You make a new normal, non-root user specifically to run Radicale processes. The user should have write access only to Radicale’s directories, nothing else.

Same deal with Apache and the www-data user.

University of Minnesota, I remember it well. Considering the importance of the Linux kernel, a lifetime ban and retroactive removal of their contributions was the most polite “fuck off and never come back” they could’ve received. I personally would’ve accused them of sabotage.

It’s probably there to defeat the “well, you didn’t tell me not to add malware!” defense.

Is “prerequisite knowledge” a foreign concept to people these days? When I started writing extensions for Blender, I had to do a lot of legwork to understand the bpy module, and even more fucking legwork to understand Python itself, all that on top of the general knowledge of programming and algorithms from high school.

RTFM means that you should use the available resources to learn. There’s a whole internet full of them. There are no shortcuts to understanding, and you can’t expect every task-oriented guide to explain how to write a main().

In the real world, the only thing better than perfect is standardized.

Fun fact: C:\: is a perfectly valid NTFS path. Windows won’t let you create it, though, because Windows doesn’t even fully support the NTFS specification. That’s why you have to specify the windows_names option when mounting an NTFS filesystem on Linux.

Linux has two different kinds of “used” memory. One is memory allocated for/by running processes that cannot be reclaimed or reallocated to another process. This memory is unavailable. The other kind is memory used for caching (ZFS, write-back cache, etc) that can be reclaimed and allocated for other things as needed. Memory that is not allocated in any way is free. Memory that is either free or allocated to cache is available.

It looks like htop only shows unavailable memory as “used”, while proxmox shows the sum of unavailable and cached memory. Proxmox “uses” 11 GB, but it’s not running out of memory because most of it is “available”.

Not on my own, I’m technically only responsible for the network and cybersecurity, but not being able to log out of an education account on a public computer is a pretty serious threat. Fortunately I’m on good terms with the dean and he’s always been receptive to my concerns.

As a university sysadmin that spent half a fucking hour yesterday trying to log someone out of a classroom computer’s MS Office software (the “sign out” button did fuck all, go figure): fuck Microsoft, fuck Office, fuck Outlook, fuck Onedrive, fuck their SSO, and their mother too. Next semester I’m sanitizing the computers. Students will use LibreOffice and they’ll like it.

I might be a little angry.

Fuck it. *uses ulong to store a boolean*

Proxmox is a great starting point. I use it in my home server and at work. It’s built on Debian, with a web interface to manage your virtual machines and containers, the virtual network (trivial unless you need advanced features), virtual disks, and installer images. There are advanced options like clustering and high availability, but you really don’t have to interact with those unless you need them.

Well that’s not true. I live in a Soviet era house that had an entire second floor built on top of it. We’ve had to drill through the brick walls to replace the natural gas pipes with pipes that run outside the walls, we’ve had to dig under the foundation when we got connected to the city’s sewer system (again, Soviet-built), and again when the main water pipe burst and threatened to wash out the foundation. If the load-bearing walls had been constructed to the same “it works” standard as the things we’ve had to fix, we wouldn’t have a house anymore.

timedelta marks time in days, seconds, and microseconds. It doesn’t take leap years into account because the concept of years is irrelevant to timedelta. If you need to account for leap years, you need a different API.

New developments: just a few hours before I post this comment, The Register posted an article about AI crawler traffic. https://www.theregister.com/2025/08/21/ai_crawler_traffic/

Anubis’ developer was interviewed and they posted the responses on their website: https://xeiaso.net/notes/2025/el-reg-responses/

In particular:

Fastly’s claims that 80% of bot traffic is now AI crawlers

In some cases for open source projects, we’ve seen upwards of 95% of traffic being AI crawlers. For one, deploying Anubis almost instantly caused server load to crater by so much that it made them think they accidentally took their site offline. One of my customers had their power bills drop by a significant fraction after deploying Anubis. It’s nuts.

So, yeah. If we believe Xe, OOP’s article is complete hogwash.

That’s why the developer is working on a better detection mechanism. https://xeiaso.net/blog/2025/avoiding-becoming-peg-dependency/

With how much authority you wrote with before, I thought you’d be able to grasp the concept. I’m sorry I assumed better.

THEN (and this is the part you don’t seem to understand) the client process has to waste time solving the challenge, which is, by the way, orders of magnitudes lighter on the server than serving the actual meaningful content, or cancel the request. If a new request is sent during that time, it will still have to waste time solving the challenge. The scraper will get through eventually, but the challenge delays the response and reduces the load on the server because while the scrapers are busy computing, it doesn’t have to serve meaningful content to them.

It’s not client-side because validation happens on the server side. The content won’t be displayed until and unless the server receives a valid response, and the challenge is formulated in such a way that calculating a valid answer will always take a long time. It can’t be spoofed because the server will know that the answer is bullshit. In my example, the server will know that the prime factors returned by the client are wrong because their product won’t be equal to the original semiprime. Delegating to a sub-process won’t work either, because what’s the parent process supposed to do? Move on to another piece of content that is also protected by Anubis?

The point is to waste the client’s time and thus reduce the number of requests the server has to handle, not to prevent scraping altogether.

That’s the great thing about Anubis: it’s not client-side. Not entirely anyways. Similar to public key encryption schemes, it exploits the computational complexity of certain functions to solve the challenge. It can’t just say “solved, let me through” because the client has to calculate a number, based on the parameters of the challenge, that fits certain mathematical criteria, and then present it to the server. That’s the “proof of work” component.

A challenge could be something like “find the two prime factors of the semiprime 1522605027922533360535618378132637429718068114961380688657908494580122963258952897654000350692006139”. This number is known as RSA-100, it was first factorized in 1991, which took several days of CPU time, but checking the result is trivial since it’s just integer multiplication. A similar semiprime of 260 decimal digits still hasn’t been factorized to this day. You can’t get around mathematics, no matter how advanced your AI model is.

The developer is working on upgrades and better tools. https://xeiaso.net/blog/2025/avoiding-becoming-peg-dependency/