I'm the administrator of kbin.life, a general purpose/tech orientated kbin instance.
That option is only likely to be for paid accounts. The freebie users like me have to make our own anti bot WAF rules. Or, as I do, just toss every page I expect a user to be using via managed challenge. Adding exceptions uses up precious space in those rules which I've used to put in exceptions for genuine instance to instance traffic.
But I am glad they were able to convince cloudflare. Good for them.
This already happens right now. If you have 22 open, your firewall is getting hammered with bots trying to get in, regardless of what cipher you're using, trying to exploit known weaknesses.
I know, except they're only ever trying lame user/password pairs that only an idiot would have on their luggage. Same as on asterisk and the bots trying to exploit decades old exploits on wordpress etc. Regardless of whether the site you host is even remotely like wordpress.
I'm not sure how you'd achieve this. If you have a mechanism to change cipher modes then there would be part of the codebase and handshake that validates settings in some way, which adds potential attack vector.
Doesn't need to change the handshake. If the server is mine, and run by me and I decide I was to change say, just the key exchange part of the process. It could be changed without negotiation. I just need to make sure all clients are configured the same way. My point being there wouldn't be a negotiation. If you try to connect to wireguard on my server, you'd need to have the key exchange setup in the same way, with the same parameters too. Yes, it should be entirely optional and require specific configuration changes on both client and server to achieve. So long as server and client are configured with the same parameters there's no negotiation to make. The channel can be setup and if the configuration is wrong it just won't work.
And their "AI tool" looks just like the hundreds of AI scraping bots. And I've already said the answer is easy. They need to differentiate themselves enough to convince cloudflare to make an exception for them.
Until then, they're "just another AI company scraping data"
Yes, but my point is I cannot tell the difference. If they can convince cloudflare they deserve special treatment and exemption then they can probably get it.
I would argue there being a difference "depends" though. There's two problems I see. They are only potentially not guilty of one.
The first problem is, that AI crawlers are a true DDoS and this is I think the main reason most (including myself) do not want them. They cause performance issues by essentially speed running collecting every unique piece of data from your site. If they're dynamic as the article says then they are potentially not doing this. I cannot say for sure here.
The second problem is, many sites are monetized from advert revenue or otherwise motivated by actual organic traffic. In this case, I would bet some money that this company is taking the data from these sites, not providing ad revenue or organic traffic and serving it to the querying user with their own ads included. In which case, this is also very very bad.
So, their beef is only potentially partially valid. Like I say, if they can convince cloudflare, and people like me to add exceptions for them, then great. So far though, I'm not convinced. AI scrapers have a bad reputation in general, and it's deserved. They need to do a LOT to escape that stigma.
Well. Try running a web server and you'll find quite quickly that you get hit quick and hard by AI crawlers that do not respect server operators. Unlike web crawlers of old, these will hit a site over and over with sometimes 100s, even 1000s of requests per second to strip mine all the content they can find, as quickly as possible.
When you try to block them by user agent, they start faking real client user agents.
When you block the AS Numbers involved traffic starts to go down. But there's still a large number of non organic requests, coming from, well frankly everywhere. Cellular network in Brazil, cable internet in the USA, other non business subcribers in other countries around the world.
How do I know they're not organic? Turn on cloudflare managed challenge and they all go away.
So, personally that's my biggest beef against them. Yes ripping off data without permission is bad already, but this level of trying to bypass any clear sign we do not want you is far worse.
I mean, if I were athletic I'd probably already be playing a sport. I think these two things in my case are intrinsically linked.
- JumpDeleted
Permanently Deleted
I think as close as I understand it. It's "random, with rules"
Age verification on VPNs. Hmm, collecting the ID of people that want to hide their identity. Seems about right.
Well, I did think the "security through obscurity" line would come up. But that's really something that should be reserved for people making their own "triple XOR" crypto implementations closed source and hoping that protects them.
The "obscurity" if it's the term we want to use here in my use case isn't hiding using closed source to provide a perception of security. It's just giving a choice of crypto, but not adding to the protocol with negotiation.
My thinking is this, and we'll look at say ssh. We can choose between multiple key types and lengths for that. Now let's say for example ed25519 is compromised (in real terms I think the only likely compromise for any of the ssh key based auth options would be deriving a private key from the public key, so the "scanning" I talk about is a fantasy. But I'm going with it!). For ssh, there will for sure be bots hunting the internet for vulnerable ssh servers very soon after. Automating the process of getting in, installing whatever nefarious tools they want and moving on. But, crucially they will only get those that have used ed25519 for their auth key login. However they might well get every single wireguard vpn.
