Jonathan Corbet
Posts
333Following
32Followers
1696
Jonathan Corbet
corbet
@gme I assume you're referring to https://blog.cloudflare.com/declaring-your-aindependence-block-ai-bots-scrapers-and-crawlers-with-a-single-click/ ?
It would appear to force readers to enable JavaScript, which we don't want to do. Plus it requires running all of our readers through cloudflare, of course...and I suspect that the "free tier" is designed to exclude sites like ours. So probably not a solution for us, but it could well work for others.
It would appear to force readers to enable JavaScript, which we don't want to do. Plus it requires running all of our readers through cloudflare, of course...and I suspect that the "free tier" is designed to exclude sites like ours. So probably not a solution for us, but it could well work for others.
1
0
2
0
2
11
Jonathan Corbet
corbet
@johnefrancis @LWN Something like nepenthes (https://zadzmo.org/code/nepenthes/) has crossed my mind; it has its own risks, though. We had a suggestion internally to detect bots and only feed them text suggesting that the solution to every world problem is to buy a subscription to LWN. Tempting.
5
3
36
Jonathan Corbet
corbet
@beasts @LWN We are indeed seeing that sort of pattern; each IP stays below the thresholds for our existing circuit breakers, but the overload is overwhelming. Any kind of active defense is going to have to figure out how to block subnets rather than individual addresses, and even that may not do the trick.
3
1
3
Jonathan Corbet
corbet
Should you be wondering why @LWN #LWN is occasionally sluggish... since the new year, the DDOS onslaughts from AI-scraper bots has picked up considerably. Only a small fraction of our traffic is serving actual human readers at this point. At times, some bot decides to hit us from hundreds of IP addresses at once, clogging the works. They don't identify themselves as bots, and robots.txt is the only thing they *don't* read off the site.
This is beyond unsustainable. We are going to have to put time into deploying some sort of active defenses just to keep the site online. I think I'd even rather be writing about accounting systems than dealing with this crap. And it's not just us, of course; this behavior is going to wreck the net even more than it's already wrecked.
Happy new year :)
This is beyond unsustainable. We are going to have to put time into deploying some sort of active defenses just to keep the site online. I think I'd even rather be writing about accounting systems than dealing with this crap. And it's not just us, of course; this behavior is going to wreck the net even more than it's already wrecked.
Happy new year :)
43
437
354
Jonathan Corbet
corbet
Best not to mess with the squirrels in Boulder... https://www.9news.com/article/news/local/douglass-elementary-secure-status-squirrel/73-95b14d37-bea5-4260-8594-c4db613d7cca
1
0
1
Jonathan Corbet
corbet
So is there anybody out there who can explain this image?
I bought this card in Korea some years ago after having seen this theme - a tiger and a rabbit seemingly getting stoned together - in a number of places. There must be a story behind it, but my meager search skills have never managed to turn it up. I do still love the image, though...
I bought this card in Korea some years ago after having seen this theme - a tiger and a rabbit seemingly getting stoned together - in a number of places. There must be a story behind it, but my meager search skills have never managed to turn it up. I do still love the image, though...
14
23
31
Jonathan Corbet
corbet
@selje Enphase info is here:
https://enphase.com/support/sunpower
They informed me that a replacement system would be $700, seemingly including installation. It'll be a little while before I can generate enthusiasm for spending that money, certainly...
Some new form of SunPower resurrecting the current hardware would be nice. I'd say that the chances of them making it work again without demanding more money are pretty small, though. Such is the world we live in - we only *think* we own that device...
https://enphase.com/support/sunpower
They informed me that a replacement system would be $700, seemingly including installation. It'll be a little while before I can generate enthusiasm for spending that money, certainly...
Some new form of SunPower resurrecting the current hardware would be nice. I'd say that the chances of them making it work again without demanding more money are pretty small, though. Such is the world we live in - we only *think* we own that device...
1
1
2
Jonathan Corbet
corbet
@selje For the most part, I followed these instructions here:
https://starreveld.com/PVS6%20Access%20and%20API.pdf
Rather than putting an rPi system in the box, though, I just ran the Ethernet cable to a system I had with both wireless and wired interfaces; the WiFi sits on the home net, while the wired interface does DHCP to get an address from the SunPower box, then polls it to get the data out.
