Posts
2006
Following
228
Followers
2492
Director of Linux Foundation IT. Currently in charge of kernel.org infra.

This account is for Linux/Kernel/FOSS topics in general: #linux, #kernel, #foss, #git, #sysadmin, #infrastructure.

For my personal account, please follow @monsieuricon@castoranxieux.ca.

MontrΓ©al, QuΓ©bec, Canada πŸ‡¨πŸ‡¦πŸ‡ΊπŸ‡¦
monsieuricon

K. Ryabitsev 🍁

Reply to @major@social.lol
@major good thing you're not at Canonical, or you'd have to install CalbCalntCal.
1
0
1
monsieuricon

K. Ryabitsev 🍁

(Reading the news)

Didn't know Tide pods came in orange.
1
0
1
monsieuricon

K. Ryabitsev 🍁

Reply to
@deborahh @djh good suggestion, but with 20-odd million unique IPs, this is too much of a wumpus hunt to bother. :)
0
0
2
monsieuricon

K. Ryabitsev 🍁

popcorn.gif
0
0
4
monsieuricon

K. Ryabitsev 🍁

OK, so I ended up moving www.kernel.org to be served via Fastly and it's working well. I will probably move it back once we figure out what this okhttp traffic is.
2
5
14
monsieuricon

K. Ryabitsev 🍁

Reply to @tobigr@floss.social
@tobigr @trouble @ross @bladecoder Thank you, I do appreciate that! (And your tests are less likely to break this way, should we change something.)
0
0
2
monsieuricon

K. Ryabitsev 🍁

Reply to @justin@toot.io
@justin @djh it doesn't seem to make any difference what code we return -- my guess is that we're just one of the sites the check hits. If it gets an error, it just checks a different site.
0
0
4
monsieuricon

K. Ryabitsev 🍁

Reply to @bladecoder@androiddev.social
@bladecoder not quite -- the requests are http, not https. Also, I doubt there are tens of millions of daily NewPipe users out there. :)
2
0
1
monsieuricon

K. Ryabitsev 🍁

Reply to @palmer
@palmer lol, I'll try this. :)
0
0
3
monsieuricon

K. Ryabitsev 🍁

Jeg er veldig smart.

Don't ask me why I'm learning Norsk, it's a secret, but my Duo username may give a hint.
0
0
6
monsieuricon

K. Ryabitsev 🍁

Reply to @srtcd424@mas.to
@srtcd424 @bencardoen @tony this would be a lot of work for not obvious gain. My guess is that we're not the only host they check, so this may go completely unnoticed by the app makers, so we'll spend a lot of effort for minimal gain.
0
1
4
monsieuricon

K. Ryabitsev 🍁

Reply to @josh@joshanders.com
@josh Good guess, I do see significantly more of this traffic on our Singapore and Amsterdam nodes.
1
0
9
monsieuricon

K. Ryabitsev 🍁

Reply to
@tony @bencardoen Yes, that's my current suspect as well -- some popular Android clone either on mobile or some set-top box. The number of unique IPs is in tens of millions, so it's probably a mobile app.
1
0
10
monsieuricon

K. Ryabitsev 🍁

Reply to @bencardoen@mstdn.science
@bencardoen Trouble is, I'm usually seeing the IP of the NAT routing endpoint, not the actual device, so this doesn't tell me very much.
0
0
8
monsieuricon

K. Ryabitsev 🍁

Reply to @djh@chaos.social
@djh I thought about that, but my firewall match table would get huge and it would cause problems in itself. That's 12,000,000 unique IPs just on one single node.
2
0
10
monsieuricon

K. Ryabitsev 🍁

Reply to
@artandtechnic It doesn't look like that -- the only records I have from the IPs that do that is that one GET /. They may or may not come back a few times a day, but nothing definitive.
0
0
7
monsieuricon

K. Ryabitsev 🍁

Reply to @monsieuricon
I do have a solution in mind if it gets bad -- we already have cdn.kernel.org going through Fastly, so I will just point www.kernel.org to go through there, too. I am mostly perplexed and unamused that someone's quick thoughtless hack is starting to cause us problems.
2
5
30
monsieuricon

K. Ryabitsev 🍁

x.x.x.x - - [10/Nov/2024:00:02:37 +0000] "GET / HTTP/1.1" 301 162 "-" "okhttp/4.9.0"

You know what’s interesting about this log line? It repeats 56,686,963 times in www.kernel.org logs for yesterday, across 4 nodes. That’s about 700 times a second, and this has been going on for months.

These requests aren’t intentionally malicious – they issue a simple GET /, receive their 301 redirect, and terminate the connection. From what I can tell, this is some kind of appliance or software installed on mobile clients that uses β€œcan I reach www.kernel.org” as a network test.

This wouldn’t be that big of a deal – a single plaintext β€œGET /β€œ that triggers an immediate 301 is very cheap for us to generate, but the number of these requests has been steadily growing.

If you have any idea what this is and how to make it stop, please reach out?

39
468
300
monsieuricon

K. Ryabitsev 🍁

Reply to @olivvybee@honeycomb.engineer
@olivvybee That strikes a chord, but don't fret -- I'm sure it's just A minor setback.
0
0
2
monsieuricon

K. Ryabitsev 🍁

Reply to @lkundrak@metalhead.club
@lkundrak I know, I now actually have to be productive for the rest of the day and can't use the excuse of needing to fix my workstation to procrastinate.
0
0
3
Show older
About social.kernel.org

Terms of service

  1. Please do not use this service in violation of the Linux Kernel Code of Conduct. Doing so will result in your account suspension with the referral of the matter to the CoC committee.

  2. "Repeating"/"boosting" someone else's status on this platform will be treated as endorsement and will fall under rule #1.

  3. You are encouraged to use this platform to promote your work on the Linux Kernel, but there is no restriction on permitted topics (with the exception of anything covered by #1 above).

  4. There is no requirement to post in English, but it should be considered the primary language of communication on this platform.

Privacy notice

The admins of this service have access to all posted statuses. They aren't looking, but if it's something they shouldn't know about, then you should not post it on this platform.

Please see the Linux Foundation Privacy Policy, which applies to this platform as well.

Getting your own account

If you would like an account on this instance, please check that the following applies to you:

  • You are listed in MAINTAINERS or CREDITS

  • OR: You have a kernel.org account or email address

  • OR: You have a long and established history of involvement with the Linux Kernel

If the above is true and you agree with the Terms of Service and Privacy Notice listed above, please use these instructions to request an account: