Showerthoughts

39066 readers

546 users here now

A "Showerthought" is a simple term used to describe the thoughts that pop into your head while you're doing everyday things like taking a shower, driving, or just daydreaming. The most popular seem to be lighthearted clever little truths, hidden in daily life.

Here are some examples to inspire your own showerthoughts:

Rules

All posts must be showerthoughts
The entire showerthought must be in the title
No politics
- If your topic is in a grey area, please phrase it to emphasize the fascinating aspects, not the dramatic aspects. You can do this by avoiding overly politicized terms such as "capitalism" and "communism". If you must make comparisons, you can say something is different without saying something is better/worse.
- A good place for politics is c/politicaldiscussion
Posts must be original/unique
Adhere to Lemmy's Code of Conduct and the TOS

If you made it this far, showerthoughts is accepting new mods. This community is generally tame so its not a lot of work, but having a few more mods would help reports get addressed a little sooner.

Whats it like to be a mod? Reports just show up as messages in your Lemmy inbox, and if a different mod has already addressed the report, the message goes away and you never worry about it.

founded 2 years ago

MODERATORS

vatlark@lemmy.world

forkball@lemmy.world

SuperEars@lemmy.world

383

What's if instead of a dead internet we end up with a dark forest internet (aussie.zone)

submitted 1 month ago by Aussiemandeus@aussie.zone to c/showerthoughts@lemmy.world

86 comments fedilink hide all child comments

We all migrate to smaller websites try not to post outside drawing attention just to hide from the "Ai" crawlers. The internet seems dead except for the few pockets we each know existed away from the clankers

you are viewing a single comment's thread
view the rest of the comments

[–] daniskarma@lemmy.dbzer0.com 211 points 1 month ago (28 children)

I have a testing website. I have never gave the address to absolutely anyone, ever. It's not linked with anything. It's just a silly html site living in a domain.

It's still being ping and probed to death by bad actors. No necessarily AI scrappers. But it's dozens or hundreds of http petitions a day for random places all over the world.

There's no black forest. It's all light up and under constant attack, every tree is already on fire.

[–] dual_sport_dork@lemmy.world 104 points 1 month ago (17 children)

That's because it's numerically possible to sweep through the entire IPv4 address range fairly trivially, especially if you do it in parallel with some kind of botnet, proverbially jiggling the digital door handles of every server in the world to see if any of them happen to be unlocked.

One wonders if switching to purely IPv6 will forestall this somewhat, as the number space is multiple orders of magnitude larger. That's only security through obscurity, though, and it's certain the bots will still find you eventually. Plus, if you have a doman name the attackers already know where you are — they can just look up your DNS record, which is what DNS records are for.

[–] kazaika@lemmy.world 8 points 1 month ago (2 children)

Servers which are meant to be secure usually are configured to not react to pings and do not give out failure responses to unauthenticated requests. This should be viable for a authenticated only walled garden type website op is suggesting, no?

[–] dual_sport_dork@lemmy.world 1 points 1 month ago

There are several things you could do in that regard, I'm sure. Configure your services to listen only on weird ports, disable ICMP pings, jigger your scripts to return timeouts instead of error messages... Many of which might make your own life difficult, as well.

All of these are also completely counterproductive if you want your hosted service, whatever it is, to be accessible to others. Or maybe not, if you don't. The point is, the bots don't have to find every single web service and site with 100% accuracy. The hackers only have to get lucky once and stumble their way into e.g. someone's unsecured web host where they can push more malware, or a pile of files they can encrypt and demand a ransom, or personal information they can steal, or content they can scrape with their dumb AI, or whatever. But they can keep on trying until the sun burns out basically for free, and you have to stay lucky and under the radar forever.

In my case just to name an example I kind of need my site to be accessible to the public at large if I want to, er, actually make any sales.

[–] Cooper8@feddit.online 1 points 1 month ago

I have suggested a couple of times now that ActivityPub should implement an encryption layer for user authentication of requests and pings. It already has a system for instances vauching for each other. The situation is that users of "walled garden" instances in ActivityPub lack means of interfacing with public facing instances that doesnt leave the network open for scraping. I believe a pivot towards default registered users only content service built on encrypted handshakes, with the ability for servers to opt-in to serving content to unregistered users would make the whole network much more robust and less dependent on third party contingencies like CloudFlare.

Then again, maybe I should just be looking for a different network, I'm sure there are services in the blockchain/cryptosphere that take that approach, I just would rather participate in a network built on commons rather than financialization at it's core. Where is the protocol doing both hardened network and distributed volunteer instances?

load more comments (14 replies)

load more comments (24 replies)