Slackware ARM announces EOL for 14.1 and -current

Some unfortunate but understandable news emerged on the Slackware ARM website today as ARM maintainer Stuart Winter released the following announcement:

Slackware ARM 14.1 will become End of Life on 1st September 2016 and development of ARM -current will cease upon the release of Slackware 14.2.

I’m just tired of continually thinking for my full time job, then working on the ARM port in what little time I have available. I don’t have the time or mental space to continue making the port represent the hallmarks of Slackware…

Please read the full announcement posted on arm.slackware.com

From what I gather, the upcoming Slackware ARM 14.2 release will continue to receive security updates, but future development on Slackware ARM will cease. I believe its user base will agree that the Slackware ARM port has been a great addition to the Slackware family and has adhered to the quality associated with the Slackware brand. I would like to express my sincere thanks and respect to @drmozes for all his work and effort on the Slackware ARM port, I have enjoyed it immensely.

Slackware Linux
Give me slack or give me death.

Not that it matter much in this context, but my self hosting project that got started with running WordPress on a RPi2 and later on a RPi3 will also come to an end. I’ve considered moving it to another distribution but it will never be as much fun as running Slackware ARM -current.

Is CloudFlare Always Online a leech?

As a Tor (The Onion Router) user I already have a negative impression of CloudFlare due to their captcha trolling. It therefore gives me no joy to see CloudFlare Always Online circumventing my hotlink protection in order to “cache” my content on their service.

What is CloudFlare Always Online

According to CloudFlare: With Always Online, when your server goes down, CloudFlare will serve pages from our cache, so your visitors still see some of the pages they are trying to visit.

Sounds great or what? CloudFlare’s definition of a downed server however implies that the “downed” server still returns HTTP 502 or 504 response codes (always read the fine print huh).

What is the problem with CloudFlare Always Online

CloudFlare powers a lot of scam sites that don’t produce their own content but instead takes what they need from other sites. When a scam site uses my images to promote their crap, they are linking directly to images hosted on my server and stealing my bandwidth. To battle this issue webmasters implement hotlink protection to block requests not originating from a predetermined list of domains. The HTTP header field used to determine the origin of the request is called the HTTP referer.

However, CloudFlare is aware that websites implementing hotlink protection will interfere with their service. The solution: if a server returns a 403 forbidden response then simply drop the HTTP referer on the next request. Since blocking empty referers is a very bad idea, CloudFlare will walk away with the prize.

Requested file Status Referer User-agent
/bioshock.png 403 “http://scam.tld” “CloudFlare-AlwaysOnline”
/bioshock.png 200 “-“ “CloudFlare-AlwaysOnline”
https://blog.paranoidpenguin.net/wp-content/uploads/2016/05/CloudFlareAlwaysOnline.png
CloudFlare AlwaysOnline blocked and fed to the firewall after a user agent block.

By following the link to the Always Online sales pitch, one feature stands out:

Are you here because someone hotlinked to your site? CloudFlare also can help prevent hotlinking with ScrapeShield.

So alright I should pay CloudFlare to block CloudFlare, that’s awesome :D

Since Always Online ignores robots.txt, the only viable solution is to block their user agent identified as “CloudFlare-AlwaysOnline/1.0”. Below is the ruleset I’m currently using to block unwanted user agents. The list contains a mix of SEO services and misbehaving bots.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^.*(blexbot|mj12bot|masscan|photon|semrushbot|ahrefsbot|orangebot|moreover|exabot|zeefscraper|smtbot|yacybot|xovibot|cloudflare-alwaysonline|haosouspider|kraken|steeler|cliqzbot|linkdexbot|megaindex|sogou|yeti|siteLockspider|telesphoreo).* [NC]
RewriteRule ^(.*)$ - [L,R=403]
</IfModule>

Fake Chrome apps published with Google as the developer name

I’m pretty much done with getting annoyed by all the spam and fake applications populating the Chrome Web Store. But still, once in a while you come across something special that is just too good to pass up.

There is no secret that copying an established brand makes it easier for scammers to trick their victims into installing fake apps. However, I’ve never seen them get away with (ab)using the Google brand. I guess nothing is sacred anymore as “Google” is now pushing their own AdBlocker(s) from the Chrome Web Store.

Fake Chrome apps
Block Google Ads with Google’s AdBlocker?

Say one thing for these scammers, say they really know how to pull of a heist. And in case you’re wondering, if you should happen to install the fake application you’ll be redirected to a page serving ads from Google AdSense. It’s a simple but effective plot and I’m guessing there is plenty of good money to be had as well.

How does it work? An introduction: Chrome Web Store – Your new one stop shop for malware and spam

In conclusion, here are three simple rules for using the Chrome Web Store

  1. Don’t trust the application name.
  2. Don’t trust the application logo.
  3. Don’t trust the developer name.

For the record, the apps in question are now gone from the store.