Skip to content

Pale Moon’s developers’ strange conception of privacy

I don’t often talk about Pale Moon (or is it Palemoon?), but I still have it installed, even on my last PC which I set up a year ago only. I don’t use it much, but I find it convenient to have it as a default browser, so that shitty surprise link-openers all end up in a dedicated space that never has direct Internet access without my firewall asking me for permission first. The silly things we have to do to compensate Windows’s faults… 🙄

Today was no different, and some random crapware fired up Palemoon to open a surprise link. But for some reason I hung around a bit, and ended up on the Palemoon forums. And a topic caught my eyes: “Remain active to keep your account”. Beside my interest for privacy, a reason why it caught my eyes is that they use phpBB, and I’ve run phpBB for a long time in the past and as far as I remember, account deletion with this has always been a tricky matter (like with most bulletin board software). Although maybe it’s different now with GDPR, I don’t know, my use was a while before this law.

The first post explains, to put it simply, that they now purge inactive accounts after roughly 2 to 3 years (in January every year, accounts inactive for over 2 years are goners). They describe the “purge” as removing all account data except the nickname and the posts, and explain that this comes from their privacy policy.
Gladly, someone eventually called them out on this:

I actually don’t […] understand what this has to do with privacy. If an account […] is removed and the only two things remaining is said nickname and the post(s) attached to it, this doesn’t fulfill the users “Right to be forgotten” but only removes his opportunity to have control over his posted content, eg. deleting or adapting his posts later on.
Thus […] it actually decreases the adherence to the principle of “My data belongs to me” because you lock out the owner […]

The lead developer’s (I think) response is… wild:

There is no “right to be forgotten” as in a right to erase your entire footprint from history. There is only the “right to have your personally-identifiable information removed”. A nickname is not personally-identifiable information.

First, GDPR doesn’t talk about “personally-identifiable information” but simply about “personal data”, plain and simple. Let’s not make up big obscure expressions to try and get people confused. Personal data. Two words, 12 letters, no dash.

Second, Article 4 of the GDPR (Chapter 1) defines personal data very clearly (but broadly): ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

With that in mind, a nickname taken purely alone isn’t personal data. But first, it is never alone: at the very least, it is accompanied by “a person with this nickname had an account there”. Second, it is an online identifier which might be linked to an identifiable natural person, for instance if the nickname looks like “FirstnameLastname”), or is something the user used elsewhere too, or if the user included contents that made them identifiable (even indirectly) in their forum posts, or if the forum software keeps IPs and timestamps after the purge (something not indicated, a long time ago phpBB did keep IPs forever, but I don’t know if this is still the case).
In all these cases where the nickname can be linked to a natural person, then all the other data that are kept along with it (and there is always at least a tiny bit of those) are personal data.

The response continues:

Even users with active accounts can’t delete their own posts after a short grace period, so in that respect there is 0 difference, and nothing is “taken away” from users who have their personally-identifiable information removed from the database in a purge.

So this is even worse, and it looks like someone never heard that two wrongs don’t make a right.

And it goes on to my favorite:

On top, as with any website you use with a posted privacy policy, it is your responsibility to be aware of the practices of the websites you make use of, including any data purges that may be part of account management. Ignorance of our privacy policy is no excuse.

That’s very American: “My Terms of Use are Law”. But in some countries, notably where the GDPR comes from, you can’t strip people of their rights via crappy Terms of Service. “Ignorance of our laws is no excuse”, I could say.

Another user then raised other interesting points (but less privacy-oriented), the developer also insisted a bit more on “we do that primarily to protect you / your data / your privacy”, so go have a read if you wish and haven’t already.

That said, that last quote did contain a valid remark: I should read that privacy policy, shouldn’t I? But… where the hell is it? I looked a bit everywhere in the forums, even went to the registration form, because of all places, that’s the one where you are usually welcomed with the whole legal jibber-jabber, and… Nope, not here not there. Not even a mention in the board rules. So much for “you should know our privacy policy” if you keep it hidden, huh?
I did not give up though, and I cheated. It didn’t get me directly there, but I found this post, with a promising link to http://www.palemoon.org/privacy.shtml, but… it’s dead. Ugh. But from here I found a privacy link in the footer, and that was it, yay.

