847

submitted 2 days ago by mod_pp@lemmy.world to c/programmer_humor@programming.dev

56 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] rollmagma@lemmy.world 20 points 2 days ago

What's this about?

[-] rtxn@lemmy.world 91 points 2 days ago* (last edited 1 day ago)

Anubis is a simple anti-scraper defense that weighs a web client's soul by giving it a tiny proof-of-work workload (some calculation that doesn't have an efficient solution, like cryptography) before letting it pass through to the actual website. The workload is insignificant for human users, but very taxing for high-volume scrapers. The calculations are done on the client's side using Javascript code.

(edit) For clarification: this works because the computation workload takes a relatively long time, not because it bogs down the CPU. Halting each request at the gate for only a few seconds adds up very quickly.

Recently, the FSF published an article that likened Anubis to malware because it's basically arbitrary code that the user has no choice but to execute:

[...] The problem is that Anubis makes the website send out a free JavaScript program that acts like malware. A website using Anubis will respond to a request for a webpage with a free JavaScript program and not the page that was requested. If you run the JavaScript program sent through Anubis, it will do some useless computations on random numbers and keep one CPU entirely busy. It could take less than a second or over a minute. When it is done, it sends the computation results back to the website. The website will verify that the useless computation was done by looking at the results and only then give access to the originally requested page.

Here's the article, and here's aussie linux man talking about it.

[-] Quill7513@slrpnk.net 67 points 2 days ago

fwiw Anubis is working on a more respectful update, this was their first pass solution for what was basically a break glass emergency. i understand FSF's concern, but Anubis is the only thing that's making a free and open internet remotely possible right now, and far better it that nightmare fuel like cloudflare

load more comments (40 replies)

[-] CanadaPlus@lemmy.sdf.org 10 points 1 day ago

Well, that's a typically abstract, to-the-letter take on the definition of software freedom from them. I think the practical necessity of doing something like this, especially for services like Invidious that are at risk, and the fact it's a harmless nonsense calculation really deserves an exception.

[-] joyjoy@lemmy.zip 11 points 2 days ago

aussie linux man

How did I know exactly who you were talking about before clicking the link?

[-] Sabata11792@ani.social 2 points 2 days ago

The outro song played in my head...

[-] InFerNo@lemmy.ml 5 points 1 day ago

But they can still scrape it, it just costs them computation?

[-] rtxn@lemmy.world 13 points 1 day ago* (last edited 1 day ago)

Correct. Anubis' goal is to decrease the web traffic that hits the server, not to prevent scraping altogether. I should also clarify that this works because it costs the scrapers time with each request, not because it bogs down the CPU.

[-] Xylight@lemdro.id 1 points 1 day ago

Why not then just make it a setTimeout or something so that it doesn't nuke the CPU of old devices?

[-] rtxn@lemmy.world 1 points 1 day ago

Crawlers don't have to follow conventions or specifications. If one has a setTimeout implementation that doesn't wait the specified amount of time and simply executes the callback immediately, it defeats the system. Proof-of-work is meant to ensure that it's impossible to get around the time factor because of computational inefficiency.

Anubis is an emergency solution against the flood of scrapers deployed by massive AI companies. Everybody wishes it wasn't necessary.