Wir treffen Jill und Joe und dessen Bruder Hip
Und auch den Rest der coolen Gang
Sie rappen hin, sie rappen her
Dazwischen kratzen’s ab die Wänd’
Dieser Fall ist klar, lieber Herr Kommissar
Auch wenn sie anderer Meinung sind
Den Schnee, auf dem wir alle talwärts fahr’n, kennt heute jedes Kind

Jetzt das Kinderlied

Drah di ned um, oh, oh-oh
Schau, schau, der Kommissar geht um, oh, oh-oh
Er hot die Kroft und wia san klan und dumm
Und dieser Frust macht uns stumm
Drah di ned um, oh, oh-oh
Schau, schau, der Kommissar geht um, oh, oh-oh
Wenn ea di onspricht und du waßt warum
Sag eam, dein Lem bringt di um

Not sure if I love or hate the name

First of all, most media players are streaming/network capable, they don’t even advertise it. Just feed it the URL.

You can even integrate user/password combos for http simple auth into a direct link. Not the safest; just to avoid people getting wind of a free radio station and overloading your server. Unless that’s you want, but then you should be aware of legal stuff.

On the server side, you can run your own radio station with something like Icecast. That’s its own topic.

If you want to choose what you listen to remotely, you are most likely looking at something Subsonic-compatible (apps exist). People say Navidrome is good. I am currently running jellyfin, it’s not subsonic compatible but apps exist, too.

If crowdsec works for you thats great but also its a corporate product

It’s also fully FLOSS with dozens of contributors (not to speak of the community-driven blocklists). If they make money with it, great.

not exactly a pure self hosted solution.

Why? I host it, I run it. It’s even in Debian Stable repos, but I choose their own more up-to-date ones.

Allow me to expand on the problem I was having. It wasnt just that I was getting a knock or two, its that I was getting 40 knocks every few seconds scraping every page and searching for a bunch that didnt exist that would allow exploit points in unsecured production vps systems.

• Again, a properly set up WAF will deal with this pronto
• You should not have exploit points in unsecured production systems, full stop.

On a computational level the constant network activity of bytes from webpage, zip files and images downloaded from scrapers pollutes traffic. Anubis stops this by trapping them in a landing page that transmits very little information from the server side.

• And instead you leave the computations to your clients. Which becomes a problem on slow hardware.
• Again, with a properly set up WAF there’s no “traffic pollution” or “downloading of zip files”.

Anubis uses a weighted priority which grades how legit a browser client is.

And apart from the user agent and a few other responses, all of which are easily spoofed, this means “do some javascript stuff on the local client” (there’s a link to an article here somewhere that explains this well) which will eat resources on the client’s machine, which becomes a real pita on e.g. smartphones.

Also, I use one of those less-than-legit, weird and non-regular browsers, and I am being punished by tools like this.

All the self hosters in my internet circle started adopting anubis so I wanted to try it. Anubis was relatively plug and play with prebuilt packages

edit: I feel like this part of OP’s argument needs to be pointed out, it explains so much:

All the self hosters in my internet circle started adopting anubis so I wanted to try it. Anubis was relatively plug and play with prebuilt packages

IMO this is largely Debian-specific: this distro seems to hold backward comaptibility in very high regard, so any problem is bound to have a multitude of solutions. In addition, the Debian Wiki is not as well maintained as you-know-whose.

I see nothing untoward here.

Except maybe that last sentence, what “s” are you talking about (fwiw, the man page that comes with an installed package should™ be the ultimate authority)?

At the time of commenting, this post is 8h old. I read all the top comments, many of them critical of Anubis.

I run a small website and don’t have problems with bots. Of course I know what a DDOS is - maybe that’s the only use case where something like Anubis would help, instead of the strictly server-side solution I deploy?

I use CrowdSec (it seems to work with caddy btw). It took a little setting up, but it does the job.
(I think it’s quite similar to fail2ban in what it does, plus community-updated blocklists)

Am I missing something here? Why wouldn’t that be enough? Why do I need to heckle my visitors?

Despite all that I still had a problem with bots knocking on my ports spamming my logs.

By the time Anubis gets to work, the knocking already happened so I don’t really understand this argument.

If the system is set up to reject a certain type of requests, these are microsecond transactions of no (DDOS exception) harm.

it’s mentioned in this article

Thanks for that!

Lemmy.world that i use was though.

So what does that entail - the site was completely down, or images didn’t load?

Would I even notice that in my unaffected instances feed? Just no lemmy.world posts at all, or would it leave empty placeholders?

I didn’t notice and I’ve been on Lemmyverse the whole day, on and off. Different time zone though (Eastern Europe) so I’m not sure how that translates to “this morning”.

It is possible to install True Linux™ on many phones, it’s just the phone-specific bits that often don’t work too well. Ideal for this scenario though.

Of course you’re still right, but with that in mind the list is much longer than you think.

I was going to comment that I really miss that extra step. A local server on Android sounds like a major PITA, not to speak of the possibility of continued data mining.

It is possible to install True Linux™ on many phones, it’s just the phone-specific bits that often don’t work too well. Ideal for this scenario though.

How would you serve from the phone into the internet? The only option I see is via WiFi to a router and hope your ISP gave you a static IP.

Well they wrote provider of “domain with servers”. TBF (to myself) I think OP is confusing things. If they meant the domain only, you are correct.

can the provider over which I rent the domain with servers in my country actually see what our traffic is? Especially since we are streaming our movies etc.

That’s what encryption is for, a.k.a. HTTPS in this case.

If there’s several of you, really, get a dedicated IP address (a domain name is nice but not necessary). Usually a dedicated IP is not an option for normal priced home connections, but a full (not shared) VPS with decent storage/performance can be had for under €10/month, and that will always have a static IP.

That’s what you get with remote-mounting a fs

I know that. My point is: you don’t have to.

Microsoft has my source code

FWIW, other public git instances exist. As in alternatives to github. No need to selfhost.

deep system integration

You mean remote-mounting a filesystem? That’s possible; you don’t need NC for it.