Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)J

JustTesting

@ JustTesting @lemmy.hogru.ch

Posts
0
Comments
141
Joined
2 yr. ago

  • Why ActivityPub over Nostr? - function only

    Jump

  • I don't actually know how nostr deals with messages if you're offline, if at all, not that familiar with the protocol. But your idea sounds workable.

    I tend to come at it from the other side, I like the federated model, but think the "supernodes" could behave more like dedicated relays. Like, a lemmy server right now does a lot of things, like serve a frontend, do expensive database queries to show a sorted feed, etc. and a lot of that does not scale very well. So having different kinds of nodes with more specialization, while still following a federated model makes sense to me. Right now if one of my users subscribes to some community, that community's instance will start spamming my instance with updates nonstop, even though that user might not be active or might not even read that community anymore. It would be nicer if there was some kind of beefy instance I could request this data from if necessary, without getting each and every update even though 90% of it might never be viewed. But keeping individual instances that could have their own community and themes, or just be hosted for you and your friends to reduce the burden on non-techies having to self-host something.

    Or put another way, instead of making the relays more instance-y, embrace the super instances and make them more relay-y, but tailor made for that job and still hostable by anyone, if they want to spend on the hardware. But I'm still not clear on where you'd draw the line/how exactly you'd split the responsibility. For lemmy, instead of sending 100's of requests in parallel for each thing that happens, a super-instance could just consolidate all the events and send them as single big requests/batches to sub-instances and maybe that's a good place to draw the line?

  • Guarding My Git Forge Against AI Scrapers

    Jump

  • it's iocaine not Locaine, tripped me up at first as well.

  • What Youtube channel has maintained high quality standards over the years?

    Jump

  • SBPlaysGames, super tiny lets play channel, but has been consistently uploading for 10 years and she picks some really good indie games (as well as board games) that i would otherwise never would have heard of. Plus pretty good analysis of the games, though of course the lets play format means it's pretty spread out across episodes. And by analysis i don't mean reviews, but more like movie analysis level. Though I'd love it if she'd lean into that part a bit more.

    and i specifically picked her because it's one thing to consistently produce good content when you have millions of views (and dollars?), but doing so with 28k subs and maybe 100-200 views, for over 10 years, that takes real dedication.

    Oh and on the topic of video game channels, AnyAustin is amazing. Fucking weird but amazing. He also does video game analysis but not how you'd think…

  • Why ActivityPub over Nostr? - function only

    Jump

  • this article and the accompanying discussion from lobsters is very relevant. Though the article itself is a bit one sided in favor of nostr, it doesn't do a great job arguing why a relay really is better

  • What YouTube channel to you has degraded in time?

    Jump

  • the biggest issue for me is that it seems impossible to find those small channels anymore, whatever you search for, it'll just give you big ones, even if not really related to your query

  • What YouTube channel to you has degraded in time?

    Jump

  • Clickspring is great! I'd also like to add Blondihacks, which is just very down to earth machining content, mostly with very traditional techniques/tools, and also just high quality educational content. And she has very wholesome vibes

    And also NotAnEngineer, another aussie doing machining with humor similar to ToT. Working out of a small cramped garage, his wife/partner doing a lot of the recording. And the projecte are usually quite unique

  • Amazing Video Shows Tesla Optimus Teleoperator Taking Off Headset, Causing Robot to Stumble and Collapse

    Jump

  • Dudess or dudette, I think? At least i heard that used before

  • McDonald's faces backlash after airing 2025 Christmas commercial: 'This is just … terrible'

    Jump

  • So why not a traditional shoot?

    they heard how much publicity coca cola got when they did their AI ad andthere's no such thing as bad publicity? i can't even say that it doesn't work, it does get people talking about it…

  • I Went All-In on AI. The MIT Study Is Right.

    Jump

  • so the obvious solution is to just have humans execute our code manually. Grab a pen and some crayons, go through it step by step and write variable values on the paper and draw the interface with the crayons and show it on a webcam or something. And they can fill in the gaps with what they think the code in question is supposed to do. easy!

  • Is LineageOS for microG legit?

    Jump

  • What you said is like "i'm going to delete linux and install ubuntu", but then there's not really a name for the android that comes with your phone. "stock android" probably is the closest term you get to distinguish between the OS family and the thing actually installed, but all the companies customize their android, so it's not like there's just one "stock android".

    i mean, I'm sure samsung has some term for their android, but i doubt anyone use this outside of samsung.

  • PixiEditor is a Universal Editor for all your 2D needs

    Jump

  • Pinta is my goto replacement for paint.net on linux. It also loads really fast and has most of the basic editing needs covered.

