Notices by phryk 🏴 (phryk@mastodon.social)

@derconno Yeah, I've seen it linked in the GH issue about BitWarden moving away from FOSS, but I think you still need BitWarden clients, no?
So it looks like it's still too early days – tho it might become a strong contender in the near-ish future.

Hey #Infosec bubble!

I'm looking for *good*, FOSS multi-user credential storage, ideally using public key cryptography – any recommendations?

// cc @thegibson @theruran

Super bonus points to anyone recognizing the text on the background of my new site. 🙃

@rysiek Mhh, is this actually better? I'm aware that this header is often ignored, but from my experience that's more because many applications don't use reasonable values there.

And since nginx' caching honors it by default, it can be used to ensure for example that /admin is never cached so I don't get forms only reacting half the time.

@rysiek In poobrains I had staggered tiers of caching duration since ancient times and I've never had to touch it since writing that code, so I completely forgot that this is a thing you actually have to write code for on the application side. 😅

@rysiek Wait a second, I think I know what the problem is – the site doesn't yet set any Cache-Control headers.

So things just basically fall through the cache and never actually interact with it – the entire load was handled by just that one poor UWSGI worker. 😂

@rysiek Honestly, I have no idea what differentiates normal caching from microcaching.

I use the uwsgi_cache directive to enable caching on the site – does that count? :thinkhappy:

@rysiek OTOH, just fixing the issue with multiple UWSGI workers might have avoided this issue. Currently everything is just one UWSGI worker and the nginx caching.

Anyhow, monitoring indicates the big spike is over and the site is reachable again. :)

@rysiek Yeah, I probably only have to fix like one line in my nginx caching setup.

Or make my rate limiting more aggressive, but unless necessary, I'd rather have requests take longer than just giving people the custom HTTP 420 page. ^^

Aaand the site died. Thanks Fedi. 😂

Also, as promised, the Obscure Webdev piece in which I lay out some of the reasons and techniques of how I do politically motivated webdev is now published:

https://phryk.net/article/obscure-webdev/

Just finished the Link Privacy portion of my Obscure Webdev piece.

Currently clocking in at ~2.4k words.

Now to figure out how to structure all that jazz about no third-party requests. no JS and website design that is friendly to screenreaders, custom font-sizes and people filtering components like images out to cope with poor connections.

## Cornerstones ##

### Reader Privacy ###
…

### A deep hatred of JavaScript ###
…

I think I might be nailing it. :thounking:

Finally a text in which I can talk about #GoogleAnalytics being the biggest surveillance system literally ever.

Beginning to write a piece under the working title "obscure webdev"… no idea if it'll actually get finished or just be another thing languishing in my drafts. 🤷

@solene <strong><strong><strong>NO.</strong></strong></strong>

@radioinsecurity haveibeenpwned oder leak-spezifische seiten. letzteres gab es zB bei dem no-fly list leak.

@ArneBab Yes, you understand that correctly.

And also yes, you're right, but I actually already tried that but just now found the solution:

position: relative; on the *parent* element (i.e. <header>) will make the absolute positioning relative to the parent!

Also, didn't know about the lh unit yet, that's gonna be useful for sure! :3

microsoft bad

Thought way too hard about these, but what can I say, I gotta comply with my CI… :thinkhappy: