Conversation

Notices

1. Embed this notice
   `Da Elf (elfin@mstdn.social)'s status on Tuesday, 25-Feb-2025 08:24:56 JST `Da Elf

   No. Imma kick this fuckers ass.

   Evolving Together: Redefining Mozilla in the AI Era

   https://www.mozilla.org/en-US/foundation/annualreport/2024/article/evolving-together-redefining-mozilla-in-the-ai-era/

   • Embed this notice
     feld (feld@friedcheese.us)'s status on Tuesday, 25-Feb-2025 08:24:54 JST feld

     in reply to

     • kajer
     @kajer @elfin
     
     > But, because cloudflare blocks waterfox as a bot browser...
     
     How are they fingerprinting it? Isn't it just the user agent? I don't understand why these Firefox forks use a different user agent. It provides zero value if websites don't need to serve you different content to render correctly
   • Embed this notice
     kajer (kajer@infosec.exchange)'s status on Tuesday, 25-Feb-2025 08:24:55 JST kajer

     in reply to

     @elfin Lol, the press release even has a big quote from the article interrupting it's own article.... useless.

     Fucking AI and ADs... Just... no.

     But, because cloudflare blocks waterfox as a bot browser... what are you going to do about it consumer? That's right nothing. 🖕

   • Embed this notice
     feld (feld@friedcheese.us)'s status on Tuesday, 25-Feb-2025 08:35:25 JST feld

     in reply to

     • kajer
     @elfin @kajer I don't believe Firefox implemented the new mechanism that Safari has (Private Access Tokens // Privacy Pass)
     
     https://blog.mozilla.org/en/privacy-security/captcha-successor-privacy-pass-has-no-easy-answers-for-online-abuse/
     
     CloudFlare has supported this in Firefox and Chrome via an extension since 2017. I wonder if installing that in your browser is enough to make the problem go away?
     
     https://privacypass.github.io
   • Embed this notice
     `Da Elf (elfin@mstdn.social)'s status on Tuesday, 25-Feb-2025 08:35:26 JST `Da Elf

     in reply to

     • kajer
     • feld

     @kajer @feld
     browser prints can be changed

   • Embed this notice
     kajer (kajer@infosec.exchange)'s status on Tuesday, 25-Feb-2025 08:35:27 JST kajer

     in reply to

     • feld

     @feld @elfin

     IIRC WaterFox, PaleMoon, and some others just don't support some of the "features" that cloudflare was using to fingerprint. There was a HackerNews thread on it a while ago.

     Cloudflare just went "oopsiewhoopsie" and basically said to pound sand since nobody uses those browsers anyway. (heavy paraphrasing, and witnessing their actions)

   • Embed this notice
     kajer (kajer@infosec.exchange)'s status on Tuesday, 25-Feb-2025 08:35:27 JST kajer

     in reply to

     • feld

     @feld @elfin
     this seems like the thread I remember... https://news.ycombinator.com/item?id=31317886

     They "fix" it then block everything a week later anyway...

   • Embed this notice
     kajer (kajer@infosec.exchange)'s status on Tuesday, 25-Feb-2025 08:36:36 JST kajer

     in reply to

     • Marcin Mikołajczak
     • feld

     @mkljczk @feld @elfin Fully agree, but the browser print should not be a factor in a place like cloudflare blocking traffic because it "might be a bot"

   • Embed this notice
     feld (feld@friedcheese.us)'s status on Tuesday, 25-Feb-2025 08:36:36 JST feld

     in reply to

     • Marcin Mikołajczak
     • kajer
     @kajer @mkljczk @elfin I want to agree with you in pricipal but it's not matching reality.
     
