@prologic Hitting that URL returns a bunch of HTML even though there is no user named lovetocode999 on my pod. I think it should 404, and maybe with a delay, to discourage whatever this abuse is. Basically this can be used to DDoS a pod by forcing it to generate a hunch of HTML just by doing a bogus GET like this.

I'm seeing GETs like this over and over again:

"GET /external?nick=lovetocode999&uri=https://vuf.minagricultura.gov.co/Lists/Informacin%20Servicios%20Web/DispForm.aspx?ID=8375144 HTTP/1.1" 200 35861 17.077914ms

always to nick=lovetocode999, but with different uris. What are these calls?

@stigatle I used the following hack to keep my VPS from running out of space: watch -n 60 rm -rf /tmp/yarn-avatar-*, run in tmux so it keeps running.

The vast majority of this traffic was coming from a single IP address. I blocked that IP on my VPS, and I sent an abuse report to the abuse email of the service provider. That ought to slow it down, but the vulnerability persists and I'm still getting traffic from other IPs that seem to be doing the same thing.

@prologic There are a lot of logs being generated by yarnd, which is something I haven't seen before too:

Jul 25 14:32:42 buc yarnd[1911318]: [yarnd] 2024/07/25 14:32:42 (162.211.155.2) "GET /twt/ubhq33a HTTP/1.1" 404 29 643.251µs
Jul 25 14:32:43 buc yarnd[1911318]: [yarnd] 2024/07/25 14:32:43 (162.211.155.2) "GET /twt/112073211746755451 HTTP/1.1" 400 12 505.333µs
Jul 25 14:32:44 buc yarnd[1911318]: [yarnd] 2024/07/25 14:32:44 (111.119.213.103) "GET /twt/whau6pa HTTP/1.1" 200 37360 35.173255ms
Jul 25 14:32:44 buc yarnd[1911318]: [yarnd] 2024/07/25 14:32:44 (162.211.155.2) "GET /twt/112343305123858004 HTTP/1.1" 400 12 455.069µs
Jul 25 14:32:44 buc yarnd[1911318]: [yarnd] 2024/07/25 14:32:44 (168.199.225.19) "GET /external?nick=lovetocode999&uri=http%3A%2F%2Fwww.palapa.pl%2Fbaners.php%3Flink%3Dhttps%3A%2F%2Fwww.dwnewstoday.com HTTP/1.1" 200 36167 19.582077ms
Jul 25 14:32:44 buc yarnd[1911318]: [yarnd] 2024/07/25 14:32:44 (162.211.155.2) "GET /twt/112503061785024494 HTTP/1.1" 400 12 619.152µs
Jul 25 14:32:46 buc yarnd[1911318]: [yarnd] 2024/07/25 14:32:46 (162.211.155.2) "GET /twt/111863876118553837 HTTP/1.1" 400 12 817.678µs
Jul 25 14:32:46 buc yarnd[1911318]: [yarnd] 2024/07/25 14:32:46 (162.211.155.2) "GET /twt/112749994821704400 HTTP/1.1" 400 12 540.616µs
Jul 25 14:32:47 buc yarnd[1911318]: [yarnd] 2024/07/25 14:32:47 (103.204.109.150) "GET /external?nick=lovetocode999&uri=http%3A%2F%2Fampurify.com%2Fbbs%2Fboard.php%3Fbo_table%3Dfree%26wr_id%3D113858 HTTP/1.1" 200 36187 15.95329ms

I've seen that nick=lovetocode999 a bunch.

@prologic Inspect? What's sift? What would you like to know about the files?

@prologic 10 Gbytes has accumulated since I made that last post. It's coming in at a rate of 55 Mbits/second !

@prologic I think there's more to it than that. I've updated, yet hundreds of gigabytes of junk is still accumulating.

