It seemed to be up throughout the whole event but never contained an update.
Another option is good old email. I understand that people don’t want to get spammed but …
I’m not sure whether RSS is an option. That is, I don’t know whether it’s hosted off one of the servers that was being DDoSed.
I also had a look in reddit (venturing in amongst the haters). There were enquiries posted - so at least I knew that it was “not just me” - but no response from anyone from Purism.
My personal server was DDoSed a few weeks ago (yeah, completely pointless - I guess someone was bored) but that was only a few hundred IP addresses (specifically attacking the SMTP server). Interestingly, there seemed to be a preponderance of IP addresses that belong to mobile service providers i.e. most of them would be CGNAT IP addresses (so possibly a mobile device botnet).
actually i tried to post on librem one but was experiencing issues posting there as well (couldnt post to , sometimes it worked sometimes it didnt, post edits i found out arent yet supported by librem one’s matrix implementation, glad the forum is back!
one observation i have is that 10000 requests a minute should be manageable by the website without any IP blocking (imagine releasing a new product and 10,000 people accessing the site at the same time to buy it -sounds reasonable), simply expanding the server capacity to handle say 100000 requests a minute, wouldnt that also reduce risk of DoSA shutdowns (bot nets would need to be bigger to pull off the attack)?
To me this actually indicates the server was more than likely compromised compromised as the actual behavior of the website is not consistent with DOS / DDOS attack.
EDIT: I got a different theory now. Every thread about the Louis Rossman thing is gone. That’s not a coincidence and given how damaging his reporting was, far more so than my own back in 2019, I suspect Todd and crew either took this opportunity to wipe the thread off their forums or manufactured the opportunity so they could need to “restore from a backup” (which makes no sense as a DDOS likely wouldn’t require one to do that) and delete the offending thread(s) in the process.
EDIT 2: Ignore the previous edit… I’m an idiot. The rest still stands.
LOL coming from a guy working for a company that has actively been scamming nerds for years - that’s absolutely priceless.
Apologies for the half-baked theory my man. I’m a bit stoned and laughing my ass off at Purism’s problems. I love to watch bad things happen to Purism. It’s the least this dumpster fire of a company deserves after fucking over so many people with so many lies for so long.
Enjoy your upcoming future on the unemployment line
EDIT: Here’s some free advice. Before you reply, take a moment to realize whom you are replying to. I am not here to be convinced by the likes of you, a Purism employee. I have been calling out this scam with the help of ex-Purism employees since late 2019.
My RSS application displayed a red “x” on the forum comments feed the whole time, indicating that it couldn’t retrieve. The main site feed was operative, but of course there were no posts during that time.
I found out what was going on thanks to @linmob’s post here:
I had no idea how to find “matrix channels,” though.
You have already been silent on the Purism forums for two years, so your offer is not much of a bargain to begin with. If you seriously want to make a deal, you will need to build up some social credibility first.
They are actors that can become attackers silently, without anyone ever knowing. When you use them, you need to root your trust in them, because they break your end-to-end communication by sitting in the middle of it. We decided it’s important to not force our community to trust a large third party, even if it means we have to learn to protect our services ourselves.
curious is there server monitoring software that can be deployed without third party access- like machine AI type autonomous monitoring of traffic without any logging, that detects and alerts on these attacks in the early phases? that way mitigation could be more effective. Or is it just normal traffic after a minute non normal traffic so nothing that can be alerted on?
I haven’t heard or seen many (any?) bad things about Cloudflare in the past. But knowing how much of the internet relies on Cloudflare has always made me skeptical of it. I think once a business/entity/system hits a certain critical mass I am hard-wired to start distrusting it.
Also, can I add how uncool it is for people to DDOS a small business? There are so many more deserving targets.