I wonder how long it will be until they start requiring signatures for individual people.
refalo
To me, any binary I do not have the source code for is random. I have no idea what's in it and it could be doing any number of malicious things.
sudo curl
sudo random binary
Umm
Ok so effectively then this basically shifts the work from blocking IPs to blocking domains. It might slow down some smaller players, but I imagine anyone with a decent amount of money can afford an insane number of domains.
Clearly this is one of those programs that was unwittingly caught in their DEI keyword searches.
Unfortunately
Depends on how you look at it.
I think some would argue that the competition and rapid innovation garnered by companies who are more freely able to leverage existing software in capitalist society, and the products and services they bring because of it, might be a net positive for the world, in comparison to the alternative.
I think if you were to go down the path of what many FOSS zealots seem to want (not capitalism), you end up with a system that does not promote competition, and people get tired of nothing happening, and society as a whole may not progress much.
So when that gets blocked, they can just generate a new key. I don't see how this really stops anyone that wants to keep going.
you don't...
I also feel like the amount of code they had to write with the CBVs was ridiculous, and it's not the easiest thing to read.
To me, this could have been done much simpler and more readable with a plain function view.
The article starts out talking about malicious bots that DoS your site, but how would a crypto signature fix that? Couldn't the client just change the signature whenever it gets blocked?
You could just change the path in the binary to a string that's smaller than what's in there now (or the same length), and pad any unused bytes with
\0
, then symlink that path to your real binary.