Now I won’t comment it in full because 1) that’s wasn’t quite the point of this post, which just started as a rant about how stupid it is to delete user accounts while retaining their username and posted contents and proudly claim you do that for the sake of protecting their privacy, 2) that privacy policy seems to cover Pale Moon operations as a whole and more particularly the browser and 3) I’m not a lawyer anyway. But 2 things caught my attention.

First, the data pruning part, since this is what started all this. The funny thing about it is that the privacy policy never says precisely what data is purged vs what is kept. You have to go to the forum post I’ve been rambling about here in order to find the details. So much (again) for “you’re supposed to know our privacy policy by heart”: even if you do, you don’t really know what’s going on with the purges…

Second, a juicy part because it’s plain and simple in violation of GDPR. The rest of my rant points out questionable ethics, but nothing absolutely broken, as I assume it may ultimately be treated via human intervention for the most problematic cases. And precisely this part is about human intervention:

You may instruct us to provide you with any personal information we hold about you. Providing said information will be subject to (in that order):
1. The payment of a non-refundable fee (fixed at €10).

I will just copy here Paragraph 5 of Article 12 of GDPR (Chapter 3, Section 1):

Information provided under Articles 13 and 14 and any communication and any actions taken under Articles 15 to 22 and 34 shall be provided free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may either:
(a) charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or
(b) refuse to act on the request.
The controller shall bear the burden of demonstrating the manifestly unfounded or excessive character of the request.

In case you didn’t know (and didn’t guess either), those Articles 13 to 22 are basically those about the right to access/modify/delete your data. Basically, if you don’t do it too often (and in particular if you do it only once) and you didn’t flood the forums with your personal data, it should MUST be free.

A positive note

Yup, I put the only header in this wall of text here just to catch your attention down there.

All that being said, the privacy policy is otherwise globally sensible and no worse than many, many others, and in particular better than those that massively screw you despite following GDPR to the letter – hurray for the “legitimate interest” loophole. The browser is globally good (otherwise I wouldn’t have it installed…) and, even more importantly, is part of the very exclusive club of “Browsers that are not yet-another-ChromeCrap but are not Lynx either”.
If you had never heard of it, you should give it a try. If it was for you a distant memory, maybe have a quick look at it again. If you’re under 20, maybe run it to see what browsers used to look like when you were in elementary school or kindergarten (or below). If you’re a web developer, try running your projects in it to see how far you’ve strayed from the good old simple web (Pale Moon’s rendering isn’t that outdated, but still you can tell it doesn’t like fancy-fatty front-end frameworks much).

My (much longer than planned) rant was mostly about the attitude rather than big privacy issues. This paternalistic “we do [insert crap here] to protect you because we know what’s good for you [and you don’t]” mindset is bad and terribly annoying, and should remind us all that the road to Hell is paved with good intentions.

Update on 2023-12-29

Something quite hilarious happened to me a few minutes ago. Well it’s not hilarious in itself, but it is when you consider I wrote this lengthy post not even 48h before.
While we have these guys here who find it normal to delete (or, more accurately, deadlock) forum accounts after 2 years, I just visited a forum for the first time since 2 years, 5 months and 5 hours (give or take a few minutes), which was on a different computer, and I… was still logged in!!
And to think that if this had been the Pale Moon forums, my account would be not just logged out, but gone*. Choices, eh. (also congrats Flag Counter, you get the “don’t bother me with forms” platinum medal, please do keep it up)

* okay, this was for the dramatic effect, as technically it might be gone or not be gone, because the purge occurs “around the beginning of the year”

Update part 2: I realized, while writing the small note right above, that they use CloudFlare and they block Tor. But they “care about privacy”. That’s hilarious too.

Posted in privacy, Totally pointless.

rev="post-4696" No comments

By patheticcockroach 2023-12-27

How to set up an OpenVPN server on Linux

Due to how long this guide is, despite the fact that I made it as minimalist as possible, I will keep kept my remarks and comments in a separate post, except from the bare minimum.
Here I will just point out that I tried to make this as straight to the point as I could, with the sole objective of getting “something that works”, with, in particular, little to no consideration for security aspects and nothing that isn’t strictly necessary. This guide will (should) get you as fast as possible with a working setup (including connecting your OpenVPN client to it), but leaves a lot of room for post-install improvements.