I'm really just advocating for the same option really. The option to not use the same as everyone else. With no reduction in security for anyone else and no need to negotiate, the onus would entirely be on the operator to ensure the same stack is configured on client and server. Of course with the understanding that using any other stack is at your own risk. E.g. "triple XOR" security might not be the best, for example :P
Oh and as I said, I doubt I would use it. I use wireguard as it is, I like wireguard as it is. But, I feel like having options is not a bad thing, provided the default is the "best" option currently known.
- JumpDeleted
Permanently Deleted
Well the posts to inbox are generally for incoming info. Yes, there's endpoints for fetching objects. But, they don't work for indexing, at least not on mbin/kbin. If you have a link, you can use activitypub to traverse upwards from that object to the root post. But you cannot iterate down to child comments from any point.
The purpose is that say I receive an "event" from your instance. You click like on a post I don't have on my instance. Then the like event has a link to the object for that on activitypub. If I fetch that object it will have a link to the comment, if I fetch the comment it will have the comment it was in reply to, or the post. It's not intended to be used to backfill.
So they do it the old fashioned way, traversing the human side links. Which is essentially what I lock down with the managed challenge. And this is all on the free tier too.
So, someone gives you a bribe of 21 £ and you are ready to increase your emissions hundredfold for such a paltry bribe? Seriously? With this price difference there should be absolutely nothing unclear about the choice!
To be clear I didn't tell you what I do. I said what most people will do. But in this case, yes I'm taking the more convenient and cheap option. I don't see why you want to demonize normal people when the rich bois are tearing the planet up, and I don't just mean with their travel. It's ridiculous that the normal people are expected to save the environment when it's a losing battle against the people effectively running the world.
It's a bit funny that you're telling that "I’m live smack in the middle of Europe so it’s a bit limiting" to a Finn. Look at the map. Every time I want to go to Central Europe, I need to first take a train to Turku for two hours, then board a ship, sleep on that ship, make haste to the 7:24 train in Stockholm, take that to Copenhagen (and currently there's an extra change in Malmö), then take a train from Copenhagen to Hamburg. I've left Helsinki the previous day at 17:25 and now it's the evening of my second travel day and I'm still only about as close to almost any possible destination than your home is.
You broke quoting here. In any case, I just meant that from here there's only one way into mainland europe, via eurostar. There's no rail competition and no other option other than ferry or air.
The pricing of car vs public transportation in Britain surprises me! Over here in Helsinki the cost of having and using a car is about 300 € per month.
What are the causes of those costs? Our car is already paid off, so no more finance. The annual excise duty is free on it (historically it was low emission for the time, and this somehow carries over, it works weird here, apparently next year it will be like £100 or so for the year though). Insurance probably works out to around £35-£40 per month (we're not young any more and it's not a sporty car). MOT, Service etc. £300 all in for the year most years. Actually I have an extra one I still need to book which is like £600. But it's every 6 years or something like that. So not really to be factored in. That's less than €100 per month not including fuel. But crucially, I do not live in a city. So the car is needed anyway. So I have to pay all this. So really the only thing to factor in is the cost of the fuel, and convenience of driving/not driving.
But at the same time, something like 99.99 % of planes' emissions come from the planes used by Joe Average for their holiday trips. I would prefer putting effort into cutting four fifths of those flights away over stopping the private plane flights, because my effort is more efficiently used when it reduces the emissions by 80 % than when it reduces them by 0.01 %. Even if that 0.01 % means that one person is causing as much emissions as tens of thousands of other people together. It's about us staying alive.
This is nonsense (sorry!). I'll say why. The 1% (and frankly probably the top 5%) aren't only leading the way in destroying the planet with their travel options. They're ruining it in every possible way. AI is leading the way in wasting water and energy which is for certain doing untold damage to our environment, and it will only get worse. Just as some countries are getting into the position of being able to produce the majority of energy from renewables, up come the tech-bros with a new way to ensure we need more energy from more, let's say traditional sources.
We cannot win against these people. They don't care, they won't be convinced to care and anything we do is made moot by their overall actions.
- JumpDeleted
Permanently Deleted
It's the usual enshittification tactic. Make AI cheap so companies fire tech workers. Keep it cheap long enough that we all have established careers as McDonald's branch managers, then whack up the prices once they're locked in.
- JumpDeleted
Permanently Deleted
For mbin I managed to kill the attack of the scrapers only using cloudflare managed challenge for all except to fediverse post endpoints, from fediverse ua agents on certain get endpoints. Managed challenge on everything else.
