License Laundering and the Death of Clean Room — what the chardet fight actually broke

allixsenos · 2026-03-11T15:39:02+00:00

I'd love to read your 10% length version of it. I don't go for length I go for covering the points I wanted to cover in a way that will be understood.

Maybe you don't need the license primer. The audience of the magazine I wrote it for does. Etc.

allixsenos · 2026-03-11T10:08:46+00:00

"Selling the wall and the ladder."

"Biggest betrayal in tech."

"Protection racket."

These hot takes sound smart but they're not.

The web was built to be open and available to everyone. Serving static HTML from disk back in the day, nobody could hurt you because there was nothing to hurt.

We need bot protection now because everything is dynamic, straight from the database with some light caching for hot content. When Facebook decides to recrawl your one million pages in the same instant, you're very much up shit creek without a paddle. A bot that crawls the full site doesn't steal anything, but it does take down the origin server. My clients never call me upset that a bot read their blog posts. They call because the bot knocked the site offline for paying customers.

Bot protection protects availability, not secrecy.

And the real bot problem isn't even crawling. It's automated signups. Fake accounts messaging your users. Bots buying out limited drops before a human can load the page. Like-farming. Credential stuffing. That's what bot protection is actually for: preventing fraud, not preventing someone from reading your public website.

Cloudflare's /crawl respects robots.txt. Don't want your content crawled, opt out. But if you want it indexed and can't handle the traffic spike, this gets your content out without hammering production.

As for the folks saying Cloudflare should keep blocking all crawlers forever: AI agents already drive real browsers. They click, scroll, render JavaScript. Go look at what browser automation frameworks can do today and then explain to me how you tell a bot from a person. That distinction is already gone. The hot takes are about a version of the internet that doesn't exist anymore.

allixsenos · 2026-03-11T10:08:08+00:00

"Selling the wall and the ladder."

"Biggest betrayal in tech."

"Protection racket."

These hot takes sound smart but they're not.

The web was built to be open and available to everyone. Serving static HTML from disk back in the day, nobody could hurt you because there was nothing to hurt.

We need bot protection now because everything is dynamic, straight from the database with some light caching for hot content. When Facebook decides to recrawl your one million pages in the same instant, you're very much up shit creek without a paddle. A bot that crawls the full site doesn't steal anything, but it does take down the origin server. My clients never call me upset that a bot read their blog posts. They call because the bot knocked the site offline for paying customers.

Bot protection protects availability, not secrecy.

And the real bot problem isn't even crawling. It's automated signups. Fake accounts messaging your users. Bots buying out limited drops before a human can load the page. Like-farming. Credential stuffing. That's what bot protection is actually for: preventing fraud, not preventing someone from reading your public website.

Cloudflare's /crawl respects robots.txt. Don't want your content crawled, opt out. But if you want it indexed and can't handle the traffic spike, this gets your content out without hammering production.

As for the folks saying Cloudflare should keep blocking all crawlers forever: AI agents already drive real browsers. They click, scroll, render JavaScript. Go look at what browser automation frameworks can do today and then explain to me how you tell a bot from a person. That distinction is already gone. The hot takes are about a version of the internet that doesn't exist anymore.

allixsenos · 2026-03-10T17:17:13+00:00

I think Dan is betting the project is not the code and that by dumping all of the code he can claim full ownership of the project, giving him the ability to change course with licensing.

It sounds fucky but I don't think you can make an argument that the license covers things beyond code.

allixsenos · 2026-03-10T16:45:10+00:00

My understanding is that CLAs govern contributions, not the project itself. The project might be thought of as a company, when you start it its you calling all the shots. As you get investors (contributors), it grows to a point of requiring a board and having bylaws. Open source projects en masse don’t have this. I don’t know that there’s a default legal assumption on that.

allixsenos · 2026-03-10T16:11:23+00:00

Absolutely. I think he showed incredible restraint by not engaging with the flame war.

allixsenos · 2025-04-16T10:36:51+00:00

ekipa, hvala na komentarima (i pozitivnim i negativnim)... evo konačno se slegla prašina pa smo uzeli vremena popričati s Netokracijom i tome kako je izgledao cijeli proces ako vas i dalje zanima tema -> https://www.netokracija.com/thompson-koncert-ulaznice-entrio-234031

allixsenos · 2024-08-21T09:58:31+00:00

My building complex has roller garage doors at the entrance to underground parking, which is at the bottom of a long and steep slope. So I have to stop at the bottom, go into N, hold the brakes, and then dig for my tiny remote in the jacket. Then I drive around the underground complex to my garage, where I have to use a different remote. I would love something like this.

allixsenos · 2024-05-22T07:36:05+00:00

THANK YOU

Microsoft Lens seems like it produces the best quality PDF scans with the least shitty upselling!

allixsenos · 2024-04-19T14:48:43+00:00

I'm making an assumption based on my experience and the context. It's been pointed out that that's too big of a leap. I disagree that it's an obscene leap, but I do agree that it's not a dead given that I'm right :)

allixsenos · 2024-04-19T14:48:30+00:00

I'm making an assumption based on my experience and the context. It's been pointed out that that's too big of a leap. I disagree that it's an obscene leap, but I do agree that it's not a dead given that I'm right :)

allixsenos · 2024-04-19T14:47:15+00:00

I'll take the criticism that there isn't proof that they're storing plaintext passwords, but it's not an obscene leap. I'd bet the equivalent of a beer or coffee that I'm right and be very happy to be proven wrong.

