GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Notices by phryk 🏴 (phryk@mastodon.social)

  1. Embed this notice
    phryk 🏴 (phryk@mastodon.social)'s status on Tuesday, 06-May-2025 00:43:50 JST phryk 🏴 phryk 🏴
    • myrmepropagandist
    • Mignon Fogarty

    @necedema

    Mate, the "cutting edge" online ones have been laughably wrong about every single programming issue I've thrown at them, always going in loops with circular (non)reasoning – and programming is one of the areas that they're constantly advertised as excelling at.

    @Wyatt_H_Knott @futurebird @grammargirl

    In conversation about 5 days ago from mastodon.social permalink
  2. Embed this notice
    phryk 🏴 (phryk@mastodon.social)'s status on Monday, 05-May-2025 22:02:46 JST phryk 🏴 phryk 🏴
    in reply to
    • Soatok Dreamseeker

    @soatok How dare you show any personality! Go and be boring like the rest of us, goddammit!

    In conversation about 5 days ago from mastodon.social permalink
  3. Embed this notice
    phryk 🏴 (phryk@mastodon.social)'s status on Wednesday, 09-Apr-2025 02:07:47 JST phryk 🏴 phryk 🏴

    I just found out what the fuck """Vibe Coding""" is and wow – this is so stupid, it will ensure my employability literally forever.

    Apparently it needs to be said that creating complex structures with real-world impact but without any understanding of them is a *ludicrously* bad idea? 🤦

    In conversation about a month ago from mastodon.social permalink
  4. Embed this notice
    phryk 🏴 (phryk@mastodon.social)'s status on Wednesday, 09-Apr-2025 02:07:46 JST phryk 🏴 phryk 🏴
    in reply to

    My projection is that we'll probably see a huge explosion of projects created like this.

    LLMs shitting out the most convoluted shitty codebases with the worst security imaginable, inline documentation that's just straight-up wrong and nobody understanding how anything works or relates to each other.

    It will probably take a couple years until this completely explodes and companies will beg any halfway competent software engineer to please rewrite all this garbage from scratch.

    In conversation about a month ago from mastodon.social permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: other.It
      the OTHER
  5. Embed this notice
    phryk 🏴 (phryk@mastodon.social)'s status on Wednesday, 09-Apr-2025 02:07:46 JST phryk 🏴 phryk 🏴
    in reply to

    All of this is, of course, complete bullshit as learning an actual skill is the opposite of rigid, programming is essentially the creative field most removed from any real-world constraints and every craft (including programming/software engineering) is, by definition, a goddamned art form.

    In conversation about a month ago from mastodon.social permalink
  6. Embed this notice
    phryk 🏴 (phryk@mastodon.social)'s status on Wednesday, 09-Apr-2025 02:07:46 JST phryk 🏴 phryk 🏴
    in reply to

    For context, "Vibe Coding" is not coding at all, but throwing prompts at an LLM until it shits out something that doesn't immediately explode.

    Because apparently something like actually learning programming and software engineering is "too rigid" and not "creative" enough. Apparently, it's advertised as making programming more of an "art form".

    In conversation about a month ago from mastodon.social permalink
  7. Embed this notice
    phryk 🏴 (phryk@mastodon.social)'s status on Monday, 27-Jan-2025 06:48:37 JST phryk 🏴 phryk 🏴

    TIL about #python generator comprehensions.

    Essentially the same as list comprehensions but yields single values of the set – i.e. doesn't load the entire generated set into memory at the same time.

    In conversation about 3 months ago from mastodon.social permalink
  8. Embed this notice
    phryk 🏴 (phryk@mastodon.social)'s status on Thursday, 23-Jan-2025 04:34:42 JST phryk 🏴 phryk 🏴

    Holy fuck, integrating SMART into a prometheus+grafana monitoring stack is just so much better than the absolutely impossible to understand gibberish falling out of smartctl, you can't even call that shit a comparison…

    Figure obtuse shit out once, forget it even exists, enjoy blissful ignorance and an intuitively understandable presentation of disk health.

