pcouy

"ENS domain"

IPFS is also strongly related to several blockchain stuff (not a blockchain itself though)

CIDR ranges (a.b.c.d/subnet_mask) contain 2^(32-subnet_mask) IP addresses. The 1.5 I'm using controls the filter's sensitivity and can be tuned to anything between 1 and 2

Using 1 or smaller would mean that the filter gets triggered earlier for larger ranges (we want to avoid this so that a single IP can't trick you into banning a /16)

Using 2 or more would mean you tolerate more fail/IP for larger ranges, making you ban all smaller subranges before the filter gets a chance to trigger on a larger range.

This is running locally to a single f2b instance, but should work pretty much the same with aggregated logs from multiple instances

I used to get a lot of scrappers hitting my Lemmy instance, most of them using a bunch of IP ranges, some of them masquerading their user agents as a regular browser.

What's been working for me is using a custom nginx log format with a custom fail2ban filter that mets me easily block new bots once I identify some kind of signature.

For instance, one of these scrappers almost always sends requests that are around 250 bytes long, using the user agent of a legitimate browser that always sends requests that are 300 bytes or larger. I can then add a fail2ban jail that triggers on seeing this specific user agent with the wrong request size.

On top of this, I wrote a simple script that monitors my fail2ban logs and writes CIDR ranges that appear too often (the threshold is proportional to 1.5^(32-subnet_mask)). This file is then parsed by fail2ban to block whole ranges. There are some specific details I omitted regarding bantime and findtime, that ensure that a small malicious range will not be able to trick me into blocking a larger one. This has worked flawlessly to block "hostile" ranges with apparently 0 false positives for nearly a year

When looking at the CVE itself, it seems like a bug that only gets triggered on a very specific corner case that neither the client or website alone can trigger.

Of course, it's good that it gets reported and fixed, but I'm pretty sure these kind of bugs can only get caught by people randomly stumbling on them

You've probably read about language model AIs basically being uncontrollable black boxes even to the very people who invented them.

When OpenAI wants to restrict ChatGPT from saying some stuff, they can fine tune the model to reduce the likelihood that it will output forbidden words or sentences, but this does not offer any guarantee that the model will actually stop saying forbidden things.

The only way of actually preventing such an agent from saying something is to check the output after it is generated, and not send it to the user if it triggers a content filter.

My point is that AI researchers found a way to simulate some kind of artificial brains, from which some "intelligence" emerges in a way that these same researchers are far from deeply understanding.

If we live in a simulation, my guess is that life was not manually designed by the simulation's creators, but rather that it emerged from the simulation's rules (what we Sims call physics), just like people studying the origins of life mostly hypothesize. If this is the case, the creators are probably as clueless about the inner details of our consciousness as we are about the inner details of LLMs

The steam deck does seem like a good device for "bedtime" browsing.

More seriously, this data is probably less biased toward tech literate users than most similar surveys that get published here. This is really encouraging

I've read somewhere Mullvad no longer offers port forwarding. Do you still manage to seed without it ?

I'm personally using Docker MailServer. It's been working great for over a year now, but mailu seems to have some interesting features (I'm especially interested in the admin panel)

Are you using it to seed torrents ?

Thank you for the clarification.

I've also read that it's illegal in Switzerland to gather IP addresses because they are considered sensitive PII. Do you know about this, and does it protect me in any way if I use a swiss datacenter IP for seeding my torrents ?

This does not answer the question I asked. I've already considered a commercial VPN and I've ruled it out (clearly not cheaper, unless you can find a decent VPN with port forwarding that costs less than 2€/month)

I've considered it and ruled it out. That's why I'm specifically asking for a VPS to install my own VPN own.

I'm really not interested in paying 5+€/month when I can build my own for a fraction of that cost