~chrichri

https://chrichri.ween.de/

Trackers

~chrichri/RockPro64_u-boot_SATA_software_RAID_howto

Last active 6 months ago

~chrichri/librem5-bm818-watchmodem

Last active 1 year, 1 month ago

#156 microblog.pub replying with HTML data when JSON expected 2 months ago

Ticket created by ~chrichri on ~tsileo/microblog.pub

While debugging communication problems between flohmarkt and microblog.pub I found that microblog.pub didn't respond to a request for the profile by flohmarkt with a JSON response:

~$ curl -s -D - "https://chrichri.ween.de" -H "Content-type": "application/json" -H "Accept: application/json,application/ld+json,application/activity+json" | head -n20 | cut -c-100
HTTP/2 200
server: nginx
date: Tue, 06 Feb 2024 18:54:46 GMT
content-type: text/html; charset=utf-8
content-length: 60863
x-sso-wat: You've just been SSOed
x-request-id: 304085d481f976a2
x-powered-by: microblogpub
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
permissions-policy: interest-cohort=()
content-security-policy: upgrade-insecure-requests
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-download-options: noopen
x-permitted-cross-domain-policies: none

<!DOCTYPE HTML>
<html lang="en">

Altering the order of the "Accept:"-headers content did the change the behaviour and microblog.pub responds with a JSON reply:

~$ curl -s -D - "https://chrichri.ween.de" -H "Content-type": "application/json" -H "Accept: application/ld+json,application/activity+json,application/json" | head -n20 | cut -c-100
HTTP/2 200
server: nginx
date: Tue, 06 Feb 2024 18:54:56 GMT
content-type: application/activity+json
content-length: 3264
x-sso-wat: You've just been SSOed
x-request-id: 82f90ad839df24e1
x-powered-by: microblogpub
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
permissions-policy: interest-cohort=()
content-security-policy: upgrade-insecure-requests
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-download-options: noopen
x-permitted-cross-domain-policies: none

{"@context":["https://www.w3.org/ns/activitystreams","https://w3id.org/security/v1",{"Hashtag":"as:H

I'm not that deep into ActivityPub to say how this actually should work by the protocol definition, but it seems odd to me that microblog.pub responds with HTML content at all to a request like the first one above.

My microblog.pub is running on a yunohost - if this makes a difference.

#155 communication with flohmarkt doesn't work 2 months ago

Comment by ~chrichri on ~tsileo/microblog.pub

My microblog.pub runs on the same host as the nginx https server for flohmarkt.ween.de .

Looking at the logs I found that in ./app/utils/url.py in def is_url_valid there is a check ipaddress.ip_address(ip_address).is_private that makes my URL fail, because the IP is 127.0.0.1.

I circumvented this for now by adding a block to allow my local url like this:

def is_url_valid(url: str) -> bool:
    """Implements basic SSRF protection."""
    parsed = urlparse(url)
    if parsed.scheme not in ["http", "https"]:
        logger.warning(f"{parsed.scheme} is not http(s)")
        return False

    # XXX in debug mode, we want to allow requests to localhost to test the
    # federation with local instances
    if DEBUG:  # pragma: no cover
        return True

    if not parsed.hostname or parsed.hostname.lower() in ["flohmarkt.ween.de"]:
        logger.warning(f"{parsed.hostname} is my local flohmarkt")
        return True

To solve this on dns/network basis would be quite complicated.

The same issue may arrise if on the same host a different ActivityPub software is running, like e.g. mastodon.

My suggestion to solve this problem would be to read a configuration that includes a list of local fqdns that are allowed to resolve to 127.0.0.1 or a private IP.

I'd appreciate any thoughts on this before I'd try to provide a PR for my suggestion.

#155 communication with flohmarkt doesn't work 2 months ago

Ticket created by ~chrichri on ~tsileo/microblog.pub

microblog.pub version 2.0.0+ynh1.

The communication with the software flohmarkt doesn't work: lookup of users or notes is not possible.

Issue at flohmarkt can be found here.

I'll provide more information later - if someone cares to try a list of flohmarkt instances can be found here.

The instance I tried to contact is located at https://flohmarkt.ween.de/.

#1 why does sata ctrl DeLOCK 90498 not work 6 months ago

Comment by ~chrichri on ~chrichri/RockPro64_u-boot_SATA_software_RAID_howto

#1 why does sata ctrl DeLOCK 90498 not work 6 months ago

Comment by ~chrichri on ~chrichri/RockPro64_u-boot_SATA_software_RAID_howto

Todo:

  • get an actual u-boot, compile it and try that - if it doesn't work, open an issue for u-boot
  • open an issue with armbian: the kernel does not recognize/initialize pci/sata after u-boot tried to do so

#2 Add a content section 6 months ago

Ticket created by ~chrichri on ~chrichri/RockPro64_u-boot_SATA_software_RAID_howto

A small script to generate it would help. Maybe there's already such thing for markdown available.

#1 why does sata ctrl DeLOCK 90498 not work 6 months ago

Ticket created by ~chrichri on ~chrichri/RockPro64_u-boot_SATA_software_RAID_howto

https://git.sr.ht/~chrichri/RockPro64_u-boot_SATA_software_RAID_howto/tree/main/notes.md#ups-das-ging-schief

There seems to be a problem for the kernel 4.4.213-legacy-rockchip64 to use the controller once u-boot tried to initialize it.

After pci in u-boots cli it can be scanned, but u-boot wouldn't start from it.

#135 Replace Supervisord with Direct Systemd Unit 11 months ago

Comment by ~chrichri on ~tsileo/microblog.pub

I support that avoiding extra code by using already installed software for system integration is a great idea!

But there are distributions not using systemd like AlpineLinux/PostmarketOS. If something is moved to systemd anywhere it is always a good idea to look also whether the same could be achieved on a system not using systemd.

#141 stream/inbox: show content once 11 months ago

Ticket created by ~chrichri on ~tsileo/microblog.pub

Often I get a note/article by its author and then later as an announce by someone else I follow or even from multiple people.

This fills up my stream/inbox and makes it harder to find new messages. It would be a nice feature to be able to choose to just have the first appearance of a note/article in Stream/Inbox.

Maybe this is already possible using the filter you describe on your instance ?

#2 debian package: udev rules are not yet reloaded after install 1 year, 1 month ago

Comment by ~chrichri on ~chrichri/librem5-bm818-watchmodem

REPORTED RESOLVED IMPLEMENTED