Most confusing is how the majority of US people doesn't seem to see any of that while the rest of the world is fully aware that this is exactly what just happened.
As an US American living outside the US and just spending last week at a tech conference with nearly no US Americans there; this subject was pretty popular to overhear. Essentially, people are asking whether anyone should take the US seriously anymore, as a tourist destination, a place to continue career/education, a political ally, etc.
The gist was that the US is cooked from a reputation point of view. Whether that has any meaningful impact is yet to be seen.
Don't forget: as a tech partner. It's all momentum right now, and true, there is a lot of that. But lots of little conservative decisions are beginning to add up.
Who cares what people asking? America's reputation has long been built on the fact that America has the largest economy, the largest army, and does whatever the f.сk it wants.
The thing is that "does whatever the f*ck it wants" might have negative consequence in regards to "America has the largest economy". If the current GDP growth trends continue, it looks that China will surpass the America on this front unless there are significant changes in either country.
Why would they go there? Well, except in situations where they're not needed in America due to a lack of talent?
People don't go to America because the American president is a charming and polite gentleman. They go there because a talented factory worker can easily make 150k a year, and a talented software engineer 500k a year.
And what does Europe offer to those people? One and a half times a cashier's salary and commuting to work by eco-friendly bike? Seriously?
I make about half of what I did in the US, but take home more money. Insurance is cheap, no expensive healthcare, no car insurance, no car payment, childcare is subsidized and basically free, all other insurance is <4% of what I paid in the US, etc. Home is expensive, compared to what you get in the US, but payment is about the same.
All that in the US was over 7-8k a month of my paycheck, gone. I get all of that for less than 2k a month.
Let’s not even discuss how advanced the EU banking system is compared to the US… although it has been a few years since I’ve been back, so maybe it has gotten better?
In any case, the EU offers good jobs and a work/life balance you usually can’t find in the US, with smart people that you also usually can’t find in the US. It does have its warts, but it also isn’t candy mountain.
Well, in my case about 4 times a cashier’s salary (but really a cashier should be able to afford a good life too), and my kids can bike around so I don’t have to be their taxi and they aren’t stuck at home. Also a functioning democracy.
Germany never becomes the scientific and mathematical hub of the world as it once was. And it won't for the foreseeable future. So yeah, 100 years is on the optimistic side.
This is an under-rated point. Prior to WWII, most people pursuing doctorates in scientific fields learned (at least a little) German. Because German was the language of science.
Not anymore.
I fear that we're all going to need to learn Chinese.
You may recall the Germans were forced by the allies to restore their credibility. Many hanged as a result. So if you ask me if the Americans are capable of fixing this problem themselves, my answer is no.
Do you understand how flat and wartorn they were? Do you wish the same for the US?
If you are willing to take such extreme shortcuts then you can emulate the new Germany.
If not then understand that trust is a fickle thing. Quick to erode and hard to rebuild. What one administration detroys cannot simply be reinstated by the next.
Maybe 100 is a bit hyperbole. But at least 50. Being a neighbor to Germany I can assure you the reconciliation was not "quick" for us to be fully restored. And we still shiver when we follow Musks friends in Germany.
I love and is impressed with Germany and Germans. But it has not been an easy path for them.
Nothing good has ever come from Europe when we lean too far to the right. Be careful in what lessons you choose to take from us.
Exactly this. The EU has shown what happens when you let a minority run amok with the keys to the weapons locker. The scars are still plentiful and even if the last of the eyewitnesses are dying we are still steeped in the lore of the lead-up, the middle of and the aftermath of World War II. That Germany is seeing a resurgence of this is at least as scary as seeing how many other countries are easily programmed to start their march to the drumbeat of Nazi or ersatz ideology, only with slightly different scape-goats. For now it is not quite enough to tip the balance but that could happen at any moment. I hope we'll see the last of the bullet holes in the buildings patched before we start making new ones. That's the one use I have for russia right now: they seem to help us remember and it seems to serve as a uniting force.
Russia is neither the primary instigator nor benefactor of our dysfunction, and wishes it had 1/100th the influence over our elections that Israel does. This narrative never made any sense to me.
Some have spent 2x more money than Israel. Israel is 10th. I haven't heard anybody around me mention Liberia or the Marshall Islands, maybe a handful of times in my life.
These are the top 10 Foreign Principals from 2016 - 2024.
Foreign Principal Total Spending
1. Government of Liberia $350,486,671
2. Government of the Marshall Islands $283,901,646
3. Government of China $277,692,350
4. Japan External Trade Organization $277,638,402
5. Government of Saudi Arabia $238,415,218
6. Government of Bermuda $192,046,623
7. Barzan Holdings $155,775,778
8. ANO TV-Novosti $147,069,172
9. Government of the Bahamas $136,148,426
10 Government of Ireland $132,165,695
No Israeli principal in the top 10. It's obfuscated but Russia is in there (ANO TV-Novosti) and Qatar (Barzan Holdings).
