This action will delete this post on this instance and on all federated instances, and it cannot be undone. Are you certain you want to delete this post?
JayVii
jayvii@social.jayvii.dehe/him | #Statistics #DataScience #OpenSource #FreeSoftware #Privacy #Vegan 🌱
jayvii@social.jayvii.dehe/him | #Statistics #DataScience #OpenSource #FreeSoftware #Privacy #Vegan 🌱
| Websites | https://jayvii.de |
|---|---|
| Introduction | https://social.jayvii.de/introduction |
| jayvii+social [AT] posteo [DOT] de | |
| Languages | DE / EN |
I've been in the fediverse since 2017 already, however with the recent growth in users and the switch to my own instance, I figured it is time for an #introduction.
I am a #Statistician and #DataScientist from Germany. I am also passionate about Free and #OpenSource #Software and am deeply involved in hosting, developing and advocacy of privacy friendly FOSS tools.
Besides above two topics, I share posts & ramble myself about #politics in Germany and the EU, #feminism, #veganism, #selfhosting, #rstats, #linux and whatever is currently happening. Posts are typically in English, shares are often in German as well.
If you have further questions, you are free to ask any time. You can find further contact info (incl. PGP) on my website https://www.jayvii.de
Daily Reminder, dass uns jedes Jahr 200 MILLIARDEN € durch Steuerbetrug verloren gehen. Geld, das uns in Schulen, Pflege und Infrastruktur fehlt.
Bleibt aber eine Randnotiz. Stattdessen wird ernsthaft über Einsparungen bei Jugendhilfe und Leistungen für Menschen mit Behinderung diskutiert.⬇️
Remember? "Sideloading" is here to stay, and won't go away, they said? Don't be afraid, they said? Something something "we heard you"? Suuuure! Who would ever doubt it!
Attached the copy of a mail developers with apps in the PlayStore CURRENTLY receive. Please, read the text in the red box carefully:
"Apps not registered by September 2026 WILL NO LONGER BE INSTALLABLE ON CERTIFIED ANDROID DEVICES in select countries."
See an exception there? I don't.
Your push notifications can betray your privacy. Here are the settings you can enable to do something about that: https://www.eff.org/deeplinks/2026/04/how-push-notifications-can-betray-your-privacy-and-what-do-about-it
FĂĽr kommenden Samstag, 18. April 2026, ruft die Initiative "Zoo Freie Stadt" zu einer Demonstration in #SaarbrĂĽcken auf. Auftakt ist um 11 Uhr in der ReichsstraĂźe vor der Europagalerie. Gefordert wird ein Bekenntnis der #Saar Landeshauptstadt zum Ausstieg aus der Zootierhaltung.
Are you still banning, or do you already penalize?
Still using fail2ban just for stopping SSH brute force attempts? Since OpenSSH 9.8 there is a new config option for sshd_config: PerSourcePenalties This option has several parameters where you can define how long a client, based on its IP address, will be blocked, according to the unwanted behaviour. The most important parameters are: [...]
Still using fail2ban just for stopping SSH brute force attempts? Since OpenSSH 9.8 there is a new config option for sshd_config: PerSourcePenalties This option has several parameters where you can define how long a client, based on its IP address, will be blocked, according to the unwanted behaviour. The most important parameters are:
- min:duration – the minimum penalty which must be accumulated before it is enforced, default 15 seconds (15s).
- max:duration – the maximum penalty which can be accumulated, default 10 minutes (10m).
- crash:duration – penalty that cause a crash of sshd, default 90s.
- authfail:duration – penalty for disconnecting clients after making one or more unsuccessful authentication attempts, default 15s. Consider also MaxAuthTries, which defaults to 6. So in an default setup an IP would be banned for 15 seconds if someone typed the wrong password for 6 times.
- invaliduser:duration – penalty for authentication attempts with an invalid user, default 5s (available since OpenSSH 10.3)
- noauth:duration – penalty for disconnecting without attempting authentication , default 1s. Don't change this if you're running monitoring checks against sshd.
