@prologic@twtxt.net @aelaraji@aelaraji.com https://http.cat/status/402

@prologic@twtxt.net I originally did that, then I git reset XD

@aelaraji@aelaraji.com Ahhh! That would be even funnier and even more brilliant! 🤣 If you can find this, I would happily employ this tactic next time and make ‘em pay 💰 Bahahahaha 🤣

@shinyoukai@neko.laidback.moe You would have to pull main and build from source 🤣 I promise I’ll make a new major release soon™ – Only been promising that for a while now, but it will happen this year 🤣

@aelaraji@aelaraji.com Yeah and I think I can basically pull the crowssec rules every N interval right and use this to make blocking decisions? – I’ve actually considered this part of a completely new WAF design that I just haven’t built yet (just designing it).

@prologic@twtxt.net I remember reading a blog-post where someone has been throwing redirects to some +100GB files (usually used for speed testing purposes) at a swarm of bots that has been abusing his server in order to criple them, but I can’t find it anymore. I’m pretty sure I’ve had it bookmarked somewhere.

@prologic@twtxt.net beats me, I’m currently stuck to the latest tag and it doesn’t even appear in mobile

@prologic@twtxt.net 😂HAHA, thanks!

@prologic@twtxt.net The main thing that I tought of is that whomever is abusing your services must be a well known actor (by range/set of IPs) that got reported by other Crowdsec users. So to my simpleton’s understanding, your reverse-proxy/web server passes the requests by crowdsec for processing, they get banned for $N hours if the source has already been blacklisted by the community or violates any of a set of behavior base rules (and even more hours for repeat offenders); otherwise the requests/responses go as per usual. Not sure if I got things right but this might help paint a better picture of the process.

Anyone on my pod (twtxt.net) finding the new Filter(s) useful at all? 🤔

@bender@twtxt.net That’s not the problem. The problem is the complex DNS setup and delegation. I’ve gotten it working once before, but it’s not that easy if you don’t intend to run it on the APEX Domain.

@prologic@twtxt.net I will share later my GoToSocial 10 lines (or less) config.yaml, and 4 lines Caddyfile, and you will see how easy it is.

@prologic@twtxt.net How so? even I (the caveman) am running one 😂

@prologic@twtxt.net I’ll create one manually and send you the creds so you can change them as soon as you log in (my instance isn’t set up to send emails). Not sure how you could get access to logs, not even my admin account has that on the admin panel. I just snoop trough the /var/log/* when needed.

@shinyoukai@neko.laidback.moe Yes 👍

@prologic@twtxt.net if done right, zs derivatives can even generate twtxt feeds alongside RSS for blogs as well

Up Next:

Twtxt feed support for Kosuzu
A simpler theme for Yarn, perhaps?

@prologic@twtxt.net bookmarked (apparently I can do that)

@prologic@twtxt.net incidentally I’ve found modSecurity

@prologic@twtxt.net running Mastodon? I’d pick anything else

@prologic@twtxt.net I’m down for it

@movq@www.uninformativ.de sorry dude I think we’re getting our language confused. I think I actually meant private Internet connections.

@prologic@twtxt.net Yeah, I meant ISPs. Hm, okay. 🤔

Tired to re-enable the Ege route to git.mills.io today (after finishing work) and this is what I found 🤯 Tehse asshole/cunts are still at it !!! 🤬 – So let’s instead see if this works:

$ host git.mills.io 1.1.1.1
Using domain server:
Name: 1.1.1.1
Address: 1.1.1.1#53
Aliases:

git.mills.io is an alias for fuckoff.mills.io.
fuckoff.mills.io has address 127.0.0.1

PS: Would anyone be interested if I started a massive global class action suit against companies that do this kind of abusive web crawling behavior, violate/disregards robots.txt and whatever else standards that are set in stone by the W3C? 🤔

@bender@twtxt.net Maybe so. But running Mastodon or GotoSocial is actually not as easy as you’d think 😂

@prologic@twtxt.net it would have been so much easy to run your own. I guess we all like to suffer every once and then, and this time is your turn. 😅

@movq@www.uninformativ.de If by that you mean ISP(s)? No. so far most are hosting providers by the looks? 🧐

@aelaraji@aelaraji.com Ahh that would be awesome!!! I’d also somehow need read access to logs so i can figure shit out on my own 🧐

@aelaraji@aelaraji.com Haha! 😂 Welcome back 🙌

@aelaraji@aelaraji.com Tell me more? How does this work?