Also, in the link you shared of "Industries", Israel is 7th in single issue. Some of the issues 1-6 have 10x levels of money spent. I wish it were broken down even more. I'm most interested in what makes up "miscellaneous issues".
Sure, maybe you're right, and the foreign countries purchasing our politicians is a much larger problem than just the one that Israel presents (though, I'm rather skeptical in terms of actual impact on foreign policy and on who gets elected in our country). I still don't think Russia deserves much mention in terms of election interference; they gotta step up their game if they want to compete.
do you think these are comparable? are you equating lobbying to the infiltration of government systems or coordinated efforts by Russian assets inside a campaign team to influence elections?
Consider how many of our politicians and administration officials have Russian heritage, on both sides of the isle, and it starts to make more sense. For that reason one should be careful spreading anti-Russianism on the net given the more aggressive policing our Russian overlords anre adopting over hate speech.
We solved a lot of our problems by blocking all Chinese ASNs. Admittedly, not the friendliest solution, but there were so many issues originating from Chinese clients that it was easier to just ban the entire country.
It's not like we can capitalize on commerce in China anyway, so I think it's a fairly pragmatic approach.
There's some weird ones you'd never think of that originate an inordinate amount of bad traffic. Like Seychelles. A tiny little island nation in the middle of the ocean inhabited by... bots apparently? Cyprus is another one.
Re: China, their cloud services seem to stretch to Singapore and beyond. I had to blacklist all of Alibaba Cloud and Tencent and the ASNs stretched well beyond PRC borders.
There is a Chinese player that has taken effective control of various internet-related entities in the Seychelles. Various ongoing court-cases currently.
So the seychelles traffic is likely really disguised chinese traffic.
I don't think these are "Chinese players" and is linked to [1], although it may be that the hands changed many times that the IP addresses have been leased or bought by Chinese entities.
They're referring to the fact that Chinese game companies (Tencent, Riot through Tencent, etc.) all have executables of varying levels of suspicion (i.e. anti-cheat modules) running in the background on player computers.
Then they're making the claim that those binaries have botnet functionality.
They can exploit local priviledge escalation flaws without "RCE".
And you are right, kernel anti-cheat are rumored to be weaponized by hackers, and making the previous even worse.
And when the kid is playing his/her game at home, if daddy or mummy is a person of interest, they are already on the home LAN...
Well, you get the picture: nowhere to run, orders of magnitude worse than it was before.
Nowadays, the only level of protection the administrator/root access rights give you, is to mitigate any user mistake which would break his/her system... sad...
If you IP block all of China then run a resolver the logs will quickly fill with innocuous domains with NS entries that are blocked. Add those to a dns block list then add their ASN to your company IP block list. Amazing how traffic you don’t want plummets.
The Seychelles has a sweetheart tax deal with India such that a lot of corporations who have an India part and a non-India part will set up a Seychelles corp to funnel cash between the two entities. Through the magic of "Transfer Pricing"[1] they use this to reduce the amount of tax they need to pay.
It wouldn't surprise me if this is related somehow. Like maybe these are Indian corporations using a Seychelles offshore entity to do their scanning because then they can offset the costs against their tax or something. It may be that Cyprus has similar reasons. Istr that Cyprus was revealed to be important in providing a storefront to Russia and Putin-related companies and oligarchs.[2]
So Seychelles may be India-related bots and Cyprus Russia-related bots.
Ignore the trolls. Also, if they are upset with you they should focus their vitriol on me. I block nearly all of BRICS especially Brazil as most are hard wired to not follow even the simplest of rules, most data-centers, some VPN's based on MSS, posting from cell phones and much more. I am always happy to give people the satisfaction of down-voting me since I use uBlock to hide karma.
I’m not claiming everyone pronounces it that way. But he’s an ero, we need to find an ospital, ninety miles an our. You will find government documents and serious newspapers that refer to an hospital.
Likewise, when I was at school, many of my older teachers would say things like "an hotel" although I've not heard anyone say anything but "a hotel" for decades now. I think I've heard "an hospital" relatively recently though.
Weirdly, in certain expressions I say "before mine eyes" even though that fell out of common usage centuries ago, and hasn't really appeared in literature for around a century. So while I wouldn't have encountered it in speech, I've come across enough literary references that it somehow still passed into my diction. I only ever use it for "eyes" though, never anything else starting with a vowel. I also wouldn't use it for something mundane like "My eyes are sore", but I'm not too clear on when or why I use the obsolete form at other times - it just happens!
It all comes down to how the word is pronounced but it's not consistent. 'H' can sound like it's missing on not. Same with other leading consonants that need an 'an'. Some words can go both ways.
