Techrights logo

IRC: #boycottnovell @ FreeNode: Friday, April 23, 2021

(ℹ) Join us now at the IRC channel | ䷉ Find the plain text version at this address.

*liberty_box has quit (Ping timeout: 246 seconds)Apr 23 01:41
*rianne_ has quit (Ping timeout: 260 seconds)Apr 23 01:42
*rianne_ (~rianne@host81-154-169-167.range81-154.btcentralplus.com) has joined #boycottnovellApr 23 02:04
*liberty_box (~liberty@host81-154-169-167.range81-154.btcentralplus.com) has joined #boycottnovellApr 23 02:04
*asusbox2 (~rianne@2a00:23c4:c3aa:7d01:d9f3:e14c:3618:ec5b) has joined #boycottnovellApr 23 03:22
*rianne has quit (Ping timeout: 260 seconds)Apr 23 03:23
*asusbox has quit (Ping timeout: 260 seconds)Apr 23 03:27
*rianne (~rianne@2a00:23c4:c3aa:7d01:d9f3:e14c:3618:ec5b) has joined #boycottnovellApr 23 03:35
*rianne_ has quit (Ping timeout: 246 seconds)Apr 23 04:37
*liberty_box has quit (Ping timeout: 252 seconds)Apr 23 04:37
*rianne_ (~rianne@host81-154-169-167.range81-154.btcentralplus.com) has joined #boycottnovellApr 23 04:47
*liberty_box (~liberty@host81-154-169-167.range81-154.btcentralplus.com) has joined #boycottnovellApr 23 04:48
Techrights-secrms-paid-trolls.transcript.txtApr 23 06:16
Techrights-sec(double check that I heard correctly, some of the words were hard to interpret)Apr 23 06:16
schestowitzThanks, I have just added it. I left the site TM without the defences on, so there was downtime when I was asleep. From now on I will always leave defenses up when afk.Apr 23 06:16
schestowitzIBM code contributionsApr 23 06:24
schestowitzhttps://www.facebook.com/dpreed.phd/posts/10165005535555032Apr 23 06:24
-TechrightsBN/#boycottnovell-m.facebook.com | David P. Reed - Fascinating that IBM Corp. Is banning... | FacebookApr 23 06:24
schestowitzhttps://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=4acd47644ef1e1c8f8f5bc40b7cf1c5b9bcbbc4eApr 23 06:24
-TechrightsBN/#boycottnovell-git.kernel.org | kernel/git/netdev/net.git - Netdev Group's networking treeApr 23 06:24
Techrights-secThe defences need a lot of tuning.  I end up with a lot of false negatives here.Apr 23 07:04
schestowitztuxmachines-old boycottn]# grep tab /var/www/html/.htaccessApr 23 07:05
schestowitz RewriteCond %{THE_REQUEST} ^.*(quicktabs).* [NC]Apr 23 07:05
schestowitzAt the moment this line and the one before/after it is key. If the site is under attack, uncommenting that part will likely help a lot.Apr 23 07:05
schestowitzTo ssh://git-tr/home/git/tr-git/Apr 23 07:14
schestowitz   c11e1e5..5497dcf  master -> masterApr 23 07:14
Techrights-secoops: the above should read false positivesApr 23 07:15
schestowitzBTW, gemini reqs so far this month now over 80k. last month it was 74k for the whole month IIRCApr 23 07:18
schestowitzI thought about automating defenses for TM by swapping htaccess files. Do you remember where you put a file to that effect, a script you once wrote but have not tested?Apr 23 07:19
Techrights-secI can't recall, off the top of my head, but I can look around.  It helps Apr 23 07:20
Techrights-secto keep things in standard locations.Apr 23 07:20
schestowitzIf you have not changed tuxurl.sh on your local machine (I see no change in git), then I want to edit it here for better colours... don't want to make conflicting edits?Apr 23 07:20
Techrights-secTM is really sluggish to respond even to SSHApr 23 07:21
schestowitzyes, TM has been very slow over ssh lately, even if the load was lowApr 23 07:21
Techrights-secbe sure to fetch/pull/checkout or whatever from Git to ensure the latest versionApr 23 07:21
schestowitzif you have spare time, I think it's worth using the youtube clipper/clipping tool to find more videos of use/interest to TR followers, as we did last year... that typically requires having time to browse around relevant topics in youtubeApr 23 07:23
Techrights-secI can't find the old script,  it's probably around somewhere thoughApr 23 07:25
