CloudFlare discussion thread

[Nuck-TH]

They are at it again
Well, this time it lasted less than half a month.

Edit: i got through after many page reloads and self-restarts of check. Which means that number of CF cdn server serve version that doesn't work for us.

[Gemmaugr]

Yeah, CF is still obstinate, but it works after 2-3 passes and actually needing to tick the "I'm human" box. Which is new.

That said, it's not surprising, seeing as this is the state of CF;

Their "support" discourse (chromium-like only) forum allows bots through: https://community.cloudflare.com/t/turn ... ror/921352

Topics "solved" after 2 days of no reply: https://community.cloudflare.com/t/visi ... w11/919884

Supported browsers (chromium, foxium, pre-chromium, chromium, chromium): https://community.cloudflare.com/t/clou ... own/916554

CF allowing bots by default, and hiding the setting to prevent them: https://community.cloudflare.com/t/allo ... ile/918041

And that's just few from this month..

They've also yet to respond here, or to MC again (from what we've heard). They averted the possibly PR disaster and now just boils us slowly.

[Night Wing]

In my opinion Cloudflare does not want to support Pale Moon. This is the short of it.

[frostknight]

In my opinion Cloudflare does not want to support Pale Moon. This is the short of it.

I think its more likely they don't want to waste much energy in supporting Pale Moon.

They want to use the least energy possible to support Pale Moon so they can appear like they don't have favorites.

[andyprough]

In my opinion Cloudflare does not want to support Pale Moon. This is the short of it.

I think its more likely they don't want to waste much energy in supporting Pale Moon.

They want to use the least energy possible to support Pale Moon so they can appear like they don't have favorites.

They are supposed to speak directly with @Moonchild this week and Cloudflare's rep claims that they are trying to fix things with respect to Pale Moon longer term, so let's see if anything good comes of it. I'm forever hopeful. Certainly they responded faster this time around and implemented a temporary fix faster than when it happened last spring, even if their response time still hasn't been perfect.

My bigger problem is that I am now running into Cloudflare turnstiles all the time and even if they don't stop Pale Moon they slow all web browsing to a crawl compared to just a few years ago. And they make it nearly impossible to get things done online with a non-js browser, which wasn't the case 3-4 years ago. I used to be able to go 2 weeks at a time with using nothing but a links2 terminal browser, an rss feed reader, and an email client. But that setup would be basically impossible today.

[Gemmaugr]

I'm surprised people use CF, despite them having issues everyday: https://www.cloudflarestatus.com/ (once one get down to Past Incidents)

[Moonchild]

They are supposed to speak directly with @Moonchild this week

I have a meeting planned this afternoon my time to discuss things.

My bigger problem is that I am now running into Cloudflare turnstiles all the time and even if they don't stop Pale Moon they slow all web browsing to a crawl compared to just a few years ago.

Yes and this is the problem with their own "success": by being used on many more websites, their compatibility with browsers has to extend further. They cannot continue to claim nothing outside of Blink/Gecko/webkit exists when it impacts a large portion of the web as it is now. Certainly not engines that are actively developed and maintained.

[back2themoon]

...by being used on many more websites, their compatibility with browsers has to extend further.

...and their tool needs to become faster and more reliable.

[Mæstro]

I have a meeting planned this afternoon my time to discuss things.

How has that meeting gone?

[Moonchild]

I have a meeting planned this afternoon my time to discuss things.

How has that meeting gone?

It was mostly me filling in the new folks (since, surprise surprise, they had a change of RPs in the last year for this part of CloudFlare, so I'm sure most of what was promised wasn't communicated forward... at least it explained the total communications breakdown) with background around Goanna and its separate nature from gecko/blink/etc., the impact the blocking has had on our numbers, and that we can't have some opaque eyes-only secret handshake thing with CF because we're fully open source, and bot devs would happily just copy that and get a free pass.
One question they asked that I didn't expect was "Why do people use Pale Moon?" -- I answered that as best I could since I obviously don't know to what extent each of you has one reason or another, but it'd likely be a mix of project philosophy, trust, technological reasons and focus on full customization.

But otherwise? They were notified it's still partially broken in production, the troubleshooter hangs and must be fixed if we want it to be a proper tool moving forward with an actual cooperation, and they really need to do their part even casually testing on Pale Moon or any other UXP browser of choice before pushing out stuff as a (maybe 5 minute?) sanity check. Oh and I did stress their captcha is the only one with severe problems for us, unlike Google's recaptcha, hCaptcha, Anubis, etc. Irony being the biggest is the worst...

