00:01 <BtbN> Xe: there's a massive bot wave hitting our trac right now, and they're seemingly getting to Anubis relatively effortlessly. All claiming to be "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36", and I can observe them solving Anubis in the access log. And they all download the same completely random but huge attachment, which trac spends 10-20 seconds rendering each time....

00:01 <BtbN> ... Thought that might interest you.

00:01 <BtbN> I increased the difficulty back to 5 from 4, to slow them down enough to keep the server working at least

00:29 <Xe> BtbN: oh what, that's really odd

00:29 <Xe> any common IP ranges?

00:30 <BtbN> bunch of random IPs out of 149.52.0.0/16 and 192.200.0.0/16, and a few from 149.40.0.0/16

00:43 <Xe> can you DM me one of the IPs in each range so I can add it to the ASN list?

10:05 <kasper93> oh no, Anime has been defeated.

10:17 <fflogger> [editedticket] zenden2k: Ticket #9473 ([ffmpeg] gdigrab screen captures are interrupted by secure desktop pop-ups) updated https://trac.ffmpeg.org/ticket/9473#comment:6

12:33 <averne> IndecisiveTurtle: Thanks for the heads up, FYI this is what I ended up with: https://github.com/averne/FFmpeg/commit/f1e1c10b3406eb7842abcdf9210116920c171d68. Not super clean either but it does what I need it to.

12:33 <averne> The texture inspection tool seems to work for me without disabling extensions

13:48 <TheVibeCoder> Anubis offically dead soonTM - when?

13:51 <Xe> TheVibeCoder: it just means that it's entered the cat and mouse phase ahead of schedule

15:32 <cone-469> ffmpeg Clément Péron master:90424a447556: various: fix typos

15:41 <BtbN> I also don't feel like these were scrapers

15:41 <BtbN> the pattern was much more "What can we mass access to take the site down"

15:41 <BtbN> i.e. a classic DDoS

15:41 <BtbN> why anyone would DDoS our trac... no clue

15:41 <BtbN> LLM scrapers want as much text as possible. Not the same one 40000 times

15:48 <kasper93> Xe: ahead? I'm really suprised this solution was holding for so long.

15:54 <Lynne> BtbN: is the user agent still Mozilla...blah?

15:55 <BtbN> Chrome on OSX

15:55 <kasper93> every user agent is Mozilla... blah

15:56 <Lynne> anubis lets every non-mozilla user agent through

15:57 <Marth64> This is an ambitious thought but has anyone else ever felt wonder if TRAC wiki docs can be rolled up into the texi docs? (Sans the community/open-ended bits.)

15:58 <BtbN> well, the access log clearly shows them solving Anubis

15:58 <BtbN> and increasing the difficulty significantly slowed down the attack

15:58 <Lynne> wow, they're learning

15:59 <kasper93> BtbN: no wonder, now it takes half an hour to solve it on desktop pc, lol

15:59 <BtbN> takes around 10 seconds for me

15:59 <BtbN> as opposed to being near instant before

16:00 <kasper93> 60124 ms for me

16:01 <kasper93> and yes it is firefox

16:01 <kasper93> chrome is 10 times faster

16:01 <BtbN> "Done! Took 15908ms, 896799 iterations" in Firefox

16:01 <BtbN> it's also random, so can be much faster or much slower

16:01 <BtbN> but 10-20 seconds is what I observed so far

16:01 <kasper93> *shrug*

16:02 <kierank> Lol

16:02 <kasper93> I get 65kH/s in firefox and 340kH/s in chrome

16:03 <kasper93> why do I still use firefox...

16:03 <Lynne> takes about 20 seconds on my laptop from anubis start to page appearing, 43kh/s

16:03 <BtbN> 60k is also what I get in Firefox

16:03 <Xe> wtf is firefox doing

16:03 <Xe> that should be jumping from JIT to heavily optimized browser internals in a loop

16:04 <Lynne> maybe its the spectrev1 prevention somehow triggering?

16:07 <TheVibeCoder> on android it takes 1 minute and more

16:07 <BtbN> it's pretty much a CPU benchmark

16:07 <Xe> I'd switch proof of work to the webassembly variant but privacy browsers keep disabling webassembly for no good reason

16:07 <BtbN> can probably lower it back down to 4 now

16:07 <BtbN> well, let them be slow then

16:07 <Xe> no, they don't switch to an interpreter

16:07 <Xe> they rip it out

16:08 <Xe> and send death threats over email

16:08 <Xe> lovely people

16:08 <BtbN> I'd say at that point they can just stay locked out

16:11 <Lynne> Xe: webgpu compute + fallback

16:12 <TheVibeCoder> stop exluding DDoS actors and AI crawlers

16:12 <Xe> TheVibeCoder: this sentence makes you breathe manually

16:32 <TheVibeCoder> the writing of inflate decompression is really hard task

16:35 <BtbN> I wonder if there's a chance if these attacks are legitimate people with Macs, who get a virus.