schestowitzwould you deem it a good idea to keep two .htaccess files around and swap over to 'safe mode' when the load goes high, as detected by the script we already have for it? I'm thinking, what's the worse that can happen? (Like invalid file or no file being put in place)Apr 23 07:26
Techrights-secYes that was more or less the method in that script, although with three filesApr 23 07:27
Techrights-secI'm not a fan of .htaccess but in this case it worksApr 23 07:27
schestowitzis the current version of load-trigger.sh in got?Apr 23 07:28
schestowitz*gitApr 23 07:28
Techrights-sec/home/boycottn/bin/http_categories_throttle.shApr 23 07:28
Techrights-secfound itApr 23 07:28
Techrights-secon TRApr 23 07:28
Techrights-secI don't think I've added load-trigger.sh to git yetApr 23 07:31
Techrights-secwe should add an sbin directory to the Git archiveApr 23 07:31
schestowitzsee tm:/var/www/html/.htaccess-attackmode Apr 23 07:33
schestowitzyou wrote the script for swapping the file, so grasp it better. Do you want to integrate it with load-trigger (in tmux)?Apr 23 07:34
schestowitz]# cp  /var/www/html/.htaccess /var/www/html/.htaccess-normalApr 23 07:36
Techrights-secok.  I've added sbin to the Git archive, see http_categories_throttle.shApr 23 07:36
Techrights-secwithin it.  That's for the old .htaccess not the new one yet Apr 23 07:36
Techrights-secthat might be a good ideaApr 23 07:36
Techrights-secprobably best to leave it as a separate script for now and just call itApr 23 07:36
Techrights-secfrom load-trigger as neededApr 23 07:36
schestowitzyes, keeping them separate was what I had in mindApr 23 07:37
schestowitzTo see the differences for now (I have some variation on those, depending on what apachetop on that machine shows me): diff  /var/www/html/.htaccess-normal /var/www/html/.htaccess-attackmode    Apr 23 07:38
schestowitzthe current one is, at the moment, 100% effective, as that weeds out the most horrendous queries that sweat the DBApr 23 07:39
schestowitzwe may need to decide what 'grace period' there is before the normal mode is restored or maybe we can just restore that manually when the time seems right and we're not both afkApr 23 07:45
Techrights-sec/usr/local/bin/tm_http_categories_throttle.shApr 23 07:46
Techrights-secon TMApr 23 07:46
schestowitzservice httpd restart is not needed as it updates as soon as the file is changed and "reload" might be enough without hanging up on existing connectionsApr 23 07:48
Techrights-sectm_http_categories_throttle.sh should be in /usr/local/sbin, I'll move it.Apr 23 07:49
Techrights-secI've moved load-trigger.sh there tooApr 23 07:49
schestowitzgood, that seems right, and contains no details about the attack patterns, so safe for git tooApr 23 07:49
Techrights-secthe wait time in load-trigger.sh is too short, I'll increat the wait afterApr 23 07:50
Techrights-secthe restart but leave the other wait the sameApr 23 07:50
schestowitzyes, I manually messed around with it to suit particular floods over time... but that could really be used parameterisation as well (only one delay type is a param)Apr 23 07:50
riannehttps://social.tchncs.de/@scops/106068779399347753Apr 23 07:51
-TechrightsBN/#boycottnovell-social.tchncs.de | scops: "@tuxmachines@mastodon.technology "what can i do t…" - MastodonApr 23 07:51
rianne""what can i do to win freedom for me and others?" is a question everyone should think about. for me: supporting and buying / #crowdfunding #opensource hard- and software for example :)Apr 23 07:51
rianne"Apr 23 07:51
riannehttps://mastodon.art/@controlfreak/105707137329813850Apr 23 07:52
rianne" kind of a storm in a teacup as there are plenty of distro options. I was more enraged to learn that a proprietary blob on rpi gpu chip for booting, which kinda ok with cause libre boot is a distant dream for poor people, was quietly bought out by MS the other year! So they had already greased their way into the hardware..."Apr 23 07:52