Prerequisites

My objective was to set up an OpenVPN server on a VPS running Debian 12, so obviously having exactly that would be ideal. But any machine or virtual machine with Debian or Ubuntu should do, possibly with some tweaks. Any decent Linux distro should do too, but then with even more modifications.
Have root access on it.
We’ll do everything as root here for the sake of simplicity (again and for the last time, this guide is not security-focused). You’ll have to “sudo” most of the commands if you don’t. And, I guess, work from a different folder.

Installing OpenVPN

apt-get install openvpn

Installing EasyRSA

I didn’t manage to use the one from the package manager, so I just grabbed this 3.1.7 release, extracted just the “easyrsa” file, and uploaded it inside the /root/easyrsa folder (so the file’s full name is /root/easyrsa/easyrsa)
Alternatively, you can just wget a slightly different version.

Assuming you are currently in /root:

mkdir easyrsa
cd easyrsa
wget https://raw.githubusercontent.com/OpenVPN/easy-rsa/v3.1.8/easyrsa3/easyrsa
chmod 744 easyrsa

Generating keys and certificates

Initialize a new Public Key Infrastructure (PKI), generate a Certificate Authority (CA) keypair, and copy the CA public key to the OpenVPN config folder:

./easyrsa init-pki
./easyrsa build-ca
cp pki/ca.crt /etc/openvpn/server/

Make sure you take note of the password you choose for the CA, as you can’t leave it empty and you’ll need it later. Beside that, you can leave all default values for the rest of the prompts.

Generate the server key and certificate, the Diffie-Hellman (DH) parameters file, the Hash-based Message Authentication Code (HMAC) key

./easyrsa gen-req server01 nopass
openssl dhparam -out /etc/openvpn/server/dh.pem 2048
openvpn --genkey secret /etc/openvpn/server/ta.key

Sign the server certificate, and copy the server key and certificate to the OpenVPN settings folder:

./easyrsa sign-req server server01
cp pki/issued/server01.crt /etc/openvpn/server/
cp pki/private/server01.key /etc/openvpn/server/

Generate the client key and certificate, sign it and copy it (just the certificate) to the OpenVPN settings folder:

./easyrsa gen-req client01 nopass
./easyrsa sign-req client client01
cp pki/issued/client01.crt /etc/openvpn/client/

Generating the client profile

Get ovpngen:

wget https://raw.githubusercontent.com/graysky2/ovpngen/master/ovpngen
chmod 744 ovpngen

Then generate the profile. Note that we are still working in the /root/easyrsa folder, which we haven’t left since we created it at the beginning of the guide:

./ovpngen [server IP] pki/ca.crt pki/issued/client01.crt pki/private/client01.key /etc/openvpn/server/ta.key > client01.ovpn

I won’t detail how to configure your OpenVPN client, but basically you just need to install an OpenVPN client like the one here https://openvpn.net/community-downloads/, then import that client01.ovpn file in it and you can connect.
Except we’re not done yet, with configuring the server

Configuring and starting OpenVPN

Copy the sample configuration file into the OpenVPN settings folder, then open it with nano:

cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf /etc/openvpn/
nano /etc/openvpn/server.conf

In this file, set these values:

port 1194
proto udp
dev tun
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/server01.crt
key /etc/openvpn/server/server01.key
dh /etc/openvpn/server/dh.pem
tls-auth /etc/openvpn/server/ta.key 0

Also uncomment these lines:

push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"

Finally, start OpenVPN:

systemctl start openvpn@server

First test

You can skip this as we’re not fully done yet, but you now have enough to be able to connect your OpenVPN client to your OpenVPN server. If your are unable to connect, you should probably double-check that you didn’t miss anything.
However, if you check it, you’ll notice that your IP still is your client machine’s IP, not your server’s IP… So on to the next part.

Setting up the server’s networking parameters

Enable IP forwarding:

nano /etc/sysctl.conf

add at the end:

net.ipv4.ip_forward=1

Find the name of your server’s public network interface. It may often be “eth0”, but for me it wasn’t:

ip route | grep default

it will output something like

default via [default gateway IP] dev ens6 proto dhcp src [server IP] metric 100

In this, the value of interest is what’s after “dev”, so in my case, “ens6”

Set up a firewall rule to enable “masquerading”, a network address translation (NAT) setup allowing traffic from the VPN network (10.8.0.0/24) to exit via your server’s public network interface:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ens6 -j MASQUERADE

(of course, replace ens6 with the value you found above)

Final test

That’s it, you should now have enough to connect to your OpenVPN server, and then actually use the server’s IP address from your client machine.

