memes

21060 readers

2271 users here now

Community rules

1. Be civil

No trolling, bigotry or other insulting / annoying behaviour

2. No politics

This is non-politics community. For political memes please go to !politicalmemes@lemmy.world

3. No recent reposts

Check for reposts when posting a meme, you can only repost after 1 month

4. No bots

No bots without the express approval of the mods or the admins

5. No Spam/Ads/AI Slop

No advertisements or spam. This is an instance rule and the only way to live. We also consider AI slop to be spam in this community and is subject to removal.

A collection of some classic Lemmy memes for your enjoyment

Sister communities

!tenforward@lemmy.world : Star Trek memes, chat and shitposts
!lemmyshitpost@lemmy.world : Lemmy Shitposts, anything and everything goes.
!linuxmemes@lemmy.world : Linux themed memes
!comicstrips@lemmy.world : for those who love comic stories.

founded 2 years ago

MODERATORS

Tenthrow@lemmy.world

The_Picard_Maneuver@lemmy.world

The_Picard_Maneuver@startrek.website

569

Browsing ain't fun anymore (jlai.lu)

submitted 1 day ago by hylobates@jlai.lu to c/memes@lemmy.world

71 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] daniskarma@lemmy.dbzer0.com 6 points 12 hours ago (2 children)

I am skeptical about the real level of protection that Anubis really provides.

At the end is an automated test. Meaning that any machine could easily solve it.

Most "attackers" wont bother solving it because they don't really care. But if they would want they could. It's sort of protection by obscurity.

The more Anubis it's used the more we see attacks that actually equip a way to solve the challenges. Then is when Anubis up the challenge and the battle begin, between how much can Anubis up the challenge so normal users can still browse and how much cost the attacker is willing to eat.

Giving that these attackers tend to have high budgets I'm not that certain about its actual capabilities to reject a targeted ddos.

As for crawling for big data. I do think that it does nothing here. Companies willing yo scrape big amounts of data, for AI training or other purposes, have massive budgets and the electricity cost of solving the JavaScript challenges become nothing in comparison. They also doesn't need ro deny the service so they could spread the scrape to keep the challenge low reducing the cost even more.

Once again, positive results we currently see in practice I believe that are caused just because most scrappers and ddos attackers are just blindly attacking and doesn't really equip themselves for Anubis. Protection by obscurity. But a well equiped attacker I don't think it would have that much trouble getting past it, specially for scrapping, or other type of bot attacks that could be slowed down.

[–] eah@programming.dev 3 points 6 hours ago* (last edited 6 hours ago)

HN comment which makes your point but is better worded

[–] softwarist@programming.dev 10 points 11 hours ago (1 children)

You're right, although my understanding is that there are a lot of poorly implemented scrapers for AI services unintentionally DDoSing websites with requests, so Anubis is more of a mitigation against those.

[–] jj4211@lemmy.world 1 points 10 hours ago

Yeah, seems like the problem is that fundamentally it could work by upping the difficulty a smidge making it then meaningfully expensive, but the spread between slowest edge device and high end means it's impossible to chase that difficulty without screwing over low end device users..