this post was submitted on 24 May 2025
1377 points (99.0% liked)

Science Memes

14653 readers
3258 users here now

Welcome to c/science_memes @ Mander.xyz!

A place for majestic STEMLORD peacocking, as well as memes about the realities of working in a lab.

Rules

  1. Don't throw mud. Behave like an intellectual and remember the human.
  2. Keep it rooted (on topic).
  3. No spam.
  4. Infographics welcome, get schooled.

This is a science community. We use the Dawkins definition of meme.

Research Committee

Other Mander Communities

Science and Research

Biology and Life Sciences

Physical Sciences

Humanities and Social Sciences

Practical and Applied Sciences

Memes

Miscellaneous

founded 2 years ago
MODERATORS
Sal@mander.xyz
fossilesque@mander.xyz
SciBot@mander.xyz
fossilesque@lemmy.dbzer0.com
1377
Black Mirror AI (mander.xyz)
submitted 1 day ago by fossilesque@mander.xyz to c/science_memes@mander.xyz
183 comments fedilink hide all child comments
 
top 50 comments
sorted by: hot top controversial new old
[–] Novocirab@feddit.org 4 points 32 minutes ago* (last edited 4 minutes ago) (1 children)

There should be a federated system for blocking IP ranges that other server operators within a chain of trust have already identified as belonging to crawlers. A bit like fediseer.com, but possibly more decentralized.

(Here's an advantage of Markov chain maze generators like Nepenthes: Even when crawlers recognize that they have been served garbage and they delete it, one still has obtained highly reliable evidence that the IPs that requested it do, in fact, belong to crawlers.)

Also, whenever one is only partially confident in a classification of an IP range as a crawler, instead of blocking it outright one can serve proof-of-works tasks (à la Anubis) with a complexity proportional to that confidence. This could also be useful in order to keep crawlers somewhat in the dark about whether they've been put on a blacklist.

[–] Opisek@lemmy.world 2 points 24 minutes ago (2 children)

You might want to take a look at CrowdSec if you don't already know it.

[–] rekabis@lemmy.ca 1 points 10 minutes ago* (last edited 9 minutes ago) (1 children)

Holy shit, those prices. Like, I wouldn’t be able to afford any package at even 10% the going rate.

Anything available for the lone operator running a handful of Internet-addressable servers behind a single symmetrical SOHO connection? As in, anything for the other 95% of us that don’t have literal mountains of cash to burn?

[–] Opisek@lemmy.world 1 points 1 minute ago

They do seem to have a free tier of sorts. I don't use thew personally, I only know of their existence and I've been meaning to give them a try. Seeing the pricing just now though, I might not even bother, unless the free tier is worth anything.

[–] Novocirab@feddit.org 1 points 10 minutes ago* (last edited 9 minutes ago)

Thanks. Makes sense that things roughly along those lines already exist, of course. CrowdSec's pricing, which apparently start at 900$/months, seem forbiddingly expensive for most small-to-medium projects, though. Do you or does anyone else know a similar solution for small or even nonexistent budgets? (Personally I'm not running any servers or projects right now, but may do so in the future.)

[–] antihumanitarian@lemmy.world 20 points 2 hours ago (1 children)

Some details. One of the major players doing the tar pit strategy is Cloudflare. They're a giant in networking and infrastructure, and they use AI (more traditional, nit LLMs) ubiquitously to detect bots. So it is an arms race, but one where both sides have massive incentives.

Making nonsense is indeed detectable, but that misunderstands the purpose: economics. Scraping bots are used because they're a cheap way to get training data. If you make a non zero portion of training data poisonous you'd have to spend increasingly many resources to filter it out. The better the nonsense, the harder to detect. Cloudflare is known it use small LLMs to generate the nonsense, hence requiring systems at least that complex to differentiate it.

So in short the tar pit with garbage data actually decreases the average value of scraped data for bots that ignore do not scrape instructions.

[–] fossilesque@mander.xyz 5 points 1 hour ago

The fact the internet runs on lava lamps makes me so happy.

[–] mlg@lemmy.world 8 points 2 hours ago

--recurse-depth=3 --max-hits=256

[–] stm@lemmy.dbzer0.com 30 points 7 hours ago

Such a stupid title, great software!

[–] Iambus@lemmy.world 13 points 8 hours ago

Typical bluesky post

[–] MonkderVierte@lemmy.ml 18 points 9 hours ago (2 children)

Btw, how about limiting clicks per second/minute, against distributed scraping? A user who clicks more than 3 links per second is not a person. Neither, if they do 50 in a minute. And if they are then blocked and switch to the next, it's still limited in bandwith they can occupy.

[–] letsgo@lemm.ee 8 points 8 hours ago (1 children)

I click links frequently and I'm not a web crawler. Example: get search results, open several likely looking possibilities (only takes a few seconds), then look through each one for a reasonable understanding of the subject that isn't limited to one person's bias and/or mistakes. It's not just search results; I do this on Lemmy too, and when I'm shopping.

[–] MonkderVierte@lemmy.ml 6 points 7 hours ago

Ok, same, make it 5 or 10. Since i use Tree Style Tabs and Auto Tab Discard, i do get a temporary block in some webshops, if i load (not just open) too much tabs in too short time. Probably a CDN thing.

[–] JadedBlueEyes@programming.dev 8 points 8 hours ago (6 children)

They make one request per IP. Rate limit per IP does nothing.

load more comments (6 replies)
load more comments
view more: next ›