Jerry on PieFed

Just a techie guy running feddit.online to allow people to communicate, make friends and acquaintances. Odd coming from a happy introvert, right? (https://jerry.hear-me.blog/about)

I also own these publicly available applications:
Mastodon: https://hear-me.social/
Alternative Mastodon UI: https://phanpy.hear-me.social/
Peertube: https://my-sunshine.video/
Friendica: https://my-place.social/
Matrix: https://element.secure-channel.net/
XMPP/Jabber: https://between-us.online/
Bluesky PDS: https://blue-ocean.social/ (jerry.blue-ocean.social) Mobilizon (Facebook Events Alt): https://my-group.events/
and more…

  • 23 Posts
  • 110 Comments
Joined 2 years ago
cake
Cake day: September 29th, 2024

help-circle
  • There are two answers to this depending on what the reason is for asking.

    If you are asking because you are concerned about scrapers reading your posts and violating your privacy and your rights, then understand that even if an instance is 100% effective at blocking them, the post is sent all over the place in clear text anyway. It doesn’t matter for them which of the federated servers your post is read from. They will read your post many times over. For this case, then, there is little incentive for a server owner to block bots if it’s just to protect your posts from ingestion.

    If you are asking because you are concerned about scrapers sucking the life out of a server because there are multiple different AI companies trying to read every single post in the database multiple times over for training, which ends up causing gateway timeout errors and poor performance, then admins, for this reason, should take action.

    On my PieFed server, feddit.online, as of yesterday, the firewall discarded 99K requests it deemed were for AI scraping while processing the remaining 300K requests. Those 99K requests would have been expensive requests, not just upvotes and such, but requests asking for huge amounts of text, and so the impact on the server and infrastructure would have been much more than a 25% tax on the system.

    And if the bots realize your server is not well protected, it gets worse. 3 months ago I peaked at 1.2 million requests in one day, of which over 700K were AI bots. Now it’s down to consistently under 100K from bots because many of them have given up, I like to believe.









  • Things like this that play games scare me. This itself opens a wider attack vector on your server. I’m thinking of possibilities:

    1. In Linux, each TCP connection is a file descriptor. PortTripper holds connections to waste scanner threads, which means it’s holding file descriptors. This could be a good DDOS attack vector. Hit every port with connection requests, requiring a slew of file descriptor creations, and boom, you cause the server to hit the server ulimit cap. New connections cannot be made. The server is half dead.

    2. Memory and CPU consumption. Maintaining thousands of open TCP states takes RAM and CPU. A massive flood can consume all memory. And for what? To annoy a hacker?

    Interestingly enough, just these 2 things can make PortTripper a hacker’s tool.

    1. If a service crashes or reboots, is down for maintenance, or is slow to come up, PortTripper might grab the port before the application comes back up. And then it can’t come back up.

    2. Who’s to say there won’t be vulnerabilities in PortTripper that can cause a buffer overflow, memory leak, or parsing vulnerability in PortTripper’s code or a library it uses? Playing this game opens another attack vector into your server.

    3. If PortTripper can bind to ports 1 through 1023, then it’s running as root or has elevated capabilities. If an attacker exploits a bug in PortTripper or a library it uses, they can get high-level control of the server.

    4. While PortTripper “discards datagrams without replying” in a reflected DDOS attack, millions of discarded packets come in, which means millions of CPU interrupts at the kernel level. This can choke the NIC.

    I think PortTripper is too risky to run just to become a nuisance to someone, IMHO.







  • Wine requires Linux knowledge to get the configurations correct. I don’t think many Windows users will be able to get any Windows applications running under Wine. And it’s the same Wine that any Linux user can install for free.

    If Zorin came packaged with Crossover, then maybe it would run Windows apps better because Crossover would manage the Wine configurations and the required Windows infrastructure installs.

    Maybe.

    But not many old machines will have the capacity to run Linux, Wine, and a Windows application. But Zorin’s hype leads one to believe that a 15-year-old machine won’t struggle.





  • This is definitely the best protection. If the provider drops you, you move your domain to another provider. But, as far as I know, while almost all email providers will host your personal domain, none that I know of will do it on the free plans. But your email is your identity. You should be willing to pay for it, especially if you host it on a provider that otherwise won’t make any money on you.

    There are a couple of downsides. If you forget, or are unable, to renew your domain, you lose it and your emails. Make sure another family member or friend can pay the renewal for you if, for some reason, you cannot.

    While your own domain makes it far less likely that your email will be canceled (because you can move it), abuse of your domain can result in your losing your domain name and your email, especially before it has earned a reputation.

    Which brings up another IMPORTANT point. If you use your own domain name, then you must set up your DNS records to protect your domain from spoofers and spammers so it doesn’t get blacklisted or, worse, doesn’t cause cancellation of your domain name. Scammers and spammers WILL try to send email using your domain name. You need to tell email clients to toss these rogue emails and give them the means to determine spoofing and unauthorized use. Read this: https://www.valimail.com/blog/dmarc-dkim-spf-explained/

    Also, be aware that SpamAssassin considers .com, .net, and .org TLDs to be far safer than .world, .online, .blog, and most others. Using one of these newer TLDs results in a higher spam score, and your email is more likely to end up in the spam folder if it reaches the magic score of 5. A new age TLD can add as much as 1 point to the spam calculation depending on the email provider receiving your email.

    So your own domain name is safer but costs money and requires more work.





  • I deleted what I wrote before. If it federated, ignore it.

    Your browser is trying to find startpage.com on your local machine instead of the Internet.

    While on the VPN, open a command window and ping startpage.com. Does it return localhost or the real IP address? If it returns the real IP address, then the problem is related to the browser. Try another browser to see if it’s Vivaldi-related.

    If it returns localhost then maybe it’s a setting in protonVPN?

    This is strange. Just try to find clues.