Did we just discover a way to grow the Yarn.social network? π€£ β Read more
Did we just discover a way to grow the Yarn.social network? π€£ β Read more
> All our servers come with an initial 2tb for free. β Read more
> The bandwidth for our free instances is 2 TB of free bandwidth.
>
> Mike Wolfman
> ww.vultr.com
> enior Linux Sys ...
Their response:
> The bandwidth for our free instances is 2 TB of free bandwidth.
>
> Mike Wolfman
>
> ww.vultr.com
>
> enior Linux Systems Administrator
π± β Read more
> Hi Team,
>
> Just noticed tha ...
@bender Is right. Apparently itβs 0 bandwidth. Iβm asking them some clarifying questions:
> Hi Team,
>
> Just noticed that you offer FREE (as in $0) VM(s) on the vc2-1c-0.5gb-free
>
> plan. however I also note that this has 0 Bandwidth.
>
> Iβm a bit confused by this. What would be the point of having a free VM if it has no Bandwidth? How is network bandwid ... β Read more
@aelaraji _@aelaraji.com_ Yes it would be honestly, for low traffic volumes for sure! β Read more
@terron _@duque-terron.cat_ Oh! For a minute there I thought this was our cat π± Haha π β Read more
@lyse _@lyse.isobeef.org_ Orβ¦ You got interrupted and forgot about the shape of the codebase you were going for π€£ β Read more
@kat _@yarn.girlonthemoon.xyz_ Morning! π Iβm quite ill today, taking today/tomorrow off work. Not sure what Iβve come down with π’ π· β Read more
@kat _@yarn.girlonthemoon.xyz_ HTMX is very nice to use π€£ β Read more
Look forward to it π β Read more
@bender Itβs true! This is only a good thing @kat _@yarn.girlonthemoon.xyz_ π€£ You keep going like this with your own little community of friends, and my
twtxt.net ( _flagship pod_) will no longer be π€£ Iβve always want to see Yarn.social grow, but grow in ways that kee ... β Read more
@kat _@yarn.girlonthemoon.xyz_ Oh you self-host Plex too! π€ Nice! π β Read more
I donβt want it to be 2026 π€£ β Read more
@bmallred _@staystrong.run_ You can probably recover missing twts from our caches if you need toβ¦ β Read more
yarnd? π€ Vultr is offering 1 vCPU, 500MB Memory and 10GB ...Hey this could be good news for self-hosters and folks that want to run their own
yarnd? π€ Vultr is offering 1 vCPU, 500MB Memory and 10GB Storage for FREE! Thatβs right $0.00 π€£ 
β Read more
@aelaraji _@aelaraji.com_ Man Iβm sorry to hear this. π’ Whatever it is youβre going through, things will get better I promise you π€ β Read more
@aelaraji _@aelaraji.com_ Same, I hope things get much better for you bud π€ β Read more
No more stupid little DDoS(s) from fucking China now π€£ β Read more
# Ignore Content-Type restrictions for Git
S ...**
Note for reference I was trying to write and fix this rule ( _fixed version below_):
# Ignore Content-Type restrictions for Git
SecRule REQUEST_HEADERS:Host "@streq git.mills.io" "id:101,phase:1,t:none,nolog,ctl:ruleRemoveById=920420"
β [Read more](https://twtxt.net/twt/n4ipixa)@lookupASNNotably the custom operator
@lookupASN β Read more
Iβll try to add a README for caddy-waf soonβ’ ( _going back to bed now_) at least document the customizations Iβve made to this WAF ( _which I forked from caddy-coraza_) β Read more
proxy-1:~# cat build.caddy.sh
#!/bin/sh
xcaddy build \
--with github.com/caddy-dns/cloudflare \
...**
This is how I build my caddy:
proxy-1:~# cat build.caddy.sh
#!/bin/sh
xcaddy build \
--with github.com/caddy-dns/cloudflare \
--with github.com/caddyserver/cache-handler \
--with git.mills.io/prologic/caddy-ratelimit \
--with git.mills.io/prologic/caddy-waf
proxy-1:~#
β [Read more](https://twtxt.net/twt/dokh7ca)
proxy-1:~# grep -c 'Bad ASN' /var/log/caddy/caddy.log
2441
Ahh fuck! Sorry I was fixing a rule π€£ This is much better!
proxy-1:~# grep -c 'Bad ASN' /var/log/caddy/caddy.log
2441
proxy-1:~# cat /etc/caddy/waf/bad_asns.txt
# CHINANET-BACKBONE No. ...**
[@bender](https://twtxt.net/user/bender/) Yes they are rather large π€£ Here you go:
proxy-1:~# cat /etc/caddy/waf/bad_asns.txt
# CHINANET-BACKBONE No.31,Jin-rong Street, CN
# Why: DDoS
4134
# CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN
# Why: DDoS
4837
# CHINAMOBILE-CN China Mobile Communications Group Co., Ltd., CN
# Why: DDoS
9808
# FACEBOOK, US
# Why: Bad Bots
32934
proxy-1:~ ... β Read more
> An autonomous system (AS) is a collection of connected Internet Protocol (IP) routing prefixes under ...
