logo

blog

My website can't be that messy, right? git clone https://hacktivis.me/git/blog.git
commit: c0c9af565ed9b5c4b1712f98c3a6963ad861d28e
parent b2eb79aed295163ca933cc6a9a41b36087e7fda7
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date:   Tue,  5 May 2020 20:28:19 +0200

xHTML: Make sure <hr /> and <br /> are correctly formatted

Diffstat:

Mabgilpqt+.html2+-
Mabout.shtml2+-
Marticles/2019-05 Summary.xhtml2+-
Marticles/2019-07 Summary.xhtml2+-
Marticles/201? Summary.xhtml4++--
Marticles/BadWolf, one year later.xhtml4++--
Marticles/HTTP3.xhtml2+-
Marticles/J’ai changé de clé OpenPGP.xhtml4++--
Marticles/La neutralitée du Net sur un wifi Orange™, deuxième mensonge.html2+-
Marticles/My issue with Github (and Microsoft buying it).xhtml8++++----
Marticles/Politique de CW.html2+-
Marticles/Réponse à « Mise en place d’un firewall sous debian ».html4++--
Mlibrism.shtml2+-
Mlibrisme.shtml2+-
Mnotes/NETGEAR ReadyNAS Duo v2.shtml4++--
Mnotes/PDAs.shtml6+++---
Mnotes/new-install-checklist.html2+-
Mprojects/badwolf.shtml14+++++++-------
Mà propos.shtml2+-
19 files changed, 35 insertions(+), 35 deletions(-)

diff --git a/abgilpqt+.html b/abgilpqt+.html @@ -70,7 +70,7 @@ but feel free to ask for modifications, I’ll maybe move it to a wiki section i <dt><a href="https://en.wiktionary.org/wiki/genderfuck">genderfuck</a></dt> <dd>Fucking (traditional) gender (appearance, roles, …).</dd> <dt><a href="https://en.wiktionary.org/wiki/transgender">transgender</a></dt> - <dd>Someone who changed/changing/wants to change their gender. <br/>Never use transsexual, it’s confusing with sexual attraction, related to “mental problem” and probably other shit.</dd> + <dd>Someone who changed/changing/wants to change their gender. <br />Never use transsexual, it’s confusing with sexual attraction, related to “mental problem” and probably other shit.</dd> <dt><a href="https://en.wiktionary.org/wiki/transgirl">transgirl</a></dt> <dd>Someone who is changing towards girl or more simply : girl</dd> <dt>transboy, transman, ???</dt> diff --git a/about.shtml b/about.shtml @@ -9,7 +9,7 @@ <main id="info" class="h-card"> <h2>Basic Info</h2> <span id="avatar"> - <a href="./images/avatar_HD.png"><img class="u-photo" src="./images/avatar.png" alt="Avatar: A howling wolf, with pansexual pride colors “painted” on, a christmas hat is put around the snoot"/></a><br/> + <a href="./images/avatar_HD.png"><img class="u-photo" src="./images/avatar.png" alt="Avatar: A howling wolf, with pansexual pride colors “painted” on, a christmas hat is put around the snoot"/></a><br /> <a href="./images/avatar.svg">vector</a> </span> <ul> diff --git a/articles/2019-05 Summary.xhtml b/articles/2019-05 Summary.xhtml @@ -10,7 +10,7 @@ <h2>Gentoo</h2> <p>I became part of the <a href="https://wiki.gentoo.org/wiki/Project:GURU">Gentoo GURU Project</a> as a Trustee Committer, so I'll be reviewing commits with a bit of non-blocking reviews, and pushing more things from my overlay to it (if you use or want to use stuff from my overlay ping me because I would prefer to have it into GURU, my overlay being quite experimental), specially stuff that I do not use much but quite want to share to others. Of course, the only hard-exception from GURU being my overrides on gentoo ebuilds/profiles (I try to upstream them in the main repo, recent one being <a href="https://github.com/gentoo/gentoo/pull/12117">evince without dbus</a>).</p> <p>Also as I only stated it on the fediverse so far: I really dislike the real name part of <a href="https://www.gentoo.org/glep/glep-0076.html">GLEP-76: Copyright Policy</a>, it's sad because I quite like how we finally have some clear way on how to do copyright. I hope this won't stay a pain point, specially as how it's basically a barrier for fellow trans people (I which I could at least proxy your code if some wanted to…).</p> -<p>In pull-request <a href="https://github.com/gentoo/gentoo/pull/11441">#11441</a>, I became the maintainer for <code>app-shells/mksh</code> as I wanted to fix a packaging bug in it but it was maintained-needed for few months.<br/> +<p>In pull-request <a href="https://github.com/gentoo/gentoo/pull/11441">#11441</a>, I became the maintainer for <code>app-shells/mksh</code> as I wanted to fix a packaging bug in it but it was maintained-needed for few months.