Forest @forestjohnson@pixie.town
- member of
- https://cyberia.club
- webmaster @
- https://capsul.org/
I am a web technologist who is interested in supporting and building enjoyable ways for individuals, organizations, and communities to set up and maintain their own server infrastructure, including the hardware part.
I am currently working full time as an SRE 😫, but I am also heavily involved with Cyberia Computer Club and Layer Zero
Joined Feb 2021
@notplants @yunohost@toot.aquilenet.fi i really think VMs might be the tree you are barking up here
Forest
boosted
BREAKING: CVEs in your software? Simply say "no". So-called white-hats can't declare your software vulnerable without your consent. Find out more in our legal column, click here.
@skyfaller Also if you just want to use someone elses (community hosting instead of self hosting)
You are welcome to join https://git.cyberia.club/, the invite token is the word "stonks"
> is Forgejo simple enough that I won't regret taking on the maintenance burden? Is there something even faster?
IMO, yes. The code search feature is really great and IMO publishing code over HTTP in a way that looks "familiar" to github has a lot of value.
The app itself is fairly simple, its support for environment variable configuration (docker) is lacking, but once you know that you must modify the config file on disk, its fine.
99% of the maintenance burden for me has been related to spam and scrapers. I've implemented two different custom tools to combat it:
1. proof of work bot deterrent reverse proxy
I developed this at the same time Xe was developing Anubis, its basically the same thing but its mine and I think its Scrypt hash would do more to deter bots from simply solving the hash.
https://git.sequentialread.com/forest/pow-bot-deterrent-rp/src/branch/main/docker-compose.yml
2. invite tokens for new account registration:
You can also just disable new account registration, but I didn't want to do that, I wanted to easily be able to allow people I know to join and contribute.
https://git.sequentialread.com/forest/gitea-registration-proxy
@j3s Tate says: yeah right buddy how did you manage to type this message then ? internet clout chasing liar exposed
This doesnt work because all the AI companies are paying rent to malware authors who trojan horse TCP proxies into tons of phone apps and desktop software.
So all the LLM scraping requests will come from the exact same residential IP address ASNs that your legit users are coming from.
See:
https://brightdata.com/proxy-types/residential-proxies
https://oxylabs.io/products/residential-proxy-pool
https://www.webshare.io/residential-proxy
https://iproyal.com/residential-proxies/
https://soax.com/proxies/residential
https://proxyempire.io/
huge industry rn
Er, sorry, to clarify, what I meant was that docker is not required; it's just the main config example I have right now. the JSON equivalent is:
https://git.sequentialread.com/forest/pow-bot-deterrent-rp/src/branch/main/config.json.example
altho it may be out of date w/ the latest changes.
Sorry about the docker-only config example. It also supports a json file for config. You just need to be able to compile the go code for OpenBSD; that shouldn't be too hard.
I bet Anubis might be easier to use for now as its more popular and mine is more of a work-in-progress / hack. I made my own because I wanted this as a "captcha" before LLMs and Anubis existed, and also because I wanted to use a memory-hard hash function like Scrypt or Argon because I figured that would inflict a lot more pain on bots in the situation where the bot operators eventually decided to bite the bullet and just solve the PoW challenge.
@davepolaschek For a demo of the pow-bot-deterrent-rp, see one of the source code files on that repo, like:
Still has some issues on privacy browsers which don't allow WebAssembly. Anubis doesn't have the same issue because it uses SHA256 via WebCrypto for now.
I've been working on an email-based alternative for browsers that don't do webworkers / web assembly but still in the proof of concept stage.
@notplants Well, having a group is not magic and someone still has to fix the bug and figure out why it happened. But having more users than just one person helps a lot, I think. And of course, having multiple people working on hosting it helps a ton.
@stefano So is everyone else?..
Anyone operating a public git forge server has known about this for a long time... Anubis or pow-bot-deterrent have become a requirement.
Also, fuck cloudflare
Forest
boosted
@Violinknitter I know this fellow is missing a fin, but jeez.
Clearly this whole automatic fish detection system needs work.
@vkc Would you feel better about it if there was also an option to log in via SSH?
https://queercoded.xyz/2025-08-02/html-day.html
Pls boost!
Feel the HTML Energy August 2nd 1-4pm @ Bde Maka Ska lake shore where it meets W 31st St.
The butt deterrent was blocking it.
Forest
boosted
crying thanking people who maintain software like they're people in military uniform at an airport
- member of
- https://cyberia.club
- webmaster @
- https://capsul.org/
I am a web technologist who is interested in supporting and building enjoyable ways for individuals, organizations, and communities to set up and maintain their own server infrastructure, including the hardware part.
I am currently working full time as an SRE 😫, but I am also heavily involved with Cyberia Computer Club and Layer Zero
Joined Feb 2021
