In just the last two years, FearNoPeer (FNP) has accumulated 200,000 active torrents and over 1.2 million peers. These statistics have astonished us, given FNP's age, and they have provided a strong community, a high retention rate, and a variety of content to choose from, allowing you to curate your own archives and libraries.

We've fostered a generous community and easy starting-grounds, for example, if you need help, even just a little question, or made a mistake when downloading, ask for some help. If it's just a few bonus points, explaining your situation, or seeking a way to gain recourse and maintain a positive account. We're a team at FNP, and we don't want to see you run away deshelveed!

As you rank up, you'll also gain access to the invite forum, which can open doors to many other trackers. Of course, we hope you'll continue to call FNP home.

Our goal remains the same as day one: to curate, deliver, and retain high-quality movies and TV content quickly while also general tracker content (music, applications, and games) to our home, with many other content types you will have the pleasure of exploring!

If you're interested in joining, whether you're a newcomer to torrenting or a veteran looking for a new atmosphere with a different vibe, all are welcome to apply.

Link: https://fearnopeer.com/application

Here's to many more years ahead! 🚀

Our celebratory gift: We'll be hosting a 1-week global freeleech event, featuring double uploads on all torrents, big and small, as well as special gifts, such as bonus points, akin to a sweepstakes or raffle, throughout the event. In just the last two years, FearNoPeer (FNP) has accumulated 200,000 active torrents and over 1.2 million peers. These statistics have astonished us, given FNP's age, and they have provided a strong community, a high retention rate, and a variety of content to choose from, allowing you to curate your own archives and libraries.

We've fostered a generous community and easy starting-grounds, for example, if you need help, even just a little question, or made a mistake when downloading, ask for some help. If it's just a few bonus points, explaining your situation, or seeking a way to gain recourse and maintain a positive account. We're a team at FNP, and we don't want to see you run away deshelveed!

As you rank up, you'll also gain access to the invite forum, which can open doors to many other trackers. Of course, we hope you'll continue to call FNP home.

Our goal remains the same as day one: to curate, deliver, and retain high-quality movies and TV content quickly while also general tracker content (music, applications, and games) to our home, with many other content types you will have the pleasure of exploring!

If you're interested in joining, whether you're a newcomer to torrenting or a veteran looking for a new atmosphere with a different vibe, all are welcome to apply.

Link: https://fearnopeer.com/application

Here's to many more years ahead! 🚀

Our celebratory gift: We'll be hosting a 1-week global freeleech event, featuring double uploads on all torrents, big and small, as well as special gifts, such as bonus points, akin to a sweepstakes or raffle, throughout the event.

So, starting now, Google started mandating full JS for YT, effectively breaking all third-party clients and locking the site to their official client.

This reeks of DRM.

UPDATE: Installing Deno and installing yt-dlp through PyPi fixes yt-dlp but the very idea that Google is mandating JS to lock down YT in an attempt at pseudo-DRM is still crappy.

UPDATE #2: inv.nadeko.net is working again for now.

Hey c/selfhosted,

we've finally done it. After years of people asking for it, GameVault now has its very own Web UI!

For anyone who hasn't heard of it yet: GameVault is a self-hosted gaming platform that gives you a Steam-like library experience, but for your own DRM-free games. You host it yourself, you own your data, and you can share your collection with friends and family. Basically, it's for gamers who also love the selfhosting mindset.

This Web UI / Cross-Platform Client has been the most requested and long-awaited feature for as long as we've been working on GameVault. When we first built it, it was just a small project for the two of us, written with the tech we knew at the time. Over the years, especially here on Lemmy, people gave us plenty of criticism for the tech stack and the UX, because you guys love to use linux. And honestly... fair enough. We knew it wasn't great.

The new Web UI is our way of addressing all the feedback we've received and setting the stage for the future. It’s not just a nicer interface. This also represents the first building block for a new cross-platform client that we’re working on.

The Web UI acts as a cross-platform core, which means that in the future we will be able to package GameVault to run both directly in the browser as well as a native application on Windows, Linux, or even mobile devices. This upcoming client will be built on the same foundation, ensuring a smoother and more unified experience whether you're on a desktop OS or just checking your vault from your phone.

Right now, we're planning to expand the Web UI continuously and figure out how to handle the legacy windows desktop client moving forward. The technology underneath is much cleaner now, so we finally have the freedom to iterate and improve without being stuck in the past.