<br /> It's a shell that I have been using and liking a lot for quite some years now, I would seriously recommend it if you want a POSIX-compatible Korn Shell.</p> <p>I still proxy-maintain <code>www-plugins/passff{,-host}</code> but I will probably look for other people to co-maintain it or take it over at some point because of my lack of firefox usage in the last months.</p> <p>I am still undecided if I should become a Gentoo Dev or not, I think I should try it, specially as that would mean having more power (and more reponsabilities) on the distro I'm quite stuck to.</p> diff --git a/articles/2019-07 Summary.xhtml b/articles/2019-07 Summary.xhtml @@ -11,7 +11,7 @@ <p>I'm going to the <a href="https://dustycloud.org/blog/activitypub-conf-2019/">ActivityPub Conference</a>, plus two extra days in Prague (leaving in the late-afternoon of September 20th) as I never went in Czech at all (done Berlin and Amsterdam for the strictly east of France countries). I'm interested in quite a lot of the talks there so I'm quite hyped for it, specially as there is other people I quite want to meet.</p> <p>Also while I wasn't really trilled about the migration from OStatus (nonstandard mix of small standards) to ActivityPub (loose own standard), the future of it seems to be going in quite the right direction. I'm thinking about <abbr title="Object CAPabilities">OCAP</abbr>, as "followers-only" and "unlisted" are pure hacks which have almost no reality in ActivityPub once you put interactions and different implementations behaviors.</p> <h2>Gentoo</h2> -<p>Meh. I called for an agenda item on the issue with real names (<a href="https://archives.gentoo.org/gentoo-project/message/85de6190bd27693bed07744e04855911">Gentoo Archive</a>). Probably opinionated summary of mine would be: They think it's okay to have {ano,pseudo}nymous developers being stuck on committing by proxy, which feels like <q>You are part of the Jedi council, but you can't have a seat</q>), and they picked the Linux Kernel as a sort of base… which isn't really a good example of a nice working environment (might have changed when Linus Torvalds stepped down to treat people better). Here is their <a href="https://projects.gentoo.org/council/meeting-logs/20190721-summary.txt">summary</a> and <a href="https://projects.gentoo.org/council/meeting-logs/20190721.txt">full log</a>.<br/> +<p>Meh. I called for an agenda item on the issue with real names (<a href="https://archives.gentoo.org/gentoo-project/message/85de6190bd27693bed07744e04855911">Gentoo Archive</a>). Probably opinionated summary of mine would be: They think it's okay to have {ano,pseudo}nymous developers being stuck on committing by proxy, which feels like <q>You are part of the Jedi council, but you can't have a seat</q>), and they picked the Linux Kernel as a sort of base… which isn't really a good example of a nice working environment (might have changed when Linus Torvalds stepped down to treat people better). Here is their <a href="https://projects.gentoo.org/council/meeting-logs/20190721-summary.txt">summary</a> and <a href="https://projects.gentoo.org/council/meeting-logs/20190721.txt">full log</a>.<br /> Whatever but I guess I might pick a distribution I like more on how they politically goes and manage, I have few ideas I'll try to dig a bit into: Adélie which dropped portage because of issues with Gentoo, Exherbo, NetBSD (only technical limitation being their support of ZFS on root so I can switch easily).</p> <h3>Without dbus</h3> <p>On <a href="https://github.com/gentoo/gentoo/pull/12117">evince without dbus</a>: news about the PR, I should have sent it by email to gnome@ instead, will try this one. Honestly the one from the Gentoo gnome project wasn't really welcoming it but whatever, worst case it will keep being in my chaotic overlay.