Hey👋 I’m Oscar

After updating the github.com/gorilla/csrf package in your Go backend from v1.7.2 to v1.7.3, you might suddenly notice that your Playwright tests start failing — specifically with 403 Forbidden responses. What Changed? This update addresses a security vulnerability: CVE-2024-24787. It’s a Golang backend issue, not related to WebSocket libraries like ws, despite what some GitHub advisory titles might misleadingly suggest. In v1.7.3, gorilla/csrf now strictly enforces same-site origin checks using the Origin and Referer headers. If these headers are missing or don’t match the expected host, CSRF validation fails, and the request is blocked with a 403. ...

Introduction Go 1.13 introduced powerful features for error wrapping and introspection — namely errors.Is and errors.As. While it’s tempting to reach for traditional type assertions (e.g., err.(*MyError)), there’s a safer and more idiomatic tool for the job: errors.As. This post explains why you should use errors.As over type assertions, with clear examples for both concrete error structs and interfaces like net.Error. The Problem with Type Assertions Consider the old way of checking if an error is of a specific type: ...

🚀 Installations Google Chrome Web Store 🔗 Microsoft Edge Add-ons Store 🔗 📋 Release Notes 🛠️ Version: 2.0.1 (18/Mar/2025) Fixed the bug with QR Code being cropped when the number of bookmarks is too less Added shortcut key Ctrl + Shift + 8 to open the extension popup window Updated logo and icon Added total bookmarks count in the popup window 🛠️ Version: 2.0.0 (03/Mar/2025) Added QR Code option Rebuilt Popup Window page Rebuilt Setting page Added new language AR, FR, DE, JA, KO 🛠️ Version: 1.2.0 (09/Jul/2024) Added Configuration page Added Allow to delete bookmark option Added new language zh_TW

1. Introduction In this tutorial, we will walk through the steps to create a local Kubernetes cluster with TLS certificates configured. This setup ensures secure communication between your Kubernetes components. 2. Prerequisites Docker installed on your local machine kubectl installed kind installed OpenSSL installed for generating TLS certificates 3. Install kubectl (Ubuntu) curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" chmod +x kubectl sudo mv kubectl /usr/local/bin/ Verify the Installation You can verify the installation by running the following command: ...

Introduction Hosting a static website on Linode Object Storage is possible, but integrating it with a custom domain and enabling HTTPS can be tricky due to certain limitations. In this guide, I’ll walk you through the challenges I faced while setting up a static website for a client and the solutions I implemented to make it work. The Challenges ⚠️ Client’s DNS Management in Linode: Since the client’s DNS is managed within Linode, switching to an external service like Cloudflare wasn’t an option. Linode Object Storage Only Supports CNAME: While I could point www.domain.com to Linode Object Storage, the root domain (domain.com) could only resolve to an IP address, not a CNAME. Limited TLS Support: Linode Object Storage doesn’t automatically handle HTTPS for custom domains, requiring a manual setup for TLS certificates. No Cloudflare CDN: Due to Linode DNS restrictions, I couldn’t use Cloudflare to improve performance and security. The Solution 🛠️ To overcome these limitations, I set up a workaround using a reverse proxy with Let’s Encrypt TLS certificates. ...

Are your bookmarks getting out of control? Do you struggle to find saved pages in a growing list? Say hello to Bookmark Blitz, the browser extension designed to bring effortless organization and lightning-fast access to your bookmarks! ⚡ 🔥 Why Bookmark Blitz? Managing bookmarks in a cluttered browser can be frustrating. With Bookmark Blitz, you get: ✅ Swift Navigation – Quickly find bookmarks, even in large collections. ✅ Bookmark Insights – Track usage and gain valuable insights. ✅ Seamless Management – Keep everything organized with ease. ...

Have you ever wanted to add that extra layer of authenticity to your Git commits by signing them with a GPG key? Maybe you forgot to sign a commit and now you’re stuck thinking, “Do I have to rewrite history for this?” Well, yes — but it’s easier than you think. Let’s dive in and get it done. Why Sign Commits? First, a quick refresher: Signing commits with a GPG key proves that the commit really came from you. It’s a great way to verify authenticity, especially for collaborative projects or open-source contributions. ...

1. Problem If you are using AWS Lambda and update your Runtime to Node.js 20.x, you may see the error as follows: Response { "errorType": "ReferenceError", "errorMessage": "require is not defined in ES module scope, you can use import instead", "trace": [ "ReferenceError: require is not defined in ES module scope, you can use import instead", " at file:///var/task/index.mjs:2:68", " at ModuleJob.run (node:internal/modules/esm/module_job:234:25)", " at async ModuleLoader.import (node:internal/modules/esm/loader:473:24)", " at async _tryAwaitImport (file:///var/runtime/index.mjs:1008:16)", " at async _tryRequire (file:///var/runtime/index.mjs:1057:86)", " at async _loadUserApp (file:///var/runtime/index.mjs:1081:16)", " at async UserFunction.js.module.exports.load (file:///var/runtime/index.mjs:1119:21)", " at async start (file:///var/runtime/index.mjs:1282:23)", " at async file:///var/runtime/index.mjs:1288:1" ] } This is because Node.js 20.x uses ECMAScript modules (ESM) by default. You need to update your code to use import instead of require. ...

Last time when I restarted my Gitea server was when I upgraded it to 2.20.11. It has been six months. Although I almost pushed code everyday, I didn’t notice that my Gitea server was already attacked by hackers for a couple of months. I found out that the hackers created few users and repositories on my Gitea server everyday. I was lucky that I found out this issue before it was too late. ...

1. Problem You may meet the situation where you want to execute a binary in Linux, but you don’t want to keep the terminal open. You want to close the terminal and let the binary run in the background. 2. Solution In Linux, you can use the nohup command to run a binary in the background. The nohup command is used to run a command or script that keeps running after you log out of a shell. ...