- raises hand
Been daily driving desktop Debian for dang-near a decade now (heh). I've also maintained a gradually-evolving app hosting service for clients for even longer, covering all kinds of stuff. Current architecture includes LXC and nginx. And, I've got BSD experience too.
Job market sucks for me too.
- https://eyesoffeugene.org/contact or contact@eyesoffeugene.org.
- > Would you be open to consulting for a group that's trying to do the same in west Wyoming?
Absolutely!
Re: Strategies
- Public records requests (aka FOIAs, though FOIA is technically for federal stuff): this has been a big one for us. File a request for the contract, a request for the locations, a request for communications, requests for the network audit, and more. PRRs take practice, but I can put you in touch with someone that's become an expert at them. Some requests may come with price tags attached and in some cases they can be expensive. Usually that means either the agency is fighting you or something in the request needs to be reworded.
- Comms: set up a site (go with something quick and easy for multiple people to use), we've had good luck setting up a community chat on Signal (now with almost 100 participants). I've spent a pile of hours just assembling different slide decks that digest lots of Flock info into smaller bits for people learning about it for the first time.
- Show up: things got rolling here when a couple of people used the public comment period at local city council meetings. Local media often monitor city council meetings, and if you're a new face and you're saying something interesting, there may be a brief interview afterward.
- Gather intelligence: we've gotten to know our local politicians pretty well. You'll want to keep some notes on where everyone stands on it, who can be moved, who prefers individual meetings, talking points they may be responsive to.
- Engage with other local activist groups. Flock s a problem that affects people with lots of different political opinions.
- Try meeting with your local police department chief and just initiate a conversation about it. They may not be as pro-Flock as you'd expect. You at least want to figure out where they stand on it and let them see you as not a direct opponent from the get-go.
- Make contact with your local chapter of the ACLU. In our case, they've filed a lawsuit on our behalf over a public records request that the city refused to fulfill and the county DA denied on appeal.
- Write lots of emails to local officials, offer to meet them for coffee. They can be hard to reach initially, but once you get that initial meeting, if it goes well, they know who you are and they'll answer your texts. We are now having frequent text chats with city councilors and police commissioners and even state legislators.
This is all just off the top of my head real quick, I am probably forgetting at least one important strategy. But each of these can take a lot of time and each benefits from different skill sets, so that's where having a small group of people is really helpful.
Rather than trying to set up a hierarchical, official organization, we decided early on to just run as an ad-hoc informal "working group", and each of us would just pick up whatever tasks we were most interested in. That has worked out really well.
- I have been able to get them deactivated in two cities. They have not yet been physically removed but that is looking like a likely near-term outcome.
Flock has been a "side project" that's been eating about as many hours as a part-time job since late June. I have spoken at city council meetings in two cities, met individually with city councilors, met with a chief of police, presented to city councilors in Portland, am in almost daily conversations with ACLU Oregon, have received legal advice from EFF, done numerous media interviews, and I have an upcoming presentation to the state Senate Judiciary Committee. I may also be one of the reasons that Ron Wyden's office investigated Flock more carefully over the Summer and recently released a letter suggesting that cities terminate their relationship with the company.
All of which is to say I've been in it for a while now and have had some wins.
Good and bad news: it's a lot easier to fight it now than it was in June, but it's still going to take more effort than you probably imagine.
You'll need a team. I'm one member of a community working group. We have a core group of about a half-dozen active organizers. We have filed (and paid thousands in fees for) tons of public records requests, done a lot of community organizing and outreach, built partnerships with adjacent activist organizations, and done original technical research.
There are a couple of different strategies to pursue that can kick these things out of a community. My recommendation is to find the one that you like best, and find other people that like other ones, and pursue them in parallel.
Depending on your local police department, you may find them to be surprisingly cooperative, or you may find that they dig in and start putting in an equal amount of effort to block yours. I've had both. Odds are that your city councilors are not aware at all of what Flock is or how it works, so your first step is to raise awareness. I strongly recommend starting with an approach that makes you seem like a reasonable, honest, and reliable member of your community.
