I believe the reason is, at the frequencies these CPUs are talking to RAM, the reflection coefficient[1] starts playing a big role. This means any change in impedance in the wire cause reflections of the signal.
This is also the reasoning why you can't just have a dumb female to female HDMI coupling and expect video to work. All of such devices are active and read the stream on the input and relay them on the output.
Anubis is affective against certain kinds of bots and abuse, but wouldn't be that affective against large scale DDoS attacks. And it does have a negative impact on usability, as users have to wait for the browser to do the proof of work, which may or may not be worse than cloudflare's captchas.
Anubis is a partial mitigant of DDOS attacks, since it's less resource intensive to serve the Anubis page than the origin[1].
Cloudflare's captchas are only convenient for a subset of users, I'll bet there'd be decent money in one of the competing CDNs (Fastly maybe?) including an Anubis-like captcha.
Yes, it's a partial mitigator, but it isn't as complete of a solution as a CDN, for a number of reasons. For one thing, with Anubis your server is still responding to requests, so a full scale DDoS could potentially take you down without having to actually complete the PoW, they just have to make enough requests.
Using a CDN for DDoS typically has multiple levels of protection:
- caching reduces load on your server
- In the event of a (D)DoS attack, the cdn can absorb the attack traffic with their much higher capacity than your server(s)
- The CDN can block certain kinds of attacks, especially low level (D)DoS attacks without the traffic ever touching your servers
- Since the CDN fronts many sites, it can have more information about which IP addresss, and user agents are more suspicious. This one is a little controversial, because there is a conflict between getting an accurate profile of how suspicious a request is, and preserving the privacy of users.
- It may have built in support for some kind of bot detection, such as captcha or a proof of work. IDK about the free tier of cloudflare, but for paid offerings at least, this is usually optional.
In short, Anubis could be part of a DDoS mitigation plan, but if you are worried about a targeted attack, it probably isn't sufficient. And critical services are potentially a valuable target for attacks.
My house also came with a nest, and I also never connected it to my network, but for me nest was a terrible dumb thermostat.
It constantly tried to infer schedules and change the temperature on its own. I would set the temperature, come back an hour later to find that it changed itself back to what it thought it should be.
Also, there was no way to just activate the fan. I live in a very temperate climate and I generally like to keep a few windows open but run the fan to circulate air through the house.
I sold the nest and now a $15 dumb thermostat from the local hardware store now lets me set a temperature and it won't randomly change it when it feels like it. And it has a switch to turn on the fan.
I managed to disable the scheduling system, as even that was too smart for me (I had similar troubles as you). All it does now is: set temperature; allow switching between heat, cold, both, or none; allow turning on fan-only for X hours. Maybe yours wasn't wired correctly for the fan? No idea.
I agree this is the ideal situation, but as it stands CAHSR is planned to terminate at union station in LA, quite far from LAX. Ideally LA metro or metrolink would build a direct connection between union station and LAX, but that hasn't begun to be planned and unfortunately it's very difficult to get transit built in LA. For instance the Sepulveda line— one of the most important lines for LA— is at risk of being killed because ticket master's ex-CEO doesn't want a train line running under his house.
I currently run LineageOS and am constantly frustrated with its limitations
every day.
On desktop linux I can quickly write up a program to do most anything I want in
pretty much any language, and in my text editor of choice. I don't know anything
about android development and I don't really want to invest time in learning Google's
proprietary GUI toolkit when QT/GTK, or even raw OpenGL is more portable. I
once looked into it and gave up when it seemed like it was going to be very
painful to write an app outside of android studio (why is there not just a CLI
tool to compile these things?). On vanilla linux I can whip up most things in
under an hour in C, Rust, or even Bash.
I think it's painful to write an app inside android studio, it's just pain you accept if you want to do android development. Professional pain so to speak, you're paid to suffer.
You absolutely can write something in C, Rust, Go, or whatever on Lineage. Just install Termux and the relevant packages (e.g., pkg install rust, etc.).
AOSP is still vanilla Linux under the hood, just with a touch interface on top. Plus, ART is open-source and works great for GUI apps.
Right, but that is still severely limited in my experience.
Like I can't bind these programs to run on keyboard shortcut (or I guess the mobile equivalent would be a button on the home/lock screen?)
