Cryptography nerd

Fediverse accounts;
Natanael@slrpnk.net (main)
Natanael@infosec.pub
Natanael@lemmy.zip

Lemmy moderation account: @TrustedThirdParty@infosec.pub - !crypto@infosec.pub

@Natanael_L@mastodon.social

Bluesky: natanael.bsky.social

  • 0 Posts
  • 26 Comments
Joined 6 months ago
cake
Cake day: January 18th, 2025

help-circle



  • You could import fabric physics and just have it lie there, but that’s going to be a bigger hit on performance than you possibly can imagine and it will move weirdly (in large part becomes we’re not modeling wind, just fabric in a vacuum) and the model features it will lie on top of won’t deform accurately from the simulated weight, etc…












  • Reddit admins are insanely biased towards right wingers. They talk about the same free speech bullshit while only allowing one side to speak freely.

    They tolerated brigades organized by them for years despite brigades being prohibited, they allowed T_D to absolutely dominate the front page by vote manipulation until a huge majority of the site got too outraged (that’s when the 2 post cap/day per sub was set, along with ignoring votes on pinned posts). T_D screamed and screamed and screamed about being censored when that happened (nothing was even removed), and everybody else was happy reddit FINALLY AFTER YEARS did something, anything, to make the site a bit more usable again. Tons of left leaning subs were banned long before they ever touched any far right extremism.

    The left wing bias you might have seen comes from moderators who actually have expertise on their subjects (like science subreddits), not from the admins



  • I hate them.

    I run a cryptography forum on reddit (now here too). On reddit it’s /r/crypto. Before the random suggested usernames every spam operation had to make up their own random username scheme. They ended up being mostly distinguishable because they used patterns normal people didn’t. Now? A ton of users with limited activity are now indistinguishable from bots. So the subreddit has to be in restricted mode so only approved users can post, and for anybody with ambiguous post history I have to send them a request for more detail to be able to keep spammers out while still allowing genuine newbies to join to ask questions. Otherwise the spam volume just ends up being way too intense.




  • If you’ve already noticed incoming traffic is weird, you try to look for what distinguishes the sources you don’t want. You write rules looking at the behaviors like user agent, order of requests, IP ranges, etc, and put it in your web server and tells it to check if the incoming request matches the rules as a session starts.

    Unless you’re a high value target for them, they won’t put endless resources into making their systems mimic regular clients. They might keep changing IP ranges, but that usually happens ~weekly and you can just check the logs and ban new ranges within minutes. Changing client behavior to blend in is harder at scale - bots simply won’t look for the same things as humans in the same ways, they’re too consistent, even when they try to be random they’re too consistently random.

    When enough rules match, you throw in either a redirect or an internal URL rewrite rule for that session to point them to something different.