Further improvements

As indicated at the start, here I focused on just getting something working as fast as possible, and (some) further improvements will be discussed in the complementary post that is to come in order to keep this post short(-ish).
But I feel that there is still something important missing, even for “something that just works”: making sure the described setup still works… after a reboot.

For this, 2 things which I actually haven’t tested as I’m writing these lines:
1) Save the iptables parameters:

iptables-save > /etc/iptables/rules.v4

2) Make the OpenVPN service run at startup:

systemctl enable openvpn@server

And now, that should be it.

Posted in Internet, privacy, servers.

rev="post-4693" No comments

By patheticcockroach 2023-12-24

More various drafts again

Well it’s been a long while (pretty much over a decade) since the last similar post, so I guess I can allow myself to post this and empty my todo list from these posts I’ll never find time to properly wrap up.

Most of the links I put down there are not clickable, that’s on purpose because, as I don’t have time to compose the post properly, I don’t have time to decide what’s really relevant and what should rather be dropped. And I don’t want to end up with a ton of not-so-relevant links, thanks stupid search engines (looking at you big G) and the ridiculous SEO constraints they put on us.


Why iframes are kind of dead now (not sure why I had this pending, unlike other crap Firefox did this one seems to mostly make sense): https://support.mozilla.org/en-US/kb/xframe-neterror-page


Firefox 98 totally fucked up how downloads are saved by default: https://support.mozilla.org/en-US/kb/manage-downloads-preferences-using-downloads-menu
That one is annoying, as far as I remember now every time I set up Fx I have to manually that that for each file type I want Fx to ask where to save it, while before you had a global toggle for it. Not 100% sure they haven’t improved it since then, but still it shows they do employ moronic designers.

How to prevent Windows from turning off idle hard drives

This one deserves a bit of context.
On my previous computer, I was able to configure when to turn off idle hard drives right from the Windows power management settings (I won’t go into details here, it’s easy to find by yourself in the settings, and if not you can find plenty of written or video guides elsewhere, including in the 2 links I post below as they cover both methods). But on my newest one, running Windows 10 just like the other, the power management settings have somehow much much fewer options and in particular nothing about how long to wait before turning off an idle hard drive. Worse, the default settings felt incredibly short, and indeed it turned out they were like 10 to 30 seconds (I don’t remember the exact value, but that’s the order of magnitude and it was definitely NOT the 20 minutes default that I read about in one of the linked articles).
So needless to say it was hard on my external HD, and also hard on me because any time I waited a tiny bit between 2 file accesses on it, I had to waste precious seconds waiting for the HD to start spinning again.

So I had to look how to directly configure that, via console commands. I don’t remember exactly how I found the proper commands, as the links I saved don’t have them all. Maybe I just figured them myself by reading the help (with command powercfg /?).
First the links:
– https://www.tenforums.com/tutorials/21454-turn-off-hard-disk-after-idle-windows-10-a.html
https://www.top-password.com/blog/prevent-windows-from-turning-off-hard-drive-after-idle/ ⇐ this one is shown in a code tag because WordPress somehow tried to include a miniature of that post in my post… FFS when will they stop forcing stupid shit on us by default?

