Like fuck off, to think I ever liked these guys.
the most infuriating part is how they decide anubis is bad (valid concerns, i do share some of them) but haven’t talked about any possible alternative, even a temporary one, they can use to avoid overworking their two sysadmins. anubis is specially useful for sites like that, where they had very little admin power. trying to use gnu sites lately is a pain because they are often not-operational, which is way more disrupting than having to wait a bit for whatever challenge they could have
the whole post reads like an useless rant without any proper aim. if they are so interested on the free internet, they could probably try and come up with some alternative but the way they talk makes me think they are just ignorant of the modern hostile internet and just want to magically return to the past where this didn’t happened without having to do any effort about it
A website using Anubis will respond to a request for a webpage with a free JavaScript program and not the page that was requested.
This is a legitimate critique though. Anubis requires the use of capital W Web Browsers (chromium, Firefox) in order to access the site. This effectively blocks users who A: dont want to run the computations of the JS program (which can’t be circumvented due to the server side computing done) and B: users using web browsers without or with limited JS functionality that wouldn’t meet the reqs of Anubis.
Anubis was created as an emergency stop valve on LLM scrapers, but I think having a solution which doesn’t require Anubis is also valuable as well.
Malware is a terrible choice of words. Anubis isnt malware. It may provoke questions about the state of the Web but there’s nothing malicious about protecting your digital infra when the vast majority of users browse with JS enabled and not doing so would take down your site or leave you with thousands of dollars in upkeep costs.
The FSF do give off the trot vibe and thank you for making that connection that I will never unsee. I think if they just posted what I wrote above they would get far less backlash.
The FSF do give off the trot vibe and thank you for making that connection that I will never unsee. I think if they just posted what I wrote above they would get far less backlash.
And probably less nonsense from me, I tend to get angry and irrational easily (partly because I’m passionate and care) and that leads to me overlooking some important parts.
This is a legitimate critique though. Anubis requires the use of capital W Web Browsers (chromium, Firefox) in order to access the site. This effectively blocks users who A: dont want to run the computations of the JS program (which can’t be circumvented due to the server side computing done) and B: users using web browsers without or with limited JS functionality that wouldn’t meet the reqs of Anubis.
And well yes, I do agree that Anubis basically only help to entrench the big browsers while cutting off people using for example Lynx. Now, I’m writing this after checking their changelog, and they have introduced a challenge that works without client side JS, so I guess we can disregard the concern of entrenching.
Anubis was created as an emergency stop valve on LLM scrapers, but I think having a solution which doesn’t require Anubis is also valuable as well.
And that’s what I understand it’s purpose to be, I don’t want it to be the end all be all. But it’s “good enough” as the dev themself put.
Malware is a terrible choice of words. Anubis isnt malware. It may provoke questions about the state of the Web but there’s nothing malicious about protecting your digital infra when the vast majority of users browse with JS enabled and not doing so would take down your site or leave you with thousands of dollars in upkeep costs.
That’s the biggest issue I have with the FSF, it’s all posturing with no substance. They should absolutely spearhead a project that would be an alternative for what Anubis is currently doing, or I don’t fucking know try and find one to support and endorse?? Their inability to compromise for a limited time is way too annoying.
The FSF is ideologically incapable of implementing bot management strategies because they value internet anonymity. Bot evasion strategies are literally just advanced ways of being anonymous. You can’t tell if a person is a bot or not without violating their anonymity or internet freedom.
Anubis is a modest compromise. It checks if you can run JavaScript and blocks those who can’t. It’s not perfect. It’ll block elinks/lynx users or a real person using curl. But it’ll also block any bot that doesn’t use a browser, which accounts for most of the volume.
The “cryptomining” and “malware” comparisons against Anubis or hyperbolic but sort of true. Proof of Work is the dumbest and most wasteful possible strategy to combat bots. It’s not the hashing that stops bots, its the check if they can run JavaScript that does.
Anubis has a new javascriptless metarefresh which uses HTML to refresh the page after a few seconds. This is a much better solution than the computational proof of work, in my opinion. This line from the docs though is perplexing:
This is not enabled by default while this method is tested and its false positive rate is ascertained. Many modern scrapers use headless Google Chrome, so this will have a much higher false positive rate.
The false positive rate will be the same as proof of work minus however many bots run headless browser with JavaScript disabled. Proof of Work doesn’t give you positives or negatives, it’s a flat tax.
It’ll block elinks/lynx users or a real person using curl. But it’ll also block any bot that doesn’t use a browser, which accounts for most of the volume.
nuh uh
Anubis has a new javascriptless metarefresh which uses HTML to refresh the page after a few seconds. This is a much better solution than the computational proof of work, in my opinion. This line from the docs though is perplexing:
yuh uh!