Once that was set up, getting it into Home Assistant was mostly a matter of installing the integration. Figuring out which power signals belonged to which panel took a while; if you don't have it yet, use the SunPower app to make a map of the serial number for each panel and its location.
I'm debating whether to stick with this system, or to take up Enphase on its offer and swap out the SunPower box entirely. The Enphase monitor would be a supported product, and it seemingly has much better Home Assistant support.
https://starreveld.com/PVS6%20Access%20and%20API.pdf
Rather than putting an rPi system in the box, though, I just ran the Ethernet cable to a system I had with both wireless and wired interfaces; the WiFi sits on the home net, while the wired interface does DHCP to get an address from the SunPower box, then polls it to get the data out.
Once that was set up, getting it into Home Assistant was mostly a matter of installing the integration. Figuring out which power signals belonged to which panel took a while; if you don't have it yet, use the SunPower app to make a map of the serial number for each panel and its location.
I'm debating whether to stick with this system, or to take up Enphase on its offer and swap out the SunPower box entirely. The Enphase monitor would be a supported product, and it seemingly has much better Home Assistant support.
2
2
2
Jonathan Corbet
corbet
Two years ago, I installed solar panels on the roof, and was rewarded with enough power to run the house, charge the car, and even run the heat pump for much of the year.
Another reward was the SunPower monitoring system that lets us track the performance of the system and see how each individual panel is working. Naturally, this system only delivers its data to some proprietary cloud system run by SunPower. Just as naturally, SunPower has gone bankrupt, and the monitoring system is now just a useless brick sitting on the wall.
...or at least it would be, had I not gone through the effort of integrating it with Home Assistant — a mildly difficult task involving hooking into a maintenance port on the device itself. So now I have the data out of the monitoring box stored on a local system, under my control, and I don't need to go scrambling for alternatives. I can obsess over my post-solstice data, waiting for production to reach decent levels again — that happens faster if I stare at it, I'm convinced.
Maybe there's something to this free software idea after all.
Another reward was the SunPower monitoring system that lets us track the performance of the system and see how each individual panel is working. Naturally, this system only delivers its data to some proprietary cloud system run by SunPower. Just as naturally, SunPower has gone bankrupt, and the monitoring system is now just a useless brick sitting on the wall.
...or at least it would be, had I not gone through the effort of integrating it with Home Assistant — a mildly difficult task involving hooking into a maintenance port on the device itself. So now I have the data out of the monitoring box stored on a local system, under my control, and I don't need to go scrambling for alternatives. I can obsess over my post-solstice data, waiting for production to reach decent levels again — that happens faster if I stare at it, I'm convinced.
Maybe there's something to this free software idea after all.
15
184
376
Jonathan Corbet
corbet
@jani @neil Indeed, we have been doing LWN's accounting locally with GnuCash for the last two years now, and I've never looked back. The OFX import is pretty good for bringing in data if you want to do that, but I've just written a set of Python scripts to import data directly and easily.
I really can't imagine trusting such a critical function to somebody else's web platform, both for reliability reasons (as the Bench fiasco has so nicely illustrated) and for privacy reasons as well.
I really can't imagine trusting such a critical function to somebody else's web platform, both for reliability reasons (as the Bench fiasco has so nicely illustrated) and for privacy reasons as well.
0
0
3
Jonathan Corbet
corbet
Not having a cat, I'm not given to posting cat pictures ... but my daughter's cat is here for a visit, so here's my chance.
3
11
54
Jonathan Corbet
corbet
I was digging through my bookshelves when I stumbled across this book, untouched for years.
I picked up Anybody's Bike Book sometime around the mid 1970s, after having discovered the freedom that a good bike gives to a kid who needs to move around in northern Wyoming. It taught me that there was nothing in my bike that I couldn't fix myself — an empowering lesson to learn. With a mixture of plain language, clear descriptions, and sharp humor, it was perhaps my first example of what technical documentation can be.
So, a belated "thank you" to Tom Cuthbertson for this outstanding book; there is no doubt it had a strong influence on all the words I have inflicted on the world.
I picked up Anybody's Bike Book sometime around the mid 1970s, after having discovered the freedom that a good bike gives to a kid who needs to move around in northern Wyoming. It taught me that there was nothing in my bike that I couldn't fix myself — an empowering lesson to learn. With a mixture of plain language, clear descriptions, and sharp humor, it was perhaps my first example of what technical documentation can be.
