I was wondering about this too. I thought that it could be about it being possible to use archive.today to view sites otherwise blocked via DNS, but web.archive.org[1] doesn't have that flag, so it must be something else.
I'm not a web developer, but I've picked up some bits of knowledge here and there, mostly from troubleshooting issues I encounter while using websites.
I know there are a number of headers used to control cross-site access to websites, and the linked blog post shows archive.today's denial-of-service script sending random queries to the site's search function. Shouldn't there be a way to prevent those from running when they're requested from within a third-party site?
You can't completely prevent the browser from sending the request—after all, it needs to figure out whether to block the website from reading the response.
However, browsers will first send a preflight request for non-simple requests before sending the actual request. If the DDOS were effective because the search operation was expensive, then the blog could put search behind a non-simple request, or require a valid CSRF token before performing the search.
> I know there are a number of headers used to control cross-site access to websites
Mostly these headers are designed around preventing reading content. Sending content generally does not require anything.
(As a kind of random tidbit, this is why csrf tokens are a thing, you can't prevent sending so websites test to see if you were able to read the token in a previous request)
This is partially historical. The rough rule is if it was possible to make the request without javascript then it doesn't need any special headers (preflight)
One side publishes words, the other DDoSes. One side could just ignore the other and go about their business, the other cannot. One is using force, which naturally leads to resistance and additional attention, the other is not.
Both sides look like they have been bullied in the past and not found their way out of reproducing the pattern yet.
Words can have influence and can come from a place of authority, which does carry responsibility. Words of a president are very different from words published on a random blog by some random person, and different yet again from words published by a newspaper. Some presidents words are opinion, the same words in different context are commands and not acting on them comes at a price.
Context matters. Which is why also different rules apply, and laws exist to guard these rules. DDoS is not an acceptable response in any jurisdiction, no matter what triggered them. We’re not in the Middle Ages, even if some behave like we are. Violence does not justify violence. Unjust action does not justify unjust responses.
Ah yes I can see the misunderstanding: I meant “acceptable” in a broader sense than just legally, but I can see how the use of “jurisdiction” implies law. It was not my intention to just reference the legality, but more in terms of what is considered “violence” by the society, where law is one level you can look at to get an idea.
Then, again: one persons illegal actions do not warrant another persons illegal actions. That’s not how society works, and not how law works.
> The blog is still online and only exists as a part of a harassment campaign targeting archive.today
The blog has a lot of more posts on random topics. Why do you imply that the owner of the bloh is part of a harassment campaign and "only" that is the reason for this years old blog to exist?
There are only two posts about archive.today on the blog, and one of them only exists because archive.today started DDoSing them. I fail to see how you could consider the entire blog to be a "harassment campaign", especially considering that the original blog post isn't even negative, it ends with a compliment towards archive.today's creator.
Okay, there's one filler post I missed. I'm sure it took a lot of time to write the 16739382nd post explaining what the various things on a boarding pass mean.
Attack? Did we read the same one article? One article is clearly defensive. The other is a piece of investigative journalism about who and how the site is run.
This is a weird way of saying that you wish gyrovague updated more frequently. You could just say “Big fan of his writing, I’d love it if he posted more” if your only complaint is that there aren’t enough recent blog posts on that website
The blog author is in Finland, so it's covered by the Article 8 right to privacy of the ECHR. The exact implementation is country dependent, I don't know how it works in Finland but in the UK we just extended the common law tort of "Breach of confidence" to it.
That is very surprising to me. As far as I know, in Finland details of your income are publicly available, but someone reposting publicly available information is illegal.
While I would it also better to a bit redact names and details mentioned in the original article in hindsight, I hardly find real defamation. I guess you want to provide random unproven evidence if someone is target of various foreign law enforcement and commercial sites.
In the article they even call for donations to archive.today . As far as I read the tone of the post is full of admiration. Funny thing is that IMHO the rather childish JavaScript attack gives credibility to the post after all.