Then the commands:
powercfg /LIST ⇒ list power schemes
powercfg /Q 381b4222-f694-41f0-9685-ff5bb260df2e ⇒ show details of the current power scheme. It can be different for you, just copy the appropriate ID from the list. You may want to do that for several power schemes if you do you several power schemes. I just use the one.
That list is quite big, but should hopefully not exceed the console history size (at least in ConEmu that was fine for me)
powercfg /Q SCHEME_CURRENT ⇒ same as above but using the alias. Should work, but in case it does not, you know how to get the GUID
powercfg /Q SCHEME_BALANCED SUB_DISK DISKIDLE ⇒ to just get the value that interests us, with aliases and supposing the active plan is balanced (you can just use SCHEME_CURRENT, I used balanced here just for variety)
powercfg /Q 381b4222-f694-41f0-9685-ff5bb260df2e 0012ee47-9041-4b5d-9b77-535fba8b1442 6738e2c4-e8a5-4a42-b16a-e040e769756e ⇒ same with GUID (you can mix GUIG and aliases, too)
powercfg /SETDCVALUEINDEX SCHEME_BALANCED SUB_DISK DISKIDLE 0x8ca0 ⇒ sets the idle off timer to 10h (36000 seconds).
I noted that I used hexadecimal because, at the time I first tried, decimal values didn’t think to work, but as I’m writing this post while messing with the settings again, I realize that decimal values now work… Also worth noting, it seems that my external HD now never turns off, I’m not sure why as I realize that it should turn off after “only” 10h with those settings (before looking into this today, I believed I had set this to something much higher, given that I don’t care much about this drive staying on all the time when it’s plugged). Maybe the computer touches it more than once every 10h and thus it’s never idle that long. Or maybe I screwed up another setting.
powercfg /SETACVALUEINDEX SCHEME_BALANCED SUB_DISK DISKIDLE 36000 ⇒ sets the idle off timer to 10h, for when the computer is connected to external power (yup that’s a laptop, and the previous setting with for battery power)

Last but not least, reboot. The settings won’t apply until then (even though they show as modified if you run powercfg /Q SCHEME_CURRENT).

That’s all for now, I hope this helped

Posted in published drafts.

rev="post-4691" No comments

By patheticcockroach 2023-12-12

aToad #33: OneClickFirewall & simplewall

More free firewalls, one being open-source

I’ll be brief because I haven’t tested them (yet), as I’m still on Comodo Firewall.

I was starting my computer and noticed, as usual, a notification from my firewall asking what to do about freaking NVDisplay.Container.exe that keeps trying to connect. But this time I figured I tried to look a bit more into it – not really hoping much but rather a bit curious about what other people say/do about it. One of my first results was this forum (yay) post on Techpowerup (yay again, forums are not all dead, and memories from this site that I used to visit a lot more in the past).

There wasn’t much to see though, just basically a confirmation of what I suspected: NVDisplay.Container.exe tries to connect to update stuff like its DLSS libraries and can’t be prevented from doing so because NVIDIA. The more interesting part of this thread though, was a couple of people went on talking about their own current firewalls. So I figured, the thread is recent (less than 2 months ago) and involves people who care about properly blocking telemetry crap, so let’s pocket the list of those firewalls for future use. So the 3 nominees are:

  • Comodo Firewall, which I already mentioned
  • OneClickFirewall, which seems to have been last updated in 2016, but is also reportedly still working
  • simplewall, which is FLOSS / free software, was first released in 2016 (a few months after OneClickFirewall’s last update), and seems to be really actively maintained

I don’t have time to mess around with my firewall now, and Comodo works fine and is all set up, but next time I set up a computer I’ll be sure to give simplewall a try first. Beside being free and open source, it’s incredibly lightweight (<1 MB), has a portable mode, blocks everything by default and more generally seems quite targeted at power users who don’t want obscure shenanigans on their network.

Update (2024-10-22): Fort Firewall

I was about to make a new post for it, then I realized that my latest “aToad” to date was already a firewall. So I recently found that “Fort Firewall” in a software discussion group, and I haven’t tried it either but it seems quite similar to the above-mentioned simplewall (which, on a side note, seems to have killed off its former website and decided to move exclusively on GitFreakingHub).

If I had to judge from the screenshots, I’d say Fort Firewall looks a little bit… simpler than simplewall, and by this I mean a positive simple, like easier to use/more intuitive UI. But they both look good enough to me.

Do note that they both seem to be a single-man project, with, for each, one main contributor who seems to have been doing absolutely all the programming, and a limited number of secondary contributors who seem to have committed only translation-related things. It doesn’t mean they’re bad, and I know how hard it is for open source projects to get contributors, but… you know how they say “it’s safe because anyone can read the code”? Well I haven’t read the code, and the contributor lists contain no proof suggesting anyone else has either.

Posted in A Tool A Day, Internet.

rev="post-4683" No comments

By patheticcockroach 2023-05-21

How to permanently disable Windows Defender in Windows 10 21H2

It appears that Microsoft made it harder to get rid of Windows Defender in the latest versions of their out-of-control OS.

