Searching yarn

Twts matching #1
Sort by: Newest, Oldest, Most Relevant

What do the Gopher Troopers think of the following? The Gopher protocol is a nearly-forgotten network protocol from the early 1990s, designed to serve and navigate text-based menus and documents over the Internet. While it’s far less common than HTTP/HTTPS today, there are still some security risks associated with Gopher and Gopher space. Let’s break them down carefully: 1. Lack of Encryption Problem: Gopher was designed long before widespread use of SSL/TLS. All data—including credentials, file transfers, and menu selections—is transmitted in plaintext. Impact: Anyone intercepting traffic (e.g., via a network sniffer, public Wi-Fi, or a compromised router) can read sensitive information, including usernames and passwords. 2. No Authentication or Access Control Problem: Gopher servers rarely implement robust authentication; access control is usually limited or non-existent. Impact: Unauthorized users might browse sensitive directories or download private files, particularly if servers are misconfigured. 3. Server Software Vulnerabilities Problem: Modern OSes can still run legacy Gopher servers, but the software is often unmaintained. Impact: Old software may contain buffer overflows, directory traversal bugs, or command injection vulnerabilities that attackers could exploit. 4. Malicious Gopher Links Problem: Gopher menus can contain links that point to scripts or other servers, similar to hyperlinks in HTTP. A client following a malicious link could inadvertently: Download malware Access sensitive internal network resources (server-side request forgery) Impact: Could serve as a vector for attacks if a user opens content from untrusted sources. 5. Legacy Protocol Weaknesses Problem: Gopher lacks modern web security mechanisms like: Content security policies Same-origin policies Cross-site request forgery protection Impact: If Gopher is bridged to other services (like modern browsers via gateways), old vulnerabilities may be exposed. 6. Information Leakage Problem: Gopher servers often provide directory listings without restriction. Impact: Sensitive files, backup directories, and internal documents may be exposed unintentionally. 7. Bridging Risks Problem: Some modern browsers access Gopher via gateways (HTTP-to-Gopher proxies). These bridges may: Expose sensitive internal resources to the gateway Introduce logging or tracking that wouldn’t exist on pure Gopher Impact: Attacks could occur indirectly through insecure intermediaries. Key Takeaways Gopher is inherently insecure due to its design in a pre-HTTPS era. Main threats: eavesdropping, unauthorized access, malware delivery, and exploitation of unpatched server software. Safe practice: Use Gopher only in isolated, trusted environments, or through secure HTTP(S) gateways with proper sanitization.

⤋ Read More
In-reply-to » @lyse Thanks for the heads-up.

@lyse@lyse.isobeef.org Thanks (again) for the heads-up!. I’m not sure why you were seeing black text, but I just pushed a new version of the library (v0.10.1) with some updated colors in the demo’s themes (which should hopefully address the contrast issues).

The dark mode was an aesthetic choice by a designer with a strong preference for dark mode (and who thought the maroon looked better as a background color), but in the interest of being supportive of my audience, I added a localstorage-backed memory to the theme toggle (so when you turn it to light mode, it should remember for future visits).

⤋ Read More

Went 2/3 at Magic today: Prosper dominated game 1, Ash and his Knights came within a single planar die roll of winning game 2, and then Atraxa came up with the win in a fairly tight game 3. All in all, not a bad afternoon of Magic.

⤋ Read More
In-reply-to » Can anyone recommend a command-line SQL query formatter? Unfortunately, sqlparse is also unsuitable for me: https://github.com/andialbrecht/sqlparse/issues/688

I’m supporting incremental SQLite schema changes to just upgrade from an older database version to whatever the current software version supports. In the past, I already noticed that this is quite expensive in unit tests when each test case runs through the entire schema patches and applies them one by one.

