daniel

@einfach_orangensaft@sh.itjust.works Ist mir noch nie passiert. Selbst mit dem Laptop, den ich wochenlang nicht benutzt habe.
Protipp: Btrfs als Dateisystem bei der Installation nutzen, dann kann man einrichten, dass automatisch ein Snapshot vor jedem Update erstellt wird.

@Slein4273@feddit.org Organische Karte

@Alaknar@sopuli.xyz Have you read that I talked about the visitor of a site from the beginning and the responsibility towards someones users?

Luring me to a service from another country that maybe knowingly even uses their own certificates to decrypt my traffic through their reverse proxy is not.

"maybe" = depending if the feature is enabled or not. "knowingly" = if the customer deliberately let's them decrypt my connections.
Connecting me to a service from a surveillance state is bad, enabling such a feature without my knowledge is even worse.

“If you feel like you can’t handle manual transmission, you shouldn’t drive a car”. And yet, automatic became a thing.

A better comparison would probably be driving on autopilot without a license and hoping that it never fails.

@Alaknar@sopuli.xyz

I guess, yeah, they could, potentially, do that. Would be massively illegal if they did, and would immediately kill their business, but there technically is a non-zero chance that they might do it.

I'm not talking about an "if", I'm talking about services that Cloudflare actively provides and that may not be transparent to the visitor.
https://infosec.exchange/@0xF21D/114178659343887260

If you feel like you don’t need them, don’t use them. If you know enough to not need them, you should also understand why many people do.

This shouldn't have to do anything with feelings. If you feel like you need them you probably shouldn't publicly host stuff on the internet in the first place. You either know you need things, because you did an risk assessment beforehand or you just wildly throw solutions at things that may not even help with the specific issue, while giving away a piece of the sovereignty of the free internet to third-party companies.

@Alaknar@sopuli.xyz Using Signal is a choice. Luring me to a service from another country that maybe knowingly even uses their own certificates to decrypt my traffic through their reverse proxy is not.

You said “If you don’t know how to secure access points or harden configurations”, not “if you’re an absolute moron”.

So where does the moron end and the the magic begin? Comparing something to magic just leaves people with a wrong sense of security that don't know any better.

It’s not “necessary”. It’s convenient, tried and tested, and accessible.

You comparing Cloudflare to having a password on an account really sounded like basic stuff.

@Alaknar@sopuli.xyz

That’s the point. Cloudflare does this as if by magic.

So if you configure your admin account to have an admin:admin credential, Cloudflare will magically solve this? Even if the answer were yes, that would mean handing over your passwords and access details to third-party companies, which is very much disproportionate. I probably wouldn't trust your website with my data.

Cloudflare doesn’t track your users.

With laws like the Patriot and Cloud Act I hope no one actually takes privacy pledges of US companies serious.

Your main issue with Cloudflare is “they’re large”?

No, it's just meant to highlight the absurdity of what some people think is necessary to protect a website in this argument.

@lena@gregtech.eu Have you been in need of DDoS protection and which alternatives did you try if they're the best?
I don't see why they would screw their users over if their users basically enable them to track visitors across the internet for free.

@Alaknar@sopuli.xyz @memes@lemmy.world Being proactive doesn't mean you have to hide your personal service behind a billion dollar company. That is precisely the kind of overreaction triggered by fearmongering. If you don't know how to secure access points or harden configurations, no service will be able to do it for you as if by magic. Not to mention your responsibility towards your users, who may not want to be tracked by a third-party company without their knowledge every time they visit your site (or half of the internet by now).

@DaPorkchop_@lemmy.ml @memes@lemmy.world Hm weird, I don't see why they would spend their resources attacking random people without any kind of demand. Even at work I've never seen one happening.
I still believe Cloudflare has most of its customers because of fearmongering tbh.

@DaPorkchop_@lemmy.ml @memes@lemmy.world Is that an actual issue or a hypothetical one? I've never had an attack in 10 years of publicly hosting stuff.

@NichEherVielleicht@feddit.org Ich mag es wie du Lases-Michmichs neumischst

@kolorafa@lemmy.world I just don't see the use of discussing extremely theoretical scenarios. Most hacks and privilege escalations are usually a chain of unpatched vulnerabilities. Running an unpatched database with an application on a server that is protected against all zero days is not what the real world looks like, so I don't see why you'd want to make it appear like it wasn't a big deal. A statement like that only lulls people who don't know any better into a false sense of security.