  • Swiss voters reject proposed tax on super rich

    Jump

  • The funniest one was the example of a rich guy leaving germany because of inheritance tax being used to prove this.

    Only that he left germany for switzerland and there's not really any other countries around with no inheritance tax

  • Swiss voters reject proposed tax on super rich

    Jump

  • Yes, ~4million CHF against (mostly big donations and organisations) vs 400'000 for (mostly small private donations)

  • Anubis is awesome and I want to talk about it

    Jump

  • You mean for the referer part? Of course you don't want it for all urls and there's some legitimate cases. I have that on specific urls where it's highly unlikely, not every url. E.g. a direct link to a single comment in lemmy, and whitelisting logged-in users. Plus a limit, like >3 times an hour before a ban. It's already pretty unusual to bookmark a link to a single comment

    It's a pretty consistent bot pattern, they will go to some subsubpage with no referer with no prior traffic from that ip, and then no other traffic from that ip after that for a bit (since they cycle though ip's on each request) but you will get a ton of these requests across all ips they use. It was one of the most common patterns i saw when i followed the logs for a while.

    of course having some honeypot url in a hidden link or something gives more reliable results, if you can add such a link, but if you're hosting some software that you can't easily add that to, suspicious patterns like the one above can work really well in my experience. Just don't enforce it right away, have it with the 'dummy' action in f2b for a while and double check.

    And I mostly intended that as an example of seeing suspicious traffic in the logs and tailoring a rule to it. Doesn't take very long and can be very effective.

  • Anubis is awesome and I want to talk about it

    Jump

  • This is the way. I also have rules for hits to url, without a referer, that should never be hit without a referer, with some threshold to account for a user hitting F5. Plus a whitelist of real users (ones that got a 200 on a login endpoint). Mostly the Huawei and Tencent crawlers have fake user agents and no referer. Another thing crawlers don't do is caching. A user would never download that same .js file 100s of times in a hour, all their devices' browsers would have cached it. There's quite a lot of these kinds of patterns that can be used to block bots. Just takes watching the logs a bit to spot them.

    Then there's ratelimiting and banning ip's that hit the ratelimit regularly. Use nginx as a reverse proxy, set rate limits for URLs where it makes sense, with some burst set, ban IPs that got rate-limited more than x times in the past y hours based on the rate limit message in the nginx error.log. Might need some fine tuning/tweaking to get the thresholds right but can catch some very spammy bots. Doesn't help with those that just crawl from 100s of ips but only use each ip once every hour, though.

    Ban based on the bot user agents, for those that set it. Sure, theoretically robots.txt should be the way to deal with that, for well behaved crawlers, but if it's your homelab and you just don't want any crawlers, might as well just block those in the firewall the first time you see them.

    Downloading abuse ip lists nightly and banning those, that's around 60k abusive ip's gone. At that point you probably need to use nftables directly though instead of iptables or going through ufw, for the sets, as having 60k rules would be a bad idea.

    there's lists of all datacenter ip ranges out there, so you could block as well, though that's a pretty nuclear option, so better make sure traffic you want is whitelisted. E.g. for lemmy, you can get a list of the ips of all other instances nightly, so you don't accidentally block them. Lemmy traffic is very spammy…

    there's so much that can be done with f2b and a bit of scripting/writing filters

  • Swiss People’s Party sues crossword setter over clue - SWI swissinfo.ch

    Jump

  • Yes a days earning, at least 30.-, at most 3000.- per day, can be converted to equivalent time in jail* or equivalent time doing community work(4 hours community work = 1 day fine). at least 3 days, at most 180 days (more would mandate jail).

    suspended means there's a trial period where the punishment isn't enforced and after which it can be fully or partially dropped if the guilty party didn't commit another crime.

    And in this case it's 30 days worth of fine, how long the probation period lasts isn't specified. It's usually 2-5 years

    *not going to figure out if jail or prison is the right term…

  • In a first, Taiwan to distribute security handbook to all households as China threat rises

    Jump

  • Why go through the trouble to use Arch?

    Jump

  • In a perfect world, yes.

    In reality, i knew what i did and why i did it, two years ago, after which i never had to touch it again until now, and it takes me 2 hours of searching/fiddling until i remember that weird thing i did 2 years ago…

    and it's still totally worth it

    Oh or e.g. random env vars in .profile that I'm sure where needed for nvidia on wayland at some point, no clue if they're still necessary but i won't touch them unless something breaks. and half of them were probably not neccessary to begin with, but trying all differen't combinations is tedious…

  • Teenager jailed for playing anti-Kremlin song on the streets of St Petersburg

    Jump

  • Crazy how it went from this 5 months ago to this two weeks ago, talk about Streisand effect