Conversation

Notices

1. pistolero :thispersondoesnotexist: (p@freespeechextremist.com)'s status on Monday, 17-Apr-2023 21:20:42 JST pistolero :thispersondoesnotexist:
   Cloudflare, the internet's new single point of failure, seems very widely adopted around here. Apparently, 3,299 instances sit behind Cloudfed, 14.5% of fedi's 22,761 total instances.
   
   The same people that think Google and Facebook are evil appear to forget how Google and Facebook got where they are, and they say "B-But it's free DDoS protection! 1.1.1.1 is free DNS upstream! They're just trying to give us nice things for free!", trying to justfiy their own part in enabling the next Google.
   
   Remember: Cloudflare has IPO'd and valuation is about market capture: they will burn money until that 14.5% is 84.5% and then they start clamping down. This isn't some kind of theory, this isn't abstract, I didn't make this up. This *is* the strategy. It's not just the strategy, it's a legal obligation: once you have taken the VC money or you are a publicly traded company, you have a fiduciary duty to not misuse the shareholders' money. You take their money and you promise to do your damnedest to turn a profit, that's what stocks are. The hedge funds, pension funds, money market accounts that hold your stock, your board of directors, they can sue if you leave a dollar on the table, and your board will toss you out. You don't get blind-sided by this, either: if you're executing the strategy, you plan to see it through, and if you take that money, you are executing that strategy. It's already naive to put your trust in a third party, but it is completely retarded to trust a company that is publicly traded or that has taken a Series A.
   
   Cloudfed has already hung at least three large instances out to dry, sinblr.com because FOSTA-SESTA passed, poa.st (just the media servers; API remains behind boat-clicker), and kiwifarms.cc because of a Twitter mob. Say what you will about those instances (I don't feel like anything of value was lost when KF went down), but it's a bad precedent and if it worked once, it will be used again, and you might not like the next target. If most of the web is dependent on a single service and that service is willing to censor just because some lunatics on Twitter got mad, then we are all fucked. Amazon decides not to host you and Cloudfed decides not to provide "free" MitM services and what do you think is going to happen? Using Cloudflare gives random shareholding entities and Twitter mobs veto power over what you do.
   
   :finksmug: Here is a TSV of all the instances that live behind Cloudfed. :bezos:
   cloudfed_instances.tsv
   • xianc78, Wrongthink, matrix07012 :thotpatrol: :cunnyEmpire: and Token like this.
   • Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Monday, 17-Apr-2023 21:28:08 JST Haelwenn /элвэн/ :triskell:

     in reply to
     @p The funniest (no) things about Cloudflare:
     - They technically can read all the DMs since they are sitting in front of incoming HTTPs
     - They can choose to block instances/users/software/countries/… at will
     - The MITM offers *no* protection in ActivityPub case since you're pushing posts out from your machine, AFAIK that can't be MITM, you'd need a VPN (but honestly you do not need a VPN or Cloudflare)
     
     Meaning we have ~14.5% of tech incompetence.
     xianc78 likes this.
   • xianc78@gameliberty.club's status on Monday, 17-Apr-2023 21:45:01 JST xianc78

     in reply to

     @p This is only going to get worse with Wildebeest. At that point, instances would be no different than using custom domains on Gmail. This is why we need an anti-clouflare culture on here. Anyone using it should be shamed and have their instance boycotted. There is zero justification to use something like Cloudflare. The internet worked fine without CDNs and MiTM proxies for years.

   • 41402 (a1ba@suya.place)'s status on Monday, 17-Apr-2023 21:46:48 JST 41402

     in reply to

     • Haelwenn /элвэн/ :triskell:
     @lanodan @p the most funny thing about Cloudflare I remember is when my instance tried to fetch an AP object but dumbass Cloudflare thought it's a flood attack and served "let check your browser" page with captcha.
     xianc78 likes this.
   • sj_zero (sj_zero@social.fbxl.net)'s status on Monday, 17-Apr-2023 22:11:39 JST sj_zero

     in reply to

     • xianc78
     For instances that want some ddos protection, both nginx and apache have modules that help protect against ddos. There's also options like syn cookies.
     
     I've said many times before: There's nobody coming to save us. We can only save ourselves.
     xianc78 likes this.
   • Wrongthink (wrongthink@cdrom.tokyo)'s status on Monday, 17-Apr-2023 23:40:31 JST Wrongthink

     in reply to

     @p And here’s the list reformatted for use in a hosts file.