I can't do basic UI-- even if I don't write a QT/GTK app sometimes I want to pipe to imv, mpv, present a list of options via dmenu/rofi, send a notification to dunst/mako via notify-send, copy strings to the system clipboard, write a script that calls wtype to emulate keystrokes, etc.
I don't have access to the whole filesystem too, right? Last time I tried writing a script in termux I couldn't access the photos my phone took.
One concrete example: I use music player daemon to play music throughout my home. On the phone the answer is to download an app that implements the protocol, but the app isn't great. Instead, I wish I could bind dmenu to open up when I press volume up for example that just shells out to mpc. These are the types of things that I like to set up on my desktop to get a really ergonomic experience tailored to my workflow, but on mobile I'm at the mercy of what apks are available.
I also haven't found any great solution for setting up a phone declaratively. On desktop I can use NixOS to codify my configuration, on mobile, flashing a new OS means pecking around settings/fdroid like a point and click adventure game for an hour to get everything to a somewhat usable state.
Perhaps this is all just user error and everyone else has figured out how to do these things, or they just suck it up and build their own android apps. But for me, this is really what I'm asking for when I say I want Linux on mobile.
> Plus, ART is open-source and works great for GUI apps.
This requires writing the app in java and building it in android studio, right? Is there an easy way to just compile an apk from a non-android project?
Also if I invest a lot of time in learning ART and building apps for android, I will have a much worse experience running these apps on desktop linux (for example under waydroid) which is where I spend a vast majority of my time.
I agree the syntax isn't perfect, but in case you're actually confused there's really only 3 places where semicolons go, and I would argue that two of the places make a lot of sense— as a terminator for attribute sets, and a terminator for `let` declarations.
Unfortunately it is also used with the somewhat confusing `with` operator which I personally avoid using. For those of you who aren't familiar, it works similar to the now deprecated javascript `with` statement where `with foo; bar` will resolve to `bar` if it is in scope, otherwise it will resolve to `foo.bar`.
I actually prefer `with`, since it fits better with the language:
- It uses `;` in the same way as `assert`, whereas `let` uses a whole other keyword `in`.
- It uses attrsets as reified/first-class environments, unlike `let`, which lets us do `with foo; ...`.
- Since it uses attrsets, we can use their existing functionality, like `rec` and `inherit`; rather than duplicating it.
I've been using Nix for over a decade (it's even on my phone), and I've never once written a `let`.
(I agree that the shadowing behaviour is annoying, and we're stuck with it for back-compat; but that's only an issue for function arguments and let, and I don't use the latter)
Functions with default arguments are also very useful; especially since `nix-build` will call them automatically. Those are "always `rec`" too, which (a) makes them convenient for intermediate values, and (b) provides a fine-grained way to override some functionality. I used this to great effect at a previous employer, for wrangling a bunch of inter-dependent Maven projects; but here's a made-up example:
{
# Main project directory. Override to build a different version.
src ? pkgs.lib.cleanSource ./.
# Take these files from src by default, but allow them to be overridden
, config ? "${src}/config.json"
, script ? "${src}/script.sh"
# A couple of dependencies
, jq ? pkgs.jq
, pythonEnv ? python3.withPackages choosePyPackages
, extraDeps ? [] # Not necessary, but might be useful for callers
# Python is tricky, since it bakes all of its libraries into one derivation.
# Exposing intermediate parts lets us override just the interpreter, or just
# the set of packages, or both.
, python3 ? pkgs.python3
, choosePyPackages ? (p: pythonDeps p ++ extraPythonDeps p)
, pythonDeps ? (p: [ p.numpy ])
, extraPythonDeps ? (p: []) # Again, not necessary but maybe useful
# Most of our dependencies will ultimately come from Nixpkgs, so we should pin
# a known-good revision. However, we should also allow that to be overridden;
# e.g. if we want to pass the same revision into a bunch of projects, for
# consistency.
, pkgs ? import ./pinned-nixpkgs.nix
}:
# Some arbitrary result
pkgs.writeShellApplication {
name = "foo";
runtimeInputs = [ jq pythonEnv ] ++ extraDeps;
runtimeEnv = { inherit config; };
text = builtins.readFile script;
}
This is exactly what the tool bubblewrap[1] is built for. It is pretty easy to wrap binaries with it and it gives you control over exactly what permissions you want in the namespace.
I don't think it really addresses the issue because it still requires an account at one of the predetermined identity providers. With email I just need a domain and I can self host the rest if I really cared to.
