L'article relate la gestion des bots d'IA: ils sont devenus un enfer depuis quelques temps.

Un site web ne se résume pas à des fichiers statiques : beaucoup de pages HTML sont générées dynamiquement par des CMS ou frameworks comme WordPress, Symfony ou Python. Chaque visite peut donc consommer du CPU, de la RAM, des accès base de données et de la bande passante. Quand des visites massives ou illégitimes arrivent, elles peuvent ralentir les sites des clients hébergés.

Jusqu’en 2023, les principaux robots étaient surtout des crawlers classiques comme Googlebot ou Bingbot. Certains bots mal réglés, comme Ahrefsbot, pouvaient poser problème, mais ils étaient généralement identifiables et blocables. Certains crawlaient très mal, visitant des milliers de sous-pages inutiles ou coûteuses, contournant les caches et saturant CPU/RAM.

Au début, la défense consistait à bloquer les bots via leur User-Agent, c’est-à-dire le nom qu’ils déclarent lorsqu’ils visitent un site.

Ensuite, certains bots ont commencé à se cacher derrière de faux User-Agent, en se faisant passer pour de vieux navigateurs ou appareils obsolètes. La stratégie de blocage consiste à interdire certaines plages IP de prestataires clairement identifiés et à bloquer certains navigateurs improbables ou représentant quasiment 0 % du trafic réel.

Cela demande du temps d’ingénieur, consomme des ressources serveur, de la bande passante, use les machines, et augmente donc les coûts continuellement.

Dernièrement en 2025, les bots ont commencé à avoir des IPs résidentielles et des User-Agent crédibles. Octopuce cite le cas d'un crawler sauvage utilisant 1,3 million d’adresses IP distinctes en deux semaines, dont 950 000 n’ont fait qu’une seule requête. Ces nouveaux crawls utiliseraient des téléphones Android via des applications douteuses permettant de monétiser la bande passante des utilisateurs. Cette méthode est illégitime et sûrement illégale.

Octopuce conclut sur l'utilisation d'Anubis comme parade partielle, mais aucune solution n'existe actuellement. Ce coût de l'IA n'est pas prise en compte dans le bilan environnemental réel des services d’IA.

The migration to Codeberg is really easy.

After 20 years of programming, they started its own business.

• Fresh Mayhem — interactive learning HackRF + PortaPack compatible dashboard
• Free Willy — LLM-powered Flipper Zero compatible dashboard control from your desktop
• Claude Conductor — 300+ stars on GitHub, open source
• Claude Anchor — persistent memory framework for Claude Code
• Pager themes — custom theme that is compatible with the Hak5 WiFi Pineapple Pager
• The Rusty Suite — a growing family of privacy-first desktop apps, $10/mo for everything

6.6kW of power with 18 panels.

Bloquer les IPs lisant des wordpress douteux, des .php sur un site statique, etc...

The AI is a capable to build product from scratch, up to a limit.

A good use of <picture>, sparingly creating a system to fetch the main content of the page, minification, image optimization of all formats,

The final product was lightning-fast even on the weakest data connections and most underpowered devices. Showing it off at trade shows, we found that competitive products were still displaying a loading spinner when our application was already loaded, rendered, and running.

Does ADHD folks ever feel restless or worried when they’re not being productive? It takes few forms.

1. You’re bored, but can’t find anything to make you not bored, and you have shit to do, but none if it is fun/stimulating, so…. angst!
2. Internalized ableism, in that you’re overstimulated and want to sit around and do absolutely nothing, but society makes you feel like shit for doing so.

Both create anxiety (nervous or angst from the german language)

A new standards compliant HTML5 parser in pure python code

Lessons from maintaining an open source tool:

1. Simplicity is a feature
2. Real users reveal problems
3. open source is a marathon

Yet through all these changes, the need for efficient HTML delivery remains constant. That's perhaps the most interesting lesson: fundamental problems persist even as technologies evolve.

Dioxus is the promise of having a single code base for your mobile apps and web apps and desktop apps.

The project goal is to be a real fullstack framework. A single code base for the client and for the server.

After server side rendering and client side rendering:

So boom, third generation, full stack, best of both worlds. We do the render on the server like before, and we stream it to the client, which can display it as it’s being received. But alongside that rendered HTML, the server also sends the structured data that it used to render the HTML.

Now the whole point of having the server stream markup is that we can show it early before the app is even loaded on the client.

Dioxus offers many hooks prefixed use_ to add reactivity. "If you break the rules of hooks, you don’t get a build error or even a runtime error. You just get a weird behavior, which can be hard to debug."

A second issue is

So does Dioxus spark joy? Not yet. In the meantime, I’ll be doing Rust on the backend, and TypeScript on the frontend.

The Dioxus team is doing a lot of hard, interesting work. They have a Flexbox implementation that they’re sharing with Servo. They’re doing their own HTML and CSS renderer now to make desktop applications without a full-fledged web engine.

The "cloud" is really some else's computer. By contrast, local doesn't just mean the laptop you're holding. It includes anything you own and control: PC, server, NAS.

I love the diagram :smile:

Not because I want to avoid cloud-like features, but because local gives me the same benefits without giving away control.