overview for digdilem

OpenLoco: Modern, open source version of the classic transport simulation game in c/[email protected]

[–] [email protected] 3 points 10 hours ago

Well, that's this afternoon planned then.

People doing the 30 days linux Challenge are having several problems because of Mint's old packages and technology. Why people still recommend it when there is Fedora and Opensuse with KDE and Gnome? in c/[email protected]

[–] [email protected] 31 points 2 days ago

Because choosing a distro to begin with isn't easy. Ask ten people and you'll get eleven suggestions.

Why does nobody here ever recommend Fedora to noobs? in c/[email protected]

[–] [email protected] 1 points 2 days ago (1 children)

I stand corrected that Redhat are no longer publically traded - I was misled by stock prices showing prices in months, and not including the year.

But that muddies your point even further, doesn't it? We can't see RHEL's value, nor even Redhat's. (And you did mix them up!)

Why does nobody here ever recommend Fedora to noobs? in c/[email protected]

[–] [email protected] 1 points 2 days ago

Rocky is only comparable to Debian in terms of the licencing model, but IANAL. Both are owned by a non-profit organisation that can't be bought.

Would Rocky survive? Nobody knows - but that's why I said I think Rocky and Alma will pool resources with Fedora in the interests of all. R&A could just rebuild downstream of Fedora and invent their own release cycle, so they may do that.

What is your set up? How do you use Jellyfin? in c/[email protected]

[–] [email protected] 1 points 3 days ago

Not going to say you're wrong.

Are there any guides, tutorials or similar on how to use Steam more privately? in c/[email protected]

[–] [email protected] 7 points 3 days ago

A non technical answer: Don't interact with other players and don't give out any personal information.

Use a unique and non-memorable username in steam and in game. Don't use any of the social functions in steam.

It's often overlooked that the biggest risk to personal information is the person themselves.

(Obviously you need to give some information to Steam for purchasing, and others have shown other methods to limit what information is sold about you as much as you an. It also depends where you reside - the EU has better protections than most)

Why does nobody here ever recommend Fedora to noobs? in c/[email protected]

[–] [email protected] 1 points 4 days ago (2 children)

All good points and I appreciate and enjoy the discussion.

In my view, CentOS Stream is already a lot more of a “community” distro than the original CentOS was.

This is possibly a semantic point, but for me, a community distro is owned and operated by the community without any corporate control. All the points yonu make are true and valid, but ultimately, Centos is owned by a very large corporate entity that could stop it whenever they want to and nobody else can do anything about that.

Some examples of community owned distros are Debian, as well as Rocky and Alma Linux. Both of the latter have commercial arms, but are are fully independent legal entities owned by the distro. Rocky is owned by Rocky. This point was particularly important because that's what the community thought Centos /was/, but it turned out that Redhat owned Centos. I don't think either of the new distros would have been as trusted if the same thing that happened to Centos - a corporate entity ultimately deciding what happens - could have happened to them. When abandoning a sinking ship, it's prudent to check you're not boarding another with a big hole in it.

I did happen to look follow Rocky's path closely, and our company chose it to migrate our doomed Centos8 machines to, because our developers didn't have time to rebuild everything for Debian in that particular window. That decision was largely based on that legal standpoint because we didn't want Centos repeating on us. It was also reassuring that Rocky was founded by Greg Kurtzer, who founded Centos and had that project effectively stolen from him, and he least of anyone wanted the same thing happening. (BTW, Rocky was named after the other co-founder of Centos, who has since died - a nice gesture)

My cynicism of Redhat and their motives are real and may be misplaced, but I don't think they're done piddling in the EL swimming pool just yet. I adored the company once and had nothing but respect for what they achieved. But that was then and this is now.

Why does nobody here ever recommend Fedora to noobs? in c/[email protected]

[–] [email protected] 1 points 5 days ago (3 children)

You're mixing up Redhat with RHEL.

Redhat is a publicly traded company, so yes, their financials are strong. But my question was about RHEL, which is an internal project and not publically known.

What is your set up? How do you use Jellyfin? in c/[email protected]

[–] [email protected] 4 points 5 days ago (2 children)

Good question, good to see how others do it.

Mine: A well specced debian server in the garage running a crapload of stuff, including arrs and Jellyfin with Jellyseer, all in docker containers. Playback via debian laptop or Windows desktop using the official apps, and the tv paired with an Amazon Fire dongle running the Jellyfin app. All works really well.

The only problem is my wife sometimes deletes an entire series instead of the series somehow. I honestly don't know how but I've had to download Young Sheldon for her four times now...

OneDrive automatically backups folders in Windows 11 without users' permissions in c/technology

[–] [email protected] 18 points 5 days ago

Remember when Word and Excel Autosave did what you expected it to?

Why does nobody here ever recommend Fedora to noobs? in c/[email protected]

[–] [email protected] 1 points 5 days ago

RH had taken over the Centos project and Board by that time. You're right that Centos was already circling the drain in terms of resources (I remember waiting many weeks for point releases), but the way they did this was brutal and poorly communicated.

