Posts by wasamasa@niu.moe
(DIR) Post #9p5qbqJ9resyoByD9E by wasamasa@niu.moe
2019-11-18T16:59:08Z
0 likes, 0 repeats
I'd rather see server- than client-side analytics. There are many reasons for it:- Not nearly as privacy invading- Easy to combine with server-side logic, therefore greater insights gained you can actually use to improve your application- Lightweight- Invisible to the user- Impossible to block- Doesn't ruin UXIt does exist in a few forms already:- Web server logs and analysis tools- Structured logs- Application agents collecting information for further analysis by a third party, like crash/performance/fraud/security analysisThe biggest argument against it is that it requires extra effort and design on the developer side, agents tend to be like an implant doing who knows what with your code (like polluting backtraces). Other arguments involve that you don't see as much as with client-side analytics, but I believe it's more than offset by the knowledge your application has. What's your opinion on this topic?
(DIR) Post #9p5tmnRX9k9EyGnp0y by wasamasa@niu.moe
2019-11-18T18:08:14Z
0 likes, 0 repeats
@ayo Yeah, I don't have much hope of that ever taking off (and even if it did, it would be mostly invisible). It's annoying me that there's this misperception of client tracking being unintrusive and websites keep piling more and more layers of it, with no end in sight. The funny thing is that bot detection is the reason I'm writing about this, there are at least three patterns you can use to detect botty behavior against a web application:- Timing behavior. No human being issues a request in exact time intervals or with perfectly distributed randomization. Human beings have biases, are lazy and inefficient. A bot is none of these.- Request headers. Use an intercepting proxy and compare a browser with any scriptable client. There's far more than the user agent to fake if you want to look convincing.- Resource request patterns. A proper browser fetches a document, then other associated resources with a certain degree of parallelism. Repeated requests trigger caching behavior. Good luck making a bot look anything like this in your logs. A perfectly parallelized spidering application isn't it.
(DIR) Post #9p60xGbyGNNs0gclea by wasamasa@niu.moe
2019-11-18T19:28:34Z
0 likes, 0 repeats
@ayo goaccess looks neat, I think I used something else though.
(DIR) Post #9pBSPgZczz6lBw6U76 by wasamasa@niu.moe
2019-11-21T10:29:46Z
0 likes, 0 repeats
@newt There is one big difference, unlike your average XMPP network it's actually reliable.
(DIR) Post #9pJQY1TIXUmJg6favA by wasamasa@niu.moe
2019-11-23T14:18:25Z
0 likes, 0 repeats
I've spent a few hours mapping out Gopherspace using Shodan, my best query so far (in terms of signal-noise ratio) is "port:70 \t", others worth trying are "port:70 gopher" and "port:70 70". I did it for two reasons, to find new #Gopher spaces and figure out what else is listening on that port. Here's my insights so far:- https://commons.host/ offers Gopher over TLS for some reason, with a cute fallback message- Some BBSes offer Gopher- Annoyingly some servers use copious amount of ANSI escapes, including but not limited to BBSes- Other services listening on that port are HTTP, SSH, CimFax (a Chinese fax solution?) and "VMware Authentication Daemon"
(DIR) Post #9pJQY1pzB8vUoTHiHg by wasamasa@niu.moe
2019-11-23T16:14:10Z
0 likes, 0 repeats
Meh, it seems the majority of devices available via this port are a certain TP-Link router mostly encountered in eastern-european countries. That will make more exhaustive scans far more annoying.
(DIR) Post #9pJQY2DNm9dpz2EOki by wasamasa@niu.moe
2019-11-24T22:11:06Z
0 likes, 0 repeats
I eventually scripted the "port:70 70" query using Shodan's API, wrote lots of jq to select only the results looking like Gopher entries and wrote some more code to extract the URLs and banners from roughly 500 servers. Here's my favorite finds so far:- gopher://b.bewo.pw <- "This site runs on a Beaglebone Black using a server written in assembly."- gopher://taz.de <- bloat-free version of a certain German newspaper- gopher://acm.umn.edu <- "If you came from the Sysadmin Wanted ad, look here"- gopher://sandokan.tk <- A hacker fraternity hosting a single CVE exploit so far, hopefully more in the future- gopher://gopher.su:70/1/weebshit <- Someone explaining how and why he put up manga, using sixel of all the things...There's more of course, feel free to DM me for the full list. Discovering these makes me feel like in the early 2000's, when I've first encountered web portals and manually curated lists of websites.
