Drew Chadwick DeVault / ddevault / SirCmpwn - Opinionated white-male-guilt-ridden software developer. Cancelled Hyprland and slandered it as "toxic" and transphobic. Hates X11 users and Hacker News. Lolicon.

[Rusty Metal Skull Gun]

Whatever Drew did, Cogent is very unhappy. Did someone start uploading PDFs of the ongoing Cogent lawsuits to the repository?
They're blocking 128 IP addresses just to make sure he's not on the Internet apparently.

Spoiler: BGP Sperging

This is a /25, 128 IP addresses and contains the address for sr.ht and others, but possibly also other customers.

Thu Jan 11 16:50:43.896 UTC
BGP routing table entry for 173.195.146.128/25
Versions:
  Process           bRIB/RIB  SendTblVer
  Speaker           39983847    39983847
Last Modified: Jan 11 14:09:36.020 for 02:41:08
Paths: (1 available, best #1)
  Advertised IPv4 Unicast paths to peers (in unique update groups):
    38.5.4.117
  Path #1: Received by speaker 0
  Advertised IPv4 Unicast paths to peers (in unique update groups):
    38.5.4.117
  Local
    10.255.255.255 from 154.54.66.234 (66.28.1.170)
      Origin IGP, metric 0, localpref 150, valid, internal, best, group-best, import-candidate
      Received Path ID 0, Local Path ID 1, version 39983847
      Community: 174:990 174:20912 174:21001 65535:666
      Originator: 66.28.1.170, Cluster list: 154.54.66.234, 66.28.1.31

Note that line "Local" where they send all the traffic off to nowhere(10.255.255.255)

The line for the overarching network(a /20) looks normal

  17185
    38.104.111.122 (metric 7050) from 154.54.66.234 (154.26.2.114)

I don't know much about BGP, but I thought /24 was the smallest IPv4 prefix?

 

[DavidS877]

I don't know much about BGP, but I thought /24 was the smallest IPv4 prefix?

/24 is the smallest you can advertise to the world outside your own network. Inside your network you can go as small as you want.
So this is a view from a Cogent router, not an outside one, who would only see the /20 I think that this is a part of.
So, they advertise the whole /20 to the Internet and when that /25 gets inside their network they mark it to be dropped. Presumably just like they've been doing for KF, which may be a /31 or /32 dropped.

 

[Big Joe]

I only knew of Drew because of Source Hut. I’ve never liked hosting my free software projects on GitHub (non free, and owned by Microsoft, one of the greatest enemies free software ever had). So the idea of a free alternative sounded great. I realised something was amiss when Source hut started discriminating against projects based on field of endeavour but I had no idea the guy was such a total wack job. Kiwifarms really is providing a vital service by making this stuff known.

Are there any free alternatives to GitHub that are run by good people? Are there even any good people left in the free software movement? The only ones who appear to lead projects and have successful careers are those like Drew, while those like RMS have been forgotten and abandoned.

 

[LanceHaver]

I only knew of Drew because of Source Hut. I’ve never liked hosting my free software projects on GitHub (non free, and owned by Microsoft, one of the greatest enemies free software ever had). So the idea of a free alternative sounded great. I realised something was amiss when Source hut started discriminating against projects based on field of endeavour but I had no idea the guy was such a total wack job. Kiwifarms really is providing a vital service by making this stuff known.

Are there any free alternatives to GitHub that are run by good people? Are there even any good people left in the free software movement? The only ones who appear to lead projects and have successful careers are those like Drew, while those like RMS have been forgotten and abandoned.

GitLab? I haven't heard any bad things about them, and its gotten more popular.

 

[DavidS877]

Are there any free alternatives to GitHub that are run by good people? Are there even any good people left in the free software movement? The only ones who appear to lead projects and have successful careers are those like Drew, while those like RMS have been forgotten and abandoned.

I know Dear Sneeder uses "gitgud.io" for some stuff.
I don't know if that's an endorsement or not.

 

[Cukimoo]

Drew has made a statement about the SourceHut outage.

In it, he also alleges that the SourceHut DDoS caused a Temporary Hackernews Death on the 10th, as well as the service disruptions at Codeberg potentially being collateral damage caused by Sourcehut's status page being hosted there:

We have seen some collateral damage as well. You may have noticed that Hacker News was down on January 10th; we believe that was ultimately due to Cogent’s heavy handed approach to mitigating the DDoS targetting SourceHut (sorry, HN, glad you got it sorted). Last night, a non-profit free software forge, Codeberg, also became subject to a DDoS, which is still ongoing and may be caused by the same actors. This caused our status page to go offline – Codeberg has been kind enough to host it for us so that it’s reachable during an outage – we’re not sure if Codeberg was targetted because they hosted our status page or if this is part of a broader attack on free software forge platforms.

This static page is hosted on some OVH VPS I assume he spun up just for this. I somehow fail to see the irony having to set up a throwaway VPS to get a message out when your other servers are blackholed, but maybe someone else can make a connection.

 

[LanceHaver]

we’re not sure if Codeberg was targetted because they hosted our status page or if this is part of a broader attack on free software forge platforms.

Is he really that important?

 

[AnOminous]

Is he really that important?

More like does anyone hate him enough to do this. I think pretty much anyone who has had to deal with this obnoxious autistic cocksucker has to hate his guts.

 

[Rusty Metal Skull Gun]

The name (((Codeberg))) always makes me laugh. It sounds like something that /pol/ would come up with.

 

[UERISIMILITUDO]

Are there any free alternatives to GitHub that are run by good people?

I host my software by myself, and don't bother with git and other silly things. My suggestion is to do as I do.

