Cpvr

pretty good! How’s everything going for you?😁

I’ll also take the last spot on this and will have it completed later today

A security researcher made a tool that let them quickly check which of Cloudflare's data centers had cached an image, which allowed them to figure out what city a Discord, Signal, or Twitter/X user might be in. An issue with Cloudflare allows an attacker to find which Cloudflare data center a messaging app used to cache an image, meaning an attacker can obtain the approximate location of Signal, Discord, Twitter/X, and likely other chat app users. In some cases an attacker only needs to send an image across the app, with the target not clicking it, to obtain their location. Although the obtained location data is very coarse—in some of 404 Media’s tests it showed what city or state someone was in but did not provide more accurate information than that—the news shows the importance for some at-risk users to protect not just their message contents, but their network activity as well. “It's more of an oversight in the way the mobile application works than a vulnerability in the actual code but regardless, I thought it should be fixed,” daniel, an independent security researcher who reported the issue to Cloudflare, told 404 Media in an email. daniel said Cloudflare has since fixed the specific issue his custom-made tool was using. The issue centers around Cloudflare’s Content Delivery Network, or CDN. A CDN is a system that caches content across a mass of distributed servers, then delivers content to a user based on their location. So, if a user was in San Francisco, Cloudflare’s CDN would use the part of their CDN nearest to the user to speed up delivery of that content. Cloudflare says it has data centers in 330 cities across more than 120 countries. Many apps then use Cloudflare’s CDN to help deliver content to users. This creates a side effect of a third-party potentially being able to learn which part of Cloudflare’s CDN was used when sending an image, and from that infer a user’s location. “This huge network of data centers introduces a huge flaw,” daniel writes in a summary of his findings shared with 404 Media. “Cloudflare partitions cache through data centers, and because of this bad actors can very easily correlate caches and triangulate user locations. Each of Cloudflare's data center locations has its own local cache storage to serve content faster so it's possible to check each datacenter to see where content was cached.” Those data centers in 330 cities become ways to potentially track somebody, albeit with broad strokes of hundreds of miles. To do the attack, daniel would send the target an image through the messaging app. He would then use Burp suite, the popular web application security tool, to grab the URL of the uploaded image. Then, he would use a tool he made called Cloudflare Teleport to send a request to every Cloudflare data center to see which data center cached the request. These queries would return the results “HIT” or “MISS”. With a hit, he now knows which data center the target was likely closest too, revealing their potential location. 404 Media asked daniel to demonstrate the issue by learning the location of multiple Signal users with their consent. In one case, daniel sent a user an image. Soon after, daniel sent a link to a Google Maps page showing the city the user was likely in. In some cases, the attack requires the target to open the chat conversation; in others, a push notification may load the image so there is no need for the victim to open the app. daniel said they also tested the issue on Discord, which can deliver the image through a friend request, and his write-up also mentions Twitter/X. It is widely understood that when someone visits a website or uses an app, the administrators of that site or app will probably see the visitor’s IP address. This is simply part of how the internet works. But it is probably less understood that in some cases a third-party attacker could potentially learn similar information about another user. Many users of messaging apps will not need to be concerned about this. But people who try to protect their physical location, even to the level of a country or city such as an activist, may need to, especially those who try to maintain anonymity. A virtual private network (VPN) might protect people from this particular issue, but VPNs introduce their own security issues, and the VPN industry is full of snakeoil merchants. daniel said they reported the issue to Cloudflare, Signal, and Discord. Jackie Dutton, senior manager for public relations, cybersecurity and threat intel, at Cloudflare told 404 Media in an email the company had fixed the issue. “As summarized in the researcher's note, this exploit was disclosed through our bug bounty program. We have resolved the issue,” she wrote. “We believe bug bounties are a vital part of every security team’s toolbox.” Discord provided a statement from Kevin Hanaford, head of security at Discord. “We are aware of this incident and determined it to be a general issue with a service provider. We reported this issue to the service provider as soon as we were made aware of it, and they are in the process of implementing a fix,” he said. 404 Media first asked Signal for comment in early December. The organization did not provide a statement in time for publication, but daniel shared their response to his bug report. “What you're describing (observing cache hits and misses) is a generic property of how Content Distribution Networks function. Signal's use of CDNs is neither unique nor alarming, and also doesn't impact Signal's end-to-end encryption. CDNs are utilized by every popular application and website on the internet, and they are essential for high-performance and reliability while serving a global audience,” Signal’s security team wrote. “There is already a large body of existing work that explores this topic in detail, but if someone needs to completely obscure their network location (especially at a level as coarse and imprecise as the example that appears in your video) a VPN is absolutely necessary. That functionality falls outside of Signal's scope. Signal protects the privacy of your messages and calls, but it has never attempted to fully replicate the set of network-layer anonymity features that projects like Wireguard, Tor, and other open-source VPN software can provide,” it added. Twitter/X did not immediately respond to a request for comment. At the time of writing, daniel’s Cloudflare Teleport tool is inaccessible because Cloudflare fixed the bug it was exploiting, daniel said. He said he can still broadly do the same sort of attack, but “it’s a little harder” now. Instead of using his tool, he uses a VPN to route his traffic to different locations and then send requests to Cloudflare’s data centers, he said. “It's not as efficient to do as through the previous method but it still works,” he said. Source: https://www.404media.co/cloudflare-issue-can-leak-chat-app-users-broad-location/

