dual_sport_dork 🐧🗡️

Knives (key chain knife that looks like a key, pocket knife with fold out locking blade that has interchangeable blades with box cutters)

I have several of the former from various eras. They seem to be universally crap, which is disappointing. Some states (California leaps to mind) also have laws against knives that are disguised look like other things. This is objectively stupid, but it’s how it is.

For the latter, might I suggest this or this? Just sayin’, as they say.

Aside from the terrorism aspect, the remaining non-blown reactors were still providing power up until I think 2000 before it was finally fully shut down. Russia has obviously had a fixation on trying to destroy Ukraine’s infrastructure and outside of any other potential fuckery is probably concerned that Ukraine will be able to power it back up again if they need to, especially if more of their infrastructure elsewhere is blown up.

Plus, even if the Russians lose Ukraine will still be left holding the bag for cleaning up and repairing whatever additional damage was done to the containment structures.

I am upvoting the only correct answer in this entire thread, short of someone suggesting gifting random motorcycle parts.

Same way I didn’t know about the -U update parameter, I’ll bet you. You ask yt-dlp to list its flags and arguments and it spits out a listing into your console that’s about nineteen miles long because apparently it can do anything.

The only command line tool I use regularly that’s comparably capable and even more byzantine is ImageMagick.

Task Manager is launched by the listener in winlogon if you use the Ctrl + Shift + Esc method though, right? I’m pretty sure you can still launch Task Manager, and from there attempt to relauch Explorer, even if Explorer is borked or not running. You’d just have to know how to do that and that you can.

That’s what I always do when Explorer’s ears inexplicably catch fire and I’m either too lazy or too naively hopeful to reboot.

For anyone following along at home, Windows Explorer is also responsible for displaying the start menu/taskbar. In the example in the article there’s something else funky going on inside Explorer, though, because the taskbar and even the desktop icons are all there, it’s just not rendering correctly. (Explorer is also responsible for showing all of your desktop icons.)

I generally upvote stuff to reward engagement and effort. Anything I pass by that looks like a creative work someone is putting forth themselves I’ll upvote. Also pretty much any response to anything I post or comment on. Often times comments I respond to as well.

I only downvote utter bullshit, i.e. people spouting things that are categorically not true, or bad faith arguments, or just people being argumentative in general when there’s no reason to be so.

I don’t give enough of a flying fuck if we hypothetically disagree, only if your position is so odious that it is in fact literally objectively wrong or intentionally misleading.

Or utterly useless bots that no one asked for. I’ll downvote those, too, but I haven’t seen too many of them anymore in the corners that I regularly haunt.

Well, fuck. Just at this exact second you’ve taught me that I’ve been doing that the hard way for ages, by actually going to the project’s github page.

Anyway, another shout out for yt-dlp regardless. I get a giggle every time I see one of those sporadic news articles involving the music recording industry still whinging about piracy. Er, the record labels themselves pathologically post every single track ever recorded to Youtube to rake in that ad revenue, and it’s all free for the taking. If you decide you’d like to be proud owner of any of them forever you can just hit it with the ol’ yt-dlp -x.

I am continually amazed at the number of non-Youtube sources that yt-dlp Just Works with as well. It seems any video content posted online that you’d like to gaff can be handily vacuumed up with it, regardless of the site operator’s desperate attempts to prevent you from doing so.

I’ve never retrobrighted anything because I always had a hunch this would be the case. It turns out I was vindicated. We all know full well that oxygenation is one of the things that deteriorates many materials, including embrittling plastics, and what you’re doing with this stuff is literally just oxygenating the shit out of your plastic in order to bleach it.

For stuff that I’ve really cared about de-yellowing, I’ve always just cleaned it thoroughly and painted over it. This has the added bonus of the paint being an additional protective layer rather than a destructive chemical reaction inflicted on the material itself. Sure, it sucks that you also paint over any logos printed on it or whatever, but you can recreate those with stickers if you really care. I figure that if anybody can’t identify what an NES or Dreamcast or something is shaped like, even without the logos on it, they’re probably not invited to any more of my parties anyway.

Penguins are cool. I ride dual sport motorcycles. (And other motorcycles. But definitely those.)

“Calls.”

There’s only one call, and it’s coming from Tim Sweeny at Epic. It’s just more of his usual yelling at clouds, because he’s got a pathological hate-on for anyone else who runs a storefont, including Apple and Google but especially Valve. He hasn’t made any positive contribution to the world since about 1998, and at this point we can all safely discard his opinion with nothing of value being lost. He wants to allow AI slime on his own platform because he thinks it’ll make him free money, but maybe he ought to worry about the smell coming from his own house before he goes around trying to dictate at others how they should run theirs.