To speed up test execution I now decided that I finally go through the troubles of maintaining both a set of incremental patches and a full schema setup in one go. A unit test verifies that both ways end up with the same structure. This gives me a set of SQLs to check the structures:

SELECT type, name, tbl_name, sql
FROM sqlite_schema
ORDER BY type, name, tbl_name

Unfortunately, the resulting CREATE TABLE SQL queries are formatted differently, depending on whether the full schema was set up in one big step or the structure had been modified with ALTER TABLE. Mainly, added columns are not on their own lines but appended in one physical line. That’s why I wanted an SQL formatting tool. Since I didn’t find one that works decently, I’m now doing some simple string manipulation. Joining consecutive whitespace into a single space character, removing spaces before commas and closing parentheses and spaces after opening parentheses. This works surpringly good enough. Of course, if it fails, the “diff” is absolutely horrendous.

Now for the cool part, my test execution dropped from around 5:05 minutes to just 1:32 minutes! I call that a win.

I just stumbled across PRAGMA table_info('tablename') https://sqlite.org/pragma.html#pragma_table_info, PRAGMA foreign_key_list('tablename') and friends. I guess, I have to play with that, now. It’s probably much better to use than the SQL text approach.

⤋ Read More

To whoever is operating this “xt” client, there might be a misconfiguration. My feed is often, but not always, pulled twice within a few seconds:

2026-03-14T15:31:02+01:00 "GET /twtxt.txt HTTP/1.1" 304 "xt/0.0.1"
2026-03-14T15:31:31+01:00 "GET /twtxt.txt HTTP/1.1" 304 "xt/0.0.1"

2026-03-14T15:41:19+01:00 "GET /twtxt.txt HTTP/1.1" 304 "xt/0.0.1"
2026-03-14T15:41:31+01:00 "GET /twtxt.txt HTTP/1.1" 304 "xt/0.0.1"

2026-03-14T15:51:04+01:00 "GET /twtxt.txt HTTP/1.1" 304 "xt/0.0.1"

2026-03-14T16:01:25+01:00 "GET /twtxt.txt HTTP/1.1" 304 "xt/0.0.1"
2026-03-14T16:01:27+01:00 "GET /twtxt.txt HTTP/1.1" 304 "xt/0.0.1"

2026-03-14T16:11:51+01:00 "GET /twtxt.txt HTTP/1.1" 304 "xt/0.0.1"
2026-03-14T16:11:54+01:00 "GET /twtxt.txt HTTP/1.1" 304 "xt/0.0.1"

2026-03-14T16:21:53+01:00 "GET /twtxt.txt HTTP/1.1" 304 "xt/0.0.1"

2026-03-14T16:32:19+01:00 "GET /twtxt.txt HTTP/1.1" 304 "xt/0.0.1"
2026-03-14T16:32:22+01:00 "GET /twtxt.txt HTTP/1.1" 304 "xt/0.0.1"

2026-03-14T16:52:28+01:00 "GET /twtxt.txt HTTP/1.1" 304 "xt/0.0.1"
2026-03-14T16:52:31+01:00 "GET /twtxt.txt HTTP/1.1" 304 "xt/0.0.1"

Maybe this is caused by a development and a production setup, no idea. Since this client is sending the If-Modified-Since or If-None-Match request header, I’m good with that, though. Looking forward to discover a new feed hopefully soon. :-)

⤋ Read More

Hi @c2803! You are right. But whot is the reason, that the onion site of magical.fish is not working? Why 1436.ninja/1/Port70News is not working? Why gopher://sdf-eu.org is not working? I thing, big companies or states are making troubles to gopher sites. If you like to search the web anonymously, take the onion site of me0w.net .

⤋ Read More

Do not die from hunger. Man does not live from bread only, but from every word out of God’s mouth. Read the Good News of Matthew in the Bible. bible.com or 5fi.sh in every language or gopher://rbfh.de or gopher://sdf.org/1/users/scn/Bibel .

⤋ Read More
In-reply-to » 👋 Looking for other interested folks to continue to evolve the development of Salty.im 🙏 I've been hard™ at work on the v2 branch and @doesnm.p.psf.lt has been incredibly helpful so far. Be great ot have a few more folks to join us, some of the v2 highlights include:

@bender@twtxt.net Here is a properly formatted version of your message:

Not yet — but that’s probably a good idea.

