@@ -23,19 +23,21 @@ I had to stop myself from giving this article it's previous working title:
This is the follow up I promised to write, when I omitted the longer complaint I
had about [Anubis](https://anubis.techaro.lol/) from my last post [about
consent]({{< ref consent-is-required.md >}}). Seeing people use Anubis makes me
angry! But you should in no way take as a critique against Anubis itself. If I
wanted to be shallow, there's plenty of cheap shots I could take against it's
feel sad! But you should in no way take as a critique against Anubis itself. If
I wanted to be shallow, there's plenty of cheap shots I could take against it's
[source code](https://github.com/TecharoHQ/anubis) I could only do so because
I'm still able to find humor in being a troll, the pedant in my dictates that I
claim it has some flaws, but there's nothing egregiously wrong with it. It's
good (enough) code! I'm even happen to double down, and I'm happy to link to
their blog which you can find....
I'm still able to find humor in being a troll, the pedant in me dictates that I
claim the code has some issue, but there's nothing egregiously wrong with it.
It's good (enough) code! I'm even happen to double down, and I'm happy to link
to the creator, and to their blog which you can find....
... oh, sorry, nevermind I can't reach their blog anymore. That's a shame I have
to admit that I didn't always agree with all of their takes[^never] but I've yet
to admit that I didn't always agree with all of their takes[^never], but I've yet
to come across anything that's been flat out wrong. I've happily linked their
blog to others, and if it was still up, I'd still link to it.
blog to others, and if it was still up, I'd still link to it. They've published
a number of articles that were better than what I wanted to write.
[^never]: I never do, for anyone, but such is the life of a pedant!
@@ -45,12 +47,17 @@ Oh, I know, surely the internet archive has it!
Fuck!
Well, I guess the internet just got a lot worse. The worst part; it's made
this way by people who purport to care about an open internet. I almost decided
not to include the source for the original title. But I eventually broke down,
Well, I guess the internet just got a lot worse. The worst part; it's made this
way by people who purport to care about an open internet. I almost decided not
to include the source for the original title. But I eventually broke down,
because... well I haven't completely figured that out yet, but I feel I need to
explain exactly why this proof of work captcha feels like the right solution to
so many people, and then hopefully why you should still shun it.
so many people, and then hopefully convince you why you should still shun
it[^shun].
[^shun]: Not the project, I'm glad it exists, and I'm hopeful I'll find a use
for it. Or at the very least, learn from it's implementation. It's just not
the solution to crawlers/bots for most cases.
I don't object to the idea, nor the concept of proof of work captcha. I've
advocated for trying it a number of times at `$OLD_JOB`, but was never invested
@@ -64,10 +71,16 @@ that!
I know exactly why, Xi is doing it, it's their new toy[^cool]. But I also know
why SourceHut is doing it, and it's not because it's the best solution. It's
because the owner of sourcehut is angry, and he's taking it out on the users.
because the owner of sourcehut is angry, and he's again, taking out his anger on
other people, in this case the users of SourceHut[^support].
[^cool]: and it **is** a cool toy!
[^support]: I've been unable to help someone asking for help with code a number
of times because I can't, [wont?] load pages from git.sr.ht when they've
linked to their source code hosted on sr.ht. Some have been happy to push to
codeberg, others I simply couldn't answer their question.
> If you personally work on developing LLMs et al, know this: I will never work
> with you again, and I will remember which side you picked when the bubble
> bursts.
@@ -75,9 +88,10 @@ because the owner of sourcehut is angry, and he's taking it out on the users.
*sigh*
> I miss the old Drew.
-- *e0ff*
That's a quote from a friend, I remember it, because a few weeks before that I
said literally, the exact same thing to a completely different friend. I said
That's a quote from a friend, I remember it, because a few weeks before that, I
said literally, the exact same thing, to a completely different friend. I said
about a year ago, and I said it again this past month. The new drew is more
interested in punishing people than build cool stuff that improves the world,
and watching that change has been very disheartening. I miss the sircmpwn that
@@ -103,31 +117,73 @@ unlikely, and doesn't match the traffic I've seen.