   • Александр (shuro@friends.deko.cloud)'s status on Tuesday, 18-Apr-2023 02:01:41 JST Александр

     in reply to

     • Haelwenn /элвэн/ :triskell:

     @lanodan @p Not sure about DMs, aren't these sent encrypted? Logins, passwords, access tokens on the other hand are exposed

     As for protection - I get why people find it tempting. Fedi software is mostly not very efficient and servers people run are often very modest and struggling under load. It doesn't take much to bring one down even by a couple of crawler bots or another malfunctioning fedi server let alone deliberate DDoS. And there's such nice free offer :)

   • 🌲Number 1 Pleroma Criminal on XBL 🇵🇱|🇺🇸 (phenomx6@fedi.pawlicker.com)'s status on Tuesday, 18-Apr-2023 02:05:41 JST 🌲Number 1 Pleroma Criminal on XBL 🇵🇱|🇺🇸

     in reply to
     @p >yiff.life is on it
     Lol lmao
   • 🌲Number 1 Pleroma Criminal on XBL 🇵🇱|🇺🇸 (phenomx6@fedi.pawlicker.com)'s status on Tuesday, 18-Apr-2023 02:06:57 JST 🌲Number 1 Pleroma Criminal on XBL 🇵🇱|🇺🇸

     in reply to

     • Soy_Magnus
     @p @SoyMagnus Amazon shot themselves in the door by raising the free limit vs Walmart etc made worse by the fact Walmart has more stores
   • pistolero :thispersondoesnotexist: (p@freespeechextremist.com)'s status on Tuesday, 18-Apr-2023 02:06:59 JST pistolero :thispersondoesnotexist:

     in reply to

     • Soy_Magnus
     @SoyMagnus
     
     > Its the one a lot of ride share (ie uber lift etc) used
     
     Everyone uses it. The meal delivery services, everyone. I mean, Amazon is still bleeding money like crazy on their grocery delivery service to try to kill Walmart/etc.'s attempts to enter the market.
   • Soy_Magnus (soymagnus@freespeechextremist.com)'s status on Tuesday, 18-Apr-2023 02:07:01 JST Soy_Magnus

     in reply to
     @p what u described in pricing terms is a predatory marketing tactic called price piercing model. Its the one a lot of ride share (ie uber lift etc) used but they compiled it with also offering drivers more money than was profitable. So they had a lower price point than they should've offered to stay afloat and payed drivers more than they should've till they crashed almost all taxi services and then they were forced to invert toae 2 figures meaning the rides were no longer worth it for customers because they were too expensiclve and it wasn't worth it for drivers because they weren't being paid enough ccompounded with all the other ride services having been ran out of business, causing a crash in transportation in places like NY and ca. I cant remember how old the article was I read about it but I'm assuming it hasn't gotten better in most places
   • test (test_1111111@kiwifarms.cc)'s status on Tuesday, 18-Apr-2023 08:55:40 JST test

     in reply to
     @p couldn't agree more on Cloudflare, I avoid it like the plague whenever possible. the fake protection placebo that people seem to get is honestly unreal, even though I'd say it's even worse than sending shit over plaintext HTTP. I even have a firefox addon installed just because. KFcc doesn't use CF we have a in-house protection solution now.
     Wrongthink likes this.
   • pistolero :thispersondoesnotexist: (p@freespeechextremist.com)'s status on Tuesday, 18-Apr-2023 17:05:06 JST pistolero :thispersondoesnotexist:

     in reply to

     • lamp
     @lamp They never provided me service. I do not care if they stop providing service to anyone, but the people using their service probably would care.
     
     > as if i can't ever move to another solution
     
     It starts that way, then there isn't another solution. You ever try to get your mail server to send email to a GMail address?
     
     Here is a copy of Thiel's book if you have trouble understanding the strategy.
     
     > who cares bruh
     
     Yeah, let's just centralize the entire internet, who cares? Let's all go back to Twitter, let's put our email on GMail, let's forget how to eat unless Amazon feeds us.
     zero_to_one.pdf
     matrix07012 :thotpatrol: :cunnyEmpire: likes this.
   • lamp (lamp@berserker.town)'s status on Tuesday, 18-Apr-2023 17:05:07 JST lamp

     in reply to

     @p boo hoo my free service provider isn't providing me free service anymore what am i gonna do. as if i can't ever move to another solution where it's as if they never existed.

     who cares bruh