@prologic@twtxt.net I’d say give crowdsec a try but I know for sure you prefer your own WAF … 😅

@prologic@twtxt.net Let me know if you still need an account for testing. My tin-can bandwidth is slow AF but usable if you don’t mind the speed.

Oh fuck me! I had basically turned off the route to git.mills.io last night and went ot bed at ~2AM after unsuccessfully trying to control the attacks (bad bots) that were behaving like a DDoS attack. Tried to re-enable the route this monring and *BOOM, they’re back! As-if they never stopped?! what da actual fuq?! Anyone have any clever ideas of what I can do here to allows normal users, like you nice folk and block ths obnoxious traffic?!

@zvava@twtxt.net I am waiting for that v1, so that I can start using it. 🙏🏻

@prologic@twtxt.net AI is slot machines for coders:

• “Before starting tasks, developers forecast that allowing AI will reduce completion time by 24%. After completing the study, developers estimate that allowing AI reduced completion time by 20%. Surprisingly, we find that allowing AI actually increases completion time by 19%–AI tooling slowed developers down.” https://metr.org/blog/2025-07-10-early-2025-ai-experienced-os-dev-study/
  
• “Stack Overflow data reveals the hidden productivity tax of ‘almost right’ AI code”: https://venturebeat.com/ai/stack-overflow-data-reveals-the-hidden-productivity-tax-of-almost-right-ai-code
  

The same intermittent reward operant conditioning that gets people addicted to gambling and thinking that if they follow certain rituals they’ll win “next time” drives people’s beliefs that AI tools are making them more productive when they’re making them less productive. I’m going to guess that a side effect of this is that people think they’re typing less when in the longer term they’re typing the same amount or more when you factor in the productivity loss (as far as I’ve read the studies don’t measure this so I’m only guessing).

People are also being rapidly de-skilled by this technology: the more they use it, the more their actual skills atrophy. “Continuous exposure to AI might reduce the ADR (adesoma detection rate) of standard non-AI assisted colonoscopy, suggesting a negative effect on endoscopist behaviour.” (science speak for saying that radiologists get worse at seeing tumors in scans once they’ve used AI): https://www.thelancet.com/journals/langas/article/PIIS2468-1253(25)00133-5/abstract

Nobody who cares about the future should be using this stuff for anything.

@iolfree@tilde.club @movq@www.uninformativ.de So true! Good read, thanks for recommending. :-)

@iolfree@tilde.club They’re not wrong, are they? 😅

@movq@www.uninformativ.de I just skip all those merchants who only accept PayPal or credit card.

@prologic@twtxt.net Do these IPs belong to hosting providers or to providers of private internet connections? The latter is what I’m seeing on my server …

Fark me again with the bots. This time DDoS-style crawling from hundreds of IPs and dozens of ASN(s) wtf?!
I’ve had to disale the Ingress to my Git instance for the time being, i need to sleep and I can’t fight this :/

@prologic@twtxt.net We have a bit of a vendor lock-in here in Germany: PayPal is sometimes the only non-shady option to pay for something. ☹️

@prologic@twtxt.net I realized, was too sleepy to notice then… At least I got “Site Reliability” right

@prologic@twtxt.net LiberaPay?

@prologic@twtxt.net as per #kzirx3a I managed to avoid having to use it (there’s also a thing or two wrong about its creator as well, which is more on a personal level than technical here)

@bender@twtxt.net Just a donations thiny I knew about from years ago that I never setup properly. Now an acceptable form of donation on my prologic.dev site 👌 (if anyone ever does that is!)

@prologic@twtxt.net what’s that?

@shinyoukai@neko.laidback.moe Haha 🤣 Nice typo there!

@shinyoukai@neko.laidback.moe I’m mostly against it because it forces Javascript™ on the client(s) at a blanket level. Doing “Proof-of-Work” explicitly IMO is fine™, but not at an Ingress/Edge level IMO – Which is why I haven’t adopted it myself.

@prologic@twtxt.net the life of a lead SRA

@yarn_police@twtxt.net good thing we got law and order around here. And I mean, literally! 😅