StarDreamer

An alternative definition: a real-time system is a system where the correctness of the computation depends on a deadline. For example, if I have a drone checking “with my current location + velocity will I crash into the wall in 5 seconds?”, the answer will be worthless if the system responds 10 seconds later.

A real-time kernel is an operating system that makes it easier to build such systems. The main difference is that they offer lower latency than a usual OS for your one critical program. The OS will try to give that program as much priority as it wants (to the detriment of everything else) and immediately handle all signals ASAP (instead of coalescing/combining them to reduce overhead)

Linux has real-time priority scheduling as an optional feature. Lowering latency does not always result in reduced overhead or higher throughout. This allows system builders to design RT systems (such as audio processing systems, robots, drones, etc) to utilize these features without annoying the hell out of everyone else.

iirc the bad UA filter is bundled with either base-http-scenarios or nginx. That might help assuming they aren’t trying to mask that UA.

Pretty sure expiry is handled by the local crowdsec daemon, so it should automatically revoke rules once a set time is reached.

At least that’s the case with the iptables and nginx bouncers (4 hour ban for probing). I would assume that it’s the same for the cloudflare one.

Alternatively, maybe look into running two bouncers (1 local, 1 CF)? The CF one filters out most bot traffic, and if some still get through then you block them locally?

I’ve recently moved from fail2ban to crowdsec. It’s nice and modular and seems to fit your use case: set up a http 404/rate-limit filter and a cloudflare bouncer to ban the IP address at the cloudflare level (instead of IPtables). Though I’m not sure if the cloudflare tunnel would complicate things.

Another good thing about it is it has a crowd sourced IP reputation list. Too many blocks from other users = preemptive ban.

According to this post, the person involved exposed a different name at one point.

https://boehs.org/node/everything-i-know-about-the-xz-backdoor

Cheong is not a Pingyin name. It uses Romanization instead. Assuming that this isn’t a false trail (unlikely, why would you expose a fake name once instead of using it all the time?) that cuts out China (Mainland) and Singapore which use the Pingyin system. Or somebody has a time machine and grabbed this guy before 1956.

Likely sources of the name would be a country/Chinese administrative zone that uses Chinese and Romanization. Which gives us Taiwan, Macau, or Hong Kong, all of which are in GMT+8. Note that two of these are technically under PRC control.

Realistically I feel this is just a rogue attacker instead of a nation state. The probability of China 1. Hiring someone from these specific regions 2. Exposing a non-pinying full name once on purpose is extremely low. Why bother with this when you have plenty of graduates from Tsinghua in Beijing? Especially after so many people desperate for jobs after COVID.

Simply changing the binary worked for me. Been more than 1 month and no migration issues.

It does still show gitea branding, however.

I believe it. Linux is not a good measure of efficiency (see kernel bypass tcp stacks, af_xdp, dpdk, spdk, etc). You can almost always make something more efficient/faster than Linux for a given task. The problem is doing that while having support for almost all hardware/configurations/uses cases under the sun.

Here you dropped this:

#define ifnt(x) if (!(x))

Nothing but effort. Nobody wants to constantly baby a project just because someone else may change their code at a moment’s notice. Why would you want to comb through someone else’s html + obfuscated JavaScript to figure out how to grab some dynamically shown data when there was a well documented publicly available API?

Also NewPipe breaks all the time. APIs are generally stable, and can last years if not decades without changing at all. Meanwhile NewPipe parsing breaks every few weeks to months, requiring programmer intervention. Just check the project issue tracker and you’ll see it’s constantly being fixed to match YouTube changes.

An API is an official interface to connect to a service, usually designed to make it easier for one application to interact with another. This is usually kept stable and provides only the information needed to serve the request of the application requesting it.

A scraper is an application that scrapes data from a human readable source (i.e. website) to obtain data from another application. Since website designs can update frequently, these scrapers can break at any time and need to be updated alongside the original application.

Reddit clients interact with an API to serve requests, but Newpipe scrapes the YouTube webpage itself. So if YouTube changes their UI tomorrow Newpipe could very easily break. No one wants to design their app around a fragile base while building a bunch of stuff on top of it. It’s just way too much work for very little effort.

It’s like I can enter my house through the door or the chimney. I would always take the door since it’s designed for human entry. I could technically use the chimney if there’s no door. But if someone lights up the fireplace I’d be toast.

Oh God. Did the kettle boil over?

No. He was a misogynistic piece of crap that wrote morally questionable material that was also disrespectful to his assistants, illustrators and fans.

Allegedly, the “good” and the “kind” were stolen during the Great Battle of the Terry’s, where one Terry used the “good” to build a Temple, while the other Terry with a meteor sword used the “kind” to empower actual quality fiction.

Terry Goodkind.

Can’t separate the work from the author since both are pretty bad.

It takes a special kind of person to require a pinned “please don’t celebrate deaths” reminder on Reddit when you die…

Or just anyone who’s worked at a help desk.

And I did the same as a kid in the late 2000s in order to play World of Warcraft. Found someone’s info on a random online dump, filled it in and didn’t think more about the id theft. What I then learned is that there is NO “fake” IDs that can pass this test. It’s just plain old ID theft of actual people.

The ID itself is encoded as 3-digit city/3-digit district/8-digit dob/and 4 random digits. There is no “generated” name that works with a specific ID since the name isn’t encoded anywhere. Most reputable vendors perform the check backed by an actual government DB.

The problem is that it IS the exact same info used to apply for bank accounts, loans, mobile phone numbers, etc. And nobody bats an eye when a pirated gaming app asks for it. This could be legitimate, but I’m more willing to say this is someone’s ID collection scheme. If that’s the case, it could be doing more than just collecting IDs (cause why not?) or it’s at least facilitating more ID theft.

Btw this is most likely a scam. This is the equivalent of asking for your name, DOB, and SSN on a random app you found (the ID contains both location and DOB). Even if you have an actual ID DO NOT FILL THIS OUT. Delete, purge, and move on.

It’s a Chinese character. Pronounced jiǒng.

It was really only used as an emoticon in Asia during the 2010s though

囧

I don’t think either of us is the target audience here. I can see a “cheaper” (questionable) Pro laptop being useful for students going into college with a limited budget. An undergrad CS/graphic design degree shouldn’t tax an 8gb machine too much, assuming students shut down everything else when doing their once-a-semester major rendering/compiling/model training. If people just want Macbook pro software with more ports, a “cheaper” machine is better than none. Personally, I would still get a used/refurbished machine though.

That being said, my current laptop workload tends to be emacs, qpdfview, Firefox, and tmux on EL9. For the remaining stuff, I usually just spin up a VM then ssh/xrdp into it. As for slack, teams, jabber, etc, I’m happy to report I’ve been out of industry/IT for 1+ years and don’t plan on going back anytime soon. For all I care, Apple can call their models unicorn edition. As long as it sells it’s not stupid.

My T480 is my favorite laptop. But this is NOT one of its use cases.