My own shitty personal website that is so uninteresting that I do not even wish to disclose here. Hence my lack of understanding of the down-votes for me doing what works for my OWN shitty website, well, server.
In fact, I bet it would choke on a small amount of traffic from here considering it has a shitty vCPU with 512 MB RAM.
Personal sites are definitely interesting, way more interesting than most of the rest of the web.
I was thinking I would put your site into archive.org, using ArchiveBot, with reasonable crawl delay, so that it is preserved if your hardware dies. Ask on the ArchiveTeam IRC if you want that to happen.
It is a public git repository for the most part, that is the essence of my website, not really much writings besides READMEs, comments in code and commits.
A public git repository is even more interesting, for both ArchiveTeam Codearchiver, and Software Heritage. The latter offers an interface for saving code automatically.
After initial save, do they perform automatic git pulls? What happens if there are potential conflicts? I wonder how it all works behind the surface. I know I ran into issues with "git pull --all" before, for example. Or what if it is public software that is not mine? I saved some git repositories (should I do .tar.gz too for the same project? Does it know anything about versions?).
On Software Heritage: for forges (GitLab, cgit etc), every couple of months SWH lists all repos, pulls new/updated ones. I think if you save an individual repo, it gets pulled later too, but I'm not sure of the schedule. They have custom tooling (open source) for doing the importing of repos, tarballs and other things. They deduplicate on the backend, so if you cloned some repos then the files/commits that are shared between them are saved once. They import the git tags (and other refs) too.
ArchiveTeam Codearchiver is quite a bit different, it does one-shot archiving of repos into VCS-native export formats, like git bundles. There is some deduplication based on commit hashes I think.
Thanks, appreciate it. I would hope so. I do not care about down-votes per se, my main complaint is really the fact that I am somehow in the wrong for doing what I deem is right for my shitty server(s).
ucloud ("based in HK") has been an issue (much less lately though), and I had to ban the whole digital ocean AS (US). google cloud, aws and microsoft have also some issues...
hostpapa in the US seems to become the new main issue (via what seems a 'ip colocation service'... yes, you read well).
its not weird
.its companies putting themselves in places where regulations favor their business models.
it wont be all chinese companies or ppl doing the scraping. its well known that a lot of countries dont mind such traffic as long as it doesnt target themselves or for the west also some allies.
laws arent the same everywhere and so companies can get away with behavior in one place which seem almost criminal in another.
and what better place to put your scrapers than somewhere where there is no copyright.
russia also had same but since 2012 or so they changed laws and a lot of traffic reduced. companies moved to small islands or small nation states (favoring them with their tax payouts, they dont mind if j bring money for them) or few remaining places like china who dont care for copyrights.
its pretty hard to get really rid of such traffic. you can block stuff but mostly it will just change the response your server gives. flood still knockin at the door.
id hope someday maybe ISPs or so get more creative but maybe they dont have enough access and its hard to do this stuff without the right access into the traffic (creepy kind) or running into accidentally censoring the whole thing.
We solved a similar issue by blocking free user traffic from data centres (and whitelisted crawlers for SEO). This eliminated most fraudulent usage over VPNs. Commercial users can still access, but free just users get a prompt to pay.
CloudFront is fairly good at marking if someone is accessing from a data centre or a residential/commercial endpoint. It's not 100% accurate and really bad actors can still use infected residential machines to proxy traffic, but this fix was simple and reduced the problem to a negligent level.
If it works for my health insurance company, essentially all streaming services (including not even being able to cancel service from abroad), and many banks, it’ll work for you as well.
Surely bad actors wouldn’t use VPNs or botnets, and your customers never travel abroad?
And across the water, my wife has banned US IP addresses from her online shop once or twice. She runs a small business making products that don't travel well, and would cost a lot to ship to the US. It's a huge country with many people. Answering pointless queries, saying "No, I can't do that" in 50 different ways and eventually dealing with negative reviews from people you've never sold to and possibly even never talked to... Much easier to mass block. I call it network segmentation. She's also blocked all of Asia, Africa, Australia and half of Europe.
The blocks don't stay in place forever, just a few months.
Google Shopping might be to blame here, and I don't at all blame the response.
I say that because I can't count how many times Google has taken me to a foreign site that either doesn't even ship to the US, or doesn't say one way or another and treat me like a crazy person for asking.
As long as your customer base never travels and needs support, sure, I guess.
The only way of communicating with such companies are chargebacks through my bank (which always at least has a phone number reachable from abroad), so I’d make sure to account for these.
No, outside the US, both Visa and Mastercard regularly side with the retailer/supplier. If you process a chargeback simply because a UK company blocks your IP, you will be denied.
Visa and Mastercard aren't even involved in most disputes. Almost all disputes are settled between issuing and acquiring bank, and the networks only step in after some back and forth if the two really can't figure out liability.
