I’m the administrator of kbin.life, a general purpose/tech orientated kbin instance.

  • 0 Posts
  • 39 Comments
Joined 2 years ago
cake
Cake day: June 29th, 2023

help-circle

  • I thought I’d reply to this with an update. Because, I saw how far the free tier goes, and it’s pretty far.

    I had another huuuuge influx of AI/other bots scraping my instance at top speed. Hundreds of requests per second, and it was putting some load on the postgres server.

    What I found was, that there was a mixture of traffic. Some was coming from a handful of AS numbers (each hosting hundreds of large IP blocks) controlled by a small handful of the same names. So, those I was able to block outright by AS number.

    But then I found a very large number of random requests coming in bursts (and definitely not humans) all on mobile or isp customer blocks… I assume it’s some kind of botnet being used? But they were all valid requests for posts and comments.

    I looked at the custom ruleset on cloudflare and, it’s quite powerful. I settled on the following.

    1: Allow known fediverse software by user agent (yes, the bots could eventually spoof these. But right now they are not). 2: Allow known instances by IP blocks 3: Allow access to the fediverse inbox specifically. Which is where most inter-instance traffic goes. 4: Allow access to LOCAL users and well known services/other standard ActivityPub urls 5: Everything else, for everyone else. Managed challenge.

    The traffic just completely stopped dead. The fediverse traffic continued unfettered. But the traffic coming in was legitimate (it’s mostly me, a handful of others that is so little traffic).

    All it adds, is the interstitial page with the “are you human?” checkbox that for most people automatically checks. And the user moves on fine and can interact normally with the site. So for people it’s a very minor inconvenience and it stops bot traffic completely in its tracks.

    What is annoying. I could make this MUCH better with regex matches. But, not only do they not allow free accounts to use regex (I understand). But “Pro” users cannot either. It’s only for business or above… Business accounts are eye wateringly expensive for a hobbyist!



  • Oh, I forgot about Azerothcore (which is a fork from Trinitycore, and absorbed some changes from certain private server source that has been released in the past).

    Which you choose I think depends on what you want.

    Trinitycore has a more strict development policy of doing things properly and not for example concentrating too much on getting boss fights etc “right”. It’s more of a technical project than “ready to go private server”.

    Whereas (and this is as I understand it, I’ve not done any work for the project directly) Azerothcore is a bit more lax in their requirements. Now, don’t take this to mean they accept bad code. It just means they don’t have the stricter guidelines that trinitycore have.

    I could be wrong though. I’ve been out of the game for a while now.


  • I think so. I would consider perhaps allowing a short time without power before doing that. To handle short cuts and brownouts.

    So perhaps poll once per minute, if no power for more than 5 polls trigger a shutdown. Make sure you can provide power for at least twice as long as the grace period. You could be a bit more flash and measure the battery voltage and if it drops below a certain threshold send a more urgent shutdown on another gpio. But really if the batteries are good for 20mins+ then it should be quite safe to do it on a timer.

    The logic could be a bit more nuanced, to handle multiple short power cuts in succession to shorten the grace period (since the batteries could be drained somewhat). But this is all icing on the cake I would say.



  • My understanding is that the only issues were the write hole on power loss for raid 5/6 and rebuild failures due to un-seen damage to surviving drives.

    Issues with single drive rebuild failures should be largely mitigated by regular drive surface checks and scrubbing if the filesystem supports it. This should ensure that any single drive errors that might have been masked by raid are removed and all drives contain the correct data.

    The write hole itself could be entirely mitigated since the OP is building their own system. What I mean by that is that they could include a “mini UPS” to keep 12v/5v up long enough to shut down gracefully in a power loss scenario (use a GPIO for “power good” signal). Now, back in the day we had raid controllers with battery backup to hold the cache memory contents and flush it to disk on regaining power. But, those became super rare quite some time ago now. Also, hardware raid was always a problem with getting a compatible replacement if the actual controller died.

    Is there another issue with raid 5/6 that I’m not aware of?











  • Doesn’t the motorola phone have a settings screen for defining what the button does? For Samsung they like to re-purpose the power button.

    First of all, it brought up bixby. I turned it back to powering off the phone and disabled bixby.

    Then, with the new update they re-assigned the power button to gemini. So, I turned it back to powering off the phone and disabled gemini too.

    However, the problem these days is that I’m never completely sure I’ve turned off all of the AI nonsense on my phone.




  • Actually how is your ISP giving out IPs to you? Mine uses IPv6 PD to give me a /48. And I then use SLAAC locally on the first /64 prefix on my LAN. Plus another /64 for VPN connections.

    If you mean receiving RA/ND packets from your ISP (which are used to announce IPv6 prefixes) then you need to allow icmpv6 packets (if you don’t want to be able to be pinged, just block echo requests, ICMP in v4 and v6 carry important messages otherwise).

    If your ISP uses DHCPv6 Prefix delegation you will need to allow packets to UDP port 546 and run a DHCPv6 client capable of handling PD messages.

    If you have a fixed prefix, then you probably don’t need to use your ISPs SLAAC at all. You could just put your router on a fixed IP as <yourprefix>::1 and then have your router create RA/ND packets (radvd package in linux, not sure what it would be on pfsense) and assign IPs within your network that way.

    If you have a dynamic prefix… It’s a problem I guess. But probably someone has done it and a google search will turn up how they handled it.

    EDIT: Just clarified that the RA/ND packets advertise prefixes, not assign addresses.