- 14 Posts
- 33 Comments
31·2 months agoThat story is focused on #CloudSTRIKE but the bigger more remarkable demon here is #CloudFLARE.
This story demonstrates Cloudflare acting as a proxy bully of their own customer, on behalf of CloudStrike by pushing a frivilous #DMCA take-down demand. CF took the spineless route as it sees CloudStrike as having more muscle than their customer. After CF joins the Goliath side of the David vs. Goliath battle, CF ignores Senk’s responses and keeps proxying threats.
Senk bounced from Cloudflare and went to a provider who has his back. #ArsTechnica publishes Cloudflare’s conduct. As embarrassment hits Cloudflare and David (Senk) starts winning against Goliath (CloudStrike), CF changes their tune. Suddenly they are on Senk’s side, saying “come back, we’ll protect you – we promise we didn’t get your messages”. LOL. Senk should do a parody site for Cloudflare too.
Senk’s mistake: leaving CF. He should have waited until CF actually booted him. Then that would have more thoroughly exposed CF’s shitty actions. Senk gave CF an easy out.
Interesting to note how a human on the side of civil rights who advocates decentralisation was treated with hostility by Cloudflare. Yet CF is fine with sheltering actual criminals.
21·8 months agoAre those heuristics low bandwidth or is audio involved?
I disable images because of bandwidth consumption. So I’m wondering if it makes sense to install a screen reader in my case.
2·10 months agoI’ve been out of the loop on games for a while but ReactOS may be worth a look.
The 1st ½ of your comment sounds accurate. But…
And also in Foss there are highly opinionated software where the devs completely ignore users, ban them from GitHub when they post issues,
Right, but to be clear non-free s/w is worse - you can’t even reach the devs, generally, and there is no public bug tracker. FOSS is an improvement in this regard because at least there is a reasonable nuclear option (forking). The nuclear option for non-free software is writing it yourself from scratch.
That all sounds accurate enough to me… but thought I should comment on this:
However - in larger enterprises there’s so much more, you get the whole SDL maturity thing going - money is invested into raising the quality of the whole development lifecycle and you get things like code reviews, architects, product planning, external security testing etc. Things that cost time, money and resources.
It should be mentioned that many see testing as a cost, but in fact testing is a cost savings. In most situations, you only spend some money on testing in order to dodge a bigger cost: customers getting burnt in a costly way that backfires on the supplier. Apart from safety-critical products, this is the only business justification to test. Yet when budgets get tightened, one of the first cuts many companies make is testing – which is foolish assuming they are doing testing right (in a way that saves money by catching bugs early).
Since the common/general case with FOSS projects is there is no income that’s attached to a quality expectation (thus testing generates no cost savings) - the users are part of the QA process as free labor, in effect :)
Linux won’t be viable for blind people unless major distros have full time accessibility folks, and refuse to accept inaccessible packages and patches.
Sure, but you need to read what I quoted. I purely addressed the flawed claim that better code comes from those paid to write it. The opposite is true. It’s unclear to what extent that bias has influenced @noahcarver@rblind.com’s thesis. Though I have no notable issues with anything else @noahcarver@rblind.com wrote (much of which is beyond my expertise w.r.t accessibility).
And to be clear, “better code” strictly refers to quality, not accessibility. Accessibility is a design factor.
But that code you write at home is probably not accessible.
That’s right. But then neither is the commercial code I worked on. That would be outside of my domain. I do backends for the most part. The rare UI work I did was for a tiny user base of internal developers within the org and accessibility was not part of the requirements. I worked on a UI for external users briefly but again no requirements for accessibility (which would be very unlikely for that particular product).
In any case, this sidetrack is irrelevant to what you replied to. It’s important to correct bogus claims that being paid to write code is conducive to quality. Some right-wingers I know never miss the opportunity to use the phrase “good enough for government work” because they want to push the mentality that capitalism promotes superior quality. It’s a widespread misconception that needs correction whenever it manifests.
Paying someone to write accessible code should theoretically work on both free software and non-free software. AFAICT the reason non-free software would accommodate blind users is that the market share is large enough to justify the profit-driven bottom line and those users are forced to pay for it (as all users are). In the FOSS domain, payments (“bounties”) are optional. Has this been tried? If not, then you’re relying on blind FOSS developers to suit their own needs in a way that benefits all blind users.
and that someone who is paid to write accessible software is generally going to produce and maintain better code.
