Post A3m39SLK4yAIdcwGy8 by anonymouskun@fosstodon.org
(DIR) More posts by anonymouskun@fosstodon.org
(DIR) Post #A3kyy7Y0Sh7hyxFch6 by selea@social.linux.pizza
2021-01-30T07:59:05Z
10 likes, 30 repeats
Stop Using Cloudflare1. It is a GIANT man in the middle - MITM.2. Their DDOS protection is not that good.3. You are contributing to a centralized Internet.
(DIR) Post #A3l2CF89Mh3bPuaB3Q by JonossaSeuraava@layer8.space
2021-01-30T08:35:10Z
0 likes, 0 repeats
@selea can you recommend an alternative? Preferably something from this list https://doc.traefik.io/traefik/https/acme/#providers so I might actally have the energy to switch.
(DIR) Post #A3l2Mn2Q9V4NTWvpvE by selea@social.linux.pizza
2021-01-30T08:37:11Z
0 likes, 0 repeats
@JonossaSeuraava For HTTPS?Basically any webserver toghether with Let's Encrypt
(DIR) Post #A3l3GyRgvToz4WXhNA by JonossaSeuraava@layer8.space
2021-01-30T08:47:15Z
0 likes, 0 repeats
@selea For what ever reason I switched to traefik to handle HTTPS stuff and I really don't have the energy to switch to something else. Buuuut https://desec.io seems like at least better than cloudflare drop in replacement option.
(DIR) Post #A3l7JSkRdITbRukxhw by daniels@fosstodon.org
2021-01-30T09:32:31Z
0 likes, 0 repeats
@selea I can't use some "important" sites, because strict privacy settings within Firefox blocks cloudflare.Also some sites only work partial, because Google APIs are also blocked.We need to get back to a decentralised web! Also people keeping up with central CDNs: Firefox now also added separated caches. They just don't work the way people still think.
(DIR) Post #A3l9FCgDdEJ6MfsPpY by ekaitz_zarraga@mastodon.social
2021-01-30T09:54:13Z
0 likes, 0 repeats
@selea 4. People using not very common browsers can browse your site if you have Cloudflare.Example: Me, an Icecat user (it's just a firefox fork! goddammit!).
(DIR) Post #A3lBB2oyXo5UXR7K1Q by selea@social.linux.pizza
2021-01-30T10:15:52Z
0 likes, 0 repeats
@JonossaSeuraava The Link you shared is a DNS-service and dont have anything to do with https
(DIR) Post #A3lCWiTkxNjVlz5dDs by panigrc@mastodon.social
2021-01-30T10:30:57Z
0 likes, 0 repeats
@seleaI am using #CDN - not Cloudflare - for delivering images because my website is on a shared host and I think it makes my website load faster.Do you think I should stop using it?
(DIR) Post #A3lDBMtQ7NbMhKTi5Y by efi@chitter.xyz
2021-01-30T10:38:18Z
0 likes, 0 repeats
@selea 4. it now requires tracking cookies in order to serve your website at all
(DIR) Post #A3lDDMu537oBJHjzKi by JonossaSeuraava@layer8.space
2021-01-30T10:38:38Z
0 likes, 0 repeats
@selea No but yes. Letsencryp has dns challenges and at the moment traefik is dealing with those using cloudflares api. I think. I really don't actually know nor do I want to at the moment.As I understand it in onder for me to get away from cloudflare dns service is exactly what I need in this situation.
(DIR) Post #A3lDNw3dCbdbEaFMem by leonidas@libranet.de
2021-01-30T10:39:58Z
0 likes, 0 repeats
+ not Tor friendly
(DIR) Post #A3lSjAwkXUEanzc8US by benoit@toots.benpro.fr
2021-01-30T13:32:24Z
0 likes, 0 repeats
@selea Their latency is fucking good. Especially Argo Tunnel.
(DIR) Post #A3lXN5H9RUiAcKRTUW by GNUxeava@fedi.absturztau.be
2021-01-30T14:24:51.584325Z
0 likes, 0 repeats
@selea also they use hCaptcha which never works
(DIR) Post #A3lZI5ubqg9X3FeAJk by Tom@bollocks.social
2021-01-30T14:14:35.340124Z
0 likes, 0 repeats
@selea what would your suggestion be?Genuine noob question.
(DIR) Post #A3lZI6JmL6HmJJQGY4 by selea@social.linux.pizza
2021-01-30T14:45:55Z
0 likes, 0 repeats
@Tom Why do you need cloudflare?
(DIR) Post #A3lZRPcVwZ7EmVcsMK by crunklord420@kiwifarms.cc
2021-01-30T14:48:02.713216Z
2 likes, 0 repeats
@selea @Tom because trannies keep trying to DDoS me.
