I had to go look this up since I don’t use Discord, and I think I just had my first old person moment. $10 for a freaking frame around your avatar? What in the hell?

Perhaps I’m just old, but picking the color of your profile is all zoomers wanted?

I mean shit, I’m not going to be happy until I can have auto-playing music on my profile.

Well, people are trying to do just that. Small team and moves slowly, but slow progress is still progress.

The captcha stuff is customizable, but yeah, you have to pay. The issue is that they have, in the past, shipped breaking changes in their default rules that made huge messes, and a huge portion of their customer base just uses the defaults. They’ve gotten better at this, but again, there’s nothing other than their testing to prevent it in the future.

Also based on experiences doing infosec stuff, I can also say that there’s ABSOLUTELY a huge portion of “admins” that think more security is more betterer, and configure shit in a way that breaks so many things then get mad that they did that; there’s a LOT of depth you have to understand to configure something like Cloudflare’s WAF properly, and way too many admin types just don’t fully understand the impact of any particular thing is and get way way way waaaay too restrictive and then get mad that it breaks things.

The SSL offload requires you to trust your vendor, and agree that the odds that they’re doing anything suspicious is likely zero: their business would damn near instantly implode if they got caught. But, again, you’re trusting policy and procedure to keep people out of data.

I think there’s a LOT of bias against “MITM” meaning “malicious”, and Lemmy ranging from very left to leftish, a huge bias against big tech (which, imo, is 100% warranted and totally earned by decades of shitty behavior) which shows up as a ‘Cloudflare is bad because the MITM your traffic’ lacking the nuance that, well, every WAF and a heck of a lot of caching CDNs do that because that’s how it works.

#1 is by and far the cause I see when people ask me ‘why did thing break?!’

There’s a lot of ‘Well, I edited the registry and then deleted these two files and installed this 3rd party software so that it looks like it did in Windows XP!’ floating in my circles, which almost entirely correlates to the people who are mad that their install is, yet again, broken/not working as expected/having weird problems.

Of course, people are doing this because Microsoft can’t stop shitting up Windows in a way that annoys people, and thus leading them to do things that maybe aren’t the best idea.

So, in summary: it’s a land of contrasts, but stop adding bullshit nobody wants Microsoft.

I’m not opposed to them, but a lot of people on Lemmy have pretty strong opinions, primarily around the centralization around, and potential of MITMing data.

I don’t think they’re wrong, because the centralization has given Cloudflare a shocking amount of power over who sees what and how: they, for example, will put you in captcha hell if you’re using certain browsers, connecting from certain networks, or using TOR. I don’t ever run into those issues, but they’re certainly ones that happen to people often enough that a quick search will find story after story of people that run into this mess, and that it’s sometimes annoying and painful to dig out of when and if it happens.

And, due to how their service works and the way the certificates are handled, they are essentially MiTMing your traffic. The certificate chain between your client and cloudflare and cloudflare and your server, depending on how exactly you’ve configured it, can be done in such a way that there’s a re-encryption happening with them in the middle, and thus, Cloudflare can see all your data.

I’ve met their CEO and VP of Safety and worked extensively with them in a previous job and don’t actually believe they’re doing anything untowards, but the fact is that they, if they so desired, absolutely could.

I use their stuff on anything I setup for public access, either via an argo tunnel or their more traditional CDN stuff, but I can understand why other people concerned about user blocking and privacy (which are less of a venn diagram of users impacted, and more of a single circle: the privacy people are usually using browsers, addons, and VPN connections that are directly the cause of the block) wouldn’t be Cloudflare fans.

Yeah this makes me so very very happy I do not use Facebook or Instagram, because that sounds like an absolutely awful experience which would make me very very annoyed.

Nah, was mostly just making a joke about the other old tech that Japan was notorious for still using.

Also, I’m really confused WHY eFax is fine but email isn’t? I mean, once you lose the verifiability of the phone logs that say your doctor called you at 2:15pm and send 3 pages of shit, uh, you might as well just email a PDF. (Note: I’m in the US and the ‘verifiable transmission’ thing was why/how we did it for a long time, but that died in about 10 seconds when someone figured out that email was cheaper.)

I know we hate Cloudflare, but that’s a good feature addition.

Went to turn it on on the domain covering some of my stuff, and they also directed me to their Radar site, which shows the volume of and which bots are making the most noise, and not the least bit shockingly, it’s AI bots all the way down.

If nothing breaks I’m totally leaving this on and Amazon, Google, and OpenAI can all go screw themselves.

If all you need is for it to go ‘I turned on the light’, they’re fine. I wouldn’t expect to use them for anything more detailed or music-oriented.

I played with a couple and went with searxng, because I was happiest with the results I was getting back from it compared to the other ones (or, for that matter, a normal Google or Bing search).

I’ve accomplished this with the Atom Echo and they work… fine?

The speaker is essentially inaudible, but the mic works well enough for me to just yell at HomeAssistant to do things.

And hey, can’t beat the size/price/power footprint and the deployment with ESPHome takes like, 30 seconds.

Did they send everyone a fax to let them know that floppies are no longer used?

Honestly this sounds like something that OnlyFans should do, as a public service.

I have watchtower configured to update most, but not all containers.

It runs after the nightly backup of everything runs, so if something explodes, I’ve got a backup that’s recent and revertible. I also don’t update certain types of containers (databases, critical infrastructure, etc.) automatically so that the blast radius of a bad update when I’m not there doing it is limited.

In the last ~3 years I’ve had exactly zero instances of ‘oops shit’s fucked!’, but I also don’t run anything that’s in a massive state of flux and constantly having breaking changes (see: immich).

It’s only illegal to steal if you can’t afford to buy Congress.

It’s the era of the golden rule: he who has the gold makes the rules.

175 million bots, all letting each other know that there’s pussy in bio.

Yeah and as the article mentions, they’re not talking DAU/MAU numbers.

Which means 175 million is a big ol fat marketing lie.

I’d love to see how many people actually do more than use it once then go ‘meh’ and go back to scrolling instagram.

Agreed. As much as I understand the urge to build your own shiny new thing, I’d pay real actual human money for someone to take Blink, and put it in a non-lobotomized, non-enshittified, non-garbage UI that has things like a self-hosted sync server, built-in adblock/noscript/etc, and the ability to use extensions for things like password managers.

But no crypto stuff, no gaming stuff, no VPN services, no browser password managers, no sponsored links, no sponsored default search engines, no email client, blah blah blah.

Browser, adblock, self-hosted sync, done.

Hilarious, I suppose, given the origins of Chrome and that it was a team of people sitting down to make a new browser from the specs.