twtxt

lyse
Reply to #2rxkcca
@abucci Just making sure you're seeing @xuu's twt, in case he's still on your blacklist:

> Hey so.. i just got an email from my ISP saying they will terminate my service. Did i break something @abucci ?
>
> – https://txt.sour.is/twt/oohzbqa
1 day ago
💬 Reply

xuu
Reply to #2rxkcca
Hey so.. i just got an email from my ISP saying they will terminate my service. Did i break something @abucci ?
1 day ago
💬 Reply

prologic
Reply to #rdeh4dq
@abucci No worries! All in the name of better reliability and security 😅
1 day ago
💬 Reply

prologic
Reply to #4ljpfuq
@stigatle Thanks! Sooo cold 🥶
1 day ago
💬 Reply

prologic
Reply to #2rxkcca
@stigatle no problems 👌 one problem solved at least 🤣
1 day ago
💬 Reply

prologic
Anyway, I'm gonna have to go to bed... We'll continue this on the weekend. Still trying to hunt down some kind of suspected mult-GB avatar using @stigatle 's pod's cache:

```
$ (echo "URL Bytes"; sort -n -k 2 -r < avatars.txt | head) | column -t
URL Bytes
https://birkbak.neocities.org/avatar.jpg 667640
https://darch.neocities.org/avatar.png 652960
http://darch.dk/avatar.png 603210
https://social.naln1.ca/media/0c4f65a4be32ff3caf54efb60166a8c965cc6ac7c30a0efd1e51c307b087f47b.png 327947
...
```

But so far nothing much... Still running the search...
1 day ago
💬 Reply

stigatle
Reply to #2rxkcca
@prologic @abucci my /tmp is fine now, no avatars there. I have to drive my daughter to a birthday party now, but I keep things running and I'll check when I get back.
1 day ago
💬 Reply

prologic
Reply to #2rxkcca
Out of interest, are you able to block whole ASN(s)? I blocked the entirely of teh AWS and Facebook ASN(s) recently.
1 day ago
💬 Reply

prologic
Reply to #2rxkcca
@abucci Oh 🤣 Well my IP is a known subnet and static, so if you need to know what it is, Email me 😅
1 day ago
💬 Reply

prologic
Reply to #2rxkcca
@abucci Seems to be okay now hmmm
1 day ago
💬 Reply

prologic
Reply to #qv5sgja
@abucci Hmm I can see your twts on my pod now 🤔
1 day ago
💬 Reply

stigatle
Reply to #2rxkcca
@abucci yeah I can see it :)
1 day ago
💬 Reply

prologic
@abucci / @abucci Any interesting errors pop up in the server logs since the the flaw got fixed (_unbounded `receieveFile()`_)? 🤔
1 day ago
💬 Reply

prologic
Hmmm 🧐

```
for url in $(jq -r '.Twters[].avatar' cache.json | sed '/^$/d' | grep -v -E '(twtxt.net|anthony.buc.ci|yarn.stigatle.no|yarn.mills.io)' | sort -u); do echo "$url $(curl -I -s -o /dev/null -w '%header{content-length}' "$url")"; done
...
```

😅 Let's see... 🤔
1 day ago
💬 Reply

lyse
Reply to #g6v4kxq
@movq My issue is, now that we have the chance of getting something fast, people artificially slow it down again. Wether they think it's cool that they added some slow animation or just lack of knowledge or whatever. The absolute performance does not translate to the relative performance that I observe. Completely wasted potential. :-(

In today's economy, nobody optimizes something if it can be just called good enough with the next generation hardware. That's especially the mindset of big coorporations.

Anyway, getting sidetracked from the original post. :-)
1 day ago
💬 Reply

stigatle
Reply to #ve43paq
@prologic will do, thanks for the tip!
1 day ago
💬 Reply

prologic
Reply to #ve43paq
@stigatle The one you sent is fine. I'm inspecting it now. I'm just saying, do yourself a favor and nuke your pod's garbage cache 🤣 It'll rebuild automatically in a much more prestine state.
1 day ago
💬 Reply

stigatle
Reply to #ve43paq
@prologic you want a new cache from me - or was the one I sent OK for what you needed?
1 day ago
💬 Reply

prologic
Reply to #ve43paq
That was also a source of abuse that also got plugged (_being able to fill up the cache with garbage data_)
1 day ago
💬 Reply

prologic
Reply to #ve43paq
Ooof

```
$ jq '.Feeds | keys[]' cache.json | wc -l
4402
```

If you both don't mind dropping your caches. I would recommend it. Settings -> Poderator Settings -> Refresh cache.
1 day ago
💬 Reply

stigatle
Reply to #ve43paq
@prologic No worries, thanks for working on the fix for it so fast :)
1 day ago
💬 Reply

lyse
Reply to #c7kyxoa
@prologic Yup. Didn't regret climbing these three hundred odd meters of elevation. :-)
1 day ago
💬 Reply

prologic
Reply to #ve43paq
@stigatle Thank you! 🙏
1 day ago
💬 Reply

stigatle
Reply to #ve43paq
@prologic here you go:
https://drive.proton.me/urls/XRKQQ632SG#LXWehEZMNQWF
1 day ago
💬 Reply

prologic
Reply to #ve43paq
@stigatle Ta. I hope my theory is right 😅
1 day ago
💬 Reply

stigatle
Reply to #ve43paq
@prologic thank you. I run it now as you said, I'll get the files put somewhere shortly.
1 day ago
💬 Reply

prologic
Reply to #ve43paq
But just have a look at the `yarnd` server logs too. Any new interesting errors? 🤔 No more multi-GB tmp files? 🤔
1 day ago
💬 Reply

prologic
Reply to #ve43paq
@stigatle You want to run `backup_db.sh` and `dump_cache.sh` They pipe JSON to stdout and prompt for your admin password. Example:

```
URL=<your_pod_url> ADMIN=<your_admin_user> ./tools/dump_cache.sh > cache.json
```
1 day ago
💬 Reply

lyse
Reply to #ug2ndqa
@stigatle Worky, worky now! :-)

