@fanf Sure that does make sense. I'll try to verify jmeter indeed doesn't reuse connections (I already have debug logging in place that should tell me).

If that's really the reason, I guess the sane thing to do is to add a hint to the docs to just disable TLS for very busy sites. The intended usecase for #swad is operation behind #nginx to serve its "auth_request". I don't intend to implement HTTP/2 or beyond, but it would be pretty pointless here anyways, nginx defaults to HTTP/1.0 for proxy requests and can be configured to use HTTP/1.1 instead, but *still* doesn't reuse connections by default, and my experiments so far to enable it weren't successful, maybe I didn't fully understand it yet. Using TLS behind nginx would make sense from a "defense in depth" point of view, but it's probably impractical once your load exceeds a certain threshold.

For background how I arrived there, I observed stupid #AI #scraper #bots clog my DSL connection by downloading gigabytes of build logs produced by my #poudriere. They're not secret in any way and having a simple way to share them is great for community bug hunting, but this had to stop. I had a simple C library doing a fully portable reactor event loop on top of select (so, not really scalable), and some very limited HTTP/1.1 server code from experiments with TOR hidden services ... so I put that together to add some web-form + cookies auth to my private nginx to lock out the bots. Later, I added a "guest login" doing the same "proof of work" stuff known from #anubis, and then I suddenly had the idea in mind to make my little service (that already solved the problem perfectly for myself) suitable for large-scale installations. So, added kqueue, epoll etc support, added a "multi-reactor with acceptor-connector" design, etc .... and now I'm a bit frustrated enabling TLS spoils all the performance 🙈

The most disgusting feature of this relatively new #AI #scraper |s plague is that they are about to defile everything we like in the *good* internet.

Images with relevant #AltText? Perfect training materials for text-to-image generative models.

Static webpages? No #Anubis - no problem to scrape.

#Anubis uses proof-of-work ( #PoW ), which implies either #JavaScript or manual instructions. No, it is a good solution... Best of the worst (as if there were any good ones...)

Last days I learned that (1) #Tor has a #PoW mechanism (2) Anubis seems to somehow whitelist #lynx browser, allowing no-JS Lynx users in (a big favour for #accessibility and #smolweb ). Good (let's hope all these will persist).

MWoffliner, the @mediawiki #scraper has been released in version 1.15!

1.15 brings a significant amount of improvements:
* Support of wide used (outside Wikimedia) "ActionParse" API
* Use latest libzim (we were stuck with an older version) which fixes many suggestion problems with non-latin alphabets
* Move to Node.js 24 + many install fixes
* Better & sophisticated remote error handling

Full changelog at https://github.com/openzim/mwoffliner/releases/tag/v1.15.0

Available as container image and Npmjs package!

Another filthy bot really hititng my server hard...

"Scrapy/2.11.2 (+https://scrapy.org)"

URL doesn't work. IP (35.239.86.156) points to 156.86.239.35.bc.googleusercontent.com.

Blocked it is. I'll perhaps unblock it later when I have more time.

#admin #scraper

3/

For more on scraping (as in web-scraping) see here:
https://mastodon.social/@reiver/114353728684249608

CC: @404mediaco

#Scraper #Scraping #WebScraper #WebScraping

2/

Scraping (as in Web Scraping) is the act of extracting data from HTML web-pages where the data is NOT machine-legible.

If the data, even in an HTML web-page, is in a machine-legible format, then it is NOT scraping.

...

And, getting data in JSON (key-value pairs) is definitely NOT scraping — as JSON's purpose is to communicate data in a machine-legible manner.

CC: @404mediaco

#Scraper #Scraping #WebScraper #WebScraping

1/

If these researchers used a typical HTTP-based API that returns JSON, then —

What these researchers did is NOT scraping.

CC: @404mediaco

RE: https://www.404media.co/researchers-scrape-2-billion-discord-messages-and-publish-them-online/

#Scraper #Scraping #WebScraper #WebScraping

Two new things #today: Wanted to take a picture of the skyline because it wasn’t there(!) - couldn’t see the high rises on 7th from 8th, low fog. And my first ride on a subway car where all the banner ads were actually screens - they all changed to the same ad at one point.
#NYC #NewYorkCity #subway #advertisements #commuter #TimesSquare #train #ride #strap #hanger #Manhattan #low #fog #sky #scraper #high #rise #tower #skyline #mist #rain #financial #district #world #trade #center #WTC

Just released: #swad 0.6 🍻

Looking to add #authentication to your reverse proxy (e.g. #nginx)? Or some protection against #scraper #bots of #AI #companies? Swad might help you!

Swad is the "Simple Web Authentication Daemon", written in pure #C with very few external dependencies (just zlib and, depending on build options, OpenSSL/LibreSSL and libpam). It offers a login form for configurable credential checkers (currently by executing an external tool, checking a password-file with bcrypt hashes, or asking #PAM), and a "guest login" requiring the client browser to solve the same cyrpto puzzle known from e.g. #Anubis. Optional #https support is also included. It currently compiles to a binary of less than 200kiB. I'm using it myself on a #FreeBSD machine, it's also tested on #Linux and it *should* work on any "POSIXy" system.

Version 0.6 brings lots of fixes and improvements, but most notably the feature to reload configuration via SIGHUP, which for example enables certificate rollover without any service interruption.

Check out the latest release, grab the .txz tarball, and build/install it! 😎

https://github.com/Zirias/swad

And it's much better

fuck you OpenAI and Amazon

#ai #scraper #cloud #openai #amazon

Update: I reported the bot. Thanks.

A Mastodon bot account at mastodon.cloud scans the fediverse, scrapes selected web pages shared there, rewrites them with AI, posts them to its own site, and shares on Mastodon as tech news the rewritten AI slop. The bot scraped a post of mine (including the attached image) within minutes of my federated blog publishing it.

Is it worth flagging the bot and reporting it to its instance? Are the mods likely to take action?

#mastodon #moderation #ai #scraper

Anubis: self hostable scraper defense software | Anubis

https://anubis.techaro.lol/

#ai #bots #scraper

Wikimedia is buckling under the weight of AI scrapers.

"Our content is free, our infrastructure is not".

https://diff.wikimedia.org/2025/04/01/how-crawlers-impact-the-operations-of-the-wikimedia-projects

#wikipedia #ai #scraper

Just for the record one of the most aggressive are those from #Microsoft & #Bing :

BingBot : 52.167.144.*
BingBot : 40.77.167.*

I had some intense visits from #OpenAI too:
OpenAI : 52.255.111.84-87

...at least from their #useragent

#bot #crawler #scraper

😅😅😅😅😅
#cats #catsofmastodon #cat #scraper