Welcome to the community! [mention=529]Eclipse[/mention]

GTMetrix has joined the WP media family as they recently purchased it. [ATTACH type=full]1175[/ATTACH] [HEADING=2]group.one expands SaaS product portfolio with acquisition of GTmetrix, a leading website performance monitoring solution[/HEADING] group.one, a leading provider of digital solutions for small and medium-sized companies, announced the acquisition of GTmetrix, a globally trusted authority in website performance testing and monitoring. This strategic acquisition strengthens the group’s SaaS offering, building on the proven partnership between GTmetrix and WP Rocket, group.one’s leading website optimisation product, to deliver an unparalleled formula for website success. GTmetrix offers comprehensive insights into website performance, identifying factors contributing to slow load times, and providing actionable optimisation recommendations. With 1.5 million global users and a distinguished clientele, GTmetrix has established itself as a trusted resource for website performance enhancement. Website speed is pivotal in today's digital offers. Delays of just seconds can lead to increased bounce rates, since users are likely to abandon sites that fail to load promptly. Additionally, search engines consider site speed a key ranking factor, influencing a website's visibility in search results. Optimising website performance not only enhances user satisfaction but also contributes to higher conversion rates and overall business success. Aligning seamlessly with group.one's commitment to enhancing the WordPress ecosystem. GTmetrix’s capabilities complement existing products such as WP Rocket, Imagify, and RocketCDN, which are designed to optimise website speed and performance for WordPress. By integrating GTmetrix into its suite of tools, group.one aims to provide a holistic solution for website optimisation, catering to both WordPress and Virtual Private Server (VPS) customers. “GTmetrix is a significant addition to our SaaS product portfolio,” said Daniel Hagemeier, CEO of group.one. “The integration of GTmetrix’s performance testing with our optimisation tools reinforces our commitment to delivering world-class solutions for winning online. Website performance is foundational to unlocking a website's full potential: more traffic, better engagement, and higher conversions.” “We’re proud to see GTmetrix join group.one, a company that shares our passion for innovation and customer success,” said Ryan Smyth, President and CEO of Carbon60. “GTmetrix has consistently demonstrated its commitment to enhancing website performance, becoming a vital tool for developers, marketers, and businesses worldwide. With over 1 billion pages analysed, it has established itself as a leader in the performance testing space. This acquisition ensures that GTmetrix will continue to thrive and expand its impact on a global scale, while allowing Carbon60 to focus on cloud computing technology.” About group.one Headquartered in Sweden and with offices in 15 countries, group.one serves over 2 million customers, predominantly small- and medium-sized enterprises. The company provides digital solutions such as Software as a Service, Cloud Hosting, and Digital Marketing services. Under group.one ownership, leading brands like one.com, Zoner, WP Rocket, Rank Math, Hostnet.nl, Herold.at, and 20+ others enable entrepreneurs to present, attract, and sell online. The company has significantly grown its revenues (pro forma) to over €350 million in the financial year ending 30th September 2024. Source: https://www.group.one/en/news/group-one-expands-saas-product-portfolio-with-acquisition-of-gtmetrix-a-leading-website-performance-monitoring-solution

Welcome to the community! [mention=736]Jojo[/mention]