-TechrightsBN/#boycottnovell-mastodon.art | controlfreak: "@tuxmachines@mastodon.technology kind of a storm …" - Mastodon.ARTApr 23 07:52
Techrights-sec /usr/local/sbin/load-trigger.sh: line 14: test: 03.01: integer expression │Apr 23 07:56
Techrights-sec    1  0.08  84.0  7.0 /2009/06/16/18:58                              │expected   Apr 23 07:56
schestowitzBTW, after 9am today (1 hour from now) I will be free till Monday 5:30pmApr 23 07:59
schestowitzanything that can be done to make TM "Smart"(TM) and handle attacks on its own would greatly help in keeping us focused on updating the site. Yesterday I was extremely unproductive and could not produce many stories, not as many as I hoped/could anyway. I'm still aiming at 10 per day.Apr 23 08:00
Techrights-secwell if we get the load balance more automated the maintenance will be lessApr 23 08:03
Techrights-secof a distractionApr 23 08:03
Techrights-secand less in the wayApr 23 08:03
schestowitzI am guessing that chaining together the two scripts can help avoid the restarts altogether, basically swapping files early enough to reduce strain insteadApr 23 08:03
Techrights-secI'm still tweaking it, I think it is done ...Apr 23 08:08
schestowitzI've just swapped the htaccess files manually, seeing the sudden spike in nmonApr 23 08:08
schestowitzit has just stumbled upon a bug and restarted httpd and mysql after that, so maybe the files are not yet up to date or tested locally or in git?Apr 23 08:10
Techrights-sechttps://nitter.cc/BalearicsT/status/1385477569198411777#mApr 23 08:10
-TechrightsBN/#boycottnovell-nitter.cc | Stay wild (@BalearicsT): "History repeating http://techrights.org/2010/06/07/gsk-philanthrocapitalism/" | nitterApr 23 08:10
Techrights-sechttps://nitter.cc/BalearicsT/status/1385479093370691586#mApr 23 08:10
-TechrightsBN/#boycottnovell-nitter.cc | Stay wild (@BalearicsT): "techrights.org/2010/06/07/gs…" | nitterApr 23 08:10
Techrights-secIt's a bug.  It needs to work in integers only.  Apr 23 08:12
Techrights-secJust a minuteApr 23 08:12
schestowitzmy older version of it, with bc, dealt ok with non-integers too. Apr 23 08:13
Techrights-sec/usr/local/sbin/load-trigger.sh is fixed, I thinkApr 23 08:14
Techrights-secThose will ve very useful in the future, for any kind of attack, inc. on TR (they used to target the News Roundup page, even weeks ago)Apr 23 08:15
Techrights-secTM is missing tmuxApr 23 08:18
schestowitzYes, I could never find a working version of it, so I use tmux from TR over ssh to TMApr 23 08:18
Techrights-secok see /sbin-tm in Git, but /usr/local/sbin on TM now has the current versionsApr 23 08:23
Techrights-secplease give load-trigger a tryApr 23 08:23
schestowitzit stops httpd every minute if I run it, and load isn't highApr 23 08:25
schestowitzif [ 30 -le $load ]Apr 23 08:27
schestowitzless or equal?Apr 23 08:27
Techrights-secyesApr 23 08:28
schestowitzI think it restarts for a load lower than 30Apr 23 08:28
Techrights-sectest ,[, and [[, should be equivalentApr 23 08:29
Techrights-secsee 'man test' for the first one Apr 23 08:29
schestowitzI restarted httpd for loads of 3 and 8 when I run it some minutes agoApr 23 08:29
Techrights-secoh.  adjust it as appropriate thenApr 23 08:30
schestowitzOh, I see now. I think we restart httpd too oftenApr 23 08:32
schestowitzshould we reload instead? I'm also quite sure we need not reload either, as it seems to pick up the changes based on file timestemp or whatnot...Apr 23 08:33
schestowitzI have just commented out "service httpd restart"Apr 23 08:34
schestowitzok, now running in tmux without doing anything 'excessive' in terms of changing daemon statusApr 23 08:34
Techrights-secit needs to restart to reload the configuration or at least do a service reloadApr 23 08:35
Techrights-sec\Apr 23 08:35
schestowitzoddly enough, I've found, on apache with centos at least, if I nano the files, the effect is immediate when I save :-)Apr 23 08:35
