues/3258

Posted in Uncategorized | Leave a Comment »

The Blast-RADIUS bomb logo reminded me of “Kaputt” in the original Castle Wolfenstein game

Posted by jpluimers on 2024/07/12

There is a Blast-RADIUS exploit that makes many uses of RADIUS vulnerable as they depend on MD5, and MD5 collisions have been sped up considerably. Basically only RADIUS TLS seems safe now.

The Blast-RADIUS logo on the right reminded me about using grenades in a game 40+ years old, so lets digress: Archive.org is such a great site, with for instance the original Apple ][ Manual of Castle Wolfenstein by MUSE Software (the manual is written in Super-Text which they also sold):

The PDF from [Archive] Instruction Manual: Castle Wolfenstein from Muse Software : Free Download, Borrow, and Streaming : Internet Archive is at

[Archive.org PDF view/Archive.is] archive.org/download/1982-castle-wolfenstein/1982-castle-wolfenstein.pdf

Screenshot

The trick in that game when entering a room full of SS-officers was to throw a grenade into a chest of grenades in the middle of that room, then quickly leaving the room, waiting a few seconds then re-entering that room.

Not many moves further, you would find the chest with the war plans and find the exit, then finish the game.

Back to Blast RADIUS

Read the rest of this entry »

Posted in 6502, Apple, Apple ][, Authentication, Hashing, History, md5, Power User, Security | Leave a Comment »

« Previous Entries
Next Entries »