[^go]: [ SourceHut will (not) blacklist the Go module
mirror](https://sourcehut.org/blog/2023-01-09-gomodulemirror/)
### The solution I'm using on srctree[^joke]
### The solution on srctree[^joke]
[^joke]: There was a joke there, but I had to change it because I'm afraid of the C++
committee.
Ban them. No, seriously. If you notice abuse from a given ASN, ban the subnet.
[I've published my rules](https://github.com/GrayHatter/rules/)[^update] Some
note worthy entries, just tonight I banned the FB ASN, I'm sure that'll cause
some problems in the future, but that's future me's responsibility. As I
mentioned previously, I'm sure I'm gonna ban Alibaba's subnet next. Hetnzer is
persona non grata, GCP almost got the same treatment, but I filed an abuse
report, and it stopped[^shocked].
Ban them. No, seriously. Shoot the messenger! If you notice abuse from a given
ASN, ban the subnet. [I've published my
rules](https://github.com/GrayHatter/rules/)[^update] Some note worthy entries,
just tonight I banned the FB ASN[^fbasn], I'm sure that'll cause some problems
in the future, but that's future me's responsibility. As I mentioned previously,
I'm sure I'm gonna ban Alibaba's subnet next. Hetnzer is currently persona non
grata[^hetznerasn], GCP almost got the same treatment, but I filed an abuse
report, and it stopped[^shocked].
[^update]: I totally promise to update it soon... promise!
[^shocked]: I know, I didn't expect it to work either. But the timing seemed to
match well.
That's it, it takes banning a new ASN every other week. But the problem is
manageable. Without forcing readers to complete a POW.
That's it, it takes banning a new ASN every other week[^prove]. But the problem
is manageable. Without forcing browsers to complete a POW, or trust your
scripts. The problem is that the http traffic across the internet has suddenly
become a lot less human. The solution to hostile traffic isn't to make browsers
prove they're browsers. The solution to hostile traffic, is to block the hostile
traffic. You get bonus points if you report the abuse to the registered abuse
contact for the network, and tell them you've banned them for malicious traffic
sending fraudulent requests.
TODO:
[^prove]: Please, prove me wrong. But bring published logs to show for it. I
find most of the existing articles unconvincing. Claims of some experience
that dosen't match mine, and no evidence other than. Just trust me bro.
If you really wanna have an impact: publish the IPs you've banned. I'm hopeful
the conversation goes something like:
> Hey, why can't I connect to [some service] from [some ISP]?
Oh, yeah, [ISP] is banned because they host too much abusive LLM/GenAI traffic.
You need to use a different ISP try, [other suggestion].
If you feel so strongly about how "fancy auto complete" is ruining the world, and
how there's no chance we'll survive this new *revolutionary technology*, and
everyone who works with it, is the devil, and you're gonna remember which side
they picked[^sigh]! Then target that vitriol at the service providers willing to
host this traffic, instead of targeting users! If you want to take a stand,
punish the people hosting the abuse!
[^sigh]: This toxic Us vs Them bullshit needs to stop. Please! I get that so
many people are angry, I'm angry too. But the Us vs Them, where idle
curiosity makes someone a "them" is a much bigger part of the problem than
whatever the newest techno fad is, that you happen to dislike for whatever
reason the "us group" has picked today.
### Other options
#### Firewall
Finish describing the firewall rules.
Describe bot detection in verse.
#### Firewall part 2
Detect if you're banned from srctree
Describe the WHY.
#### Verse Bot Detection
Describe bot detection in verse.
[^fbasn]: https://rdap.db.ripe.net/ip/57.141.0.0
[^hetznerasn]: https://bgp.he.net/AS24940#_prefixes