In all this I somehow hope that we see a legal solution to all this major global copyright crisis that has been reinforced by LLM training. (If you want conspiracy theory: that I guess would be easy monetization for archive these days selling their snapshots)
Thinking about it, I think we might need better platform rules, maybe even regulations on this. There seems to be pretty much no line of defense, which might explain the rather desperate DoS. If you take anonymity as a right, discussion like ours here on HN are dangerous as well, as they easily make otherwise difficult to find knowledge easily visible. So while a single fan page might go unnoticed, in case of doxing amplification is also a problem. Just my spontaneous thought.
Edit: one afterthought. The story about hacking together a response to the GDPR takedown request quoting press rights and freedom of speech using an LLM shows actually the deeper problem. Actually rights come with obligations (at least ethical ones). At least in Europe press standards are typically rather aware of doxing risks. While actually celebraties also successfully use legal defenses, i still think the defenses for activist are weak balancing interest here (at least if you made something of public interest)
There's probably a worthwhile discussion to be had about what it takes for a site in this situation to be removed from blocklists. An apology? Surrender to authorities? Halting the malicious activity for a certain period of time?
Regardless, another user reports the attack is still ongoing[1], so this isn't a discussion that's going to happen about archive.today anytime soon.
I suppose “evidence that the site’s leadership has permanently changed” would convince me. Whoever decided to put in the code that causes visitors to DDOS someone should never be running a web site again.
I mean, probably not. Maybe if they posted a public apology (an actual one, not a 'I'm sorry I was caught' one), listed the steps that they would take to ensure it doesn't happen again and how the fact that they weren't doing it could be publicly verified.
They've shown they're willing to deliberately weaponize their users to fight a personal dispute with someone, and didn't take corrective action when called out. Trustworthiness is something you lose and don't get back.
As far as I am aware, all previous issues with archive.today and Cloudflare were on account of archive.today taking measures to stop Cloudflare's DNS from correctly resolving their domains, not the other way around.
The current situation is due to Cloudflare flagging archive.today's domains for malicious activity, Cloudflare actually still resolves the domains on their normal 1.1.1.1 DNS, but 1.1.1.2 ("No Malware") now refuses. Exactly why they decided to flag their domains now, over a month after the denial-of-service accusations came out, is unclear, maybe someone here has more information.
Sounds a bit like when "Finland geoblocked archive.today". In all actuality, there was no geoblocking of the site in Finland by any authorities or ISPs, but rather it was the website owner blocking all Finnish IPs after some undisclosed dispute with Finnish border agents. When something bad happens, people seem a bit too willing to give archive.today the benefit of the doubt.
For context, archive.today is angry that Cloudflare won't pass through EDNS - which includes things like your IP address, which archive.today explicitly wants for DNS-based geographical routing. The obvious problem with this is that it would deanonymize all 1.1.1.1 users, at least down to their ISP and probably down to the individual subscriber.
I've been using an IODD 2531 enclosure for many years now, and it's doing pretty much exactly that. It works with any ISO I throw at it and has no issues with Secure Boot. It’s also platform-agnostic as it acts as a USB optical disk drive.
There are some shortcomings, like a bug where it doesn't remember the last selected ISO if its filename is too long, files also need to be fully sequential. These might be fixed in their newer models (the 2531 is fairly old).
Not sure if this still works, but you used to be able to run "wsreset.exe -i" to install the Microsoft Store. The command kicks off the process in the background, so there's no progress indicator, but the Store app just appeared after a few minutes.
I think a dedicated "TikTok but AI" is infinitely better than AI videos polluting other platforms. Of course, in practice, the latter is already the case, rendering the theoretical benefits of the former kind of moot.
Nonetheless, a platform for AI videos with an audience looking for them, rather than the horrible "boomer-slop" that is prevalent on other social media, is welcome in my eyes.
[1] https://radar.cloudflare.com/domains/domain/web.archive.org
reply