So far, they've not gotten past it. But, a matter of time.
- JumpDeleted
Permanently Deleted
While I don't doubt that's part of the reason. I would assume ensuring only the microsoft key was used to create a trusted boot path to a clean windows install. At which point during the boot process these invasive anti-cheat engines take over and are then watching everything loading makes it a bit harder to cheat.
But I think there's a lot of hardware options available that could still remain invisible here. Maybe it makes software options close to impossible though. Not too sure, there's always inventive workarounds people come up with.
I always find it amusing the lengths people will go to, to cheat.. Just short of, learning to play the game better.
Yep. I entirely agree about the good points. I am just always weary about removing options like this, regardless of intention.
I'd be fine if for example I'm running my own wireguard implementation, I could choose the suite to use, not negotiate anything and ensure my client has the same configuration.
I'd probably not use it, but I like the option, and knowing that anyone that wants to try to break this now also needs to guess what options I'm running.
I only have one problem with this. When they say wireguard being crypto opinionated is a good thing. I am weary to agree with that statement entirely.
While it is good for stability (only one stack to support and get right, and to be secure and efficient) I do wonder about overall and future security. Saying "You must use this specific cipher suite because we think it's the best" is a bit of a dangerous road to take.
I say this just because Curve 25519 is considered a very secure elliptic curve, to the best of my very limited knowledge on this subject. But we had a certain dual elliptic curve pseudo random number generator was pushed as "best practice" (NIST backed) some time ago, which didn't turn out so well, even omitting possible conspiracy scenarios, it had known weaknesses even before it was recommended. [1]
Since then I've generally not been a huge fan of being given one option as "the right way" when it comes to cryptography. Even if it is the "best" it gives one target to try to find a weakness in, rather than many.
I say all this as a wireguard user, it's a great, fast and reliable VPN. I just have concerns when the choice of using other algorithms and especially putting my own chosen chain together is taken away. Because it puts the exact same target to break on every one of us, rather than having to work out how to break multiple methods and algorithms and multiple combinations.
Here you go
cpp
#include <iostream> #include <csignal> #include <unistd.h> void sigusr1_handler(int signal) { std::cout << "Signal USR1" << std::endl; } int main() { std::cout << "Installed handler for USR1" << std::endl; std::signal(SIGUSR1, sigusr1_handler); while (1 == 1) { usleep(5000000); // 5 seconds std::cout << "Waiting for signal" << std::endl; } }That will help you read at least one of them.
Come on, about 10% of greenhouse gas emissions come from flying. Amd that's done almost exclusively by the common folks, not the tiny minority. A kilometre by train causes 99 % less (electric) or about 70 % less (diesel) emissions per kilometre than an airplane does, and is a viable way to travel, but people still fly. Because they prefer being assholes and kil their own children if not doing.so would inconvenience them evem just a little.
The problem will always be price. So travelling to another country? I'm in the UK so it's a bit limiting. But if I want to go to Paris. I picked a week a month away from now. So it should be too expensive, or too cheap. By eurostar the cheapest option is £95, by plane £74.
But the same is true of car vs train in the UK and it's frankly at ridiculous levels. If I want to go into London from where I live (which is in a home county) it will cost £40 for a return on the same day. However if I drive, even in an older car that is subject to ULEZ. Then the cost is:
£12.50 ULEZ £15 congestion charge (although really, there's plenty of places you can park outside the congestion zone but very central to pick up the tube to avoid this) £5 worth of fuel. Parking, depends. At the weekend there are many places you can reliably park for free.
It's always cheaper than the train. But, notably if you park outside of the congestion charge zone, it's significantly cheaper. If you're two people travelling or in a ULEZ compliant vehicle it's entirely a no-brainer. Here's an interesting point. People are happy to park inside the ULEZ but outside the congestion charge zone and take the tube. Do you know why? It's because coincidentally the last train stations outside the congestion charge zone are also the same station the fare is suddenly 2x the fare from the first station inside. Travelling within London on the tube, train and bus is affordable and mostly convenient. Getting in from outside, even a mile outside is not.
They need to fix this. The average person votes with their wallet, with convenience coming second. Train travel needs to be affordable and convenient. If it's cheaper and convenient to use, people will use it and leave their cars at home.
But look, CO2 per mile is way more in a private plane. We really need to be putting MUCH more into stopping that. Just because the total from the normal folk is less than the rich boys (and girls), doesn't mean the onus is on the rest of us. Per person they are doing a lot more to destroy the planet than the hoi polloi.
This is the way.