I've seen some European issuing banks completely misinterpret the dispute rules and as a result deny cardholder claims that other issuers won without any discussion.
> Visa and Mastercard aren't even involved in most disputes. Almost all disputes are settled between issuing and acquiring bank, and the networks only step in after some back and forth if the two really can't figure out liability.
Yes, the issuing and acquiring banks perform an arbitration process, and it's generally a very fair process.
We disputed every chargeback and post PSD2 SCA, we won almost all and had a 90%+ net recovery rate. Similar US businesses were lucky to hit 10% and were terrified of chargeback limits.
> I've seen some European issuing banks completely misinterpret the dispute rules and as a result deny cardholder claims that other issuers won without any discussion.
Are you sure? More likely, the vendor didn't dispute the successful chargebacks.
I think you might be talking about "fraudulent transaction/cardholder does not recognize" disputes. Yes, when using 3DS (which is now much more common at least in Europe, due to often being required by regulation in the EU/EEA), these are much less likely to be won by the issuer.
But "merchant does not let me cancel" isn't a fraud dispute (and in fact would probably be lost by the issuing bank if raised as such). Those "non-fraudulent disagreement with the merchant disputes" work very similarly in the US and in Europe.
No, you're just wrong here. Merchant doesn't let me cancel will almost always be won by the vendor when they demonstrate that they do allow cancellations within the bounds of the law and contracts. I've won many of these in the EU, too (we actually never lost a dispute for non-compliance with card network rules, because we were _very_ compliant).
I can only assume you are from the US and are assuming your experience will generalise, but it simply does not. Like night and day. Most EU residents who try using chargebacks for illegitimate dispute resolution learn these lessons quickly, as there are far more card cancellations for "friendly fraud" than merchant account closures for excessive chargebacks in the EU - the polar opposite of the US.
And have you won one of these cases in a scenario where the merchant website has a blanket IP ban? That seems very different from cardholders incapable of clicking an “unsubscribe” button they have access to.
Only via the original method of commerce. An online retailer who geoblocks users does not have to open the geoblock for users who move into the geoblocked regions.
I have first-hand experience, as I ran a company that geoblocked US users for legal reasons and successfully defended chargebacks by users who made transactions in the EU and disputed them from the US.
Chargebacks outside the US are a true arbitration process, not the rubberstamped refunds they are there.
> Chargebacks outside the US are a true arbitration process, not the rubberstamped refunds they are there.
What's true is that in the US, the cardholder can often just say "I've never heard of that merchant", since 3DS is not really a thing, and generally merchants are relatively unlikely to have compelling evidence to the contrary.
But for all non-fraud disputes, they follow the same process.
As commented elsewhere, you're just wrong. It's a significant burden of proof for a cardholder to win a dispute for non-compliance with card network rules and it very rarely happens (outside of actual merchant fraud, which is much rarer in the EU).
Again, you're not aware of the reality outside the US.
> It's a significant burden of proof for a cardholder to win a dispute for non-compliance with card network rules
That's true, but "fraud" and "compliance" aren't the only dispute categories, not by far.
In this case, using Mastercard as an example (as their dispute rules are public [1]), the dispute category would be "Refund not processed".
The corresponding section explicitly lists this as a valid reason: "The merchant has not responded to the return or the cancellation of goods or services."
> Again, you're not aware of the reality outside the US.
Repeating your incorrect assumption doesn't make it true.
a) a Refund Not Processed chargeback is for non-compliance with card network rules,
and b), When the merchant informed the cardholder of its refund policy at the time of purchase, the cardholder must abide by that policy.
We won these every time, because we had a lawful and compliant refund policy and we stuck to it. These are a complete non-issue for vendors outside the US, unless they are genuinely fraudulent.
Honestly, I think you have no experience with card processors outside the US (or maybe at all) and you just can't admit you're wrong, but anyone with experience would tell you how wrong you are in a heartbeat. The idea you can "defeat" geoblocks with chargebacks is much more likely to result in you losing access to credit than a refund.
Are you even trying to see things from a different perspective, or are you just dead set on winning an argument via ad hominems based on incorrect assumptions about my background?
It's quite possible that both of our experiences are real – at least I'm not trying to cast doubt on yours – but my suspicion is that the generalization you're drawing from yours (i.e. chargeback rules, or at least their practical interpretation, being very different between the US and other countries) isn't accurate.
Both in and outside the US, merchants can and do win chargebacks, but a merchant being completely unresponsive to cancellation requests of future services not yet provided (i.e. not of "buyer's remorse" for a service that's not available to them, per terms and conditions) seems like an easy win for the issuer.
> Are you even trying to see things from a different perspective, or are you just dead set on winning an argument via ad hominems based on incorrect assumptions about my background?