- grace-exceeded:duration – penalty for not logging in after LoginGraceTime (default: 120s), default 10s.
There is also PerSourcePenaltyExemptList, which is a comma-separated list of addresses to exempt from penalties.
As you can see the default values are quite lax. Let's tighten the rules a bit:
- A client should be refused connection for 1 hour after 3 unsuccessful auth attempts (using also MaxAuthTries) and crash attempts.
- Since penalties do accumulate and the default max duration is 10 minutes we must define a new maximum penalty.
- As for invalid user attempts I set the penalty to 5 minutes, since typos can happen (if OpenSSH >= 10.3)
- I don't touch the noauth parameter, since monitoring tools and tools like ssh-keyscan could be blocked.
The resulting sshd_config snippet looks like this (for OpenSSH 10.3 and newer)
MaxAuthTries 3
PerSourcePenalties crash:3600s invaliduser:300s authfail:3600s max:86400s
Since OpenSSH 10.3 is quite new (released on 2026-04-02), most Linux users would want to omit the invaliduser parameter:
MaxAuthTries 3
PerSourcePenalties crash:3600s authfail:3600s max:86400s
This makes tools like fail2ban quite obsolete, if it is used in an default setup just for blocking SSH brute force attempts. Of course, if you're using them in more complex scenarios and not only for SSH, these tools are still useful.
Perhaps one of the most frustrating things about the usage of AI is, people are being pushed into it in order to poorly address previously-solved problems (e.g. web search) which have been taken away from us. I don't want ChatGPT, I want a search engine that gives me the results I requested and not what advertisers want on my eyeballs.
If you don’t have the resources to write and understand the code yourself, you don’t have the resources to maintain it either.
Any monkey with a keyboard can write code. Writing code has never been hard. People were churning out crappy code en masse way before generative AI and LLMs. I know because I’ve seen it, I’ve had to work with it, and I no doubt wrote (and continue to write) my share of it.
What’s never been easy, and what remains difficult, is figuring out the right problem to solve, solving it elegantly, and doing so in a way that’s maintainable and sustainable given your means.
Code is not an artefact, code is a machine. Code is either a living thing or it is dead and decaying. You don’t just write code and you’re done. It’s a perpetual first draft that you constantly iterate on, and, depending on what it does and how much of that has to do with meeting the evolving needs of the people it serves, it may never be done. With occasional exceptions (perhaps? maybe?) for well-defined and narrowly-scoped tools, done code is dead code.
So much of what we call “writing” code is actually changing, iterating on, investigating issues with, fixing, and improving code. And to do that you must not only understand the problem you’re solving but also how you’re solving it (or how you thought you were solving it) through the code you’ve already written and the code you still have to write.
So it should come as no surprise that one of the hardest things in development is understanding someone else’s code, let alone fixing it when something doesn’t work as it should. Because it’s not about knowing this programming language or that (learning a programming language is the easiest part of coding), or this framework or that, or even knowing this design pattern or that (although all of these are important prerequisites for comprehension) but understanding what was going on in someone else’s head when they wrote the code the way they wrote it to solve a particular problem.
It frankly boggles my mind that some people are advocating for automating the easy part (writing code) by exponentially scaling the difficult part (understanding how exactly someone else – in this case, a junior dev who knows all the hows of things but none of the whys – decided to solve the problem). It is, to borrow a technical term, ass-backwards.
They might as well call vibe coding duct-tape-driven development or technical debt as a service.
🤷‍♂️
JayVii posted Mar 29, 2026
Well, TIL that you can pipe tar directly into ssh. Need to play around with that a little. Maybe it overcomes the requirement to have enough space for a giant tar file on the host?
“On The Enshittification of Audre Lorde: "The Master's Tools" in Tech Discourse”
https://tarakiyee.com/on-the-enshittification-of-audre-lorde-the-masters-tools-in-tech-discourse/
> Read against the speech itself, Lorde's argument seems less concerned with whether antitrust law can break up monopolies and more with whose knowledge counts, who gets to define the problem, and what gets systematically erased when liberation movements reproduce the exclusions of the systems they are opposing.