Moderation Questions
The last iteration of the moderation discussion thread was a complete disaster. Numerous attempts to keep it on topic fa
Cloudfare has had some major problems recently. We either have a new/fixed version or they have greatly upped the checking severity. Probably both
They're fighting a losing battle with AI which is rapidly approaching the Von Neumann level of being able to imitate a human
Cloudfare has had some major problems recently. We either have a new/fixed version or they have greatly upped the checking severity. Probably both
They're fighting a losing battle with AI which is rapidly approaching the Von Neumann level of being able to imitate a human
Regardless, this is obviously some sort of issue with Cloudflare, as it shouldn't need to re-verify the same user using the same machine several times an hour, no matter the method it's using.
maybe but bot attacks, malware etc use hijacked machines.
It may be a bug but we need someone pretty expert to start throwing 'shoulds' about
Cloudfare has had some major problems recently. We either have a new/fixed version or they have greatly upped the checking severity. Probably both
They're fighting a losing battle with AI which is rapidly approaching the Von Neumann level of being able to imitate a human
It's not a Clouflare problem, as millions of other sites are fine. Likely there was a DDoS attack and the owners tightened up security, hence the captchas.
maybe but bot attacks, malware etc use hijacked machines.
It may be a bug but we need someone pretty expert to start throwing 'shoulds' about
There is no scenario where a logged in user should be re-verified several times an hour for days on end on an online forum. It makes for a **** user experience that no site admin would want.
I didn't say bug, I said issue. That includes mis-configuration, as LoL also mentioned above.
My guess would be they're getting scraped, bandwidth costs are increasing by thousands and they cranked up security to slow traffic and UX suffers.
But what are they supposed to do, lose money to make us happy? Not really my space but I really don't see how these nonmonetized sites exist.
There is no scenario where a logged in user should be re-verified several times an hour for days on end on an online forum. It makes for a **** user experience that no site admin would want.
I didn't say bug, I said issue. That includes mis-configuration, as LoL also mentioned above.
Of course it's a shitty experience but that doesn't mean it's a misconfiguration or bug or mistake or ...
If, as seems quite likely, the threat has found better ways through the defenses then this may be the right approach until the defenses can catch up. The alternative might be too big a risk of the the site being down which is also a shitty experience. Sometimes good security does lead to a shitty experience. For periods of time at least.
Or it might be a big or misconfiguration or pointless overreaction or whatever.
In your vast experience of things IT which do you think is more likely to be causing this problem, uniquely, on a tiny and irrelevant internet forum - state of the art DDOS attacks or a misconfiguration somewhere?
In your vast experience of things IT which do you think is more likely to be causing this problem, uniquely, on a tiny and irrelevant internet forum - state of the art DDOS attacks or a misconfiguration somewhere?
State of the art indeed - in our case, DDOS actually stands for "denial of DOS" as that's what the 2+2 box is still running.
The cloudflare problems are not limited to 2+2
They weren't a couple of weeks ago when there were blackouts all over, but Cloudflare had regular updates on their website. It currently states that all systems are operational, and their recent history log just shows mostly scheduled updates and no incidents yesterday.
IT expert chezlaw forgot to run his calendar update.
They weren't a couple of weeks ago when there were blackouts all over, but Cloudflare had regular updates on their website. It currently states that all systems are operational, and their recent history log just shows mostly scheduled updates and no incidents yesterday.
Yes. The point I was making was that may be seeing the result of those updates. It is operational and we are not seeing what they mean by incidents. It is working even if it's a bit shitty
Maybe we are seeing an abundance of caution of 2+2 or maybe the updates have combated the threat for now by upping the sensitivity. Could be that 2+2 can now relax their sensitivity or need to update something in their systems. Or maybe it's a bug or a mistake.
2+2 isn't important but lets hope the geniuses round these parts aren't running security at jaguar or m&S or Harrods (ok let them run harrods) or the NHS or anything that might matter. ooo that's inconvenient, let's just dial it down.
Yes. The point I was making was that may be seeing the result of those updates. It is operational and we are not seeing what they mean by incidents. It is working even if it's a bit shitty
Scheduled updates this past week were in Sao Paulo twice, Kansas City, Seattle, Durban twice, Madrid twice, Singapore, Portland, Dallas, and Los Angeles. All stating that there could be a slight increase in latency for end-users in those areas.
But this is not a latency issue. This is verification. Just because a captcha causes more time for your connection to be routed from Cloudflare to 2+2, it isn't considered network latency.
Maybe we are seeing an abundance of caution of 2+2 or maybe the updates have combated the threat for now by upping the sensitivity. Could be that 2+2 can now relax their sensitivity or need to update something in their systems. Or maybe it's a bug or a mistake.
It's pretty standard that when a site is under attack to have the CDN verify all traffic before sending connections through to the site.
2+2 isn't important but lets hope the geniuses round these parts aren't running security at jaguar or m&S or Harrods (ok let them run harrods) or the NHS or anything that might matter. ooo that's inconvenient, let's just dial it down.
What are you talking about?
He's probably the last person who can answer that question.
It's pretty standard that when a site is under attack to have the CDN verify all traffic before sending connections through to the site.
Indeed. Part of why we can't be sure it's a mistake
What are you talking about?
The geniuses around these parts who so easily know there's no threat that could justify such a shitty user experience.
Indeed. Part of why we can't be sure it's a mistake
The geniuses around these parts who so easily know there's no threat that could justify such a shitty user experience.
I myself find having to reverify a couple times an hour a mere minor annoyance.
Maybe that's because I'm as pleased as punch that 2p2 is even still around.
and it's minor compared to before when the site was unavailable for long periods at at a time.
I don't know either. Although I haven't done a comprehnsive survey.
There may be a good reason. There may be a bad one. Or something inbetween. Hopefully someone is looking into it getting it fixed.
It’s a lot better on a tablet, when there’s no need to click a box and it auto verifies you.
I’m sure the resident IT expert who’s never worked in the field will have an explanation for this too.
Let us know when you find one . I use a desktop which also auto verifies the mobile mostly does as well.
verification for me is always automated
it is very annoying though - found a good workaround is to go to my normal bookmark for this site https://forumserver.twoplustwo.com/userc... which gives all the unread threads i'm subbed to and then i just open them all via tabs and am good to go
unless it's been a while and i then want to quote reply to something - in which we need to authenticate all over again
It’s a lot better on a tablet, when there’s no need to click a box and it auto verifies you.
I’m sure the resident IT expert who’s never worked in the field will have an explanation for this too.
I am both amazed and appreciative that between being a expert internet security engineer, theologian, philosopher, mathematician, political scientist, psychologist, theoretical physicist, and no doubt neurosurgeon, chez still finds the time to grace us with his presence and to impart his nuggets of wisdom.
lol