HackerTrans
TopNewTrendsCommentsPastAskShowJobs

stonesweep

no profile record

comments

stonesweep
·5 yıl önce·discuss
I've been a satisfied customer of https://uptimerobot.com/ for years, they have a very generous free tier (50 monitors @ 5m) and they have been extremely reliable, friendly and non-spammy as a service.
stonesweep
·5 yıl önce·discuss
You don't know you have a CVE until you have a CVE, it's not hard to find any given story of bugs being found a decade later with high vulnerability scores. https://securityboulevard.com/2020/07/microsoft-patches-17-y...
stonesweep
·5 yıl önce·discuss
I dug up the first one real quick for you, at the time I was just reviewing issues to see if I could help (codeberg) and browsed the list - you can farm here, and they tend to create an upstream issue in Gitea and link to it for many of the items (provide a good feedback loop to upstream):

https://codeberg.org/Codeberg/Community/issues/355

(edit: grammar)
stonesweep
·5 yıl önce·discuss
Please do not follow this blog's advice of compiling your own cgit with a git pull off master; the blog author is now (a) using some random commit point (untaggged release) which contains who knows what, and (b) has to now manually upgrade cgit for the life of his server. At this exact moment there are 13 commits on master ahead of the latest tag, who knows what that might be. https://git.zx2c4.com/cgit/log/

Find a repo (apt/PPA, dnf/EPEL, AUR, whatever works for you) and use a repo to manage your server software unless you have no other choice than to hand-compile it. Hand-compiling server daemons like this means they never get upgraded with bugfixes and CVE issues regularly - this isn't 1995, we did this back then because we had to do it. It's not a good idea in 2021 to be doing this unless you're going to hand-manage that cgit binary every day of your life going forward, this is an internet facing endpoint which will get people probing it to attack (assuming you used a cloud server).

If nothing else, clone off the last tagged release by the upstream authors not HEAD.
stonesweep
·5 yıl önce·discuss
I tried out Gitea hosted via codeberg, and within a week disabled my account - Gitea allows usernames to be reused, there were bugs allowing people to push repos into other people's accounts (someone ran rampant on codeberg), you can view private repos via the Pages system and whatnot. In many of the issues, the current state is "it's a problem with Gitea" such as: https://codeberg.org/Codeberg/Community/issues/356

HN readers are downvoting you, but Gitea's problems are real and they exist. Enough of them are listed in codeberg's issue pages that I felt the software/platform is very buggy and has a lot of security issues as just a generic user with one week of experience, much less an admin.