Need to make a primal scream without gathering footnotes first? Have a sneer percolating in your system but not enough time/energy to make a whole post about it? Go forth and be mid: Welcome to the Stubsack, your first port of call for learning fresh facts of Awful you’ll near-instantly regret.

Any awful.systems sub may be subsneered in this subthread, techtakes or no.

If your sneer seems higher quality than you thought, feel free to cut’n’paste it into its own post — there’s no quota for posting and the bar really isn’t that high.

The post Xitter web has spawned soo many “esoteric” right wing freaks, but there’s no appropriate sneer-space for them. I’m talking redscare-ish, reality challenged “culture critics” who write about everything but understand nothing. I’m talking about reply-guys who make the same 6 tweets about the same 3 subjects. They’re inescapable at this point, yet I don’t see them mocked (as much as they should be)

Like, there was one dude a while back who insisted that women couldn’t be surgeons because they didn’t believe in the moon or in stars? I think each and every one of these guys is uniquely fucked up and if I can’t escape them, I would love to sneer at them.

    • self@awful.systems
      link
      fedilink
      English
      arrow-up
      0
      ·
      6 months ago

      I got curious and looked up both IPs associated with the domain name and it is in fact just CloudFlare

      also, their DNS-over-HTTPS (this is new to me but I stay the fuck away from cloudflare and it looks like a standard they’ve pushed for) endpoint is just the 1.1.1.1 one with the domain name changed, but the AdGuard and Accelerator ones basically confirm they’re analyzing traffic before passing it off to cloudflare

      • froztbyte@awful.systems
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        6 months ago

        a quick check using a canary. test command:

        curl -H 'accept: application/dns-json' 'https://0ms.dev/dns-query?name={snip}.canarytokens.com'
        

        canary trigger:

        geo_info: {'loc': '51.5085,-0.1257', 'org': 'AS13335 Cloudflare, Inc.', 'city': 'London', 'country': 'GB', 'region': 'England', 'ip': '141.101.70.74', 'timezone': 'Europe/London', 'postal': 'E1W', 'asn': {'route': '141.101.70.0/24', 'type': 'hosting', 'asn': 'AS13335', 'domain': 'cloudflare.com', 'name': 'Cloudflare, Inc.'}}
        

        so, yeah, the actual resolve is being done by cloudflare servers too - it’s not even just a cf frontproxy to a different backend service. could be done with cf workers or something, I imagine, would need to test a bit further to know/try see

      • David Gerard@awful.systemsM
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        6 months ago

        that’s fabulously odious!

        yeah, think i’ll be writing this one up for the weekend

        this sort of thing does not help me have an anti-carceral attitude

        • David Gerard@awful.systemsM
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          6 months ago

          This is slightly weird. There’s a company called “DNSfilter” that’s been advertising itself for a few years as an “AI-powered DNS resolver” - since well before the present hype. I suspect their “AI” bit is threat detection with machine learning in. They appear to be going for the lucrative boring enterprise market.

          This thread suspects the whole 0ms.dev thing was written with LLMs and the “mirrors” bit is basically an open proxy.

          You sure they’re skimming results? I saw what looks like a filter to add to an adblocker …

          • self@awful.systems
            link
            fedilink
            English
            arrow-up
            0
            ·
            6 months ago

            You sure they’re skimming results? I saw what looks like a filter to add to an adblocker …

            see I don’t have a smoking gun on this, but if it is a garden variety adblocker and whatever the accelerator does (it’s extremely unclear) running on cloudflare workers, they at least have the ability to MiTM and modify DNS queries, and open proxies are always a security nightmare. my impression is the filter list they link is either what that endpoint uses to filter, or it’s LLM vomit they kept in because it felt more legitimate.

            this might be worth poking at more in a controlled setting — a command line DNS-over-HTTP client using their endpoints and some exploration of the open proxy with curl (especially with sites that utilize credentials, with great care taken to use disposable accounts for this) might be illuminating

          • froztbyte@awful.systems
            link
            fedilink
            English
            arrow-up
            0
            ·
            6 months ago

            and the “mirrors” bit is basically an open proxy

            could test this by setting up a simple example page and seeing the originating source for the traffic

            same technique as previous, using an http (not https) canary:

            geo_info: {'loc': '51.5085,-0.1257', 'org': 'AS13335 Cloudflare, Inc.', 'city': 'London', 'country': 'GB', 'region': 'England', 'ip': '141.101.98.196', 'timezone': 'Europe/London', 'postal': 'E1W', 'asn': {'route': '141.101.98.0/24', 'type': 'hosting', 'asn': 'AS13335', 'domain': 'cloudflare.com', 'name': 'Cloudflare, Inc.'}}
            useragent: (no user-agent specified)
            request_headers: {'Host': 'canarytokens.com', 'X-Real-Ip': '141.101.98.196', 'X-Forwarded-For': '2a06:98c0:3600::103, 141.101.98.196', 'X-Forwarded-Host': 'canarytokens.org', 'Connection': 'close', 'Accept-Encoding': 'gzip', 'Cf-Ray': '89f1a3a114752508-LHR', 'X-Forwarded-Proto': 'https', 'Cf-Visitor': '{"scheme":"https"}', 'Cf-Ew-Via': '15', 'Cdn-Loop': 'cloudflare; subreqs=1', 'Cf-Connecting-Ip': '2a06:98c0:3600::103'}
            request_args: {}
            
            • froztbyte@awful.systems
              link
              fedilink
              English
              arrow-up
              0
              ·
              6 months ago

              idle thought: since this is (as @self highlighted) effectively an open proxy, you could also just resource-bomb it quite easily

              not that I’m planning to, but it’d be dirt bloody easy and it would be a very quick test as to the claims on the site