    In conversation about 4 months ago from mastodon.social permalink

    Attachments


    1. https://files.mastodon.social/media_attachments/files/113/873/499/525/532/139/original/0280c5a2a83e8b2a.png
  9. Embed this notice
    phryk 🏴 (phryk@mastodon.social)'s status on Wednesday, 22-Jan-2025 20:05:28 JST phryk 🏴 phryk 🏴
    in reply to
    • Michał "rysiek" Woźniak · 🇺🇦

    @rysiek I think there's two points here:

    1) If this is a security consideration for you, take note that much more granular location tracking is commonplace in mobile apps and prioritize mitigating that over the much more coarse location you can get by querying CDNs.

    2) Using third-party services *always* introduces security considerations. If you're a programmer, think about what this means for your software before you integrate them.

    In conversation about 4 months ago from mastodon.social permalink
  10. Embed this notice
    phryk 🏴 (phryk@mastodon.social)'s status on Saturday, 18-Jan-2025 01:07:08 JST phryk 🏴 phryk 🏴
    in reply to
    • Arne Babenhauserheide

    @ArneBab Huh, so the plots are actually of intersections of a 3D structure on some plane?

    Then, shouldn't it be called spheroid cryptography or something like that?

    In conversation about 4 months ago from mastodon.social permalink
  11. Embed this notice
    phryk 🏴 (phryk@mastodon.social)'s status on Friday, 17-Jan-2025 23:52:39 JST phryk 🏴 phryk 🏴
    in reply to
    • Arne Babenhauserheide

    @ArneBab Yeah, that part I get, but I don't get why and none of the other lower-level stuff either.

    Like, beginning at "elliptic" – literally none of the elliptic curve plots I have seen was actually an ellipsis? And many actually contained a closed curve plus another curve?

    Like, the more I look into it, the less sense it all makes.

    In conversation about 4 months ago from mastodon.social permalink
  12. Embed this notice
    phryk 🏴 (phryk@mastodon.social)'s status on Friday, 17-Jan-2025 23:41:13 JST phryk 🏴 phryk 🏴

    And not a single fucking video I find even *attempts* to explain what the fuck the "elliptic" in elliptic curve means.

    This is beyond abysmal.

    In conversation about 4 months ago from mastodon.social permalink
  13. Embed this notice
    phryk 🏴 (phryk@mastodon.social)'s status on Friday, 17-Jan-2025 05:58:56 JST phryk 🏴 phryk 🏴
    in reply to
    • Arne Babenhauserheide

    @ArneBab I mean, it could of course be an honest to Goddess DDoS.

    But if that's the case, it's pretty damn incompetent as nothing was affected much during multiple incidents across a couple weeks – even tho I'm using just a single lower tier dedicated machine to host my online infra. That just doesn't track for me.

    In conversation about 4 months ago from mastodon.social permalink
  14. Embed this notice
    phryk 🏴 (phryk@mastodon.social)'s status on Friday, 17-Jan-2025 05:58:56 JST phryk 🏴 phryk 🏴
    in reply to
    • Arne Babenhauserheide

    @ArneBab My hunch here is of course that OpenAI is spoofing agents and routing through a bunch of VPNs to keep crawling services that explicitly don't want them to.

    In conversation about 4 months ago from mastodon.social permalink
  15. Embed this notice
    phryk 🏴 (phryk@mastodon.social)'s status on Friday, 17-Jan-2025 05:58:56 JST phryk 🏴 phryk 🏴
    in reply to
    • Arne Babenhauserheide

    @ArneBab Thanks for the data. Hopefully I find the time to add some more stuff to my log analysis tomorrow so I can compare.

    From what I've seen so far, GPTBot is the most common UA-string hitting my systems by a large margin.

    Like, during the incident I use as my test data, I got 2795 requests from GPTBot, the second most common UA is Safari with 1594 and after that it drops all the way to 209.

