@phnt@fluffytail.org @waifu@mai.waifuism.life Its cute that you only get 20rq/s and think that's the scale of "the real world".
As a sidenote, I'm already blocking entire ASs.
Notices by tyil (tyil@fedi.tyil.nl)
-
Embed this notice
tyil (tyil@fedi.tyil.nl)'s status on Saturday, 31-May-2025 18:08:15 JST tyil
-
Embed this notice
tyil (tyil@fedi.tyil.nl)'s status on Saturday, 31-May-2025 17:32:30 JST tyil
@phnt@fluffytail.org @waifu@mai.waifuism.life There is no reason to prove a browser is "real" in the normal world.Okay, keep believing that.you are trying to combat a bot attackCorrect. Sounds like there are reasons after all. Only took a whole sentence to figure that one out.your mitigation simply has no effectIt appears to have an effect, and not just for my personal cgit. It appears a lot of people are using it because they are seeing a (positive) effect in combatting LLM scrapers with it.it can be easily bypassedIt can, and that's ok. Because if you bypass it, you become a unique UA that I can just block with any regular UA block in HAProxy. Even if you automate "random" UAs, I can put in a pretty excessive UA blacklist with patterns if I so desire. The entire point is that a connection using a regular browser UA has to prove they are in fact a regular, legitimate browser, because blocking those isn't feasible, because you'd block nearly all legitimate traffic otherwise.
Its not a hard concept I think. I don't know why I have to reiterate the same thing three times for you, but I truly hope this time it'll stick. If not, for the love of Stallman please just cancel your Internet subscription. -
Embed this notice
tyil (tyil@fedi.tyil.nl)'s status on Saturday, 31-May-2025 17:19:30 JST tyil
@phnt@fluffytail.org @waifu@mai.waifuism.life You're having a really hard time reading my posts I guess. I'm sorry for you.
-
Embed this notice
tyil (tyil@fedi.tyil.nl)'s status on Saturday, 31-May-2025 17:08:37 JST tyil
@icedquinn@blob.cat @phnt@fluffytail.org @waifu@mai.waifuism.life don't actually serve degraded content to other user agents probablyDepends on what you mean, I do "serve degraded content" to other UAs in the sense that I block LLM scrapers that misbehave when I can. To reiterate, Anubis exists because LLM scrapers pretend to be a browser with a regular browser UA. If one were to block that, you'd block all legitimate browser users, so realistically its not an option.
If you pretend to be a regular browser, Anubis exists to verify this. If you don't pretend to be a regular browser, it does nothing.
How is this so hard to grasp. -
Embed this notice
tyil (tyil@fedi.tyil.nl)'s status on Saturday, 31-May-2025 17:04:22 JST tyil
@phnt@fluffytail.org @waifu@mai.waifuism.life Read the post of mine again. Anubis isn't a catch-all bot filter, its to filter out connection pretending to be a browser. I know the "lmao I can bypass Anubis with this simple trick" is the peak of /g/ hacker mentality, but in the real world everyone already knew this. It is mentioned in the blog post where the guy talks about it.
Anubis exists solely to ensure connections that act like browsers to prove they are browsers. If a connection doesn't pretend its a browser, Anubis does nothing, as is the intended effect, because at that point if the connection misbehaves, you can just block that particular UA. -
Embed this notice
tyil (tyil@fedi.tyil.nl)'s status on Saturday, 31-May-2025 16:52:35 JST tyil
@phnt@fluffytail.org @waifu@mai.waifuism.life If the scraping bots remove the "I" from Mozilla, server operators can easily just block the unique user agent. Anubis isn't "a tool to stop bots", its a tool to verify connections pretending to be a browser are actual users.
-
Embed this notice
tyil (tyil@fedi.tyil.nl)'s status on Thursday, 29-May-2025 18:23:36 JST tyil
@sysrq@lab.nyanide.com @pernia@schizophreniabunker.vip @theorytoe@ak.kyaruc.moe @nyanide@lab.nyanide.com If you don't test in production how do you know its gonna work in production?
-
Embed this notice
tyil (tyil@fedi.tyil.nl)'s status on Sunday, 25-May-2025 22:22:54 JST tyil
@p@fsebugoutzone.org G E K O L O N I Z E E R D
-
Embed this notice
tyil (tyil@fedi.tyil.nl)'s status on Friday, 23-May-2025 23:29:15 JST tyil
@Suiseiseki@freesoftwareextremist.com @Gina@fosstodon.org @linkwarden@freesoftwareextremist.com I will send an email to the maintainer asking them to explicitly pick either the -only or -or-later AGPL variant, and to use proper documentation to specify what the license applies to.
-
Embed this notice
tyil (tyil@fedi.tyil.nl)'s status on Friday, 23-May-2025 22:41:46 JST tyil
@Suiseiseki@freesoftwareextremist.com @Gina@fosstodon.org I don't see anything about being allowed to use a later version, so I'm guessing it's AGPLv3-only. Their license is (sadly) on GitHub: https://raw.githubusercontent.com/linkwarden/linkwarden/refs/heads/main/LICENSE.md
-
Embed this notice
tyil (tyil@fedi.tyil.nl)'s status on Friday, 23-May-2025 21:50:46 JST tyil
@Gina@fosstodon.org I didn't use #Pocket, but I've seen some recommendations from people on my timeline. So far the nicest one I've seen has been LinkWarden, which is AGPL-3.0 licensed. Since I didn't use Pocket I can't tell you how well it works as a replacement, though, but I hope it helps anyway!
-
Embed this notice
tyil (tyil@fedi.tyil.nl)'s status on Thursday, 22-May-2025 20:05:05 JST tyil
@phnt@fluffytail.org @Yoruka@eientei.org @lucy@netzsphaere.xyz @world@fluffytail.org It shouldn't be that hard to convert [the] codebaseiirc there have been several attempts already, and they all failed for one reason or another. So it would turn out it sadly is that hard to convert the codebase 😞Almost every time I emergeMy desktop is where I experiment and as a result it has quite a lot of bloat on it. Updates occasionally have over a 1000 packages to go through. I still cannot relate to your woes.
-
Embed this notice
tyil (tyil@fedi.tyil.nl)'s status on Thursday, 22-May-2025 20:05:03 JST tyil
@Yoruka@eientei.org @phnt@fluffytail.org @lucy@netzsphaere.xyz I start an update in the evening and its usually done by lunch the next day. The amount of packages generally doesn't impact it that much, though, the vast majority of the time is spent on chromium (last recompile of it took over 4 hours).
-
Embed this notice
tyil (tyil@fedi.tyil.nl)'s status on Thursday, 22-May-2025 20:04:59 JST tyil
@Yoruka@eientei.org @phnt@fluffytail.org @lucy@netzsphaere.xyz My desktop is in a separate room, but I like to use it during the day. It is mostly usable while compiling anyway, except when compiling chromium, which is also the worst thing to compile to begin with. And it always has updates, without exception. Its the worst experience, but I want to have several browser options available at all time. At least now I can say I "speak from experience" on how horrible Chromium is 😭
-
Embed this notice
tyil (tyil@fedi.tyil.nl)'s status on Thursday, 22-May-2025 20:04:56 JST tyil
@Yoruka@eientei.org @phnt@fluffytail.org @lucy@netzsphaere.xyz I don't think chromium has an LTS. At least not in Portage, all versions are always considered stable, and they don't keep many versions around in Portage to begin with. I do generally stick to the stable versions, only accepting ~arch if I have a need for it (which is rare).
-
Embed this notice
tyil (tyil@fedi.tyil.nl)'s status on Thursday, 22-May-2025 20:04:54 JST tyil
@Yoruka@eientei.org @phnt@fluffytail.org @lucy@netzsphaere.xyz @world@eientei.org Yeah, I can exclude it, but I mean if the compilation runs when I'm not using the machine anyway, it doesn't matter much. Its not a problem that needs fixing for me, I know the setup is not maximized for efficiency, and it doesn't have to be.
-
Embed this notice
tyil (tyil@fedi.tyil.nl)'s status on Thursday, 22-May-2025 20:04:50 JST tyil
@Yoruka@eientei.org @phnt@fluffytail.org @lucy@netzsphaere.xyz Surely you have a VPN connection to the machine in question and can just start it remotely!
-
Embed this notice
tyil (tyil@fedi.tyil.nl)'s status on Thursday, 22-May-2025 20:04:47 JST tyil
@Yoruka@eientei.org @phnt@fluffytail.org @lucy@netzsphaere.xyz Real men run an httpd that just allows a GET request to run a command as root. curl http://home.address/emerge%20-uDN%20@world.
-
Embed this notice
tyil (tyil@fedi.tyil.nl)'s status on Thursday, 22-May-2025 00:57:33 JST tyil
@Suiseiseki@freesoftwareextremist.com @vnpower@mstdn.maud.io I am dubious of that claim.You are free to be dubious, but you are also wrong. While I don't like that browser, it is free software and therefore I have no moral issues with it.Idk, works on other machines.Clearly it does not work on other machines, hence Anubis is used so much. In this thread alone, the majority uses it to bar LLM scrapers from disrupting their services.
-
Embed this notice
tyil (tyil@fedi.tyil.nl)'s status on Thursday, 22-May-2025 00:31:54 JST tyil
@Suiseiseki@freesoftwareextremist.com @vnpower@mstdn.maud.io Only proprietary browsers use thoseObjectively false. Ungoogled chromium for instance uses it, and that is a free as in freedom browser.Another effective mitigation is to run a tor middleI am running a Tor relay already. It is not effective in the least.just make sure your cgit is also reachable via IPv6It already is.