</p> diff --git a/articles/201? Summary.xhtml b/articles/201? Summary.xhtml @@ -2,8 +2,8 @@ <a href="/articles/201%3F%20Summary"><h1>201? Summary</h1></a> <h2>Operating Systems</h2> <blockquote> -&gt; decade started with Sun Microsystems being acquired<br/> -<br/> +&gt; decade started with Sun Microsystems being acquired<br /> +<br /> Glad this decade is DONE. </blockquote><a href="https://queer.hacktivis.me/notice/9qXsQZo2650kmLVNia">2020-01-01T04:57</a> <p>So yeah, the 201? decade started with Sun Microsystems being acquired by Oracle… meaning the incoming death of OpenSolaris, the Operating System I was using at the time. I used it until ~2013 where I switched to Ubuntu, which I then dropped for debian in 2014-01 (with a try of a release candidate of FreeBSD 10 for about a week), which I ultimately dropped for Gentoo on the 2015-05-26 (date is from zpool history) and it's a system I'm still using and will likely continue using in the coming years.</p> diff --git a/articles/BadWolf, one year later.xhtml b/articles/BadWolf, one year later.xhtml @@ -14,9 +14,9 @@ <li>Popup blocking: popups are just opened in a new background tab, could get some blocking</li> </ul></p> <p><strong>But!</strong> In my opinion WebKit is already much better than Firefox at privacy, for example ephemeral sessions (hardcoded mode in badwolf) will save absolutely nothing to the disk, which is something that is quite how Apple (or at least their employees) seems to want in a browser anyway. Mozilla could try to dance around with finally picking some of the modifications done in the Tor Browser but as far as I can tell there is still very large differencies between the two.</p> -<p>As far as RAM usage goes… well it's a modern web browser so it'll eat whatever is available, a laptop with 4 GB seems to still be quite confortable with it, WebKit seems to not clean up WebKitNetworkProcess when I close a tab but it's basically the only thing that stays so I can just close a bunch of tabs and get back some percents of memory. (and after something like 2 months close some windows) I haven't needed to put my browser in a cgroup to limit it's memory usage like I still do with firefox/chromium.<br/> +<p>As far as RAM usage goes… well it's a modern web browser so it'll eat whatever is available, a laptop with 4 GB seems to still be quite confortable with it, WebKit seems to not clean up WebKitNetworkProcess when I close a tab but it's basically the only thing that stays so I can just close a bunch of tabs and get back some percents of memory. (and after something like 2 months close some windows) I haven't needed to put my browser in a cgroup to limit it's memory usage like I still do with firefox/chromium.<br /> On the other hand, startup time is so fast that I don't feel the need to have <code>badwolf [url…]</code> commands try to hook to an already running session. I litterally just spawn a new one for each link in my RSS/Atom feed and it's fast enough on my desktop with some quite slow (but reliable) SATA 1 HDDs.</p> -<p>On the developer side of things: WebKitGTK is unusable with overcommit disabled than to GLib (it's calling <code>abort()</code> when malloc returns <code>NULL</code> which is great as it kills the whole browser when doing stuff like opening a new tab…), can't be fixed now because that would break the ABI/API because some parts are no return value, this is why you should use <code>int</code> which is more or less the default as a return value unless you're absolutely sure that it will never fail.<br/> +<p>On the developer side of things: WebKitGTK is unusable with overcommit disabled than to GLib (it's calling <code>abort()</code> when malloc returns <code>NULL</code> which is great as it kills the whole browser when doing stuff like opening a new tab…), can't be fixed now because that would break the ABI/API because some parts are no return value, this is why you should use <code>int</code> which is more or less the default as a return value unless you're absolutely sure that it will never fail.<br /> Linux maintains bugs because the userland also does so…</p> <h2 id="badwolf-1year-future">Future</h2> <p>BadWolf 1.0.0 should arrive soon™, main blocker is documenting the interface so it can be properly put as stabilized. I'll also try to finish installing SourceHut on my setup so I at least get a tracker and CI from it.