(I’m just fucking around now I’m too tired lol, it’s 10 pm. But it does work on lynx!!!)
Just want to reiterate, I understand the concerns with Anubis, it’s just that FSF makes me go
- The Anubis homepage uses the new meta-refresh strategy which should work on lynx since its doesn’t use JavaScript.
- I doubt you even saw an Anubis challenge. Anubis normally configured by User-Agent. IDK what lynx’s User-Agent is but I bet Anubis wasn’t configured to challenge it.
Can you elaborate a bit? The blog post is a tad overdramatic but doesn’t seem to have anything particularly bad in it.
TL;DR: Rant about the FSF as a whole and why they annoy me with their puritanism
The problem I have with the FSF is their stance on this “good enough” solution is, as always, that it cannot be accepted. Their “purity” is pointless as I don’t find it at all useful in furthering free software, while Anubis is doing actual work against mass scraping by AI companies, their choice is to outright disavow it because “it acts like malware”, and performing “useless computation”. And then they have the gall to beg for even more donations when the solution to their DDOS problems is right there. I hate them for being so ineffective at what they’re supposed to be doing. “The same calculations as cryptominers”, fuck off.
It’s so fucking annoying having to deal with their puritanism, especially after I tried their ways of running 100% free software as by their own guidelines! Genuinely I need to do more investigating on this part, but they really do seem like a Trotskyist org to me more and more and I’m glad I’m out of fanboying over them.
I mean, Anubis would do a pretty bad job in their case anyways, and their attitude kind of makes practical sense there. Almost all code fetching tools (from git to ftp to curl) don’t run any external code (and I think we can agree it would be a horrible idea to do so); as such, proof-of-work solutions like Anubis won’t work for code hosting (which is what the article is about).
But yeah I agree that in more human-oriented use-cases Anubis is great. Still, I can also see FSF’s point that it’s somewhat close to what an annoying proprietary system would do, even if I think it’s a good compromise given the circumstances of the modern web.
It’s so fucking annoying having to deal with their puritanism
You in particular don’t need to deal with them in any way at all. The code they host is free software and has plenty of other mirrors all over the web. If you want to contribute to any of the projects for which they are hosting upstreams you can almost always just send an email with your patch to authors directly. Save your anger for capitalists.
I mean, Anubis would do a pretty bad job in their case anyways, and their attitude kind of makes practical sense there. Almost all code fetching tools (from git to ftp to curl) don’t run any external code (and I think we can agree it would be a horrible idea to do so); as such, proof-of-work solutions like Anubis won’t work for code hosting (which is what the article is about).
I don’t really care about whether Anubis would make a good use case for them, the problem is that even if it did they wouldn’t have used it as stated in the post. I get angry and irrational easy when I see bullshit about things that I care about, and that tends to me overlooking actually important parts.
You in particular don’t need to deal with them in any way at all. The code they host is free software and has plenty of other mirrors all over the web. If you want to contribute to any of the projects for which they are hosting upstreams you can almost always just send an email with your patch to authors directly. Save your anger for capitalists.
I’ll keep interacting in a way that points out “hey maybe this isn’t the best course of action” because I will keep caring, even if I hate them. My hate must be pointed out, shown why it exists. Because even if I hate capitalism and capitalists, I hate ineffectual action even more.
It won’t work through patches, if the rot is fundamental. I’ll probably contribute to other projects, Libreboot is now more enticing after Leah cut away from their type of bullshit.
Sounds like they’d be fine with Anubis if it was opt-in instead of automatic. Their concerns are valid in that it runs an unwanted/non-consented payload and so fits a strict definition of malware. The browser is a user agent, so it should only do what the user wants it to do.
Like fuck off, to think I ever liked these guys
You might have liked them for the wrong reasons, this is the least surprising response they could have made lol. Either you share in their hard-line stance or you align with something lesser like open source. Copyleft is uncompromising by design.
Copyleft is uncompromising by design.
Copyleft and open source has nothing to do with this. This is just a blogpost of them of why they dont use Anubis and their concerns.
Copyleft and open source has nothing to do with this.
It informs exactly the type of response they’ve given. If you can’t understand why the authors of the GPL would respond like this that’s on you.
What is this supposed to mean? How does software licensing relate to this? Anubis is a free program.
what exactly is the issue here? the article is complaining about DDOS attacks from botnets and LLM scrapers, seems very reasonable to me
replied to another user with the same question, I just don’t like the FSF for it’s nonsensical puritatnism
you should point this out in the headline or in the post body then, my original impression was that you were saying they are calling others “bots” or something like that