Instructions:

  1. Clone the repository
git clone https://git.mills.io/saltyim/saltyim.git
cd saltyim
  1. Check out the v2 branch
git checkout v2
  1. Build and install the CLI/TUI
make DESTDIR=$HOME/bin install

After installation, run:

salty-chat

⤋ Read More

I’m trying to implement configurable key bindings in tt. Boy, is parsing the key names into tcell.EventKeys a horrible thing. This type consists of three information:

  1. maybe a predefined compound key sequence, like Ctrl+A
  2. maybe some modifiers, such as Shift, Ctrl, etc.
  3. maybe a rune if neither modifiers are present nor a predefined compound key exists

It’s hardcoded usage results in code like this:

func (t *TreeView[T]) InputHandler() func(event *tcell.EventKey, setFocus func(p tview.Primitive)) {
    return t.WrapInputHandler(func(event *tcell.EventKey, setFocus func(p tview.Primitive)) {
        switch event.Key() {
        case tcell.KeyUp:
            t.moveUp()
        case tcell.KeyDown:
            t.moveDown()
        case tcell.KeyHome:
            t.moveTop()
        case tcell.KeyEnd:
            t.moveBottom()
        case tcell.KeyCtrlE:
            t.moveScrollOffsetDown()
        case tcell.KeyCtrlY:
            t.moveScrollOffsetUp()
        case tcell.KeyTab, tcell.KeyBacktab:
            if t.finished != nil {
                t.finished(event.Key())
            }
        case tcell.KeyRune:
            if event.Modifiers() == tcell.ModNone {
                switch event.Rune() {
                case 'k':
                    t.moveUp()
                case 'j':
                    t.moveDown()
                case 'g':
                    t.moveTop()
                case 'G':
                    t.moveBottom()
                }
            }
        }
    })
}

This data structure is just awful to handle and especially initialize in my opinion. Some compound tcell.Keys are mapped to human-readable names in tcell.KeyNames. However, these names always use - to join modifiers, e.g. resulting in Ctrl-A, whereas tcell.EventKey.Name() produces +-delimited strings, e.g. Ctrl+A. Gnaarf, why this asymmetry!? O_o

I just checked k9s and they’re extending tcell.KeyNames with their own tcell.Key definitions like crazy: https://github.com/derailed/k9s/blob/master/internal/ui/key.go Then, they convert an original tcell.EventKey to tcell.Key: https://github.com/derailed/k9s/blob/b53f3091ca2d9ab963913b0d5e59376aea3f3e51/internal/ui/app.go#L287 This must be used when actually handling keyboard input: https://github.com/derailed/k9s/blob/e55083ba271eed6fc4014674890f70c5ed6c70e0/internal/ui/tree.go#L101

This seems to be much nicer to use. However, I fear this will break eventually. And it’s more fragile in general, because it’s rather easy to forget the conversion or one can get confused whether a certain key at hand is now an original tcell.Key coming from the library or an “extended” one.

I will see if I can find some other programs that provide configurable tcell key bindings.

⤋ Read More
In-reply-to » With RAM crazy prices being what they are, I guess my PC is gonna be stuck on 16GB RAM for some time. I originally bought the DDR4 16GB kit for like $49 AUD, and I thought I'd just buy another 16GB or more later down the track (this was like a year and a half ago), thinking it would be similarly priced or even cheaper...

@eldersnake@we.loveprivacy.club

Steps to world domination:

  1. “Invent” “AI” (by using other people’s data).
  2. Get people hyped about it and ideally hooked on it.
  3. Only provide it as a cloud service. But hey, if you want to, you can run it locally!
  4. Buy all hardware available on the market, so that nobody but you can build more systems.
  5. All PCs of consumers and competitors are too weak now and can’t be upgraded anymore.
  6. Everybody depends on your cloud service! Win!

All of that is possible because corporations don’t have a “conscience” in capitalism. Nobody forces the RAM manufacturers to sell all their stuff to just one or two buyers, but since the only goal of that manufacturer is to make money, they do it.

⤋ Read More
In-reply-to » @lyse You actually have a Markdown parser/renderer in there? Oh dear. I would have been (well, I am) way too lazy for that. 😅

@movq@www.uninformativ.de Well, just a very limited subset thereof:

  1. inline and multiline code blocks using single/double/triple backticks (but no code blocks with just indentation)
  2. markdown links using using [text](url)
  3. markdown media links using ![alt](url)

And that’s it. No bold, italics, lists, quotes, headlines, etc.

