I had to lock-down my private Gitea server when I noticed my commits were taking forever, because my meager 2-CPU instance was pegged.
Tail the nginx logs, sure enough some jerk is asking for every URL for every git commit ever done, with no delays/backoffs/anything. Just hammer the ever-loving crap out of me. Lovely, GTFO!
The simplest thing to do: add HTTP Basic auth, now my git server is no longer accessible to the public. Thanks AI startups! Maybe I'll re-enable after this craze is over.
At least in the US, establishing a legal contract requires more than just an attestation and agreement by both parties (verbal or written or telegraphed or whatever).
For example it’s not a contract if there is no “consideration”, a legal term meaning the parties have exchanged something of value.
IANAL, but “abuse of telecom resources” is the more likely flavor of legal hot-water you might land in. I would absolutely not worry about a fraudster taking me to court.
Contract requires "meeting of minds", i.e. intentional assent from both sides. I am not sure text generated by fully automated bot can be treated as intentional assent.
All this non-lawyer programmer legal analysis is always fun because no one really knows. When I send email aren't I just telling my email "robot" to do something? This is one layer beyond that, my 'llm robot' is sending text messages on my behalf.
When you send an email, there's your conscious intent behind it. So it doesn't matter what technology is in between, as long as your mind is moving it. If you didn't intend it (as in, I know you are on vacation and send you an email saying "if you agree to pay me $1000 send me back a vacation reply" then your mail system sending me a vacation reply does not constitute an intentional action, because it would send the reply to anything. It is true that I am not a lawyer, but laws often make sense, and derive from common sense. Not always, but is such a fundamental matter as contracts they usually do make sense.
That's a good example. But that auto reply is a kind of bot. "Sensible" is just separate from what's legally actionable in too many cases. I do see llms as just that next step in auto replay. We already know companies use them to process your text requests / descriptions when getting help, and they auto-answer things and there are endless stories even today of awful unsuitable responses triggered on llm systems.
All true, but these llm systems aren't random, there's certain intent behind them, they are supposed to do something. So if they do what they are supposed to, then the intent - which is human intent - exists, but it's something that the human creator of the tool did not intend, I don't think any human court would recognize it as a basis for a contract.
Actually it goes back a bit further, basically to the dawn of civilization. The first battle in recorded history was between Egypt and the Hittites, the Battle of Megiddo, in what is today the state of Israel [1].
I don't think it's a troll (though not a particularly useful comment); Linux has had no true async story thus far. poll, epoll, et. al. are all synchronous behind-the-scenes.
What Linux still lacks is an OVERLAPPED data structure.
NT has supported async I/O since it's inception. It was a design principle of the kernel -- all I/O operations in the kernel are async'ed.
I wasn't referring to async I/O. I'm talking about the ability to make system calls using a user/kernel shared memory buffer, without having to enter and exit the kernel. (This is particularly important with all the security mitigations that make kernel entry/exit more expensive.)
Technically Windows has Registered I/O in Windows 8/Server 2012 for networking which provided this functionality. I/O Rings in Windows extended this to other types of I/O, but of course with a separate API.
Folks using range requests will certainly welcome these as a great improvement. Without them, you need some ugly shell around your curl command to do it right, sending headers manually and slicing files in the shell.
And, if you don’t need them, don’t use them! Have you seen how many options curl has? But never good ones to support range requests until now.
I'm _pretty sure_ you're referring to `-C - -o $filename` and not this behavior. This one allows slurping ranges of local files and sending those in their entirety. I am open to maybe one day it does something crazypants with `-X PATCH --variable "fred@file[867-5309]"` or such but I doubt gravely that it does any such thing today
As shown here:
$ python3 -m http.server 9090 &
# that doesn't matter, just return _something_ on :9090
$ ls -l .DS_Store
-rw-r--r--@ 1 mdaniel staff 18436 Dec 30 11:30 .DS_Store
$ curl -vo .DS_Store -C - http://127.0.0.1:9090/.DS_Store
** Resuming transfer from byte position 18436
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 127.0.0.1:9090...
* Connected to 127.0.0.1 (127.0.0.1) port 9090
> GET /.DS_Store HTTP/1.1
> Host: 127.0.0.1:9090
> Range: bytes=18436-
> User-Agent: curl/8.7.1
> Accept: */*
One can see where curl helpfully loaded the local file's 18436 size, set up the Range header, and included it on the first-contact with the http server.
While digging into this, there's actually one for its modification time, too. Curl knows all:
As for your "well, just don't use it then" stance, it has been my experience in building software that the Law of Unintended Consequences is brutal. The first bug report filed where someone discovers that a `--header` argument cannot contain {{ anymore due to a fat-fingered function change will let me put another quarter in the I Told You So jar
Watch as someone names themselves the bell character, “^G” (ASCII code 7) [1]
When they meet people, they tell them their name is unpronounceable, it’s the sound of a PC speaker from the late 20th century, but you can call them by their preferred nickname “beep”.
In paper and online forms they are probably forced to go by the name “BEL”.
It seems that this solution selects the most "visually pleasing" frames, which ffmpeg on its own doesn't do. You could probably hack around it to arrive at a decent solution[1], but something like this would require an advanced filter or an external tool.
Tail the nginx logs, sure enough some jerk is asking for every URL for every git commit ever done, with no delays/backoffs/anything. Just hammer the ever-loving crap out of me. Lovely, GTFO!
The simplest thing to do: add HTTP Basic auth, now my git server is no longer accessible to the public. Thanks AI startups! Maybe I'll re-enable after this craze is over.