A big issue is that this works for bots that announce themselves as such, but there’s lots that pretend to be regular users, with fake user agents and ips selected from a random pool with each ip only sending like 1-3 request/day, but overall many thousands of requests. In my experience a lot of them are from huawei and tencent cloud/ASN

it’s iocaine not Locaine, tripped me up at first as well.

You mean for the referer part? Of course you don’t want it for all urls and there’s some legitimate cases. I have that on specific urls where it’s highly unlikely, not every url. E.g. a direct link to a single comment in lemmy, and whitelisting logged-in users. Plus a limit, like >3 times an hour before a ban. It’s already pretty unusual to bookmark a link to a single comment

It’s a pretty consistent bot pattern, they will go to some subsubpage with no referer with no prior traffic from that ip, and then no other traffic from that ip after that for a bit (since they cycle though ip’s on each request) but you will get a ton of these requests across all ips they use. It was one of the most common patterns i saw when i followed the logs for a while.

of course having some honeypot url in a hidden link or something gives more reliable results, if you can add such a link, but if you’re hosting some software that you can’t easily add that to, suspicious patterns like the one above can work really well in my experience. Just don’t enforce it right away, have it with the ‘dummy’ action in f2b for a while and double check.

And I mostly intended that as an example of seeing suspicious traffic in the logs and tailoring a rule to it. Doesn’t take very long and can be very effective.

This is the way. I also have rules for hits to url, without a referer, that should never be hit without a referer, with some threshold to account for a user hitting F5. Plus a whitelist of real users (ones that got a 200 on a login endpoint). Mostly the Huawei and Tencent crawlers have fake user agents and no referer. Another thing crawlers don’t do is caching. A user would never download that same .js file 100s of times in a hour, all their devices’ browsers would have cached it. There’s quite a lot of these kinds of patterns that can be used to block bots. Just takes watching the logs a bit to spot them.

Then there’s ratelimiting and banning ip’s that hit the ratelimit regularly. Use nginx as a reverse proxy, set rate limits for URLs where it makes sense, with some burst set, ban IPs that got rate-limited more than x times in the past y hours based on the rate limit message in the nginx error.log. Might need some fine tuning/tweaking to get the thresholds right but can catch some very spammy bots. Doesn’t help with those that just crawl from 100s of ips but only use each ip once every hour, though.

Ban based on the bot user agents, for those that set it. Sure, theoretically robots.txt should be the way to deal with that, for well behaved crawlers, but if it’s your homelab and you just don’t want any crawlers, might as well just block those in the firewall the first time you see them.

Downloading abuse ip lists nightly and banning those, that’s around 60k abusive ip’s gone. At that point you probably need to use nftables directly though instead of iptables or going through ufw, for the sets, as having 60k rules would be a bad idea.

there’s lists of all datacenter ip ranges out there, so you could block as well, though that’s a pretty nuclear option, so better make sure traffic you want is whitelisted. E.g. for lemmy, you can get a list of the ips of all other instances nightly, so you don’t accidentally block them. Lemmy traffic is very spammy…

there’s so much that can be done with f2b and a bit of scripting/writing filters

In a perfect world, yes.

In reality, i knew what i did and why i did it, two years ago, after which i never had to touch it again until now, and it takes me 2 hours of searching/fiddling until i remember that weird thing i did 2 years ago…

and it’s still totally worth it

Oh or e.g. random env vars in .profile that I’m sure where needed for nvidia on wayland at some point, no clue if they’re still necessary but i won’t touch them unless something breaks. and half of them were probably not neccessary to begin with, but trying all differen’t combinations is tedious…

I’d be really curios to see some sort of study done on this. I mean, it’s not just americans and most of the west is not insulated from america, either, at least not online. and you don’t know from talking to someone online where they’re from. At the same time, there’s rising fascism and neoliberalism bullshit in europe, too.

I’d love to know how much of it is people getting antsier in general because they’re in a shit situation and how much it’s ‘infectious’ from talking with people in shit situations elsewhere, spreading bad vibes. Is this also happening in the chinese web? How about other countries that are more politically/economically aligned with the west but culturally less part of the english speaking web?

There has to be some sociologist out there somewhere studying this, no? But i wouldn’t know where to look. if anyone knows of something along those lines, i’d love to hear it.

Been using it for over a year now and not being scared of trying operations is such a boon. It helps so much with learning when you know you can just roll back to an earlier state.

I’ve had zero issues with it so far and no one at work noticed anything different, other than there being a bit more rebase spam on PRs.

Of course there are. But I mean, women’s hormones do affect mood during the menstrual cycle (my wife certainly says she’s more iritable before her period), and afaik the hormone therapy is some of the same hormones, so it didn’t seem far fetched at all to me that it could play a role. hence me asking.

but could as well have been some deep seated anger at the world or similar, or something in between. Mostly I was just trying to think of reasons for why she might not be as bad as she was seeming, benefit of the doubt kind of thing.

