Notices by Ayo (ayo@lonely.town)

@Suiseiseki libloc is the most free offline location database I'm aware of, the lib is LGPL and database CC-BY-SA-4.

Gentoo still offers the libmaxminddb-based geoip feature, but that is fully proprietary.

:blobcheer: ncdc 1.25 is in Gentoo!
:blobcatsad2: --without-libloc

A silly advantage of not using integer keys: when you somehow make the mistake of interpolating the key directly in the SQL statement, string keys will nearly always result in a syntax error even with correct inputs, making SQL injection bugs much harder to miss.

(Not speaking from experience)

I've always had an automatic kill+restart for VNDB backend processes when they've processed between 5k-10k requests. A good strategy in general, because it's fairly common for Perl processes to accumulate memory over time.

Now that I'm using prepared statement caching, it seems beneficial to keep the backend processes alive for a bit longer, so I started hunting for memory leaks that I could control. Sure enough, found an accidental reference cycle that was responsible for most of the leaking.
https://g.blicky.net/vndb.git/commit/?id=0d597dd43e1fdb4ff36e2c405825a763942d6d3f

There's probably a few more subtle leaks, but they're not easy to track down...

With all the work on backend optimizations and bot detection/redirection mechanisms lately, I've now reached a point where nginx is spending more CPU time dealing with all the bots than the entire backend needs to generate pages. :blobcatthinking:

I don't remember hiring a pentester to run an aggressive 4+ hour vulnerability scan on VNDB.

@Suiseiseki Now I'm curious, do you have an example of such a decent API? I'd imagine for most API's you hit a request size limit.

API docs: "Do not add more than 100 identifiers in a single query."

API user: *puts 10k identifiers in a single query*

Today's hack: use ngx_http_mirror_module to forward a copy of every request from prod to my dev instance at home. Excellent way to find performance regressions or pages that now log warnings or throw errors.

There's Javascript-based anti-bot checks and then there's... the exact opposite. :blobcattilt:

Ncdu 2.8.1 is out, fixing a possible crash when Linux is being weird and a possible integer overflow when exporting to the binary format.

As usual, get it from https://dev.yorhel.nl/ncdu

Someone went through the effort to compile an ncdu binary for Tru64 UNIX.
https://www.unix-wissen.de/Tru64/

*opens door to the back yard*

Aaaah, the fresh air of a smoking neighbour.

Usually I only introduce new bugs whenever I rewrite code, but with today's framework migration I discovered that many uniqueness constraints for input validation were broken for quite a while. Oops.

The commits tell a story:
https://g.blicky.net/vndb.git/commit/?id=67fb5507f6a527202113ee39ee67083bf465a999
https://g.blicky.net/vndb.git/commit/?id=ed5c95693d0d0ad431aa263459ae3ec0070265af
https://g.blicky.net/vndb.git/commit/?id=4dd52b5c90cda8c8581eab9746a18bf5d10a6661

VNDB migration to the new framework status: halfway done! :blobcheer:

Or rather, the site is now fully running on the new framework, but it's still using the old query builder and postgres library. Migrating that is going to be some additional work.

(I was about to attach a screen recording of top(1) showing fancy request counters in the process name - a feature of the new framework - but it looks like Mastodon's video upload is broken here. Whatever.)

Dog: *eager for morning walk*
Me: It's cold and wet outside, but you're right, no reason to skip a walk.
Dog: *follows closely with low tail*

Yeah, well, if you're not enjoying this either then what the heck am I doing this for?

@wolf480pl "Vrije software" is the term I see the most on Dutch communities, which corresponds to the "free-as-in-freedom" translation.

Although I used to really dislike the use of "libre" in English for a long time. I remember when the LibreOffice fork came along and thinking "why the hell use a French word!?". But then again, "FreedomOffice" might have attracted an entirely different kind of crowd, so perhaps it was a good choice after all.

I've never been a fan of the "free software" name. It's too easily conflated with freeware and constantly having to add the "no, no, I mean free as in freedom" explanation gets tiresome really fast.

Which is why I used to embrace "open source" instead, but unfortunately that's more and more getting confused with "source available" (I partly blame this on Github for branding itself as "open source hosting" without actually requiring open source licensing, but they're certainly not the only ones at fault).

So I figured we need a new name, and my first thought was "Libreware". Of course, someone was already ahead of me: https://www.libreware.org/

Bad idea: a viral AGPL-like license that also requires the server software used for distribution of the source code to be available as free software.

a.k.a. the-stop-uploading-my-stuff-on-github-license.