I'm very open to a different perspective if it's grounded in reality. I'm only judging you on your comments, which to date have been factually inaccurate (to the point that I wonder if you're trolling?),
> Both in and outside the US, merchants can and do win chargebacks,
At vastly different rates (~10% vs ~80%)
> but a merchant being completely unresponsive to cancellation requests of future services not yet provided (i.e. not of "buyer's remorse" for a service that's not available to them, per terms and conditions)
Geoblocking a region is not being unresponsive and will not result in a breach of network rules. Lots of precedent and completely uncontroversial but yet you believe otherwise.
> seems like an easy win for the issuer.
Seems is the operative word here, but it only seems so from your uninformed position. Even after quoting the MC terms that show that you're incorrect, you're still not open to new information.
Is that your observed rate or an industry-wide trend?
If it's the former, I'll stick with my theory – you're extrapolating from a pretty specific scenario to a different one. My guess would be that you're conflating geoblocking of content (what you seem to have experience with) with geoblocking of the cancellation method (what this thread is about).
If it's the latter, you're wildly off base:
> Merchants win an average of 50% of representments, though there are differences by country: U.S.: 54%, U.K.: 49.1%, AU: 46.7% and Brazil: 36.9%.
"Visiting the website" is the method. It's nonsense to say that visiting from a different location is a different method. I don't care if you won those disputes, you did a bad thing and screwed over your customers.
> Visiting the website" is the method. It's nonsense to say that visiting from a different location is a different method.
This is a naive view of the internet that does not stand the test of legislative reality. It's perfectly reasonable (and in our case was only path to compliance) to limit access to certain geographic locations.
> I don't care if you won those disputes, you did a bad thing and screwed over your customers.
In our case, our customers were trying to commit friendly fraud by requesting a chargeback because they didn't like a geoblock, which is also what the GP was suggesting.
Using chargebacks this way is nearly unique to the US and thankfully EU banks will deny such frivolous claims.
The ancestor post was about being unable to get support for a product, so I thought you were talking about the same situation. Refusal to support is a legitimate grievance.
Are you saying they tried a chargeback just because they were annoyed at being unable to reach your website? Something doesn't add up here, or am I giving those customers too much credit?
Were you selling them an ongoing website-based service? Then the fair thing would usually be a prorated refund when they change country. A chargeback is bad but keeping all their money while only doing half your job is also bad.
If you read back in the thread, we're talking about the claim that adding geoblocking will result in chargebacks, which outside the US, it won't.
> Are you saying they tried a chargeback just because they were annoyed at being unable to reach your website?
In our case it was friendly fraud when users tried to use a service which we could not provide in the US (and many other countries due to compliance reasons) and had signed up in the EU, possibly via VPN.
> If you read back in the thread, we're talking about the claim that adding geoblocking will result in chargebacks, which outside the US, it won't.
As a response to someone talking about customers traveling and needing support. But yeah geoblocks can occur in different situations with different appropriate resolutions.
> In our case it was friendly fraud when users tried to use a service which we could not provide in the US (and many other countries due to compliance reasons) and had signed up in the EU, possibly via VPN.
If you provided zero service at all, they should get their money back. And calling a chargeback in that situation "friendly fraud" is ridiculous.
If they weren't even asking for a refund and using a chargeback out of spite, that's bad, but that's a different problem from fraud.
For someone that did sign up via VPN, would they be able to access the cancellation page via VPN?
> If you provided zero service at all, they should get their money back. And calling a chargeback in that situation "friendly fraud" is ridiculous.
No, if a company upholds their side of a contract, the customer must too, within the bounds of the law.
A chargeback in that situation is the _definition_ of "friendly fraud" and is actual criminal fraud.
> If they weren't even asking for a refund and using a chargeback out of spite, that's bad, but that's a different problem from fraud.
That's also criminal fraud.
US consumer are often shocked that "customer is always right" customer service doesn't extend beyond their borders and that they can't chargeback their way out of contracts they've signed.
> For someone that did sign up via VPN, would they be able to access the cancellation page via VPN?
It doesn't matter. If our terms prohibited VPN use to avoid geoblocking (which they did), it's irrelevant whether your VPN can or cannot access the cancellation page on a given day. You can email or write to us. All perfectly legal, lawful, and backed by merchant account providers.
> No, if a company upholds their side of a contract, the customer must too, within the bounds of the law.
The company upholding their side by... doing nothing? Just give a refund if you're not providing service. And what is this about upholding your side if you're legally unable to provide the service in the first place?
> A chargeback in that situation is the _definition_ of "friendly fraud" and is actual criminal fraud.
They have to get the thing and then chargeback. Your definition is nonsense if it doesn't include them getting the thing.
> That's also criminal fraud.
It might be if they lie about something. But this isn't worth going on a tangent.