@bender AS Number):
> An autonomous system (AS) is a collection of connected Internet Protocol (IP) routing prefixes under the control of one or more network operators on behalf of a single administrative entity or domain, that presents a common and clearly defined routing policy to the Internet.[ ... β [Read more](https://twtxt.net/twt/4klbjaq)
Cool! π So I can now block ASN(s) π€£ ( _And I bet no-one noticed anything_) β Read more
@kat _@yarn.girlonthemoon.xyz_ I love blue π€£ β Read more
@aelaraji _@aelaraji.com_ Still in my cache π€£ β Read more
@aelaraji _@aelaraji.com_ Bahahaha, you know where the default theme lives π€£ PRs welcome! β Read more
429 Too many requests response π Thank you Google! π ...Itβs nice to see that _some_ Crawlers _actaully_ respect rate limits and respect a
429 Too many requests response π Thank you Google! π 
β Read more
@bender So you mean, get failtb2n to look at my Caddy audit logs for violations and then just block at the firewall level for repeated violations? π€ β Read more
@kat _@yarn.girlonthemoon.xyz_ token will still be valid π β Read more
@kat _@yarn.girlonthemoon.xyz_ π β Read more
@kat _@yarn.girlonthemoon.xyz_ Yeah thatβs what the admin function does. Normal user password reset is different but requires working email π€£ β Read more
@kat _@yarn.girlonthemoon.xyz_ Speaking of KVM, Tiny Pilot and Jet KVM look really good! β Read more
@kat _@yarn.girlonthemoon.xyz_ Itβll be whatever the actual serverβs time zone is. β Read more
@kat _@yarn.girlonthemoon.xyz_ Temporally change the admin account on your pod to another account. Then login with that and reset the password on your main account. β Read more
What didnβt work? Hmmm π€ β Read more
Hmm? π€ β Read more
@seabirdie _@yarn.girlonthemoon.xyz_ π Welcome to Yarn.social π β Read more
@kat _@yarn.girlonthemoon.xyz_ Haha π€£ β Read more
yarnd supports video too π€£**Also
yarnd supports video too π€£ β Read more
@kat _@yarn.girlonthemoon.xyz_ Thanks! I built my own video hosting platform too but not nearly as fancy as what you use π€£ β Read more
@ _@yarn.girlonthemoon.xyz_ π Welcome to Yarn.social π β Read more
@bender Wre Iβm talking about Web right? π€£ β Read more
@aelaraji _@aelaraji.com_ Nice! π β Read more
@bender youβre right the scale wasnβt that large, but analyzing the logs. It definitely was a detox attack. π€£ I woke up this morning to see six other small spikes like this which Iβll have to analyze later tonightβ¦ β Read more
@movq _@www.uninformativ.de_ Yes β Read more
@kat _@yarn.girlonthemoon.xyz_ What do you use for this btw? π€ β Read more
Additionally, I' thinking of; How to detect DDoS attachs?
Here's one way I've come up that's qu ...
So I need to figure out how to block ASN(s)β¦
Additionally, Iβ thinking of; How to detect DDoS attachs?
