Exactly my thoughts too. Lots of theory about why it won’t work, but not looking at the fact that if people use it, maybe it does work, and when it won’t work, they will stop using it.
Comment on Why are anime catgirls blocking my access to the Linux kernel?
rtxn@lemmy.world 23 hours ago
The current version of Anubis was made as a quick “good enough” solution to an emergency. The article is very enthusiastic about explaining why it shouldn’t work, but completely glosses over the fact that it has worked, at least to an extent where deploying it and maybe inconveniencing some users is preferable to having the entire web server choked out by a flood of scraper requests.
loudwhisper@infosec.pub 1 hour ago
poVoq@slrpnk.net 22 hours ago
And it was/is for sure the lesser evil compared to what most others did: put the site behind Cloudflare.
I feel people that complain about Anubis have never had their server overheat and shut down on a almost daily basis because of AI scrapers 🤦
daniskarma@lemmy.dbzer0.com 2 hours ago
I still think captchas are a better solution.
In order to surpass them they have to run AI inference which is also comes with compute costs. But for legitimate users you don’t run unauthorized intensive tasks on their hardware.
poVoq@slrpnk.net 14 minutes ago
They are much worse for accessibility, and also take longer to solve and are more distruptive for the majority of users.
daniskarma@lemmy.dbzer0.com 4 minutes ago
Anubis is worse for privacy. As you have to have JavaScript enabled. And worse for the environment as the cryptographic challenges with PoW are just a waste.
Also reCaptcha types are not really that disturbing most of the time.
As I said, the polite thing you just be giving users the options. Anubis PoW running directly just for entering a website is one of the most rudest piece of software I’ve seen lately. They should be more polite, and just give an option to the user, maybe the user could chose to solve a captcha or run Anubis PoW, or even just having Anubis but after a button the user could click.
I don’t think is good practice to run that type of software just for entering a website. If that tendency were to grow browsers would need to adapt and straight up block that behavior.
tofu@lemmy.nocturnal.garden 21 hours ago
Yeah, I’m just wondering what’s going to follow.
rtxn@lemmy.world 21 hours ago
The developer is working on upgrades and better tools. xeiaso.net/…/avoiding-becoming-peg-dependency/
grysbok@lemmy.sdf.org 17 hours ago
I’ll say the developer is also very responsive. They’re (ambiguous ‘they’, not sure of pronouns) active in a libraries-fighting-bots slack channel I’m on. Libraries have been hit hard by the bots: we have hoards of tasty archives and we don’t have money to throw resources at the problem.
tofu@lemmy.nocturnal.garden 20 hours ago
Cool, thanks for posting! Also the reasoning for the image is cool.
mobotsar@sh.itjust.works 16 hours ago
Is there a reason other than avoiding infrastructure centralization not to put a web server behind cloudflare?
poVoq@slrpnk.net 14 hours ago
Yes, because Cloudflare routinely blocks entire IP ranges and puts people into endless captcha loops. And it snoops on all traffic and collects a lot of metadata about all your site visitors. And if you let them terminate TLS they will even analyse the passwords that people use to log into the services you run. It’s basically a huge survelliance dragnet and probably a front for the NSA.
bjoern_tantau@swg-empire.de 15 hours ago
Cloudflare would need https keys so they could read all the content you worked so hard to encrypt. If I wanted to do bad shit I would apply at Cloudflare.
mobotsar@sh.itjust.works 15 hours ago
Maybe I’m misunderstanding what “behind cloudflare” means in this context, but I have a couple of my sites proxied through cloudflare to prevent scrapers, and they definitely don’t have my keys.
interdimensionalmeme@lemmy.ml 17 hours ago
Unless you have a dirty heatsink, no amount of hammering would make the server overheat
poVoq@slrpnk.net 17 hours ago
Are you explaining my own server to me? 🙄
interdimensionalmeme@lemmy.ml 17 hours ago
What CPU do you have made after 2004 that doesn’t have automatic temperature control ?
I don’t think there is any, unless you somehow managed to disable it ?
Even a raspberry pi without a heatsink won’t overheat to shutdown
AnUnusualRelic@lemmy.world 17 hours ago
The problem is that the purpose of Anubis was to make crawling more computationally expensive and that crawlers are apparently increasingly prepared to accept that additional cost. One option would be to pile some required cycles on top of what’s currently asked, but it’s a balancing act before it starts to really be an annoyance for the meat popsicle users.
rtxn@lemmy.world 14 hours ago
That’s why the developer is working on a better detection mechanism. xeiaso.net/…/avoiding-becoming-peg-dependency/
0_o7@lemmy.dbzer0.com 3 hours ago
This post was originally written for ycombinator “Hacker” News which is vehemently against people hacking things together for greater good, and more importantly for free.
It’s more of a corporate PR release site and if you aren’t known by the “community”, calling out solutions they can’t profit off of brings all the tech-bros to the yard for engagement.