A touch of #anecdotage: I worked at Easynet in the early days of the UK commercial Internet, and we packaged #Netscape browser in our welcome pack as it was initially free for non-commercial purposes and we stated we were providing it as an option for browsing the web rather than supported software.
The pricing model changed in February 1995 and the company had a visit from a sales person at Netscape's UK office, who presented them with a bill for the retail price of the number of copies of the browser they had distributed.
A deal was negotiated based on that (it might have been zero, I never found out the details) and the pricing policy changed within a year, quite possibly because they'd had the same response in many ISPs.
Netscape's position as most popular web browser lasted as long as it took for Microsoft to license the same code base (Mosaic, licensed from Spyglass, who had in turn licensed the code from the University of Illinois) and improve on it and include it with Windows. Their other corporate products, Web Server, Identity Server, etc which were pretty good at the end of the 90s, also got passed around various companies and survive as open source versions that are arguably more successful than their commercial antecedents.
That could have been Mark Andreesen's legacy, but it was all born out of a want to get rich, and as he's got older, he's gone the same way as so many of the early tech bros, and like many of them, not actually doing anything useful as a means.
This piece puts it in a much better way.
Category: Uncategorized
Adding S3-compatible cloud storage to Pixelfed
Pixelfed is a federated photo sharing service that is an alternative to Instagram and uses ActivityPub to share posts across other services such as Mastodon, Pleroma and indeed WordPress. It is one of the more mature Fediverse apps and has been in continuous development for several years.
As with Mastodon and other apps that can share images and other larger media files, it supports saving attachments to S3-compatible cloud storage. However, this isn't well documented so far, so here's a few notes on getting it to work, specifically with iDrive E2, a low cost E2 storage provider.
Pixelfed is a Laravel application and its user config is stored in a .env
file in the application root. The S3 section looks like this:
## S3 Configuration (Post-Installer)
PF_ENABLE_CLOUD=true
FILESYSTEM_CLOUD=s3
AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_DEFAULT_REGION=
AWS_BUCKET=
AWS_URL=
AWS_ENDPOINT=
AWS_USE_PATH_STYLE_ENDPOINT=false
IDrive E2 appears to be based on Minio but the priniciple is broadly similar for all S3 compatible services:
- Create a bucket
- Create credentials for that bucket
- Configure the application with those credentials
I think they're fairly self-explanatory in that the service will usually present them in the same way. The default region can be a bit of odd one but the naming seems to be arbitrary - I'm using iDrive's London region, which is labelled LDN, so go with what the service gives you.
AWS_URL
is as it says, a standard URL, so it's https:// AWS_ENDPOINT
/ AWS_BUCKET
. AWS_ENDPOINT
is an important thing though - IDrive has the option of public and private endpoints with different hostnames. I'm not entirely clear on how a private endpoint works in this context - I would think it's a location that needs to be accessed with a shared key - but as you're publishing images online that's not going to be possible, and in testing I couldn't get Pixelfed to write to a private endpoint. In addition they're going to need to be public on an open server, so following the principle of least privilege, public and read-only works.
I had to comment AWS_USE_PATH_STYLE_ENDPOINT
out as setting it to false didn't work for some reason. There's probably something in the code that assumes it's going to be an AWS URL or similar.
The Horizon dashboard was very useful for debugging. Again, this is a Laravel tool and part of the admin suite. I'm not that familiar with Laravel and but it basically appears to be the application manager. It writes to a log but that doesn't say much, and all the useful information is in the dashboard.
If you want to share images in the Fediverse, Pixelfed is the application you need. Its author, Daniel Supernault has been steadily improving it for years, and he's also currently working on a secure and federated messaging system intended as a drop-in replacement for direct messages. Cloud storage reduces your hosting costs as it's usually cheaper in bulk than VPS, and it's portable, so now you can replace Instagram with something under your control.
Adding an IPv6 default route with network-scripts in an EL8 server at OVH
This is a bit of a niche one, not least because network-scripts
is supposed to be on its way out as a configuration method, despite cPanel still not supporting NetworkManager properly. No problem people, it's only been around for ten years.
This may also be specific to OVH's network, but I haven't found a resource that covers it, so here are my notes.
Dedicated servers at OVH are allocated a /64 IPV6 range. The gateway is the last address in the range, which is slightly more eye crossing than with IPV4, but ends in FF:FF:FF:FF
. However, in EL8 (and in Debian-derived distros to my knowledge), ifup doesn't add a default gateway if it can't ping the address, and it can't ping the address because it needs a default gateway. This also applies to IPV4 in OVH's network, which is a pain for automatic provisioning.