In my day job I’m paid to write code. Then I go home write code I was not paid for. My best work is done without pay.
Commercial software development
When I have to satisfy an employer, they don’t want quality code. They want fast code. They want band-aid fixes. The corporate structure is very short-sighted. I was once back-roomed by a manager and lectured for “gold plating”. That means I was producing code that was higher quality than what management perceives as the economic sweet spot. I was also caught once fixing bugs as I spotted them when I happened to have a piece of code checked out in Clearcase. I was told I was “cheating the company out of profits” because they prefer if the bug goes through a documentation procedure so the customer can ultimately be made to pay separately for the bug fix. Nevermind the fact that my time was already compensated by the customer anyway - but they can get more money if there’s a bigger paper trail involving more staff. So when you say you get what you pay for, that’s what you pay for – busy work (aka working hard not smart). They also want “consistent quality”. So if one module is higher quality than another, there is pressure to lower the quality of the better module because improving the style or design pattern of the lower quality piece is “gold plating”. When I make full use of the language constructs (as intended by the language designers), I am often forced by an employer to use more basic constructs. Employers are worried that junior engineers or early senior engineers who might have to maintain my code will encounter language constructs that are less common and it will slow them down to have to look up the syntax they encounter. Employers under-estimate the value of developers learning on the job. So I am often forced avoid using the more advanced constructs to accommodate some subset of perceived lowest common denominator. E.g. if I were to use an array in bash, an employer might object because some bash maintainers may not be familiar with an array.
Non-commercial software development
Free software developers have zero schedule pressure. They are not forced to haphazardly rush some sloppy work into an integration in order to meet some deadline that was promised to a customer by a manager who was pressured to give an overly optimistic timeline. #FOSS devs are free to gold plate all they want. And because it’s a labor of love and not labor for a paycheck, FOSS devs naturally take more pride in their work. I’m often not proud of the commercial software I was forced to write by a corporation fixated on the bottom line. When I’m consistently pressured to write poor quality code for a profit-driven project, I hit a breaking point and leave the company. I’ve left 3 employers for this reason.
Commercial software from a user PoV
Whenever I encounter a bug in commercial software, there is almost never a publicly accessible bug tracker and it’s rare that the vendor has the slightest interest in passing along my bug report to the devs. The devs are unreachable by design (cost). I’m just one user so my UX is unimportant. Obviously when I cannot even communicate a bug to a commercial vendor, I am wholly at the mercy of their testers eventually rediscovering the bug I found, which is unlikely when there are complex circumstances.
Non-commercial software from a user PoV
Almost every FOSS app has a bug tracker, forum, or IRC channel where bugs can be reported and treated. I once wrote a feature request whereby the unpaid FOSS developer implemented my feature request and sent me a patch the same day I reported it. It was the best service I ever encountered and certainly impossible in the COTS software world for anyone who is not a multi-millionaire.
I live in a city that bans parking them in the middle of sidewalks and close to doors. I’ve not heard of any local law against blocking bicycle racks.
So are you saying these platforms are just mirroring into their terms the laws of each city they operate in on a per-city basis? That’s a bit more sophisticated than I envisioned. I would have thought each rental company would be simply creating a single set of rules for users that would comply with all cities they operate in.
Just had an idea for an action: we could make stickers with a scooter with a line through it and stick those on the racks. Obviously they wouldn’t carry any weight but might deter the nuisance to some extent nonetheless. Though there’s nothing wrong with personally owned scooters being locked so tricky to express that on the sticker.
Yes, but to be clear my test may or may not be valid in terms of what a blind person would experience. Unlike a blind person I do not use a screen reader. I merely disabled images and saw no visual indicator of an audio option. I would expect blind people to disable images as well because they would only slow them down for no benefit. But someone else said that they bypassed the CAPTCHA completely due to having a screen reader.
Specifically in the case of Protonmail? That was part of my question. I saw no audio CAPTCHA option.
Thanks for the tip!
Although it’s a tricky decision because if the server can detect that you use a screen reader, then your browser fingerprint uniqueness would increase quite a bit.
Indeed it saves bandwidth – which is particularly important for those with a limited connection. I like it as well because so many images actually downgrade the UX anyway.
It’s a better carbon footprint to nix images but then we get punished for it by anti-bot websites. Bots also neglect to fetch images so I get hit with false positives for robots more frequently.
