I feel a company that big would write a more competent bot, but I also wouldn't be too astonished.
Deebster
joined 1 year ago
I was kinda hoping for another story about some clever compression bomb or similar to slow up the bot - after all, if it's hammering this little site it's surely doing the same to others, even if they haven't noticed yet. After the robots.txt was ignored I was sure, but I guess this mature, restrained response is probably the correct one *discontentedly kicks can down sepia street*
I went with Fedora on my VPS because I was also planning to use rootless Podman. Quadlets and running everything through systemd with SELinux enabled is working pretty well for me.
And are bugs harder to find than carefully hidden backdoors? No-one noticed the code being added and if it hadn't have had a performance penalty then it probably wouldn't have been discovered for a very long time, if ever.
The flip side to open-source is that bad actors could have reviewed the code, discovered Heartbleed and been quietly exploiting it without anyone knowing. Government agencies and criminal groups are known to horde zero-days.
Maybe millions of potential eyes, but all of them are looking at other things! Heartbleed existed for two years before being noticed, and OpenSSL must have enormously more scrutiny than small projects like xz.
I am very pro open source and this investigation would've been virtually impossible on Windows or Mac, but the many-eyes argument always struck me as more theoretical/optimistic than realistic.
Hmm, not really. It's only because it nerd-sniped someone who was trying to do something completely unrelated that this came to light. If that person has been less dedicated or less skilled we'd still probably be in the dark.
- Nebula
- Kagi
- domains and VPSes
- VPN
- windyty
I'm still very happy with the experience, especially the UX and customisation options, and they're developing new features fast. Not always successfully at first, e.g. the recent integration of WolframAlpha isn't entirely a step forward (mostly because they're not displaying the extra context that WA shows that lets you know when it's answering the wrong question).
I think overall most people are very happy, as shown by the frequent recommendations on here (so much so that someone on Lemmy was telling everyone it must be astroturfing).
The author has no idea how to get his audience on-side! He starts with bragging about his 6400% profit margin on domain he resold, in a market where there's no customer value for middlemen.
At least antique dealers will identify pieces as rare, clean/restore them and put them for sale in a more visible place. Whereas domain reselling is about as ethical as ticket touting.
Clever work, well done to the researchers.
So, they're just going to add a QR code? Of course, you could already do that, but having it built in and be the default process would probably help.
Hang on, weren't you on Haproxy already? Or do you mean you switched your attention to Haproxy? (If not, what were you in before?)
As others have said, blocking incoming stuff as high up as possible is definitely the right way, and Cloudflare is the right place for you. It's interesting that this bot wasn't caught by Cloudflare, I wonder who runs it.