I realize this comment isn't super helpful by itself. I'm a bit distracted at the moment and I don't think I could figure out how to write a helpful, comprehensive, and yet concise comment here on this. I need to put together an info packet for people that want to get efforts like this one started in their own community. In the meanwhile, you should be able to email contact@eyesoffeugene.org and I'm happy to provide advice and assistance to anyone that wants to take this up in their city.
- You're not alone. I've been on the web since around 1997, something like that. I remember it as a fun distraction, but also as a place that had recognizable handles, behind which sat a real person somewhere else in the world.
Unrestrained SEO and the failure of search engines (or, in Google's case, complicity veering towards enthusiastic support) to do anything about that was the first thing that, for me, took a lot of the fun out of the web.
Cheap botting, engagement farming, walled gardens, social media, and now AI has left me in a state of active avoidance. I don't feel good when I use the web. Like, any of it, at all.
Casual cruelty has always been a problem of online interaction, but at one time it was also balanced out by familiarity, friendliness sometimes, creativity ... but those things have gotten a lot harder to find.
The most engaging online interaction I've had recently has been some local community groups on Signal, and even that is best in small and infrequent doses.
- OpenAI announced $10 billion ARR in June of this year (https://www.cnbc.com/2025/06/09/openai-hits-10-billion-in-an...).
Agriculture in California hit $61 billion in annual receipts in 2024 (https://www.cdfa.ca.gov/statistics/).
So, not that OpenAI isn't big, but, "the heart of the California economy"?
OpenAI needs to IPO, because if they don't get in on the current meme stock economy, they're going to collapse.
- I was really hoping this would at last be a treatment of the most realistic risk for AI, but no.
The real risk -- and all indicators are that this is already underway -- is that OpenAI and a few others are going to position themselves to be the brokers for most of human creative output, and everyone's going to enthusiastically sign up for it.
Centralization and a maniacal focus on market capture and dominance have been the trends in business for the last few decades. Along the way they have added enormous pressures on the working classes, increasing performance expectations even as they extract even more money from employees' work product.
As it stands now, more and more tech firms are expecting developers to use AI tools -- always one of the commercial ones -- in their daily workflows. Developers who don't do this are disadvantaged in a competitive job market. Journalism, blogging, marketing, illustration -- all are competing to integrate commercial AI services into their processes.
The overwhelming volume of slop produced by all this will pollute our thinking and cripple the creative abilities of the next generation of people, all the while giving these handful of companies a percentage cut of global GDP.
I'm not even bearish on the idea of integrating AI tooling into creative processes. I think there are healthy ways to do it that will stimulate creativity and enrich both the creators and the consumers. But that's not what's happening.
- The best you can get is https://deflock.me/map, which is crowd-sourced, and therefore both incomplete and inaccurate.
Cities tend to resist public records requests for camera locations.
But Flock is currently in ~5,000 communities around the country. They have managed to spread very quickly, and very quietly, and the public has only become aware of it relatively recently.
There is also a good site at https://eyesonflock.com/ that parses data from the transparency pages that some places publish.
- Interesting, I was under the impression this was more common than maybe it is. I know the hosting market has gotten pretty bad.
So, I'm currently building pretty much this. After doing it on the side for clients for years, it's now my full-time effort. I have a solid and stable infrastructure, but not yet an API or web frontend. If somebody wants basically ssh, git, and static (or even not static!) hosting that comes with a sysadmin's contact information for a small number of dollars per month, I can be reached at sysop@biphrost.net.
Environment is currently Debian-in-LXC-on-Debian-on-DigitalOcean.
- Oh! That didn't even occur to me. Yeah, I could pump that into ipset. Got one in particular that you think is reliable?
- That would be nice! This doesn't work reliably enough for WP sites. Whether it's devs making changes and testing them in prod, or dynamic content loaded in identical URLs, my past attempts to cache html have caused questions and complaints. The current caching strategy hits a nice balance and hasn't bothered anyone, with the significant downside that it's vulnerable to bot traffic.
(If you choose to read this as, "WordPress is awful, don't use WordPress", I won't argue with you.)
