Perhaps that is true, but the Cloudflare anti-bot protection is too stupid and annoying.
They should have used a cookie or something else that does not require asking me every few minutes to prove once more that I am not a bot.
There was a time when Cloudflare had become less intrusive, but for the last months it has begun again to intervene almost each time when opening some pages.
There is no doubt that anti-bot protection can be implemented in a better way than Cloudflare does, but presumably the alternatives would consume more resources on their servers, so probably they choose whatever minimizes their costs, regardless if that ensures maximum discomfort for Internet users.
Who knows what upsets ClownFlare? I'm using Vivaldi on Linux on IPv6 in Denmark with every uBlock filter enabled and Cookie Auto-delete. That seems to confuse and anger CloudFlare and I get CAPTCHA tarpitted constantly.
Those are easy enough to dissuade with readily available PoW solutions. People use CF & co. out of convenience, the exact same reason that most websites load resources from at least half a dozen third parties instead of self hosting.
That, ironically, includes Cloudflare. Without rampant bots making the internet worse for everybody, they wouldn't have as much work. And their portion of profit is anything but small.
I know this is an unpopular opinion among freedom maximalists, but:
It’s precisely because CloudFlare isn’t responding like other CDNs to reasonable demands to cut off pirate origin sites that this mess exists. If they reacted quickly to remove configurations that are obviously facilitating copyright infringement, Spain wouldn’t resort to full scale ASN blocking.
How do we know it’s CloudFlare? Because other CDNs like CloudFront, Akamai, Fastly, etc. respond to takedown demands and aren’t being blocked. (Those also cost money and require customer identification.)
In an escalating war between the state and a corporation, the state will always prevail if they have the public’s backing. In Spain it’s clear that most people are happy to watch the match through legitimate channels even at the cost of blocking CloudFlare.
Sounds like the solution is for legitimate services to move away from Cloudflare. They contribute to the single point of failure by remaining their customers.
> It’s precisely because CloudFlare isn’t responding like other CDNs to reasonable demands to cut off pirate origin sites that this mess exists. If they reacted quickly to remove configurations that are obviously facilitating copyright infringement, Spain wouldn’t resort to full scale ASN blocking.
Apropos of anything else, CF is (reasonably) requiring a court order to remove offending material rather than just "well, company said so, so eh, just do as they say". La Liga complains that "oh, that's too slow for what we want" and just got a blanket ruling.
I am not a fan of CF but your argument seems to be "CF should just roll over any time someone says "hey, delete this", because, obviously, everyone knows it's problematic, right? Right?".
At least the DMCA in the U.S. has guardrails: not just anyone can send a takedown demand for everything. The requester has identify the works and declare under penalty of perjury that they are operating on the behalf of the owner. I imagine the equivalent EU law has similar requirements.
CloudFlare uses legal chicanery to try to subvert the DMCA by claiming that because they’re not the origin server, they’re not subject to takedown demands. So far no court has told them to knock it off. I expect that day will eventually come. Every lawsuit against them to date has ended in a settlement because CloudFlare would rather pay up than get an unfavorable ruling on the books.
CloudFlare has consistently treated loss of DMCA safe harbor protection as a material business risk; it’s been cited in every SEC filing from the 2019 IPO S-1 through the FY2025 10-K.
> At least the DMCA in the U.S. has guardrails: not just anyone can send a takedown demand for everything. The requester has identify the works and declare under penalty of perjury that they are operating on the behalf of the owner.
You'd think so, but no.
DMCA came into effect 28 years ago. All those decades, all those billions of takedowns, and you don't even need the fingers of one hand to count those who've been hit with perjury for a false takedown request, because the number is ... zero.
You might misunderstand what the law requires. The person making the complaint (demand) only has to declare under penalty of perjury that they represent the copyright holder. It does not require them, under penalty of perjury, to be correct about the underlying facts.
See 17 U.S.C. 512(c)(3)(A):
"(A) To be effective under this subsection, a notification of claimed infringement must be a written communication provided to the designated agent of a service provider that includes substantially the following: ...
"(vi) A statement that the information in the notification is accurate, and under penalty of perjury, that the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly infringed."
In other words: someone issuing a notice of infringement relating to a Disney work must declare under penalty of perjury that they represent Disney. They don't have to declare under penalty of perjury that the work is in fact a Disney work, that the title is correct, that the use in question is not fair use, etc.
This would explain why you're not seeing what you expect to see.
Nobody cares about the DMCA guardrails and they are never meaningfully enforced. Case in point, Anthropic DMCAing thousands of repositories that simply mentioned the word "claude".
Of course you could, but if it was indeed vibe-coded in a weekend, why wouldn't you want to start from scratch to make sure everything is up to your standards (especially security)?
I'm definitely not going to jump in on a vibe-coded project. I'd much rather start from scratch if I found the use-case to be relevant.
Not to say vibe-coded projects can't be alright. If the engineer behind it knows their stuff, it's fine to me. But we don't know that. So to get a general idea, I think it's fair to ask how this was done.
Unnecessary access isn't a solveable problem. In order to restrict permissions to exactly what a program needs, in general, you'd have to define exactly what a program does. In other words, you'd need to rewrite the program with self-enforcing access restrictions.
So, permissions are always going to be more general than what a program actually needs and, therefore, exploitable.
Producing incorrect information is an insidious example of this. We can't simply restrict the program's permissions so that it only yields correct outputs -- we'd need to understand the outputs themselves to make that work. But, then, we're in a situation where we're basing our choices on potentially incorrect and unverified outputs from the program.
That's a good advice in general to treat any software as untrusted black box as much as possible. But it raises (slightly, but still does) the cost/effort for the user: the user now has to make extra steps and take extra caution.
These concerns were great valid even before vibecoding becoming a thing, but now the estimated probabilities of malicious code's presence have changed, simply because nowadays the cost/effort of writing software plummeted.
The video description has chapter links; how about just skip to "should you be worried" at the end?
That's what I'm doing. This is not a new topic and I likely know almost everything already.
So the conclusion is that, no, asbestos is not a problem that is behind us. I knew that. It's still found in plenty of buildings. I mean, simple drywall compound contained asbestos as a filler until around 1980. If you're in a building built around 1980 or earlier, and it contains original drywall, assume there is asbestos: if not in the gyprock itself, then the joints.
The conclusion reiterates what I know: if you don't disturb the stuff, making filaments of asbestos airborne, you are almost certainly okay.
I stay clear of demolition sites. They use water to keep the dust down, but it still swirls up and spreads. If an old house is being torn down, my kids are curious about that, but I keep them well away. That dust is harmful even without asbestos.
It has been officially stated that GrapheneOS is partnered with a major Android OEM working on making devices meeting all of those requirements along with providing official GrapheneOS support. The devices are planned for 2027 but is being announced by the OEM in March 2026 so people will know which OEM it is soon.
reply