๐๏ธ - 2026-04-02 - โบ 1
For a while I have - perhaps once or twice a month - deleted a new empty comment from one of my blogs. Created with a name and subject that seem to be a short(ish) string of random letters and digits, but usually always with a @gmail.com address.
Today Klaus pointed me to this blog post: "Your sign-up form is a weapon " - which seems to describe exactly what I have seen, even down to the strings of random letters and digits.
There is this classic spam pattern where somebody uses your email-address as the sender of a bunch of junk mail, and you get a lot of bounces - called a "Joe job". This "subscription bombing" seems similar, only the perpetrator isn't sending out bogus emails, they are doing bogus sign ups instead.
Luckily my blogs don't send out registration or subscription emails. They don't send emails at all, so my machine hasn't participated in the overwhelming of people's inboxes - all that has happened is that I have been annoyed and implemented some filtering.
I didn't guess what the comments were meant to do, so I just called my filter "Dumb bots", but it seems to be this type of attempted "subscription Joe Jobbing". The behaviour matches, even down to the attempts being rare:
2026-01-29 20:24:59 Dumb bot detected - no follow up for you
2026-02-06 12:22:00 Dumb bot detected - no follow up for you
2026-02-10 18:12:44 Dumb bot detected - no follow up for you
2026-02-13 00:16:58 Dumb bot detected - no follow up for you
2026-02-21 00:40:02 Dumb bot detected - no follow up for you
2026-02-07 11:24:14 Dumb bot detected - no follow up for you
2026-02-25 10:40:38 Dumb bot detected - no follow up for you
2026-02-27 14:23:09 Dumb bot detected - no follow up for you
2026-03-10 12:08:52 Dumb bot detected - no follow up for you
Looking at that, I can see the attempts are closer together than I thought - but I have also improved my detection in steps, so I guess my memory is of the frequency of my filter not succeeding.
๐๏ธ - 2026-03-08 - โบ 1
I finally got my act together and implemented RFC 5005: Feed Paging and Archiving support in my little blog engine Lantern.
2 files changed, 56 insertions(+), 16 deletions(-)
Woohoo!
From a cursory look it doesn't look like Text.RSS supports adding these links, so I haven't got the RSS feed updated yet. You should be using the Atom feed anyway.
๐ข๏ธ - 2026-03-03 - ๐ 2 - โบ 1
This morning at work a colleague told me that while reading r/dns on Reddit he had noticed a blog post there about a domain of mine: "Hey, I know that domain!?"
A while back in 2024 I had annoying problems with the DNS of one of my personal domains, asjo.org.
Check this out:
$ rg '^(asjo.org|x.com|telegram.org|ebay.com|intel.com|huawei.com|mozilla.net|hotmail.com|discord.com|lenovo.com|uber.com|dropbox.com|tencent.com|amazon.co.uk|python.org|booking.com|amazon.de|duckduckgo.com|slack.com|nvidia.com|oracle.com)[.]' top1K.csv
asjo.org.,652,2026-03-02
x.com.,671,2026-03-02
telegram.org.,689,2026-03-02
ebay.com.,719,2026-03-02
intel.com.,727,2026-03-02
huawei.com.,742,2026-03-02
mozilla.net.,745,2026-03-02
hotmail.com.,760,2026-03-02
discord.com.,778,2026-03-02
lenovo.com.,826,2026-03-02
uber.com.,836,2026-03-02
dropbox.com.,838,2026-03-02
tencent.com.,843,2026-03-02
amazon.co.uk.,893,2026-03-02
python.org.,906,2026-03-02
booking.com.,928,2026-03-02
amazon.de.,948,2026-03-02
duckduckgo.com.,962,2026-03-02
slack.com.,966,2026-03-02
nvidia.com.,968,2026-03-02
oracle.com.,973,2026-03-02
$
Akamai keeps a ranking of domains based on DNS data, and my domain - asjo.org - is in the top 1000, and not only that, it's above some sites that are pretty big, as you can see!
No wonder my poor home ADSL router couldn't handle the traffic and I had to defer to professionals, even after running DNS for my domains since 2016.
The Reddit post was this one: The Mystery of ASJO.ORG - 46 million DNS ANY queries for a Danish man's personal domain, from DoD address space, residential ISPs, and cloud providers across 12 countries. A two-year mystery nobody can explain - which links to a blog post by acidvegas, who contacted me a couple of days ago over email, wondering what was going on, as asjo.org queries were looking suspicious in a DNS honeypot.
I hope that somebody uncovers the cause some day - it would be fun to know.
With a domain more popular than x.com, intel.com, hotmail.com, python.org, and nvidia.com, I guess there is a pot of gold at the end of some rainbow near me now?!?
๐๏ธ - 2026-02-14 - ๐ 3 - โบ 2
It's that day of year again - during last year I deleted my Microsoft LinkedIn account, my Meta Instagram account, and my Meta Facebook account, where this annual post would also go out - usually my only activity in those places. I still run my blog and I still run a server on the fediverse, and of course I still celebrate Free Software day!
GNU Emacs, Debian GNU/Linux, Linux, Gnus, X.Org, Postfix, GHC, PostgreSQL, Firefox, Apache, ejabberd, Dovecot, git, XMonad, jabber.el, Magit, rdiff-backup, LaTeX, Gimp, VLC, Syncthing, Sakura, chrony, Fail2ban, WeeWX, DejaVu fonts, ripgrep, lirc, MPD Flameshot, lots of GNU, the list goes on and on - thanks everybody!
๐๏ธ - 2026-02-09 - โบ 1
Two of the alumni of the Mythbusters tv-show have a podcast, also a talking heads-cast on Youtube, called Mythfits. It's fun, a lot of looking back, but often a lot of fun as well.
I just saw the episode where Kari and Tory's guest is Keith Bauer, who helped with bears and other animals on Mythbusters - he tells the chimpanzee story the former Mythbusters have retold over and over again since he told them, off camera, on set, originally.
It's fascinating - his deadpan delivery and his explanations of what happened and especially why.
๐๏ธ - 2026-02-08 - ๐ 3 - โบ 2
Today I found the solution to a small annoyance I have had for a while: in general while programming I like Emacs' 'show-paren-mode', but when I use jabber.el, I don't. So I was toggling it on and off, as it's a global setting - until I learned that the solution is:
(add-hook 'jabber-chat-mode-hook (lambda ()
(show-paren-local-mode -1))
'show-paren-local-mode' been there since Emacs 28.1, released in 2021. I'm running 31. Hah!
๐ง๏ธ - 2026-01-24 - ๐ 1 - โบ 2
Today I learned that on my employers network my personal domain asjo.org is blocked by Microsoft Defender Smartscreen.
asjo.org contains my public collection of photographs, an outdated list of my music collection, and a couple of links.
On illuminant.asjo.org I have my 1 person ActivityPub server on the fediverse.
I have a hard time imagining that any of those are dangerous enough to warrant a blocking by my "organization".
It does seem that some people, especially in Asia, use asjo.org as the From address when sending spam, perhaps that's the trigger.
At some point I also had some sort of weird DNS DoS attack against my nameservers serving asjo.org, so I had to move the domain to a hosting provider who is better at handling that sort of thing than I was. Maybe that's more likely to be the trigger?
Puzzling nonetheless.
But great for my bad boy reputation at work, I'm the one with the blocked domain!