(DIR) Post #A3lh4uhsztpQASvC0O by lyrabon@equestria.social
2021-01-30T16:13:10Z
0 likes, 0 repeats
@selea 🍬 Which companies offer better protection rackets against DDoS attacks? 🍬
(DIR) Post #A3llGWfGbxh8tTUNbk by chiraag@mastodon.online
2021-01-30T16:27:16Z
0 likes, 0 repeats
@GNUxeava @selea I mean, better than using reCaptcha though, right?
(DIR) Post #A3llGXASjyeGSE5IES by GNUxeava@fedi.absturztau.be
2021-01-30T17:00:30.763803Z
0 likes, 2 repeats
@chiraag @selea yes. It blocks 100 per cent humans and bots.
(DIR) Post #A3lq5eNo4dR9PvxJDs by fcktheworld587@social.linux.pizza
2021-01-30T17:54:13Z
0 likes, 1 repeats
@selea I'm having enough trouble trying to convince people that Amazon and Google might not have their best interests at heart. I don't think I'll ever get around to red-pilling people on CloudFlare, unfortunately 😩
(DIR) Post #A3lreggFcinCdGqzCa by selea@social.linux.pizza
2021-01-30T18:11:49Z
0 likes, 0 repeats
@fcktheworld587 I wont stop doing until people realize it.
(DIR) Post #A3lsrb9ZaHdBD2Hyee by qorg11@society.kalli.st
2021-01-30T18:25:41.278426Z
1 likes, 1 repeats
@selea And they decrypt the SSL traffic!
(DIR) Post #A3lwSnBq5xk17JmBNo by jonn@social.doma.dev
2021-01-30T19:05:16Z
0 likes, 0 repeats
@qorg11 @selea Proofs?
(DIR) Post #A3lwSnhkBLGIiGhf72 by qorg11@society.kalli.st
2021-01-30T19:05:58.286485Z
0 likes, 0 repeats
@jonn @selea How can they know your user agent if they don't decrypt the SSL?
(DIR) Post #A3lwT1xrAET8wILjAe by jonn@social.doma.dev
2021-01-30T19:05:55Z
0 likes, 0 repeats
@qorg11 @selea oh, it's in the docs: https://support.cloudflare.com/hc/en-us/articles/204144518-SSL-FAQ
(DIR) Post #A3m39SLK4yAIdcwGy8 by anonymouskun@fosstodon.org
2021-01-30T20:20:24Z
0 likes, 0 repeats
@qorg11 @selea could ephemeral key rotation be a workaround for that?
(DIR) Post #A3m39SnKOqZC2U2dcW by qorg11@society.kalli.st
2021-01-30T20:20:55.743972Z
0 likes, 0 repeats
@anonymouskun @selea no
(DIR) Post #A3m8BJ2k7qp095wwsa by selea@social.linux.pizza
2021-01-30T21:16:58Z
0 likes, 0 repeats
@qorg11 @jonn Or how could they inspect the traffic against bad requests?
(DIR) Post #A3m8PBkm1f2TahAFuK by jonn@social.doma.dev
2021-01-30T19:10:21Z
0 likes, 1 repeats
@qorg11 @selea I didn't care too much for cloudflare until I read this.That's kind of huge though. I can't wrap my head around why is this the only architecture possible, but if someone would pitch me the idea of MITMing their users, I'd say that it will never fly.Intuitively, it's just not a valid SaaS model. I'd say that they're better off selling their classifiers for active use inn their customers' load balancers.But sadly the world is the way it is. :D
(DIR) Post #A3mFXSPGh1unEezlsO by iankenway@qoto.org
2021-01-30T22:39:44Z
0 likes, 1 repeats
@selea Cloudfare is just one more example of how the internet needs to be utterly decentralised. We don't need Silicon Valley and its like. The internet should be absolutely peer-to-peer, an unmediated utility!
(DIR) Post #A3mRU9mUgU8W3E3GHw by zigpress@fosstodon.org
2021-01-31T00:53:14Z
0 likes, 0 repeats
@selea 1. No, it's not.2. It's pretty good.3. Maybe. Not a huge issue for me.
(DIR) Post #A3mYF8NsIOWR3NJtvU by chiraag@mastodon.online
2021-01-30T17:05:18Z
1 likes, 0 repeats
@GNUxeava @selea lol. But also, reCaptcha gives Google too much power, so…
(DIR) Post #A3nEhTBSkh9HkJhyc4 by selea@social.linux.pizza
2021-01-31T10:04:44Z
0 likes, 0 repeats
@zigpress 1. It is in their Docs2. It is easy to circumvent3. It should be.