Previously, in version 1607 for instance, you could simply disable it by opening the Local Group Policy Editor (just start typing it in the Start Menu to find it), going to Computer Configuration => Administrative Templates => Windows Components => Microsoft Defender Antivirus and setting “Turn off Microsoft Defender Antivirus” to “Enabled”.
Later on, they added a “Tamper Protection” in Windows Security settings that you must first turn off in order to be able to enable the above-mentioned policy (see below for more details).

Now, they made it so that if you only do those 2 things, or equivalent stuff described for instance there or there, Windows Defender will eventually (and much sooner than later) re-enable itself, removing your added registry keys and/or policies. It took me a few days of “trial and error” (or should I say, trial and getting screwed by MS) to figure it out, and maybe what I ended up doing is a bit overkill, but here is what worked for me:

Step 1: disable everything in the Virus & threat protection settings (you should be able to search for these straight from the start menu or from the settings “app”). Which, as I’m writing those lines, is:

  • Real-time protection (the one that said “yay you can disable me but f*** you I’ll re-enable myself very fast anyway, haha, screw you, user”)
  • Cloud-delivered protection
  • Automatic sample submission
  • Tamper protection

Probably only the 4th one is truly needed here, as step 2 should take care of the rest, but it doesn’t cost much to click a few extra buttons, does it?

Step 2: go lock all this in the Local Group Policy Editor. Run it by typing its name in the start menu, or also via Windows key + R then “gpedit.msc”, then navigate to Computer Configuration => Administrative Templates => Windows Components => Microsoft Defender Antivirus and:

  • Set “Turn off Microsoft Defender Antivirus” to “Enabled” (yup, so intuitive, you need to enable a “disable-ation”… Microsoft is still Microsoft…)
  • Set “Turn off routine remediation” to “Enabled” too

Then go into the “Real-Time Protection” subfolder and:

  • Set “Turn off real-time protection” to “Enabled”
  • Set “Turn on behavior monitoring” to “Disabled”
  • Set “Scan all downladed files and attachments” to “Disabled”
  • Set “Monitor file and program activity on your computer” to “Disabled”

And that’s “all”. So simple. So user-friendly.
With all this, you’re still able to run quick scans manually if you wish, but they shouldn’t run on their default daily schedule anymore. And the virus database should still be kept up-to-date.
Reverting the changes is easily done by removing those policies and changing the settings back to what they were. I guess just removing some of the policies might even be enough, considering Windows Defender’s tendency to turn itself back on spontaneously.

That’s all folks, until the next stupid update that changes stuff you don’t want changed.

Posted in Windows 10.

rev="post-4678" No comments

By patheticcockroach 2023-03-06

aToad #32: JDiskReport

Quickly visualize which folders are taking the most disk space

I’m currently migrating to a new computer, and in the process I have to move (or, if it appears to be a better choice, drop) all my browser profiles. And as it turns out, after some years, they get big. Huge, I’d even say. Notably Vivaldi (which turned out impossible to move properly because the idiots will drop both cookies and extensions while pretending it’s a useful feature), even though I didn’t use it much: 1.5 GiB profile size, mind you. That’s a bit more than my main Firefox profile, which I’ve used a lot a lot a lot more and which, very notably, includes around 800 MiB just for Telegram local storage (or should I say included, now I removed it once and for all).

Anyway, I thought that even though I didn’t want to start from scratch, it would be nice to tidy up a little bit. But that profile contains so many folders… That’s where JDiskReport becomes useful. Even though the UI of the new version 2 isn’t quite finished (the top PITA IMO is that you can’t copy/paste a folder path but you have to browse to it), it’s a pretty convenient and light tool to visualize the respective size of subfolders. Great to target the few big ones so that you don’t waste time on the tiny ones.
I’m aware that there are some more integrated tools, but since it’s not something I use more than once on twice a year, I like the fast that it’s purely portable. Nothing to install (except see below), just download and run the 3 MiB JAR file.

There really isn’t much to say, except maybe that it’s written in Java so yup, you’ll need that annoying JRE (but you probably already have it anyway, and in this day and age it’s not that big nor slow anyway). My current favorite is Adoptium / Eclipse Temurin, just don’t forget to pick the JRE because the JDK, which the download page defaults to, is much fatter (yes, I said fatter, not faster).

