poke @sebsauvage
Thank you

I don’t know who needs to hear this but compiling www/anubis from ports-current on #OpenBSD -stable works ok. And indeed, sending the #Anubis package to a remote -stable server and use ˋpkg_add -D unsigned ./anubis(…)` to upgrade also works.

(currently live on the blog which has an unpronounceable name ;-)

I don’t know who needs to hear this but compiling www/anubis from ports-current on #OpenBSD -stable works ok. And indeed, sending the #Anubis package to a remote -stable server and use ˋpkg_add -D unsigned ./anubis(…)` to upgrade also works.

(currently live on the blog which has an unpronounceable name ;-)

#Anubis possède désormais un challenge qui ne nécessite pas Javascript, permettant aux clients sans Javascript (ou avec Javascript désactivé ou filtré) de passer avec succès le challenge.

L'auteur a testé pas mal de navigateur : même les navigateurs en ligne de commande et le navigateur intégré à emacs passent.

Cela devrait réduire la quantité de clients bloqués.
https://anubis.techaro.lol/blog/release/v1.20.0/#no-js-challenge

I just updated #Anubis for the @FreeCAD infrastructure. There's now support for challenges without requiring client-side #JavaScript, and a "success... failure!"-type bug affecting #Chromium should now be fixed. Please let me know if you run into any issues! #FreeCAD

I just updated #Anubis for the @FreeCAD infrastructure. There's now support for challenges without requiring client-side #JavaScript, and a "success... failure!"-type bug affecting #Chromium should now be fixed. Please let me know if you run into any issues! #FreeCAD

Just released: #swad 0.5

swad is the "Simple Web Authentication Daemon", meant to add authentication using a #cookie and a #login form to your reverse proxy. It's designed for #nginx' "auth_request" module. It's written in pure #C with very few external dependencies (zlib, and depending on build options OpenSSL/LibreSSL and #PAM).

And with this release, it also allows guest logins using the crypto puzzle you may already know from #Anubis!

Read more in the release notes, grab the .tar.xz and build/install it 😎

https://github.com/Zirias/swad/releases/tag/v0.5

There's a lot that could still be improved in #swad, but I don't get that "proof of work" idea out of my mind, so I started a branch to work on it:

https://github.com/Zirias/swad/pull/1

I really think it makes sense when you want some publicly known "guest login" which is still protected against #bots. Not sure yet whether this will succeed, we will see!

It certainly won't be as "fancy" as #anubis, but do the same thing functionally: Require the client to find a #nonce that, combined with a server-provided #challenge, hashes to something with 'n' leading zeros using #sha256. In contrast to anubis, swad won't have to proxy everything (but rely on nginx' auth_request), and no challenge will be issued when the user logs in with credentials some other credentials checker accepts.

Anubis is interesting - but it's breaking a lot of the RSS feeds I follow. Several sites I regularly read using text browsers are suddenly inaccessible.

I get the urge to block AI scraper bots, but breaking basic web access doesn't feel like the right trade-off.

#anubis#SysAdmin