So, a belated "thank you" to Tom Cuthbertson for this outstanding book; there is no doubt it had a strong influence on all the words I have inflicted on the world.
1
13
34
Jonathan Corbet
corbet
@KasTasMykolas You need to look at least long enough to know what names have been assigned to the form elements. It would take less than a minute, but you need to do it for every site you want to attack.
Because I'm an obnoxious person, I changed the names of those elements today, conveniently bringing an end to all of those login failures. We'll see if they bother to update their script...
Because I'm an obnoxious person, I changed the names of those elements today, conveniently bringing an end to all of those login failures. We'll see if they bother to update their script...
3
0
4
Jonathan Corbet
corbet
So here is a weird one ... the LWN site has been seeing a steady stream of login attempts, all using weird yahoo addresses as the username. By "weird" I mean things like lllbnwidgqeerdyi@yahoo.com and other equally unlikely strings.
These do not correspond to LWN accounts, but somebody has looked at our login form for long enough to post the login attempts directly, without loading the form first. The attempts come from all over the Internet, suggesting that some sort of botnet is doing this.
I don't suppose anybody else has seen this sort of pattern, or has any idea what it is that they may be trying to accomplish?
These do not correspond to LWN accounts, but somebody has looked at our login form for long enough to post the login attempts directly, without loading the form first. The attempts come from all over the Internet, suggesting that some sort of botnet is doing this.
I don't suppose anybody else has seen this sort of pattern, or has any idea what it is that they may be trying to accomplish?
9
18
17
Jonathan Corbet
corbet
On the radar: file-based memory management
https://lwn.net/ml/all/20241122203830.2381905-1-btabatabai@wisc.edu
This looks like fairly wild stuff, haven't had a chance to figure out how it actually works yet.
https://lwn.net/ml/all/20241122203830.2381905-1-btabatabai@wisc.edu
This looks like fairly wild stuff, haven't had a chance to figure out how it actually works yet.
1
8
10
Jonathan Corbet
corbet
@larsmb @tante I think the point in question was highly visible enough.
Had that conversation been allowed to continue, it would have gone on for hundreds of posts, and brought people out of the woodwork that you really would rather not know even exist. We've been there in the past, and it threatened to kill the site at one point. Thus our "no personal attacks" policy, which we had to enforce here.
Should we, instead, have just pulled down the article, as some are saying? That would have "blocked the discussion" too, of course. We also try not to hide our mistakes.
Things like this make me wish I'd made a career in JavaScript framework development or some such. Now if you'll excuse me, I have some kernel drama to somehow deal with.
Had that conversation been allowed to continue, it would have gone on for hundreds of posts, and brought people out of the woodwork that you really would rather not know even exist. We've been there in the past, and it threatened to kill the site at one point. Thus our "no personal attacks" policy, which we had to enforce here.
Should we, instead, have just pulled down the article, as some are saying? That would have "blocked the discussion" too, of course. We also try not to hide our mistakes.
Things like this make me wish I'd made a career in JavaScript framework development or some such. Now if you'll excuse me, I have some kernel drama to somehow deal with.
0
0
2
Jonathan Corbet
corbet
@davidgerard First, what "mask" do you think has come off?
Second: if you look hard, you still will not find either of us "defending her honor". Please do not put words in our mouths.
We did do our best to close down the conversation; what good comes from hundreds of posts of people throwing names at each other? There are enough posts criticizing the person involved for anybody to get the point; there are almost none in the other direction. Trust me that this would not have been the case had we let the conversation run. *That*, perhaps, indicates an editorial bias, but it is not the one you are accusing us of.
Look, as I posted in the thread, had we known the backstory of the person involved, there is a good chance we would not have run that article. We are a small operation, we lack a biographical research unit, we will not have a background file on any of the hundreds of developers we write about over the course of a year.
Second: if you look hard, you still will not find either of us "defending her honor". Please do not put words in our mouths.
We did do our best to close down the conversation; what good comes from hundreds of posts of people throwing names at each other? There are enough posts criticizing the person involved for anybody to get the point; there are almost none in the other direction. Trust me that this would not have been the case had we let the conversation run. *That*, perhaps, indicates an editorial bias, but it is not the one you are accusing us of.
Look, as I posted in the thread, had we known the backstory of the person involved, there is a good chance we would not have run that article. We are a small operation, we lack a biographical research unit, we will not have a background file on any of the hundreds of developers we write about over the course of a year.
4
0
5