> It doesn't matter. If our terms prohibited VPN use to avoid geoblocking (which they did), it's irrelevant whether your VPN can or cannot access the cancellation page on a given day. You can email or write to us. All perfectly legal, lawful, and backed by merchant account providers.
Do they know who to email while the site is blocked? At least that's something.
But I'm not even asking about things fluctuating from day to day, I'm worried about a situation where a VPN can sign up but the same VPN at the same time can't be used to cancel.
What was inaccessible to them: The service itself, or any means to contact the merchant to cancel an ongoing subscription?
I can imagine a merchant to win a chargeback if a customer e.g. signs up for a service using a VPN that isn't actually usable over the same VPN and then wants money for their first month back.
But if cancellation of future charges is also not possible, I'd consider that an instance of a merchant not being responsive to attempts at cancellation, similar to them simply not picking up the phone or responding to emails.
Usually CC companies require email records (another way of communicating with a company) showing you attempted to resolve the problem but could not. I don’t think “I tried to visit the website that I bought X item from while in Africa and couldn’t get to it” is sufficient.
I really wish I could just email companies, but at least many US based ones don’t offer that way of communicating.
It’s usually phone support only, or some horrible web chat that leaves only the company with a permanent record of what was said. (I suspect that’s on purpose.)
I'm not precisely sure the point you're trying to make.
In my experience running rather lowish traffic(thousands hits a day) sites, doing just that brought every single annoyance from thousands per day to zero.
Yes, people -can- easily get around it via various listed methods, but don't seem to actually do that unless you're a high value target.
It definitely works, since you’re externalizing your annoyance to people you literally won’t ever hear from because you blanket banned them based. Most of them will just think your site is broken.
This isn't coming from nowhere though. China and Russia don't just randomly happen to have been assigned more bad actors online.
Due to frosty diplomatic relations, there is a deliberate policy to do fuck all to enforce complaints when they come from the west, and at least with Russia, this is used as a means of gray zone cyberwarfare.
China and Russia are being antisocial neighbors. Just like in real life, this does have ramifications for how you are treated.
It seems to be a choice they’re making with their eyes open. If folks running a storefront don’t want to associate with you, it’s not personal in that context. It’s business.
This is a perfectly good solution to many problems, if you are absolutely certain there is no conceivable way your service will be used from some regions.
> Surely bad actors wouldn’t use VPNs or botnets, and your customers never travel abroad?
Not a problem. Bad actors which are motivated enough to use VPNd or botnets are a different class of attacks that have different types of solutions. If you eliminate 95% of your problems with a single IP filter them you have no good argument to make against it.
Won't help: I get scans and script kiddy hack attempts from digital ocean, microsoft cloud (azure, stretchoid.com), google cloud, aws, and lately "hostpapa" via its 'IP colocation service'. Ofc it is instant fail-to-ban (it is not that hard to perform a basic email delivery to an existing account...).
Traffic should be "privatize" as much as possible between IPv6 addresses (because you still have 'scanners' doing the whole internet all the time... "the nice guys scanning the whole internet for your protection... never to sell any scan data ofc).
Public IP services are done for: going to be hell whatever you do.
The right answer seems significantly big 'security and availability teams' with open and super simple internet standards. Yep the javascript internet has to go away and the app private protocols have too. No more whatng cartel web engine, or the worst: closed network protocols for "apps".
And the most important: hardcore protocol simplicity, but doing a good enough job. It is common sense, but the planned obsolescence and kludgy bloat lovers won't let you...
Worked great for us, but I had to turn it off. Why? Because the IP databases that the two services I was using are not accurate enough and some people in the US were being blocked as if they had a foreign IP address. It happened regularly enough I reluctantly had to turn it off and now I have to deal the non-stop hacking attempts on the website.
For the record, my website is a front end for a local-only business. Absolutely no reason for anyone outside the US to participate.
Okay, but this causes me about 90% of my major annoyances. Seriously. It’s almost always these stupid country restrictions.
I was in UK. I wanted to buy a movie ticket there. Fuck me, because I have an Austrian ip address, because modern mobile backends pass your traffic through your home mobile operator. So I tried to use a VPN. Fuck me, VPN endpoints are blocked also.
I wanted to buy a Belgian train ticket still from home. Cloudflare fuck me, because I’m too suspicious as a foreigner. It broke their whole API access, which was used by their site.
I wanted to order something while I was in America at my friend’s place. Fuck me of course. Not just my IP was problematic, but my phone number too. And of course my bank card… and I just wanted to order a pizza.
The most annoying is when your fucking app is restricted to your stupid country, and I should use it because your app is a public transport app. Lovely.
And of course, there was that time when I moved to an other country… pointless country restrictions everywhere… they really helped.
I remember the times when the saying was that the checkout process should be as frictionless as possible. That sentiment is long gone.
