DigitalDilemma

His interfering with European politics is despised over here - promoting far-right groups in Germany, France and the UK deliberately to destabilise our countries. The man is genuinely dangerous to all democracies, not just the US.

Already done, along with a bunch of other stuff including cloudflare WAF and rate limiting rules.

I am still annoyed that it took me over a day’ of my life to finally (so far) restrict these things. And several other days to offload the problem to Cloudflare pages for sites that I previous self hosted but my rural link couldn’t support.

this advice is just for “unintentional” DDoS attacks, not intentionally malicious ones.

And I don’t think these high volume AI scrapes are unintentional DDOS attacks. I consider them entirely intentional. Not deliberrately malicious, but negligent to the point of criminality. (Especially in requesting the same pages again so frequently, and all of them ignoring robots.txt)

Surprised at the level of negativity here. Having had my sites repeatedly DDOSed offline by Claudebot and others scraping the same damned thing over and over again, thousands of times a second, I welcome any measures to help.

In unrelated news, hate is reduced across the world.

the reality is that every Chinese company is ultimately controlled by the CCP.

Yes.

But in the same way that every US company is ultimately controlled by the US Government. And every EU company by them. And every other country by their own government.

Thats’s a shame, I always considered brother one of the better makers of paper manglers.

More information: It’s been rolling out to Android 9+ users since November 2024 as a high priority update. Some users are reporting it installs when on battery and off wifi, unlike most apps.

App description on Play store: SafetyCore is a Google system service for Android 9+ devices. It provides the underlying technology for features like the upcoming Sensitive Content Warnings feature in Google Messages that helps users protect themselves when receiving potentially unwanted content. While SafetyCore started rolling out last year, the Sensitive Content Warnings feature in Google Messages is a separate, optional feature and will begin its gradual rollout in 2025. The processing for the Sensitive Content Warnings feature is done on-device and all of the images or specific results and warnings are private to the user.

Description by google Sensitive Content Warnings is an optional feature that blurs images that may contain nudity before viewing, and then prompts with a “speed bump” that contains help-finding resources and options, including to view the content. When the feature is enabled, and an image that may contain nudity is about to be sent or forwarded, it also provides a speed bump to remind users of the risks of sending nude imagery and preventing accidental shares. - https://9to5google.com/android-safetycore-app-what-is-it/

So looks like something that sends pictures from your messages (at least initially) to Google for an AI to check whether they’re “sensitive”. The app is 44mb, so too small to contain a useful ai and I don’t think this could happen on-phone, so it must require sending your on-phone data to Google?

Surely it’s up to the advertisers to choose where who they pay money to use?

It’s not that we “hate them” - it’s that they can entirely overwhelm a low volume site and cause a DDOS.

I ran a few very low visit websites for local interests on a rural. residential line. It wasn’t fast but was cheap and as these sites made no money it was good enough Before AI they’d get the odd badly behaved scraper that ignored robots.txt and specifically the rate limits.

But since? I’ve had to spend a lot of time trying to filter them out upstream. Like, hours and hours. Claudebot was the first - coming from hundreds of AWS IPs and dozens of countries, thousands of times an hour, repeatedly trying to download the same urls - some that didn’t exist. Since then it’s happened a lot. Some of these tools are just so ridiculously stupid, far more so than a dumb script that cycles through a list. But because it’s AI and they’re desperate to satisfy the “need for it”, they’re quite happy to spend millions on AWS costs for negligable gain and screw up other people.

Eventually I gave up and redesigned the sites to be static and they’re now on cloudflare pages. Arguably better, but a chunk of my life I’d rather not have lost.

Yep, absolutely.

Although when doing so, that would make your regular PC a server. Doesn’t stop it continuing to be a regular PC as well.

You need a way to connect to your home server from the internet, yes. You can do it easily using cloudflare tunnels or using one of the many vpn systems for your phone.

Look into Syncthing if you have a home server - very easy phone backups that cost nothing.

A lot of people have made it their main income. Whether you or I think that’s good or not is irrelevent, but it does mean hundreds of thousands, perhaps millions, of Americans will lose their jobs as a result of this.

If they don’t have an online presence and neither do their peers, how would they be cyber bullied?

Fun fact, I was called by my bullies on my parents landline and bullied when I was a kid in the 1980s.

Bullies are gonna bully - the method varies but never the motive.

No sign of that happening yet, especially with the results of a certain election in a certain country.

If this was just about the X/Twitter accounts, then X could just suspend them.

It won’t be that simple.

For starters, you’re assuming t-zero response. It’ll likely be a week before people worry enough that LE isn’t returning before they act. Then they have to find someone else for, possibly, the hundreds or thousands of certs they are responsible for. Set up processes with them. Hope that this new provide is able to cope with the massive, MASSIVE surge in demand without falling over themselves.

And that’s assuming your company knows all its certs. That they haven’t changed staff and lost knowledge, or outsourced IT (in which case they provider is likely staggering under the weight of all their clients demanding instant attention) and all that goes with that. Automation is actually bad in this situation because people tend to forget how stuff was done until it breaks. It’s very likely that many certs will simply expire because they were forgotten about and the first thing some companies knows is when customers start complaining.

LetsEncrypt is genuinely brilliant, but we’ve all added a massive single point of failure into our systems by adopting it.

(Yeah, I’ve written a few disaster plans in my time. Why do you ask?)

Sleeping too well lately? Consider this:

If LetsEncrypt were to suffer a few weeks outage, how much of the internet would break?

It’s the Sharepoint of chat.

The bar chart might be more useful if they weighted the source with its number of users. Facebook isn’t 7 times more hateful than Telegram. It has around 3.5 times as many users - but also the two are used very differently. I use Telegram, but only as a free messaging platform for automated alerts.

Then there’s the algorithms, which tend to feed you what you engage with and from those connections you’ve made on it. The exception recently is X which has a very strong political bias and has turned into something that pushes hate very strongly.