Notices by Phantasm (phnt@fluffytail.org), page 13
-
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Friday, 10-Jan-2025 22:42:09 JST 
Phantasm
@Suiseiseki @munir @waifu You don't want to be hosting on home IP anyway. Instead you have a VPN to a remote VPS with a transparent proxy. And if Musk blocks WG traffic, then he's even more stupid than I thought. -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Friday, 10-Jan-2025 22:29:17 JST
Phantasm
@waifu I wouldn't be that worried about the situation in the US locations. At least what I gathered from the Discord post, it seems that :francisco: and the new owner (Cloudzy AI owned by Hannan Nozari) have worked known each other since before BuyVM and :francisco: has been using some of their locations/services for some time now.
The move to Luxembourg is kinda worrying though at least for me and the use case my VPSes have there. I need to find a replacement before the move in 6 months. -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Friday, 10-Jan-2025 22:14:42 JST
Phantasm
BuyVM is changing hands and the Luxembourg location will be moved to Netherlands. So basically no freedom of speech and more likely government meddling when being involved in more controversial topics. Just so everybody knows.
More info on their Discord (sadly).
#VPS #Hosting #Web -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Friday, 10-Jan-2025 20:58:37 JST
Phantasm
@FrailLeaf @maija @david @meso All the good maija and meso posts are ancient. They both fell. -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Friday, 10-Jan-2025 20:38:01 JST
Phantasm
@david @maija @meso or a kink
maija-diaper.png -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Friday, 10-Jan-2025 13:07:36 JST
Phantasm
@lain Bill Gates activated the remote control chips in the vaccine. -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Friday, 10-Jan-2025 08:13:13 JST
Phantasm
@p @GhostOfMoshe @Jonny @Doll @koropokkur @RedTechEngineer @ins0mniak @Captain80s @NonPlayableClown @Leyonhjelm @thendrix @redneonglow
>I mean, why bother updating? If it works, it works. What's the new shit gonna do better?
The problem is that around the WinXP time, they started making them network connected (for remote gcode retrieval usually via SMB). So EternalBlue and alike would do _interesting_ things if unleashed on the internal network. And with barely competent IT personnel, you have a recipe for an interesting week.
>Oh, shit, that too. I bet the process for actually getting it approved even after doing the unnecessary work is years long.
Depends on the application. The range is from few months to years. For stuff like airplane control software, the standard was compilers with mathematical proofs they won't do something stupid and C code also mathematically proven to do exactly what it's supposed to do. Of course that industry standard might be gone now; looking at you Boeing.
For a CNC, I don't known how hard/long that process would be. -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Friday, 10-Jan-2025 07:57:42 JST
Phantasm
@NonPlayableClown @GhostOfMoshe @Jonny @Doll @koropokkur @RedTechEngineer @p @ins0mniak @Captain80s @Leyonhjelm @thendrix @redneonglow
>Mostly because newer version have a ton of bloat and bullshit tied to it.
That's probably also part of the reason. I don't know what Siemens uses now, but it doesn't show the Win logo during bootup and instead just displays the GUI after they boot fully. It might be some in-house Linux embedded thing, but the software for programming it outside of the CNC (Sinutrain) runs only on Windows. And the GUI on the CNC is the same as the Windows software (by design), so I don't really know.
>As for linux system some might even use old libraries that got revised which screws with an applications library calls.
Until like a decade ago, seeing Linux in embedded was a rarity outside of routers. NetBSD has been the king at that time. Stable ABI on Linux just doesn't exist. An stable API is also rare outside of really small libcs.
The first use of Linux I saw in embedded was around ~2012 in the Czech 363.5 electric locomotive that used some ancient Debian version running kernel 2.4.X I think. They made a nice X GUI running on two different PCs for it and it just sent commands to the actual control system running on some other realtime system... And they never updated it.
Locomotive 363.5 -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Friday, 10-Jan-2025 07:38:58 JST
Phantasm
@p @GhostOfMoshe @Jonny @Doll @koropokkur @RedTechEngineer @ins0mniak @Captain80s @NonPlayableClown @Leyonhjelm @thendrix @redneonglow Correct, for example many old CNC machines still use it, because nobody bothered to port the software to newer versions and certify it really does what it's supposed to. The MS-DOS 6 floppy based mill I used in high school is still there and operational, at least last time I asked. -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Friday, 10-Jan-2025 06:01:50 JST
Phantasm
@p @pnotifbot @NonPlayableClown @j @Nepiant Of course something like that exists... Good thing I mostly live under the rock.
>Digital blackface has been described[by whom?] as "one of the most insidious forms of contemporary racism" and has been compared to historical minstrelsy, while others[who?] have dismissed the concept in its entirety.
wikipedia-citation-needed.png -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Friday, 10-Jan-2025 05:49:11 JST
Phantasm
@p @pnotifbot @NonPlayableClown @j @Nepiant
>Now there is some sassy woman making a dismissive hand gesture with skin tone modifiers.
I resorted to using the skin modifiers as a way to convey how mean I am when using the emoji, if it's some more negative one. The darker the skin, the more stupid the post probably is.