@prologic I'm still getting this crap:

abucci@buc:~/yarnd/yarn$ ls -lh /tmp/yarnd-avatar-*
-rw------- 1 abucci abucci 863M Jul 25 14:19 /tmp/yarnd-avatar-1594499680
-rw------- 1 abucci abucci 7.8G Jul 25 14:19 /tmp/yarnd-avatar-2144295337
-rw------- 1 abucci abucci 9.8G Jul 25 14:19 /tmp/yarnd-avatar-2334738193
-rw------- 1 abucci abucci  10G Jul 25 14:14 /tmp/yarnd-avatar-2494107777
-rw------- 1 abucci abucci 9.5G Jul 25 13:59 /tmp/yarnd-avatar-2619243454
-rw------- 1 abucci abucci  11G Jul 25 14:04 /tmp/yarnd-avatar-2922187513
-rw------- 1 abucci abucci 7.5G Jul 25 14:14 /tmp/yarnd-avatar-349775570
-rw------- 1 abucci abucci  10G Jul 25 14:09 /tmp/yarnd-avatar-3640724243
-rw------- 1 abucci abucci 901M Jul 25 14:19 /tmp/yarnd-avatar-3921595598
-rw------- 1 abucci abucci 9.5G Jul 25 13:59 /tmp/yarnd-avatar-609094539
-rw------- 1 abucci abucci 9.3G Jul 25 14:04 /tmp/yarnd-avatar-755173392
-rw------- 1 abucci abucci 7.9G Jul 25 14:09 /tmp/yarnd-avatar-984061000

Something like 100 Gbytes of this junk has accumulated since I updated and re-started the server. I'm now running the latest version of yarnd, so the update did not fix the problem. Something else is going wrong.

How are temporary files growing to 10 Gbytes in size? The name of the file is "yarn-avatar", but why would avatars be so large?

@prologic Alright, running yarnd 0.15.1 now. I stopped my hack so we'll see if the VPS gets clogged with junk 😆

@prologic

abucci@buc:~/yarnd/yarn$ make preflight
Checking Go version ...                 [ ERR ]
Go 1.16+ is required, found go1.22.5
FATAL: 🙁 preflight failed
make: *** [Makefile:33: preflight] Error 1

🤔

@prologic Aha, got it. Thanks for looking into it. I'm updating now and we'll see if that stops it.

@prologic Sure, but why would this start happening all of a sudden today? Nothing like this has happened before. Is this a known bug?

https://anthony.buc.ci/info has the deets!

@prologic 0.15.1, looks like.

@bender I hope so too. I've never seen anything like this before. Whatever it is, it's strange.

This is completely insane!

abucci@buc:/tmp$ du -sh /tmp/yarnd-avatar-*
564M    /tmp/yarnd-avatar-3024946878
7.2G    /tmp/yarnd-avatar-3122347915
11G     /tmp/yarnd-avatar-3533381443
445M    /tmp/yarnd-avatar-441914658

I'm going to have to shut down my server soon. This looks like some kind of DDoS. Whether intentional or not it's filling up the disk at an unsustainable rate.

There are also a bunch of log messages scrolling by. I've never seen this much activity in the log:

Jul 25 01:37:39 buc.ci yarnd[829]: [yarnd] 2024/07/25 01:37:39 (149.71.56.69) "GET /external?nick=lovetocode999&uri=https://pagez.co.uk/services/your-own-100-fully-owned-online-vi>
Jul 25 01:37:39 buc.ci yarnd[829]: [yarnd] 2024/07/25 01:37:39 (162.211.155.2) "GET /twt/112135496802692324 HTTP/1.1" 400 12 826.65µs
Jul 25 01:37:40 buc.ci yarnd[829]: [yarnd] 2024/07/25 01:37:40 (51.222.253.14) "GET /conv/muttriq HTTP/1.1" 200 36881 20.448309ms
Jul 25 01:37:40 buc.ci yarnd[829]: [yarnd] 2024/07/25 01:37:40 (162.211.155.2) "GET /twt/112730114943543514 HTTP/1.1" 400 12 663.493µs
Jul 25 01:37:40 buc.ci yarnd[829]: [yarnd] 2024/07/25 01:37:40 (27.75.213.253) "GET /external?nick=lovetocode999&uri=http%3A%2F%2Falfarah.jo%2FHome%2FChangeCulture%3FlangCode%3Den>
Jul 25 01:37:40 buc.ci yarnd[829]: time="2024-07-25T01:37:40Z" level=error msg="http://bynet.com.br/log_envio.asp?cod=335&email=%21%2AEMAIL%2A%21&url=https%3A%2F%2Fwww.almanacar.c>
Jul 25 01:37:40 buc.ci yarnd[829]: [yarnd] 2024/07/25 01:37:40 (162.211.155.2) "GET /twt/111674756400660911 HTTP/1.1" 400 12 545.106µs
Jul 25 01:37:40 buc.ci yarnd[829]: time="2024-07-25T01:37:40Z" level=warning msg="feed FetchFeedRequest: <a href="/profile?url=http://alfarah.jo/Home/ChangeCulture?langCode=en&returnUrl">@lovetocode999</a>
Jul 25 01:37:41 buc.ci yarnd[829]: [yarnd] 2024/07/25 01:37:41 (162.211.155.2) "GET /twt/112507964696096567 HTTP/1.1" 400 12 838.946µs

