HackerTrans
TopNewTrendsCommentsPastAskShowJobs

ademarre

1,352 karmajoined 13 lat temu
Andre DeMarre / demarre.com / [first] at [last].com

comments

ademarre
·7 godzin temu·discuss
This reminds me of "Why So Many Control Rooms Were Seafoam Green":

[0] https://bethmathews.substack.com/p/why-so-many-control-rooms...

[1] https://news.ycombinator.com/item?id=47518960
ademarre
·7 miesięcy temu·discuss
I am all for using proper typographic symbols, but it is unclear what place the precomposed ellipsis U+2026—what I assume you mean by “true ellipsis”—has in that canon, especially with the compressed form it takes in most fonts.
ademarre
·8 miesięcy temu·discuss
Only if they are able to block the siteverify check performed by our backend server. That's not the kind of attack we are trying to mitigate with Turnstile.
ademarre
·8 miesięcy temu·discuss
I integrated Turnstile with a fail-open strategy that proved itself today. Basically, if the Turnstile JS fails to load in the browser (or in a few specific frontend error conditions), we allow the user to submit the web form with a dummy challenge token. On the backend, we process the dummy token like normal, and if there is an error or timeout checking Turnstile's siteverify endpoint, we fail open.

Of course, some users were still blocked, because the Turnstile JS failed to load in their browser but the subsequent siteverify check succeeded on the backend. But overall the fail-open implementation lessened impact to our customers nonetheless.

Fail-open with Turnstile works for us because we have other bot mitigations that are sufficient to fall back on in the event of a Cloudflare outage.
ademarre
·7 lat temu·discuss
Oops, yep. I didn't see that context.
ademarre
·7 lat temu·discuss
Googlebot actually used to support a noindex rule in robots.txt, but they are removing it.

https://webmasters.googleblog.com/2019/07/a-note-on-unsuppor...