Tips

I wanted to create a DEV instance of sudonix, so went ahead and registered sudonix.dev, installed NodeBB, then recovered the database.

All good - apart from the fact that I consistently got the dreaded csrf invalid message… 😠

Here’s the log extract

2022-03-21T14:15:25.859Z [4571/91294] - info: Initializing NodeBB v1.19.5 https://sudonix.dev 2022-03-21T14:15:27.761Z [4571/91294] - info: [socket.io] Restricting access to origin: https://sudonix.dev:* 2022-03-21T14:15:27.858Z [4571/91294] - warn: [plugins] "@nodebb/nodebb-plugin-user-level" is active but not installed. (node:91294) Warning: Accessing non-existent property 'padLevels' of module exports inside circular dependency (Use `node --trace-warnings ...` to show where the warning was created) 2022-03-21T14:15:28.637Z [4571/91294] - warn: [plugins/load] DEPRECATION The hook filter:router.page has been deprecated as of v1.15.3, and slated for removal in v2.1.0. Please use response:router.page instead. The following plugins are still listening for this hook: * nodebb-plugin-write-api 2022-03-21T14:15:28.724Z [4571/91294] - info: [plugins/spam-be-gone] Settings loaded 2022-03-21T14:15:28.734Z [4571/91294] - info: [reputation-rules] settings loaded 2022-03-21T14:15:28.925Z [4571/91294] - info: [api] Adding 4 route(s) to `api/v3/plugins` 2022-03-21T14:15:28.936Z [4571/91294] - info: [router] Routes added 2022-03-21T14:15:28.947Z [4571/91294] - info: NodeBB Ready 2022-03-21T14:15:28.948Z [4571/91294] - info: Enabling 'trust proxy' 2022-03-21T14:15:28.950Z [4571/91294] - info: NodeBB is now listening on: 0.0.0.0:4571 2022-03-21T14:15:47.488Z [4571/91294] - error: [plugin/iframely] Could not parse embed: Failed to lookup view "partials/iframely-widget-card" in views directory "/home/sudonix.dev/nodebb/build/public/templates". Url: https://sudonix.com/topic/233/nodebb-welcome-message-with-logo-footer-change/3?_=1645445273209 Missing translation "2factor:title" for language "en-GB" Missing translation "qanda:topic_solved" for language "en-GB" Missing translation "qanda:topic_solved" for language "en-GB" Missing translation "qanda:topic_solved" for language "en-GB" Missing translation "qanda:topic_solved" for language "en-GB" Missing translation "qanda:topic_unsolved" for language "en-GB" Missing translation "qanda:topic_solved" for language "en-GB" Missing translation "qanda:topic_solved" for language "en-GB" Missing translation "qanda:topic_solved" for language "en-GB" Missing translation "qanda:topic_solved" for language "en-GB" Missing translation "qanda:topic_solved" for language "en-GB" Missing translation "qanda:topic_solved" for language "en-GB" Missing translation "qanda:menu.solved" for language "en-GB" Missing translation "qanda:menu.solved" for language "en-GB" 2022-03-21T14:15:48.899Z [4571/91294] - error: POST /logout invalid csrf token

Tried clearing cache, no dice. Tried incognito mode, no dice.

After some significant head scratching, it suddenly dawned on me that the cookie domain would need to be reset as this is a PROD database replica in a new domain.

To do this.

Open the mondogb console Select your database - in my case use sudonixdev; Issue this command db.objects.update({_key: "config"}, {$set: {cookieDomain: ""}}); Restart nodebb

Problem solved - able to login 🙂

What if you wanted to add a banner message to your chat messages, but didn’t know how? Here’s what that might look like, and how it would work

0b4a91a4-35e2-4780-b3fc-1b235e1516bb-image.png

I get a lot of support requests via Chat, and I can appreciate why because it’s convenient. However, whilst I’m helping you solve your issue, others are missing out on that information and resolution, so I will always request please that you ask questions in the forum categories, and only discuss sensitive information like usernames and passwords etc in chat.

Let’s get started. It’s very simple providing you know what to target, which requires some examination of the HTML structure. In this case, we are going to target element [component="chat/message"] because it’s the element we need to inject into

Firstly, the JS code

function chatBanner() { $('[component="chat/message"]:last-of-type').append('<div id="chatbanner">This session is for private discussion only between the chosen participants. Please do not place support requests here and use the forum categories instead.</div>'); } $(window).on('action:chat.loaded', function(data) { $(document).ready(function() { chatBanner() }); });

And then some custom CSS

div#chatbanner { padding: 10px 20px 10px 20px; background: var(--bs-alert-info-bg); border-radius: 0.375rem; margin: 0px 0 20px 0; }

All done. This message will insert itself at the last [component="chat/message"] in the stream when the chat is loaded - you could make it display on each message, but that’s overkill in my view and people only need to see it once to read and understand.

To accomplish only using the last of [component="chat/message"], we target [component="chat/message"]:last-of-type which is a common CSS denominator, and very powerful.

Enjoy.

