bbaovanc.com/bbaovanc.com
1
0
Fork 0
mirror of https://github.com/BBaoVanC/bbaovanc.com.git synced 2025-08-02 23:11:37 -05:00
Code Issues Projects Releases Wiki Activity

Remove hard-wrapping

Browse Source
This commit is contained in:
BBaoVanC
2021-10-14 21:00:27 -05:00
parent b397e00071
commit a49969bdc9
7 changed files with 22 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
content/_index.md
View File

@@ -13,9 +13,7 @@ This is my website. Pretty self-explanatory.
## A fresh new theme
My website uses my own custom theme named
[bobatheme](https://github.com/BBaoVanC/bobatheme). Although it's not quite
finished yet, the current style will probably stay for the forseeable future.
My website uses my own custom theme named [bobatheme](https://github.com/BBaoVanC/bobatheme). Although it's not quite finished yet, the current style will probably stay for the forseeable future.
## Another website

18
content/archive/blog/new-comment-system-again/index.md
View File

@@ -16,28 +16,16 @@ tags:
---
I decided to switch my comment system from Isso to
[Commento](https://www.commento.io/).
I decided to switch my comment system from Isso to [Commento](https://www.commento.io/).
<!--more-->
## Isso vs Commento
I know it's only been six days since I added Isso, but I decided to switch to a
better comment system. Isso is meant to be simple, which means that it's missing
a lot of features. Commento has a lot of features such as sticky (pinned)
comments, spam detection, thread locking, email notifications (I couldn't get
this working on Isso), and a nicer design. I also was able to write some
[custom CSS rules][1] which make it look alright on my blog's theme. It also
supports SSO, so I might add support for signing up with GitHub, and possibly
GitLab.
I know it's only been six days since I added Isso, but I decided to switch to a better comment system. Isso is meant to be simple, which means that it's missing a lot of features. Commento has a lot of features such as sticky (pinned) comments, spam detection, thread locking, email notifications (I couldn't get this working on Isso), and a nicer design. I also was able to write some [custom CSS rules][1] which make it look alright on my blog's theme. It also supports SSO, so I might add support for signing up with GitHub, and possibly GitLab.
## Summary of the first post
If you haven't read the [New Comment System](../new-comment-system) post, here's
the most important information. There's a comment section at the bottom of each
post where you can view and post comments. You can post anonymously, or create
an account so you can show your username and get email notifications. You can
also upvote, downvote, and reply to other comments.
If you haven't read the [New Comment System](../new-comment-system) post, here's the most important information. There's a comment section at the bottom of each post where you can view and post comments. You can post anonymously, or create an account so you can show your username and get email notifications. You can also upvote, downvote, and reply to other comments.
[1]: https://git.bbaovanc.com/bbaovanc.com/blog/src/commit/478e15218313a33216d361de387b3bd878cd0ba6/assets/css/comments.css

17
content/archive/blog/new-comment-system/index.md
View File

@@ -22,25 +22,14 @@ I added a comment system to my blog, using [Isso](https://posativ.org/isso/).
## About
I set up a comment system named [Isso](https://posativ.org/isso/) on my blog
today. At the bottom of each blog post, there's a comment section. You don't
need to sign up with an account or sign in with Google, Facebook, none of that
junk. You can comment anonymously, or provide any of the following three fields:
name, email address, and website, which will be shown to other people viewing
your comment. I'm going off of the assumption that no one cares/is malicious
enough to spam my comment sections.
I set up a comment system named [Isso](https://posativ.org/isso/) on my blog today. At the bottom of each blog post, there's a comment section. You don't need to sign up with an account or sign in with Google, Facebook, none of that junk. You can comment anonymously, or provide any of the following three fields: name, email address, and website, which will be shown to other people viewing your comment. I'm going off of the assumption that no one cares/is malicious enough to spam my comment sections.
## Known Issues
### Editing and deleting not working
You're supposed to be able to edit and delete comments up to 15 minutes after
posting them. As of now, that doesn't seem to be working; the request just
returns 403 (forbidden).
You're supposed to be able to edit and delete comments up to 15 minutes after posting them. As of now, that doesn't seem to be working; the request just returns 403 (forbidden).
### White text on white background when previewing comment
This is a CSS related issue. This was also happening when editing/writing a
comment, but I edited it so the edit box has black text. I think a better fix is
to make the new comment form have a dark background, but I'll deal with that
later.
This is a CSS related issue. This was also happening when editing/writing a comment, but I edited it so the edit box has black text. I think a better fix is to make the new comment form have a dark background, but I'll deal with that later.

33
content/blog/allow-non-root-processes-to-bind-to-privileged-ports/index.md
View File

