Every dipshit with a freshly minted MBA thinks they’re going to go and disrupt the appliance industry by putting it online and snatching it out from under all those antiquated local dealerships run by out of touch old men who can barely operate a computer. They think they’re going to go from zero to nationwide tomorrow, and they’re so smart because nobody’s thought of it before.

It turns out that dealing with the final mile with appliances is killer, and extremely difficult logistically. That makes the entire operation much more expensive than anyone thinks at first glance. Not just in terms of raw dollars and cents paid to disinterested common carriers to move your product from A to B (who also won’t install the stuff or even bring it inside your customer’s house) but also in damaged and returned products and angry screaming customers who will be initiating credit card chargebacks all the time whenever anything goes wrong.

All of those little local dealerships have had decades to figure out how to move a refrigerator from their warehouse to your kitchen and how to remediate the situation if it all goes pear shaped on delivery day, and all of them only service their local territory for a reason. The further you stretch without some physical presence in where you’re stretching to, the more impossible it becomes to control the logistics.

So yeah, that’s probably in no small part why your fridge would have been so expensive. Amazon is among the latest figuring this out the hard way, and you can’t just slap a refrigerator or a stove in a bubble mailer and dump it on somebody’s front porch.

Equip a sensor that figures out how much ethylene is in the air inside the fridge?

Or just open the door every once in a while and look…

And the ultimate outcome of that was, at one point Google enacted some kind of API change which necessitated Samsung to push out an update to remain compatible, otherwise all of your Google enabled features such as the calendar syncing, email, etc. would stop working. Samsung claimed to be developing a patch for this, and ultimately pushed out an update to… only some of their models. For the others, their response was literally just, “We recommend you buy a newer refrigerator.”

Yes, this actually happened.

But since that was going on for ten years ago now, information about it on the Internet is a trifle difficult to find because the search results have largely been overshadowed by Samsung’s more recent smart fridge fuckup. Grand.

Never buy a Samsung appliance.

…To the manufacturer. The retailer’s not going to take it back, and even if you did manage to bully them into taking it somehow that’s still allowing the retailer to shield the manufacturer (i.e. Samsung) from the consequences of their actions. And consequences are what Samsung needs to see over this.

In my case the pattern appears to be some manner of DDoS botnet, probably not an AI scraper. The request origins are way too widespread and none of them resolve down to anything that’s obviously datacenters or any sort of commercial enterprise. It seems to be a horde of devices in consumer IP ranges that have probably be compromised by some malware package or another, and whoever is controlling it directed it at our site for some reason. It’s possible that some bad actor is using a similar malware/bot farm arrangement to scrape for AI training, but I’d doubt it. It doesn’t fit the pattern from that sort of thing from what I’ve seen.

Anyway, my script’s been playing automated whack-a-mole with their addresses and steadily filtering them all out, and I geoblocked the countries where the largest numbers of offenders were. (“This is a bad practice!” I hear the hue and cry from specific strains of bearded louts on the Internet. That says maybe, but I don’t ship to Brazil or Singapore or India, so I don’t particularly care. If someone insists on connecting through a VPN from one of those regions for some reason, that’s their own lookout.)

They seem to have more or less run out of compromised devices to throw at our server, so now I only see one such request every few minutes rather than hundreds per second. I shudder to think how long my firewall’s block list is by now.

I have and there’s nothing noteworthy, other than tons of other retailers selling the same thing of course.

It doesn’t quite work that way, since the URL is also the model number/SKU which comes from the manufacturer. I suppose I could write an alias for just that product but it would become rather confusing.

What I did experiment with was temporarily deleting the product altogether for a day or two. (We barely ever sell it. Maybe 1 or 2 units of it a year. This is no great loss in the name of science.) This causes our page to return a 404 when you try to request it. The bots blithely ignored this, and continued attempting to hammer that nonexistent page all the same. Puzzling.

Maybe, but I also carry literally hundreds of other products from that same brand including several that are basically identical with trivial differences, and they’re only picking on that one particular SKU.

Negative. Our solution is completely home grown. All artisinal-like, from scratch. I can’t imagine I reveal anything anyone would care about much except product specs, and our inventory and pricing really doesn’t change very frequently.

Even so, you think someone bothering to run a botnet to hound our site would distribute page loads across all of our products, right? Not just one. It’s nonsensical.

I run an ecommerce site and lately they’ve latched onto one very specific product with attempts to hammer its page and any of those branching from it for no readily identifiable reason, at the rate of several hundred times every second. I found out pretty quickly, because suddenly our view stats for that page in particular rocketed into the millions.

