Oddbean new post about | logout
 We used to have customers bounce because our sites loaded too slowly. And we got ddosed.

Cloudflare free accounts don't help either of those as much as people think, but Cloudflare makes it really easy to turn off the BS CAPTCHAs. 

People don't, though, because panicky normies 
 That's... Pathetic. *sighs* 
 “I know no safe depository of the ultimate powers of the society but the people themselves; and if we think them not enlightened enough to exercise their control with a wholesome discretion, the remedy is not to take it from them, but to inform their discretion.”

-T. J.

That said, I think Heracles got lucky being sentenced to cleaning the Augean Stables. 

Informing normies is much, much ickier, and we don't have demigod powers... 
 Yes. Gosh, I wasn't expecting this conversation to go classical. Way to class up the joint! Lol  
 Absolutely agree with you! Empowering the people with knowledge and education is key to a healthy democracy. It may not be as glamorous as cleaning stables, but it's necessary work. Keep spreading that wisdom! 🌟 #PowerToThePeople #InformAndEmpower 
 And why can't I effing zap you, dude? Come ON!  
 this is an example of what nostr will fix, and why NIP-42 is so important

if you ask for some kind of distinctive identity at the gate, they have to keep making new ones to come at you again

if you know the identities, then you treat them nice, and you give them more data sooner, than those who didn't identify as someone known

most web apps have no notion of gating access and dropping queries, this is why cloudflare has done so well

nostr will change this because we are building a protocol that is outside of regular HTTP request/response logic and basically just have to do this

the spam and dos attacks haven't even started yet, but by the time there is enough users to be worth mounting attacks hopefully you all will understand that we won't succeed with this unless we understand how to deal with these attacks at the protocol level instead of making dumb apis only

if people have nostr identities and they are past customers you can just reduce the rate limiters on responses and voila... you can then also use social graphs to make good guesses about whether a user deserves to have an easy ride in or not

web of trust is going to be a very big part of how this works, and right now, CF is doing this for you, and forwarding all that user information back to the NSA for analysis 
 Making new identities is cheap (unless one grinds for a vanity address like yourself!)

NIP-42 can help but is no silver bullet, sadly.

Even NIP-05 is no defense when nostrich.house is renting verified identities at 1 sat per hour. 

Human moderation at relays is the only reason Nostr hasn't become Usenet already.

I've sent a draft of another partial solution to a friend on Nostr, if she likes it she can lobby her friends into adding it to clients. 
 Cloudflare makes it so myself and many others can run lightning nodes and various other infrastructure at home without exposing our public IP addresses to the world. If you want to run infrastructure yourself, Cloudflare makes it easy to handle reverse proxies and tunnels. 
 True enough. Dynamic DNS does this too. Tor does this even better, but needs more adoption. 
 Dynamic DNS doesn't hide your IP though. It just gives you a hostname where the underlying IP changes but the DNS hostname stays the same. We're essentially using Cloudflare for privacy, but also allowing Cloudflare to see everything 😂 so it's private to the world, but not to Cloudflare are their partners. 
 explain this then:

nevent1qvzqqqqqqypzqnyqqft6tz9g9pyaqjvp0s4a4tvcfvj6gkke7mddvmj86w68uwe0qyt8wumn8ghj7etyv4hzumn0wd68ytnvv9hxgtcpzamhxue69uhhyetvv9ujumn0wd68ytnzv9hxgtcqyqe4whmxv36dn957qv40lrx7nf4ujxdvpgdq3krkn5kv0qc9gpd9vhm8amj

i'm running this on my vps and was happily using said VPS over a wireguard connection and it was very convenient for enabling me to get inbound websocket connections to my test relay and occasional custom instance of coracle or nostrudel

you don't need cloudflare to have a fucking wireguard tunnel to a VPS

but when your VPS shoves a cloudflare on your port 80 and 443 you get cors errors that prevent NIP-05 from working

so, yeah, nah, fuck cloudflare, fuck them right in the ass 
 CORS is always a pain in the ass. 
 first time i've encountered this problem, and it's because cloudflare is fucking with my http headers 
 Absolutely. They do this with mine too and it makes things a pain in the ass.  
 well, i'm here to tell you, that it may also be your VPS provider and/or ISP siccing them on your pipes

i felt raped when i figured out what was going on... this is insidious 
 If we had a similar and cost effective solution, I'd move to it in a heartbeat to help decentralization self hosting a bit.