Something really weird is going on?

I deleted them all right before I sent my previous message, and already, a few minutes later, there are two more:

abucci@buc:~$ du -sh /tmp/yarnd-avatar-3*
1.8G    /tmp/yarnd-avatar-3122347915
2.4G    /tmp/yarnd-avatar-3533381443

What is this?

@prologic This is weird, but today, out of nowhere, yarnd filled up the disk on the VPS where I run it. It's never done anything like this before and I have no idea why it would start. But it threw almost 700 Gbytes of data into /tmp in files like this:

yarnd-avatar-1087570772  yarnd-avatar-1599127133  yarnd-avatar-2042956376  yarnd-avatar-2562946212  yarnd-avatar-3274766535  yarnd-avatar-3931929859  yarnd-avatar-553201529
yarnd-avatar-1089125452  yarnd-avatar-1606826819  yarnd-avatar-2089122560  yarnd-avatar-2611944556  yarnd-avatar-3310922372  yarnd-avatar-3938996661  yarnd-avatar-556240195
yarnd-avatar-1101228867  yarnd-avatar-1618755765  yarnd-avatar-2104107259  yarnd-avatar-2641384948  yarnd-avatar-3326285269  yarnd-avatar-3939402047  yarnd-avatar-559344463
yarnd-avatar-1112165824  yarnd-avatar-1650827505  yarnd-avatar-2142824779  yarnd-avatar-2680659340  yarnd-avatar-3340682113  yarnd-avatar-3998621883  yarnd-avatar-570292705
yarnd-avatar-1119886894  yarnd-avatar-1656673647  yarnd-avatar-2160786463  yarnd-avatar-271923479   yarnd-avatar-3374584613  yarnd-avatar-4005102536  yarnd-avatar-595490106
yarnd-avatar-1131417623  yarnd-avatar-1685698239  yarnd-avatar-2165405940  yarnd-avatar-2793562275  yarnd-avatar-3380606954  yarnd-avatar-4016872095  yarnd-avatar-679251850
yarnd-avatar-1160959085  yarnd-avatar-1746759128  yarnd-avatar-2171489899  yarnd-avatar-2842068287  yarnd-avatar-3416352997  yarnd-avatar-4110048378  yarnd-avatar-679950970
yarnd-avatar-1231649265  yarnd-avatar-1752278279  yarnd-avatar-2251317422  yarnd-avatar-2843868670  yarnd-avatar-3468636088  yarnd-avatar-4116552474  yarnd-avatar-737874628

164 files. Some are empty, some are 7 or even 10 Gbyte.

Any idea what would cause that? And why now, after running yarnd for so long with nothing like this happening?

@movq This outage did affect me, though not much, via the university where my wife teaches and where I teach sometimes. They actually sent out an alert in their emergency alert system (the one they use to alert people of extreme weather events and bomb threats, mostly), telling people that all IT systems were down.

A friend of mine elsewhere pointed out that they pushed this change on a Friday, which of course no software developer with any experience would ever, ever, ever do. I have to assume there's some toxic management at CrowdStrike, but who knows. Even more reasons to sympathize with the poor folks who are probably going to be working nights and weekends to clean up this mess.

@prologic One of these days I'll turn off registrations

@prologic Hello!

