movq @www.uninformativ.de
 (6h ago)

(#jryh2ba) @prologic@twtxt.net Time to make a new internet. Maybe one that intentionally doesn’t “scale” and remains slow (on both ends) so it’s harder to overload in this manner, harder to abuse for tracking your every move, … Got any of those 56k modems left?

(I’m half-joking. “Make The Internet Expensive Again” like it was in the 1990ies and some of these problems might go away. Disclaimer: I didn’t have my coffee yet. 😅)

#feqjjna
prologic @twtxt.net
 (10h ago)

(#jryh2ba) At this point I’m considering starting a class action lawsuit for all the self-hostess and little-web folks that want to host a small thing or two and sue these fucking inconsiderate fucking corporate giants, hopefully win, and make them respect others on the web.

#bqvamjq
prologic @twtxt.net
 (10h ago)

Fark me 🤦‍♂️ I woke up quite late today (after a long night helping/assisting with a Mainframe migration last night fork work) to abusive traffic and my alerts going off. The impact? My pod (twtxt.net) was being hammered by something at a request rate of 30 req/s (there are global rate limits in place, but still…). The culprit? Turned out to be a particular IP 43.134.51.191 and after looking into who own s that IP I discovered it was yet-another-bad-customer-or-whatever from Tencent, so that entire network (ASN) is now blocked from my Edge:

+# Who: Tentcent
+# Why: Bad Bots
+132203

Total damage?

$ caddy-log-formatter twtxt.net.log | cut -f 1 -d  ' ' | sort | uniq -c | sort -r -n -k 1 | head -n 5
  61371 43.134.51.191
    402 159.196.9.199
    121 45.77.238.240
      8 106.200.1.116
      6 104.250.53.138

61k reqs over an hour or so (before I noticed), bunch of CPU time burned, and useless waste of my fucking time.

#jryh2ba
lyse @lyse.isobeef.org
 (1d ago)

All my newly added test cases failed, that movq thankfully provided in https://git.mills.io/yarnsocial/twtxt.dev/pulls/28#issuecomment-20801 for the draft of the twt hash v2 extension. The first error was easy to see in the diff. The hashes were way too long. You’ve already guessed it, I had cut the hash from the twelfth character towards the end instead of taking the first twelve characters: hash[12:] instead of hash[:12].

After fixing this rookie mistake, the tests still all failed. Hmmm. Did I still cut the wrong twelve characters? :-? I even checked the Go reference implementation in the document itself. But it read basically the same as mine. Strange, what the heck is going on here?

Turns out that my vim replacements to transform the Python code into Go code butchered all the URLs. ;-) The order of operations matters. I first replaced the equals with colons for the subtest struct fields and then wanted to transform the RFC 3339 timestamp strings to time.Date(…) calls. So, I replaced the colons in the time with commas and spaces. Hence, my URLs then also all read https, //example.com/twtxt.txt.

But that was it. All test green. \o/

#ifjh3pa
movq @www.uninformativ.de
 (1d ago)

(#kyfenpq) And regarding those broken URLs: I once speculated that these bots operate on an old dataset, because I thought that my redirect rules actually were broken once and produced loops. But a) I cannot reproduce this today, and b) I cannot find anything related to that in my Git history, either. But it’s hard to tell, because I switched operating systems and webservers since then …

But the thing is that I’m seeing new URLs constructed in this pattern. So this can’t just be an old crawling dataset.

I am now wondering if those broken URLs are bot bugs as well.

They look like this (zalgo is a new project):

https://www.uninformativ.de/projects/slinp/zalgo/scksums/bevelbar/

When you request that URL, you get redirected to /git/:

$ curl -sI https://www.uninformativ.de/projects/slinp/zalgo/scksums/bevelbar/
HTTP/1.0 301 Moved Permanently
Date: Sat, 22 Nov 2025 06:13:51 GMT
Server: OpenBSD httpd
Connection: close
Content-Type: text/html
Content-Length: 510
Location: /git/

And on /git/, there are links to my repos. So if a broken client requests https://www.uninformativ.de/projects/slinp/zalgo/scksums/bevelbar/, then sees a bunch of links and simply appends them, you’ll end up with an infinite loop.

Is that what’s going on here or are my redirects actually still broken … ?

#qjlgy4q
movq @www.uninformativ.de
 (1d ago)

(#sxlpyva) I just noticed this pattern:

uninformativ.de 201.218.xxx.xxx - - [22/Nov/2025:06:53:27 +0100] "GET /projects/lariza/multipass/xiate/padme/gophcatch HTTP/1.1" 301 0 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36"
www.uninformativ.de 103.10.xxx.xxx  - - [22/Nov/2025:06:53:28 +0100] "GET http://uninformativ.de/projects/lariza/multipass/xiate/padme/gophcatch HTTP/1.1" 400 0 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36"

Let me add some spaces to make it more clear:

    uninformativ.de 201.218.xxx.xxx - - [22/Nov/2025:06:53:27 +0100] "GET                       /projects/lariza/multipass/xiate/padme/gophcatch HTTP/1.1" 301 0 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36"
www.uninformativ.de 103.10.xxx.xxx  - - [22/Nov/2025:06:53:28 +0100] "GET http://uninformativ.de/projects/lariza/multipass/xiate/padme/gophcatch HTTP/1.1" 400 0 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36"

Some IP (from Brazil) requests some (non-existing, completely broken) URL from my webserver. But they use the hostname uninformativ.de, so they get redirected to www.uninformativ.de.

