Notices by phryk 🏴 (phryk@mastodon.social)

@ArneBab Huh, so the plots are actually of intersections of a 3D structure on some plane?

Then, shouldn't it be called spheroid cryptography or something like that?

@ArneBab Yeah, that part I get, but I don't get why and none of the other lower-level stuff either.

Like, beginning at "elliptic" – literally none of the elliptic curve plots I have seen was actually an ellipsis? And many actually contained a closed curve plus another curve?

Like, the more I look into it, the less sense it all makes.

And not a single fucking video I find even *attempts* to explain what the fuck the "elliptic" in elliptic curve means.

This is beyond abysmal.

@ArneBab I mean, it could of course be an honest to Goddess DDoS.

But if that's the case, it's pretty damn incompetent as nothing was affected much during multiple incidents across a couple weeks – even tho I'm using just a single lower tier dedicated machine to host my online infra. That just doesn't track for me.

@ArneBab My hunch here is of course that OpenAI is spoofing agents and routing through a bunch of VPNs to keep crawling services that explicitly don't want them to.

@ArneBab Thanks for the data. Hopefully I find the time to add some more stuff to my log analysis tomorrow so I can compare.

From what I've seen so far, GPTBot is the most common UA-string hitting my systems by a large margin.

Like, during the incident I use as my test data, I got 2795 requests from GPTBot, the second most common UA is Safari with 1594 and after that it drops all the way to 209.

But that's just around 3% of the ~100k requests of the incident actually identifying as GPTBot.

@ArneBab Yeah, anything that identified itself as GPTBot came from 4.227.0.0/16 for me too – but at least in my case, that was just a small fraction of the request spikes I saw.

Currently, I'm only outputting any agents/IPs that made at least 10 requests so I don't just get 100k lines of output for one incident, but even with that limited perspective, I can immediately see a cluster in 172.68.0.0/16, one in 172.71.0.0/16 and possibly another one in 217.113.0.0/16

@vampirdaddy @BlumeEvolution

@ArneBab
One drive-by finding tho: Used user-agents definitely form clusters – a solid ~20% of the requests in the spike identified as different versions of MSIE.

@vampirdaddy @BlumeEvolution

@ArneBab @vampirdaddy @BlumeEvolution

That reminds me, I still have to do some forensics work.

Turns out most of the requests in the spikes weren't done by clients identifying as GPTBot. There still is some correlation on the time axis I need to look at, but more importantly, I'll have to bin requests to subnets to see if I can attribute the attacks with some modicum of certainty.

Already started writing a little log analyzer for that, maybe it'll grow into something I can actually release.

@how @daringfireball Reading that post… oof.

As someone running their own email server I can't help but ask… you did notice how GMail has become a de-facto monopoly and blocking them would ostensibly have been the right move to avoid that situation, right? 🤨

Aand it's deployed. I'm guessing this will bring down hits by somewhere upwards of 50% in the next couple days. 😈

Gonna do a little writeup soon, so anyone using nginx can reproduce this little hack – working title is "shitting in the well".

Collecting some artifacts to shit in the direction of """AI""" bots crawling my sites…

Think I got a good little collection here:

EICAR.txt
aiad.html
aigarble.html
aigarble2.html
aigarble3.html
bread.html
dumbledore.txt
dwarfpiss.jpg
getstickbugged.gif
gobblegobble.gif
headroom.gif
molotov.txt
scanners.gif
sonic.png
thinkingsphere.gif
tubgirl.jpg

AHAHAHA EAT SHIT CHATGPT! 🖕

*laughs in watching GPTBot gobble up sonic cockvore porn instead of source code*

@rysiek

Been to OHM like 10 years back, nice size, but cops and corporations.

At a latter dutch camp I was too poor and wanted to get a ticket through volunteer work but was told, they'd only decide if I'd get a ticket *after* my contributions – so essentially "work for free and you might not even get to visit the event" and that kinda culture is a *hard pass* for me.

How tiny we talking in Iceland (also what temperatures)? 2 dozen people events a la Camp++ are too small IMO.

// @quinn

@quinn Not going to C3 anymore for the foreseeable future.

Would definitely be interested if you can recommend some other events in Europe, preferably a good bit smaller, but not tiny – IMO CCCamp 2011 (3-4k people if memory serves) was about the ideal event size.

@rysiek *extremely overpronounced OUCH*

@rysiek I think the basic mechanic here is that any cost that is externalized is a net profit.

This is why companies lobby so hard to not be held accountable – they want to keep externalizing any costs they can.

Same applies to environmental and health damages and many, MANY other things.

IMO probably *the* central mechanic of how wealth (whether monetary, environmental or any other kind) is siphoned off from society in general and moved to barely a couple hundred obscenely rich people.

@rysiek I'd strongly disagree with the take that it's incompetence tho; those algorithms do exactly what they were designed to do – increase "engagement" and thus the bottom line.

@alcinnz

And all local politicians (at least here) do is pushing up the pension age further and further.

Which, besides being a major violation of the "social contract" that's forced on us by the state, is just a recipe for disaster and obviously not sustainable – it's a shortsighted non-solution.