Six months ago, distributed crawling hit code.forgejo.org, and the mitigation measures put in place then held until a few weeks ago. The mitigation measures relied on JavaScript-based proof-of-work, but the crawling software learned to resolve the measures, allowing the attack to return.

Since November 24, a new blocking strategy has been implemented and successfully blocked around one million unique IPs daily. Only 5,000 unique IP addresses reach code.forgejo.org daily, and no reports of legitimate traffic being blocked have been received.

Crazy. A 1M to 5k ratio.

The linked to ‘new strategy’ information is interesting too. They’re blocking a specific user agent.

TL;DR: 26 November ~900,000 unique IPs sent requests to code.forgejo.org and blocking one user agent effectively blocks over 90% of them. At the moment ~50,000 unique IP hit code.forgejo.org per hour, ~5,000 of them are not using the suspicious user agent and are sent to Anubis, ~1,000 of them pass the challenge and reach code.forgejo.org.

&& Header(`user-agent`, `Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36`)

The author provided no evidence of it

They’re contextualizing and sourcing it plenty. It’s their impression from their experience, from their years of being in that field. In the later adding of comments at the end they go into different takes as well, reiterating that it’s what they saw or see in [their] big corp[s] [and those he talks to].

You’re saying people are rotating too often - which was one of their points. Not sure if you meant support that point or point it out [assuming they didn’t].

Sharing, because I had to look up Abstract Wikipedia

Abstract Wikipedia is an in-development project of the Wikimedia Foundation. It aims to use Wikifunctions to create a language-independent version of Wikipedia using its structured data.

Microsoft actually cut off Israel’s access to Azure…

After months of pressure and trying to silence internal criticism.

I had to look it up to make sure “months of” is correct. Wikipedia has the infos https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Israeli_military_support 2023-2025, various employees fired

“Microsoft actually cut off Israel’s access to Azure” doesn’t really cover or adequately represent their behavior regarding this topic.

That comment doesn’t say anything about what I’m asking about here.

IMO the intro “[shared] to the respective secret scanning partner” is a bit misleading because it can be read as third parties unrelated to the secret that do secret scanning. The text later on only mentions the issuer of secrets, though.

To protect the developer community, GitHub partners with hundreds of secret scanning partners to identify leaked secrets.

GitHub works directly with industry partners like AWS, OpenAI, and Stripe to build detectors for their specific secret formats […]
GitHub notifies the secret issuer when publicly leaked secrets are found, allowing the partner to take immediate action.

Probably in some AI training data sets. Not that those are particularly good backups.

maybe they also mean Israel/Gaza or the AI push

… Gitlab though; the only difference is you see more “a large premium customer is requesting this” comments!

I love those! /s 😄 It can certainly feel like a pattern, specifically for some tickets.

YouTube recently introduced UI changes. Google probably didn’t optimize for Firefox besides Chrome. Whatever they’re doing, it may be more performance on Chrome than on Firefox for technical reasons.

As a quality metric, “bad company”. If you can differentiate between hardware product and drivers, you can separate those metrics. But usually, and for most people, using the product also means using their drivers.

You can just take the L and say you didn’t see that the function definition that was “added” was just “removed” at the top.

That’s not what happened though.

Changing the indent of the def changes the definition. That’s my whole argument.

I don’t get why you say “of course”, agreeing with my point, but then “it was only the indentation that was changed”.

Do you have a comparison to other tools like Grammarly? Were you sometimes missing suggestions or linting rules?

as an open-source alternative to Grammarly

intentionally avoids including any kind of generative AI in any part of our processing pipeline

Isn’t that what Grammarly is all about, though? Be better than traditional spellchecking through LLM?

I assume Harper is entirely Rules based, then? Which inherently means limited to what rules where introduced manually and what the rules cover.

New hardware manufacturer quality metric: Number of frustrated user pledges per time since market introduction.

What I wrote. I wouldn’t want to do AI Thursday and kinda malicious compliance for a prolonged time.

I see, thank you for the clarification. I was quite confused because it seemed to be missing, this one didn’t quite seem correct. If they never even pushed it as a MR then that makes more sense. Then the whole “hasn’t been merged yet” is missing that it hasn’t even been created.

I see, thank you for the clarification. I was quite confused because it seemed to be missing, this one didn’t quite seem correct. If they never even pushed it as a MR then that makes more sense. Then the whole “hasn’t been merged yet” is missing that it hasn’t even been created.

An indentation change is a definition code change. And as I pointed out, it’s a py file, and Python is an indent-significant language.

So you’re using [] as an alternative function call syntax to (), usable with nullable parameters?

What’s the alternative? let x = n is null ? null : math.sqrt(n);?

In principle, I like the idea. I wonder whether something with a question mark would make more sense, because I’m used to alternative null handling with question marks (C#, ??, ?.ToString(), etc). And I would want to see it in practice before coming to an early conclusion on whether to establish as a project principle or not.

math.sqrt?() may imply the function itself may be null. (? ) for math.sqrt(?n)? 🤔

I find [] problematic because it’s an index accessor. So it may be ambiguous between prop or field indexed access and method optional param calls. Dunno how that is in Dart specifically.