Just like mentions, plain URLs, markdown links and markdown media URLs are highlighted and available in the URLs View. They’re also colored differently, similarly to code segments.

I definitely should write some documentation and provide screenshots.

⤋ Read More
In-reply-to » @movq That's cool! I also like the name of your library. :-) I assume you made the thing load quickly, didn't you?

@lyse@lyse.isobeef.org

I assume you made the thing load quickly, didn’t you?

That’s the problem with Python. If you have a couple of files to import, it will take time.

I want this to be reasonably fast on my old Intel NUC from 2016 (Celeron N3050 @ 1.60GHz) and I already notice that the program startup takes about 95 ms (or 125 ms when there are no .pyc files yet). That’s still fine, but it shows that I’ll have to be careful and keep this thing very small …

Python 3.14 will bring lazy imports, maybe that can help in some cases.

⤋ Read More

The tt URLs View now automatically selects the first URL that I probably are going to open. In decreasing order, the URL types are:

  1. markdown media URLs (images, videos, etc.)
  2. markdown or plaintext URLs
  3. subjects
  4. mentions

I might differentiate between mentions of subscribed and unsubscribed feeds in the future. The odds of opening a new feed over an already existing one are higher.

⤋ Read More

Whoo! I fixed one of the hardest bugs in mu (µ) I think I’ve had to figure out. Took me several days in fact to figure it out. The basic problem was, println(1, 2) was bring printed as 1 2 in the bytecode VM and 1 nil when natively compiled to machine code on macOS. In the end it turned out the machine code being generated / emitted meant that the list pointers for the rest... of the variadic arguments was being slot into a register that was being clobbered by the mu_retain and mu_release calls and effectively getting freed up on first use by the RC (reference counting) garbage collector 🤦‍♂️

⤋ Read More

very good blog post that reminded me why it’s taking so long to ship bbycll — previously i had computed the hashes of every post before storing them in the database, after realizing it’s a much better idea to compute the hashes during runtime and only store the post content & timestamp i’m now having to rewrite every function that reads & writes data. i hope the reason as to why i lost motivation is obvious — thankfully i caught it early enough so that once i’m done rewriting just those functions i should™ be able to finalize 1.0-rc with little hassle

⇒ the cardinal sin of software architecture: the unnecessary distribution, replication, or restructuring of state, both in space and time.

⤋ Read More
In-reply-to » Advent of Code 2025 starts tomorrow. 🥳🎄

I rewrote all my solutions in Rust (except for day 10 part 2) and these are the runtimes on my i7-3770 from 2013 (this measures CLOCK_PROCESS_CPUTIME_ID, not wallclock):

day01/1 [      00.000501311] Result: 1066
day01/2 [      00.000400298] Result: 6223
day02/1 [      00.000358848] Result: 12586854255
day02/2 [      00.000750711] Result: 17298174201
day03/1 [      00.000106537] Result: 17405
day03/2 [      00.000404632] Result: 171990312704598
day04/1 [      00.000257517] Result: 1626
day04/2 [      00.007495342] Result: 9173
day05/1 [      00.000237212] Result: 505
day05/2 [      00.000142731] Result: 344423158480189
day06/1 [      00.000229629] Result: 4076006202939
day06/2 [      00.000279552] Result: 7903168391557
day07/1 [      00.000204422] Result: 1622
day07/2 [      00.000283816] Result: 10357305916520
day08/1 [      00.029427421] Result: 84968
day08/2 [      00.028089859] Result: 8663467782
day09/1 [      00.000310304] Result: 4764078684
day09/2 [      00.015512554] Result: 1652344888
day10/1 [      00.000796663] Result: 375
day10/2 [      --.---------] Result: 15377 (Z3)
day11/1 [      00.000416804] Result: 753
day11/2 [      00.000660528] Result: 450854305019580
day12/1 [      00.000336081] Result: 577
day12/2 [      00.000000695] Result: no part 2

A little under 90 ms total.

