A big issue is that this works for bots that announce themselves as such, but there’s lots that pretend to be regular users, with fake user agents and ips selected from a random pool with each ip only sending like 1-3 request/day, but overall many thousands of requests. In my experience a lot of them are from huawei and tencent cloud/ASN

it’s iocaine not Locaine, tripped me up at first as well.

SBPlaysGames, super tiny lets play channel, but has been consistently uploading for 10 years and she picks some really good indie games (as well as board games) that i would otherwise never would have heard of. Plus pretty good analysis of the games, though of course the lets play format means it’s pretty spread out across episodes. And by analysis i don’t mean reviews, but more like movie analysis level. Though I’d love it if she’d lean into that part a bit more.

and i specifically picked her because it’s one thing to consistently produce good content when you have millions of views (and dollars?), but doing so with 28k subs and maybe 100-200 views, for over 10 years, that takes real dedication.

Oh and on the topic of video game channels, AnyAustin is amazing. Fucking weird but amazing. He also does video game analysis but not how you’d think…

this article and the accompanying discussion from lobsters is very relevant. Though the article itself is a bit one sided in favor of nostr, it doesn’t do a great job arguing why a relay really is better

the biggest issue for me is that it seems impossible to find those small channels anymore, whatever you search for, it’ll just give you big ones, even if not really related to your query

Clickspring is great! I’d also like to add Blondihacks, which is just very down to earth machining content, mostly with very traditional techniques/tools, and also just high quality educational content. And she has very wholesome vibes

And also NotAnEngineer, another aussie doing machining with humor similar to ToT. Working out of a small cramped garage, his wife/partner doing a lot of the recording. And the projecte are usually quite unique

so the obvious solution is to just have humans execute our code manually. Grab a pen and some crayons, go through it step by step and write variable values on the paper and draw the interface with the crayons and show it on a webcam or something. And they can fill in the gaps with what they think the code in question is supposed to do. easy!

You mean for the referer part? Of course you don’t want it for all urls and there’s some legitimate cases. I have that on specific urls where it’s highly unlikely, not every url. E.g. a direct link to a single comment in lemmy, and whitelisting logged-in users. Plus a limit, like >3 times an hour before a ban. It’s already pretty unusual to bookmark a link to a single comment

It’s a pretty consistent bot pattern, they will go to some subsubpage with no referer with no prior traffic from that ip, and then no other traffic from that ip after that for a bit (since they cycle though ip’s on each request) but you will get a ton of these requests across all ips they use. It was one of the most common patterns i saw when i followed the logs for a while.

of course having some honeypot url in a hidden link or something gives more reliable results, if you can add such a link, but if you’re hosting some software that you can’t easily add that to, suspicious patterns like the one above can work really well in my experience. Just don’t enforce it right away, have it with the ‘dummy’ action in f2b for a while and double check.

And I mostly intended that as an example of seeing suspicious traffic in the logs and tailoring a rule to it. Doesn’t take very long and can be very effective.

This is the way. I also have rules for hits to url, without a referer, that should never be hit without a referer, with some threshold to account for a user hitting F5. Plus a whitelist of real users (ones that got a 200 on a login endpoint). Mostly the Huawei and Tencent crawlers have fake user agents and no referer. Another thing crawlers don’t do is caching. A user would never download that same .js file 100s of times in a hour, all their devices’ browsers would have cached it. There’s quite a lot of these kinds of patterns that can be used to block bots. Just takes watching the logs a bit to spot them.

Then there’s ratelimiting and banning ip’s that hit the ratelimit regularly. Use nginx as a reverse proxy, set rate limits for URLs where it makes sense, with some burst set, ban IPs that got rate-limited more than x times in the past y hours based on the rate limit message in the nginx error.log. Might need some fine tuning/tweaking to get the thresholds right but can catch some very spammy bots. Doesn’t help with those that just crawl from 100s of ips but only use each ip once every hour, though.

Ban based on the bot user agents, for those that set it. Sure, theoretically robots.txt should be the way to deal with that, for well behaved crawlers, but if it’s your homelab and you just don’t want any crawlers, might as well just block those in the firewall the first time you see them.

Downloading abuse ip lists nightly and banning those, that’s around 60k abusive ip’s gone. At that point you probably need to use nftables directly though instead of iptables or going through ufw, for the sets, as having 60k rules would be a bad idea.

there’s lists of all datacenter ip ranges out there, so you could block as well, though that’s a pretty nuclear option, so better make sure traffic you want is whitelisted. E.g. for lemmy, you can get a list of the ips of all other instances nightly, so you don’t accidentally block them. Lemmy traffic is very spammy…

there’s so much that can be done with f2b and a bit of scripting/writing filters

In a perfect world, yes.