Managing videos is a big hassle. To follow the 3-2-1 backup strategy, I want to keep a copy of my videos online. After some research, I found that GoPro is the easiest and cheapest option, costing around $25 or $50 per year for unlimited footage. (i have 20TB videos)Now, the goal is to upload all my files to GoPro.

GoPro doesn’t provide a drive-like system, so I need to upload files directly to the GoPro website. Before doing that, I want to add folder names to the file names using a Linux command to rename them. so i can use their search to find files later.

All my videos are stored in Synology Drive in the following format:

Videos/date/filename1.mp4

I only want to rename the MP4 files to have the format date-filename1.mp4. How can I do this using a command targeting all directory and subdirectories?

I got hit with this today. As I have a Pro subscription to Font Awesome, this allows me to use a much wider range of fonts. Unfortunately, NodeBB only seems to list the free fonts, so in order to use the Pro icons, you have to manually type the font name you want (leave the fa- part off, as it’s not needed).

No issues, so I went ahead and typed in the name. Below is the result

9afecc8c-6a32-4e5d-882c-f72df65db513-image.png

Now, despite the icon not showing here, it does once you save and reload the site. Great - problem solved then?

Yes - until you want to change the icon back…

Highlight over an unchanged icon, and you’ll see the mouse pointer change meaning there is a link behind it

51d117f6-8359-4136-8f04-9be892a589f7-image.png

However, hover over one you’ve changed by typing in the value manually, and you’ll see the link is gone

2e69e0bf-baa0-4dc3-b653-2e14d55fdf5d-image.png

Panic stations… headless chicken… major cussing session… No - there is a way out

Fire up the dev tools (F12 for console), and press the select tool. Now select the element with the missing link

b1a30da5-d878-4fab-9083-c9dcb3affa4a-image.png

In the resultant element list, follow the HTML until you reach

2eedea09-2675-4fe0-a28d-a89ff29dc4f3-image.png

change-icon-link hidden

Now delete the hidden part, so you are left with just change-icon-link and press enter

You’ll see that the alt text appears for the image, which is enough for you to be able to click the anchor, and change the icon

c59af52d-9d23-4f00-839e-0d43eee4c6e1-image.png

4005c5bb-27a3-41a9-8c19-436e9d1501ab-image.png

There you go. Now enjoy how smug you feel that you’ve sorted this problem yourself 🙂

There are times when Google can be remarkably slow in crawling your site - particularly if you had issues previously, and you need to tell them you’ve fixed it.

You might see something like this when requesting validation

f8e8dfbb-1668-43d6-bc32-a40430214b3a-image.png

These have all been fixed, but to “speed things up”, you can

Remove and re-submit the sitemap.xml file Send a ping to Google to ask them to crawl again (see below) http://www.google.com/webmasters/sitemaps/ping?sitemap=http://example.com/sitemap.xml

Some more useful tips can be found here

https://superdevresources.com/ping-sitemap/

Obviously, you’d substitute the sitemap= part to match your own site.

I gonna renew my old phone and i created two alternatives for it. One of Samsung S23 other one Xiaomi 13. I examined these two phones a lot, but I could not get out of the work.

Could you please share with me your opinion that which one is good idea for buy?

Need a way to terminate multiple instances of a process all at once? There’s a handy native utility called taskkill which is your new friend 🙂

5964fdf0-c0c8-412f-842c-864670595eb7-image.png

Another tip 🙂 in most cases, you’ll need to run cmd.exe as Administrator.

Very handy when you need to kill mutiple processes - available switches below

https://ss64.com/nt/taskkill.html

Periodically, when logging into any Linux based server, you may be met with the below

32fbb04c-7cf3-4c4a-92df-7c62748f7d07-image.png

In a typical Linux scenario, a process (or sub process) notifies its parent when it has completed its execution and has exited. The parent process should remove the process from process table. However, if the parent process is unable to read the process status from its child (the completing process or sub process), it won’t be able to remove the this from memory which causes the supposedly dead process to still continue to exist in the process table. The end result of this issue is a “zombie process” - one that has no reason to be running, and should have been terminated.

Before you can terminate a process, you need to be able to identify it. Run the below in the terminal

ps aux | egrep "Z|defunct"

Here’s the result

20274412-e1e1-4ddb-8a94-a659a649c21b-image.png

Now, you can’t actually “kill” something that is already dead, but you can notify the parent process that it should check again to see if the sub or child process is still running or not

ps -o ppid= <Child PID>

As an example

e4df563a-8b5d-4f27-b6db-dd7810fd0689-image.png

This tells us that the process ID we need to target is 55496. Based on this, we then use

kill -s SIGCHLD <Parent PID>

49de9c15-e0d1-4077-bab0-801cc13a5c4e-image.png

And with all the commands together

5ccb9788-d260-483b-90eb-506ab28c4091-image.png

Now run

ps aux | egrep "Z|defunct"

If you still see zombie processes, you’ll need to target the parent process. Please be aware that killing a parent process will automatically kill all child processes, so use with caution.

