Language stack: CPython,
Operating System: POSIX,
Jurisdiction: Argentina,
Games: [Piano,Chess],
contact: hackernews at tomaszubiri dot $ThatCommercialVerisignTLD (
Sorry for the puzzle, but you know how it is with spam.)
}
>We have not gone with tools like Anubis, partly because it causes annoying delays for those trying to get to the site, but also partly because it seems inevitable that the scrapers will eventually find their way around it. Indeed, there are some indications that is already happening. A proof-of-work requirement is not a huge obstacle when you have millions of other people's machines to do the work on.
The first argument that it introduces delays to users is solid, but I would advise reconsidering on the second one that a PoW workaround will be found. The moment it does you'll be able to tell because Bitcoin will crash to 0.
Will bots use infected computers to do compute to work around it? Maybe, but it requires a CPU in addition to a network reputation, 2 mechanisms are stronger than one.
Some see a 30 year old system and think "outdated", I see a 30 year old system and think "time tested."
Clearly a process per connection is more stable and that's what I'm using.
It's unclear what problem such optimizations are solving anyway, with the old way you could only support a million concurrent users with a single server? Are we missing out on supporting ten million concurrent users with 2 servers instead of 10? Ostensibly reducing the minimum db hardware opex for a 10B$ company from 10k$/month to 2k$/month?
To be fair, CF mainly develops defensive cybersecurity products, the extent to which their tools might be used maliciously is pretty on par with other regular tools.
But, it just has bad optics and potential COI/Racketeering when CF is at both sides of the counter.
To be explicit, in case it isn't obvious,Cloudflare emerged as a DDoS protection company, detecting attacks from distributed sources is part of the raison d'etre, and domains and IP addresses are a key part of that infrastructure.
By subletting their own IP addresses for navigation with warp, and their own domains for hosting of webcontent with subdomain hosting, they are providing pooled anonimity for their customers, which is precisely what makes it very hard for defenders on the other side to implement foundational security measures like IP bans, or IP block bans, or domain bans, or Whois/RDAP domain analysis.
Nope, I've rented a dedicated server through OVH and I never had to touch a single cable or change a single disk.
I also dealt with owned servers and I had to deal with power outages and gas based generators, internet outages caused by too high trucks taking out a data line, and UPS beeping because their battery life was nearing zero.
If you write a program in python, say a hello world:
'
def hello_world():
print("hello, world")
'
Is that not python? Yet it uses a subset of python?
That program can be run by either a python runtime, or a python subset runtime.
Now if you were to run a python subset program, like a hello world, you would get:
'
def hello_world():
print("hello, world")
'
Whoah, it's the same thing.
Turns out every program you write with a subset of a language, is valid for the super language.
Subjectively also, if the subset is big enough, it feels like that language, if it uses 'def' for functions, that's python. 'I know it when I see it' kinda deal.
I think the confusion comes from the mathematical folk reading "subset of X is X", and implying that "subset of X=X". But this is natural language, not mathematical language, when I say that "dog is mammal", I'm not saying that "dog = mammal" I'm saying that "dog ∈ mammal", and "subset of python ∈ python"
If you share resources, that reduces costs, but increases security risks.
choose whether to share a filesystem, an OS, a kernel, hardware, or just use a dedicated server.
The economics of sharing resources are all in a tiny sliver of the budget spectrum, the shoestring budget range :
0-1$/mo: serverless
1$-5$/mo containers
5$-200$/mo Virtual Machine(s)
200$-1Billion$/month , at least one dedicated server
So if your hourly is worth anywhere upwards of 5$/hr, and your project has any semblance of seriousness, just use a dedicated server, and avoid a whole class of LPE vulnerabilities just to save some $.
Businesses have expenses, let's stop pretending that all of these non dedicated server infrastructures are serious. Shell out 200$/month or stick to hobby status.
Language stack: CPython, Operating System: POSIX, Jurisdiction: Argentina, Games: [Piano,Chess], contact: hackernews at tomaszubiri dot $ThatCommercialVerisignTLD ( Sorry for the puzzle, but you know how it is with spam.) }