No. The human effort will be at a higher level of the implementation. Like how there are only very specific use cases for hand writing assembly today.

Software hadn't consumed the world yet, so there was plenty of programming in higher languages to bring in 999 of every 1000 programmers in to when virtually no one was still needed for assembly.. I'm skeptical that there's much need for more technical specialists at the next higher levels as business people can now get all the help they were supposed to get in codeless systems, etc.

I hadn't heard of Tilt until this year. I inherited an environment with it integrated. It's a great reliable tool

totally agree

This is useful and necessary software. Keep going. This can be a wonderful demystifyer for some and a useful tool for others.

This is interesting. Operating on the edge of user space

Author here, yeah indeed. Earlier I was worried if eBPF verifier would even let me do plain integer arithmetic and then just use it as a struct pointer to an "arbitrary" kernel memory location, but it works.

Another research/testing area is whether I need to worry about memory ordering and possibly add some memory barriers, especially on ARM platform, as the eBPF task iterator passive sampler is an outside observer, periodically running on a different CPU, not injected to the context (and critical path!) of the monitored threads via tracepoints/probes.

Unacceptable, sorry this is happening. Do you know about fail2ban? You can have it automatically filter IPs that violate certain rules. One rule could be matching on the bot trying certain URLs. You might be able to get some kind of honeypot going with that idea. Good luck

They said that it is coming from different ip addresses every time, so fail2ban wouldn't help.

Amazon does publish every IP address range used by AWS, so there is the nuclear option of blocking them all pre-emptively.

https://docs.aws.amazon.com/vpc/latest/userguide/aws-ip-rang...

I'd do that, but my DNS is via route 53. Blocking AWS would block my ability to manage DNS automatically as well as certificate issuance via DNS-01.

They list a service for each address, so maybe you could block all the non-Route 53 IP addresses. Although that assumes they aren’t using the Route 53 IPs or unlisted IPs for scraping (the page warns it’s not a comprehensive list).

Regardless, it sucks that you have to deal with this. The fact that you’re a customer makes it all the more absurd.

If you only block new inbound requests, it shouldn't impact your route 53 or DNS-01 usage.

It’ll most likely eventually help, as long as they don’t have an infinite address pool.

Do these bots use some client software (browser plugin, desktop app) that’s consuming unsuspecting users bandwidth for distributed crawling?

Monitor access logs for links that only crawlers can find.

Edit: oh, I got your point now.

To prevent the effect of people picking the first zone in the list to launch resources into

Exactly this. If they didn’t do this, us-east-1a would be the biggest single point of failure the world has ever seen.

Bluesky has zero popular cultural adoption and users are already weirded out by extreme left influence on the discourse. I set a calendar to check this post in 18 months, now we wait

I happen to know the content on this blog, the tone of this article and quality of content is not usually like this. What happened?