Hi, #libranet

Unless it's my browser's fault, when sharing something via bookmarklet, and not logged in, it redirects to a page that has a login form 100% width of the screen.



Jane Smith

Birthdays and Events on top of stream

I've disabled the display of birthdays and events. I think the themes (especially frio) are looking better w/o these lines. This is a server config option.*ΒΉ So, it is disabled for all profiles on libranet.de. The calender for birthdays and events is still working.

hide_eventlist (Boolean) - Don't show the birthdays and events on the profile and network page => true

If you really need or love this feature please complain and I'll consider going back to default setting.

#libranet #config #events @{Libranet Support; support@libranet.de}

*ΒΉ - maybe we should change that to an user setting

Steffen K9


Registered users


#libranet #friendica @{Libranet Support; support@libranet.de}

Steffen K9

Prosody XMPP upgrade

The Prosody XMPP server running on libranet.de has been upgraded to the latest major version (0.9.12 -> 0.10.0).
If you encounter any problems, please report.
Thank you.

#libranet #xmpp #prosody #upgrade

Libranet Support

Switched to Friendica 3.5.3-rc branch

I've switched this ~friendica instance from develop to RC branch. All the bug fixes for the upcoming 3.5.3 release are merged now. If you experience any problems please report here or at the global support forum.
Thank you.

#libranet #friendica #update

Libranet Support

Kernel update

I've updated the kernel. A reboot is required and will be done at 20:00 UTC. #libranet

Libranet Support

Announcement channel for LIBRANET.de

β™² libranet@mastodon.social:

Test announcement from Mastodon. πŸ“£

I registered an account on mastodon.social for maintenance announcements und general informations about the services running on libranet.de. It will work even if something horrible happens to my server. 😱 You can find informations about updates, performance issues or major incidents there if libranet.de is in trouble or temporarily not available.

➑️ <https: @libranet="" mastodon.social="">

You may also use an OStatus/Mastodon app to get notifications. I promise not to spam you (too much). 😁

#libranet #support @{Libranet Support; support@libranet.de} @{libranet; libranet@mastodon.social}</https:>

Steffen K9

Security and Privacy related Headers for libranet.de

I checked my site on <https: observatory.mozilla.org=""> - thanks for the hint @{Holger; holger@diaspora.zone}

I have reconfigured my .htaccess with some of the recommendations:
&_lt_;IfModule mod_env.c&_gt_;<br></br># Add security and privacy related headers<br></br>Header set X-Content-Type-Options "nosniff"<br></br>Header set X-XSS-Protection "1; mode=block"<br></br>Header set X-Permitted-Cross-Domain-Policies "none"<br></br>Header set X-Frame-Options "sameorigin"<br></br>Header set Content-Security-Policy "default-src 'none'; connect-src 'self'; font-src 'self'; img-src 'self' data: <a href="https://i.ytimg.com;" target="_blank">https://i.ytimg.com;</a> media-src <a href="https://video.twimg.com;" target="_blank">https://video.twimg.com;</a> script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'"<br></br>SetEnv modHeadersAvailable true<br></br>&_lt_;/IfModule&_gt_;

I'll watch how this works. I think the Content-Security-Policy header can be improved. Please report if something is broken. Could be problematic for embedded media content.

Another part with possible improvements:

Session cookie set without the Secure flag, but transmission over HTTP prevented by HSTS

I think this has to done by the developers, I guess.

@{Libranet Support; support@libranet.de} #libranet #security</https:>

Observatory by Mozilla

Steffen K9

Server hygiene

I deleted approximately 70 dead Friendica accounts from libranet.de over the last week (315 remaining).
Today I searched for inactive accounts on my XMPP server and deleted 260 accounts (138 remaining).
prosodyctl mod_list_inactive libranet.de 1year default
#libranet #friendica #xmpp #tabularasa @{Libranet Support; support@libranet.de}

Steffen K9

libranet.de kernel update

I've updated the kernel of my machine. A reboot is required. Reboot in 3, 2, 1 ...

#libranet #reboot @{Libranet Support; support@libranet.de}

Steffen K9

Libranet.de: Stronger Cipher Suite and no TLSv1

I've disabled the TLSv1 protocol for Apache web server and Prosody XMPP server. I also applied a stronger cipher suite for Prosody to enforce the usage of ciphers with Perfect Forward Secrecy.

I've tested HTTPS connections with Firefox and Chromium and XMPP connections with Conversations and Gajim. Works like expected.

Please note: Older browsers like IE up to version 10 and Android up to version 4.2 cannot connect to libranet.de anymore due to a protocol/cipher mismatch.

@{Zot universe NEWS ; zotnews@parlementum.net} #libranet #security #friendica #jabber #xmpp #hubzilla

Steffen K9

root@libranet:~# reboot

Kernel update done. Need to reboot the server in 3, 2, 1...

@{Libranet Support; support@libranet.de} #libranet #reboot

Steffen K9