home about login

@mascal@honk.thebus.top

I do not toot, I honk!
And talk about boring tech stuff all the time :'(
I speak french from time to time because I suffer from Frenchness.

Pronounswhatever you see fit
Geminigemini://thebus.top
Boring Webhttps://thebus.top
elephants are dumbYou cannot see it is a table with them

mascal honked 03 Feb 2023 08:24

Pushed "inline" replies to my #Honk fork so I am sure to reply to the good honk 😅

mascal honked 03 Feb 2023 03:44

$ISP activated IPv6 in my area, finally! I am surprised that it does not come with CGNAT as they usually implement that along. Maybe it will happen later ~~~ to be continued ~~~

As such, I have taken the opportunity to preconfigure my home network, so if they really move me to CGNAT my home server will still be accessible from outside. It was frustratingly fun to do ahah

mascal honked 02 Feb 2023 20:35

grmph I broke my atme indicator

mascal honked back 02 Feb 2023 20:35
dame - skein

@goose Yes, it would be needed to wrap all requests before being sent to http.Client in a way or another because it is needed to take into account external modules (notably the webs/junk one).

On top of that, the feature may be unwanted, for example if people are using honk only on the local network (it may be unlikely to be honest).

That's why using an external tool as mitigation or a firewall rule to contain honk is for now the best thing to do in my opinion, but I am not a security expert.

Some people wrote an easy to use SSRF prevention module, but from my experience even if you use it as drop-in replacement, webs/junk will still use and send http.Client objects that will type clash and defeat the purpose of doing so.

mascal honked 02 Feb 2023 17:37

I hope someday someone © bring SSRF hardening to Honk, meanwhile systemd has IPAddressDeny ahah

I do not want to mess with firewall rules out of ufw or use ip namespaces, because I will probably mess up.

You can cut the network for Honk through my dear friend AppArmor, assuming you are using a Unix socket, but then bonks and many other external resources will not load.

mascal honked 02 Feb 2023 17:06

There are people that think the end of the free APIs on birdsite means the end of cross posting. This is too optimistic in my opinion, it is easy to use a scraper instead of the API heh.

mascal honked 01 Feb 2023 15:59

I was tired to search for mentions in the honkers/xonkers page, so I have added a mention completion system for the #Honk form in my fork. The UX could see improvements, but it is already great, and doing better is prompting for using jquery or another framework like that.

It looks like this.

The code can probably be improved, but it works :D

mascal honked 30 Jan 2023 22:13

TIL that if you want to specify a given set of ciphers for TLSv1.3 to nginx, you have to use the ssl_conf_command Ciphersuites ... directive, not the ssl_ciphers one.

This is what makes the difference between A+ in SSLlabs with ciphers strength at 90% and at 100%. And you can still access said site even with the good old windows 7 (and XP with Firefox ahah).

That being said, the default let's encrypt settings are meh in this regard to be honest.

mascal bonked 30 Jan 2023 15:29
original: bazil@mastodon.social

Au Centre Pompidou, quelqu’un-e s’est amusé à poser des cartels à côté des équipements.
Le personnel ne savait plus quoi retirer ou garder. 😂 😂 😂

Image: