The Third Surge Is Breaking Health-Care Workers – The Atlantic

/ from outside / ,

With only lax policies in place, those cases will continue to rise. Hospitalizations lag behind cases by about two weeks; by Thanksgiving, today’s soaring cases will be overwhelming hospitals that already cannot cope. “The wave hasn’t even crashed down on us yet,” Perencevich said. “It keeps rising and rising, and we’re all running on fear. The health-care system in Iowa is going to collapse, no question.”

Source: The Third Surge Is Breaking Health-Care Workers – The Atlantic

The scene on Interstellar when our protagonists realize those aren’t mountains.

They’re waves. The next one is cresting over the US right now and we’re just here for the ride.

A lot of people are not going to make it

Block attacker IP addresses, four ways

/ from outside / , , , , , , , , , , , , ,

If you run WordPress you’ve seen these in your web server logs:

132.232.46.230 - - [29/Oct/2020:13:58:41 -0500] "POST /xmlrpc.php HTTP/1.1" 200 259 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)" "-"
132.232.46.230 - - [29/Oct/2020:13:58:44 -0500] "POST /xmlrpc.php HTTP/1.1" 200 259 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)" "-"
132.232.46.230 - - [29/Oct/2020:13:58:48 -0500] "POST /xmlrpc.php HTTP/1.1" 200 259 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)" "-"
132.232.46.230 - - [29/Oct/2020:13:58:52 -0500] "POST /xmlrpc.php HTTP/1.1" 200 259 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)" "-"
132.232.46.230 - - [29/Oct/2020:13:58:55 -0500] "POST /xmlrpc.php HTTP/1.1" 200 259 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)" "-"
132.232.46.230 - - [29/Oct/2020:13:58:58 -0500] "POST /xmlrpc.php HTTP/1.1" 200 259 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)" "-"

Fucken scanners just slamming xmlrpc.php looking for a way in. When this happens CPU usage just goes through the roof for as long as the scan lasts and it could be five minutes, could be six hours, could be all week; before it ends. The gods help you if you’re paying by CPU usage.

So you have to block access to the file. You could just block all access to XML-RPC but doing this will prevent the WP mobile app from working.

We’ll just block that specific IP address but we need to be quick about it; just do a quick one liner on the terminal before the OS just topples over and becomes completely unresponsive or worse.

iptables

This should work for any Linux distribution that has iptables out of the box which is basically all of them.

# iptables -I INPUT -s 132.232.46.230 -j DROP
  • -I: Insert the rule as the first rule to be applied in the INPUT chain. You could use -A (append) but the sooner we get rid of that traffic the less work the CPU has to do.
  • -s: Source address, in this case 132.232.46.230, which belongs to Tencent.
  • -j: jump to the DROP target. If you use the REJECT target you’re just creating more work for the CPU.

Documentation here but the Ubuntu how-to is far more useful in getting people started.

pf

As it is part of both FreeBSD and OpenBSD base installations it should be enabled in /etc/rc.conf but from reading the (almost useless) documentation and looking around the web You need to fuck around with pf.conf first, then you can manipulate the table. This is the first result on the web when you search for “pf block ip address”. So no one-liner that can save your life.

Edit /etc/pf.conf and add

table <badhosts> persist
block on fxp0 from <badhosts> to any
  • Create table named badhosts, and set it to be persistent in kernel memory
  • Block, on interface fxp0 (you’ll want to change this), traffic from rules in the badhosts table to any destination.

Once you have this you can manipulate the table from the command line with pfctl

# pfctl -t badhosts -T add 132.232.46.230
  • -t means pfctl will manipulate the badhosts table
  • -T will show statistics
  • add address 132.232.46.230 to the table

Fucken hell FreeBSD documentation is the fucken worst. Dryer than Melania Trump’s libido. Now, reading through the OpenBSD pf documentation it looks like you can do

# pfctl -t badhosts -T add 203.0.113.0/24

Which will create the badhosts table automatically without having to fuck around with /etc/pf.conf. Don’t know if this will work on FreeBSD though.

ipfw

It is part of the FreeBSD base installation so it does depend on ipfw being enabled in /etc/rc.conf but it looks like you can go

# ipfw add deny all from 132.232.46.230 to any
  • Add rule denying any and all fraffic from 132.232.46.230 to any destination

At least these rules are succint and easy to read. Whomever wrote the documentation seemed to pay more attention to usage at least.