It sadly doesn't work outside of my small group, because people don't get it. -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Friday, 10-Jan-2025 05:18:37 JST
Phantasm
@PurpCat @amerika @p @FranciscoScaramanga @GummyNerds @PNS @eriner @sun
This one's my favorite: https://akkoma.dev/AkkomaGang/akkoma/pulls/553
Along with the MRF modification, that I spent an hour debugging, because I was writing an MRF from scratch to know if someone unfollowed me. Yes, Akkoma prevents all Undo, Delete and Block activities from going through the MRF pipeline, but forced unfollows go through, because they are actually Follow activities with a Reject coat on them.
https://akkoma.dev/AkkomaGang/akkoma/src/branch/develop/lib/pleroma/web/activity_pub/mrf.ex#L66
Or the forum post where a user was asking how to change the instance favicon and sent a Soapbox link in the body.
But enough of Akkoma drama.
image.png
image.png
image.png -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Friday, 10-Jan-2025 03:27:02 JST
Phantasm
@mint @amerika @p @FranciscoScaramanga @GummyNerds @PNS @eriner @sun The lowest priority doesn't matter that much. It will all get executed when there's nothing else to do, which will still cause the DB activity to spike anyway and cause problems for when the real things have to be done. Add Postgres timeouts and retries to the mix and things sometimes barely work.(1) Oban doesn't seem to take into account the time it took to execute the previous low priority job when deciding if it should run the new job from the same worker with the same priority.
It should probably be batched and the batch execution should happen only after X amount of time has passed from the previous one. It might be doable with Oban, but I don't really know.
Not that it is an important thing to do, when the MRF policy is publicly known and fixing it should be done on the Mastodon or reverse proxy side, instead of mitigating their incompetence in Pleroma. And the current solution mostly works apart from the user creating spam that already has an open MR anyway. Akkoma users just have to deal with it, the same way they have to deal with other FloatingGhost's "interesting" ideas.
(1) This is also one of the "skill" issues that some Pleroma instance owners complain about. It's trivial to fix with an MRF policy or a quick nginx rate limit rule, but some people will still say that Pleroma "just sucks" at being a Fediverse server, because it doesn't completely work out-of-the-box in every situation. -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Friday, 10-Jan-2025 02:51:12 JST
Phantasm
@eriner @amerika @p @FranciscoScaramanga @GummyNerds @PNS @sun Most of the bigger Pleroma instances now just ignore remote deletes anyway. SPW and FSE do and maybe even Poast. It doesn't cause that much mayhem for smaller new instance as those don't have to go through tens (or even hundreds) of gigabytes of DB data to delete a single post multiple times per second. You very likely won't get IP blocked. If it makes you less concerned, this instance only received 6 POST request from noauthority.social in the last 4 days. 4 of which are the result of me being in this thread. -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Friday, 10-Jan-2025 02:40:47 JST
Phantasm
@eriner @amerika @p @FranciscoScaramanga @GummyNerds @PNS @sun I think it sends out a request for every object ("post") to every federated peer in the "nuking" instance's peer list. Basically the worst way they could have done this.
User deletes might be unique, because some part of the object has https://instance.tld/<user>#delete or something similar.
It's been a long time, since I looked in to this. @p might know more.
-
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Friday, 10-Jan-2025 02:27:36 JST
Phantasm
@eriner @amerika @p @FranciscoScaramanga @GummyNerds @PNS @sun Missed that, sorry. -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Friday, 10-Jan-2025 02:16:55 JST
Phantasm
@p @amerika @FranciscoScaramanga @GummyNerds @PNS @eriner @sun I meant it as that it didn't cause DoS only to instances that reject the deletes. It brings down even instances that honor the request. Especially those that run on cheap VPS VMs like Frantech or OVH. -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Friday, 10-Jan-2025 02:11:47 JST
Phantasm
@eriner @p @amerika @FranciscoScaramanga @GummyNerds @PNS @sun
>it causes a DoS for servers that don’t honor it too, because it puts it into the retry back off queue
Not really, when a user from a remote Mastodon instance deletes their account, or in the worse case the instance admin touches the "nuke instance button". Mastodon just floods the whole network with Delete activities.
When a large instance, whose name I now forgot, got shutdown, I had around ~30 posts from them, and the instance sent 20+ r/s for 3 days with Delete activities for posts I didn't have made by users that didn't exist to my instance. Which caused the user to be automatically created and then immediately deactivated. The result was that my instance became barely usable until I just enabled a policy that rejects every incoming Delete request. -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Friday, 10-Jan-2025 02:04:05 JST
Phantasm
@p @amerika @FranciscoScaramanga @GummyNerds @PNS @eriner @sun You can't do anything about it on the Mastodon side, I think, without extensively modifying how the queues work.
On the Pleroma side, I talked with feld about some kind of queuing for those delete jobs and just sending "success" back without immediately deleting the object. The idea was that it would periodically execute those jobs with a much lower priority until the queue is flushed completely and not hammer the DB like it does right now. But that idea sort of faded away after some time as he worked on more important things. Can't blame him.
Of course Akkoma, in typical Akkoma fashion, can't even cope with the load, as the MRF pipeline was modified to exclude Delete activities. -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Wednesday, 08-Jan-2025 08:30:40 JST
Phantasm
>Tor is compromised
>Why not route traffic through 3 WireGuard hops from trusted VPN providers
Seriously?
>How does Tor defend against governments hosting a majority of nodes
By removing them from the public registry. They've been doing it for years.
How can people still take him seriously. He routinely has one of the worst takes on software and the only thing he has going for him is autistically secure code, which granted, is a really good thing.
But also his biggest disadvantage. Can a schizo autistic programmer be trusted with developing an OS for phones, when he has enough knowledge to hide malicious code in it and execute it at will? Especially when he picks fights with literally everyone online?
obrazek.png
All GNU social JP content and data are available under the 
