#dev 2025-03-27

2025-03-27 UTC
rrix, Salt, bterry, sebbu, glacier, NaomiAmethyst3 and NaomiAmethyst joined the channel
#
pfych Hey schmarty, is there any way to potentially have the webring item be "random" instead of "prev" & "next"? I'm trying to get the links to look pretty on my site, but am having issues since the other webring I'm also in only has a "random" link & a link to the homepage. Ideally I'd love it to look like this:
#
pfych https://lounge.pfy.ch/uploads/d37125581b1946bc/Screenshot%202025-03-27%20at%204.03.25%E2%80%AFpm.png
#
pfych If not - I'll try make it work!
#
pfych This also works too I guess?
#
pfych https://lounge.pfy.ch/uploads/4f42dc6734050daf/Screenshot%202025-03-27%20at%204.04.57%E2%80%AFpm.png
NaomiAmethyst joined the channel
#
pfych Probably should have tried this before asking 😅
glacier, nemonical, doesnm, yewscion_, thegreekgeek, thegreekgeek_ and GuestZero joined the channel
#
[tantek] "random" would be more of a web "roulette" than a "ring" right? My understanding is that the next/prev links are what make the experience like traversing a "ring"
barnaby, ttybitnik and [schmarty] joined the channel
#
[schmarty] pfych: that result looks pretty good to me! the webring supports /random in addition to /next and /previous, but links to /random don't currently "count" towards whether your site is active on the ring.
[Jo], nemonical, shoesNsocks, barnaby, doesnm, NaomiAmethyst and [snarfed] joined the channel
#
GuestZero do you know of some cheap 'micro registrar', for if you only need a simple external redirect for a domain, without dns and stuff?
#
[artlung] I am translating your question in my head to "what is the absolute cheapest registrar?" but I'm not sure that's fair.
doesnm joined the channel
#
GuestZero oh that may actually answer it; a lightweight interface would only be an extra
#
[snarfed] also prices vary much more by TLD than registrar, there are a number of very cheap TLDs, eg $1-2/yr
GuestZero_, doesnm, GuestZero, gRegor, bkardell and [Sophia_wood] joined the channel
#
immibis general survey: why are/aren't you using cloudlare in front of your website? I'm not because I don't need to and cloudflare is a bit too evil.
#
[tantek] I'm trying out Cloudflare to mitigate some kinds of potential attacks (with less labor /admintax for me). I'm not set on it yet one way or the other and may change it in the future.
nemonical and doesnm joined the channel
#
immibis do you have specific attacks in mind?
#
[tantek] none I will discuss on an open channel. I refer you to Cloudflare's own documentation on what they help mitigate if you're curious to learn more.
rossabaker and [schmarty] joined the channel
#
[tantek] from FrESH and espresso chat before that, the original Mission Impossible website: https://web.archive.org/web/19961022174928/http://missionimpossible.com/
#
[tantek] So much nostalgia for that 1996 Mission Impossible site. Really appreciate how an actual *corporate* property pushed the limits of what could be done with a website (web development, web technologies, use of copywriting voice) at the time. For me it's as significant as the original SpaceJam website.
#
immibis i know cloudflare claims to do security things and i also know cloudflare is mostly full of shit
#
[tantek] immibis that sounds like an helpful tech rant "full of shit" without citation that's maybe more appropriate for #indieweb-random
#
[tantek] an *unhelpful* tech rant
#
immibis if a security property is so public that anyone can find it on cloudflare's website, it's also public enough to state it in IRC, no? but my experience is that a whole lot of people just use cloudflare "for security" and don't know what that actually means
#
[tantek] and the answer is "no" because you have no idea what any particular individual's security profile / concerns are
#
[tantek] I like the discussion of security on the 1996 Mission Impossible website 🙂
#
immibis "you have no idea what ..." - isn't that why I asked?
#
pfych A friends webpage is getting DDoS’d like 24/7 because of their identity & them being somewhat public in a smaller community - Cloudflare made the site usable & somewhat blocks most of the DDoS traffic
#
immibis that's a good reason to use cloudflare
[qubyte] joined the channel
#
gRegor And he answered "none I will discuss in an open channel."
[snarfed] and [tantek] joined the channel
#
Lars-Christian @immibis Because I've frequently found myself blocked from accessing personal websites that use Cloudflare
#
Lars-Christian So I wish nobody would use them.
#
immibis yes, same, and the most common reason for using it is "because security (that i cannot elaborate any further)"
#
Lars-Christian I kinda have the same impression.
#
Lars-Christian Feels like putting your site behind Cloudflare's walls is a bit antithetical to the open web. But I'm sure there are legitimate reason, like DDoS shit as @pfych mentioned.
bkardell and NaomiAmethyst8 joined the channel
#
pfych I use CloudFront which I find is less egregious with their complete banning of people - but it's still a 3rd party handling my CDN/Caching/etc
#
Zegnat I found that by default Cloudflare seems to have much more emphasis on their WAF rules etc. than AWS CloudFront. But that might also be because I often find all AWS settings to be overwhelming. Also note that just using CloudFront does not give you WAF, it is a separate AWS service that needs to be configured. Though I think they atleast have a one-click thing for that now.
#
[tantek] Following up from FrESH I’m still collecting examples of personal link wrapping for various usecases
#
Zegnat Generally Cloudflare also seems to keep on top of their WAF. Last week when the Next.JS vulnerability was published, they were quick to protect their customers by blocking the header. (Then they had to walk that back, but still.)
#
[tantek] What is link wrapping
#
Loqi It looks like we don't have a page for "link wrapping" yet. Would you like to create it? (Or just say "link wrapping is ____", a sentence describing the term)
#
Zegnat All of that said, I do not actually use Cloudflare myself
#
[tantek] huh
barnaby joined the channel
#
[tantek] Only issue I've had with Cloudflare so far was their auto-email-address-protection in-content which was breaking @-@ mentions. Had to turn off a default setting
#
Zegnat (I think a lot of people referring to security with Cloudflare are actually referring to the WAF, just without knowing what that tech is. Which is more than OK!)
#
Zegnat What is WAF?
#
Loqi It looks like we don't have a page for "WAF" yet. Would you like to create it? (Or just say "WAF is ____", a sentence describing the term)
#
Zegnat WAF is Web Application Firewall and usually refers to protection provided to web servers in the form of traffic filters that scan requests for known attacks/vulnerabilities before passing it on to the application. There are many providers, some with a free tier, like [[Cloudflare]] and [[AWS WAF]].
#
Loqi ok
#
Zegnat Feel free to tweak, but that feels like enough of a basic description for people wondering. Especially if we get more people trying out Cloudflare :)
#
Zegnat WAF << [https://bunny.net/academy/security/what-is-web-application-firewall-WAF-and-how-it-works/ How Does a Web Application Firewall (WAF) and WAF Rules Work?]
#
Loqi ok, I added "[https://bunny.net/academy/security/what-is-web-application-firewall-WAF-and-how-it-works/ How Does a Web Application Firewall (WAF) and WAF Rules Work?]" to a brand new "See Also" section of /WAF https://indieweb.org/wiki/index.php?diff=100594&oldid=100593
CRISPR and JadedBlueEyes joined the channel
#
pfych I mostly use CloudFront just for the caching & cheaper egress since my sites hosted out of S3. User <-> S3 costs $$$$$ whereas User <-> CloudFront is usually free.
#
pfych and yeah Zegnat - AWS settings are rlly overwhelming and difficult to parse. I only use it since I also use it at work and was paid to learn it all lol