I had to insert a little script to IP ban these fuckers, which kicks in if I see a malformed user agent string or if you try to hit this page specifically more than 100 times. Through this I discovered that the requests are coming from hundreds of thousands of individual random IP addresses, many of which are located in Singapore, Brazil, and India, and mostly resolve down into those owned by local ISPs and cell phone carriers.

Of course they ignore your robots.txt as well. This smells like some kind of botnet thing to me.

I write really long posts and I’ve said “delve” exactly four times in my Lemmy career. I know this because I just checked.

I’m like 99.8%, maybe 99.9% certain I’m not an AI.

Another in a long line of messing with user interface things on updates, without any prior warning to the user. And if you even get a changelog at all on the update prompt it’s always just vague bullshit like, “Bug fixes and usability improvements,” without explaining what those “improvements” are supposed to be.

In unrelated news, the last major update on my Moto G changed the incoming call screen from swipe up to answer, swipe down to reject to swipe left to answer, swipe right to reject. What is this, fucking Tinder now? And don’t come at me about the “gesture” setting in the dialer app options, either. Yes, I am aware of it. The only options listed there are now “horizontal swipe” and “single tap to answer.” Why any rational individual would want to inflict the hell that is the latter option on themselves is unknown to me.

This kind of horseshit is why boomers and old people are terrified of updates and drive us IT nerds up the wall by perpetually ignoring and dismissing them. Because when you change the user interface choices people are used to behind their backs and without warning, as far as they’re concerned you just broke their device.

Cut it out.

For a web store you probably only need Javascript for payment processing. Insofar as I’ve seen pretty much all of the widgets provided by the card processors outright require Javascript (and most of them are also exceedingly janky, regardless of what they look like on the outside to the user).

You definitely don’t need Javascript just for a shopping cart, though. That can all be done server side.

I’m sure they know damn well, they’re just doing a limp wristed job of trying to shift the blame towards the latter.

That decent percent is in fact roughly 60%, in my industry. At least according to what my vendor reps tell me.

Only 4 in 10 people even bother to attempt to do their rebates. The manufacturers love that, because it allows them to put a giant "$2000 OFF!!! ^{viamailinrebate}" on their marketing literature and that gets eyeballs on the ad and feet in the door, but they know damn well they won’t actually have to pay out on the majority of those promos and in fact they don’t even budget with the expectation that they will.

Amazon stuff sometimes arrives. For instance, it’s going on 7 months by now I think and they still haven’t found my camera.

This is the sad reality of every company everywhere trying to turn their delivery operation into a “gig” position. Amazon does it, too. Their delivery contractors-who-are-totally-not-employees steal valuable items from deliveries all the time.

Anyway, you are certain to win your chargeback. Banks side with their cardholders more often than not, and Best Buy is going to have to provide proof positive that you received your item. “We handed it off to Doordash and then washed our hands of it” is not going to cut the mustard, there.

(We have to deal with chargebacks in my business, too. Defending ourselves is a pain in the ass because we have to provide indisputable documentation that the client’s order was fulfilled. The issuing bank always starts from the default position of their cardholder being a saint and all retail businesses automatically being scammers. A small subset of people will fraudulently dispute a charge for a big ticket purchase just because they feel this is a way to weasel out of paying for it, and usually they’ve been emboldened by the fact that they’ve tried it before and gotten away with it.)

Heyoo!

I personally do not trust ISP provided routers to be secure and up to date, nor free of purposefully built in back doors for either tech support or surveillance purposes (or both). You can expect patches and updates on those somewhere on the timescale between late and never.

Therefore I always put those straight into bridge mode and serve my network with my own router, which I can trust and control. Bad actors (or David from the ISP help desk) may be able to have their way with my ISP router, but all that will let them do is talk to my own router, which will then summarily invite them to fuck off.

Likewise, I would not be keen on using an ISP provided router’s inbuilt VPN capability, which is probably limited to plain old PTPP – it has been on all of the examples I’ve touched so far – and thus should not be treated as secure.

You can configure an OpenWRT based router to act as an L2TP/IPSec gateway to provide VPN access on your network without the need for any additional hardware. It’s kind of a faff at the moment and requires manually installing packages and editing config files, but it can be done.

We’ll just have to observe him carefully and see if he’s able to complete a left turn without assistance. That’ll tell us for sure.

Oh, I’m sure they do. And charge eight times more than what they’re worth.