I feel Anti-DDOS and Cloudflare as a web application firewall has traditionally been a lot of snake-oil as well. Sure there’s applications for it. Especially for the paid plans with all the enterprise functions. And all the way at the other end of the spectrum, where it serves as a means to circumvent NAT and replace DynDNS. But there’s a lot in-between where I (personally) don’t think it’s needed in any way. Especially before AI.

From my own experience, personal blogs, websites of your local club, church, random smaller projects, small businesses… rarely need professional DDoS protection. I’ve been fine hotsing it myself for decades now. And I’m not sure if people know what they’re paying with. I mean everytime we get a Cloudflare hiccup (or AWS…) we can see how the internet has become very centralised. Half of it just goes down for an hour or so, because we all rely on the same few, big tech services. And if you’re terminating SSL there, or use it to look inside of the packets to prevent attacks, you’re giving away all information about you and your audience/customers. They don’t just get all metadata, but also read all the transferred content/data.

It all changed a bit with the AI crawlers. We definitely need countermeasures these days. I’m still fine without Anubis or Cloudflare. I block their IP ranges and that seems to do most of the job. I think we need to pay a bit more attention to what’s really happening. Which tools we have, instead of always going with the market leader with the biggest marketing budget. Which problems we’re faced with in the first place and what tools are effective. I don’t think there’s a one size fits all solution. And you can’t just roll out random things without analyzing the situation properly. Maybe the correct answer is Cloudflare, but there’s also other way less intrusive and very effective means available. And maybe you’re not even the target of script kiddies or annoyed users. And maybe your your convoluted Wordpress setup isn’t even safe with the standard web application firewall in front.

Anubis is an entirely different story. It’s okay concerning privacy and centralisation. It doesn’t come without downsides, though. I personally hate if that thing pops up instead of the page I requested. I don’t like how JavaScript is mandatory now to do anything on the web. And certain kinds of crawler protection contribute to the situation how we can’t google anything anymore. With all the people locking down everything and constructing walled gardens, the internet becomes way less useful and almost impossible to navigate. That’s all direct consequences of how we decide to do things.

I’m sure we didn’t. We just needed a lot of people to work underground in the coal mines and in the heavy industry, steel etc. And those were labor intensive jobs, so they needed to attract a lot of workforce. In a coordinated effort, sure. But out of economic motivation. These people ended up working hard jobs alongside each other. And they built and shaped the region. Made it rich. And I got born into that kind if place. With some history to it and a bit less ethnic uniform population. But there’s no evidence they read some old scripture from nomadic people and thought yes, that what we need to enforce… Instead people found out there’s a lot of coal underneath their feet. And they found out the more they dig up and sell to other people, the more wealth they get. The workers wanted to have a roof over their heads and something to eat for themselves and their families. I think that’s very straightforward, and my ancestors were clever enough to figure out how trade works, on their own. I’m not aware of any evidence of a different origin story for my region. Sure. Maybe we didn’t invent the word for it. But the motivation and decisions of the feudal lords, company owners and employers, and the government is well documented.

And concerning America: Isn’t that a melting pot because all the Europeans went there? In order to seek opportunity, or not to die of famine? And some Africans got there as well and we all know how much say they had in that process? I mean obviously North America is a melting pot. Otherwise we’d find Native Americans there and Aboriginal Canadians, not a load of people with European decent. But that doesn’t have anything to do with 1965?

I watched too much Star Trek when I was young. I think 195 have to go. All humans should unite and reach for the stars, instead of some stupid in-fighting, killing each other, and burning down of wealth because of bigotry.

(Edit: I live in a big melting pot. I have enough people from Syria, Iran… and “white” people around me. And I can tell you, we all have the same goals in life, we enjoy similar things, are family fathers who all want to see their kids prosper, fight the same struggles in our lives… There’s zero reason to focus on destruction and small-mindedness. We should do better. And invest the same energy into useful things. That goes for the average people. Not the ruling class. Those -of course- are motivated to disunite and stay in business.)

I strongly doubt this war is about who’s on the board of some state owned financial institute. I mean even if that conspiracy were true, where’s the bombing of like 120 other countries out of the roughly 195 we have on the planet?

Hmmh. I’ve heard the argument before, that they’re better off almost having nuclear weapons. But it that really the case? I mean North Korea is kind of an outliar. Lots of other countries have nuclear weapons as well, France, China… and none of them is a pariah. So I’m not sure if that’s even true. Usually more weapons is more better. Or so they say.

Edit: But we’re arguing logic here. And oftentimes politics isn’t as straightforward. I mean I don’t think we know the truth anyway. It’s completely unclear to me as an average citizen if they were close to nukes, if that’s even the biggest issue and reason for this. For all I know everyone could be lying or framing things, including following more than one motive.

This is the permissive vs copyleft debate. And it’s old as time. I suppose there’s a lot of nuance with licensing. If you’re a company at the receiving end, you probably love permissive licenses. They’re easy, offer the maximum amount of flexibility and freedom. It’s so short you probably don’t even need a team of lawyers… If you write software, it’s a bit more complicated. Do you want to cater to those people, make it as easy as possible to adopt your software? Then maybe consider BSD/Apache/MIT. Do you want to build a community, stop your competitors from just taking code? Want to try to ensure it stays open? Then maybe consider a copyleft license.

I sometimes don’t care. Write some stuff for me (as a hobby) but that’s my entire motivation. I don’t care what people do with the results of my weekend of effort. Never plan to hire a lawyer or bother with it in case something happrns with it. Or it’s just a pile of snippets. I’ll dump it for other people to use and release that either WTFPL or some other permissive license. People can do whatever they like with it. With the stuff I’m a bit more proud of, or I plan to return to, I’ll choose AGPL.