I’ve completed my part

Today's the day! After nearly a full year in development, NodeBB v4.0.0 has landed, bringing federation between NodeBB instances (and a connection to the wider fediverse of social media) to forum software. [HEADING=1]Fedi-what?[/HEADING] Fediverse! Here's a TechCrunch primer about it, but at the end of the day, it doesn't really matter. All you need to know is that NodeBB plugs in to a wider social network so that you don't have to cultivate an audience, they're already there. [HEADING=1]The genesis[/HEADING] It was back in mid-2023 when I had the initial idea of interconnecting NodeBB forums. Back then, I had far smaller ambitions... I wanted a singular NodeBB to be able to communicate with other forums running NodeBB. To do that, we'd need to build out a centralized service to act as a bridge between instances, and corresponding slim clients on individual installs to consume the relayed data. At the time, concept like decentralization were not even part of my thought process. It was during this period when I was doing my research that I stumbled on Mastodon, and later, ActivityPub, the protocol that powers it all. Since then, it's been one wild ride getting NodeBB to speak the same language. [HEADING=1]Funding[/HEADING] Soon after dipping my toes into all that Mastodon had to offer, I discovered the NLNet Foundation, and their corresponding fund — NGI Zero Core. With the promise of funding, NodeBB could fully commit to implementing the protocol in short order, instead of piece by piece over time. We sent in an application and were delighted to be approved for the August 2023 call. Their funding was instrumental in providing the financial stability to experiment with ActivityPub and to participate in developer circles, such as the SWICG, FediForum, and much more. The fund continues to operate, perhaps you could benefit, or donate to the cause. It has certainly made a difference to NodeBB. [HEADING=1]Federate, or not, it's your choice[/HEADING] NodeBB v4 comes shipped with the capability to interact with other NodeBB forums and any other ActivityPub-speaking software, right out of the box. We opted to make this a core feature instead of a plugin, since there were many changes made to core to support even the concept of accepting content from outside itself. To that end, any users upgrading from v3.x will automatically have federation disabled, in order to reduce surprise. Any new forums will federate automatically. You can turn federation on and off (and adjust some other fun toggles) directly from ACP > Settings > Federation (ActivityPub). Even after turning federation on, how you use it shapes how well connected you will be. There is no centralized authority artificially boosting your content, so the name of the game is establishing two-way follow relationships to other sites. [HEADING=1]The ActivityPub Equalizer[/HEADING] We're not alone in this journey to interoperate with other decentralized services. We're not even the only forum software to attempt to do so. Discourse has a working plugin. Ghost is building out in the open. I specifically highlight these two because they both started in the early 2010s, same as NodeBB. It's always been a bit of an informal competition between us, and we always checked in on what the others were doing (growth-wise, pricing-wise, etc.) Truth be told, I don't think the ghost team ever really noticed NodeBB, but I digress... The funny thing about ActivityPub is that at the end of the day, the overarching goal of seamless communication breaks down any barriers between competing organizations. NodeBB and Discourse have been vying for the exact same market share (forums, community-building, self-started or enterprise) for over 10 years, and it was only after ActivityPub came around that the dev teams even started talking to one another. Funny how that works. [HEADING=1]So how does it all work?[/HEADING] Our documentation portal has been updated with the latest information about the ActivityPub functionality in v4. If you have any questions about how it works or how to configure some aspect of it, please don't hesitate to reach out in the corresponding v4 support thread. If you run NodeBB, the quickest way to see this in action is to upgrade to v4, and then paste this post's URL into your search bar. It should show up automatically, and you should be able to read and reply to it, directly from your own forum. Neat! Source: https://community.nodebb.org/topic/18545/nodebb-v4.0.0-federate-good-times-come-on

Welcome back! [mention=777]TheBeast[/mention]

400

I'm not against using ads, but I'm not a fan of using multiple ad slots as it can be somewhat off putting to some. I only use one ad slot on my forum, but I don't display them to my members.

Virtual Pet List was the last forum that I visited.

380

How do you approach the chain of command when managing your message forum? For example, if you have three staff ranks such as: 1. Administrator 2. Super Moderator 3. Board Moderator Do you stick with this structure? If so, do you have multiple admins, super moderators, or board moderators? Or do you prefer to create a more customized hierarchy with unique titles like: • Owner • Chief of Staff • Supervisor • Team Leader What are your thoughts on coming up with creative staff titles and positions for a forum’s chain of command? Do you think it adds value, or does it come across as over the top?

I’m tagging the third spot.

[mention=55]Shawn Gossman[/mention]

I’m currently listening to Flight to heaven by Erv ello [MEDIA=spotify]track:2fH4v10UhPcpsrbexlnwp3[/MEDIA]

I'd assume he's referring to Donald trump's hand gestures as a way to insult someone.

Welcome to the community! [uSER=417]@Wild Hockey[/uSER]

Thee Zone was the last forum that I visited.

300

Hey @mrdraw it’s great to see you here!

The owners were planning to close down their forum, and we agreed that merging was the best option to ensure their community could continue to thrive. Since their forum was similar to VPL, it turned out to be a perfect fit for a merger.

Has there ever been any drama or a major incident on your forum that led to a member—or even a group of members—leaving to start their own forum? Maybe as a form of protest or to create a community with a different vision or approach than yours? If so, how did things turn out? Did their new forum thrive? Did it grow larger than yours? Did your forum lose a significant number of members to theirs?

Thank you for choosing the Administrata Content Order Service! We’re excited to help you grow and enhance your community. Below is the current progress on your content package: Progress Update: Threads 10/10 Posts: 40/40 fdk: 2/2 Threads, 5/5 Posts Nomad: 5/5 Threads, 10/10 Posts Cpvr: 20/20 Posts Cory: 3/3 Threads, 5/5 Posts Estimated Completion Date: We expect your package to be fully completed by January 29th, 2025. Got Questions? If you have any questions or additional details you'd like to share, feel free to reply to this thread or message our team directly. We’re here to help! We’d Love Your Feedback! Once your order is complete, we’d appreciate it if you could share your experience with our service. Your feedback helps us improve and continue to support admins like you