Anyway, we're really excited about this step. It feels like a true milestone for the project, and we're looking forward to hearing your thoughts and feedback. If you're self-hosting and love gaming, give it a try, I'm curious what you think.

You can also check out a live running demo version on demo.gamevau.lt
Username: demo
Password: demodemo

Sega released an ad that was pretty much that "Sega does what Nintendon't", comparing Sonic Racing Crossworlds with Mario Kart World. Gotta love how, to avoid a lawsuit, the graphics for the "open world racing" is pixelated censor.

PocketPair announced Palfarm^[Which I hope is a real game and not just an out of season April 1st like More than Just Pals], with the textboxes being ripped straight out of Animal Crossing and even their own not-Ankha. For a company whose chief game is being constantly forced to remove features because of shitty patents, this feels like the perfect taunt and middle finger

Here's to hoping more companies decide to poke fun at Nintendo

cross-posted from: https://lemmy.world/post/36393932

The United Nations believes it has solved the mystery of why an escalator abruptly stopped shortly after Donald Trump stepped onto it on Tuesday - his videographer may have accidentally triggered a safety mechanism.

U.N. spokesperson Stephane Dujarric said a readout of the escalator's central processing unit indicated it "had stopped after a built-in safety mechanism on the comb step was triggered at the top of the escalator."

He said Trump's videographer had been traveling backwards up the escalator to capture his arrival with First Lady Melania Trump.

https://archive.ph/9qrvJ

When I moved to Coreboot, I also elected to encrypt my /boot partition, which is decrypted by the GRUB payload of Coreboot. I mostly worked on this by trial-and-error, which resulted in the workflow:

1. GRUB unlocks /boot
2. Keyfile in /boot opens /
3. Partition for /boot is listed in /etc/crypttab, with another keyfile to unlock /boot again from within Linux
4. /boot is mounted via /etc/fstab

Steps 3 and 4 always seemed inelegant to me, but after doing systemd-analyze, I realized how much those steps consume when booting (9 sec).

My questions:

• After GRUB unlocks /boot and boots into Linux proper, is there any way to access /boot without unlocking again?
• Are the keys discarded when initramfs hands off to the main Linux system?
• If GRUB supports encrypted /boot, was there a 'correct' way to set it up?
• Or am I left with mounting /boot manually for kernel updates if I want to avoid steps 3 and 4?

During some work with Tess, I'd notice that my test instance was running horribly slow. The CPU was spiking, Postgres was not happy and using pretty much all the available compute.

Investigating, I found the culprit to be some crawler or possibly malicious actor sending a massive number of unscoped requests to /api/v3/comment/list. What I mean by "unscoped" is without limiting it to a post ID. I'm not sure if this is a bug in Lemmy or there's a legit use for just fetching only comments outside of a post, but I digress as that's another discussion.

After disallowing unscoped requests to the comment list endpoint (see mitigation further down), no more issue.

The kicker seemed to be that this bot / jackass was searching by "Old" and was requesting thousands of pages deep.

Requests looked like this: GET /api/v3/comment/list?limit=50&sort=Old&page=16413

Since I shutdown Dubvee officially, I'm not keeping logs as long as I used to, but I saw other page numbers in the access log, but they were all above 10,000. From the logs I have available, the requests seem to be coming from these 3 IP addresses, but I have insufficient data to confirm this is all of them (probably isn't).

• 134.19.178.167
• 213.152.162.5
• 134.19.179.211

Log Excerpt

Note that I log the query string as well as the URI. I've run a custom Nginx setup for so long, I actually don't recall if the query string is logged by default or not. If you're not logging the query string, you can still look for the 3 (known) IPs above making requests to /api/v3/comment/list and see if entries similar to these show up.