Update (2023-03-01): I just ran this on my new computer, and it’s actually super fast. Analyzed a folder with 3k+ sub-folders and 20k+ files within a split second. I guess it was slow-ish on my previous computer because I had a really slow SSD on it.

Posted in A Tool A Day.

rev="post-4672" No comments

By patheticcockroach 2023-02-26

How to get rid of Booking’s permanent notification alert

There’s something very wrong with Booking.com‘s notification system. They notify you for a lot of useless crap, an you can’t even disable all notifications (talking about the website or in-app notifications here, obviously push notifications can at least be killed at the system or browser level).
In particular, I have a notification about 1 person liking my review more than 1 year ago, and this notification always comes back as soon as I just reload the page. Just to clarify, I’m talking about this little number:
Booking.com notification badge counter always enabled

I find this extremely distracting. Unfortunately, I didn’t find a way to get rid of this notification without getting rid of all of them, but I figured removing them all would be better than nothing. Particularly since important (and truly new) notifications arrive by e-mail and/or push, so not having that red number shouldn’t make you miss anything important.

My (imperfect) solution is then to set up a custom filter for uBlock Origin. In uBlock Origin, go to the settings, then “My Filters”, and add the following filter:
booking.com##.js-uc-notifications-bell-count.bui-bubble--destructive.bui-bubble-container__value.bui-bubble
This removes just the little red number, so you can still access the notifications by clicking the bell, only you’re not being constantly nagged about it.

You could also remove the whole bell if you prefer, with this filter:
booking.com##.js-uc-notifications-toggle.bui-button--large.bui-button--light.bui-button
But that’s a bit overkill IMO, as it will make it impossible to reach the notifications without disabling the filter every time. Considering how worthless this menu item is most of the time, I guess that’s no big deal, but still, as long as it doesn’t have the red number it just doesn’t catch my attention anyway.

Anyhow, special thanks to the idiots in charge of UX/UI at Booking! Smart people working in Big Tech, as usual…

Bonus: earn a bit of space at the top

If like me you don’t care about flights, car rentals and whatever is not hotels, you can get rid of that menu and reclaim a bit of vertical space in that space-wasting UI, with the following filter:
booking.com##.bui-tab--rounded.bui-tab--light.bui-tab--borderless.bui-header__tab.bui-tab > .bui-tab__nav

Note that, as you see, these are pretty long names, so I assume they may change slightly over time. As of 13 February 2023 they work. Maybe I’ll update the post from time to time, or maybe I’ll forget, but uBlock makes it easy to create your own filter anyway: just use the picker from the menu.

Posted in Totally pointless.

rev="post-4668" No comments

By patheticcockroach 2023-02-13

aToad #31: pdfescape, pdf2png, ilovepdf

Online services (“SaaS”, yuck) to edit, convert, split, merge, etc. PDF files

In my opinion, PDF is the most toxic file format ever. Not that it’s not convenient to share files that truly don’t need to be edited ever: that’s what it was created for, and at that it is decent enough. But so many people and companies use it all the fucking time to distribute bloody forms, which, as the name implies, will for sure need to be edited.

Of course, if you have the money and disk space to waste (and don’t mind installing software that poops all over your computer), you can get the official Acrobat Pro or Standard software for around 25$ a month (subscription-based local software, even more yuck than SaaS). Or they also do sell rent a SaaS version indeed. But unless you spend your days manipulating someone else’s PDFs, you can probably manage with a bunch of free tools.

I didn’t make an exhaustive comparison, the following are mostly the first tools that I found and that were fit for the job and/or tools that friends recommended me, but let’s say I’m happy enough with them. As happy as I can be when a dickhead shoves a PDF down my throat anyway.