- The post-AI web is already a huge mess. I'd prefer solutions that don't make it worse.
I myself browse with cookies off, sort of, most of the time, and the number of times per day that I have to click a Cloudflare checkbox or help Google classify objects from its datasets is nuts.
- The Cathedral and the Bazaar meets The Tragedy of the Commons.
Let's say there's two competing options in some market. One option is fully commercialized, the other option holds to open-source ideals (whatever those are).
The commercial option attracts investors, because investors like money. The money attracts engineers, because at some point "hacker" came to mean "comfortable lifestyle in a high COL area". The commercial option gets all the resources, it gets a marketing team, and it captures 75% of the market because most people will happily pay a few dollars for something they don't have to understand.
The open source option attracts a few enthusiasts (maybe; or, often, just one), who labor at it in whatever spare time they can scrape together. Because it's free, other commercial entities use and rely on the open source thing, as long it continues to be maintained in something that, if you squint, resembles slave labor. The open source option is always a bit harder to use, with fewer features, but it appeals to the 25% of the market that cares about things like privacy or ownership or self-determination.
So, one conclusion is "people want Cathedrals", but another conclusion could be that all of our society's incentives are aligned towards Cathedrals.
It would be insane, after all, to not pursue wealth just because of some personal ideals.
- Yeah, that's where IP intelligence comes in. They're using pretty big IP pools, so, either you're manually adding individual IPs to a list all day (and updating that list as ASNs get continuously shuffled around), or you've got a process in the background that essentially does whois lookups (and caches them, so you aren't also being abusive), parses the metadata returned, and decides whether that request is "okay" or not.
The classic 80/20 rule applies. You can catch about 80% of lazy crawler activity pretty easily with something like this, but the remaining 20% will require a lot more effort. You start encountering edge cases, like crawlers that use AWS for their crawling activity, but also one of your customers somewhere is syncing their WooCommerce orders to their in-house ERP system via a process that also runs on AWS.
- People outside of a really small sysadmin niche really don't grasp the scale of this problem.
I run a small-but-growing boutique hosting infrastructure for agency clients. The AI bot crawler problem recently got severe enough that I couldn't just ignore it anymore.
I'm stuck between, on one end, crawlers from companies that absolutely have the engineering talent and resources to do things right but still aren't, and on the other end, resource-heavy WordPress installations where the client was told it was a build-it-and-forget-it kind of thing. I can't police their robots.txt files; meanwhile, each page load can take a full 1s round trip (most of that spent in MySQL), there are about 6 different pretty aggressive AI bots, and occasionally they'll get stuck on some site's product variants or categories pages and start hitting it at a 1r/s rate.
There's an invisible caching layer that does a pretty nice job with images and the like, so it's not really a bandwidth problem. The bots aren't even requesting images and other page resources very often; they're just doing tons and tons of page requests, and each of those is tying up a DB somewhere.
Cumulatively, it is close to having a site get Slashdotted every single day.
I finally started filtering out most bot and crawler traffic at nginx, before it gets passed off to a WP container. I spent a fair bit of time sampling traffic from logs, and at a rough guess, I'd say maybe 5% of web traffic is currently coming from actual humans. It's insane.
I've just wrapped up the first round of work for this problem, but that's just buying a little time. Now, I've gotta put together an IP intelligence system, because clearly these companies aren't gonna take "403" for an answer.
- The idea of "a fall" is a universal bug in our thinking, I believe.
Most of what we learn has been from dramatization. There is, maybe, slightly less now, offset by more technical text, but that's a really recent change in human history. And even then, how many people's ideas of history are entirely formed from television shows and movies, or even stories told to each other?
We talk about what makes stories compelling. Compelling stories have a beginning, a climax, and an end. History thus also has a beginning, climax, and end.
So we think of the Roman Empire as a thing in history that had a beginning, and a rise, and then a fall.
Yet Rome still exists.
I see this a lot in discussions about businesses. Somebody will do something dumb, and then immediately two camps form: those that throw darts at the exact date that the business will cease to exist, and those that mock the first camp's predictions of timely demise.