     User agents are still one of the best ways to stop lazy abusers dead in their tracks.
   • Embed this notice
     Marcin Mikołajczak (mkljczk@pl.fediverse.pl)'s status on Tuesday, 25-Feb-2025 08:36:37 JST Marcin Mikołajczak

     in reply to

     • kajer
     • feld
     @feld @kajer @elfin and the user agent makes the fingerprints of 'private' forks users more unique…
   • Embed this notice
     feld (feld@friedcheese.us)'s status on Tuesday, 25-Feb-2025 08:41:43 JST feld

     in reply to

     • Marcin Mikołajczak
     • kajer
     @kajer @elfin @mkljczk that only works for simpler systems than Cloudflare; it's also very easy to fingerprint the TCP handshake and TLS behavior to figure out if it's curl/wget as well as every OS/kernel and TLS library does it slightly differently
   • Embed this notice
     kajer (kajer@infosec.exchange)'s status on Tuesday, 25-Feb-2025 08:41:44 JST kajer

     in reply to

     • Marcin Mikołajczak
     • feld

     @feld @elfin @mkljczk Right, so I'll just replace my wget script's agent with safari/chrome and bypass the whole charade, making the user agent field a farce

   • Embed this notice
     kajer (kajer@infosec.exchange)'s status on Tuesday, 25-Feb-2025 08:51:48 JST kajer

     in reply to

     • Marcin Mikołajczak
     • feld

     @feld @elfin @mkljczk Point being, just because I choose to use WaterFox, doesn't mean Cloudflare determines how much of the internet I get to see.

   • Embed this notice
     feld (feld@friedcheese.us)'s status on Tuesday, 25-Feb-2025 08:51:48 JST feld

     in reply to

     • Marcin Mikołajczak
     • kajer
     @kajer @elfin @mkljczk Cloudflare literally exists to make sure that they only serve requests to blessed clients. Anything that appears slightly abnormal is denied for security reasons.
     
     We can agree all day about the morality of this and how it is an affront to the design of the internet and a direct assault on free software and freedom of choice for users, but that doesn't move the needle.
     
     The bad actors ruined this for us all and Cloudflare fulfills an important role for many businesses. These businesses are not going to lose any more money than what amounts to a rounding error because some people using a Firefox fork couldn't visit the website.
     
     Unfortunately a lot of the internet that has no business case to use Cloudflare other than their DDoS protection get caught up in this. I would say we need to educate them to stop using Cloudflare but what are the realistic alternatives?
     
     Look at what happened to Codeberg recently -- tried to not use Cloudflare as an ethical choice and got taken down by a pretty small attack.
     
     On the modern internet you better have more bandwidth than your attackers or a good DDoS protection service.
     Johnny Peligro likes this.
   • Embed this notice
     Fish of Rage (sun@shitposter.world)'s status on Tuesday, 25-Feb-2025 08:53:28 JST Fish of Rage

     in reply to

     • Marcin Mikołajczak
     • kajer
     • feld
     @feld @kajer @elfin @mkljczk I hate it too but cloudflare's policies probably match reality closer than my desires. at the end of the day cloudflare was created in response to real problems even if I hate the "solution"
     feld and Johnny Peligro like this.
   • Embed this notice
     kajer (kajer@infosec.exchange)'s status on Tuesday, 25-Feb-2025 08:54:22 JST kajer

     in reply to

     • Marcin Mikołajczak
     • feld

     @feld @elfin @mkljczk That's it, back to usenet.

     feld likes this.
   • Embed this notice
     `Da Elf (elfin@mstdn.social)'s status on Tuesday, 25-Feb-2025 08:56:12 JST `Da Elf

     in reply to

     • Marcin Mikołajczak
     • kajer
     • feld

     @kajer @feld @mkljczk

     IRC

     feld likes this.
   • Embed this notice
     feld (feld@friedcheese.us)'s status on Tuesday, 25-Feb-2025 08:56:35 JST feld

     in reply to

     • Marcin Mikołajczak
     • kajer
     @elfin @kajer @mkljczk I'm papering over the excellent (horiffic) role they play for 3 letter agencies in capturing encrypted traffic of like half the entire US internet as well haha
   • Embed this notice
     `Da Elf (elfin@mstdn.social)'s status on Tuesday, 25-Feb-2025 08:56:36 JST `Da Elf

     in reply to

     • Marcin Mikołajczak
     • kajer
     • feld

     @feld @kajer @mkljczk

     Oh fuck.