Mate, these are some really nice gems! What a stunning landscape. I love it. Holy cow, that wooden church looks really sick. Even though, I'm not a scroll guy and prefer simple, straight designs, I have to say, that the interior craftmanship is something to admire.
1 day ago
💬 Reply

stigatle
Reply to #ve43paq
@prologic so, if I'm correct the dump tool made a pods.txt and a stats.txt file, those are the ones you want? or do you want the output that it spits out in the console window?
1 day ago
💬 Reply

prologic
Reply to #ve43paq
Just thinking out loud here... With that PR merged (_or if you built off that branch_), you _might_ hopefully see new errors popup and we might catch this problematic bad feed in the act? Hmmm 🧐
1 day ago
💬 Reply

prologic
Reply to #ybzi67q
@slashdot I _thought_ Sunday was the hottest day on Earth 🤦‍♂️ wtf is wrong with Slashdot these days?! 🤣
1 day ago
💬 Reply

prologic
Reply to #ve43paq
if we can figure out wtf is going on here and my theory is right, we can blacklist that feed, hell even add it to the codebase as an "asshole".
1 day ago
💬 Reply

prologic
Reply to #ve43paq
@stigatle The problem is it'll only cause the attack to stop and error out. It won't stop your pod from trying to do this over and over again. That's why I need some help inspecting both your pods for "bad feeds".
1 day ago
💬 Reply

stigatle
Reply to #ve43paq
@prologic I'm running it now. I'll keep an eye out for the tmp folder now (I built the branch you have made). I'll let you know shortly if it helped on my end.
1 day ago
💬 Reply

prologic
Reply to #ve43paq
@abucci / @stigatle Please `git pull`, rebuild and redeploy.

There is also a shell script in `./tools` called `dump_cache.sh`. Please run this, dump your cache and share it with me. 🙏
1 day ago
💬 Reply

prologic
Reply to #ve43paq
I'm going to merge this...
1 day ago
💬 Reply

prologic
Reply to #homd37a
@abucci Yeah I've had to block entire ASN(s) recently myself from bad actors, mostly bad AI bots actually from Facebook and Caude AI
1 day ago
💬 Reply

prologic
Reply to #ve43paq
Or if y'all trust my monkey-ass coding skillz I'll just merge and you can do a `git pull` and rebuild 😅
1 day ago
💬 Reply

prologic
@stigatle / @abucci My current working theory is that there is an asshole out there that has a feed that both your pods are fetching with a multi-GB avatar URL advertised in their feed's preamble (metadata). I'd love for you both to review this PR, and once merged, re-roll your pods and dump your respective caches and share with me using https://gist.mills.io/
1 day ago
💬 Reply

stigatle
Reply to #ze3zlba
@prologic yeah I still do have that issue, I compiled latest main, did not apply any patches or anything like that.
1 day ago
💬 Reply

prologic
Reply to #ze3zlba
@stigatle I'm wondering whether you're having the same issue as @abucci still? mulit-GB `yarnd-avatar-*1` files piling up in `/tmp/`? 🤔
1 day ago
💬 Reply

stigatle
Reply to #ze3zlba
@prologic yeah, I ran out of space again. also have the activitypub stuff turned off (just so you know).
1 day ago
💬 Reply

prologic
Reply to #uqxxstq
@abucci So... The only way I see this happening at all is if your pod is fetching feeds which have multi-GB sized avatar(s) in their feed metadata. So the PR I linked earlier will plug that flaw. But now I want to confirm that theory. Can I get you to dump your cache to JSON for me and share it with me?
1 day ago
💬 Reply

prologic
Reply to #homd37a
@abucci Yeah that should be okay, you get so much crap on the web 🤦‍♂️
1 day ago
💬 Reply

prologic
Reply to #uqxxstq
@abucci `sift` is a tool I use for grep/find, etc.

> What would you like to know about the files?

Roughly what their contents are. I've been reviewing the code paths responsible and have found a flaw that needs to be fixed ASAP.

Here's the PR: https://git.mills.io/yarnsocial/yarn/pulls/1169
1 day ago
💬 Reply

prologic
Reply to #rbzcmka
@abucci I believe you are correct.
1 day ago
💬 Reply

prologic
Reply to #homd37a
@abucci That's fucking insane 😱 I know what code-paths is triggering this, but need to confirm a few other things... Some correlation with logs would also help...
1 day ago
💬 Reply

prologic
Reply to #uqxxstq
Do you happen to have the `activitypub` feature turned on btw? In fact could you just list out what features you have enabled please? 🙏
1 day ago
💬 Reply

prologic
Reply to #uqxxstq
These should be getting cleaned up, but I'm very concerned about the sizes of these 🤔

https://git.mills.io/yarnsocial/yarn/src/commit/983fa87d4ea17f76537e19714ad8a6d19ba9d904/internal/utils.go#L658-L670
1 day ago
💬 Reply

⏭️ Next

twtxt

Timeline for https://eapl.me/twtxt.txt

🔄 Refresh timeline

👨‍💻 Login