(DIR) Post #9pJQY37kOajCnqbPbk by wasamasa@niu.moe
2019-11-24T22:55:40Z
0 likes, 0 repeats
@hunter I think we can all agree that the web this days is ridiculous, but I don't see this trend going away any time. Contrast this with a few hundred hobbyists actually doing something about it and showing how much you can do with a minimum of resources.Regarding neat stuff, there's almost 50 services hooked up to a BBS. Most of these mirror each other to varying degrees of completion. It's nice to have a slightly less involved gateway to a BBS than the traditional clients which throw way more than text and links at you.
(DIR) Post #9pMHHYMVBm53N7VBb6 by wasamasa@niu.moe
2019-11-26T15:46:53Z
0 likes, 0 repeats
@ayo What does that have to do with JS? Granted, client-side routing never made much sense to me, I don't see anything preventing it to be done server-side.
(DIR) Post #9pMIYt97Gd9mi44SA4 by wasamasa@niu.moe
2019-11-26T16:01:13Z
0 likes, 0 repeats
@ayo Thank you, that makes more sense. I can imagine some workarounds, but nothing less icky. Somehow I suspect the web doesn't exactly lend itself to complex user interfaces...
(DIR) Post #9pMvZArXIJFlruyVoe by wasamasa@niu.moe
2019-11-26T23:18:17Z
0 likes, 0 repeats
@lis Reminds me that I know someone putting milk in their Yerba Mate. It comes in varying shades of green, a colleague once called it "spinach tea"...
(DIR) Post #9pMyFaAjmdnGR6J1bU by wasamasa@niu.moe
2019-11-26T23:16:34Z
1 likes, 1 repeats
Ratet wer sich unverhofft einen Vortrag im örtlichen Hackerspace eingeheimst hat...Ganz genau, ich habe mich etwas zu voreilig gemeldet und werde am kommenden Donnerstag, den 28. November im @c4 zum Thema "State of Retro Gaming in Emacs" Dinge über Emulation von dem CHIP-8 erzählen: https://koeln.ccc.de/updates/2019-11-26_OC_State_of_Retro_Gaming_in_Emacs.html
(DIR) Post #9pQw1R21pH8d6yxsPo by wasamasa@niu.moe
2019-11-28T21:42:15Z
0 likes, 0 repeats
@newt tl;dr: Shit's on fire
(DIR) Post #9pR3GHpr01u8c2IbZY by wasamasa@niu.moe
2019-11-28T23:03:22Z
0 likes, 0 repeats
@AkaiHebi You've reminded me of this piece of art: https://www.shodan.io/404
(DIR) Post #9pSpcBezd4FGmzgh5U by wasamasa@niu.moe
2019-11-29T19:39:51Z
0 likes, 0 repeats
@papush Lock them out with fail2ban.
(DIR) Post #9pV3levxwkmprQxPVo by wasamasa@niu.moe
2019-11-30T21:27:53Z
0 likes, 1 repeats
@lis Postmodernism, it's available at your next university.
(DIR) Post #9pdJigc1hYvGaqZG6a by wasamasa@niu.moe
2019-12-04T21:04:19Z
0 likes, 0 repeats
@newt Maybe they just need a smaller dose of you being you, followed by a long break.
(DIR) Post #9qS72YPaJvG8VWhPea by wasamasa@niu.moe
2019-12-29T08:00:56Z
0 likes, 1 repeats
Fediverse meetup at #36c3 in workshop room 11. I want to meet all of you in exactly three hours, 12:00!
(DIR) Post #9qS8FT0Lpo3JSNcLi4 by wasamasa@niu.moe
2019-12-29T09:26:04Z
0 likes, 0 repeats
@xvilo There will be something comparable at #fosdem, but without me.
(DIR) Post #9qSFDsuJG3FitMz5SC by wasamasa@niu.moe
2019-12-29T09:53:17Z
0 likes, 0 repeats
Goodbye niu.moe, hello lonely.town. Follow me over at @wasamasa. I'll flip the account migration switch a bit later.