I don’t use VPN generally, only in specific cases. For example, when I want to reach Australian news. Because of course, as a non Australian, I couldn’t care about local news. Or when American pages rather ban Europe than they would tell who they sell my data to.
Not OP, but as far as I know that's how it works, yeah.
When I was in China, using a Chinese SIM had half the internet inaccessible (because China). As I was flying out I swapped my SIM back to my North American one... and even within China I had fully unrestricted (though expensive) access to the entire internet.
I looked into it at the time (now that I had access to non-Chinese internet sites!) and forgot the technical details, but seems that this was how the mobile network works by design. Your provider is responsible for your traffic.
I think a lot of services end up sending you to a sort of generic "not in your country yet!" landing page in an awkward way that can make it hard to "just" get to your account page to do this kind of stuff.
Netflix doesn't have this issue but I've seen services that seem to make it tough. Though sometimes that's just a phone call away.
Though OTOH whining about this and knowing about VPNs and then complaining about the theoretical non-VPN-knower-but-having-subscriptions-to-cancel-and-is-allergic-to-phone-calls-or-calling-their-bank persona... like sure they exist but are we talking about any significant number of people here?
Obligatory side note of "Europe is not a country".
In several European countries, there is no HBO since Sky has some kind of exclusive contract for their content there, and that's where I was accordingly unable to unsubscribe from an US HBO plan.
> Not letting you unsubscribe and blocking your IP are very different things.
How so? They did not let me unsubscribe via blocking my IP.
Instead of being able to access at least my account (if not the streaming service itself, which I get – copyright and all), I'd just see a full screen notice along the lines of "we are not available in your market, stay tuned".
> Not letting you unsubscribe and blocking your IP are very different things.
When you posted this, what did you envision in your head for how they were prevented from unsubscribing, based on location, but not via IP blocking? I'm really curious.
Oddly, my bank has no problem with non-US IPs, but my City's municipal payments site doesn't. I always think it's broken for a moment before realizing I have my VPN turned on.
The percentage of US trips abroad which are to China must be minuscule, and I bet nobody in the US regularly uses a VPN to get a Chinese IP address. So blocking Chinese IP addresses is probably going to have a small impact on US customers. Blocking all abroad IP addresses, on the other hand, would impact people who just travel abroad or use VPNs. Not sure what your point is or why you're comparing these two things.
Not sure I'd call dumping externalities on a minority of your customer base without recourse "capitalism working as intended".
Capitalism is a means to an end, and allowable business practices are a two-way street between corporations and consumers, mediated by regulatory bodies and consumer protection agencies, at least in most functioning democracies.
Maybe, but it doesn't change the fact, that no one is going to forbid me to ban IPs. Therefore I will ban IPs and IPs ranges because it is the cheapest solution.
Lately I've been thinking that the only viable long-term solution are allowlists instead of blocklists.
The internet has become a hostile place for any public server, and with the advent of ML tools, bots will make up far more than the current ~50% of all traffic. Captchas and bot detection is a losing strategy as bot behavior becomes more human-like.
Governments will inevitably enact privacy-infringing regulation to deal with this problem, but for sites that don't want to adopt such nonsense, allowlists are the only viable option.
I've been experimenting with a system where allowed users can create short-lived tokens via some out-of-band mechanism, which they can use on specific sites. A frontend gatekeeper then verifies the token, and if valid, opens up the required public ports specifically for the client's IP address, and redirects it to the service. The beauty of this system is that the service itself remains blocked at the network level from the world, and only allowed IP addresses are given access. The only publicly open port is the gatekeeper, which only accepts valid tokens, and can run from a separate machine or network. It also doesn't involve complex VPN or tunneling solutions, just a standard firewall.
This should work well for small personal sites, where initial connection latency isn't a concern, but obviously wouldn't scale well at larger scales without some rethinking. For my use case, it's good enough.
I guess this is what "Identity aware proxy" from GCP can do for you? Outsource all of this to google - where you can connect your own identity servers, and then your service will only be accessed after the identity has been verified.
We have been using that instead of VPN and it has been incredibly nice and performant.
Yeah, I suppose it's something like that. Except that my solution wouldn't rely on Google, would be open source and self-hostable. Are you aware of a similar project that does this? Would save me some time and effort. :)
There also might be similar solutions for other cloud providers or some Kubernetes-adjacent abomination, but I specifically want something generic and standalone.
Lmao I came here to post this. My personal server was making constant hdd grinding noises before I banned the entire nation of China. I only use this server for jellyfin and datahoarding so this was all just logs constantly rolling over from failed ssh auth attempts (PSA: always use public-key, don't allow root, and don't use really obvious usernames like "webadmin" or <literally just the domain>).