Techrights-secmaybe a reload would be more apropriate in most of the cases Apr 23 08:36
Techrights-secok, if no restart is needed, it should be commented out all the way throughApr 23 08:37
Techrights-secI though Apache2 worked differentlyApr 23 08:37
schestowitzI have made it more verbose so that it says when it shifts between modesApr 23 08:38
schestowitzapache restart/reload commented out for now, it might come handy in the future in some other contexts, I am going to also add timestamps for events now...Apr 23 08:40
Techrights-secackApr 23 08:42
schestowitzMaybe I will extend the cautionary/probationary period, seeing how fast the load spikes as soon as it reverts back to normal modeApr 23 08:43
schestowitzI've change the htaccess trigger threshold to 10, i.e. change mode at 10 just in case, restart things only at 30Apr 23 08:51
schestowitzAfter much trial and error with real conditions (site situation) I think I've made both scripts sort of suitable for this site's need, which may change as the scraping/attack patterns evolveApr 23 09:42
schestowitzas a side note, I think this will keep the site in 'normal' mode most of the time and will likely be OK as long as the tmux  session is live with the script. Next week we start experimenting with gym (outside, not at home) just 1.5 or 2 times a week. This week and last week it was 3.Apr 23 09:54
Techrights-secI've updated Git nowApr 23 09:55
schestowitzthanks for updating it in git, that might come handy next time TR too is targeted, we can deploy the same with adjustmentsApr 23 09:56
schestowitzgemini 11k reqs since midnightApr 23 10:00
schestowitzI think that for TM we've managed to 1) minimise hangups/restarts/downtime 2) keep all elements of the site as available as possible. Sometimes it's all calm for 6 hours or a whole day...Apr 23 10:02
schestowitzRe "Haven't seen a blog post from Pogson for a while."Apr 23 10:29
schestowitzYes, Rianne still follows him, I do not because it became OT all the timeApr 23 10:30
schestowitzI'm sure he's still alive, though COVID id risky due to obesityApr 23 10:30
schestowitzhis blog perished over timeApr 23 10:30
schestowitzthat's how things areApr 23 10:30
schestowitzI keep adding new linux blogs as I find themApr 23 10:30
schestowitzfound and added a new one yesterday (RSS)Apr 23 10:30
Techrights-secMany blogs have RSS.  Sometimes I write to the authors of thoseApr 23 10:43
Techrights-secthat lack RSS or Atom feeds.  There's not otherwise any practical Apr 23 10:43
Techrights-secway to keep up with them.Apr 23 10:43
schestowitzMany bloggers do not know what RSS is, even if their blog has that!Apr 23 10:43
schestowitzMany of them do not even advertise xml/atom/rss, so I've developed a skill for quickly getting them from page source. Firefox and other browsers no longer help RSS discovery processes. Guess that makes Google happier. For Google RSS feed you must dig VERY deep and they recently broken RSS feeds for Google News, the structure changed so rianne and I had to change them one by one.Apr 23 10:45
Techrights-secYes, I find those too but some just plain seem too lack feeds still.Apr 23 10:46
Techrights-secIt's usually the handcraftedd ones.Apr 23 10:46
schestowitzsince you've mentioned that (!!), some linux blogs I follow update RSS feeds manually once a day or a few times a week, so there's a big delay/lag, then you can get drowned by dozens of new items at the same time, which harms ability to digestApr 23 10:47
Techrights-secyes when about 50 feeds come through at once it can be quite a chore toApr 23 10:52
Techrights-sectriage and then read them.Apr 23 10:52
Techrights-secQuiteRSS takes several minutes to do a full update these days. Apr 23 10:52
schestowitzwith about 300 feeds a full refresh on my conn takes about 2 minutes, depending how many things get downloaded and  not cached etc. Maybe we should do more videos on how to effectively use RSS??Apr 23 10:52