21d7cfad-46e9-4638-89e0-32233d7168ad-image.png

kill -9 <Parent PID>

a4846b3f-fe78-43a2-8169-21e84c181735-image.png

Not everyone can afford expensive operational monitoring tools, so here’s a cheap and dirty way to use cURL to scrape a webpage, return it’s status, and then compare it with the value you’d get if the page was up. If that doesn’t match, we assume the page is down, and then trigger an email as an alarm.

#!/bin/bash CURLOPT_SSL_VERIFYPEER => 0 # Your site URL goes here website="https://your.forum.url*"; result=$(curl -m 60 -Is $website | head -n 1 | tr -d "\r") # note that this value varies depending on platform. You should echo $result to see what the correct value is when querying the site itself when you know it's running. expecting="HTTP/2 200"; timestamp=$(date); if [ "$result" = "$expecting" ]; then output="$timestamp -> $website $result -> Website UP"; echo $output; echo $output >> /path/to/your/logfile/log.txt else output="$timestamp -> $website $result -> Website DOWN"; echo $output; echo $output >> /path/to/your/logfile/log.txt # Fire an alert as the result isn't what we expected mailbody="$output" echo "From: email@domain.com" > /tmp/mail.tmp echo "To: email@domain.com" >> /tmp/mail.tmp echo "Subject: ALERT: Website $website is DOWN" >> /tmp/mail.tmp echo "" >> /tmp/mail.tmp echo $mailbody >> /tmp/mail.tmp cat /tmp/mail.tmp | /usr/sbin/sendmail -t -f "email@domain.com" fi

This is very primitive, but works very well. Note, that sendmail is being used here to trigger an email. If you do not have that, you’ll need to substitute the path and command for whatever you want to use.

Have fun…

With today’s modern world where we should all be using password managers and authentication apps to further enhance our online security presence, it’s easy to fall into the trap of not being able to recover Google Authenticator if your device is lost or stolen.

Whilst this sounds like a “it won’t happen to me”, never say never. Mobile devices are highly sought after in today’s world, and given that virtually everything we do online is from a mobile phone or tablet, it’s easy to become complacent. Sure, it’s available immediately if you need it, but what if you lose it ?

What could happen ?

Well, for one, you’ll be without your device meaning that if you rely on that same peripheral to access a password manager, or generate TOTP based 6 digit codes, you’re going to be in something of a “hole” to say the least. You can get access to most password managers via an online vault, but if that account you need to access was secured with 2FA or push authentication, and you no longer have the associated device, then you’re in for quite a rough ride without a means of recovery.

This is where (for example, but not limited to) Google Authenticator will make you immediately fall on your sword if you don’t have copies of the backup codes, or the secure password seed used to create the pairing in the first place. Be honest - do you keep a record of backup codes ? I’m guessing you don’t 🙂

It’s not actually possible to quickly and easily backup Google Authenticator, or the codes generated by it. It’s a simple process to transfer to another phone, but ONLY if you have the old device. If your phone or tablet is lost or stolen, and you have no means of proving who you are, then you are, for want of a better phrase, royally screwed.

The Solution

DON’T rely on Google Authenticator. Yes, it’s free. Yes, it’s simple, but if you lose your device, then you’ll quickly find out just how much of an inconvenience this is. I switched away from Google Authenticator years ago in favor of AUTHY (now known as Twillo). Not only can you have multiple devices, but there is a recovery mechanism whereby you can get access to your data on another device by simply going through the recovery process. The one caveat here is that the recovery requests need to be manually reviewed and approved.

I went through this same exercise around 4 years ago when my phone literally froze up, then died. I sent the phone back to the manufacturer who informed me that the device was completely dead (it was an LG - never again) and that they would be shipping a replacement. Great, but what about the 2FA codes etc ? As it’s an Android device, I simply pulled all of the settings back from my Google Account. However, getting the codes back into AUTHY meant I needed to go through the recovery steps.

These are pretty simple, but you need to be able to answer security questions in order to proceed. Another great addition in AUTHY is that you are periodically requested to enter the backup passcode so that backups of all your accounts can easily be taken

A bit more information around that can be found here

https://support.authy.com/hc/en-us/articles/115012672088-Restoring-Authy-Access-on-a-New-Lost-or-Inaccessible-Phone

And here

https://shieldplanet.com/what-if-i-lose-my-phone-with-google-authenticator-on-it/

This article is from the same bunch who developed the Shield Security plugin for WordPress, and they provide the same stark warning as I do here ⚠

https://getshieldsecurity.com/blog/google-authenticator-backups/

Transferring out of Google Authenticator is a simple process, but requires re-enrolling your device via AUTHY (or another product) in each application or account you have secured.

BitWarden and others have the ability to incorporate 2FA generation and security in their password manager apps for mobile devices. The huge benefit here is that this is replicated into the online vault, meaning the codes are also generated there, and you can still access your accounts without your phone. More info about that here

https://bitwarden.com/help/authenticator-keys/

Don’t get caught out by sticking with Google Authenticator 😕