HackerTrans
TopNewTrendsCommentsPastAskShowJobs

ademarre

1,352 karmajoined 13 anni fa
Andre DeMarre / demarre.com / [first] at [last].com

comments

ademarre
·1 ora fa·discuss
This reminds me of "Why So Many Control Rooms Were Seafoam Green":

[0] https://bethmathews.substack.com/p/why-so-many-control-rooms...

[1] https://news.ycombinator.com/item?id=47518960
ademarre
·7 mesi fa·discuss
I am all for using proper typographic symbols, but it is unclear what place the precomposed ellipsis U+2026—what I assume you mean by “true ellipsis”—has in that canon, especially with the compressed form it takes in most fonts.
ademarre
·8 mesi fa·discuss
Only if they are able to block the siteverify check performed by our backend server. That's not the kind of attack we are trying to mitigate with Turnstile.
ademarre
·8 mesi fa·discuss
I integrated Turnstile with a fail-open strategy that proved itself today. Basically, if the Turnstile JS fails to load in the browser (or in a few specific frontend error conditions), we allow the user to submit the web form with a dummy challenge token. On the backend, we process the dummy token like normal, and if there is an error or timeout checking Turnstile's siteverify endpoint, we fail open.

Of course, some users were still blocked, because the Turnstile JS failed to load in their browser but the subsequent siteverify check succeeded on the backend. But overall the fail-open implementation lessened impact to our customers nonetheless.

Fail-open with Turnstile works for us because we have other bot mitigations that are sufficient to fall back on in the event of a Cloudflare outage.
ademarre
·7 anni fa·discuss
Oops, yep. I didn't see that context.
ademarre
·7 anni fa·discuss
Googlebot actually used to support a noindex rule in robots.txt, but they are removing it.

https://webmasters.googleblog.com/2019/07/a-note-on-unsuppor...