(DIR) Post #A3nKsMYeKLzi6e8C3M by selea@social.linux.pizza
2021-01-31T11:14:00Z
0 likes, 0 repeats
@panigrc Not really actually, using a CDN to deliver static content is way different to sending credentials via a third party
(DIR) Post #A3nXKc05hjoDYiCfb6 by finlaydag33k@social.linux.pizza
2021-01-31T13:33:31Z
0 likes, 1 repeats
@selea Already done this in June when they went down :p
(DIR) Post #A3ndrZs5F08cEjYnyq by raimondaslapinskas@libranet.de
2021-01-31T14:46:04Z
0 likes, 0 repeats
use https://www.freenom.com/ as alternative
(DIR) Post #A3nfHxJUo2aiQNWYsq by mmn@mastodon.sdf.org
2021-01-31T15:02:34Z
0 likes, 0 repeats
@selea it would be interesting if there was a better equivalent service. I have a BBS with a Web front end that I'm forced to use CF with to front end it to block shitty bots, and I have to have the security settings really high. For DNS I use he.net but started to look at desec.io to favour EU solutions over US conglomerates
(DIR) Post #A3no3kTUduS28gV6mW by finlaydag33k@social.linux.pizza
2021-01-31T16:41:16Z
0 likes, 0 repeats
@iankenway I don't think going fully P2P won't be the solution either since it's difficult to do...Think about stuff like authentication/authorization, that'd be a pain if everything was fully P2P...
(DIR) Post #A3nqKa5ehlmilOVMvo by selea@social.linux.pizza
2021-01-31T17:06:27Z
0 likes, 0 repeats
@mmn How can you use Cloudflare without using their DNS-service?You could just actually block all bots, or manually block the malicious ones.
(DIR) Post #A3o1aJwBcwXsnOmeAK by mmn@mastodon.sdf.org
2021-01-31T19:12:25Z
0 likes, 0 repeats
@selea I have to use their DNS for the BBS domain. Manually I don't really have time for, and that's not even counting all the ones that smash the telnet ports. That's why I'm stuck with cloud flare to be harsh on Web users, it's rather good at it even though as a whole it's unsavory
(DIR) Post #A3oJasQvAg0YxPZg36 by iankenway@qoto.org
2021-01-31T22:34:35Z
0 likes, 0 repeats
@finlaydag33k How much do tou know about the SAFE Network? https://safenetwork.org/
(DIR) Post #A3oKzv2Oj0C8EEbncG by finlaydag33k@social.linux.pizza
2021-01-31T22:50:21Z
0 likes, 0 repeats
@iankenway I don't know much about it... but how does it handle user authentication? how does it handle authorization (eg. only accounts with a certain role have access to certain things)?It's probably nice for "simple" sites that don't use any of that... but for sites that do, it can likely become a mess quite quickly...Just assumption though...
(DIR) Post #A3oMS8FZIKzbGimn9E by iankenway@qoto.org
2021-01-31T23:06:38Z
0 likes, 0 repeats
@finlaydag33k Perhaps you should first check out this first: https://safenetwork.tech/and perhaps then take part in this forum:https://safenetforum.org/
(DIR) Post #A3oMYSvHLZHD7bJdaK by iankenway@qoto.org
2021-01-31T23:07:49Z
0 likes, 0 repeats
@finlaydag33k Perhaps you should first check out this: https://safenetwork.tech/and then perhaps take part in the relevant forum:https://safenetforum.org/
(DIR) Post #A3pHCN1AJe5vp8fqN6 by InfoSecLibSoc@hispagatos.space
2021-02-01T09:41:28Z
0 likes, 0 repeats
@selea open source alternatives?
(DIR) Post #A3pRAoc7k5OiNFrGoy by selea@social.linux.pizza
2021-02-01T11:34:01Z
0 likes, 0 repeats
@InfoSecLibSoc What do you need?You have Let's Encrypt, any webbserver/reverseproxy, any DNS-provider/DNS-software basically.
(DIR) Post #A3qhamKQeenxEvwYsa by 0PT41N@fosstodon.org
2021-02-02T02:12:35Z
0 likes, 0 repeats
@selea Already Have. I use Quad9 🌐 🤙
(DIR) Post #A3rbmfpmDmtW0Qr4hE by selea@social.linux.pizza
2021-02-02T12:42:21Z
0 likes, 0 repeats
@mmn I stumbled upon this:https://github.com/mitchellkrogza/apache-ultimate-bad-bot-blocker
(DIR) Post #A3rboMVB4Lo2cx1bfM by aspie4K@aspiechattr.me
2021-02-02T02:15:39Z
0 likes, 0 repeats
@0PT41N @selea does Quad9 DNS bypass Cloudflare? Curious about the tech deets on that.
(DIR) Post #A3rboN0NCMlABhcWI4 by selea@social.linux.pizza
2021-02-02T12:42:42Z
0 likes, 0 repeats
@aspie4K No it does not@0PT41N
(DIR) Post #A3s4Vg3D3mSYQSNz3A by rxb@mas.to
2021-02-02T18:04:08Z
0 likes, 0 repeats
@selea their DDOS protection beats anything else at the price - which is conveniently $0.I agree that their monopoly is dangerous though.
(DIR) Post #A3sSyBk3E0Y9ioYJzU by 0PT41N@fosstodon.org
2021-02-02T22:38:15Z
0 likes, 0 repeats
@selea @aspie4K Oh, Well thanks for clarifying the question 😁