[ownedbywuigi]

It was mostly me filling in the new folks (since surprise surprise they had a change of RPs in the last year for this part of CloudFlare, so I'm sure most of what was promised wasn't communicated forward...) with background around Goanna and its separate nature from gecko/blink/etc., the impact the blocking has had on our numbers, and that we can't have some opaque eyes only secret handshake thing with CF because we're fully open source, and bot devs would happily just copy that and get a free pass.

Oh and I did stress their captcha is the only one with severe problems for us, unlike recaltcha, hcaptcha, anubis, etc. Irony being the biggest is the worst

Do you think this meeting will finally put an end to Cloudflare breaking on UXP (or at the very least, make the breakages a lot less impactful), or do you think it's just another thing that'll make Cloudflare look good in the eyes of the public but in reality nothing happens?

[Moonchild]

Do you think this meeting will finally put an end to Cloudflare breaking on UXP

It's a first step. No concrete commitments were made and it was just to map out the general area and what should be done.
I'm hopeful that we'll have a better channel of communication going forward and that this kind of real damage is prevented (it is 100% avoidable), but of course it all pivots on how CloudFlare deals with this. If more avoidable breakage occurs or communication breaks down again, then it'd actually make them look worse (because then it was just pretentious...)

[ownedbywuigi]

Do you think this meeting will finally put an end to Cloudflare breaking on UXP

I'm hopeful that we'll have a better channel of communication going forward and that this kind of real damage is prevented

If there is a followup meeting, can you ask them if we can have a semi-public channel of communication with them for other browsers, because I almost guarantee we are not the only browser having issues with this, and we're only lucky to have a channel of communication with them AT ALL.

[back2themoon]

It was mostly me filling in the new folks (since, surprise surprise, they had a change of RPs in the last year for this part of CloudFlare, so I'm sure most of what was promised wasn't communicated forward... at least it explained the total communications breakdown

At least you are getting to know new people

This is shaping to become a yearly (?) meeting event of sorts. Cloudflare changes → Turnstile breaks → Pale Moon explains

[billmcct]

One question they asked that I didn't expect was "Why do people use Pale Moon?" -- I answered that as best I could since I obviously don't know to what extent each of you has one reason or another, but it'd likely be a mix of project philosophy, trust, technological reasons and focus on full customization.

I have been using PM since Jan 2011, my reason is, as you mentioned, "full customization".
I don't really have a problem with PM not loading a page correctly every now and then.
"Open With" takes care of that.
Just saying I also have much "trust" in the project and the Devs that work on it. Many Thanks.

At least someone from CloudFlare is willing to talk.
Here's hoping:
Bill

[ownedbywuigi]

One question they asked that I didn't expect was "Why do people use Pale Moon?" -- I answered that as best I could since I obviously don't know to what extent each of you has one reason or another, but it'd likely be a mix of project philosophy, trust, technological reasons and focus on full customization.

I use Goanna based browsers on the daily because well, it's the engine that sucks the least, to be fair.

Gecko has been just on life support since ESR 115, and Chromium has been adding stupid shit and removing logical features for the sakes of "security" since like M90 or so.
Safari never caught my eye, and with how that handles web support, I'm surprised anyone above a IQ of 36 can touch WebKit without a 10 foot pole.

Off-topic:
I'll give Ladybird a try when it goes out of alpha, looks nice though.

[Mæstro]

Gecko has been just on life support since ESR 115…

Care to elaborate on this? It might be relevant, as far as captchas in general are concerned in this thread, to note that Xcancel’s captchas have lately been a looping failure in the Gecko-based browser (Waterfox) I have tried as well as Pale Moon, causing me to return to entering the addresses for scriptless verification ( https://xcancel.com/fumo becomes https://xcancel.com/verify/index?url=/fumo ) manually. Since this is common to Gecko as well as Goanna, I decided against making a thread about the JS-based captcha’s misbehaviour.

[Moonchild]

So, as it is now, nothing got changed on production (which is still flaky and slow), and the turnstile troubleshooter/testing tool is still broken.
So I've gone ahead now I have some breathing room today between sec and release to actually e-mail the two people I spoke with. I'm really not happy that CF is still not seemingly taking their "Browser Developer Program" seriously. Also, I have not seen any additions to that program other than Pale Moon in terms of community boards that were created under it since it was set up last year. So I don't even know if it was being treated as broadly as they seemed to intend (which was indicated to me as a program for many more smaller browsers to report and discuss turnstile and captcha issues), or if it was just smoke and mirrors.
Between the changeover of RPs and lack of action on CF's side, this clearly isn't working in its current form. They have to step things up.

[flamelord]

Any news?

[ownedbywuigi]

Any news?

CF hasn’t broke (yet)