In reality, i knew what i did and why i did it, two years ago, after which i never had to touch it again until now, and it takes me 2 hours of searching/fiddling until i remember that weird thing i did 2 years ago…

and it’s still totally worth it

Oh or e.g. random env vars in .profile that I’m sure where needed for nvidia on wayland at some point, no clue if they’re still necessary but i won’t touch them unless something breaks. and half of them were probably not neccessary to begin with, but trying all differen’t combinations is tedious…

Or even worse, reading online that there’s some super special item you could have gotten 20 hours into the game if only you didn’t open that one regular chest in the starting area in the first 5 minutes of the game. I forgot which Final Fantasy did this? 9 maybe? Pissed me off to no end, i’m not playing through everything again for this… just seemed mean spirited.

More generally, when decisions early on influnce later stuff that you have no way of knowing about yet. I’m not going to play your game 50 times to see all options. So either i play with the wiki open to not miss anything, ruining the fun, or i realize later on that i could have gotten something but it’s now forever locked because of earlier decisions, pissing me off.

Baldurs Gate 3 had a lot of that…

oh for going out ours will sit in front of the entry door and look in our direction, even if we’re two rooms away. we really need to pay attention to notice if he suddenly disappears and then check the entry.

It’s really interesting how you start to be able to distinguish the different kinds of look they give you, like I couldn’t say how but I know if he needs help, needs to go out or if he wants to play depending on how he sits and looks.

My dog is pretty smart, but sometimes he’s smart in pretty stupid ways.

One thing he does is, if he needs help he will sit in front of the thing he needs help with. That’s it, just sit there. Now, he’s a black dog and he will sometimes do this in completely dark corners of the apartment. Maybe he played with his food ball and a treat has fallen under some furniture, he will just sit in front of it in the dark and expect us to help him, just sitting there for 20 minutes sometimes. Usually we only notice once he lets out a sad grumble after having sat there for a long time but I’m sure there’s other times where he just gave up and we didn’t notice at all. And this is not something we taught him, he just figured sitting quietly in a corner is the best way to get attention.

That and he likes to check if there’s anything going on behind him while on walks, which often causes him to walk head-first into obstacles…

Yes I think that summarizes it nicely 🙂

I don’t think it’s circular reasoning. more like kicking the can down the road, instead of deciding needs, you need to decide goals. but once you have a goal it helps determining the needs. So it’s a different framing that can help a bit to untangle the mess. Maslow is also just 4 goals in a hierarchy and then the needs for each of them.

As for how to decide on goals, idk, that changes all the time and I don’t think there’s any hard set rule to figure that out. In the end it’s all just made up 🤷 But I think asking yourself “what are my goals in life” is more productive than asking yourself “what do I need”, at least it comes more naturally to me.

I think a need is neccessarily tied to some goal and can’t really be discussed without mentioning the goal.

If the goal is survival the needs are water, food shelter. if your goal is not to continue living, then e.g. poison would be more of a need than food, water and shelter.

If the goal is having a fulfilled life the needs also include social contact, intimacy, something meaningful you can spend your time on etc.

so i don’t think you can just say something is a need, you need to decide what your goals are, probably with some hierarchy of goals, and work backwards from that to the needs. Or conversely, to know if something is a need, think about if not having it would keep you from your goal.

All the oil and coal being burned that causes it used to be organic matter, like plankton. and before those died and captured it, all that co2 was in the atmosphere, and the earth was much hotter.

no matter how hot it gets because of this, there will be life left. and we’ll likely die before we can make it bad enough that only single cell organisms survive. It’ll still be terrible and take a long time to recover. but life will be fine in the long run

But what if your phone comes with nice AI filters? The fake videos get more and more real and the real videos get more and more fake

“people get to choose”… last time the second place got picked because the committee didn’t like the first placed one. It had different scale things on them, an atom for the smallest bill and our galaxy for the largest. But for a middle denomination one there was an image of a fetus and they didn’t like that.

so the public can join but the national bank still has final say

[edit]

results from last time if anyone is interested

I don’t disagree. I meant for users it is incidental. Most users probably wouldn’t buy them with spying as the main purpose(they just also don’t really care that it can spy). making them much more widespread than something where spying was the main use-case, making the problem worse.

And as someone else mentioned, once you did get it, the temptation for using it for spying is there for a user. Making it worse than e.g. a spy pen imo, as with that you’d need the intent to spy first, and then buy it, but with this, you buy it for whatever reason and then think “oh, I could just spy now” since you already own the device, which I’d argue leads to more overall spying, so to speak. Maybe you see a video online and go “oh, I can just do that, right now, no effort on my part, since I already own this device”.

And for Meta it’s like tracking cookies on crack