On my Samsung NC10 netbook from 2011 with its Intel Atom N455 at 1.6 GHz:

day01/1 [      00.003771326] Result: 1066
day01/2 [      00.003267317] Result: 6223
day02/1 [      00.003902698] Result: 12586854255
day02/2 [      00.006659479] Result: 17298174201
day03/1 [      00.000747544] Result: 17405
day03/2 [      00.002737587] Result: 171990312704598
day04/1 [      00.001263892] Result: 1626
day04/2 [      00.044985301] Result: 9173
day05/1 [      00.001696761] Result: 505
day05/2 [      00.000978962] Result: 344423158480189
day06/1 [      00.001387660] Result: 4076006202939
day06/2 [      00.001734248] Result: 7903168391557
day07/1 [      00.001295528] Result: 1622
day07/2 [      00.001809659] Result: 10357305916520
day08/1 [      00.277251443] Result: 84968
day08/2 [      00.284359332] Result: 8663467782
day09/1 [      00.003152407] Result: 4764078684
day09/2 [      00.071123459] Result: 1652344888
day10/1 [      00.005279527] Result: 375
day10/2 [      --.---------] Result: 15377 (Z3)
day11/1 [      00.003273342] Result: 753
day11/2 [      00.005139719] Result: 450854305019580
day12/1 [      00.002857552] Result: 577
day12/2 [      00.000004421] Result: no part 2

A little over 700 ms total.

I like this. You get performance that’s more or less in the ballpark of C, but without the footguns.

⤋ Read More

If your very popular project with lots of stars on GitHub is over 10 years old, and you’re still at a pre-1.0 version because you’re using SemVer and a 1.0 would mean making some kind of commitment and that’s somehow not desirable for you, then I think you’re doing something wrong. 🤔

⤋ Read More

I cleaned up all my of AoC (Advent of Code) 2025 solutions, refactored many of the utilities I had to write as reusable libraries, re-tested Day 1 (but nothing else). here it is if you’re curious! This is written in mu, my own language I built as a self-hosted minimal compiler/vm with very few types and builtins.

https://git.mills.io/prologic/aoc2025

⤋ Read More

I’m having to write my own functions like this in mu just to solve AoC puzzles :D

fn pow10(k) {
    p := 1
    i := 0
    while i < k {
        p = p * 10
        i = i + 1
    }
    return p
}

⤋ Read More

Come back from my trip, run my AoC 2025 Day 1 solution in my own language (mu) and find it didn’t run correctly 🤣 Ooops!

$ ./bin/mu examples/aoc2025/day1.mu
closure[0x140001544e0]

⤋ Read More
In-reply-to » Advent of Code 2025 starts tomorrow. 🥳🎄

Alright, Advent of Code is over:

https://www.uninformativ.de/blog/postings/2025-12-12/0/POSTING-en.html

It’s been quite the time sink, especially with the DOS games on top, but it was fun. 🥳

In case you’re wondering: All puzzles (except for part 2 of day 10) were doable in Python 1 on SuSE Linux 6.4 and ran in a finite time on the Pentium 133. Puzzle 10/2 might have been doable as well if I had better education. 🤣

⤋ Read More

Awk to take lines from Plan 9’s /lib/unicode and prepend the actual glyph and a tab: awk ‘{cmd=sprintf(“unicode %s”, $1); cmd | getline c; printf(“%s %s\n”, c, $0)}’

⤋ Read More
In-reply-to » I'm contemplating the idea of switching my activity pub instance from Gootosocial to a Pleroma one. While GTS is kinda cute (lightweight and easy to manage) of a software, the inability to fetch/scroll through people's past toots when visiting a profile or having access to a federated timeline and a proper search functionality ...etc felt like handicap for the past N months.