So we get these really repetitive, entirely pointless debates after the fact about whether the business is "dead" or not, so everybody can try to figure out which camp was right.
But, in the general case, it never works that way. For every WebVan, there are a hundred Reddits: persistently spectral businesses, online and still making money, occasionally bolstered by some CEO whose job it is to convince everyone that the business is still as full of verve as ever it was, and yet, when people think of it, they think of it nostalgically, if they do at all.
Slashdot is still online and posting stories every day.
Rome never fell; its story changed. It stopped being the main character of historical storytelling for a certain period, but of course that leaves us wondering what happened to that character, and when exactly did that character die?
- I mean, can I not just spend the money to buy a better society in which to live?
Museums. I love museums. They all need more support. Kids need more places to do field trips.
Libraries ... they are experiencing budget cuts everywhere now as cities prioritize police spending.
Parks.
Homes for people that can't afford them. Seriously, one of the most effective possible cures for homelessness is to set up a program that helps people cover their rent for a month or two if they get into trouble.
Health care. Like, there's got to be a pile of people that need urgent health care and can't afford it, right?
Education. Adult education, too.
Science and research.
And most, maybe all of these, aren't even things that necessarily need an entirely new organization to spearhead them, or some kind of dramatic social change. They are all things that exist right now and need more funding than anything else. You could hire a small team to just look up all kinds of programs all day long and write checks for them and it would be enormously impactful.
I just... the answer to this seems so blindingly obvious to me, and then I read the rest of the comments, and I really wonder when exactly the hacker ethos got co-opted by the crab mentality.
- I am pretty sure that this is the thread that introduced me to it: https://www.hackerneue.com/item?id=10681851
Unfortunately, web.archive.org didn't grab an https version of my main site from around that period. My oldest server build script in my current collection does have the following note in it:
...so I was using it back when it was under the lukas2511 account. Those tech notes however were rescued from a long-dead Phabricator installation, so I no longer have the change history for them, unless I go back and try to resurrect its database, which I think I do still have kicking around in one of my cold storage drives...**Get the current version of dehydrated from https://github.com/dehydrated-io/dehydrated ** (Dehydrated was previously found at https://github.com/lukas2511/dehydrated)But yeah, circa 2015 - 2016 should be about right. I had been hosting stuff for clients since... phew, 2009? So LetsEncrypt was something I wanted to adopt pretty early, because back then certificate renewals were kind of annoying and often not free, but I also didn't want to load whatever the popular ACME client was at the time. Then this post popped up, and it was exactly what I had been looking for, and would have started using it soon after.
edit: my Linode account has been continuously active since October 2009, though it only has a few small legacy services on it now. I started that account specifically for hosting mail and web services for clients I had at the time. So, yeah, my memory seems accurate enough.
In the Trek universe, LCARS wasn't getting continuous UI updates because they would have advanced, culturally, to a point where they recognized that continuous UI updates are frustrating for users. They would have invested the time and research effort required to better understand the right kind of interface for the given devices, and then... just built that. And, sure, it probably would get updates from time to time, but nothing like the way we do things now.
Because the way we do things now is immature. It's driven often by individual developers' needs to leave their fingerprints on something, to be able to say, "this project is now MY project", to be able to use it as a portfolio item that helps them get a bigger paycheck in the future.
Likewise, Geordi was regularly shown to be making constant improvements to the ship's systems. If I remember right, some of his designs were picked up by Starfleet and integrated into other ships. He took risks, too, like experimental propulsion upgrades. But, each time, it was an upgrade in service of better meeting some present or future mission objective. Geordi might have rewritten some software modules in whatever counted as a "language" in that universe at some point, but if he had done so, he would have done extensive testing and tried very hard to do it in a way that wouldn't've disrupted ship operations, and he would only do so if it gained some kind of improvement that directly impacted the success or safety of the whole ship.
Really cool technology is a key component of the Trek universe, but Trek isn't about technology. It's about people. Technology is just a thing that's in the background, and, sometimes, becomes a part of the story -- when it impacts some people in the story.