</p> diff --git a/articles/HTTP3.xhtml b/articles/HTTP3.xhtml @@ -5,7 +5,7 @@ <p>So none of my computers will have support for HTTP/3 or QUIC, I run gentoo and I have my own browser which reuses existant parts of the system, I wish other browsers would do the same but I have no hope there. At worst I will have a reduced implementation of the protocol (for example no 0-RTT "Handshake") for compatibility if I get forced to use it. But I don't see it coming other than maybe for less pain in Google ReeCaptcha (fuck your website if it's using it) as I still support HTTP/0.9 throught HTTP/1.1, and HTTP/2 is only enabled on my HTTP server just because nginx has support for it.</p> -<hr/> +<hr /> <p>If there is <em>one</em> thing to fix in your broken protocol it's the fact that <code>ETag</code> is also great at being a <a href="https://en.wikipedia.org/wiki/HTTP_ETag#Tracking_using_ETags">fucking tracker</a>, but <code>HTTP 304 Not Modified</code> is the same so congrats, we have caching with also having it being tracked. And of course the lawsuits went against KISSmetrics and Hulu instead of browser vendors or protocol designers, because if I had time for this shit (and any trust in the Justice) I probably would sue them, not the ones merely watching their logs.</p> <p>The client should only do a <code>HEAD</code> to get new metadata and then do it's own side-effects. It's not tracking-proof but it would at least mean having to do tracking on multiple requests and with a risk of false-positives (<code>HEAD</code> and then sometimes <code>GET</code> being used by some software for link previews), while currently you can basically be 100% sure because it's part of the protocol.</p> <p>The solution adopted by most frontend folks for cache managment was to put a hash into the filename, and it's quite a good way to do it in their case. It should only have been into headers rather than into the filename so it could be used by other folks and a hash/version in the filename would get more rare, thus having better caching.</p> diff --git a/articles/J’ai changé de clé OpenPGP.xhtml b/articles/J’ai changé de clé OpenPGP.xhtml @@ -1,6 +1,6 @@ <article lang="fr" class="h-entry"> <a class="u-url" href="/articles/J%E2%80%99ai%20chang%C3%A9%20de%20cl%C3%A9%20OpenPGP"><h1 class="p-name">J’ai changé de clé OpenPGP</h1></a> -<p>L’ensemble de clé(ce n‘est pas du lexique OpenPGP, je sais) que j’avais devenais de plus en plus dérangé, j’avais perdu des sous-clés assez souvent et des fois certaines n’étaient pas accessible (accessible sur ma tour à 200 km de là où j’étais avec un laptop).<br/> +<p>L’ensemble de clé(ce n‘est pas du lexique OpenPGP, je sais) que j’avais devenais de plus en plus dérangé, j’avais perdu des sous-clés assez souvent et des fois certaines n’étaient pas accessible (accessible sur ma tour à 200 km de là où j’étais avec un laptop).<br /> Cet ensemble de clé devrait être pas trop mal dans le “state of the art” de fin-2017.</p> <ul> <li>Généré sur mon A20-OLinuXino-LIME2 “air-gapped” (Qui utilise Gentoo Hardened, mais sans le kernel GrSecurity car pas de support armv7)</li> @@ -56,6 +56,6 @@ ssb&gt; ed25519/0xD5B7A8E43C997DEE created: 2017-12-11 expires: 2018-06-09 ssb&gt; cv25519/0x473C9CA78949B492 created: 2017-12-11 expires: 2018-06-09 card-no: FFFE 67082019 </pre> -<p>J’ai aussi bougé mon ancienne clé publique vers <a href="/oldkey.asc">https://hacktivis.me/oldkey.asc</a> pour que la clé courante reste sur <a href="/key.asc">https://hacktivis.me/key.asc</a>.<br/> +<p>J’ai aussi bougé mon ancienne clé publique vers <a href="/oldkey.asc">https://hacktivis.me/oldkey.asc</a> pour que la clé courante reste sur <a href="/key.asc">https://hacktivis.me/key.asc</a>.<br /> Pour vérifier ceci, j’ai signé avec détachement <a href="/articles/I%20changed%20my%20OpenPGP%20keys.html">cet article</a> avec <a href="/articles/I%20changed%20my%20OpenPGP%20keys.html.0xC87384794BBEBBAD.sig">mon ancienne clé</a> and <a href="/articles/I%20changed%20my%20OpenPGP%20keys.html.0x90D93ACCFEFF61AE.sig">ma nouvelle clé</a>.</p> </article> diff --git a/articles/La neutralitée du Net sur un wifi Orange™, deuxième mensonge.html b/articles/La neutralitée du Net sur un wifi Orange™, deuxième mensonge.html @@ -163,6 +163,6 @@ Et un HTTP… voyons voir si c’est celui qui ment. &lt;/html&gt; </code></pre> -<p>Trouvé !<br> +<p>Trouvé !