this post was submitted on 12 Jul 2025
28 points (93.8% liked)

libre

10037 readers
7 users here now

Welcome to libre

A comm dedicated to the fight for free software with an anti-capitalist perspective.

The struggle for libre computing cannot be disentangled from other forms of socialist reform. One must be willing to reject proprietary software as fiercely as they would reject capitalism. Luckily, we are not alone.

libretion

Resources

  1. Free Software, Free Society provides an excellent primer in the origins and theory around free software and the GNU Project, the pioneers of the Free Software Movement.
  2. Switch to GNU/Linux! If you're still using Windows in $CURRENT_YEAR, take Linux Mint for a spin. If you're ready to take the plunge, flock to Fedora! If you're a computer hobbyist and love DIY, use Arch, NixOS or the many, many other offerings out there.

Rules

  1. Be on topic: Posts should be about free software and other hacktivst struggles. Topics about general tech news should be in the technology comm or programming comm. That doesn't mean all posts have to be serious though, memes are welcome!
  2. Avoid using misleading terms/speading misinformation: Here's a great article about what those words are. In short, try to avoid parroting common Techbro lingo and topics.
  3. Avoid being confrontational: People are in different stages of liberating their computing, focus on informing rather than accusing. Debatebro nonsense is not tolerated.
  4. All site-wide rules still apply

Artwork

founded 4 years ago
MODERATORS
hello_hello@hexbear.net
context@hexbear.net
28
I'm now absolutely convinced the FSF is the trot org of the FOSS world. "Our small team vs millions of bots — Free Software Foundation" (www.fsf.org)
submitted 1 day ago by Super_Lumalo@hexbear.net to c/libre@hexbear.net
17 comments fedilink hide all child comments
 

Like fuck off, to think I ever liked these guys.

top 17 comments
sorted by: hot top controversial new old
[–] machinya@hexbear.net 12 points 1 day ago

the most infuriating part is how they decide anubis is bad (valid concerns, i do share some of them) but haven't talked about any possible alternative, even a temporary one, they can use to avoid overworking their two sysadmins. anubis is specially useful for sites like that, where they had very little admin power. trying to use gnu sites lately is a pain because they are often not-operational, which is way more disrupting than having to wait a bit for whatever challenge they could have

the whole post reads like an useless rant without any proper aim. if they are so interested on the free internet, they could probably try and come up with some alternative but the way they talk makes me think they are just ignorant of the modern hostile internet and just want to magically return to the past where this didn't happened without having to do any effort about it

[–] hello_hello@hexbear.net 13 points 1 day ago* (last edited 1 day ago) (1 children)

A website using Anubis will respond to a request for a webpage with a free JavaScript program and not the page that was requested.

This is a legitimate critique though. Anubis requires the use of capital W Web Browsers (chromium, Firefox) in order to access the site. This effectively blocks users who A: dont want to run the computations of the JS program (which can't be circumvented due to the server side computing done) and B: users using web browsers without or with limited JS functionality that wouldn't meet the reqs of Anubis.

Anubis was created as an emergency stop valve on LLM scrapers, but I think having a solution which doesn't require Anubis is also valuable as well.

Malware is a terrible choice of words. Anubis isnt malware. It may provoke questions about the state of the Web but there's nothing malicious about protecting your digital infra when the vast majority of users browse with JS enabled and not doing so would take down your site or leave you with thousands of dollars in upkeep costs.

The FSF do give off the trot vibe and thank you for making that connection that I will never unsee. I think if they just posted what I wrote above they would get far less backlash.

[–] Super_Lumalo@hexbear.net 5 points 1 day ago* (last edited 1 day ago)

The FSF do give off the trot vibe and thank you for making that connection that I will never unsee. I think if they just posted what I wrote above they would get far less backlash.

And probably less nonsense from me, I tend to get angry and irrational easily (partly because I'm passionate and care) and that leads to me overlooking some important parts.

This is a legitimate critique though. Anubis requires the use of capital W Web Browsers (chromium, Firefox) in order to access the site. This effectively blocks users who A: dont want to run the computations of the JS program (which can't be circumvented due to the server side computing done) and B: users using web browsers without or with limited JS functionality that wouldn't meet the reqs of Anubis.