And remember those downstream 'rebuilds' only appeared to fill the vacuum caused by Centos disappearing. That they're both doing very well does make you question whether Centos could have been sustained in its traditional form. (As opposed to Stream, which is only of benefit to Redhat and those in its testing cycle)

Why does nobody here ever recommend Fedora to noobs? in c/[email protected]

[–] [email protected] 2 points 5 days ago

I actually agree with you, it would survive. It would change, but it's big enough to have that critical momentum.

Historically Fedora has been suggested as a free way to learn Enterprise Linux skills for a career. RHEL now provide free licences so that doesn't apply. Has this hurt Fedora at all? Probably not and may no longer be relevant.

181

Stopping a badly behaved bot the wrong way. (lemmy.ml)

submitted 2 months ago* (last edited 2 months ago) by [email protected] to c/[email protected]

31 comments fedilink

I host a few small low-traffic websites for local interests. I do this for free - and some of them are for a friend who died last year but didn't want all his work to vanish. They don't get so many views, so I was surprised when I happened to glance at munin and saw my bandwidth usage had gone up a lot.

I spent a couple of hours working to solve this and did everything wrong. But it was a useful learning experience and I thought it might be worth sharing in case anyone else encounters similar.

My setup is:

Cloudflare DNS -> Cloudflare Tunnel (Because my residential isp uses CGNAT) -> Haproxy (I like Haproxy and amongst other things, alerts me when a site is down) -> Separate Docker containers for each website. On a Debian server living in my garage.

From Haproxy's stats page, I was able to see which website was gathering attention. It's one running PhpBB for a little forum. Tailing apache's logs in that container quickly identified the pattern and made it easy to see what was happening.

It was seeing a lot of 404 errors for URLs all coming from the same user-agent "claudebot". I know what you're thinking - it's an exploit scanning bot, but a closer look showed it was trying to fetch normal forum posts, some which had been deleted months previously, and also robots.txt. That site doesn't have a robots.txt so that was failing. What was weird is that the it was requesting at a rate of up to 20 urls a second, from multiple AWS IPs - and every other request was for robots.txt. You'd think it would take the hint after a million times of asking.

Googling that UA turns up that other PhpBB users have encountered this quite recently - it seems to be fascinated by web forums and absolutely hammers them with the same behaviour I found.

So - clearly a broken and stupid bot, right? Rather than being specifically malicious. I think so, but I host these sites on a rural consumer line and it was affecting both system load and bandwidth.

What I did wrong:

In docker, I tried quite a few things to block the user agent, the country (US based AWS, and this is a UK regional site), various IPs. It took me far too long to realise why my changes to .htaccess were failing - the phpbb docker image I use mounts the root directory to the website internally, ignoring my mounted vol. (My own fault, it was too long since I set it up to remember only certain sub-dirs were mounted in)
Figuring that out, I shelled into the container and edited that .htaccess, but wouldn't have survived restarting/rebuilding the container so wasn't a real solution.

Whilst I was in there, I created a robots.txt file. Not surprisingly, claudebot doesn't actually honour whats in there, and still continues to request it ten times a second.

Thinking there must be another way, I switched to Haproxy. This was much easier - the documentation is very good. And it actually worked - blocking by Useragent (and yep, I'm lucky this wasn't changing) worked perfectly.

I then had to leave for a while and the graphs show it's working. (Yellow above the line is requests coming into haproxy, below the line are responses).

Great - except I'm still seeing half of the traffic, and that's affecting my latency. (Some of you might doubt this, and I can tell you that you're spoiled by an excess of bandwidth...)

That's when the penny dropped and the obvious occured. I use cloudflare, so use their firewall, right? No excuses - I should have gone there first. In fact, I did, but I got distracted by the many options and focused on their bot fighting tools, which didn't work for me. (This bot is somehow getting through the captcha challenge even when bot fight mode is enabled)

But, their firewall has an option for user agent. The actual fix was simply to add this in WAF for that domain.

And voila - no more traffic through the tunnel for this very rude and stupid bot.

After 24 hours, Cloudflare has blocked almost a quarter of a million requests by claudebot to my little phpbb forum which barely gets a single post every three months.

Moral for myself: Stand back and think for a minute before rushing in and trying to fix something in the wrong way. I've also taken this as an opportunity to improve haproxy's rate limiting internally. Like most website hosts, most of my traffic is outbound, and slowing things down when it gets busy really does help.

This obviously isn't a perfect solution - all claudebot has to do is change its UA, and by coming from AWS it's pretty hard to block otherwise. One hopes it isn't truly malicious. It would be quite a lot more work to integrate Fail2ban for more bots, but it might yet come to that.

Also, if you write any kind of web bot, please consider that not everyone who hosts a website has a lot of bandwidth, and at least have enough pride to write software good enough to not keep doing the same thing every second. And, y'know, keep an eye on what your stuff is doing out on the internet - not least for your own benefit. Hopefully AWS really shaft claudebot's owners with some big bandwidth charges...

EDIT: It came back the next day with a new UA, and an email address linking it to anthropic.com - the Claude3 AI bot, so it looks like a particularly badly written scraper for AI learning.