16:35 <BtbN> Cause for being some IoT crap-routers, they solved Anubis at lvl5 way too fast I feel

16:35 <TheVibeCoder> hire pro to find truth

16:51 <kasper93> as for motivation, they might just using trac as a test target

16:51 <kasper93> or just for fun, depends how they aquired the botne

16:51 <kasper93> t

16:52 <APic> Geusndheit

17:02 <kierank> TheVibeCoder: when will librempeg get useless anime

17:03 <TheVibeCoder> send PR

17:03 <kierank> We need difficulty 11

17:05 <haasn> how does this anubis thing work? is it like, the server encrypts all pages with a public key that you have to crack to be able to load the content?

17:05 <kasper93> at this point mine some eth

17:05 <haasn> s/public/random/

17:05 <haasn> ikr

17:05 <haasn> and use the mined shitcoins to pay for ddos mitigation

17:06 <kierank> I love the way gitlab is "too slow" when we have trac that literally is down

17:07 <haasn> nothing is faster than a terminal showing a TUI mail client

17:07 <TheVibeCoder> mkver: are you using codebot now?

17:07 <mkver> Why not?

17:08 <TheVibeCoder> isnt codebot softworkz thing? just asking, looks little strange to me.

17:10 <kierank> haasn: except when half the emails don't arrive

17:10 <haasn> ffmpeg-devel goes straight to the spam folder on my end

17:12 <kierank> TheVibeCoder: move to forjego immediately

17:13 <TheVibeCoder> you mean codeberg?

17:13 <TheVibeCoder> i might create mirror there

17:14 <jamrial> Mercurial

17:15 <TheVibeCoder> not git

17:15 <kasper93> forjego behind cloudflare, solved

17:16 <TheVibeCoder> anubis behind forjego, behind cloudflare

17:19 <TheVibeCoder> and than cloudflare behind captcha

17:21 <kasper93> captcha doesn't work

17:24 <cone-469> ffmpeg Marth64 master:f66ae1ba24fd: avformat/dump: lowercase 'Start' prefix for start offset

17:24 <cone-469> ffmpeg Marth64 master:693703bcdbfd: avformat/dvdvideodec: remove unused has_cc field

17:24 <cone-469> ffmpeg Marth64 master:f8c8e1f39da0: avformat/dvdvideodec: fix seeking on multi-angle discs

17:24 <cone-469> ffmpeg Jack Lau master:8fc91ea93633: avformat/hls: fix typo in Range header comment (chore)

19:00 <TheVibeCoder> cant have cool things because of forgejo

19:49 <TheVibeCoder> michaelni: you are required to post all your changes to/from almpeg to public place

20:12 <fflogger> [newticket] iyesin: Ticket #11636 ([undetermined] Panic on basic encode of rgb48, 12 bpc images within ffmpeg) created https://trac.ffmpeg.org/ticket/11636

20:28 <fflogger> [editedticket] oromit: Ticket #11636 ([undetermined] librav1e panicking on basic encode of rgb48, 12 bpc images within ffmpeg) updated https://trac.ffmpeg.org/ticket/11636#comment:2

20:39 <fflogger> [editedticket] jamrial: Ticket #11636 ([undetermined] librav1e panicking on basic encode of rgb48, 12 bpc images within ffmpeg) updated https://trac.ffmpeg.org/ticket/11636#comment:3

21:49 <fflogger> [editedticket] iyesin: Ticket #11636 ([undetermined] librav1e panicking on basic encode of rgb48, 12 bpc images within ffmpeg) updated https://trac.ffmpeg.org/ticket/11636#comment:4

21:58 <fflogger> [editedticket] oromit: Ticket #11636 ([undetermined] librav1e panicking on basic encode of rgb48, 12 bpc images within ffmpeg) updated https://trac.ffmpeg.org/ticket/11636#comment:5

22:01 <fflogger> [editedticket] iyesin: Ticket #11636 ([undetermined] librav1e panicking on basic encode of rgb48, 12 bpc images within ffmpeg) updated https://trac.ffmpeg.org/ticket/11636#comment:6

22:09 <fflogger> [editedticket] iyesin: Ticket #11636 ([undetermined] librav1e panicking on basic encode of rgb48, 12 bpc images within ffmpeg) updated https://trac.ffmpeg.org/ticket/11636#comment:7

22:45 <michaelni> TheVibeCoder: https://www.gnu.org/licenses/gpl-faq.en.html#GPLRequireSourcePostedPublic

23:44 <cone-378> ffmpeg Tristan Matthews master:0d9f680b698b: checkasm: h264dsp: test luma_dc_dequant

23:44 <cone-378> ffmpeg Lidong Yan master:b65fece0aa93: avformat/rtmpproto: fix rmtp packet leak in gen_connect()

23:44 <cone-378> ffmpeg Tristan Matthews master:5ea3adfcf92a: checkasm: add checkasm_check_dctcoef