I’m more of a Magnetbox bird, myself.

Well, my answer is nothing, and as anyone who follows me knows, seeing me not buy any random novelty cutlery trash from China has certainly got to count for something.

There are several things you could do in that regard, I’m sure. Configure your services to listen only on weird ports, disable ICMP pings, jigger your scripts to return timeouts instead of error messages… Many of which might make your own life difficult, as well.

All of these are also completely counterproductive if you want your hosted service, whatever it is, to be accessible to others. Or maybe not, if you don’t. The point is, the bots don’t have to find every single web service and site with 100% accuracy. The hackers only have to get lucky once and stumble their way into e.g. someone’s unsecured web host where they can push more malware, or a pile of files they can encrypt and demand a ransom, or personal information they can steal, or content they can scrape with their dumb AI, or whatever. But they can keep on trying until the sun burns out basically for free, and you have to stay lucky and under the radar forever.

In my case just to name an example I kind of need my site to be accessible to the public at large if I want to, er, actually make any sales.

I wasn’t going to type that many commas for the sake of brevity, but it’s 340,282,366,920,938,463,463,374,607,431,768,211,456 possible addresses. I.e. 2¹²⁸. So yes, I do.

I consider 96 orders (in binary, anyway) as “multiple.” Wouldn’t you?

Almost certainly. There are only 4,294,967,296 possible IPv4 addresses, i.e. 4.3ish billion, which sounds like a lot but in computer terms really isn’t. You can scan them in parallel, and if you’re an advanced script kiddie you could even exclude ranges that you know belong to unexciting organizations like Google and Microsoft, which are probably not worth spending your time messing with.

If you had a botnet of 8,000 or so devices and employed a probably unrealistically generous timeout of 15 seconds, i.e. four attempts per minute per device, you could scan the entire IPv4 range in just a hair over 93 days and that’s before excluding any known pointless address blocks. If you only spent a second on each ping you could do it in about six days.

For the sake of argument, cybercriminals are already operating botnets with upwards of 100,000 compromised machines doing their bidding. That bidding could well be (and probably is) probing random web servers for vulnerabilities. The largest confirmed botnet was the 911 S5 which contained about 19 million devices.

In my case the pattern appears to be some manner of DDoS botnet, probably not an AI scraper. The request origins are way too widespread and none of them resolve down to anything that’s obviously datacenters or any sort of commercial enterprise. It seems to be a horde of devices in consumer IP ranges that have probably be compromised by some malware package or another, and whoever is controlling it directed it at our site for some reason. It’s possible that some bad actor is using a similar malware/bot farm arrangement to scrape for AI training, but I’d doubt it. It doesn’t fit the pattern from that sort of thing from what I’ve seen.

Anyway, my script’s been playing automated whack-a-mole with their addresses and steadily filtering them all out, and I geoblocked the countries where the largest numbers of offenders were. (“This is a bad practice!” I hear the hue and cry from specific strains of bearded louts on the Internet. That says maybe, but I don’t ship to Brazil or Singapore or India, so I don’t particularly care. If someone insists on connecting through a VPN from one of those regions for some reason, that’s their own lookout.)

They seem to have more or less run out of compromised devices to throw at our server, so now I only see one such request every few minutes rather than hundreds per second. I shudder to think how long my firewall’s block list is by now.

I have and there’s nothing noteworthy, other than tons of other retailers selling the same thing of course.

That’s because it’s numerically possible to sweep through the entire IPv4 address range fairly trivially, especially if you do it in parallel with some kind of botnet, proverbially jiggling the digital door handles of every server in the world to see if any of them happen to be unlocked.

One wonders if switching to purely IPv6 will forestall this somewhat, as the number space is multiple orders of magnitude larger. That’s only security through obscurity, though, and it’s certain the bots will still find you eventually. Plus, if you have a doman name the attackers already know where you are — they can just look up your DNS record, which is what DNS records are for.

It doesn’t quite work that way, since the URL is also the model number/SKU which comes from the manufacturer. I suppose I could write an alias for just that product but it would become rather confusing.

What I did experiment with was temporarily deleting the product altogether for a day or two. (We barely ever sell it. Maybe 1 or 2 units of it a year. This is no great loss in the name of science.) This causes our page to return a 404 when you try to request it. The bots blithely ignored this, and continued attempting to hammer that nonexistent page all the same. Puzzling.

Maybe, but I also carry literally hundreds of other products from that same brand including several that are basically identical with trivial differences, and they’re only picking on that one particular SKU.