> how can you ignore all of these bounces from a provider thats likeliest to be the major one you are sending to?
This is the major issue that most of the discussion is missing. It doesn't matter how you want to interpret the word SHOULD, if you want to send to google workspace, you MUST include a message-id. It's not like this is some fly-by-night server with 12 clients.
If you absolutely and completely don't want to include the message-id, then you need to have a warning that your service can't be used by Google Workspace customers. This used to be common practice, blocking communication to servers that behaved badly, and I sort of wish we'd bring it back.
The amount of fossil fuels that a working class individual burns are a rounding error compared to what big companies burn. How many private jets are in the air right now? Even if you drive the most energy inefficient truck ever produced, run your home HVAC at max, and buy gasoline just to burn in your back yard, you will never measure up. It's like saying we need to dry the oceans, so you should stop peeing in it.
> if you drive the most energy inefficient truck ever produced
Sorry, but how was that truck produced? Where did the energy to make it come from? How was your home built, where did the energy come from? Where did the materials come from? How did the workers come to the job? What did they eat, and what do you eat? Do you go to an office? How was it built? How do you and your colleagues get there? Do your children go to school? Do you go to hospitals when you're sick? Etc.
I don't understand. Your HTTPS server was being hammered so you stopped serving Git? That doesn't make any sense at all, if it's a private server, why not just turn off the web frontend?
The most surefire way would be to put a device between your router and your ONT/modem to capture the packets and see what requests are being sent. It's not complicated but it IS a lot of information to sift through.
Your router may have the ability to log requests, but many don't, and even if yours does, if you're concerned the device may be compromised, how can you trust the logs?
BUT, with all that said, these attacks are typically not very sophisticated. Most of the time they're searching for routers at 192.168.1.1 with admin/admin as the login credentials. If you have anything else set, you're probably good from 97% of attackers (This number is entirely made up, but seriously that percentage is high). You can also check for security advisories on your model of router. If you find anything that allows remote access, assume you're compromised.
---
As a final note, it's more likely these days that the devices running these bots are IoT devices and web browsers with malicious javascript running.
like i mentioned in another comment, do you really need good resolution for gait analysis? You also have people carrying their phones inside the house all the time, so you know what bssid is associated with that coarse movement. and if you have access to their ap/router combo, you can tell what IP that device has and what domains it's been visiting.
Let's say you visit a friend in a different city, the same ISP controlling their router, can use your mac, but even if you turn off your wifi or leave your phone in your car, your volume profile and gait can betray you. how you sit, how you lean, how you turn. I'd wager, if 6-10 distinct "points" can be made out and associated with a person, that's all that's needed to uniquely identify that person after enough analysis of their motion, regardless of where they go in the world.
Imagine if they're not using one AP, but using your neighbors AP as well, two neighbor APs and your own can triangulate and refine much better.
> In China cameras use your gait to automatically ticket you for J-walking and automatically deduct funds from your bank account. I’ve read that before at least.
China is a huge place with a population larger than the entire western world combined, so I don't doubt something like that could be happening somewhere. Maybe it was a tech demo?
However in general that is not a thing. If you pick any of China's megacities and walk down a street it will take you all of 5 seconds to realize how absolutely not a thing that is. Jaywalking is rampant, so obviously there's efforts to crack down on it, but I've yet to see anyone be shy about it around cameras*.
* And cameras really are everywhere. Though I suspect a lot are closer to a decorative prop for deterrence than a surveillance tool.
"If I have nothing to hide I have nothing to fear" eh?
What a colossally bad thing to do for personal privacy. Yes let's give governments the ability to spot and pick up anyone they want for any reason under the guise of 'criminality'. ICE or the SS would have a field day.
I guess people better keep their mouth shut if they know what is good for them??
It applies to the sensor size as well. Such as you need a 3m sensor to get 100px per radian, under ideal circumstances, unless I'm mistaken. (I think I'm not)
> no one wants to either host their own server, nor pay someone to host it for them.
I hear this every time anyone brings up a federated chat/social media/anything service, and I just don't get it. If you don't want to host it, don't. There are plenty of servers out there, and a lot of them are free. Yeah, you have to trust the person hosting it, but why is that only a problem for federated services?
- are willing mostly to harvest data at scale, mostly for ad target or whatever political agenda owner that can pay bills
- will make big breaking changes only if more money is expected in a some quarters
The local/small benevolent geeks:
- aren’t entangled into micro-management policies and might just be logging everything to target individual as seen relevant by someone that could be whatever evil profile one can think of
- are possibly going to do their best for free, but could well end the experiment tomorrow without prior warning as they burn out into a growing discontent user base despite best efforts (and few to no recognition for that), or simply because they found a new hobby to spend attention to
And of course hosting all at home is taking the burden on one self. For people in IT, that might be something affordable, but otherwise this is like baking your own bread, sewing your own garment, producing and storing your own electricity, cultivate your own garden. Yes all of them are doable by an individual, especially those already proficient in the field. But obviously, this is not going to scale easily, and it’s not the general tendency of most contemporary societies. Doing otherwise would require humankind to make a giant leap in civilization tendencies.
No but hosting a small server is much more manageable financially than hosting the whole world. One geek can host hundreds of people for pocket change.
There are two things: trusting the person's intentions and trusting the person's competence. Federation makes both problems worse, because you need to trust an unbounded number of organizations rather than a single organization. Even if you take it for granted that I trust all of those orgs intentions, there's no way they are as competent as the multimillion and multibillion dollar organizations running the big names.
You may notice that this is the way writing papers works in undergraduate courses. It's just another in a long line of examples of MBA tech bros gleaning an extremely surface-level understanding of a topic, then decided they're experts.
This is the major issue that most of the discussion is missing. It doesn't matter how you want to interpret the word SHOULD, if you want to send to google workspace, you MUST include a message-id. It's not like this is some fly-by-night server with 12 clients.
If you absolutely and completely don't want to include the message-id, then you need to have a warning that your service can't be used by Google Workspace customers. This used to be common practice, blocking communication to servers that behaved badly, and I sort of wish we'd bring it back.
reply