Posts
1776
Following
219
Followers
2257
Director of Linux Foundation IT. Currently in charge of kernel.org infra.

This account is for Linux/Kernel/FOSS topics in general: #linux, #kernel, #foss, #git, #sysadmin, #infrastructure.

For my personal account, please follow @monsieuricon@castoranxieux.ca.

Montrรฉal, Quรฉbec, Canada ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡บ๐Ÿ‡ฆ
monsieuricon

K. Ryabitsev ๐Ÿ

Reply to @palmer
@palmer lol, I'll try this. :)
0
0
3
monsieuricon

K. Ryabitsev ๐Ÿ

Jeg er veldig smart.

Don't ask me why I'm learning Norsk, it's a secret, but my Duo username may give a hint.
0
0
6
monsieuricon

K. Ryabitsev ๐Ÿ

Reply to @srtcd424@mas.to
@srtcd424 @bencardoen @tony this would be a lot of work for not obvious gain. My guess is that we're not the only host they check, so this may go completely unnoticed by the app makers, so we'll spend a lot of effort for minimal gain.
0
1
4
monsieuricon

K. Ryabitsev ๐Ÿ

Reply to @josh@joshanders.com
@josh Good guess, I do see significantly more of this traffic on our Singapore and Amsterdam nodes.
1
0
9
monsieuricon

K. Ryabitsev ๐Ÿ

Reply to
@tony @bencardoen Yes, that's my current suspect as well -- some popular Android clone either on mobile or some set-top box. The number of unique IPs is in tens of millions, so it's probably a mobile app.
1
0
10
monsieuricon

K. Ryabitsev ๐Ÿ

Reply to @bencardoen@mstdn.science
@bencardoen Trouble is, I'm usually seeing the IP of the NAT routing endpoint, not the actual device, so this doesn't tell me very much.
0
0
8
monsieuricon

K. Ryabitsev ๐Ÿ

Reply to @djh@chaos.social
@djh I thought about that, but my firewall match table would get huge and it would cause problems in itself. That's 12,000,000 unique IPs just on one single node.
3
0
10
monsieuricon

K. Ryabitsev ๐Ÿ

Reply to
@artandtechnic It doesn't look like that -- the only records I have from the IPs that do that is that one GET /. They may or may not come back a few times a day, but nothing definitive.
0
0
7
monsieuricon

K. Ryabitsev ๐Ÿ

Reply to @monsieuricon
I do have a solution in mind if it gets bad -- we already have cdn.kernel.org going through Fastly, so I will just point www.kernel.org to go through there, too. I am mostly perplexed and unamused that someone's quick thoughtless hack is starting to cause us problems.
2
5
30
monsieuricon

K. Ryabitsev ๐Ÿ

x.x.x.x - - [10/Nov/2024:00:02:37 +0000] "GET / HTTP/1.1" 301 162 "-" "okhttp/4.9.0"

You know whatโ€™s interesting about this log line? It repeats 56,686,963 times in www.kernel.org logs for yesterday, across 4 nodes. Thatโ€™s about 700 times a second, and this has been going on for months.

These requests arenโ€™t intentionally malicious โ€“ they issue a simple GET /, receive their 301 redirect, and terminate the connection. From what I can tell, this is some kind of appliance or software installed on mobile clients that uses โ€œcan I reach www.kernel.orgโ€ as a network test.

This wouldnโ€™t be that big of a deal โ€“ a single plaintext โ€œGET /โ€œ that triggers an immediate 301 is very cheap for us to generate, but the number of these requests has been steadily growing.

If you have any idea what this is and how to make it stop, please reach out?

39
484
301
monsieuricon

K. Ryabitsev ๐Ÿ

Reply to @olivvybee@honeycomb.engineer
@olivvybee That strikes a chord, but don't fret -- I'm sure it's just A minor setback.
0
0
2
monsieuricon

K. Ryabitsev ๐Ÿ

Reply to @lkundrak@metalhead.club
@lkundrak I know, I now actually have to be productive for the rest of the day and can't use the excuse of needing to fix my workstation to procrastinate.
0
0
3
monsieuricon

K. Ryabitsev ๐Ÿ

Update to Fedora-41 was completely uneventful.
7
10
38
monsieuricon

K. Ryabitsev ๐Ÿ

Reply to @oleksandr@natalenko.name
@oleksandr not .arj?
1
0
1
monsieuricon

K. Ryabitsev ๐Ÿ

Reply to @tivasyk@mastodon.social
@tivasyk ัะฟะพั…ะฐ ั‚ั€ั‘ั… ั‘ะฑะฝัƒั‚ั‹ั… ะดะตะดะพะฒ -- ะขั€ะฐะผะฟ, ะกะธ ะธ ะŸัƒั‚ะธะฝ.
0
0
0
monsieuricon
repeated
the_etrain@beige.party

Staff Chief of Joints

Not now honey. Daddy's checking to see if anyone liked the stupid joke he posted on the internet.

2
4
4
monsieuricon

K. Ryabitsev ๐Ÿ

Reply to @spot@social.afront.org
@spot they turned us down in the past, but I can try again for sure.
1
0
0
monsieuricon

K. Ryabitsev ๐Ÿ

Reply to @boramalper@mastodon.social
@boramalper it's super expensive to run and the only reason we can afford it is because it was donated by Equinix. E.g. we need 70TB of fast random access storage and terabytes of bandwidth every hour. Times four worldwide frontends.
1
0
1
monsieuricon

K. Ryabitsev ๐Ÿ

So, if mirrors.kernel.org went away...
5
2
2
monsieuricon

K. Ryabitsev ๐Ÿ

The good news, they just keep a-coming, eh.

I guess we'll need to find a new home for kernel.org frontends by 2026.
6
7
14
Show older
About social.kernel.org

Terms of service

  1. Please do not use this service in violation of the Linux Kernel Code of Conduct. Doing so will result in your account suspension with the referral of the matter to the CoC committee.

  2. "Repeating"/"boosting" someone else's status on this platform will be treated as endorsement and will fall under rule #1.

  3. You are encouraged to use this platform to promote your work on the Linux Kernel, but there is no restriction on permitted topics (with the exception of anything covered by #1 above).

  4. There is no requirement to post in English, but it should be considered the primary language of communication on this platform.

Privacy notice

The admins of this service have access to all posted statuses. They aren't looking, but if it's something they shouldn't know about, then you should not post it on this platform.

Please see the Linux Foundation Privacy Policy, which applies to this platform as well.

Getting your own account

If you would like an account on this instance, please check that the following applies to you:

  • You are listed in MAINTAINERS or CREDITS

  • OR: You have a kernel.org account or email address

  • OR: You have a long and established history of involvement with the Linux Kernel

If the above is true and you agree with the Terms of Service and Privacy Notice listed above, please use these instructions to request an account: