@phnt@fluffytail.org why so much hate towards anubis? I would have thought having some free software against scraping bots would be a good thing (?)
Record_2025-05-30-14-14-00.mp4
@phnt@fluffytail.org @waifu@mai.waifuism.life If the scraping bots remove the "I" from Mozilla, server operators can easily just block the unique user agent. Anubis isn't "a tool to stop bots", its a tool to verify connections pretending to be a browser are actual users.
And since we are already in this game of slightly changing UA. What if I change it to Moozilla, or Mozillla. How will you match against that now, without manually filtering Mozilla and every legitimate UA that connects to your server away. You simply won't, and if you will, you already aren't the quintessential Anubis deployer.
@phnt@fluffytail.org @waifu@mai.waifuism.life Read the post of mine again. Anubis isn't a catch-all bot filter, its to filter out connection pretending to be a browser. I know the "lmao I can bypass Anubis with this simple trick" is the peak of /g/ hacker mentality, but in the real world everyone already knew this. It is mentioned in the blog post where the guy talks about it.
Anubis exists solely to ensure connections that act like browsers to prove they are browsers. If a connection doesn't pretend its a browser, Anubis does nothing, as is the intended effect, because at that point if the connection misbehaves, you can just block that particular UA.
>Anubis isn't a catch-all bot filter
>2025-01-19 - Block AI scrapers with Anubis
>bypassed by slightly changing browser UA
>Anubis exists solely to ensure connections that act like browsers to prove they are browsers.
No, it exists to prevent scraping by "checking that a browser is valid". Which it does not do at all. It's trivial to change the UA in an instrumented browser.
@phnt@fluffytail.org @waifu@mai.waifuism.life You're having a really hard time reading my posts I guess. I'm sorry for you.
@phnt@fluffytail.org @waifu@mai.waifuism.life
There is no reason to prove a browser is "real" in the normal world.
Okay, keep believing that.you are trying to combat a bot attack
Correct. Sounds like there are reasons after all. Only took a whole sentence to figure that one out.your mitigation simply has no effect
It appears to have an effect, and not just for my personal cgit. It appears a lot of people are using it because they are seeing a (positive) effect in combatting LLM scrapers with it.it can be easily bypassed
It can, and that's ok. Because if you bypass it, you become a unique UA that I can just block with any regular UA block in HAProxy. Even if you automate "random" UAs, I can put in a pretty excessive UA blacklist with patterns if I so desire. The entire point is that a connection using a regular browser UA has to prove they are in fact a regular, legitimate browser, because blocking those isn't feasible, because you'd block nearly all legitimate traffic otherwise.Its not a hard concept I think. I don't know why I have to reiterate the same thing three times for you, but I truly hope this time it'll stick. If not, for the love of Stallman please just cancel your Internet subscription.
>Because if you bypass it, you become a unique UA that I can just block with any regular UA block in HAProxy
>Its not a hard concept I think. I don't know why I have to reiterate the same thing three times for you, but I truly hope this time it'll stick. If not, for the love of Stallman please just cancel your Internet subscription.
Keep living in your clown world.
Here, have a proper solution that got me 0.1 r/s of bot requests instead of 20 r/s on my git server, instead of your half-assed one.
alibabacloud-git-scraping.txt
huaweicloud-git-scraping.txt
google-usercontent-git-scraping.txt
@phnt@fluffytail.org @waifu@mai.waifuism.life Its cute that you only get 20rq/s and think that's the scale of "the real world".
As a sidenote, I'm already blocking entire ASs.
@p@fsebugoutzone.org @tyil@fedi.tyil.nl @phnt@fluffytail.org what if I want to only get connections from users and want zero bots reading my sites (that already use JavaScript) wouldn't using Anubis work for me?
@waifu@mai.waifuism.life @p@fsebugoutzone.org @tyil@fedi.tyil.nl @phnt@fluffytail.org Bots can access the site even with anubis, it just takes slightly more computational resources
@earslash@ebiverse.social @p@fsebugoutzone.org @tyil@fedi.tyil.nl @phnt@fluffytail.org I'm guessing that's enough to defer a few of them no? Why do people use it if it doesn't work for this specific purpose?
> Why do people use it if it doesn't work for this specific purpose?
You have been on this feddy verse longer than I have and the answer to this question is the same as the answer to the question of why so many instances continue to block Gab, which has not federated since 2019: retards cargo-cult shit.
@p Mastodon block-lists never get investigated or audited. If you get added to one you're there forever. And, they LARP about things like a "consensus model" for determining block validities---but, they all just blindly copy blocks over meaning that by de-facto they have an engineered "consensus" through unanimity. Mastodon + Mastodon users really are like AI/Borg or something. Their very existence is a Fediverse blight. @earslash @tyil @phnt @waifu
Pete thought (thinks) that Fediverse as a network can't survive a split where basically the Mastodon and the rest divide and are unable to talk to each other.
I think that we are already at that point, or very nearly it, and things continue to be more-or-less the same. What changed over the years is a decrease in shitposting and an increase in politics sperging from poast and alike. Something that Mastodon is already mostly known as.
What scares me more than Mastodon going its own way is GoToSocial and its obsession with privacy on a network solely based on trust. I learned from silverpill that they apparently already have some kind of reply restrictions that make you unable to reply (alá Xitter) and other non-sense like that. Combined with all the authenticity and proof of origin work that silverpill has been working on, I think that this can have a much bigger impact, if it ever gets implemented broadly.
Imagine a Fediverse, where your reply can get effectively deleted, because someone remote doesn't like it and can remove that reply from their representation of a replies Collection, meaning that other server wouldn't know about it unless they specifically federate with you. Now add a function to that, that makes your reply go away even on those servers, because they respect the other remote server. Or imagine a Fediverse where your press "Post" on a reply and you get "replies not allowed", or "your reply awaits approval" back from the remote server.
> Pete thought (thinks) that Fediverse as a network can't survive a split where basically the Mastodon and the rest divide and are unable to talk to each other.
Well, a split between *nodes* it can obviously survive. That remark was about a big split where the devs of various AP implementations can't cooperate with each other and start to deliberately diverge with the intention of making it harder to federate.
> I think that we are already at that point, or very nearly it, and things continue to be more-or-less the same.
Well, GTS still isn't popular.
> What scares me more than Mastodon going its own way is GoToSocial
Yeah, they're obsessed with trying to control information that has left their computers. Akkoma had this problem when it existed.
> they apparently already have some kind of reply restrictions that make you unable to reply
Yeah, this is accurate. I mean, you saw the fedilist blog post, right?
> Imagine a Fediverse, where your reply can get effectively deleted, because someone remote doesn't like it and can remove that reply their representation of a replies Collection, meaning that other server wouldn't know about it unless they specifically federate with you.
Hell is in sight.
+bonifartius 𒂼𒄄
@p @earslash @tyil @phnt @waifu @adiz
> Hell is in sight.
does depend on the people though? i don't think NAS or dobbs.town would flip the switch on this kind of functionality to "on". the people who do like this hugbox stuff already import the blocklists and defacto created their own part of fedi - if they want remote permission to post things it's just another way for them to kneecap themselves.
/GTS side. Maybe it will make more people using instances running on those aware of the madness. If I stop following like three people on the Pleroma side of Fedi, all the broken threads I see would go away. But those people also make interesting posts, so it's always a balance of I'm annoyed, but not enough.
>I kinda wonder how much of the Mastodon user-base went away with the popularity gain in BlueSky.
Not enough.
>I've always suggested that Mastodon should just abandon ActivityPub entirely
Misskey is planning doing that with a ProtoBuf protocol. At least as a secondary inter-Misskey protocol.
https://github.com/misskey-dev/xq
@adiz @phnt @earslash @tyil @p @waifu @bonifartius a lot of the people using bsky are people who hate mastodon because of the shit mastodon instances pull (which you never see around here) but also because of that and "problematic" people on this side of the internet, they want to be in the cool kids club.
If you're not on a instance that blocks, you can feel like Patrick Bateman in the business card scene, able to Link Up (tm) to all the techbros to get yourself a feature because you linked up to the right person and made something foss.
arstechnica.com/gadgets/2022/05/microsoft-open-sourced-the-code-for-1995s-3d-movie-maker-because-someone-asked/
Every time I saw a foone post, it was something weird that I could barely parse. First time I learned who foone was from, I kid you not, an NCommander stream.
@phnt @earslash @tyil @p @waifu @adiz @bonifartius foone is literally a typical "retro tech eceleb" (annoying, half the shits wrong) but formatted for Twitter retweets.
Which is the point about bsky I'm making too, the Twitter "cool kids" crowd moved there when they could no longer do the same shit they did back in the day with zero opposition.
> foone is literally a typical "retro tech eceleb" (annoying, half the shits wrong) but formatted for Twitter retweets.
I never paid attention to people like this on Twitter, I didn't know this was a known person. I see a bunch of weird shit, people babbling about computers. His account looked read-only/broadcast but I didn't realize it was crossposted to Twitter (Elon Editor) or Twitter (Rental Edition).
> the Twitter "cool kids" crowd moved there when they could no longer do the same shit they did back in the day with zero opposition.
That's the main benefit of busky.
meds.png
hunter_crack_detective.jpg
O NO I'M HUNTER BIDEN'S TOP GUY
crack_chad.png
cyberworld.png
Nice.
He started by doing LaTeX tutorials while embracing software minimalism when doing his Master's in linguistics running Arch, later Void Linux and then Artix. As time progressed he canceled his Internet connection at home and instead walked to campus if he needed Internet for something. He's best known for his ramblings about almost anything in woods. Later he moved to the middle of nowhere with a barely working Internet connection and that's where the Luke Smith Pipeline was born (embrace minimalism, get frustrated at modern computers, move to the middle of nowhere, make 5 videos and vanish from the Internet for a year). That was his "peak" kawntent and from there he periodically uploads a few videos and then vanishes for a year.
He has a Peertube instance at videos.lukesmith.xyz and an old podcast at notrelated.xyz.
My favorite quote is probably: "I'm way to stupid to use Ubuntu." When he was setting up something, refused to use Docker and Ubuntu didn't have new enough packages for something.
luke-smith-georgia-stones.jpg
luke-smith-proprietary-sink.mp4
> Luke Smith.
Okay, he's on fedi, right, I swear I have talked to that guy.
> My favorite quote is probably: "I'm way to stupid to use Ubuntu." When he was setting up something, refused to use Docker and Ubuntu didn't have new enough packages for something.
I feel like I could party with this guy.
>I feel like I could party with this guy.
Excuse the thumbnails
https://www.youtube.com/watch?v=2xMJKh0idYc
https://www.youtube.com/watch?v=JPXLpLwEQ_E
idk almost all social media creates some sort of feedback meta that can potentially be addictive or program you into a worse version of yourself.
Even on imageboards replies create feedback loops, that's why contrarianism is so prevalent (tho to be fair it's a better feedback loop then updoots because it can encourage creative and unorthodox thinking, while likes and favs and all that reward compliance and agreeableness)
> idk almost all social media creates some sort of feedback meta
There are people that do engagement-whoring and this is a thing that Twitter already has and it's awful. Nobody does that shit on IRC. Nobody does that shit when talking to their friends at a bar. I mean, sure, you tell a joke, you want your friends to laugh, but it's miles from there to "I am an empty vessel for the Content." You're not trying to game a system to get money and fame. People that *are* trying to game fedi to acquire money and influence should fuck off from fedi, I stand by that completely. #mutualgrids
@sendpaws@mitra.pawslut.party @adiz@mtl.jinxian.casa @phnt@fluffytail.org @tyil@fedi.tyil.nl @p@fsebugoutzone.org @waifu@mai.waifuism.life @bonifartius@qoto.org I hate this foone guy since back in his Twitter days
@earslash @phnt @bonifartius @tyil @waifu @p @adiz part of why I'm into PC98 stuff is it repels some of the worst people in that so called community I mean some are into it.......but they seem to have a melty about Japanese video games. Turns out being a ex-$10 forum poster rots your brain and makes you feel some type of way about them.
> i don't think NAS or dobbs.town would flip the switch on this kind of functionality
Or GLC. Those three are on the "Oh, shit, right, they're using *masto* for some reason" list.
> the people who do like this hugbox stuff already import the blocklists and defacto created their own part of fedi
And now they have another infighting method. It's going to be great.