A tiny mouse, a hacker.

See here for an introduction, and my link tree for socials.

  • 0 Posts
  • 15 Comments
Joined 3 years ago
cake
Cake day: December 24th, 2023

help-circle
  • I’m running Tang on a VPS, outside of my homelab. Servers in my homelab set up networking and a dedicated WireGuard tunnel to the VPS from initrd, to be able to talk to Tang, to help unlock the filesystem. The WireGuard tunnel is only allowed from my home ISP’s ASN. So if anyone picks up all my equipment from my homelab and walks away with them, they will not be able to boot them up, unless they connect from my ISP’s ASN (good luck), or know the passphrase.

    Additionally, some of my homelab computers that support TPM also have a TPM pin, so walking away with the disk only, and connecting from my ISP’s ASN would still not be enough. This is rather pointless, anyone who walks away with the disk only will likely take the entire computer instead. But it was fun setting it up.

    In the not so distant future, I’ll update this setup to use Shamir Secret Sharing more, where I’ll have three pins: my VPS (via Wireguard), a small computer somewhere else in my apartment, and a third at a neighbour (+ TPM on supporting computers).






  • I’m using a setup similar to what you had in mind: I have a small €4/month VPS as my front, with scrapers taken care of by iocaine (it both blocks them, and firewalls the worst off automatically). That’s over 90% of the HTTP(s) traffic never making it past the VPS, greatly reducing the traffic into my home network. My actual servers are behind a WireGuard tunnel.

    It does not protect against a non-HTTP DDoS, but that wasn’t part of my threat model to begin with. My VPS provider (Hetzner) has DDoS protection even for €4/month servers - that doesn’t include the scraper DDoS, but includes other kinds - I have luckily not been a victim of any, so no idea whether it works reliably.

    Against the scrapers, a VPS + bot defense + Wireguard works like a charm. Can recommend.



  • It can stop them nowadays, by firewalling some of the crawlers off. The reason it doesn’t stop them by default is because it serves them poisoned URLs, which it can later identify if the crawlers come back riding a headless Chrome. But once they do that, and hit a poisoned URL, there’s little reason to let them wander in an endless maze further: serve one request, and block the IP.

    I’ve been running that on my own infra, and my daily number of requests went down from ~50+ million to… 2 million.





  • algernon@lemmy.mltoMemes@lemmy.ml...
    link
    fedilink
    arrow-up
    15
    ·
    6 months ago

    Same here. We have a joint account, I’m the sole earner, apart from mortgage and utilities and whatnot, she’s spending all of it, and that’s great, because she does it much better than I could. I suck at managing money, she does not. I wish I could give her more money.


  • I… have my doubts. I do not doubt that a wider variety of poisoned data can improve training, by implementing new ways to filter out unusable training data. In itself, this would, indeed, improve the model.

    But in many cases, the point of poisoning is not to poison the data, but to deny the crawlers access to the real work (and provide an opportunity to poison their URL queue, which is something I can demonstrate as working). If poison is served instead of the real content, that will hurt the model, because even if it filters out the junk, it will have access to less new data to train on.



  • I had a short tootstorm about this, because oh my god, this is some terribly ineffective, useless piece of nothing.

    For one, Poison Fountain tells us to join the war effort and cache responses. Okay…

     curl -i https://rnsaffn.com/poison2/ --compressed -s
    HTTP/2 200
    content-disposition: inline
    content-encoding: gzip
    content-type: text/plain; charset=utf-8
    x-content-type-options: nosniff
    content-length: 959
    date: Sun, 11 Jan 2026 21:17:36 GMT
    
    

    Yeaah… how am I supposed to cache this? Do I cache one response and then continue serving that for the 50+ million crawlers that visit my sites every day? And you think a single, repetitive thing will poison anything at all? Really?

    Then, the Poison Fountain explanation goes on to explain that serving garbage to the crawlers will end up in the training data. I’m fairly sure the person who set this up never worked with model training, because this is not what happens. Not even the AI companies are that clueless, they do not train on anything and everything, they do filter it down.

    And what this fountain provides, is trivial to filter.

    It’s also mighty hard to set up! It’s not just a reverse_proxy https://rnsaffn.com/posion2, because then you leak all the headers you got. No, you have to make a sanitized request that doesn’t leak data. Good luck!

    Meanwhile, there are a gazillion of self-hostable garbage generators and tarpits that you can literally shove in a docker container and reverse proxy tarpit URLs to them, safely, locally. Much more efficient, far more effective. And, seeing as this is practically uncacheable, if I were to use it, I’d have to send all the shit that hits my servers, their way. As far as I can tell, this is a single Linode server. It probably wouldn’t crumble under my 50 million requests / day, but if ten more people would join the “war effort” without caching, my well educated guess is that it would fall over and die.

    Besides, we have no idea whether poisoning works. We can’t measure that. What we can measure, is the load on our servers, and this helps fuck all in that regard. The bots will still come, they’ll still hit everything, and I’d have additional load due to the network traffic between my server and theirs (remember: the returned response provides no sane indicators that’d allow caching while keeping the responses useful for poisoning purposes).

    Not only is this ineffective in poisoning, it’s not usable at all in its current state. And they call for joining the war effort. C’mon.