And well yes, I do agree that Anubis basically only help to entrench the big browsers while cutting off people using for example Lynx. Now, I'm writing this after checking their changelog, and they have introduced a challenge that works without client side JS, so I guess we can disregard the concern of entrenching.

Anubis was created as an emergency stop valve on LLM scrapers, but I think having a solution which doesn't require Anubis is also valuable as well.

And that's what I understand it's purpose to be, I don't want it to be the end all be all. But it's "good enough" as the dev themself put.

Malware is a terrible choice of words. Anubis isnt malware. It may provoke questions about the state of the Web but there's nothing malicious about protecting your digital infra when the vast majority of users browse with JS enabled and not doing so would take down your site or leave you with thousands of dollars in upkeep costs.

That's the biggest issue I have with the FSF, it's all posturing with no substance. They should absolutely spearhead a project that would be an alternative for what Anubis is currently doing, or I don't fucking know try and find one to support and endorse?? Their inability to compromise for a limited time is way too annoying.

[–] ZWQbpkzl@hexbear.net 9 points 1 day ago (1 children)

The FSF is ideologically incapable of implementing bot management strategies because they value internet anonymity. Bot evasion strategies are literally just advanced ways of being anonymous. You can't tell if a person is a bot or not without violating their anonymity or internet freedom.

Anubis is a modest compromise. It checks if you can run JavaScript and blocks those who can't. It's not perfect. It'll block elinks/lynx users or a real person using curl. But it'll also block any bot that doesn't use a browser, which accounts for most of the volume.

The "cryptomining" and "malware" comparisons against Anubis or hyperbolic but sort of true. Proof of Work is the dumbest and most wasteful possible strategy to combat bots. It's not the hashing that stops bots, its the check if they can run JavaScript that does.

Anubis has a new javascriptless metarefresh which uses HTML to refresh the page after a few seconds. This is a much better solution than the computational proof of work, in my opinion. This line from the docs though is perplexing:

This is not enabled by default while this method is tested and its false positive rate is ascertained. Many modern scrapers use headless Google Chrome, so this will have a much higher false positive rate.

The false positive rate will be the same as proof of work minus however many bots run headless browser with JavaScript disabled. Proof of Work doesn't give you positives or negatives, it's a flat tax.

[–] Super_Lumalo@hexbear.net 4 points 1 day ago (1 children)

It'll block elinks/lynx users or a real person using curl. But it'll also block any bot that doesn't use a browser, which accounts for most of the volume.

nuh uh smuglord

Anubis has a new javascriptless metarefresh which uses HTML to refresh the page after a few seconds. This is a much better solution than the computational proof of work, in my opinion. This line from the docs though is perplexing:

yuh uh!

(I'm just fucking around now I'm too tired lol, it's 10 pm. But it does work on lynx!!!)

Just want to reiterate, I understand the concerns with Anubis, it's just that FSF makes me go maddened

[–] ZWQbpkzl@hexbear.net 5 points 1 day ago
  1. The Anubis homepage uses the new meta-refresh strategy which should work on lynx since its doesn't use JavaScript.
  2. I doubt you even saw an Anubis challenge. Anubis normally configured by User-Agent. IDK what lynx's User-Agent is but I bet Anubis wasn't configured to challenge it.
[–] balsoft@lemmy.ml 11 points 1 day ago* (last edited 1 day ago) (1 children)

Can you elaborate a bit? The blog post is a tad overdramatic but doesn't seem to have anything particularly bad in it.

[–] Super_Lumalo@hexbear.net 3 points 1 day ago (1 children)

TL;DR: Rant about the FSF as a whole and why they annoy me with their puritanism

The problem I have with the FSF is their stance on this "good enough" solution is, as always, that it cannot be accepted. Their "purity" is pointless as I don't find it at all useful in furthering free software, while Anubis is doing actual work against mass scraping by AI companies, their choice is to outright disavow it because "it acts like malware", and performing "useless computation". And then they have the gall to beg for even more donations when the solution to their DDOS problems is right there. I hate them for being so ineffective at what they're supposed to be doing. "The same calculations as cryptominers", fuck off.