  • PDF Escape: a PDF editor with all the basic features I ever needed: add text, fill form fields, add pictures. The user interface isn’t that great and there are a few bugs (notably, last time I used it, the whiteout zones didn’t appear in the final PDF when I opened it in Sumatra), but still they’re not major bugs and it works fine in Firefox.
  • PDF to PNG: as the name suggests, useful to convert a PDF to a PNG render. Damn useful because the assholes who give you PDF forms often want you to print them and scan them. It’s 2022 and I don’t have a printer, money is better spent elsewhere. That site also has a few other converters and tools, like PDF to and from DOC, JPG, PNG, a PDF compressor (this one is also nice for when people give you huge PDFs to send them back but put a silly low size cap on the form to send it back) and a PDF combiner / merger
  • I Love PDF: what an ironic name. Has all the tools of the previous 2 (except the PDF to PNG conversion, it only does JPG for some reason) and more, notably splitting a PDF and extracting or reordering pages

Last but not least, obviously there are privacy/security concerns with uploading your data to someone else’s computer. It’s obvious but it has to be said.
Unfortunately, I’m not aware of good and free PDF editors that you can run locally, although I was able to do some really nice edits with Inkscape… at the cost of spending way more time on it than I wish I had: that’s a tool for when you need to edit a PDF in a way that it looks like it hasn’t been edited, not for when you just need to fill a form. But otherwise, you can find tools, like PDF Suite 2021, that sell a lifetime license at the price of once month of Acrobat subscription, so that could be worth the try.

Posted in A Tool A Day, Adobe.

rev="post-4659" No comments

By patheticcockroach 2022-10-31

Unbanning an IP from fail2ban

TL;DR

fail2ban-client set [jail name] unbanip [the IP]
for instance
fail2ban-client set sshd unbanip 123.123.123.123

Details

It’s this time of the year again. Time to get a new VPS or dedicated server, put the latest LTS Ubuntu on it, and configure it as close as possible to the one I set up X years before in order to then migrate. Of course, usually, “as close as possible” still means finding wtf happened to the configuration options and features you were using before, if not wtf happened to whole pieces of software…
Anyhow, in this process, I sometimes get a bit lost in what accounts exist, what credentials they use and, after one too many tries, end up banned by fail2ban. I could just wait it out, but this time I figured, it’s my server I should unban myself damnit.

The short version is:
1) if you are the one banned, get an alternative access to the console. For instance you could use Webmin. Or a VPN, or your phone connection to log in to SSH from another IP.
2) list jail names:
fail2ban-client status
3) decide which one issued the ban (should be easy if you got your own self banned, otherwise see longer version below)
4) unban the IP:
fail2ban-client set [jail name] unbanip [the IP]
For instance, if you got banned while logging in to SSH from IP 123.123.123.123:
fail2ban-client set sshd unbanip 123.123.123.123

Longer version / some more details:
Check if the IP is banned in iptables (NB: for some reason, for me iptables didn’t list all the IPs that could be listed directly from fail2ban-client status [jail name], so if you can’t see the IP you’re looking for here here, I guess just move on to the other options):
iptables -n -L
and/or check the ban logs:
sudo zgrep 'Ban' /var/log/fail2ban.log*
(or just the latest logs, which should usually be enough)
sudo zgrep 'Ban' /var/log/fail2ban.log
(or just the end of it)
tail /var/log/fail2ban.log
The log should mention the jail name as well. If unsure, use fail2ban-client status to list jail names.
You can also use fail2ban-client status sshd to check the list of banned IPs for one particular jail (here sshd)

Sources

Fail2Ban: how to unban IPs that are blocked?
Linux: Iptables Find / Check Banned IP Address

Posted in Linux, servers.

rev="post-4654" No comments

By patheticcockroach 2022-10-03

Looks like Mozilla is preparing a new shitty update

Among what appears to be okay-ish improvements to the download menu / panel / features / workflow, it seems that they plan to YET FUCKING AGAIN OVERRIDE a user-set preference / change a default behavior even for those who enjoy it and have been happily using it this way for years. People complaining are gently told to fuck off.

Brace yourself, this is coming in the next version, Firefox 98 (nice ridiculous version number btw, thanks Google for setting the trend and thanks ball-less Mozilla for following like a nice little poodle).

Thanks for doing all the same crap Chrome does. Sometimes I wonder why I still bother.
… oh, right, because they haven’t fucked up (yet) their proxy settings (notably SOCKS proxy support)

If I don’t forget to, I’ll probably update this post after release with the steps needed to go back to the previous, NORMAL AND SENSIBLE behavior.

Update (2022-04-03): well I didn’t completely forget to update, I just didn’t find any satisfying way to fix that crap :/ I just manually configured what to do with each file type, one by one (luckily there aren’t that many). What a user-friendly update!

Posted in Firefox, Totally pointless.

rev="post-4639" 2 comments

By patheticcockroach 2022-02-21