@bender@twtxt.net yeah, I’ve been reading through the documentation last night and it felt overwhelming for a minute… +1 point goes to GTS’s docs. but hey, I’ll be taking the easy route: podman-compose up -d they provide both a container image and an example compose file in a separate git repo but I’m wondering why that is not mentioned anywhere in the docs, (unless it is and I haven’t seen it yet)

⤋ Read More
In-reply-to » Advent of Code 2025 starts tomorrow. 🥳🎄

Day 2 was pretty tough on my old hardware. Part 1 originally took 16 minutes, then I got it down to 9 seconds – only to realize later that my solution abused some properties of my particular input. A correct solution will probably take about 30 seconds. 🫤

Part 2 took 29 minutes this morning. I wrote an optimized version but haven’t tested it yet. I hope it’ll be under a minute.

Python 1 feels really slow, even compared to Java 1. And these first puzzles weren’t even computationally intensive. We’ll see how far I’ll make it …

⤋ Read More

Thinking about doing Advent of Code in my own tiny language mu this year.

mu is:

  • Dynamically typed
  • Lexically scoped with closures
  • Has a Go-like curly-brace syntax
  • Built around lists, maps, and first-class functions

Key syntax:

  • Functions use fn and braces:
fn add(a, b) {
    return a + b
}
  • Variables use := for declaration and = for assignment:
x := 10
x = x + 1
  • Control flow includes if / else and while:
if x > 5 {
    println("big")
} else {
    println("small")
}
while x < 10 {
    x = x + 1
}
  • Lists and maps:
nums := [1, 2, 3]
nums[1] = 42
ages := {"alice": 30, "bob": 25}
ages["bob"] = ages["bob"] + 1

Supported types:

  • int
  • bool
  • string
  • list
  • map
  • fn
  • nil

mu feels like a tiny little Go-ish, Python-ish language — curious to see how far I can get with it for Advent of Code this year. 🎄

⤋ Read More

Advent of Code 2025 starts tomorrow. 🥳🎄

This year, I’m going to use Python 1 on SuSE Linux 6.4, writing the code on my trusty old Pentium 133 with its 64 MB of RAM. No idea if that old version of Python will be fast enough for later puzzles. We’ll see.

⤋ Read More
In-reply-to » Which actively maintained Yarn/twtxt clients are there at the moment? Client authors raise your hands! 🙋

@lyse@lyse.isobeef.org Damn. That was stupid of me. I should have posted examples using 2026-03-01 as cutoff date. 😂

In my actual test suite, everything uses 2027-01-01 and then I have this, hoping that that’s good enough. 🥴

def test_rollover():
    d = jenny.HASHV2_CUTOFF_DATE
    assert len(jenny.make_twt_hash(URL, d - timedelta(days=7), TEXT)) == 7
    assert len(jenny.make_twt_hash(URL, d - timedelta(seconds=3), TEXT)) == 7
    assert len(jenny.make_twt_hash(URL, d - timedelta(seconds=2), TEXT)) == 7
    assert len(jenny.make_twt_hash(URL, d - timedelta(seconds=1), TEXT)) == 7
    assert len(jenny.make_twt_hash(URL, d, TEXT)) == 12
    assert len(jenny.make_twt_hash(URL, d + timedelta(seconds=1), TEXT)) == 12
    assert len(jenny.make_twt_hash(URL, d + timedelta(seconds=2), TEXT)) == 12
    assert len(jenny.make_twt_hash(URL, d + timedelta(seconds=3), TEXT)) == 12
    assert len(jenny.make_twt_hash(URL, d + timedelta(days=7), TEXT)) == 12

(In other words, I don’t care as long as it’s before 2027-01-01. 😏😅)

⤋ Read More
In-reply-to » Alright, this yarnd installation has been properly fixed.

cat /etc/mokou/yarnd.conf
exec=/usr/pkg/sbin/daemonize -c/var/db/yarnd -u www -p /var/run/yarnd.pid /usr/pkg/sbin/chpst -e /usr/local/etc/yarnd /usr/local/sbin/yarnd -b 127.0.0.1:[classified information]

I know this might seem a bit overengineered, but the previous command until now had the secrets exposed on the process list

⤋ Read More

Better Technology, Worse Motivation: GenAI’s Mediocrity Trap

While generative AI (GenAI) promises productive efficiency, it can paradoxically lead to lower-quality work. We conducted an experiment with professional illustrators and found that AI assistance flattens the quality curve—it accelerates initial gains but sharply diminishes the returns on sustained effort. Faced with this, a significant number of professionals made a strategic choice: they sacrificed the final quality to save time.