Techrights-secIt might help.  Any advancemento of Atom or RSS feeds helps.  Apr 23 11:03
schestowitzx https://cse.umn.edu/cs/statement-cse-linux-kernel-research-april-21-2021Apr 23 12:44
-TechrightsBN/#boycottnovell-cse.umn.edu | Statement from CS&E on Linux Kernel research - April 21, 2021 | Department of Computer Science and Engineering | College of Science and EngineeringApr 23 12:44
schestowitz# lame response, one which in no way resembles the required apologyApr 23 12:44
schestowitzx https://www.computerworld.com/article/3614195/4-steps-to-repair-microsoft-office.htmlApr 23 12:44
-TechrightsBN/#boycottnovell-www.computerworld.com | 4 steps to repair Microsoft Office | ComputerworldApr 23 12:44
schestowitz# spamApr 23 12:44
schestowitzx https://linuxfoundation.org/en/blog/interview-with-jory-burson-community-director-openjs-foundation-on-open-source-standards/Apr 23 12:44
-TechrightsBN/#boycottnovell-linuxfoundation.org | Interview with Jory Burson, Community Director, OpenJS Foundation on Open Source Standards - Linux FoundationApr 23 12:44
schestowitz# WTF?!?!? M$ Perlow?Apr 23 12:44
schestowitzJust got back from town, the script seems to have done a splendid job, will reply shortly...Apr 23 17:29
schestowitz12k reqs in gemini today, almost 900 uniques for monthApr 23 17:32
Techrights-secIt might help.  Any advancemento of Atom or RSS feeds helps.Apr 23 17:32
Techrights-secComments?  gemini://lonelysilo.ca/rfc/gemini-semantics.gmiApr 23 17:32
schestowitz gemini://lonelysilo.ca/rfc/gemini-semantics.gmi reminds me of things I put down 16 years ago: http://schestowitz.com/iuron/Apr 23 17:34
-TechrightsBN/#boycottnovell-schestowitz.com | Iuron - Semantic Knowledge EngineApr 23 17:34
Techrights-sechow much of the 12k is from spiders/Apr 23 17:36
Techrights-sec?Apr 23 17:36
schestowitzprobably about 10kApr 23 17:36
schestowitzbecause median is about 2kApr 23 17:38
Techrights-secrms-diaspora.transcript.txtApr 23 19:56
Techrights-secfor GeminiApr 23 19:56
Techrights-sec(also the link to Ogg is hidden from Gemini, I think)Apr 23 19:56
*rianne_ has quit (Read error: Connection reset by peer)Apr 23 19:58
schestowitzdone, fixedApr 23 20:00
*liberty_box has quit (Ping timeout: 268 seconds)Apr 23 20:04
*liberty_box (~liberty@host81-154-169-167.range81-154.btcentralplus.com) has joined #boycottnovellApr 23 20:08
*rianne_ (~rianne@host81-154-169-167.range81-154.btcentralplus.com) has joined #boycottnovellApr 23 20:08
-NickServ-schestowitz__!~schestowi@host81-154-169-167.range81-154.btcentralplus.com has just authenticated as you (schestowitz)Apr 23 20:15
*schestowitz__ (~schestowi@unaffiliated/schestowitz) has joined #boycottnovellApr 23 20:15
*ChanServ gives channel operator status to schestowitz__Apr 23 20:15
*schestowitz has quit (Quit: Konversation term)Apr 23 20:15
Techrights-sechttps://nitter.cc/Cyber_Gnostic/status/1385660255049297923#mApr 23 20:16
-TechrightsBN/#boycottnovell-nitter.cc | Ƹ̵̡Ӝ̵̨̄Ʒ ƉRɘΔϻ §ƴ§†ɘϻz Ƹ̵̡Ӝ̵̨̄Ʒ (@Cyber_Gnostic): "techrights.org/2020/08/10/ri…" | nitterApr 23 20:16
*asusbox (~rianne@2a00:23c4:c3aa:7d01:daa:e5ec:7de7:83cc) has joined #boycottnovellApr 23 21:21
*rianne has quit (Ping timeout: 260 seconds)Apr 23 21:21
*asusbox2 has quit (Ping timeout: 260 seconds)Apr 23 21:22
*rianne (~rianne@2a00:23c4:c3aa:7d01:daa:e5ec:7de7:83cc) has joined #boycottnovellApr 23 21:33
schestowitz__Fast-forwardApr 23 22:07
schestowitz__ sbin-tm/load-trigger.sh                | 48 ++++++++++++++++++++++++++++++++++++++++++++++++Apr 23 22:07
schestowitz__ sbin-tm/tm_http_categories_throttle.sh | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Apr 23 22:07
schestowitz__ sbin/http_categories_throttle.sh       | 35 +++++++++++++++++++++++++++++++++++Apr 23 22:07
schestowitz__cheers! Great work!Apr 23 22:07

Generated by irclog2html.py 2.6 | ䷉ find the plain text version at this address.