Still, fuck FreeBSD.

Windows

Super easy now that PowerShell is built into Windows itself:

PS C:\WINDOWS\system32> New-NetFirewallRule -DisplayName "Block traffic from 132.232.46.230" -Direction Inbound -LocalPort Any -Protocol Any - Action Block -RemoteAddress 132.232.46.230
  • -DisplayName: The human-readable name of the firewall rule
  • -Direction: Can be Outbound or Inbound. We want Inbound obviously.
  • -LocalPort: Going with any ports because fuck crackers.
  • -Protocol: Same, block all port
  • -Action: Block traffic
  • -RemoteAddress: Specifying only 132.232.46.230

The documentation for the commandlet is super nice. No, I’m not typing ‘cmdlet’.

The old way involved so, so manny clicks. PowerShell makes it easy.

Now all of the previous bits of code cease to have any effect after a system reboot so if you want the rules to be permanent… don’t. Blackhats will just scan from different hosts and different networks so blocking an IP address permanently is just unproductive.

A better solution is to use fail2ban:

There is also CrowdSec but I haven’t personally used them.

This post came to be cos I spent 30+ minutes trying to figure out how to block traffic on a FreeBSD host and their documentation is just… inscrutable. Should you ask for help in their forums you’ll just get told to RTFM.

You end up going in circles, consuming yourself in rage and frustration which does not feel nice. Rage-posting is where it’sat.

/ from outside / , ,

sigh

This is pretty fucken sad lemme tell ya.

Screenshot of RSS reader "City Pages is dead. We had a good run."

What else is there to say? We’re sad as fuck. CP, born Sweet Potato, has employed hundreds of people over the last four decades; below you’ll find a farewell from the edit staffers who rearranged those Titanic deck chairs right up until the very end.

City Pages is dead. We had a good run..

I found my first apartment on its classifieds pages. My first job too as a barista in a Dunn Brothers location that no longer exists.

Last post at CityPages.com

Fork it

/ flickr
        <a href="https://www.flickr.com/people/nullrend/">nullrend</a> posted a photo:
Fork it The last stack of City Pages issues. Ever

original post

Ray of Sun

/ flickr
        <a href="https://www.flickr.com/people/nullrend/">nullrend</a> posted a photo:
Ray of Sun I'm so happy I got a new bed. I'm flat broke after spending a ton of money on it but it's been totally worth it.

original post

/ from outside / , ,

The replies are fucken hilarious too.

>_<

/ from outside / , , ,

With the closing, 30 people will lose their jobs. It adds Minneapolis-St. Paul to the growing list of U.S. cities with no more so-called “alternative” newspapers, which rose out of the 1960s counterculture scene and flourished through the 1990s, throwing sharp elbows in political coverage and spotting the edgiest ideas in arts.

Source: City Pages is closing, ending era of Twin Cities alternative weeklies – StarTribune.com

This fucken sucks

For want of a nail…

/ toolset / , , ,

‘k, so in a previous post I wrote how I reworked my note-taking and went back to plain text. I had to make a few changes since then:

  • I couldn’t take the atrocious UI of Epsilon Notes any longer. Fucken’a. I just accessed my notes directly through the Nextcloud app and that worked well enough.
  • Vimwiki is working quite nicely, just wish it didn’t fuck with the filetype highlighting but the built-in works well enough. Better concealment of links would be nice too.

Switched out Epsilon for Markor, which is prettier and less of a pain in the ass. But trying to set it up is when I started running into an issue with Nextcloud:

It does not support bidirectional folder sync. At all.