From http://www.jin-li.org/uploads/1/1/4/5/114595093/ai_and_motivation.pdf

I haven’t read this and can’t vouch for it; seems vaguely AI-boostery. Still, the conclusions are interesting. This seems to be the picture that is emerging about generative AI generally: most people don’t like it and find that degrades the quality of work. Coders seem to like it and think that it helps them, but in fact it makes the slower, less productive, and more bug prone.

By all measures it’s a bad technology. We should just be honest about it. There is no need to make excuses for multi-trillion-dollar corporations.

⤋ Read More

Tired to re-enable the Ege route to git.mills.io today (after finishing work) and this is what I found 🤯 Tehse asshole/cunts are still at it !!! 🤬 – So let’s instead see if this works:

$ host git.mills.io 1.1.1.1
Using domain server:
Name: 1.1.1.1
Address: 1.1.1.1#53
Aliases:

git.mills.io is an alias for fuckoff.mills.io.
fuckoff.mills.io has address 127.0.0.1


PS: Would anyone be interested if I started a massive global class action suit against companies that do this kind of abusive web crawling behavior, violate/disregards robots.txt and whatever else standards that are set in stone by the W3C? 🤔

⤋ Read More
In-reply-to » Hmm, so it seems this Mike is the one who inherited it: https://tilde.club/~deepend/, but not too active anywhere, though pinging “deepend” on Libera might work...

@lyse@lyse.isobeef.org I personally use twtAgent over here on Thunix (Also managed by deepend I believe) and then from time to time run wk -F ' ' '/\.txt/ {print $NF" "$(NF-1)}' $HOME/public_html/twtAgent.log | sed -e 's/\((\|)\|+\|;\|@\)//g' | sed '/^$/d'| sort -u to check for who’s pulling this feed (Too lazy to alias it :‘] ) .

Leaving this here just in case it might help a fellow Townie, Cheers!

⤋ Read More

I’ve once again brought up a Gitea instance on my server space, but there are two highlights here:

  1. No self-registration (accounts are tied to the e-mail server, which is in turn tied to the system accounts)
  2. Going beyond the landing page requires to be logged in, no excuses. (It also could scare the AI crawlers to oblivion, avoiding Anubis at that)

That’s it.

⤋ Read More
In-reply-to » And regarding those broken URLs: I once speculated that these bots operate on an old dataset, because I thought that my redirect rules actually were broken once and produced loops. But a) I cannot reproduce this today, and b) I cannot find anything related to that in my Git history, either. But it’s hard to tell, because I switched operating systems and webservers since then …

@lyse@lyse.isobeef.org Probably wouldn’t help, since almost every request comes from a different IP address. These are the hits on those weird /projects URLs since Sunday:

    1 IP  has  5 hits
    1 IP  has  4 hits
   13 IPs have 3 hits
  280 IPs have 2 hits
25543 IPs have 1 hit

The total number of hits has decreased now. Maybe the botnet has moved on …

⤋ Read More

Fark me 🤦‍♂️ I woke up quite late today (after a long night helping/assisting with a Mainframe migration last night fork work) to abusive traffic and my alerts going off. The impact? My pod (twtxt.net) was being hammered by something at a request rate of 30 req/s (there are global rate limits in place, but still…). The culprit? Turned out to be a particular IP 43.134.51.191 and after looking into who own s that IP I discovered it was yet-another-bad-customer-or-whatever from Tencent, so that entire network (ASN) is now blocked from my Edge:

+# Who: Tentcent
+# Why: Bad Bots
+132203

Total damage?

$ caddy-log-formatter twtxt.net.log | cut -f 1 -d  ' ' | sort | uniq -c | sort -r -n -k 1 | head -n 5
  61371 43.134.51.191
    402 159.196.9.199
    121 45.77.238.240
      8 106.200.1.116
      6 104.250.53.138

61k reqs over an hour or so (before I noticed), bunch of CPU time burned, and useless waste of my fucking time.

⤋ Read More