In the next step, just a second later, some other IP (from Nepal) issues an HTTP proxy request for the same URL.

Clearly, someone has no idea how HTTP redirects work. And clearly, they’re running their broken code on some kind of botnet all over the world.

#kyfenpq
lyse @lyse.isobeef.org
 (2d ago)

(#wmobsaa) @bender@twtxt.net Thanks. That pulley is just to hang back up the telephone wire (on the ground in 16) for that farm and restaurant in 04 once they finish logging. Hahahahahaaahaaaa, I didn’t see the nails on top of the pole. :-D

Yup, these ice crystals are just lovely. :-)

#bdoekxa
prologic @twtxt.net
 (3d ago)

(#g3u6i2q) @lyse@lyse.isobeef.org @bender@twtxt.net Pfft, they want folks to relocate to Sydney. Fuck that 🤣 Sydney is a bit like San Francisco, I’m not actually sure which is worse. Fuck’n expensive as hell, the only palce you’d be able to afford to buy or rent is at least ~2hrs out of the city by public transport (i.e: train) and by that time you’ve just pissed your life down the toilet, because you’d be expected ot work a 9-10hr day + 2-3hrs of travel each way, buy the time you factor in having to wake up super early to get ready to travel in to work, you basically have zero time for anything else, let alone your ufamily,

Fuck that.

#7awfkkq
lyse @lyse.isobeef.org
 (3d ago)

(#g3u6i2q) @prologic@twtxt.net I couldn’t have phrased it any better than @bender@twtxt.net. :-)

Twice or three times the money as before sounds a bit suspicious to me. Of course, I could be wrong, but I always was under the impression, that your last jobs weren’t all that badly salaried. If the new offer is really paid this highly, it might be a shit job. For me, money isn’t everything, I’d rather opt for a lower income where the job is fun than hating to go to work every day. But if the new job ticks all boxes, go for it. :-)

Also: Consult your pillow, don’t rush it.

#s5ft7ga
lyse @lyse.isobeef.org
 (3d ago)

I was looking at some ancient code and then thought: Hmm, maybe it would be a good idea to see more details in this error message. Which of the values don’t line up. On the other hand, that feature isn’t probably used anyway, because it’s a bit ugly to use (historically evolved). And on top of that, most teams need something slightly different, if they deal with that sort of thing.

I still told my workmates about it, so they could also have a look at it and we can decide tomorrow what to do about it. Speaking of the devil, no kidding, not even half an hour later, a puzzled tester contacted me. She received exactly that rather useless error message. Looks like I had an afflatus. ;-)

It’s interesting, though, that in all those years, nobody stumbled across this before. At least we now know for sure that this is not dead code. :-)

#a5vybqq
lyse @lyse.isobeef.org
 (3d ago)

I had no meetings this arvo, so I made an appointment with the woods in my extended lunch break. The 6°C warm sun was out all day long and there was only a very light breeze. So, a very nice autumn day.

When I stopped to take a photo in the forest, a deer behind me took off into the woodland. I didn’t see it before. Also, I came across one or the other clearing. Sadly, it’s all commercial timberland here. Luckily, in a year or so, when nature slowly took over and reclaimed some spots, the apocalyptic sites are then looking a bit more decent again.

Cleaning of the ruin walls on my backyard mountain slowly takes shape. They made some progress and moved on to the other section. The flag on top is halfway disintegrated again, all the yellow half is completely gone. I’m wondering if they just stop replacing it at some point in time. But probably not.

Enjoy! https://lyse.isobeef.org/waldspaziergang-2025-11-19/

#3gwlv4q
lyse @lyse.isobeef.org
 (6d ago)

(#35rs2qq) @bender@twtxt.net Glad you like them! :-) Those colorful roof shingles are absolutely stunning. The golden building has quite a few folds in the facade skin, from the other sides a bit more. Check out this: https://upload.wikimedia.org/wikipedia/commons/0/07/Rems_in_Schw%C3%A4bisch_Gm%C3%BCnd.jpg Luckily, there weren’t this many people around today. :-)

Don’t think this is the norm, though, most stuff here is also much more modern. There are not a whole lot of historic buildings left. And if there are, they’re not necessarily kept in good shape. But some are. So, don’t be fooled by my biased preselection of typically photographing the nicer ones.

The people photos are not for the internet. ;-) But I get your point, the reason why I ended up in that town is irrelevant and misleading, I should have introduced it differently. :-D

#qcni5dq