🕚︎ - 2026-05-06 - 🟊 1 - ♺ 2
In January I added a new jail to my fail2ban configuration: apache-aibots. It's a simple regular expression match of two AI crawlers that do not respect robots.txt. Because of course they don't.
This evening I noticed that there was a bunch of hits to my demo calendar website from these AI crawlers, and they weren't getting blocked. Oh no!
I haven't figured out why fail2ban started failing me - the log file did not reveal anything, and using fail2ban-regex accesslogsnippet /etc/fail2ban/filter.d/apache-aibots.conf reported that 99 of 100 lines matched, so the regular expression is still good.
fail2ban-client status apache-aibots reported 0 IPs in jail, and 517 total banned.
So I restarted the fail2ban service, and - as you can see on the graph above - quickly 135 IPs got banned - nice!
Still haven't figured out why it failed, though, but in the future I will look at the graph when I notice the increased number of log entries scrolling by.
🕤︎ - 2026-05-01 - 🟊 1 - ♺ 3
Novonesis has an open position for a project manager and developer in the department I work in: Senior Platform Lead, (Scientific Data Applications), Novonesis, Lyngby.
If you like working with a lot of data (billions), distributed over a lot of machines (50+), processed by a cluster of even more machines (1000s of cores), with scientific stakeholders, keeping things on track and making sure we are moving in the right direction - while still getting into the subject matter, fixing things and developing software yourself (Python), don't hesitate to apply.
🕢︎ - 2026-04-18 - ♺ 2
In case you are trying out my NNTP-based blog engine Lantern with Gnus, here are some useful parameters to set on your Lantern topic/groups:
((message-syntax-checks
'((long-lines . disabled) (quoting-style . disabled)))
(posting-style (eval (auto-fill-mode -1)))
(message-shoot-gnksa-feet '(cancel-messages canlock-verify)))
I also have a hook to change the Content-Type: to text/markdown in the Lantern groups when writing:
(defun asjo-lantern-markdown-hook ()
"Insert default Content-Type in lantern groups"
(let ((group (or gnus-newsgroup-name "")))
(when (string-match "nntp.inav:lantern" group) ; Adjust this!
(message-add-header "Content-Type: text/markdown"))))
(add-hook 'message-setup-hook 'asjo-lantern-markdown-hook)
Another thing that makes it work a little smoother is switching to markdown-mode when the Content-Type of an article is text/markdown, so adding this to your ~/.gnus:
; Display text/markdown:
(require 'markdown-mode)
(defun mm-display-markdown (handle)
(mm-display-inline-fontify handle 'markdown-mode))
(add-to-list 'mm-inline-media-tests '("text/markdown" mm-display-markdown identity))
Have fun!
🕙︎ - 2026-04-02 - ♺ 1
For a while I have - perhaps once or twice a month - deleted a new empty comment from one of my blogs. Created with a name and subject that seem to be a short(ish) string of random letters and digits, but usually always with a @gmail.com address.
Today Klaus pointed me to this blog post: "Your sign-up form is a weapon " - which seems to describe exactly what I have seen, even down to the strings of random letters and digits.
There is this classic spam pattern where somebody uses your email-address as the sender of a bunch of junk mail, and you get a lot of bounces - called a "Joe job". This "subscription bombing" seems similar, only the perpetrator isn't sending out bogus emails, they are doing bogus sign ups instead.
Luckily my blogs don't send out registration or subscription emails. They don't send emails at all, so my machine hasn't participated in the overwhelming of people's inboxes - all that has happened is that I have been annoyed and implemented some filtering.
I didn't guess what the comments were meant to do, so I just called my filter "Dumb bots", but it seems to be this type of attempted "subscription Joe Jobbing". The behaviour matches, even down to the attempts being rare:
2026-01-29 20:24:59 Dumb bot detected - no follow up for you
2026-02-06 12:22:00 Dumb bot detected - no follow up for you
2026-02-10 18:12:44 Dumb bot detected - no follow up for you
2026-02-13 00:16:58 Dumb bot detected - no follow up for you
2026-02-21 00:40:02 Dumb bot detected - no follow up for you
2026-02-07 11:24:14 Dumb bot detected - no follow up for you
2026-02-25 10:40:38 Dumb bot detected - no follow up for you
2026-02-27 14:23:09 Dumb bot detected - no follow up for you
2026-03-10 12:08:52 Dumb bot detected - no follow up for you
Looking at that, I can see the attempts are closer together than I thought - but I have also improved my detection in steps, so I guess my memory is of the frequency of my filter not succeeding.
