Wait there’s a jitsi plugin?

Element on Matrix is the only one I’m aware of - but it’s not the easiest to set up. I would try creating an account on matrix.org’s server just temporarily to try it out and see if it fits what you’re looking for. I like the decentralized nature of it, but the support is very piecemeal, and onboarding people essentially needs a class.

Idk if I’d say nosedived. It dipped for sure, but it hasn’t cratered. It’s not a GoT season 8, that was a nosedive

Yeah that’s where it turned from story to joke for me

Damn this is insane. Using claude/cursor for work is near, but they have a mode literally called “yolo mode” which is this. Agents allowed to run whatever code they like, which is insane. I allow it to do basic things, you can search the repo and read code files, but goddamn allowing it to do whatever it wants? Hard no

Holy setup batman. Was thinking it was going to be another container I spin up, but it’s enabling kernel modules, needs IOMMU, needs a ton of setup and then it looks like you still have to compile it? For now at least that’s above my needs

but the vast majority of crawlers don’t care to do that. That’s a very specific implementation for this one problem. I actually did work at a big scraping farm, and if they encounter something like this,they just give up. It’s not worth it to them. That’s where the “worthiness” check is, you didn’t bother to do anything to gain access.

That’s counting on one machine using the same cookie session continuously, or they code up a way to share the tokens across machines. That’s now how the bot farms work

I was a single server with only me and 2 others or so, and then saw that I had thousands of requests per minutes at times! Absolutely nuts! My cloud bill was way higher. Adding anubis and it dropped down to just our requests, and bills dropped too. Very very strong proponent now.

This dance to get access is just a minor annoyance for me, but I question how it proves I’m not a bot. These steps can be trivially and cheaply automated.

I don’t think the author understands the point of Anubis. The point isn’t to block bots completely from your site, bots can still get in. The point is to put up a problem at the door to the site. This problem, as the author states, is relatively trivial for the average device to solve, it’s meant to be solved by a phone or any consumer device.

The actual protection mechanism is scale, the scale of this solving solution is costly. Bot farms aren’t one single host or machine, they’re thousands, tens of thousands of VMs running in clusters constantly trying to scrape sites. So to them, a calculating something that trivial is simple once, very very costly at scale. Say calculating the hash once takes about 5 seconds. Easy for a phone. Let’s say that’s 1000 scrapes of your site, that’s now 5000 seconds to scrape, roughly an hour and a half. Now we’re talking about real dollars and cents lost. Scraping does have a cost, and having worked at a company that does professionally scrape content they know this. Most companies will back off after trying to load a page that takes too long, or is too intensive - and that is why we see the dropoff in bot attacks. It’s that it’s not worth it for them to scrape the site anymore.

So for Anubis they’re “judging your value” by saying “Are you willing to put your money where your mouth is to access this site?” For consumer it’s a fraction of a fraction of a penny in electricity spent for that one page load, barely noticeable. For large bot farms it’s real dollars wasted on my little lemmy instance/blog, and thankfully they’ve stopped caring.

Check out Anubis. If you have a reverse proxy it is very easy to add, and for the bots stopped spamming after I added it to mine

Oh, oh no no no it wasn’t

The reason he wants it is he doesn’t want secrets to setup auth

Yes I’d like auth without the auth please

This looks great! Thank you for the recommendation!

above my paygrade that last question. As for the first, we did automatically pull it out of the email, but it was sent to us manually

Rules I’ve learned from software engineering for almost 2 decades.

• Never roll your own ORM
• Never roll your own Auth

No matter what you think, someone else did it better. Trying to do either of those outside of a hobby environment is pure hubris. “But I can do it better” - no you fucking can’t. I have wasted much much more time debugging shitty “home grown” ORM solutions that clearly some dev just was bored and did than I have spent figuring out the quirks of whatever one I’m using. Same goes for auth. Just learn it.

I worked for a mid-sized government entity where we handled PII data. Underneath us were local municipalities who were in charge of sending us that PII so that it could be registered at our level. For PII think licenses, IDs, sensitive stuff for sure.

Most of the municipalities were easy to work with, they did an SFTP drop or used a VPN or something.

A couple though were rural. Very rural, and didn’t have IT departments. They had Martha who works the counter from 1-4pm. Those places were… horrid. We had a special email where they would email us whatever formats they had. Unencrypted, completely open, we couldn’t do anything about it because it was their data and their rules, it was our job to simply accept what they had. We could of course make serious suggestions, point out how horrid this was, but at the end of the day it was their decision. So we had a job to log into an email account every day, check for an email from Martha’s hotmail account, and parse the excel file she used to read out private IDs and license numbers which she manually typed into it.

This was 20 years ago now so dear god I hope their laws improved.

Interesting, had no idea!

My mind went to this one

Once there people will view moving as a hassle, but I understand what you’re thinking. Mastodon I think did it better with “suggesting” an instance to you, and Lemmy has gotten better about it. For friends and family I think the best way is basically telling them which server to use. Go here, sign up