I think the issue is that many sites are too aggressive with it. Anubis can be configured to only ask for challenges if the site is under unusual load, for instance when a botnet it’s actually ddosing the site. That’s when it shines.

Making it constantly ask for challenges when the service is not under attack is just a massive waste of energy. And many sites just enable it constantly because they can defer bot pings from their logs that way. That’s for instance what op is doing. It’s just a big misunderstanding of the tool.

I don’t know if “anything”. But surely people overestimate its capabilities.

It’s only a PoW challenge. Any bot can execute a PoW challenge. For a smal to medium number of bots the energy difference it’s negligible.

Anubis it’s useful when millions of bots would want to attack a site. Then the energy difference of the PoW (specially because Anubis increase the challenge if there’s a big number of petitions) can be enough to make the attacker desist, or maybe it’s not enough, but at least then it’s doing something.

I see more useful against DDOS than AI scrapping. And only if the service being DDOS is more heavy than Anubis itself, if not you can get DDOS via anubis petitions. For AI scrapping I don’t see the point, you don’t need millions of bots to scrape a site unless you are talking about a massively big site.

You are right. For most self-hosting usecases anubis is not only irrelevant, but it actually works against you. False sense of security and making your devices do extra work for nothing.

Anubis is though for public facing services that may get ddos or AI scrapped by some not targeted bot (for a target bot it’s trivial to get over Anubis in order to scrap).

And it’s never a substitute of crowdsec or fail2ban. Getting an Anubis token it’s just a matter of executing the PoW challenge. You still need a way to detect and ban malicious attacks.

I don’t think you have a usecase for Anubis.

Anubis is mainly aimed against bad AI scrappers and some ddos mitigation if you have a heavy service.

You are getting hit exactly the same, anubis doesn’t put up a block list or anything. It just put itself in front of the service. The load on your server and the risk you take it’s very similar anubis or not anubis here. Most bots are not AI scrappers they are just proving. So the hit on your server is the same.

What you want is to properly set up fail2ban or, even better, crowdsec. That would actually block and ban bots that try to prove your server.

If you are just self-hosting with Anubis the only thing you are doing is deriving the log noise towards Anubis logs and making your devices do a PoW every once in a while when you want to use your services.

Being honest I don’t know what you are self hosting. But at least it’s something that’s going to get ddos or AI scrapped, there’s not much point with Anubis.

Also Anubis is not a substitute for fail2ban or crowdsec. You need something to detect and ban brute force attacks. If not the attacker would only need to execute the anubis challenge get the token for the week and then they are free to attack your services as they like.

My “important” emails work on a white list basis. So every sender not approved by me goes to spam. When I’m waiting for an email I’ll check the spam folder for it and white list the sender.

I wouldn’t trust a sane person to do a ultra private phone OS.

You need the paranoia, you need to see the shadows move to do it right.

Scary indeed.

Phone carriers are to blame. Unlimited SMS plans weren’t common when whatsapp took hold of our communications.

It’s the de facto communication medium in Europe. It’s not much of a choice. Even work related groups are usually over WhatsApp.

AFAIK simplex is the closest we have to perfect privacy.

Why would a OS need an online account?

We truly live in the stupidest timeline.

They are closing the whole project.

Specifically they say that they are tired of pushing fixes and that they don’t find excitement in maintaining the project. With zero mentions at all to being scrapped or having any kind of AI related issue.

I don’t know if you knew the project before seeing this post. I did, I was considering between this and freshrss and chose freshrss specifically because I knew that the end of ttrss was close (this was like 2 years ago). There were a lot of signs that the development was ending and the project was on route to be abandoned.

First, source code is on github.

Second, RSS aggregators are self hostable, not a service provided by the dev. The dev would have not issues of a public instance of ttrss hosted by someone gets scrapped.

Third, RSS aggregators doesn’t really tend to be public facing. Due to their personal nature they don’t tend to be open. They are more account based.

Sorry, I really don’t see the case here.

It really doesn’t seem like that’s the case. It doesn’t even makes much sense. What do tou think was being AI scrapped? The source code?

You could want to have multiple clients in sync.

Also a web service could be fetching 24/7 and perform classification algorithms before serving to the client that will only connect a few times a day.

You go to the website and the images promoting the browser are using apple. The project is being developed only for macOS and linux. They decided to change the programming language to swift.

To many signs that the devs are appleheads and I get the feeling that the main target is apple, linux second and windows completely out of the box (states by devs themselves). Myself personally, not a fan on apple, I don’t have that kind of money to buy hardware and I don’t see any advantages on doing so.

Giving how apple adjacent the project is I have never had much faith in it being able to truly become an alternative to firefox.

Android Debug Bridge. It is a way to control the device via command line, mainly from an external computer. Among other things allows for app installation. It’s one of the main ways to test and debug apps while being developed.

I think they are looking to partner with a phone manufacturer to move graphene platform to other brand of phones.

Specially since it’s unlikely that google pixels will keep providing the spec info and openness that GOS need to work.

Maybe yes. Maybe not. I think from now they won’t push that far, among other things because even developing for android platform would become a burden. Not being able to even test some app concept without a verified signature…

Maybe eventually they’ll go that far. But as of now I do think is unlikely they’ll completely block the adb way.

Anyway many current users won’t go adb. And third party stores will take a massive hit. That’s google’s goal.

I think you could still adb install unverified apps into your phone.

That untill they’ll block that path too.

Also I suppose that you’ll need to adb every update. So apps that would want to go this way should self check updates instead of relying on an external store.