I used to work with a trans woman who was a huge bitch, at least some of the time. Like actually shouting at coworkers for tiny mistakes, all-caps shouting in company chat at people trying to help with stuff, thinking she’s the smartest person in any room, that kind of stuff.

i’ve always wondered if she’s just a bitch or if at least some of it could be a side effect of hormone therapy? I mean, completely changing the hormones for your body must have some pretty dramatic effects in many areas and might take a long time until your body adjusts.

but a definitely won’t just ask ‘yo. Are you just a huge bitch or is it your medication’ in a corporate setting.

[edit] just for clarity, she started transitioning about 1 month after she joined that team and I left after about a year and a half, in part because of the mood on the team going to shit, among other reasons. But so I couldn’t compare to pre-hormone therapy or anything like that.

[edit2] thank you for all the replies, this was really enlightening and answered a lot of questions! Especially on a topic i feel is discussed less often, or at least I haven’t come across.

A proper (CNC) milling machine and lathe, like ones you can work hardened steel with. Lots of better things you could buy for that money, but with a mill and lathe i could make those things for even more money!

Edit: oh and a proper garage/hobby room to put them in

Buddy Guy. the concert was pretty posh (think bankers in suits), with everyone having arranged seating, audience sitting still and quiet like at a classical music concert.

he was like ‘fuck this, this isn’t a proper concert, my guitar is wireless, let’s stand up, go to the entry hall and jam’. so he’s just standing in the middle of the crowd and going nuts, at like 83 years of age. That was amazing.

I used to believe that it merely moves jobs, but recently started having doubts. Given the increase in productivity in the past 50 years and the stagnating wages, it’s hard to still believe. I mean, sure people will get new jobs, but I doubt it’s with similar wages and benefits.

which is pretty self defeating as there will be no one left to buy the goods produced.

i have a venta lw45. same principle, but instead of a wick, it has these rotating disks that the water sticks to (with a little soap in the water). Works incredibly well, still uses next to no energy (<8W) and the disks are super easy to clean. It’s a beast, goes through 9 liters of water in a bit over a day. All the parts are easily accessible for maintenance and there’s replacement parts if anything ever were to break (though i havent needed those yet).

the disks are especially nice when you have hard water, the calcium can be a pain to remove from a wick, but you can put the venta plastic disks (and lower housing, if you can fit it) in the dishwasher to get them good as new. And calcium does not stick to them weld, so a quick rinse under a strong showerhead is usually enough to clean the disks. Definitely one of the best appliance purchases i ever made.

Also useful in this regard, python comes with a sìmple file server built in, python -m http.server --directory /dir/ would serve /dir/ on port 8000.

not sure i agree with that. I mean ok, i recently had three interviews for a company where each interviewer asked me almost the same questions. That was clearly a waste.

At my place, we do a 30min introductory call with the boss first, to quickly weed out unfit candidates and not waste employee and interviewee time with interviews. if that’s ok, then there’s three interviews of 45-60 minutes, one with the product owner that focuses on soft skills and team fit, one with the team your applying to and one with the other team (like frontend or backend) with more technical things, and also just if you’d like to work with this person.

no amount of interviewing will ever guarantee that things work out and unfit people can slip through cracks. And i hate wasting time in tons of interviews. But i’d also not want to work at a place where i know my coworkers were hired after just 1 hour quick chatting. That so little time to get an idea of a person, to spot any red flags. Heck, the ‘tell me a bit about yourself’ section of an interview is already 15 minutes and not usually very helpful.

What sucks the most about rust is that 90% of rust jobs are some crypto bullshit. I love the language, but finding normal jobs is near impossible.

At the same time, i could find 20 Go positions but Go just isn’t exciting. It’s the new java imo, working with it probably good for job security, but i just don’t see myself working in Go in the future as a main language.

That part of the ocean circulation is on track to stop in the next 50 years anyways, so might as well get a chile bridge out of it?

Why not link to the original?

You misunderstand, the first two commands are just one time setup to install a specific python version and then to create an env using that version. After that all you need is `pyenv activate myenv´ to drop you into that env, which will use the correct python version and make sure everything is isolated from other environments you might have.

You can also just create an env with the system python version, but the question was specifically about managing multiple versions of python side by side and this makes that super easy.

You could also combine it with direnv to automatically drop you into the correct environment based on the folder you are in, so you don’t have to type anything after the initial setup.

pyenv and pyenv-virtualenv together solves this for me. Virtualenv with specific python versions that work together well with other tools like pip or poetry.

It boils down to something like

$ pyenv install 3.12.7
$ pyenv virtualenv 3.12.7 myenv
$ pyenv activate myenv

and at that point you can do regular python stuff like pip installing etc.