Drew has made a statement about the SourceHut outage.

This kind of thing will keep happening, and become more frequent, until the Internet moves away from TCP, which is fundamentally flawed. The only way by which Google, Cloudflare, MicroSoft GitHub, and other large corporations don't fall victim to the same attacks is through use of overwhelming resources. Cloudflare in particular is like a corporate and centralized version of one other solution, which is widespread mirroring of cryptographically-signed information. That, of course, only works well for passive information, and not something like a forum.

 

[Big Joe]

This kind of thing will keep happening, and become more frequent, until the Internet moves away from TCP, which is fundamentally flawed.

I used to work doing research in this field, and I saw many proposals to mitigate DDOS. (Mostly modifying or extending TCPIP, not replacing it completely). The real problem IMO that control of the net was ceded away from the researchers who designed it and control was given to private companies in the 90s. So no matter what we came up with after that didn’t matter. We might, if we were very lucky, get some improvement made to Linux’s network stack. But not many end users are running Linux. And if it didn’t increase the profits of the companies who own the backbones they certainly wouldn’t enable it on their routers.

I think we were very naive when the net first became popular. We thought that the new technology itself was solving the problems of human inequality. We had a few years of empowerment and freedom. But in reality the governments and corporations that controlled every other aspect of life simply hadn’t noticed it yet. Now they have, and they’ve made it into what we have now, and they aren’t ever going to let us change it.

 

[UERISIMILITUDO]

I used to work doing research in this field, and I saw many proposals to mitigate DDOS. (Mostly modifying or extending TCPIP, not replacing it completely).

I've read the original TCP/IP design documents, and the shame is that its design made perfect sense at the time when the Internet was truly between other networks. Still, changing TCP in any way may as well result in something entirely new instead.

So no matter what we came up with after that didn’t matter.

An acquaintance of mine has been working on a P2P Internet overlay network based on UDP, and with no dependence on the DNS or other garbage. I've been planning to make a thread about it here, once I finish an implementation. We can talk about it in PMs if there be any interest. It's a nice design.

But not many end users are running Linux.

It's not an option for Null, but anyone who can should disregard the opinions of the niggercattle, because it is truly impossible to fight these design flaws within the constraints of something like the WWW.

 

[Rusty Metal Skull Gun]

It's the third(?) day since SourceHut went down, and it's still not up: https://outage.sr.ht/, https://archive.is/JZ4E0. Drew is shockingly bad at what he does.

Choice bits...

Current service availability, subject to DNS propagation delays

His TTL is still 12 hours. FFS Drew, put it down to 1 hour until you get everything sorted.

Note that our new transit solution utilizes end-to-end encryption such that traffic between you and SourceHut is received and processed directly by our colocated servers and is not handled in plaintext by third-parties.

Doesn't bode well for his security that he wasn't doing this already...

We have established a temporary IP address for serving custom domains using apex records. Users can change their apex record to the following IP address to restore read-only pages service:

@ IN A 141.95.4.185

Note that we may change this IP address in the future. You will be notified by email if later changes are required for your domain.

Drew, learn what CNAME records are. And IPv6, come to that.
EDIT: Okay, apparently you can't have CNAMEs at the apex. Still, there must be a better way of doing this.

In our emergency planning models, we have procedures in place for many kinds of eventualities. What has happened this week is essentially our worst-case scenario: “what if the primary datacenter just disappeared tomorrow?” We ask this question of ourselves seriously, and make serious plans for what we’d do if this were to pass, and we are executing those plans now – though we had hoped that we would never have to.

Well, you have a backup site, and make provisions for a transparent rollover to that... none of which seems to have happened. This is not a company that I would trust with my data.

 

[Tealeaf]

I think we were very naive when the net first became popular.

There’s a very thin line between naivety and practicality. If you have an obviously useful technology in your hands, proliferating it in its imperfect form as fast as possible can easily outweigh the gains of waiting to make it a little bit closer to perfection.

Clearly since the Internet is still around, any fundamental issues and shortcomings with its design have been manageable. If anything, it is unreasonably robust for what it is.

 

[Anasûrimbor Kellhus]

Just came here to say I worked with Drew for like two years or so at Linode

I was an acquaintance of his a loooong time ago so its very surreal for me to see this thread. he caused a lot of problems for himself with his own behavior and seeing the OP is sad to see how bad its gotten. I'll leave it at that as I don't wish to powerlevel.

 

[DavidS877]

As was pointed out, SourceHut is all down, subject to apparently finding a DDoS shielding provider.
I'm rather curious who they pissed off. I know who KF pisses off, but what's going on with SourceHut.


I was reviewing the HackerNews thread and who popped up, but our favorite cow.

https://news.ycombinator.com/item?id=38966035

https://archive.is/TjxoX

 

[AnOminous]

I'm rather curious who they pissed off. I know who KF pisses off, but what's going on with SourceHut.

It seriously could be anyone who Drew has been an utter cunt to, which is to say anyone who has ever interacted with this autistic asshole.

 

[Coolio55]

I worked with Drew for like two years or so at Linode.

Has drew ever apologized for personally keeping kiwifarms up? I know it was 2014 but the holocaust is almost a century away and that wasn't OK.

 

[Lord of the Large Pants]

The name (((Codeberg))) always makes me laugh. It sounds like something that /pol/ would come up with.

I imagine it being the name of some large-nosed Project Manager/Scrum Master.

 

[Panzerfrau]

m rather curious who they pissed off. I know who KF pisses off, but what's going on with SourceHut.

Calculator forums finally taking their revenge.