@austin This is especially egregious because it caused them to end up making their JSON parser case insensitive, which leads to security vulnerabilities.

Because otherwise you wouldn't be able to parse JSON where the keys start with lowercase letters.

Forest boosted

itch 

voidfox.com/blog/payment_proce

good writeup of the rock-and-hard-place that itch is stuck between

i've worked in ecommerce, it fucking sucks and nothing works right

I'll eat what I'll eat, and what I dont eat can be saved for a later eat.

Forest boosted

so-called "free thinkers" when their sources are paywalled

Forest boosted

Yesssss!

"We are very excited to announce the preview release of ACME support in NGINX. The implementation introduces a new module ngx_http_acme_module that provides built-in directives for requesting, installing, and renewing certificates directly from NGINX configuration. The ACME support leverages our NGINX-Rust SDK and is available as a Rust-based dynamic module…"

blog.nginx.org/blog/native-sup

/via mastodon.bsd.cafe/@acirep/1150 #Rust #nginx

@notplants

I think thats how the coop cloud backups work?

The docker configs get backed up somehow and then the contents of the docker volumes get borgbackuped . similar to yunohost but probly cleaner due to the containerization

Forest boosted

#iocaine has been up for 14m 48s, and spent 8m 8s dealing with - gestures hands wildly - everything.

In the past 24 hours, it served 31.53M requests, 97.27% of which were garbage, 2.71% passed through unscathed, and 0.005% were fed to the Cookie Monster. This required about 116.21MiB of memory on average, and 71.09GiB of absolute trash was generated for the nastiest visitors.

Top garbage consumers were:

Disguised bots - 23.00M
Enthusiastic guestbook visitors - 2.08M
Claude - 1.34M
OpenAI - 706.76K
Facebook - 398.74K
Amazon - 279.96K
Commercial scrapers - 215.17K
Google - 1.59K

Various other agents slurped through 590.44K pages of unhinged junk, bless their little hearts.

In these trying times, 0.07% of all requests were likely of human origin: I hope you enjoyed your stay, and will visit again! Of all requests iocaine let into the garden, 91.37% were from Fediverse software. Thank you! #FediHug

#AIStatsPorn

Forest boosted

looks neat as an instagram-like frontend for Mastodon api compatible softwares: https://oslo.town/@matt/114994487058558789

I know PixelFed exists but it's all just text and video and images at the end of the day - so what if the Mastodon interface just looked like Instagram and then you could sign in using your existing Mastodon account... a concept:

https://coxy.co/instadon/v3

This is just hacked together real quick, but should I work on this to make it a real thing?

I've been thinking for quite some time that something like this would be cool, and that you can get lots of different types of fedi "experience" out of putting different frontends together that cater to different styles.

@t54r4n1 @jan_leila

Context, just in case:

m.youtube.com/watch?v=Hv6RbEOl
> Moonbase Alpha provides a realistic simulation of life on a natural satellite

@notplants

> Why vms?

Because qemu qcow images have a great way of implementing differential backups : high reliability, no external dependency, and low performance impact to the disk. Backing up the entire VM can be desirable because its much more likely to "just work" every time when the VM is restored.

By "no external dependency" I mean that special software is not required to receive the backup data on the other side, no need for something like borgbase or setting up your own borgbackup server. Its just files, they can be rsync'd or even live on object storage like backblaze b2 for example.

> why package an app as a VM instead of a [docker container]?

I didn't say package apps as vms. I think docker (like what coop cloud uses) is way better for that.

But vms are probably a better way to manage the operation of a collection of containers, more holistic backup that's easier to "lift and shift".

Long term my plan has been to make a coop cloud image for capsul, and potentially even make a web ui for coop cloud.

So its not vms instead of coop cloud, its coop cloud inside a VM.

@notplants @yunohost@toot.aquilenet.fi i really think VMs might be the tree you are barking up here

Forest boosted

BREAKING: CVEs in your software? Simply say "no". So-called white-hats can't declare your software vulnerable without your consent. Find out more in our legal column, click here.

@skyfaller Also if you just want to use someone elses (community hosting instead of self hosting)

You are welcome to join git.cyberia.club/, the invite token is the word "stonks"

@skyfaller

> is Forgejo simple enough that I won't regret taking on the maintenance burden? Is there something even faster?

IMO, yes. The code search feature is really great and IMO publishing code over HTTP in a way that looks "familiar" to github has a lot of value.

The app itself is fairly simple, its support for environment variable configuration (docker) is lacking, but once you know that you must modify the config file on disk, its fine.

99% of the maintenance burden for me has been related to spam and scrapers. I've implemented two different custom tools to combat it:

1. proof of work bot deterrent reverse proxy

I developed this at the same time Xe was developing Anubis, its basically the same thing but its mine and I think its Scrypt hash would do more to deter bots from simply solving the hash.

git.sequentialread.com/forest/

2. invite tokens for new account registration:

You can also just disable new account registration, but I didn't want to do that, I wanted to easily be able to allow people I know to join and contribute.

git.sequentialread.com/forest/

@j3s Tate says: yeah right buddy how did you manage to type this message then ? internet clout chasing liar exposed

@davepolaschek @joel

This doesnt work because all the AI companies are paying rent to malware authors who trojan horse TCP proxies into tons of phone apps and desktop software.

So all the LLM scraping requests will come from the exact same residential IP address ASNs that your legit users are coming from.

See:

brightdata.com/proxy-types/res
oxylabs.io/products/residentia
webshare.io/residential-proxy
iproyal.com/residential-proxie
soax.com/proxies/residential
proxyempire.io/

huge industry rn

@davepolaschek @joel

Er, sorry, to clarify, what I meant was that docker is not required; it's just the main config example I have right now. the JSON equivalent is:

git.sequentialread.com/forest/

altho it may be out of date w/ the latest changes.

Show older
Pixietown

Small server part of the pixie.town infrastructure. Registration is closed.