<br /> Si vous avez encore des personnes qui ne vous croient pas sur une connection non-neutre, mettez-les sur un wifi orange semi-public y’aurat des trucs pas habituels :P</p> Ah et orange à l’air d’utiliser une bonne grosse masse de Debian(cf. le deb dans la version du Serveur apache menteur ainsi que pour PHP) donc ouais <a href="https://davenull.tuxfamily.org/linux-livebox/">le libre ça marche pas avec orange™</a> diff --git a/articles/My issue with Github (and Microsoft buying it).xhtml b/articles/My issue with Github (and Microsoft buying it).xhtml @@ -2,10 +2,10 @@ <a href="/articles/My%20issue%20with%20Github%20(and%20Microsoft%20buying%20it)"><h1>My issue with Github (and Microsoft buying it)</h1></a> <h2>Embrace; Extend; Extenguish</h2> <p>Microsoft and similar Corporations are well-known for doing this kind of thing, we cannot have permanent links or main forges based on something like that. -Also microsoft may like Open-Source (and probably not GPL), but the same goes to Google, do we all trust Google with our and others data? Also Google Code created a pile of dead links.<br/> +Also microsoft may like Open-Source (and probably not GPL), but the same goes to Google, do we all trust Google with our and others data? Also Google Code created a pile of dead links.<br /> And this post will probably evolve as Microsoft apparently haven’t finished aquiring Github.</p> <h2>Lack of Transparency / OpenData</h2> -<p>Currently all the tickets aren’t available in a open manner (I know gitlab can import them, but AFAIK you need a Github account for that and control over the repository).<br/> +<p>Currently all the tickets aren’t available in a open manner (I know gitlab can import them, but AFAIK you need a Github account for that and control over the repository).<br /> One true alternative to this that is used in real life is debbugs (used at debian) by using emails, and bugzilla with their RSS feeds.</p> <p>I also see some projects and their owner from time to time being removed from GitHub with no messages at all on their side. And looking at their <a href="https://help.github.com/articles/github-terms-of-service/#m-cancellation-and-termination">Terms of Service</a> there is a bunch of ways you can be banned. (search for "suspen" and "terminat")</p> <h2>Centralisation of Power</h2> @@ -24,9 +24,9 @@ One true alternative to this that is used in real life is debbugs (used at debia <p>So if I didn’t mess up the math there is at least over 26% of software in gentoo ports/packages that are more-or-less hosted on github. I think a better version could be obtained by incrementing one package if there is github in the metadata or the latest ebuild. It would be awesome if repology.org could have some stats on VCS providers usage btw.</p> <h2>Github is a bad interface</h2> <p>(This parts also applies to most git-based Forges)</p> -<p>Pull Requests shouldn’t be the only way to send modifications, they are meant to maintainers/frequent contributors, not someone that send patches from time to time. (I love sending months of commits to github…).<br/> +<p>Pull Requests shouldn’t be the only way to send modifications, they are meant to maintainers/frequent contributors, not someone that send patches from time to time. (I love sending months of commits to github…).<br /> Pull Requests also puts more burden on the contributor than on the maintainer, it means that whatever modification often have to be done by the contributor otherwise it’s not mergeable, which may know nothing about your coding policies. I’m pretty sure this is how you have long-standing PRs that became broken because other stuff came in.</p> -<p>Also GitHub is very inpopular with designers and others non-coders, and for a good reason, git is meant for versioning code/text files and it does that well. But for other stuff? No, it’s basically a hack and every contributor shouldn’t have to learn git. (note: coders don’t all know git and not having PRs would just mean knowing how to use <code>diff(1)</code>).<br/> +<p>Also GitHub is very inpopular with designers and others non-coders, and for a good reason, git is meant for versioning code/text files and it does that well. But for other stuff? No, it’s basically a hack and every contributor shouldn’t have to learn git. (note: coders don’t all know git and not having PRs would just mean knowing how to use <code>diff(1)</code>).