Comedy Of Errors

A beautiful euphemism. We could apply it to all of the USA’s current admin and its activities.

I’m not sure I like that you think that distinction matters to ICE and the US’s current admin.

Why even a zip code?

That’s the minimum personal data Merrill has determined his company is legally required to keep about its customers for tax purposes.

A little personal peeve:

But to call such anonymous phones “burners” suggests that they’re for something illegal, shady, or at least subversive.

I mean I guess so, but primarily “burner” implies that it’s disposable. Which above project is not aiming to be. Prepaid anonymous SIM cards already exist.

Replace her in your mind with any rich person stealing 4 chickens worth of anything, with or without good reason…

The what now? Sorry, there’s been too many school shootings in between.

And that’s just what they’re willing to admit publicly a.k.a. the tip of the iceberg.

State internet regulator Roskomnadzor alleged in a statement that the service is being “used to organize and conduct terrorist activities on the territory of the country, to recruit perpetrators (and) commit fraud and other crimes against our citizens.” Apple did not respond to an emailed request for comment.

Lol, what could you possibly reply to that? “It’s bullshit.” OTOH, in the current political climate in the USA, they’re probably wise to just not say anything.

I wish I could say Darwinism will sort it out, but it will mow down the wrong people. Those pulling the strings will still get their vaccines (on the down low). Once again, fuck this timeline. But since we cannot switch it’s time to help Darwin out a little.

AMD marches “against Intel”? Is there some sort of confrontation going on between the 2? Or does this just mean AMD makes good processors and sells better?

They got what they paid for I guess.

Wait, did reddit make a deal with Google for data mining?

Again?

deleted by creator

If crowdsec works for you thats great but also its a corporate product

It’s also fully FLOSS with dozens of contributors (not to speak of the community-driven blocklists). If they make money with it, great.

not exactly a pure self hosted solution.

Why? I host it, I run it. It’s even in Debian Stable repos, but I choose their own more up-to-date ones.

Allow me to expand on the problem I was having. It wasnt just that I was getting a knock or two, its that I was getting 40 knocks every few seconds scraping every page and searching for a bunch that didnt exist that would allow exploit points in unsecured production vps systems.

• Again, a properly set up WAF will deal with this pronto
• You should not have exploit points in unsecured production systems, full stop.

On a computational level the constant network activity of bytes from webpage, zip files and images downloaded from scrapers pollutes traffic. Anubis stops this by trapping them in a landing page that transmits very little information from the server side.

• And instead you leave the computations to your clients. Which becomes a problem on slow hardware.
• Again, with a properly set up WAF there’s no “traffic pollution” or “downloading of zip files”.

Anubis uses a weighted priority which grades how legit a browser client is.

And apart from the user agent and a few other responses, all of which are easily spoofed, this means “do some javascript stuff on the local client” (there’s a link to an article here somewhere that explains this well) which will eat resources on the client’s machine, which becomes a real pita on e.g. smartphones.

Also, I use one of those less-than-legit, weird and non-regular browsers, and I am being punished by tools like this.

All the self hosters in my internet circle started adopting anubis so I wanted to try it. Anubis was relatively plug and play with prebuilt packages

edit: I feel like this part of OP’s argument needs to be pointed out, it explains so much:

All the self hosters in my internet circle started adopting anubis so I wanted to try it. Anubis was relatively plug and play with prebuilt packages

IMO this is largely Debian-specific: this distro seems to hold backward comaptibility in very high regard, so any problem is bound to have a multitude of solutions. In addition, the Debian Wiki is not as well maintained as you-know-whose.

I see nothing untoward here.

Except maybe that last sentence, what “s” are you talking about (fwiw, the man page that comes with an installed package should™ be the ultimate authority)?

At the time of commenting, this post is 8h old. I read all the top comments, many of them critical of Anubis.

I run a small website and don’t have problems with bots. Of course I know what a DDOS is - maybe that’s the only use case where something like Anubis would help, instead of the strictly server-side solution I deploy?

I use CrowdSec (it seems to work with caddy btw). It took a little setting up, but it does the job.
(I think it’s quite similar to fail2ban in what it does, plus community-updated blocklists)

Am I missing something here? Why wouldn’t that be enough? Why do I need to heckle my visitors?

Despite all that I still had a problem with bots knocking on my ports spamming my logs.

By the time Anubis gets to work, the knocking already happened so I don’t really understand this argument.

If the system is set up to reject a certain type of requests, these are microsecond transactions of no (DDOS exception) harm.

it’s mentioned in this article

Same when you try to deviate from the approved path of email providers or, dog forbid, even self-host email.

This is why I always switch off that “block potentially dangerous sites” setting in my browser - it means Google’s blacklists. This is how Google influences the web beyond its own products.

edit: it’s much more complex than simple blocklists with email