Notices by phryk 🏴 (phryk@mastodon.social)

@necedema

Mate, the "cutting edge" online ones have been laughably wrong about every single programming issue I've thrown at them, always going in loops with circular (non)reasoning – and programming is one of the areas that they're constantly advertised as excelling at.

@Wyatt_H_Knott @futurebird @grammargirl

@soatok How dare you show any personality! Go and be boring like the rest of us, goddammit!

I just found out what the fuck """Vibe Coding""" is and wow – this is so stupid, it will ensure my employability literally forever.

Apparently it needs to be said that creating complex structures with real-world impact but without any understanding of them is a *ludicrously* bad idea? 🤦

My projection is that we'll probably see a huge explosion of projects created like this.

LLMs shitting out the most convoluted shitty codebases with the worst security imaginable, inline documentation that's just straight-up wrong and nobody understanding how anything works or relates to each other.

It will probably take a couple years until this completely explodes and companies will beg any halfway competent software engineer to please rewrite all this garbage from scratch.

All of this is, of course, complete bullshit as learning an actual skill is the opposite of rigid, programming is essentially the creative field most removed from any real-world constraints and every craft (including programming/software engineering) is, by definition, a goddamned art form.

For context, "Vibe Coding" is not coding at all, but throwing prompts at an LLM until it shits out something that doesn't immediately explode.

Because apparently something like actually learning programming and software engineering is "too rigid" and not "creative" enough. Apparently, it's advertised as making programming more of an "art form".

TIL about #python generator comprehensions.

Essentially the same as list comprehensions but yields single values of the set – i.e. doesn't load the entire generated set into memory at the same time.

Holy fuck, integrating SMART into a prometheus+grafana monitoring stack is just so much better than the absolutely impossible to understand gibberish falling out of smartctl, you can't even call that shit a comparison…

Figure obtuse shit out once, forget it even exists, enjoy blissful ignorance and an intuitively understandable presentation of disk health.

@rysiek I think there's two points here:

1) If this is a security consideration for you, take note that much more granular location tracking is commonplace in mobile apps and prioritize mitigating that over the much more coarse location you can get by querying CDNs.

2) Using third-party services *always* introduces security considerations. If you're a programmer, think about what this means for your software before you integrate them.

@ArneBab Huh, so the plots are actually of intersections of a 3D structure on some plane?

Then, shouldn't it be called spheroid cryptography or something like that?

@ArneBab Yeah, that part I get, but I don't get why and none of the other lower-level stuff either.

Like, beginning at "elliptic" – literally none of the elliptic curve plots I have seen was actually an ellipsis? And many actually contained a closed curve plus another curve?

Like, the more I look into it, the less sense it all makes.

And not a single fucking video I find even *attempts* to explain what the fuck the "elliptic" in elliptic curve means.

This is beyond abysmal.

@ArneBab I mean, it could of course be an honest to Goddess DDoS.

But if that's the case, it's pretty damn incompetent as nothing was affected much during multiple incidents across a couple weeks – even tho I'm using just a single lower tier dedicated machine to host my online infra. That just doesn't track for me.

@ArneBab My hunch here is of course that OpenAI is spoofing agents and routing through a bunch of VPNs to keep crawling services that explicitly don't want them to.

@ArneBab Thanks for the data. Hopefully I find the time to add some more stuff to my log analysis tomorrow so I can compare.

From what I've seen so far, GPTBot is the most common UA-string hitting my systems by a large margin.

Like, during the incident I use as my test data, I got 2795 requests from GPTBot, the second most common UA is Safari with 1594 and after that it drops all the way to 209.

But that's just around 3% of the ~100k requests of the incident actually identifying as GPTBot.

@ArneBab Yeah, anything that identified itself as GPTBot came from 4.227.0.0/16 for me too – but at least in my case, that was just a small fraction of the request spikes I saw.

Currently, I'm only outputting any agents/IPs that made at least 10 requests so I don't just get 100k lines of output for one incident, but even with that limited perspective, I can immediately see a cluster in 172.68.0.0/16, one in 172.71.0.0/16 and possibly another one in 217.113.0.0/16

@vampirdaddy @BlumeEvolution

@ArneBab
One drive-by finding tho: Used user-agents definitely form clusters – a solid ~20% of the requests in the spike identified as different versions of MSIE.

@vampirdaddy @BlumeEvolution

@ArneBab @vampirdaddy @BlumeEvolution

That reminds me, I still have to do some forensics work.

Turns out most of the requests in the spikes weren't done by clients identifying as GPTBot. There still is some correlation on the time axis I need to look at, but more importantly, I'll have to bin requests to subnets to see if I can attribute the attacks with some modicum of certainty.

Already started writing a little log analyzer for that, maybe it'll grow into something I can actually release.

@how @daringfireball Reading that post… oof.

As someone running their own email server I can't help but ask… you did notice how GMail has become a de-facto monopoly and blocking them would ostensibly have been the right move to avoid that situation, right? 🤨

Aand it's deployed. I'm guessing this will bring down hits by somewhere upwards of 50% in the next couple days. 😈

Gonna do a little writeup soon, so anyone using nginx can reproduce this little hack – working title is "shitting in the well".