2025-09-21T14:31:59-04:00 {LB_NAME}: dubvee.org, https, {LB_IP}, 134.19.179.211, - , NL, Amsterdam, North Holland, 52.37590, 4.89750, TLSv1.3, TLS_AES_256_GCM_SHA384, "GET", "/api/v3/comment/list", "limit=50&sort=Old&page=16413"
2025-09-21T14:32:00-04:00 {LB_NAME}: dubvee.org, https, {LB_IP}, 134.19.179.211, - , NL, Amsterdam, North Holland, 52.37590, 4.89750, TLSv1.3, TLS_AES_256_GCM_SHA384, "GET", "/api/v3/comment/list", "limit=50&sort=Old&page=16413"
2025-09-21T14:32:01-04:00 {LB_NAME}: dubvee.org, https, {LB_IP}, 134.19.179.211, - , NL, Amsterdam, North Holland, 52.37590, 4.89750, TLSv1.3, TLS_AES_256_GCM_SHA384, "GET", "/api/v3/comment/list", "limit=50&sort=Old&page=16413"
2025-09-21T14:32:01-04:00 {LB_NAME}: dubvee.org, https, {LB_IP}, 134.19.179.211, - , NL, Amsterdam, North Holland, 52.37590, 4.89750, TLSv1.3, TLS_AES_256_GCM_SHA384, "GET", "/api/v3/comment/list", "limit=50&sort=Old&page=16413"
2025-09-21T14:32:12-04:00 {LB_NAME}: dubvee.org, https, {LB_IP}, 134.19.179.211, - , NL, Amsterdam, North Holland, 52.37590, 4.89750, TLSv1.3, TLS_AES_256_GCM_SHA384, "GET", "/api/v3/comment/list", "limit=50&sort=Old&page=16413"
2025-09-21T14:32:13-04:00 {LB_NAME}: dubvee.org, https, {LB_IP}, 134.19.179.211, - , NL, Amsterdam, North Holland, 52.37590, 4.89750, TLSv1.3, TLS_AES_256_GCM_SHA384, "GET", "/api/v3/comment/list", "limit=50&sort=Old&page=16413"
2025-09-21T14:32:13-04:00 {LB_NAME}: dubvee.org, https, {LB_IP}, 134.19.179.211, - , NL, Amsterdam, North Holland, 52.37590, 4.89750, TLSv1.3, TLS_AES_256_GCM_SHA384, "GET", "/api/v3/comment/list", "limit=50&sort=Old&page=16413"
2025-09-21T14:32:13-04:00 {LB_NAME}: dubvee.org, https, {LB_IP}, 134.19.179.211, - , NL, Amsterdam, North Holland, 52.37590, 4.89750, TLSv1.3, TLS_AES_256_GCM_SHA384, "GET", "/api/v3/comment/list", "limit=50&sort=Old&page=16413"

Mitigation:

First, I blocked the IPs making these requests, but they would come back from a different one. Finally, I implemented a more robust solution.

My final mitigation was to simply reject requests to /api/v3/comment/list that did not have a post ID in the query parameters. I did this by creating a dedicated location block in Nginx that is an exact match for /api/v3/comment/list and doing the checks there.

I could probably add another check to see if the page number is beyond a reasonable number, but since I'm not sure what, if any, clients utilize this, I'm content just blocking unscoped comment list requests entirely. If you have more info / better suggestion, leave it in the comments.

location = /api/v3/comment/list {

  # You'll need the standard proxy_pass headers such as Host, etc. I load those from an include file.
  include conf.d/includes/http/server/location/proxy.conf;

  # Create a variable to hold a 0/1 state
  set $has_post_id 0;

  # If the URL query string contains 'post_id' set the variable to 1
  if ($arg_post_id) {
    set $has_post_id  1;
  }

  # If the variable is not 1 (i.e. does not have post_id in the arguments), return 444
  # 444 is an Nginx-specific return code that immediately closes the connection 
  # and wastes no further resources on the request
  if ($has_post_id != 1) {
    return 444;
  }

  # Otherwise, proxy pass to the API as normal 
  # (replace this with whatever your upstream name is for the Lemmy API
  proxy_pass "http://lemmy-be/";
}

cross-posted from: https://lemmy.ca/post/52138373

cross-posted from: https://scribe.disroot.org/post/4735415

Archived version

...

The country is pushing lithium extraction and refining, active cathode materials and recycling plants, aiming to close the loop and reduce reliance on imported inputs.

...

The bet combines competitively priced, low-carbon electricity, public support (subsidies, credit lines and streamlined permitting), European financing and a critical mass of industry that lowers transaction costs across the chain.

The co-location of gigafactories, active material suppliers, R&D centres and recyclers creates network effects and accelerates manufacturing learning curves.

...

cross-posted from: https://piefed.social/post/1294024

cross-posted from: https://lemmings.world/post/34379460