Hereβs one way Iβve come up thatβs quite simple:
> Detecting DDoS attacks by tracking requests across multiple IPs in a sliding window. If total requests exceed a threshold in a given time, flag as potential DDoS. β Read more
β Read more
@lyse _@lyse.isobeef.org_ Cool π β Read more
Hmmm so Iβve sustained two DDoS attacks on my Gitea server today. A few hours apar. Still analyzing the trafficβ¦ β Read more
For the time beingβ¦ Iβve just blocked all of OpenAI(s) Bots. They ( _thankfully_) publish a JSON endpoint that you can use to block all OpenAI crawlers from reaching your server ( _in my case, blocking it at the edge_). Example:
proxy-1:~# curl -qs https://openai.com/gptbot.json | jq -r '.prefixes[].ipv4Prefix' | xargs -I{} ./block-ip.sh {}
Where ... β Read more
.**
[@aelaraji _@aelaraji.com_](https://twtxt.net/external?uri=https://aelaraji.com/twtxt.txt&nick=aelaraji) Yes! π This is exactly what it is! π€£ I will of course soonβ’ be hosting this service, likely at validator.twtxt.net π
π
β [Read more](https://twtxt.net/twt/rmyrhwq)
@kat _@yarn.girlonthemoon.xyz_ Haha π€£ If someone figures this out, please let me know ππ β In the meantime, Iβm going to very soonβ’ write a daemon that will watch the audit log for repeated violations and add to the network firewall. β Read more
proxy-1:~# ./audit-log-by-ip.sh 4.227.36.76 | coraza-log-formatter -m -
2025/01/04 23:17:04 4.227.36.76 58982 GE ...**
This is better:
proxy-1:~# ./audit-log-by-ip.sh 4.227.36.76 | coraza-log-formatter -m -
2025/01/04 23:17:04 4.227.36.76 58982 GET /external?aff-HY0BLO=&f=mediaonly&f=noreplies&nick=g1n&uri=https%3A%2F%2Fthe-president-codes.linegames.org null 0 On OWASP_CRS/4.7.0
Actionset: OWASP_CRS/4.7.0
Message: Bad User Agent
Severity: 0
Raw: SecRule REQUEST_HEADERS:User-Agent "@pmFromFile /etc/cadd ... β Read more~
proxy-1:~# ./audit-log-by-ip.sh 4.227.36.76 | coraza-log-formatter -m -
Actionset: OWASP_CRS/4.7.0
M ...**
Nice! I wrote another useful tool π
proxy-1:~# ./audit-log-by-ip.sh 4.227.36.76 | coraza-log-formatter -m -
Actionset: OWASP_CRS/4.7.0
Message: Bad User Agent
Severity: 0
Raw: SecRule REQUEST_HEADERS:User-Agent "@pmFromFile /etc/caddy/waf/bad_user_agents.txt" "id:2000,log,phase:1,deny,msg:'Bad User Agent'"
β [Read more](https://twtxt.net/twt/4nndfsa)
proxy-1:~# jq '. | select(.request.remote_ip=="4.227.36.76")' /v ...**
How in da fuq do you _actually_ make these fucking useless AI bots go way?
proxy-1:~# jq '. | select(.request.remote_ip"4.227.36.76")' /var/log/caddy/access/mills.io.log | jq -s '. | last' | caddy-log-formatter -
4.227.36.76 - [2025-01-05 04:05:43.971 +0000] "GET /external?aff-QNAXWV=&f=mediaonly&f=noreplies&nick=g1n&uri=https%3A%2F%2Fmy-hero-ultra-impact-codes.linegames.org HTTP/2.0" ... β Read more~
Done. β Read more
@lyse _@lyse.isobeef.org_ Oh good! It works haha π€£ Iβll bump it up a bit π β Read more
And now Iβve applied rate limits on every site to reasonable values π β Read more
@bender Isnβt that why um yarning my progress π€£ β Read more
@kat _@yarn.girlonthemoon.xyz_ Iβve actually moved most of my stuff of of Cloudflare now π€£ Iβm actually very happy with my edge proxy setup that reverse proxies, caches and acts as a web application firewall π₯³ β Read more
@kat _@yarn.girlonthemoon.xyz_ Have you seen the SSG that I built and use on all my static sites? zs π€ β Read more
Oh gawd. I canβt enable caching on my edge proxy everywhere π± Some shitβ’ doesnβt deal with a caching reverse proxy in front of it very well for some reason I donβt have time to dig into right now π€ β Read more
Whatβs a reasonable per second or per minute rate limit that I could apply in general at my edge proxy for all clients? ( _no matter what_) β¦ LIke a good reasonable upper bound? π€ β Read more
@movq _@www.uninformativ.de_ Yeah I swear to god the engineers that write this shitβ’ donβt know how to write distributed cralwers that donβt happy the shitβ’ out of their targets π€¦ββοΈ β Read more
robots.txt files at all really, because they mostly get ignored. I don't g ...@doesnm _@doesnm.p.psf.lt_ No. I generally donβt put up any
robots.txt files at all really, because they mostly get ignored. I donβt generally mind if βnormalβ web crawlers crawl things. But LLM(s) can go fuck themselves π€£ β Read more
@movq _@www.uninformativ.de_ Yeah itβs starting to piss me off too π€£ Not nearly as much as that guy, but stil. Anyway Iβm having fun! Now I just need to find a good IP/Subnet list that I can blacklist entirely, ideally one thatβs updated frequently so I can refresh firewall rules. β Read more
Bloody fucking hell. I _think_ one of Googleβs GenAI crawlers was just hitting my Gitea instance quite hard. Fuck π€¬ Geez β Read more
@movq _@www.uninformativ.de_ Oh π€¦ββοΈ β Read more
I just banned 41 bad user agents from accessing any of my services. π± β Read more
@movq _@www.uninformativ.de_ How do you manage to get those skulines on your photos? π€ β Read more
yarnd. What did you have in mind here? π€**@doesnm _@doesnm.p.psf.lt_ No, itβs only designed for
yarnd. What did you have in mind here? π€ β Read more
yarnc the command-line client uses.@doesnm _@doesnm.p.psf.lt_ It is the same API that
yarnc the command-line client uses. β Read more
i.e: Not much point in running a WAF on a static site. But OTOH if thereβs enough abuse from shitty assholes, there might be π€π€ β Read more
The builtin OWASP rules are already working nice ...