     We gonna play this?

   • Embed this notice
     feld (feld@friedcheese.us)'s status on Tuesday, 25-Feb-2025 09:13:48 JST feld

     in reply to

     • Marcin Mikołajczak
     • kajer
     @elfin @kajer @mkljczk wow you hacked the bell back in the day to erase billing charges? haha
     
     man that's such a great story, props to you for living out my Hackers fantasies
   • Embed this notice
     `Da Elf (elfin@mstdn.social)'s status on Tuesday, 25-Feb-2025 09:13:49 JST `Da Elf

     in reply to

     • Marcin Mikołajczak
     • kajer
     • feld

     @kajer @feld @mkljczk

     BBS died.

     I learned to hack SysV and trashed AT&T to keep my mom from getting thousand dollar bills.

     Walking back isn't possible.

     My friend David passed

     He wrote this series (I'm two hundred meters where he used to be CTO .. crunchy)

     https://m.youtube.com/watch?v=_ym-DEzSRA4

   • Embed this notice
     kajer (kajer@infosec.exchange)'s status on Tuesday, 25-Feb-2025 09:13:50 JST kajer

     in reply to

     • Marcin Mikołajczak
     • feld

     @elfin @feld @mkljczk EFNET is dead. I have been idle in the neg9 room for years, only ever seeing chanfix do it's thing. :(

   • Embed this notice
     `Da Elf (elfin@mstdn.social)'s status on Tuesday, 25-Feb-2025 09:24:53 JST `Da Elf

     in reply to

     • Marcin Mikołajczak
     • kajer
     • feld

     @feld @kajer @mkljczk

     * " invented free Wi-Fi this is my gift to folk.

     Cloud storage, invented that as well.

     I have my moments.

     feld likes this.
   • Embed this notice
     `Da Elf (elfin@mstdn.social)'s status on Tuesday, 25-Feb-2025 09:24:58 JST `Da Elf

     in reply to

     • Marcin Mikołajczak
     • kajer
     • feld

     @feld @kajer @mkljczk
     Ma Bell can kiss my skinny white ass.

     SS7

     feld likes this.
   • Embed this notice
     `Da Elf (elfin@mstdn.social)'s status on Tuesday, 25-Feb-2025 09:30:28 JST `Da Elf

     in reply to

     • Marcin Mikołajczak
     • kajer
     • feld

     @feld @kajer @mkljczk

     Not exceptional.

     Look.

     Taking a line is Easy Peasy.

     Frustration is that shit fucks can't understand that they're exposed.

     This is the world I live in.

     Crap, that.

     Wanna talk about China or NorK or everything else I gotta fight with?

     I don't get paid for this.

     I like to fight.

     Wallow with a pig, you get dirty and the pig likes it.

     feld likes this.
   • Embed this notice
     feld (feld@friedcheese.us)'s status on Tuesday, 25-Feb-2025 09:34:14 JST feld

     in reply to

     • Marcin Mikołajczak
     • kajer
     @elfin @kajer @mkljczk I'm too lazy to do the captions, but in this photo you're the one digging and we're all just watching in amusement
   • Embed this notice
     `Da Elf (elfin@mstdn.social)'s status on Tuesday, 25-Feb-2025 09:34:16 JST `Da Elf

     in reply to

     • Marcin Mikołajczak
     • kajer
     • feld

     @feld @kajer @mkljczk
     My ex wants me to dig up half of California.

     Joy

     I'll do it because it amuses me.

   • Embed this notice
     `Da Elf (elfin@mstdn.social)'s status on Tuesday, 25-Feb-2025 10:07:52 JST `Da Elf

     in reply to

     • Marcin Mikołajczak
     • kajer
     • feld

     @feld @kajer @mkljczk
     ten folk have his back is what I see.

     feld likes this.