The way Nextcloud syncs everything means you have to access your files through the Nextcloud app instead of being able to use your usual app to open a file. It’s not that much of a change but it does prove annoying because that change is forced on you by the application instead of you (the user) adjusting your workflow organically. People have been requesting this ability since 2016 and the app still doesn’t have it.

When I was using Dropbox as my syncing backend my workflow would be like this:

  1. Mark KeePass file as a favorite in Dropbox.
  2. Dropbox syncs the file to all devices so it’s available through the filesystem itself.
  3. As the file is now stored in a local filesystem you can now navigate to it as you usually would:
    • On desktop you can use a file manager to view the file and open it. Alternatively you can use KeePass to navigate to the file and open it.
    • On Android you can open your keepass app, navigate to the database file, and open it.
    • On iOS the same flow as Android applies.
  4. Should the file change Dropbox will sync it silently in the background to all devices. Password applications will notice the change and ask if you want to reload.

With Nextcloud it goes something like this:

  1. Mark KeePass file as a favorite in Nextcloud.
  2. Nextcloud will sync the file to desktop clients but only mark it as a favorite in mobile devices.
  3. You now have a split flow as the file will be available through the local filesystem on desktop but not on mobile:
    • On desktop you use a file manager, or use KeePass itself. Same UX as you would in Dropbox.
    • On Android you need to open the Nextcloud app, navigate to the database file and the OS will recognize the filetype and open it. You can’t use your password app directly as the file does not exist in any local filesystem. When Android terminates your password app and you then have to reload the file through the Nextcloud app.
    • On iOS it looks like you can select which folders to sync to local filesystem. I haven’t tried using the iOS app myself but if someone can confirm this is the behavior it’d be awesome.
  4. Should the file change Nextcloud will sync it silently in the background but behavior will vary depending on platform:
    • Desktop: File is available through local filesystem. Password applications will notice the change and ask if you want to reload.
    • Android: You go through the Nextcloud app, same as before. Trying to use a password app will result in the app telling you the file doesn’t exist, so you then have to go through the Nextcloud app.
    • iOS: I’m not sure what the behavior is. I’d assume it’s the same as on desktop.

To replicate the default desktop behavior (syncing to local filesystem) you end up having to use other apps like FolderSync. This way files and folders are available just like any other file on the Android device, letting you use automation or customization apps without issues, and saving you from having to configure syncronization settings for each app. Looking at you, Joplin.

My suspicion is Nextcloud developers are doing it this way to increase your awareness of the brand and the application, following the footsteps of Dropbox. For the longest time Dropbox was a rock-solid syncing application that did one thing and it did it really well, but now they’re trying to force changes nobody likes in an effort to make more money.

If this is indeed the case Nextcloud developers are learning all the wrong lessons from Dropbox’ failure to understand what it had. Instead of strenghtening its core they’re throwing a million other things at the wall to see what sticks:

  • Talk: Chat server, basically. There’s already plenty of those already available and I don’t see them supplanting IRC, Discord, or Slack. Ever. Nevermind Zoom or Jitsi.
  • Deck: Project management? There are better apps for that that are easier to configure, manage and secure.
  • Notes: There are a myriad note taking applications out there that work better. I don’t need yet another one.
  • Passwords: Again, there are better alternatives: KeePass, 1Password, LastPass.

Nextcloud has a chance to do that one thing well and do it better than Dropbox ever did— that is, file syncing. I feel they’re consciously choosing to throw it away because they want to get a bit more clout and a bit more money. If they keep at it they’re going to end up like Mozilla.

College has always been a business

/ from outside / , , , ,

It might seem ludicrous to sacrifice public health to preserve indiscretion as an ideal of college life, but that life has never aspired toward well-being in the first place. It’s a deliberate feature of college, not a side effect. “Youthful indiscretions were tolerated and even encouraged as part of the process of upward social mobility that the college facilitated,” Thelin writes.

Source: Why Did Colleges Reopen During the Pandemic? – The Atlantic

You can only do this if you’re white, however. If you’re not white, you’ll likely become another customer of the carceral state and universities are more than happy to throw you down that well.

