G. Wozniak1d ago
Kunal Mehta

New blog post: Do-the-work instead of proof-of-work, for Git hosting

https://blog.legoktm.com/2026/06/14/do-the-work-instead-of-proof-of-work-for-git-hosting.html

On https://git.legoktm.com/ I am now running a fully client-side Git repository viewer; on the server-side it is entirely static hosting, which makes it super cheap.

I hope this is a useful proof-of-concept as an alternative to (IMO wasteful) solutions like Anubis and provides better user privacy in the process.

#Git #WebAssembly #Rust #SelfHosting

Do-the-work instead of proof-of-work, for Git hosting - The Lego Mirror

The insane rise in scrapers across the web has affected a number of websites, including Git repository hosters. The main response has been to set up software like Anubis, which uses a proof-of-work system to limit who can access the website. While I don't fault overburdened sysadmins for enabling Anubis…

Jun 14 at 6:32pmWeb
Show threadGabriel  2d ago

@legoktm interesting! For publicly unauthenticated views that makes a lot of sense 👍🏻

I’d still keep server-side rendering for authenticated calls, for performance, cacheability and overall UX ; but for public views 💯

Show threadKunal Mehta2d ago

@Crocmagnon thanks :)

this is mostly aimed as an alternative to Anubis-like proof-of-work challenges; I would expect that private, authenticated sites don't need that because the login wall already provides protection

Show threadDr. David McBride (dwm)2d ago
@legoktm This is really cool. :)
Show threadCassandrich1d ago
@legoktm This is cool but I also hate it. Offloading work from serverside C where it has effectively zero cost except at slopbot DDoS scale to deeply virtualized js environment clientside where it takes 100x the resources, not even counting network traffic to do the deep inspection needed for some presentation ops.
Show threadKunal Mehta1d ago
@dalias I don't think you're wrong, but keep in mind you're comparing something with 20 years of sophisticated performance optimization work behind it with a prototype I put together in 2 weeks :-)
Show threadtaavi 1d ago

@legoktm oooh. some scraper changed something and now after being fine for the past while my cgit has been falling over in the past week or so and i've been procrastinating on doing something to it, so perfect timing :D

(also, can haz ipv6 for blog.legoktm.com and git.legoktm.com?)

Show threadKunal Mehta1d ago
@taavi hmm, I think I've fixed IPv6? I have a wildcard AAAA record for *.legoktm.com, but git + blog subdomains had legacy A records w/ no AAAA record that I guess masked the wildcard one? So I deleted the individual A records.