The network-scripts
system is remarkably flexible, and wrangling it is a dying art, but the key here is the ifup-post
script. This runs after ifcfg-<device>
and goes through a sequence of the other scripts in /etc/sysconfig/network-scripts
- you can see which ones if you look at the code.
One of these is route6-<device>
and this is where you add your default route so it's added after the initial network config. In OVH images it is disabled, and perhaps confusingly, includes a list of static routes generated by cloud-init. Rename that one, and using your editor of choice (vim, you animals), open a new file vi route6-eno1
(for example) and enter your gateway and default route like this:
2001:xxxx:xxxx:xxff:00ff:00ff:00ff:00ff dev eno1
default via 2001:xxxx:xxxx:xxff:00ff:00ff:00ff:00ff dev eno1
Enable the script by making it executable chmod +x route6-eno1
.
and restart the network with systemctl restart network
.
and you should now be able to ping the IPV6 host of your choice (let's face it, your local google.com gateway).
Disabling a Wacom laptop touchscreen in an Arch Linux based OS
(Without disabling everything else)
My main laptop is a Lenovo X1 Yoga 2nd Gen running Manjaro KDE Plasma. Lovely machine and does what I want it to do. As a Yoga device, it has a touchscreen, which I don't use a lot and have often thought of disabling.
The other day, the laptop had the wrong kind of drop, which has cracked the touchscreen in the corner. This hasn't affected the display at all but has messed up the touchscreen input so that it keeps getting random signals that trigger events, which was sufficiently intrusive to need to turn off the touchscreen
The first thing I found was this from the Manjaro Forum. Tl;dr, disable the module that powers the touchscreen with sudo modprobe -r usbhid
and make it permanent by creating a blacklist at /etc/modprobe.d/blacklist/wacom
that contains the following:
blacklist wacom
blacklist usbhid
and restart.
This worked fine when just on the laptop, but I have a multi-monitor desktop setup that has a USB mouse and keyboard, and when I came to start work this morning, neither worked. Enabling usbhid
in the blacklist just brought the spurious touches back.
There was going to be something that creates rules to selectively allow USB devices, and that something is USBGuard.
The Arch Wiki documents it well, but basically install with pacman -Sy usbguard
(or your software manager of choice), and create your ruleset as root
with usbguard generate-policy > /etc/usbguard/rules.conf
.
This lists all your connected devices as allowed, including the touchscreen:
allow id 056a:50b6 serial "" name "Pen and multitouch sensor" hash "B1HYEaAtN9VpnKbIK5GQeZFfg3XN7EAAeQUvTx5zIhk=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" via-port "1-10" with-interface { 03:00:00 03:00:00 } with-connect-type "not used"
To disable it, change allow
to block
to stop it being processed, or reject
to stop the device being loaded at all. At the moment I have it set to block
.
Start USBGuard with systemctl start usbguard
and enable it on boot with systemctl enable usbguard
.
This stopped the touchscreen responding but kept the USB keyboard and mouse working. I haven't tested it across a reboot yet but I can't see why it won't continue to work.
On defederation
The Apple TV series Mythic Quest had an episode in which the game found it had an extreme right wing problem. Their solution was to corral the right wingers in a server where they could shout at each other and fight as much as they wanted without bothering other players.
The Fediverse, running, as it does, largely on free software, came about in part due to Twitter and other platforms' unwillingness or inability to deal with an extreme right wing problem. However, as it's free and open source software, the bad actors were also free to create their own instances and interact. The response was filtering, blocking and defederation.
If you run a Mastodon, or other Fediverse social media instance, even if it's for yourself, it's one of the most powerful tools you have. You can filter hashtags, users and whole instances both personally and globally.
Lists have developed over the years along with the tools to apply them, but they have often been personal efforts. The hashtag #fediblock can also be used, but it's something of a blunt instrument and is too easily hijacked for personal opinions and even feuds.
The current attempt to deal with this in an effective way is the Oliphant.social blocklist files, created through a consensus of ten of the most active fediverse instances This produces a collection of blocklists that can be applied as an administrator sees fit. Follow the instructions there to download, maintain and apply them. At the moment I apply the Tier 0 blocklist.
In addition, Ro Iskinda's The Bad Space collects the most commonly reported bad actors and new ones that appear, and can be used with an API to check if you encounter a doubtful user or instance.