This is a most excellent place for technology news and articles.
CF aside, I'm not the biggest fan that Ladybird decided on Swift, since it's such an Apple-centric language. Wish they'd sponsored Servo instead.
Servo kinda died when the main people left
Swift is open source (Apache 2) and is a very pleasant language to work with. I would have gone with Rust, personally, but I can’t fault anyone for choosing Swift. It’s a very underrated language.
Ladybird instead of Servo? And then some obscure desktop environment? What the fuck are they even trying to achieve here? We already got some big names and they're betting on the small ones?
Ladybird has been a serious competitor for months, and its ideology is excedingly good and user-oriented, so thats why
Idk why they sponsored Omarchy, but it looks cool, altough I dont see what they'll get from that
Omarchy is a Linux distro.
And I think ladybird is a bit larger of a project than servo, and they can't sponsor every single browser engine.
Ladybird needs to be careful who they accept money from
Cloudflare PR. Fuck them. Blocking VPNs from accessing websites is very open web of you.
Cloudflare blocks VPNs at the request of whoever is running the server. There are tons of websites running on Cloudflare that work with VPNs.
Exactly. My employer uses Akamai, which is larger than Cloudflare. Akamai provides the ability to block traffic from Tor, traffic from VPNs, traffic from any countries you desire, and so on. They also provide managed lists of countries listed in things like ITAR so you can easily block them if you want.
Nope. Cloudflare use a complex set of fingerprinting tools that determine security scores. It's literally social credit system for web user agents and the site admits have little control over that.
While true that there are security scores, the site admins set which score (if any) to block at. So, they do have control over that. Same goes for the bot fight mode as well. So, site admins do have control over whether or not to block based on the associated score, just not over the calculation itself unless configured otherwise.
The control is very limited unless you're enterprise subscriber and even then CF is super sneaky and doesnt actually report the real world. I had a few clients where they were clearly suffering losses due to cf implementation (you could literally see sales dip when cf is enabled) but they didnt believe me because cf dashboard doesn't report false positives or anything of that sort and they had no in house analytics to really understand the issue.
It's literally not limited. If you don't put a WAF rule based on the score then it doesn't get blocked based on the score. It's that easy. I've got clients and my own site on Cloudflare, so I know how it works. You don't even need the pro subscription to do that.
You control the score but not how its calculated. My score is incredibly high just because I'm on Linux with Firefox - how important is that to you as an e-commerse site admin?
I said that in my original comment:
just not over the calculation itself
If you don't use the score, it's not a factor. I don't use the score at all for my clients. You are not required to use it.
Not sure what does have to do with the fact that cf providers no metrics of false positives but sure.
I'm not sure why you're trying to bring that up when this comment of yours is what I've been responding to the entire time:
Nope. Cloudflare use a complex set of fingerprinting tools that determine security scores. It's literally social credit system for web user agents and the site admits have little control over that.
Cloudflare does force nor opt in site admins to use the score. You said that site admins have little control over that. That is not true, because site admins do not have to use the score when configuring WAF. If they do not configure blocking based on score, they do not block the scored traffic at any point, no matter the score.
Your comment before this one said:
You control the score but not how its calculated. My score is incredibly high just because I'm on Linux with Firefox - how important is that to you as an e-commerse site admin?
So I said that the score doesn't matter if you don't block based on score. Since my client with an e-commerce site isn't configuring any WAF rules based on the determined score, then it isn't important to me (as a site admin plus their Cloudflare administrator), because it's not a factor at all.
Now, if you were to enable the rule to block based on score then it could certainly affect users, because it was configured to do so. It comes down to proper configuration of the tools provided. If I were going to use the WAF rule based on score (again, I don't do this, because I use other rules to check for malicious traffic), I would configure it with a managed/interactive challenge and not block them entirely. Cloudflare provides you with a percent metric based on how often this challenge is passed.
Yes but does Cloudflare provide you detailed metrics of who and when was denied access to the website? They just tap themselves on the back and admins are blindly losing customers without even knowing.
What about servo?
Perhaps Servo isn't apolitical enough. 🥹
Remember, technology is political and our major technology-related problems are political, not technological. We wouldn't be building alternative browsing engines if Chromium was a community-built project, unaffiliated with an ad company.
E: FWIW, this comment suggest the initial political Ladybird snafu may have been remediated.
Or maybe servo didn't mourn the fascist Charlie Kirk enough: This is Ladybird's Creator.
At least both projects funded by cloudflare support fascists. Omarchy is by DHH, who is not a good person
Or maybe servo didn't mourn the fascist Charlie Kirk enough: This is Ladybird's Creator.
Oh boy. Yeah, that's pretty clear. Anyone putting Kirk in a positive position as a genuine debater of ideas has crossed the rubicon or placating someone who has.