Iβm just basically learning now how ModSecurity rules work and how to write my own.
The builtin OWASP rules are already working nicely π β And yeah I wonβt include the WAF on every site block, probably just my main/primary domain where I tend to run demo services and other things. β Read more
@kat _@yarn.girlonthemoon.xyz_ If youβve been following my yarns the other day about me getting off of Clownflare and building my own WAF, Proxy and effectively my own Edge network, youβll know Iβm doing this at the very edge π€£π€£ β Read more
Having a lot of fun with Coraza today. A Web Application Firewall library written in Go that also happens to have a Caddy module. β Read more
@bender Hey ! π β Read more
> Problems are solved by method.
-- Dr. Don Abel.
@eapl.me _@eapl.me_ And here I always lived by:
> Problems are solved by method.
>
> β Dr. Don Abel. β Read more
π₯± morning yβall π Soo tired π₯± Need coffee!!! βοΈβοΈβοΈβοΈ β Read more
@lyse _@lyse.isobeef.org_ It does not π€£ Shsll I enable it? π€£ β Read more
@bender Itβs true! π€£ Itβs a total garbage nonsense title. But the actual research paper that the video references is real. Apple did in fact do a bunch of research and proved what we already know π€£ β That is, AI is stupid π€£ β Read more
@movq _@www.uninformativ.de_ Amend π β Read more
> S ...
But to be fair, we already knew thisβ¦ Iβve observed it first hand, we knew it at the beginning. Iβll just leave you with this:
> Stochastic Parrot
or put simply:
> Artificial Incompetence β Read more
Apple DROPS AI BOMBSHELL: LLMS CANNOT Reason - YouTube β Read more
@movq _@www.uninformativ.de_ Fuxking awesome ππ β Read more
@movq _@www.uninformativ.de_ Yup! π β Read more
I can walk you through some examples later tonight when I get back if you like? β Read more
A pointer is basically a reference to a variable. It is typically used with structs and especially in pointer receiver methods so that you can modify fields of a struct. β Read more
@kat _@yarn.girlonthemoon.xyz_ Oh! I can totally help you π€ I love Go! π β Read more
Holy Smokes π€£ And this has only been <24h π±
β Read more
Also post as much as you want! Itβs a free world. Itβs your feed. Itβs your daughter. π€£ nobody actually has to read any of it let alone follow you if they donβt want to. π thatβs kind of the beauty of a truly decentralized slow social media ecosystem. π β Read more
@kat _@yarn.girlonthemoon.xyz_ You shouldβve seen me back in the day! These days I try to post a little less often so as not to cause too much noise in the ecosystem π€£ nobody cares what I think anyway right? π β Read more
yarnd actually stores your feed in plain text on disk too π€£**@kat _@yarn.girlonthemoon.xyz_
yarnd actually stores your feed in plain text on disk too π€£ β Read more
yarnd (_which powers Yarn.social pods like twtxt.net_) does have an API, however that API is desig ...@andros _@twtxt.andros.dev_ What do you mean by API?
yarnd ( _which powers Yarn.social pods like twtxt.net_) does have an API, however that API is designed for clients to interact with the pod and the userβs account and feed. e.g: there is a command-line client called yarnc and I used to maintain a mobile native app ( ... β Read more
@kat _@yarn.girlonthemoon.xyz_ So far itβs been alright. I wasnβt too impressed with Caddyβs logging capabilities though or the fact you have to custom build caddy just to support DNS-01 ACME challenge. But other than that, itβs okay. β Read more
@bender Well technically now I can turn off ingress access to my infra on ports 80/43 etc and just rely on the outbound wireguard tunnelling for the ingress back in. β Read more