Guillaume Rossolini @ GuillaumeRossolini @infosec.exchange

🇫🇷

---

Read more

Posts

0

Comments

15

Joined

3 yr. ago

@mfed1122 yeah that is my worry, what’s an acceptable wait time for users? A tenth of a second is usually not noticeable to a human, but is it useful in this context? What about half a second, etc

I don’t know that I want a web where everything is artificially slowed by a full second for each document

@Passerby6497 yes I’ve been told as much 😅

https://lemmy.world/comment/18919678

Jokes aside, I understand this was the point. I just wanted to make the point that it is feasible, if not currently economically viable

@rtxn all right, that’s all you had to say initially, rather than try convincing me that the network client was out of the loop: it isn’t, that’s the whole point of Anubis

@Passerby6497 my stance is that the LLM might recognize that the best way to solve the problem is to run chromium and get the answer from there, then pass it on?

@rtxn validation of what?

This is a typical network thing: client asks for resource, server says here’s a challenge, client responds or doesn’t, has the correct response or not, but has the challenge regardless

@Passerby6497 I really don’t understand the issue here

If there is a challenge to solve, then the server has provided that to the client

There is no way around this, is there?

@rtxn I don’t understand how that isn’t client side?

Anything that is client side can be, if not spoofed, then at least delegated to a sub process, and my argument stands

@mfed1122 @tofu any client-side tech to avoid (some of the) bots is bound to, as its popularity grows, be either circumvented by the bot’s developers or the model behind the bot will have picked up enough to solve it

I don’t see how any of these are going to do better than a short term patch

@AEMarling is there a preferred way to send you typos? In this screenshot, Taino’s pronouns

@AEMarling yes thank you

B&N don’t seem to agree with themselves whether my order went through or was cancelled, but they’ll sort it out 🤣

@AEMarling never mind the point is moot, I didn’t realize that B&N were unable to deliver ebooks to people not physically located in the US 🙃

@AEMarling hi! I imagine it’s early to ask about translations? I’m comfortable reading English but as a gift, I’d need French/Spanish

@rikudou
Yes, but binding one IP per host is what some web servers can’t do, they bind globally and forward accordingly

Unless I missed it, that’s always a possibility

ie httpd can’t do it (at least back then) while nginx can

Which translates to reconfiguration of the entire infra to replace one server with another, and that’s also a cost

@rikudou @voxel
ASFAIR it used to be even worse than that, because if you didn’t want SNI (for compatibility reasons or whatever), but you still wanted a certificate, you had to have one server for every hostname (because each had its own IP), assuming you could afford the additional IP space

Granted you didn’t need a physical server, but that was still a bigger cost

Some servers are more flexible on that front, but early SNI didn’t have those

@rikudou @voxel
Wasn’t SNI happening after the handshake? Or is this completely what ECH is about.

RIP Windows XP