(Not sure if mentions work on Lemmy… mentioning @aibler@lemmy.world for good measure)
Ah, well then I would guess you’re not using Tor and perhaps Protonmail is discriminating against Tor users. I used to access protonmail’s clearnet site over Tor and got the CAPTCHAs. Then started using PM’s onion service (in fact I was told the onion service avoided CAPTCHAs) but in fact it still gets CAPTCHAs.
I appreciate the link, though the steps in that article are incompatible with my Firefox installation. Perhaps these are new features. When I right-click on an object, there is no “accessibility” option.
Indeed. And it’s a needlessly destructive form of sanitization. That is, sanitizing properly normally means replacing the special characters with an encoding to ensure literals render.
Orca is not installed by default on Debian. But I would be interested in seeing what the built-in tools do. In Firefox I hit F12 » Elements and saw an “accessibility” tab. From there I expanded a quite long tree of nested elements and got down to the hyperlinked image. Then I looked at the console frame with the link highlighted. There were over 30 messages with 6 errors. It’s very noisy. None of the errors or warnings indicate that the object would not be readable by a screen reader. It’s stuff like net::ERR_BLOCKED_BY_CLIENT and JSON parsing syntax errors.
EDIT: this error looks interesting:
city:60 GET https://cdn.equalweb.com/core/4.5.6/accessibility.js net::ERR_BLOCKED_BY_CLIENTIf I understand correctly,
Firefox is trying to runbut becauseaccessibility.jscdn.equalweb.comis a #Cloudflare site, I am blocked (Cloudflare is Tor-hostile). There’s a bit of irony here that a domain name “equalweb” leads to a discriminatory web server. I’m guessing this blocks Tor-using Firefox users from checking the accessibility of a webpage using FF’s built-in features.EDIT 2: it turns out accessibility.js is loaded by the site, not FF. So I’m not sure how to use the built-in functionality to answer the question.
I think this is a regression. IIRC, there was a time when a removal only removed it from the timeline. You could still reach it via the modlog. IIRC. But those days are gone. It’s a shame because it’s important for the community to be able to evaluate the mod’s decision making.
I’ve even seen cases where an over-zealous mod gets embarrassed by the mod log and purges the mod log itself to remove traces of the censorship itself. I suppose that’s only possible if the mod is also an admin.
1·1 year agoGreat find! Glad to see there are some onion hosts as well.
Any idea how to adapt the monero.stackexchange link in the sidebar? The code.whatever.social page cannot handle that link apparently because it does not lead to a specific thread.
Actually the large corps are more likely to hold the data in-house. Small companies cling to outsourcing. E.g. credit unions are the worst… outsource every service they offer to the same giant suppliers. Everyone thinks only a small company has the data (and consequently that the small dataset does not appeal to cyber criminals) but it’s actually worse because they outsource jobs even as small as printing bank statements to the same few giants most other credit unions use. Then they do the same for bill pay with another company. It’s getting hard to find a credit union that does not put Cloudflare in the loop. So in the end a dozen or so big corps have your data and it’s not even disclosed in the privacy statement.
Of course it depends on the nature of the business. A large grocery chain is more likely to make sure your offline store purchase history reaches Amazon and Google than a mom & pop grocer who doesn’t even have a loyalty program.
I have never seen a privacy policy that lists partners and recipients apart from Paypal, who lists the 600+ corps they share data with for some reason. Apart from bizarre exceptions privacy policies are always too vague to be useful. Even in the GDPR region. If you read them you can often find text that does not even make sense for their business because they just copied someone else’s sufficiently vague policy to use as a template.
The breach happened in a country where companies are not required to respond to audits. No company wants any avg joe’s business badly enough to answer questions about data practices. In the EU, sure, data controllers are obligated to disclose the list of parties they share with (on request, not automatically). And even then, some still refuse. Then you file an article 77 complaint with the DPA where it just sits for years with no enforcement action.
My approach is a combination of avoiding business entirely, or supplying fake info, or less sensitive info (mailing address instead of residential, mission-specific email, phone number that just goes to a v/m or fax). This is where the battle needs to be fought – at data collection time. Countless banks needlessly demand residential address. That should be rejected by consumers. Data minimization is key.
In the case at hand, I’m leaning toward opting out of the class action lawsuit and suing them directly in small claims court. I can usually get better compensation that way.