    But that's just around 3% of the ~100k requests of the incident actually identifying as GPTBot.

    In conversation about 4 months ago from mastodon.social permalink
  16. Embed this notice
    phryk 🏴 (phryk@mastodon.social)'s status on Friday, 17-Jan-2025 03:54:57 JST phryk 🏴 phryk 🏴
    in reply to
    • Arne Babenhauserheide
    • Dr. Michael Blume
    • vampirdaddy

    @ArneBab Yeah, anything that identified itself as GPTBot came from 4.227.0.0/16 for me too – but at least in my case, that was just a small fraction of the request spikes I saw.

    Currently, I'm only outputting any agents/IPs that made at least 10 requests so I don't just get 100k lines of output for one incident, but even with that limited perspective, I can immediately see a cluster in 172.68.0.0/16, one in 172.71.0.0/16 and possibly another one in 217.113.0.0/16

    @vampirdaddy @BlumeEvolution

    In conversation about 4 months ago from mastodon.social permalink
  17. Embed this notice
    phryk 🏴 (phryk@mastodon.social)'s status on Friday, 17-Jan-2025 03:34:26 JST phryk 🏴 phryk 🏴
    in reply to
    • Arne Babenhauserheide
    • Dr. Michael Blume
    • vampirdaddy

    @ArneBab
    One drive-by finding tho: Used user-agents definitely form clusters – a solid ~20% of the requests in the spike identified as different versions of MSIE.

    @vampirdaddy @BlumeEvolution

    In conversation about 4 months ago from mastodon.social permalink
  18. Embed this notice
    phryk 🏴 (phryk@mastodon.social)'s status on Friday, 17-Jan-2025 03:34:26 JST phryk 🏴 phryk 🏴
    in reply to
    • Arne Babenhauserheide
    • Dr. Michael Blume
    • vampirdaddy

    @ArneBab @vampirdaddy @BlumeEvolution

    That reminds me, I still have to do some forensics work.

    Turns out most of the requests in the spikes weren't done by clients identifying as GPTBot. There still is some correlation on the time axis I need to look at, but more importantly, I'll have to bin requests to subnets to see if I can attribute the attacks with some modicum of certainty.

    Already started writing a little log analyzer for that, maybe it'll grow into something I can actually release.

    In conversation about 4 months ago from mastodon.social permalink
  19. Embed this notice
    phryk 🏴 (phryk@mastodon.social)'s status on Wednesday, 15-Jan-2025 20:29:26 JST phryk 🏴 phryk 🏴
    in reply to
    • My name is RAGE
    • Daring Fireball

    @how @daringfireball Reading that post… oof.

    As someone running their own email server I can't help but ask… you did notice how GMail has become a de-facto monopoly and blocking them would ostensibly have been the right move to avoid that situation, right? 🤨

    In conversation about 4 months ago from mastodon.social permalink

    Attachments


  20. Embed this notice
    phryk 🏴 (phryk@mastodon.social)'s status on Sunday, 05-Jan-2025 14:58:17 JST phryk 🏴 phryk 🏴
    in reply to

    Aand it's deployed. I'm guessing this will bring down hits by somewhere upwards of 50% in the next couple days. 😈

    Gonna do a little writeup soon, so anyone using nginx can reproduce this little hack – working title is "shitting in the well".

    In conversation about 4 months ago from mastodon.social permalink
  • Before

User actions

    phryk 🏴

    phryk 🏴

    Your friendly neighbourhood hⒶcker hobo.Likes dinosaurs, dislikes hierarchy. Come for the music recommendations, stay for the #propaganda.#nojs #ux #infosec #python #freebsd

    Tags
    • (None)

    Following 0

      Followers 0

        Groups 0

          Statistics

          User ID
          7332
          Member since
          26 Aug 2022
          Notices
          79
          Daily average
          0

          Feeds

          • Atom
          • Help
          • About
          • FAQ
          • TOS
          • Privacy
          • Source
          • Version
          • Contact

          GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

          Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.