@@ -13,26 +13,19 @@ tags:
---
In Linux, processes cannot bind to privileged ports (<=1024) unless they are
running as root. Here's how to allow any process to bind to privileged ports.
In Linux, processes cannot bind to privileged ports (<=1024) unless they are running as root. Here's how to allow any process to bind to privileged ports.
<!--more-->
## Introduction
In Linux, processes cannot bind to privileged ports (<=1024) unless they are
running as root. I learned about this when I was trying to add SSH cloning to my
[Gitea](https://gitea.io) instance. This can be bypassed by giving
`CAP_NET_BIND_SERVICE` capabilities to either the systemd service, or the
executable itself.
In Linux, processes cannot bind to privileged ports (<=1024) unless they are running as root. I learned about this when I was trying to add SSH cloning to my [Gitea](https://gitea.io) instance. This can be bypassed by giving `CAP_NET_BIND_SERVICE` capabilities to either the systemd service, or the executable itself.
## Giving `CAP_NET_BIND_SERVICE` capabilities
### Using systemd (preferred)
The best way is to tell systemd to give `CAP_NET_BIND_SERVICE`
capabilities to the service. In fact, the Gitea systemd service has two
lines[^1] that are commented out:
The best way is to tell systemd to give `CAP_NET_BIND_SERVICE` capabilities to the service. In fact, the Gitea systemd service has two lines[^1] that are commented out:
```systemd
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
@@ -43,29 +36,19 @@ Uncommenting these two lines was all I had to do for Gitea.
### Using `setcap`
You can add `CAP_NET_BIND_SERVICE` to the executable directly using `setcap`,
allowing it to bind to any port. Run the following command[^2]:
You can add `CAP_NET_BIND_SERVICE` to the executable directly using `setcap`, allowing it to bind to any port. Run the following command[^2]:
```bash
setcap 'cap_net_bind_service=+ep' /path/to/program
```
Note that this means that anyone with permission to run this program will be
able to run it and bind to any privileged ports.
Note that this means that anyone with permission to run this program will be able to run it and bind to any privileged ports.
Other caveats[^2]:
> 1. You will need at least a 2.6.24 kernel
> 2. This won't work if your file is a script. (ie, uses a #! line to launch an
> interpreter). In this case, as far I as understand, you'd have to apply the
> capability to the interpreter executable itself, which of course is a
> security nightmare, since any program using that interpreter will have the
> capability. I wasn't able to find any clean, easy way to work around this
> problem.
> 3. Linux will disable LD\_LIBRARY\_PATH on any program that has elevated
> privileges like setcap or suid. So if your program uses its own .../lib/,
> you might have to look into another option like port forwarding.
> 2. This won't work if your file is a script. (ie, uses a #! line to launch an interpreter). In this case, as far I as understand, you'd have to apply the capability to the interpreter executable itself, which of course is a security nightmare, since any program using that interpreter will have the capability. I wasn't able to find any clean, easy way to work around this problem.
> 3. Linux will disable LD\_LIBRARY\_PATH on any program that has elevated privileges like setcap or suid. So if your program uses its own .../lib/, you might have to look into another option like port forwarding.
[^1]: https://github.com/go-gitea/gitea/blob/3416e2a82586fca4cd452b93237b979300f55d62/contrib/systemd/gitea.service#L69
and https://stackoverflow.com/a/47065825
[^1]: https://github.com/go-gitea/gitea/blob/3416e2a82586fca4cd452b93237b979300f55d62/contrib/systemd/gitea.service#L69 and https://stackoverflow.com/a/47065825
[^2]: https://stackoverflow.com/a/414258

22
content/blog/checkra1n-gui-on-other-distros/index.md
View File

@@ -29,19 +29,11 @@ You can run the GUI version of checkra1n on non Debian-based distributions.
## Introduction
The official cross-distribution build of checkra1n only contains a CLI and TUI.
However, the version available in the
[checkra1n APT repository](https://checkra.in/linux) also contains a GTK-based
GUI which can be accessed using the `--gui` flag, or the included
`checkra1n.desktop` file.
The official cross-distribution build of checkra1n only contains a CLI and TUI. However, the version available in the [checkra1n APT repository](https://checkra.in/linux) also contains a GTK-based GUI which can be accessed using the `--gui` flag, or the included `checkra1n.desktop` file.
## Other Distributions
First, download the Debian package available at
`https://assets.checkra.in/debian/checkra1n_VERSION_amd64.deb` (as of writing,
`VERSION` is currently `0.12.2`). Then, extract the `checkra1n` executable from
the package, and install the correct shared libraries. Here are the most
important ones, and their corresponding package names on Arch Linux:
First, download the Debian package available at `https://assets.checkra.in/debian/checkra1n_VERSION_amd64.deb` (as of writing, `VERSION` is currently `0.12.2`). Then, extract the `checkra1n` executable from the package, and install the correct shared libraries. Here are the most important ones, and their corresponding package names on Arch Linux:
- libimobiledevice-1.0.so.6 (`libimobiledevice`)
- libirecovery-1.0.so.3 (`libirecovery`)
@@ -49,14 +41,10 @@ important ones, and their corresponding package names on Arch Linux:
- libplist-2.0.so.3 (`libplist`)
- libncurses.so.5 (`ncurses5-compat-libs`)
I found these by running the binary and then finding and installing the package
that contained the shared object I was missing.
I found these by running the binary and then finding and installing the package that contained the shared object I was missing.
I also made an AUR package named
[`checkra1n-gui`](https://aur.archlinux.org/packages/checkra1n-gui),
which does all this automatically.
I also made an AUR package named [`checkra1n-gui`](https://aur.archlinux.org/packages/checkra1n-gui), which does all this automatically.
## Conclusion
As I expected, there is nothing preventing the checkra1n GUI from working on non
Debian-based distributions (as far as I can tell).
As I expected, there is nothing preventing the checkra1n GUI from working on non Debian-based distributions (as far as I can tell).

4
content/blog/edited-in-middle-of-message-discord/index.md
View File

@@ -19,9 +19,7 @@ resources:
---
With a bit of trickery using the RLE character (U+202B), you can get the
`(edited)` text on a message to be somewhere other than at the end of the
message.
With a bit of trickery using the RLE character (U+202B), you can get the `(edited)` text on a message to be somewhere other than at the end of the message.
<!--more-->

3
content/blog/text-substitution-in-discord-using-sed/index.md
View File

@@ -28,8 +28,7 @@ Discord has (very primitive) support for text replacement using `sed` syntax.
{{< video src="example.mov" title="Example Video" >}}
If you send a message using `sed` substitution format (`s/old text/new text`),
Discord will execute it on the message you've last sent.
If you send a message using `sed` substitution format (`s/old text/new text`), Discord will execute it on the message you've last sent.
## Caveats