🕛︎ - 2026-03-08 - ♺ 1
I finally got my act together and implemented RFC 5005: Feed Paging and Archiving support in my little blog engine Lantern.
2 files changed, 56 insertions(+), 16 deletions(-)
Woohoo!
From a cursory look it doesn't look like Text.RSS supports adding these links, so I haven't got the RSS feed updated yet. You should be using the Atom feed anyway.
🕢︎ - 2026-03-03 - 🟊 2 - ♺ 1
This morning at work a colleague told me that while reading r/dns on Reddit he had noticed a blog post there about a domain of mine: "Hey, I know that domain!?"
A while back in 2024 I had annoying problems with the DNS of one of my personal domains, asjo.org.
Check this out:
$ rg '^(asjo.org|x.com|telegram.org|ebay.com|intel.com|huawei.com|mozilla.net|hotmail.com|discord.com|lenovo.com|uber.com|dropbox.com|tencent.com|amazon.co.uk|python.org|booking.com|amazon.de|duckduckgo.com|slack.com|nvidia.com|oracle.com)[.]' top1K.csv
asjo.org.,652,2026-03-02
x.com.,671,2026-03-02
telegram.org.,689,2026-03-02
ebay.com.,719,2026-03-02
intel.com.,727,2026-03-02
huawei.com.,742,2026-03-02
mozilla.net.,745,2026-03-02
hotmail.com.,760,2026-03-02
discord.com.,778,2026-03-02
lenovo.com.,826,2026-03-02
uber.com.,836,2026-03-02
dropbox.com.,838,2026-03-02
tencent.com.,843,2026-03-02
amazon.co.uk.,893,2026-03-02
python.org.,906,2026-03-02
booking.com.,928,2026-03-02
amazon.de.,948,2026-03-02
duckduckgo.com.,962,2026-03-02
slack.com.,966,2026-03-02
nvidia.com.,968,2026-03-02
oracle.com.,973,2026-03-02
$
Akamai keeps a ranking of domains based on DNS data, and my domain - asjo.org - is in the top 1000, and not only that, it's above some sites that are pretty big, as you can see!
No wonder my poor home ADSL router couldn't handle the traffic and I had to defer to professionals, even after running DNS for my domains since 2016.
The Reddit post was this one: The Mystery of ASJO.ORG - 46 million DNS ANY queries for a Danish man's personal domain, from DoD address space, residential ISPs, and cloud providers across 12 countries. A two-year mystery nobody can explain - which links to a blog post by acidvegas, who contacted me a couple of days ago over email, wondering what was going on, as asjo.org queries were looking suspicious in a DNS honeypot.
I hope that somebody uncovers the cause some day - it would be fun to know.
With a domain more popular than x.com, intel.com, hotmail.com, python.org, and nvidia.com, I guess there is a pot of gold at the end of some rainbow near me now?!?
🕝︎ - 2026-02-14 - 🟊 3 - ♺ 2
It's that day of year again - during last year I deleted my Microsoft LinkedIn account, my Meta Instagram account, and my Meta Facebook account, where this annual post would also go out - usually my only activity in those places. I still run my blog and I still run a server on the fediverse, and of course I still celebrate Free Software day!
GNU Emacs, Debian GNU/Linux, Linux, Gnus, X.Org, Postfix, GHC, PostgreSQL, Firefox, Apache, ejabberd, Dovecot, git, XMonad, jabber.el, Magit, rdiff-backup, LaTeX, Gimp, VLC, Syncthing, Sakura, chrony, Fail2ban, WeeWX, DejaVu fonts, ripgrep, lirc, MPD Flameshot, lots of GNU, the list goes on and on - thanks everybody!