Are you familiar with port knocking? My servers will only open port 22, or some other port, after two specific ports have been knocked on in order. It completely eliminates the log files getting clogged.
The bots have been port scanning me for decades. They just don't know which two ports to hit to open 22 for their IP address. Simply iterating won't get then there, and fail2ban doesn't afford them much opportunity to probe.
Did you really notice a significant drop off in connection attempts? I tried this some years ago and after a few hours on a random very high port number I was already seeing connections.
I use a non standard port and have not had an unknown IP hit it in over 25 years. It's not a security feature for me, I use that to avoid noise.
My public SFTP servers are still on port 22 and but block a lot of SSH bots by giving them a long "versionaddendum" /etc/ssh/sshd_config as most of them choke on it. Mine is 720 characters long. Older SSH clients also choke on this so test it first if going this route. Some botters will go out of their way to block me instead so their bots don't hang. One will still see the bots in their logs, but there will be far less messages and far fewer attempts to log in as they will be broken, sticky and confused. Be sure to add offensive words in versionaddendum for the sites that log SSH banners and display them on their web pages like shodan.io.
In my experience can cut out the vast majority of ssh connection attempts by just blocking a couple IPs. ... particularly if you've already disabled password auth because some of the smarter bots notice that and stop trying.
Most of the traffic comes from China and Singapore, so I banned both. I might have to re-check and ban other regions who would never even visit my stupid website anyway. The ones who want to are free to, through VPN. I have not banned them yet.
And usually hackers/malicious actors from that country are not afraid to attack anyone that is not russian, because their local law permits attacking targets in other countries.
(It sometimes comes to funny situations where malware doesn't enable itself on Windows machines if it detects that russian language keyboard is installed.)
This is true of any online game ever. Games require integrity and there are plenty of people who would rather have game integrity than system integrity because, for them, the system is for the game.
I don’t think Riot is losing sleep over denying access to the 4 people who want to play Valorant on a Steam Deck.
And for macOS the OS itself provides enough system integrity that Riot don't need a kernel anticheat on macOS.
Steam Deck users need to ask Valve to similarly improve SteamOS's system integrity to prove to game companies that it's safe for people to run their games on it without compromising their game's integrity.
As a Steam Deck user I'd rather have the platform kept open like how it is now than lock it down. It's one of the significant advantages the Steam Deck (and PC gaming in general) has over consoles.
Too bad most of this is meaningless, and the actual policy is the only thing standing between America and another 50 years of housing crises. When the so called progressive millennial is pitching rent control as the solution to housing in the largest city in the US you already know it's fucking Joever.
Social policy is popular among millennials, that doesn't make it good. Mamdani and his followers are wilfully ignorant to the root causes of the issues NYC is facing.
I live in Vancouver. People do not live normally here lmao. I pay $2300 for 430sqft in a city where the median household income is $82,000.
I’m surprised you chose Vancouver for your argument. Are you aware this is one of the worst housing markets in North America for exactly the same reason as NYC?
The one thing BC is doing correctly right now is getting rid of a lot of the market controls and introducing a lot more ways to build new housing, without any explicit focus on “affordable housing” (because that’s a tar pit.) These changes (by a social-forward party like the NDP no less) are what are easing pressure on the market, though it is still deeply unaffordable.
> Are you aware this is one of the worst housing markets in North America for exactly the same reason as NYC?
That's because you pointed out rent control in your earlier argument. It's not the end-all-be-all. I don't know why you picked that specifically knowing that Vancouver has rent control and to some degree it's fine.
His platform is more than rent control no?
> The one thing BC is doing correctly right now is getting rid of a lot of the market controls
BC got rid of Airbnb and that's one factor among many others that influence the pricing today: high interest rate, Trump tariff, China econ not doing well hence not a lot of Mainland China money flowing to Vancouver like it used to be. All these contribute to weaker demand.
The getting rid of zoning, while I fully support it for my own benefit, is yet to be seen IMO.
That seems like a reductive defence of a platform that is pitching rent control and socialized housing without addressing underlying demand. Which is basically the recipe the entire western world has used for half a century and has resulted in the worst housing price inflation in history.
The hard truth is that New York isn't even remotely dense enough for the demand. The entirety of lower Manhattan from Canal St. to midtown is "low" density. As is everything above 59th. And this is codified. So no wonder NYC housing prices are out of control. NYC should look like Sao Paulo based on demand.
There is no hope for it to return. US allies have credible evidence that the American populace are untrustworthy, uncaring, and frankly, stupid.
The only way for the US to restore credibility is to prosecute. And then survive another 100 years without doing it again.
The remaining influence it has economically and militarily should be considered to be "running on fumes."
US allies are looking for an exit strategy and aren't going to reconsider. Russia won.
I fully anticipate this to be downvoted, I don't care. You are coping if you think America can pull itself out of this.
reply