It's so fucking annoying having to deal with their puritanism, especially after I tried their ways of running 100% free software as by their own guidelines! Genuinely I need to do more investigating on this part, but they really do seem like a Trotskyist org to me more and more and I'm glad I'm out of fanboying over them.

[–] balsoft@lemmy.ml 2 points 1 day ago* (last edited 1 day ago) (1 children)

I mean, Anubis would do a pretty bad job in their case anyways, and their attitude kind of makes practical sense there. Almost all code fetching tools (from git to ftp to curl) don't run any external code (and I think we can agree it would be a horrible idea to do so); as such, proof-of-work solutions like Anubis won't work for code hosting (which is what the article is about).

But yeah I agree that in more human-oriented use-cases Anubis is great. Still, I can also see FSF's point that it's somewhat close to what an annoying proprietary system would do, even if I think it's a good compromise given the circumstances of the modern web.

It’s so fucking annoying having to deal with their puritanism

You in particular don't need to deal with them in any way at all. The code they host is free software and has plenty of other mirrors all over the web. If you want to contribute to any of the projects for which they are hosting upstreams you can almost always just send an email with your patch to authors directly. Save your anger for capitalists.

[–] Super_Lumalo@hexbear.net 1 points 1 day ago

I mean, Anubis would do a pretty bad job in their case anyways, and their attitude kind of makes practical sense there. Almost all code fetching tools (from git to ftp to curl) don't run any external code (and I think we can agree it would be a horrible idea to do so); as such, proof-of-work solutions like Anubis won't work for code hosting (which is what the article is about).

I don't really care about whether Anubis would make a good use case for them, the problem is that even if it did they wouldn't have used it as stated in the post. I get angry and irrational easy when I see bullshit about things that I care about, and that tends to me overlooking actually important parts.

You in particular don't need to deal with them in any way at all. The code they host is free software and has plenty of other mirrors all over the web. If you want to contribute to any of the projects for which they are hosting upstreams you can almost always just send an email with your patch to authors directly. Save your anger for capitalists.

I'll keep interacting in a way that points out "hey maybe this isn't the best course of action" because I will keep caring, even if I hate them. My hate must be pointed out, shown why it exists. Because even if I hate capitalism and capitalists, I hate ineffectual action even more. joker-laden

It won't work through patches, if the rot is fundamental. I'll probably contribute to other projects, Libreboot is now more enticing after Leah cut away from their type of bullshit.

[–] git@hexbear.net 6 points 1 day ago (1 children)

Sounds like they’d be fine with Anubis if it was opt-in instead of automatic. Their concerns are valid in that it runs an unwanted/non-consented payload and so fits a strict definition of malware. The browser is a user agent, so it should only do what the user wants it to do.

Like fuck off, to think I ever liked these guys

You might have liked them for the wrong reasons, this is the least surprising response they could have made lol. Either you share in their hard-line stance or you align with something lesser like open source. Copyleft is uncompromising by design.

[–] hello_hello@hexbear.net 5 points 1 day ago (1 children)

Copyleft is uncompromising by design.

Copyleft and open source has nothing to do with this. This is just a blogpost of them of why they dont use Anubis and their concerns.

[–] git@hexbear.net 1 points 1 day ago (1 children)

Copyleft and open source has nothing to do with this.

It informs exactly the type of response they’ve given. If you can’t understand why the authors of the GPL would respond like this that’s on you.

[–] hello_hello@hexbear.net 2 points 1 day ago

What is this supposed to mean? How does software licensing relate to this? Anubis is a free program.

[–] RedSailsFan@hexbear.net 6 points 1 day ago* (last edited 1 day ago) (1 children)

what exactly is the issue here? the article is complaining about DDOS attacks from botnets and LLM scrapers, seems very reasonable to me

[–] Super_Lumalo@hexbear.net 2 points 1 day ago (1 children)

replied to another user with the same question, I just don't like the FSF for it's nonsensical puritatnism

[–] RedSailsFan@hexbear.net 2 points 1 day ago

you should point this out in the headline or in the post body then, my original impression was that you were saying they are calling others "bots" or something like that