Post
by Moonchild » 2026-05-03, 08:11
Adopting Rust/Servo isn't possible anymore in UXP. That ship sailed almost 10 years ago.
Any major technology shift like that simply can't be done in the platform because it would require wholesale adoption of vastly different platform code (at which point it is no longer UXP) because there would be a decade-sized gap between what we could adopt closer to us and what is current. All of this is off-topic here, though.
CloudFlare simply doesn't cater to/shouldn't require specific architectural designs in a browser engine to pass their checks. The whole point of having an abstraction layer in terms of web languages (html/css/js) is so that the details of the underlying implementation shouldn't matter. The problem is that CloudFlare is choosing to make specific checks for implementation-specific behaviour, in an attempt to "sort out" what they classify as "bots". That is literally the wrong approach to take beyond the most obvious checks. The moment they start checking for things that are not ubiquitous in all browsers or under the control of an end-user (like privacy controls, fingerprinting resistance, or security measures) then they are literally gatekeeping the internet to a too specific selection of browsers, configurations, and users, especially for websites that do not require that stringent of a selection in their own policies. They are effectively intruding on and interfering with (and making decisions for) website owners and users.
A paradigm shift is required here: CF needs to make better use of their traffic analysis capabilities (which I absolutely know they have, having been a client of them and having had access to their more advanced reporting and filtering features as a Pro client) and do pattern recognition on the traffic, rather than making everything pivot on how web clients identify themselves. It's clear that "bot detection" by checking web client properties isn't possible when plenty of bots are, in fact, electron-based or webview based, or WebDriver enabled applications that, for all intents and purposes, identify exactly like Chrome or webkit or Gecko. Targeting anything outside of their "turnstile supported short-list" (Google Chrome (desktop and mobile), Mozilla Firefox, Safari, Microsoft Edge and Samsung Internet Browser) as something needing extra scrutiny while still clearly behaving as a web browser, is nothing short of an unfair practice.
Speaking of unfair practices, what CloudFlare is doing might run afoul of Europe's Digital Markets Act -- while initially written to prevent operating systems from preferring/forcing specific software without user choice, this applies to any company that can be classified as a "gatekeeper", which CF most certainly is with its large market share and omnipresence on the web as a whole these days.
"Praise from a narcissistic person is always a poison dart. They don't share the stage, so discernment matters." - Dr. Ramani
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
