๐จ๐ฆ๐ฉ๐ช๐จ๐ณๅผ ๆฎฟๆ๐จ๐ณ๐ฉ๐ช๐จ๐ฆ
Corvus Volvens ๐ฟ
- 10 Followers
- 193 Following
- 270 Posts
An urban raven exploring the wilderness of human cyberspace.
Very Exhausted Parent Who Cannot Possibly Be The Easter Bunny@CorvusVolvens I don't really need much time, 'cos I wrote a blog post about it 
You can get pretty far with just nginx or caddy, without having to touch iocaine, and achieve ~90% of what iocaine does with a handful of lines in your reverse proxy config.
@algernon Ah, an blog article is of course the best solution. Many thanks, this looks super helpful!
@algernon Yes, I would very much like you to elaborate! But I certainly don't want you to spend/waste your time with a "bot blocking noob". So, I will take a deep dive into trying to set up Iocaine for our system and especially also setting up the prometheus server ( https://iocaine.madhouse-project.org/documentation/3/getting-started/#observing-the-crawlers ) to have some metrics.
And I hope, I will then have enough qualified questions, to be worth your time ;)
And I hope, I will then have enough qualified questions, to be worth your time ;)
@jerry @tehstu Ah, that was the worst case scenario I had in mind. I had good experience for a rather vanilla system, so I thought I mention it.
For our company website, scrapers are reaching the 50% mark and it approaches a critical point. So this is a topic, I am very interested.
Will look into Anubis, thanks!
@jerry Maybe you already know this, but I heard Iocaine is pretty good blocking scrapers.
https://iocaine.madhouse-project.org/
Don't know if it would work with mastodon.
https://iocaine.madhouse-project.org/
Don't know if it would work with mastodon.
Prof. Emily M. Bender(she/her)I was disappointed to read Cory Doctorow's post where he got weirdly defensive about his LLM use and started arguing with an imaginary foe.
@tante has a very thoughtful reply here:
https://tante.cc/2026/02/20/acting-ethical-in-an-imperfect-world/
A few further comments, ๐งต>>
Acting ethically in an imperfect world
Life is complicated. Regardless of what your beliefs or politics or ethics are, the way that we set up our society and economy will often force you to act against them: You might not want to fly somewhere but your employer will not accept another mode of transportation, you want to eat vegan but are [โฆ]
Tagir ValeevToday we had a fire alarm in the office. A colleague wrote to a Slack channel 'Fire alarm in the office building', to start a thread if somebody knows any details. We have AI assistant Glean integrated into the Slack, and it answered privately to her: "today's siren is just a scheduled test and you do not need to leave your workplace". It was not a test or a drill, it was a real fire alarm. Someday, AI will kill us.
TaggartDiscord claims "most users" will never go through an age verification process because they're already monitoring your behavior.
For the majority of adult users, we will be able to confirm your age group using information we already have. We use age prediction to determine, with high confidence, when a user is an adult. This allows many adults to access age-appropriate features without completing an explicit age check.
Gotta say, constant behavior analysis is not the warm and fuzzy blanket they seem to think it is.
https://discord.com/safety/how-discord-is-building-safer-experiences-for-teens
Josh BressersI keep seeing stories about LLMs finding vulnerabilities. Finding vulnerabilities was never the hard part, the hard part is coordinating the disclosure
It looks like LLMs can find vulnerabilities at an alarming pace. Humans aren't great at this sort of thing, it's hard to wade through huge codebases, but there are people who have a talent for vulnerability hunting.
This sort of reminds me of the early days of fuzzing. I remember fuzzing libraries and just giving up because they found too many things to actually handle. Eventually things got better and fuzzing became a lot harder. This will probably happen here too, but it will take years.
What about this coordinating thing?
When you find a security vulnerability, you don't open a bug and move on. You're expected to handle it differently. Even before you report it, you need at a minimum a good reproducer and explanation of the problem. It's also polite to write a patch. These steps are difficult, maybe LLMs can help, we shall see.
Then you contact a project, every project will have a slightly different way they like to have security vulnerabilities reported. You present your evidence and see what happens. It's very common for some discussion to ensue and patch ideas to evolve. This can take days or even weeks. Per vulnerability.
So when you hear about some service finding hundreds of vulnerabilities with their super new AI security tool, that's impressive, but the actually impressive part is if they are coordinating the findings. Because the tool probably took an hour or two but the coordination is going to take 10 to 100 times that much time.