<br /> And one of my favorite thing from coders is <q>but GitHub allows you to edit with a web browser</q>. Yeah, but where is rebase, ammending commits, …? There is just only one commit and a broken push. Could be acceptable for a patch, not really acceptable in most cases for something that is made to be directly merged in a branch.</p> <p>GitHub is a registered trademark of Github Inc. ; Microsoft is a registered trademark of Microsoft Corporation.</p> <h2>False Security</h2> diff --git a/articles/Politique de CW.html b/articles/Politique de CW.html @@ -5,7 +5,7 @@ <p>Le CW n’est pas de la censure mais un avertissement, une censure c’est quand on ne peut pas poster quelque chose, au contraire un CW peut permettre de poster des choses potentiellement polémiques en avertissant les gens, ce qui fait des réactions négatives moins fortes voire pas de réactions. Mais oui, en gros ça veut dire que tu dois faire attention à ce que tu dis et surtout comment tu le dis, mais franchement ça on le voit plus ou moins partout. Si tu ne vois pas trop en quoi quand quelqu’un·e te dit : Nope là je ne veux pas t’écouter/te laisser dire ça, ce n’est pas une censure, juste la personne qui te montre la porte, merci XKCD pour le message. ☺</p> <figure> <img src="/images/xkcd_free_speech.png" alt="planche de XKCD sur la liberté d’expression, résumée à la phrase précédente"/> - <figcaption>I can't remember where I heard this, but someone once said that defending a position by citing free speech is sort of the ultimate concession; you're saying that the most compelling thing you can say for your position is that it's not literally illegal to express.<br> + <figcaption>I can't remember where I heard this, but someone once said that defending a position by citing free speech is sort of the ultimate concession; you're saying that the most compelling thing you can say for your position is that it's not literally illegal to express.<br /> Je ne me souvient plus quand j’ai entendu ça, mais une personne a dit une fois que défendre sa position en citant la liberté d’expression est en quelque sorte la dernière chose; c’est dire que le plus gros argument que vous pouvez dire est que ce n’est pas littéralement illégal à exprimer.</figcaption> </figure> <p>La plupart des formes prises pour… “débattre” ne me plaisent pas du tout, au début du mois d’avril y’a eu une grosse engueulade bien toxique sur ce sujet, franchement même avec les inits standards vs systemd y’avais pas autant de comportement toxique et avec tellement de non-écoute des personnes qui s’expriment sur des oppressions.</p> diff --git a/articles/Réponse à « Mise en place d’un firewall sous debian ».html b/articles/Réponse à « Mise en place d’un firewall sous debian ».html @@ -3,8 +3,8 @@ <p>Bon ensuite je ne sais pas si c’est à cause de ton moteur de blog, mais il n’y à pas de majuscules en début de commande. Et un fichier texte aurait été bien mieux qu’une image pour donner un script. Surtout que le paquet <a href="https://packages.debian.org/search?keywords=iptables-persistent">iptables-persistent</a> existe pour cette fonctionalitée. Et dire au lecteur·trice d’utiliser un éditeur de texte plutôt que d’utiliser touch et nano. Ensuite je ne recommande pas l’utilisation d’un DMZ(machine·s où tout les ports sont ouvert dessus).</p> <h2>Règles IPtables</h2> <p>Vut qu’il n’y a aucune explication, pour faire du NAT c’est avec l’option masquerade(exemple : <code>iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o wlan0 -j MASQUERADE</code> -A pour Ajouter, 102.168.0.0/24 est une notation CIDR qui indique un block de 256 addresses IPs commencant à 192.168.0.0, -o pour indiquer l’interface de sortie, ici wlan0 la carte wifi) qui évite de s’emmerder a configurer l’IP de sortie/remplacement/publique/… utile quand il y a plusieurs sorties ou une addresse de sortie non-fixe (cf. <a href="https://wiki.archlinux.fr/Partage_de_connexion#Mise_en_place">Partage de connexion - ArchwikiFR</a>).