I suppose with operating systems, it’s a bit similar? I mean there is a community for both ideas. Seems there are people who like either of them. They’ll have slightly different ideology, tasks to accomplish and different goals.

Is the .gl domain down as well? Or is my DNS messing with me? I can open the newer ones, though.

Hmmh. I’m not entirely satisfied with any of them. Crowdsec is a bit too complex and involved for my taste. And oftentimes there’s no good application config floating around on the internet, neither do I get any sane defaults from my Linux distribution. Whereas fail2ban is old and eats up way too much resources for what it’s doing. And all of it is a bit too error-prone(?) As far as I remember I had several instances when I thought I had set it up correctly, but it didn’t match anything. Or it was looking for some logfile per default but my program wrote to the SystemD journal. So nowadays, I’ll double-check everything. I wish programs like sshd and webapps came with that kind of security built in in some foolproof way.

For remote management, I just enable SSH, configure it to run on some non-standard port and enable Fail2ban… Make sure I use certificates or secure passwords and also check if fail2ban is actually doing its job. Never had any issues with that setup.

For the services I’ll either use a reverse proxy, plus configure the applications not to allow infinite login attempts, or Wireguard / a VPN.

Normal DVD-R max out at 4.7GB. Wikipedia says there are double layer recordable DVDs with 8.5 GB, I’ve just never seen one of them. But they’re available on Amazon.

Idk. I usually just copy files onto USB thumbdrives these days.

I know. What helps is to learn which buttons to click and which ones to avoid. A good adblocker (uBlock for example) and some downloader. Not sure what people use these days, I have JDownloader2.
Still sucks, but it works. Not sure if there’s better options out there, I’m not aware of any.

I never buy premium accounts either. I don’t want to support their business model. IMO piracy needs to be free. Once I want to pay money, that goes towards the artists who created the content.

Hehe. It depends a bit on the social group. But most people will be aware of it before I even open my mouth… Dunno, maybe it’s the long hair, or Debian t-shirt or something like that. But I rarely have to (verbally) disclose the fact I’m a nerd 😉 There’s some danger of confusion with the metalheads, but you know, people can fulfill several stereotypes simultaneously, so… confusion avoided…

“Hey, I never liked Office 365, Microsoft as a company and all the Cloud shenanigans… And have you noticed how their products all become shittier and more invasive by the day? All while they increase subscription price each year now to finance all the AI stuff I rarely use? I’m a long-term fan of this other product, called XYZ which is just better in every aspect. No offense. If you want me to send you a link…”

(Edit: It’ll become easier after a while. At some point they all know you’re a Linux nerd and disassembled your wifi router at home, dishwasher… To get rid of proprietary spy components. And people will deliberately decide to listen to your opinion and lengthy rant, or make an effort to not bring up the topic 😆 At that point, you’re relatively free to speak your mind… Just read the room a bit. The goal isn’t to annoy people.)

Continuwuity. I’m using it. And contrary to other projects, it’s a community effort. So I have my hopes up it’ll last and not depend on any singular person.

And I wouldn’t recommend Conduit or Conduwuit. Conduit development is very slow, that’s why we got the forks in the first place. And Conduwuit is discontinued, so it wouldn’t be wise choice at all. So you’re left with 2 choices, Tuwunel and Continuwuity. One is a one-man show and they’re calling it the “official” successor. The other one is a community project… They both work fine.

Well, I’ve listened to audiobooks on Spotify (and Tidal) for a while, but that’s not piracy. You could try “hoerbuch” followed by the top-level domain of the United States. And the local library here has several shelves filled with audiobooks. I might have ripped a few to listen to them on modern devices…

I follow a similar strategy. I back up my important stuff. And I’m gonna have to re-rip my DVD collection and redownload the Linux ISOs in the unlikely case the RAID falls apart. That massively cuts down on the amount of storage needed.

That’s correct. I went with OP’s original question, what happens after it happened… Not sure what OP meant, they’re nowhere in the comments… Maybe they’re a bot as well, and we’re subject to the very same thing we’re talking about, right now…

But sure. All the fabricated pull requests, issue reports etc are massively problematic. We got quite some bot activity. Then we also need to protect our servers and platforms from their crawlers who just DDOS everyone… Documentation went down the drain, StackOverflow, Reddit… The industry is trying to get rid of entry level programmer positions, so you’ll have a bad time entering the job market as any programmer… We’re just drowned in all that stuff. Supply chains also get affected by AI, people need to choose between using existing libraries, licensing, money… Or replacing it with something the AI generated, and we get structural challenges in all kinds of projects…

Good question! That’s exactly one of the major issues with biometric authentication. And there’s no way around it. You need a second factor. Configure your phone so it only unlocks if you also input something you know. Like a password or pin.

Nothing? I mean an if/else works the same way, no matter if it’s written by a human or an AI or a cat or whatever…

The Linux kernel developers are opinionated, though. Everything gets quite an amount of scrutiny. There will be several people having their eyes on submissions. They’re looking for security vulnerabilities. They’re adamant on maintainability. Have a standard on how to phrase things, indent lines… Send in the patches… They generally have high standards. I mean if someone submits some AI slop, there’s a high chance it just gets declined and they’re getting scolded for doing it.

There’s of course always the chance someone tries to sneak something in. Or it creeps in on its own. But it’s the same for bugs or security attacks. And maybe some of the devs work for companies who push AI and they’ll do silly things. But the Linux community is pretty strong. They’ll find a way to handle it. And maybe in the far future, AI will get as good as human programmers and there won’t be an issue accepting AI code, because it has the same quality as human code. But that’s science fiction as of now.

Ah, thx. Makes sense, now I get it.