It would be so much nicer if there was a federated way where I the user could specify any OAuth identity provider (even if it was e.g. a self hosted one) rather than the predetermined list dictated by the relying party.
Funnily enough someone recently asked me if I could comment on a Product Hunt post and I was unable to do so since they only allow sign in with Google, Twitter, Facebook, Apple or Linked in; I have none of these accounts and would rather not create any of them. Oh well.
Yes, that's just what the internet needs is even more websites centralized behind Cloudflare. Why do we even bother with TLS anymore if we're going to give them unencrypted access to practically all of our internet traffic.
Hacker news is so funny, they complain about the amount of power we've allowed Google, Amazon, and Microsoft to have, and then go right around and recommend putting everything behind Cloudflare.
Once Cloudflare starts using attestation to block anyone not on Chrome/iOS Safari it'll be too late to do anything about it.
Can you please not post in the flamewar style? It's not what this site is for, and destroys what it is for.
You're welcome to make your substantive points thoughtfully but it needs to be within the rules. If you wouldn't mind reviewing https://news.ycombinator.com/newsguidelines.html and taking the intended spirit of the site more to heart, we'd be grateful.
We should be suggesting self hosted and decentralized solutions to website hosting and file hosting.
On that note, does anyone have any secure methods of providing serving a file from your computer to anyone with a phone/computer that doesn't require them downloading/installing something new? Just a password or something? Magic-wormhole almost seems great, but it requires the client to install wormhole (on a computer, not phone), and then type specific commands along with the password.
> Once Cloudflare starts using attestation to block anyone not on Chrome/iOS Safari it'll be too late to do anything about it.
That's just plain bs...
Eg
1) they have customers and their customers want protection, with minimal downsides.
2) Cloudflare is the only one with support for Tor. I'm 100% sure you didn't knew that.
What "examples" do you have to blame them for something they aren't doing? Based on what?
I'm getting tired of people blaming Cloudflare for providing a service that no one else can provide for free to small website owners => DDOS protection.
Could you please stop breaking the site guidelines? You've unfortunately been doing it repeatedly. It's not what this site is for, and destroys what it is for.
You're of course welcome to make your substantive points thoughtfully while staying within the rules.
Which circumvents the bad reputation of certain exit nodes:
> Due to the behavior of some individuals using the Tor network (spammers, distributors of malware, attackers), the IP addresses of Tor exit nodes may earn a bad reputation, elevating their Cloudflare threat score.
> Hacker news is so funny, they complain about the amount of power we've allowed Google, Amazon, and Microsoft to have, and then go right around and recommend putting everything behind Cloudflare.
It’s almost as if those saying contradictory things are actually different people despite being on the same website. But it can’t be that, surely? Truly a perplexing phenomenon that I hope someone can one day explain.
Fair, although I know quite a few people that hold both of these opinions simultaneously because I've met them in person. It's only after I point out their hypocrisy do they even realize what a danger Cloudflare poses to the free and open internet.
I suspect it's because hating on Google is in vogue, and so is recommending Cloudflare.
I'm going to try to provide / justify my potentially hypocritical viewpoint:
I use Cloudflare (free tier) in front of the very few and almost entirely unused websites that I run. I believe that the service they provide is useful for protecting the IP addresses of the servers on which the content is hosted, whilst also providing some amount of protection from malicious traffic.
I also agree that centralisation of services is a big problem for the future of the internet.
My position is that, whilst there seem to be increasing voices / examples of Cloudflare's (potential in) acting against the nebulous notion of "spirit of the internet", for me they certainly haven't reached the "evil" stage. I'm also of the understanding that it's Cloudflare customers that choose to block access from Tor or VPS IP address ranges and / or add Captcha's or other bothersome verification. True Cloudflare enable it and make it possible, but the administrators of the website that you're trying to visit have made the choice to make it more difficult for you to access their content; not Cloudflare themselves.
I would prefer there to be similar-scale alternatives to Cloudflare as a kind of a middle-ground decentralisation of centralisation. I'm sure there are alternatives, but I'm not yet motivated enough to even consider starting the research process.
If Cloudflare start selling visitor analytics to data brokers, however, very fast goodbye.
This is also the reasoning why you can't just have a dumb female to female HDMI coupling and expect video to work. All of such devices are active and read the stream on the input and relay them on the output.
[1]: https://en.wikipedia.org/wiki/Reflection_coefficient