</p> - <p>Ensuite il manque la redirection des paquets pour une autre destination. <code>echo 1 &gt; /proc/sys/net/ipv4/ip_forward</code> Ah et y’a pas que le web donc <code>iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT</code> permet de pouvoir établir une connexion.<br/> - <code>iptables -A INPUT -p icmp -j ACCEPT</code> active les paquets icmp, ne pas activer car permet de passer par un chemin détourné au niveau du pare-feu.<br/> + <p>Ensuite il manque la redirection des paquets pour une autre destination. <code>echo 1 &gt; /proc/sys/net/ipv4/ip_forward</code> Ah et y’a pas que le web donc <code>iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT</code> permet de pouvoir établir une connexion.<br /> + <code>iptables -A INPUT -p icmp -j ACCEPT</code> active les paquets icmp, ne pas activer car permet de passer par un chemin détourné au niveau du pare-feu.<br /> <code>iptables -A INPUT -p tcp -m tcp --dport 631 -j ACCEPT</code> <span class="warn">Ne rendez pas CUPS accessible, tout le monde pourrait imprimer !</span></p> <p>Ensuite fail2ban, n’est <em>pas</em> un pare-feu, c’est un anti-spam (bloque au bout d’un certain quota), utile contre les attaques type bruteforce. Il ne permet pas d’empecher les attaques lentes et les services non-sécurisé ou mal-configuré(id : admin, mpd : admin), par exemple le CUPS public. Je vous conseille de bien configurer avant vos services et éventuellement de l’utiliser ensuite(pour un réseau difficile à surveiller, avec beaucoup de personnes dedans et/ou un service merdique).</p> <p>En gros pour faire un pare-feu (sous linux) c’est :</p> diff --git a/librism.shtml b/librism.shtml @@ -19,7 +19,7 @@ <dt>2017-06-19 Twitter.com</dt><dd>Deactivated on 2017-05-20, deleted on 2017-06-19.</dd> <dt>2018 DeviantArt.com</dt><dd>Subscriptions via RSS/Atom feeds, deletion of the account and Personnal Indentifying Information (so not everything)</dd> <dt>2019-02-17 Roll20.net</dt> - <dt>Alphabet (Google)</dt><dd>Deleted, archives downloaded, blocked wth (<a href="/domains.mask">my filter</a>). <br/>Using youtube via RSS/Atom feeds, youtube-dl(hooked with mpv), searx</dd> + <dt>Alphabet (Google)</dt><dd>Deleted, archives downloaded, blocked wth (<a href="/domains.mask">my filter</a>). <br />Using youtube via RSS/Atom feeds, youtube-dl(hooked with mpv), searx</dd> <dt>Microsoft Hotmail/MSN</dt> <dt>Microsoft Skype</dt> <dt>Microsoft LinkedIn</dt> diff --git a/librisme.shtml b/librisme.shtml @@ -19,7 +19,7 @@ <dt>2017-06-19 Twitter.com</dt><dd>Désactivé le 2017-05-20, supprimé le 2017-06-19.</dd> <dt>2018 DeviantArt.com</dt><dd>Abonnements via flux RSS/Atom, suppression du compte et informations à caractère personnel (donc pas tout)</dd> <dt>2019-02-17 Roll20.net</dt> - <dt>Alphabet (Google)</dt><dd>Supprimé, archives téléchargées et bloqué avec (<a href="/domains.mask">mon filtre</a>). <br/>J’utilise youtube via des flux RSS/Atom, youtube-dl(lié avec mpv), searx</dd> + <dt>Alphabet (Google)</dt><dd>Supprimé, archives téléchargées et bloqué avec (<a href="/domains.mask">mon filtre</a>). <br />J’utilise youtube via des flux RSS/Atom, youtube-dl(lié avec mpv), searx</dd> <dt>Microsoft Hotmail/MSN</dt> <dt>Microsoft Skype</dt> <dt>Microsoft LinkedIn</dt> diff --git a/notes/NETGEAR ReadyNAS Duo v2.shtml b/notes/NETGEAR ReadyNAS Duo v2.shtml @@ -59,7 +59,7 @@ PEX 0: PCI Express Root Complex Interface PEX interface detected Link X1 Plug On and Power down, Please Switch On ! </pre> -<hr> +<hr /> <pre> NAND read: device 0 offset 0x200000, size 0x600000 @@ -88,7 +88,7 @@ OK Entry Point: 00000000 Verifying Checksum ... OK </pre> -<hr> +<hr /> <pre> ~ # cat /proc/cpuinfo Processor : Feroceon 88FR131 rev 1 (v5l) diff --git a/notes/PDAs.shtml b/notes/PDAs.shtml @@ -17,8 +17,8 @@ <ul> <li>CPU: TI Cortex-A9 OMAP4430-</li> <li>RAM: 312.18 Mo</li> - <li>OS: Windows® Embedded Hanheld 6.5 Professional<br/>SE CE 5.2.29366 (Build 29366.3.12.48)</li> - <li>Screen: ID: COM35H3N81<br/>480×640 px</li> + <li>OS: Windows® Embedded Hanheld 6.5 Professional<br />SE CE 5.2.29366 (Build 29366.3.12.48)</li> + <li>Screen: ID: COM35H3N81<br />480×640 px</li> </ul> <p>ConfigInfo, from « Paramêtres → Système → System Info »</p> <table> @@ -81,7 +81,7 @@ Nmap done: 1 IP address (1 host up) scanned in 10.25 seconds</pre> <ul> <li>CPU: Cortex-A8 