Anubis provides protection against bots scraping websites and DDoSing projects.
This blog post is about Xe’s reasoning for originally only providing docker packages and their work to provide native packages.
I have detected bloat, you YAML merchant you! Reject complexity! Return to native packages!
Lmao
There must be a tool that allows you to build packages for multiple systems in multiple formats (deb, rpm, nix, flatpak, snap, etc.). Does that not exist? After 20 years of these systems existing, somebody must’ve tried…
Also, it’s clear that once again, open source needs some kind of funding model, because it’s a little crazy that a project like this can get so popular so fast, the dev flooded with praise, thanks, and issues but not money to maintain and develop it.
a tool that allows you to build packages for multiple systems in multiple formats (deb, rpm, nix, flatpak, snap, etc.).
Given flatpaks and snaps are toxic, the other ones - deb, rpm, pkg - can be packaged relatively easily. It’s all a separate effort with files and meta-info that doesn’t often intersect, but it’s manageable. It lends itself incredibly well to the trivial ‘automation’ that gitlab, forgejo and other major git suites provide.
Source: did this for the entirety I built and maintained a software suite for linux and unix,m for like 15 years. I built some code, I packaged it. Because anything less isn’t really ISO27002.
TL;DR - the ‘tool’ is a simple script and your brain. It’s easy work once you overcome the fear of the unknown and start doing it.
Long time ago I’ve tried making a makefile which packages as tarball, deb, rpm and appimage.
It’s just a goofy attempt.makefile which packages as tarball, deb, rpm and appimage.
Packaging an RPM in a makefile? That’s inside-out.
Suse’s open build system does this. It’s just very enterprisy to me, so I haven’t really used it myself
Problem is that distro1 has req-lib2.5.3 while distro2 has req-lib2.7.8, but your project was developed on distro3 with req-lib2.9.5 so you have to deal with every distro having different lib versions and compatibility issues that come with it, not just different packaging formats.
And different names too. Debian and Fedora have different packages names, so req-lib on debian becomes req-devel on Fedora.
And since Arch is rolling release it’s python-lib, not python3-lib. :)
Anubis without JavaScript is what I’m waiting for. I know that the Darknet forum Dread has a PoW system that doesn’t use JS (or maybe it does something else entirely and I completely missed it)
How would that work? And how easy would it be to circumvent? Anubis probably forces spinning up a browser or something that supports a JS runtime (again probably a browser), so it’s not as easily scriptable as just callling an HTTP endpoint. I’m curious how you would implement a system without JS.
Honestly I have no idea how PoW works at all. I’m just happy to see the innovation in this space. With that said, people have raised the idea of using TOR’s PoW mechanism, or in my case, Dread’s PoW. I believe both of them work without JavaScript
I would then encourage you to look up how those work and what proof of work actually is. Proof of work requires some work to be done by the client. If you want regular people to browse the internet normally and “do work”, that means JavaScript, otherwise it requires them to install an extra binary like TOR or something, which would lock out most of real users. I imagine that’s not the goal of site operators.
Maybe the solution is for browsers to include POW functionality natively.
We see dumb shit like “you need to enable DRM yadayada.” We could have a similar thing for “you need to enable POW.”
It might be pretty difficult to implement the work part of proof of work without JS in a practical way. Of the three languages available on the web, HTML, CSS & JS (+ WebAssembly, which requires a bit of JS IIRC & would probably not be available) JS is the only one that allows you to perform the work in a sane way. (It might be possible to use CSS magic with remote resources, but that has its own problems if it’s even possible.)
It would be possible to use a dedicated program or another website to perform the work, but it would be far from seamless to users.
I don’t know how PoW works but do you think that TOR and Dread’s PoW can be reused?
In proof of work, the client performs (relatively) slow & expensive calculations to prove that it’s not spam. If you tried to make too many connections, the work would add up, preventing you from affecting the availability of the service.
For PoW to work, the server needs to generate a challenge, then the client needs to solve it and return the answer. JavaScript can do this without any input from the user.
For JavaScriptless PoW, you need to find a way to perform those slow calculations without access to a programming language.
Like I said in my previous comment, solving the challenge can happen outside of the page, after which the user could paste the answer to a normal HTML form, for example. This allows PoW to work without JS, but requires user interaction & eternal tools.
I don’t know about Dread, but Tor has built-in PoW now. Since Tor runs outside of the document/tab, unlike JS, it can do a lot more. Tor’s PoW happens invisibly between the network request & response, making it unobtrusive & bypassing JS entirely.
Oh god, is that that software with the annoying/creepy nekogirl?
Why can’t devs be normal.
Ykw you’ve convinced me. I’m adding anime girls to my software rn. I wasn’t a huge fan but after seeing your comment, I just really saw the light.
Think of the amount of morons I can throw into a rage over a cartoon girl…
If you use Anubis for free, he asks that you keep the girl on for marketing purposes.
If you pay / support the project, you can remove it.
Honestly, it’s a good way to encourage people to pay up because some people absolutely hate it.
As much as I’m against the takeover of minimalism in logo design, something a bit more subdued would make people more likely to use the free version. The anime girl vibe may not be the one for every website.
Maybe Xe has little interest in people using the free version, which is fine, but they still haven’t nailed down the pricing. You contact them and set up a meeting to discuss the price. That may change as soon as they gain some traction though, so we’ll see.
Yeah. I don’t support making software worse just to pressure people into paying for it.
Maybe if I was the one making money off of it, sure. But I’m just a user so it doesn’t make sense for me to go to bat for the businessman.
It’s also really creepy and borderline pedophilic.
Do you just assume that any cartoon character is underaged? There’s literally no indication that that character is in any way underaged whatsoever, it appears to be a standard chibi-style depiction of a generic adult.
I think you may need to consult a therapist or other mental health professional if literally every depiction of a cartoon character in a Chibi art style causes you to see pedophilia
The fuck? There is nothing sexual about the character at all. Calling it pedophilic says a whole lot more about you than the software.
Ew. Get away from me.
You’re a fucking weirdo
I may be missing some context here. How is it creepy to have a child as the mascot of your software? I just checked the Anubis website and didn’t see any sexualization.
I don’t even see a child character? I feel like I’m missing something here but I went and checked the ffmpeg documentation because they are using Anubis and it appears to just be a generic chibi Style character that looks to be maybe early twenties style adult.
It’s not making it worse. They like anime, so they have an anime girl as the mascot; a very tame one too.
But some people freak out about it.