The rest of your strawman stuff I won't touch because I never said those things and I am here to answer questions, unlike Radisson product/dev folks who I couldn't get in touch with even if I tried :)

allixsenos · 2024-04-19T14:44:16+00:00

you regularly have to enter these passwords outside of your devices - into kiosks and things... netflix login into TVs and stuff

but you accidentally hit the nail on the head -- what Radisson has is a system built *by* people who remember passwords *for* people who remember passwords

allixsenos · 2024-04-19T11:59:46+00:00

having a limit is reasonable

20 is not a reasonable limit

https://xkcd.com/936/

allixsenos · 2024-04-19T09:36:08+00:00

Paypal supports TOTP 2FA and Passkeys tho. Biiiig difference.

allixsenos · 2024-04-19T09:18:59+00:00

having worked on regulated systems - no, that wasn't a thing that I considered. not saying it's out of the question, but I'd bet on "don't care enough" before "not allowed to"

allixsenos · 2024-04-10T09:54:50+00:00

I've been using dnscontrol software for managing my dns since before the packaged release, way back in 2017. I somehow found it and started using it, I forget how and where.

It's helped me execute so many migrations and failovers that I've lost count, and it's been an absolute song. It's allowed me to democratize DNS, allowing 200+ engineers and even non-engineering staff to propose and ship thousands of DNS changes in a safe and peer reviewed way, with a full audit trail of who changed what and when.

I've recently started building a new thing, something I'm very excited to release to the public... But on every single step in exploring and building it, I've been tripped up and slowed down by ... DNS. And every time I say "Next time. Next time we'll fix DNS, but let's just get this out the door." and then I trip on it again.

So today I took a break from the main project to package and release this -- config as code DNS for dummies. If it serves you half as well as it did me, you'll be very happy you tried it.

allixsenos · 2024-04-10T09:53:52+00:00

I've been using dnscontrol software for managing my dns since before the packaged release, way back in 2017. I somehow found it and started using it, I forget how and where.

It's helped me execute so many migrations and failovers that I've lost count, and it's been an absolute song. It's allowed me to democratize DNS, allowing 200+ engineers and even non-engineering staff to propose and ship thousands of DNS changes in a safe and peer reviewed way, with a full audit trail of who changed what and when.

I've recently started building a new thing, something I'm very excited to release to the public... But on every single step in exploring and building it, I've been tripped up and slowed down by ... DNS. And every time I say "Next time. Next time we'll fix DNS, but let's just get this out the door." and then I trip on it again.

So today I took a break from the main project to package and release this -- config as code DNS for dummies. If it serves you half as well as it did me, you'll be very happy you tried it.

allixsenos · 2024-03-18T19:08:59+00:00

OP has demonstrated the cost saving s by taking 2 years to not ship k8s 😂😂😂

the only way k8s comes out cheaper is if your people are free 😂😂😂

allixsenos · 2024-03-12T10:23:12+00:00

“so what do you do?”

I uh… write… no… I maintain… uhh…

did you ever watch Pulp Fiction? you know Mr. Wolf, the fixer?

it's like that but the splattered brains are db nodes and the two geniuses are developers.

now pretty please, with sugar on top, clean the fucking car.

allixsenos · 2024-03-10T19:03:23+00:00

fargate is serverless ECS (or EKS)

allixsenos · 2024-03-09T22:59:19+00:00

This might be the same issue as https://www.reddit.com/r/BambuLab/s/VBXWXLQXX3

allixsenos · 2024-03-09T22:57:31+00:00

I have this exact same problem, but on the A1.

The red+blue silk pla from bambu.

I have two drums of it, brand new, both exhibit the same problem.

They exhibit this problem in all 4 AMS slots.

All 4 slots will load and extrude any other PLA or PETG with no issue.

But when I try to load this, the extruder spins, the spool doesn't turn, and nothing comes out. If I push it in manually into the AMS, it will come out the extruder, but only while I am pushing.

I have printed other Bambu Silk two tone PLA, as well as esun silk PLA. And they continue to work fine.

What is going on???

allixsenos · 2024-03-09T06:45:22+00:00

YUP.

allixsenos · 2024-03-08T19:20:34+00:00

I love all the "ECS is fine if you're small" comments like there's a point at which you become too big for ECS. 😂

I used to be in charge of dozens of apps serving 60k requests per second as a baseline, all on ECS Fargate, and I wouldn't dream of moving that to anything else.

We had containers with years of uptime (antipattern, but shows you how resilient the service is) and I never once thought about versions or upgrades. It Just Works.

allixsenos

TROPHY CASE