Sitara AM37x</li> <li>RAM: 193.75 Mo</li> - <li>OS: Windows® Embedded Handhled 6.5 Professional<br/>SE CE 5.2.29202 (Build 29202.5.3.12.25)</li> + <li>OS: Windows® Embedded Handhled 6.5 Professional<br />SE CE 5.2.29202 (Build 29202.5.3.12.25)</li> </ul> <p>Propriétés système, from « Paramêtres → Système → Propriétés système »</p> <ul> diff --git a/notes/new-install-checklist.html b/notes/new-install-checklist.html @@ -15,5 +15,5 @@ <li><label>Make it able to send emails to yourself: <input type="checkbox"/></label></li> <li><label>Add a backup in cron: <input type="checkbox"/></label></li> <li><label>Add security updates in cron: <input type="checkbox"/></label></li> -<li><label>Additionnal post-install: <br/><textarea></textarea></label></li> +<li><label>Additionnal post-install: <br /><textarea></textarea></label></li> </ul> diff --git a/projects/badwolf.shtml b/projects/badwolf.shtml @@ -10,12 +10,12 @@ <h1>BadWolf</h1> <blockquote> <details> - <summary><em>Rose</em>: I am the Bad Wolf, I create myself. I take the words… I scatter them in time and space. A message to lead myself here.<br/></summary> - <em>Doctor</em>: Rose, you've got to stop this! You've go to stop this now! You got the entire vortex running through your head. You're gonna burn!<br/> - <em>Rose</em>: I want you safe. My Doctor. Protected from the false god<br/> - <em>Dalek Emperor</em>: You cannot hurt me! I am immortal!<br/> - <em>Rose</em>: You are tiny. I can see the whole of time and space. Every single atom of your existance and I divide them. Everything must come to dust. All things. Everything dies. The Time War ends.<br/> - <em>Dalek Emperor</em>: I will not die! I cannot die!<br/> + <summary><em>Rose</em>: I am the Bad Wolf, I create myself. I take the words… I scatter them in time and space. A message to lead myself here.<br /></summary> + <em>Doctor</em>: Rose, you've got to stop this! You've go to stop this now! You got the entire vortex running through your head. You're gonna burn!<br /> + <em>Rose</em>: I want you safe. My Doctor. Protected from the false god<br /> + <em>Dalek Emperor</em>: You cannot hurt me! I am immortal!<br /> + <em>Rose</em>: You are tiny. I can see the whole of time and space. Every single atom of your existance and I divide them. Everything must come to dust. All things. Everything dies. The Time War ends.<br /> + <em>Dalek Emperor</em>: I will not die! I cannot die!<br /> </details> </blockquote><cite>Doctor Who (2005), Season 1, Episode 13</cite> <a href="/images/badwolf_2019-05-11.png"><img class="thumb_inline right" src="/images/badwolf_2019-05-11.png" alt="Screenshot of badwolf on this page"/></a> @@ -42,7 +42,7 @@ <li>Display: Wayland, X11</li> <li>WebKitGTK: 2.28.0+, consider compiling it yourself</li> </ul> - <p>Badwolf should also work well on other similar systems, feel free to report tests on them and volunteer for testing releases before they are published.<br/>If you have a libre system where WebKitGTK runs but isn't Linux or *BSD, I'll be interested in knowing about them. Proprietary systems are unsupported.</p> + <p>Badwolf should also work well on other similar systems, feel free to report tests on them and volunteer for testing releases before they are published.<br />If you have a libre system where WebKitGTK runs but isn't Linux or *BSD, I'll be interested in knowing about them. Proprietary systems are unsupported.</p> <h2>Tickets (bug, feature request, …)</h2> <p>You can <a href="/about">reach me</a> directly or write a ticket on the <a href="https://gitlab.com/lanodan/badwolf">Gitlab repository</a>.</p> diff --git a/à propos.shtml b/à propos.shtml @@ -9,7 +9,7 @@ <main id="info"> <h2>Base d’infos’</h2> <span id="avatar"> - <a href="./images/avatar_HD.png"><img class="u-photo" src="./images/avatar.png" alt="Avatar: Un loup hurlant, avec les couleurs de fiertés pansexuelles “peinte” dessus, un bonnet de noël est mis autour du museau"/></a><br/> + <a href="./images/avatar_HD.png"><img class="u-photo" src="./images/avatar.png" alt="Avatar: Un loup hurlant, avec les couleurs de fiertés pansexuelles “peinte” dessus, un bonnet de noël est mis autour du museau"/></a><br /> <a href="./images/avatar.svg">vectoriel</a> </span> <ul>