In the past 60 years colleges have sold the aspirational aspect as something worthy to be experienced no matter the cost. For-profit schools benefited from the halo effect.

No more.

The text itself is the lie

/ from outside / , , , ,

GPT-3 is a communication revolution that threatens to eliminate the possibility of information about the original human intentionality behind a given text post.

Source: GPT-3: Informational Hyper-Inflation – Never Met a Science

Unless you see the name of someone who is a real human on a text you cannot be sure that text was written by an actual breathing human. Even then you’re not assured the text was actually written by a human, merely that it was vetted by a human who then decided it was okay to put their name to this text.

You still cannot be sure the text was actually written by them. As the author of that post says this will only help drive written media away giving priority to audio and video media.

How long until those are mediated by AI? Nvidia is already making a go at it with the purpose of reducing used bandwidth but it won’t be long before the tech is being used to fake entire appearances.

Oh, you want to setup a neighborhood network? They’ll throw the cops at you for that

/ from outside / , , , ,

Stephen Milton, who helped to design and build the Gigabit Now service in Sea Ranch, California explained that his company had to obtain permission from 23 separate local, county, and federal granting agencies to get the new project up and running. Broadband provider Sacred Wind out of New Mexico wrote in a filing to the FCC that an application involving one landowner and one authorizing jurisdiction commonly takes 2–4 years to complete, while something more complex, that involves more than one piece of land spanning multiple authorizing jurisdictions, can take anywhere from 4–8 years to complete. Slow response times translate into delays and adoption lags.

Source: The curious case of Romanian broadband | by Will Rinehart | The Benchmark | Oct, 2020 | Medium

Here in the US most of these bumps are by design by way of from redlining, NIMBYism, and plain old lack of foresight from local governments. This in turn gave more power to state governments who in turn receive most of their regulatory guidelines from the companies they’re supposed to be regulating. A lot of states now explicily forbid cities, counties, and municipalities from even trying to enact their own regulations when it comes to broadband, specially publicly owned infrastructure.

Wealthy neighborhoods will always see at least two companies deal with the regulatory gauntlet as they know the profits to be made will be worth it, which in turn helps attract more wealthy people to the neighborhood. Poor neighborhoods have not seen that kind of investment in decades, and will likely never see it in the foreseeable future. Here in Minneapolis one company is rolling out fiber throughout the city and North Minneapolis isn’t even in the plan for them. This has been a historical goal of racist and classist local governments.

Should government at any level try to change the rules, companies involved in last-mile telecom duopolies will scream bloody murder and call up their wholly owned GOP subsidiary in Congress to keep the status quo.

Organize album order in Flickr

/ toolset / , , ,

I like Flickr. I have been a paying user for years, since the heady days of Web 2.0. Very photo, so web.

But their documentation fucking sucks. It went down in quality when Yahoo took over, and SmugMug isn’t doing much better. But anyway.

Here’s how to reorganize the order in which albums in the Flickr mobile app show up:

  1. Log in to Flickr on the web
  2. Go to the Albums & Collections section of the Organizr.
  3. At the top of the page make sure Viewing: All Albums is selected.
    Flickr Album Organizr
  4. On the right panel order the albums whichever way you want.

Making this change will have effect in two places:
– The Albums page on the web
Flickr Album page on website

  • The Albums page in the mobile App.
    Flickr Album page on Android mobile app

Neither the Flickr Help Center nor the Help Forum have any posts about this. Now, I’m using the Android app but I assume the iOS-based versions will also follow the ordering set in the Organizr panel.

I wish Flickr enabled a few things:
– Sorting by album metadata (alphabetically, album creation date)
– Sorting by picture metadata (make bigger/smaller albums show up first/last). This would include sorting by last album upload, so albums used the most get shown first.
– Make Collections a first-class citizen on the site. They’ve been relegated as a little used organization tool that no one uses and when it does get used it isn’t showcased.

Flickr has so much to win now that Instagram is being integrated ever more into facebook’s grubby infrastructure.

Scroll to Top