"A lot of hacking groups, terror organizations and other malicious actors have been using cloud flare for a while without them doing shit about it. ... It's their business model. More DDoS means more cloudflare customers, yaaay."
I've not spent much time on this topic but I am very interested in the notion that a well-meaning third party established some kind of looking glass that surveyed cloudflare behavior and that third party was sued ?
That is roughly the Mar-a-lago accord idea, but the both the financial leverage for that and the negotiating tactics have been completely mismanaged if that's the goal, it really doesn't make any sense.
I built up a lot of expectation that this article was going to be self-referential and link to a hidden well of info. At the very least it ought to link to one example of such an article so we know you aren't describing something theoretical.
I don't feel bad for being unable to conceive of the "navigation bar" containing a link to the page's real content. That's the most effective camouflage possible.
We speak of an arms race between cloudflare and (bad actors) that results in unintended consequences for end users and independent browsers ... and we need to stop.
There is an arms race: between end users and cloudflare.
The fact that a human chimes in on a HN discussion carries no information.
We continuously scrape a sizable number of ecommerce sites and have had no trouble whatsoever bypassing CloudFlare's antibot technologies.
CloudFlare representatives often defend user hostile behaviour with the justification that it is necessary to stop bad actors but considering how ineffective cloudflare is at that goal in practice it seems like security theatre.
We’ve worked across a number of equivalent anti-bot technologies and Cloudflare _is_ the AWS of 2016. Kasada, Akamai are great alternatives and are certainly more suitable to some organisations and industries - but by and large, Cloudflare is the most effective option for the majority of organisations.
That being said, this is a rapidly changing field. In my opinion, regardless of where you stand as a business, ensure abstraction from each of these providers is in place where possible - as onboarding and migrating should be table stakes for any project or business onboarding them.
As we’ve seen over the last 3 years, platform providers are turning the revenue dial up on their existing clientele.
It's success as a business aside, at a technical level neither Cloudflare nor its competitors provide any real protection against large scale scraping.
Bypassing it is quite straightforward for most average competency software engineers.
I'm not saying that CloudFlare is any better or worse at this than Akami, Imperva etc, I'm saying that in practice none of these companies provide an effective anti-bot tool, and as far as I can tell, as someone who does a lot of scraping, the entire anti-bot industry is selling a product that simply doesn't work.
In practice they only lock out "good" bots. "Bad" bots have their residential proxy botnets and run real browsers in virtual machines, so there's not much of a signature.
This often suits businesses just fine, since "good" bots are often the ones they want to block. A bot that would transcribe comments from your website to RSS, for example, reduces the ad revenue on your website, so it's bad. But the spammer is posting more comments and they look like legit page views, so you get more ad revenue.
I don't believe that distinction really exists anymore.
These days everyone is using real browsers and residential / mobile proxies, regardless of whether they are a spammer, or a Fortune 500, a retailer doing price comparison of an AI company looking for training data.
Random hackers making a website to RSS bridge aren't using residential / mobile proxies and real browsers in virtual machines. They're doing the simplest thing that works which is curl, then getting frustrated and quitting.
Spammers are doing those things because they get paid to make the spam work.
First: this is an electrical power source with a male plug… And I understand the intelligence inside of it, but… can this possibly be code compliant? Something similar to this is often referred to as a Suicide cord …
Second: this is back-feeding electricity into the power grid and, again, I understand you can address this with onboard intelligence and millisecond switching… But I don’t think the power company cares. I don’t think there’s any way you can legally plug a power source like this Into your home electrical bus.
The OP described it as plugging into mains outlet and then, in the event of an outage, feeding power back into that mains circuit to power every outlet on the circuit.
The description was very poor. They could only feed power back into the one circuit that hardware is on, and the would also be a violation of multiple safety standards, as well as the National Electrical Code. That’s a good way to get someone hurt or killed, and to have your ass thrown in jail for sporting such a stupid device.
This is why you have lockout devices on breaker boxes, if you’re going to have an emergency generator that plugs into the same box.
Or you have automatic transfer switches that handle cutting off your feed back to the power company, before turning on any battery or power generation equipment at your site.
Take a step back and look at how it’s constructed, and what the inputs and outputs actually are. It is clear that it’s just a pretty UPS with a weird proprietary wireless communications system, and should be compared against the likes of APC and CyberPower.
This is mostly correct. One additional feature is that it can back feed when the grid is up. This allows you to save money on your energy, charging when energy is cheap or from solar and discharging when energy is expensive.
Even with solar panels, you have to have the right equipment at your meter and in the first box connected to the meter, in order to backfeed power to the grid. You can’t just slap random gear inside your house and have it start feeding current back. That would violate the National Electric Code (NEC) and could get someone hurt or killed if they thought the power was out but your equipment was providing current back onto the lines.
Good to know. I'd hate to get in trouble for merely helping out. I don't know how to do CPR but I'd definitely attempt to pull someone out from a burning car for example. If I were training for CPR this part would likely be covered in the training.
Here's the rub tho, you can still end up getting sued if for example you acted with gross negligence. An example I'd use here is you move somebody from a car wreck and injure them even further rather than waiting a few minutes for emergency response.
This is entirely going to depend on the victim and their lawyer, but they can absolutely make your life a living pain especially if they find out you have money and might just settle to make it go away.
Let's say I don't agree (and indeed I don't) - why?
My argument would be that 'tools' should be designed solely with the purpose of enabling them to work in the most effective way possible. That is often not immediately intuitive at all. Go open up e.g. Unreal Engine and you're going to struggle to do literally anything. Maybe after an hour you might figure out how to put a square on the map. The same is true of something like Maya or any other really powerful tool.
Obviously things should not be unnecessarily hostile, but it often simply turns out that there are 'revolutionary' ways to do things that weren't really done in the past, and so somebody coming from that past will often find themselves out of their domain, at least for a few moments until they learn and/or have things explained.
We’ve had cars for over a hundred years. Go drive a 1990s-era car and you’ll see how intuitive and tactile the controls are. Everything added since then are basically frills and conveniences.
A car is not a 3D modeling or game world building system. They’re functionally much simpler and don’t really benefit from added control complexity.
What he's arguing for is more complexity for sake of 'intuitiveness.' A zillion buttons for every possible action is far more intuitive than knowing you need to interact with this knob or that in this way or that, but it's certainly not less complex. It's akin to when Microsoft decided to adopt the ribbon styling for various software they develop where now the UI is cluttered with a zillion scarcely decipherable icons piled into layers upon layers of tabs.
A zillion buttons aren’t really necessary in cars. Niche functions you use once in a blue moon can stay on screens. But the basic functions of a car, like turning signals, lights, or gear shifting, require tactile, obvious, well-known interfaces. I was taught to drive on a Toyota, and my dad’s car at that time was a Ford. I did not need to re-learn how to control the basic functions of the car; even though there were some differences as to where some things are located, the controls are immediately obvious. If I get a rental Kia or Volkswagen or Nissan, I’ll be able to immediately drive it even if I’ve never driven one. But if I get a rental stalkless stickless Tesla, I’d be completely lost and need extra training.
I am reminded of this posting from years past:
https://news.ycombinator.com/item?id=38496499
"A lot of hacking groups, terror organizations and other malicious actors have been using cloud flare for a while without them doing shit about it. ... It's their business model. More DDoS means more cloudflare customers, yaaay."
I've not spent much time on this topic but I am very interested in the notion that a well-meaning third party established some kind of looking glass that surveyed cloudflare behavior and that third party was sued ?
I'd like to learn more about that situation ...
reply