@movq Somewhere or another, I think in a William Byrd talk, I heard it suggested that the best ideas in computer science should fit on an index card (ah yes it's this one: https://paperswelove.org/2017/video/will-byrd-most-beautiful-program/ ). He was referring to the basic principles of LISP/the lambda calculus, which have sometimes been called the Maxwell's equations of computer programming (by Alan Kay). Simple, short, elegant, but very densely packed with meaning--generations of people have spent their whole careers unpacking what those simple rules can do.

Much of modern software feels like the polar opposite of that. Not only can you not write it on an index card, you never will be able to because people who write software don't seem to aspire to try. I wish more people thought this way though!

@New_scientist No.

@New_scientist It's insane that a single botched software update can have worldwide impact. We've messed up badly.

@support No.

@support No.

@bender I have nothing against GoToSocial, but:

GoToSocial stores statuses, accounts, etc, in a database. This can be either SQLite or Postgres.

snac is simpler. Some JSON files and that's it. I can read them with jq and less. I can use tar to back them up. I can hand edit them in a text editor.

I think @abucci and @stigatle are running snac? I didn’t have a closer look at snac (no intention of running it), but if that is a relatively small daemon (maybe comparable to Yarn?) that gives you access to the whole world of ActivityPub, then, well, yeah … That’s tough to beat.

Yes, I am running snac on the same VPS where I run my yarn pod. I heard of it from @stigatle, so blame him 😏 snac is written in C and is one simple executable, uses very little resources on the server, and stores everything in JSON files (no databases or other integrations; easy to save and migrate your data) . It's definitely like yarn in that respect.

I haven't been around yarn much lately. Part of that is that I've been very busy at work and home and only have a limited time to spend goofing off on a social network. Part of it is that I'm finding snac very useful: I've connected with friends I'd previously lost touch with, I've found useful work-related information, I've found colleagues to follow, and even found interesting conferences to attend. There's a lot more going on over there.

I guess if I had to put it simply, I'd say I have limited time to play and there are more kids in the ActivityPub sandbox than this one. That's not a ding on yarn--I like yarn and twtxt--I'm just time constrained.

@New_scientist Silicon Valley’s top AI models are terrible at almost everything. They only seem otherwise because people are easily fooled into believing they have capabilities they don't have.

@New_scientist I hate to break it to you but that's not really "A" I?

@prologic @movq s/twitter\.com/nitter.net/

@movq I guess so. It's weird and obsessive. They are compulsively monopolistic anymore.

@Phys_org We're going to be killed by these people's excesses, almost literally. This ratio is indefensible.

@New_scientist No it isn't. The prejudice that playing board games is indicative of general intelligence is passe, outdated.

@prologic I feel like my kid is a better weather predictor than most weather sites. He freaks out whenever the pressure drops and we know a storm is coming 😆

@xuu Right now they're laying the groundwork for uncritical belief in the power of #AI, so the next step will be accepting the magical incantations as if they were real.

@prologic I don't know but I don't want it!

@New_scientist no it can't. Your blurb is literally "if we had data we can't have, we could predict weather better". DeepMind is irrelevant in that statement--anyone could.

@New_scientist fuck off with this nightmare.

@lyse I think we're 90 meters above sea level or thereabouts. Pretty far north in the US though.

@prologic "who could possibly forget that" you could, apparently lol

@prologic Any of these work? https://gadgetstouse.com/blog/2023/05/15/bypass-ad-blockers-not-allowed-on-youtube/

@prologic Newpipe on android continues to work fine

@phoronix You get what you pay for?

@prologic iotop

@lyse oh wow nice autumn shot. I expected to see then silhouette of a witch flying on a broomstick

@prologic

1. It's criminal: Copilot was only possible because of massive theft of other peoples' work (no compensation or even acknowledgement to any of the developers whose code was used to create Copilot)
2. It's positioned to put software developers out of work or so fully de-skill them that they no longer know how to code anything but prompts (after which come corporate-justified salary and benefits decreases)

Don't use it. No one should ever use it. You're destroying your own future as a software developer by leaning on and supporting these things.

@movq oops, forgot to say thank you for the birthday wishes!