A grim outlook on the future of browser add-ons
11 by gilrain | 1 comments on Hacker News.
Monday, August 31, 2020
New top story on Hacker News: Ask HN: Captcha Alternatives?
Ask HN: Captcha Alternatives?
46 by ev1 | 41 comments on Hacker News.
TLDR: I help with a gaming community-related site that is being targetted by a script kiddie, they are registering hundreds of thousands of accounts on our forums to 'protest' a cheating (aimbot) ban. They then post large ASCII art spam, giant shock images (the first one started after we blocked new accounts from posting [img]), the usual. Currently we use a simple question/answer addon at registration time - it works against all untargeted bots and is just a little "what is 4 plus six" or "what is the abbreviation for this website" type of question. It's worked fine for years and we don't really get general untargeted spam. I am somewhat ethically disinclined to use reCAPTCHA, and there are some older members that can't reasonably solve hcaptcha easily. Same for using heavy fingerprinting or other privacy invading methods. It's also donation-run, so enterprise services that would block something like this (such as Distil) are both out of budget and out of ethics. Is there a way I can possibly solve this? Negotiation is not really an option on the table, the last time one of the other volunteers responded at all we got a ~150Gbps volumetric attack. I've tried some basic things, like requiring cookie and JS support via middleware; they moved from a Java HTTP-library script to some kind of Selenium equivalent afterward. They also use a massive amount of proxies, largely compromised machines being sold for abuse.
46 by ev1 | 41 comments on Hacker News.
TLDR: I help with a gaming community-related site that is being targetted by a script kiddie, they are registering hundreds of thousands of accounts on our forums to 'protest' a cheating (aimbot) ban. They then post large ASCII art spam, giant shock images (the first one started after we blocked new accounts from posting [img]), the usual. Currently we use a simple question/answer addon at registration time - it works against all untargeted bots and is just a little "what is 4 plus six" or "what is the abbreviation for this website" type of question. It's worked fine for years and we don't really get general untargeted spam. I am somewhat ethically disinclined to use reCAPTCHA, and there are some older members that can't reasonably solve hcaptcha easily. Same for using heavy fingerprinting or other privacy invading methods. It's also donation-run, so enterprise services that would block something like this (such as Distil) are both out of budget and out of ethics. Is there a way I can possibly solve this? Negotiation is not really an option on the table, the last time one of the other volunteers responded at all we got a ~150Gbps volumetric attack. I've tried some basic things, like requiring cookie and JS support via middleware; they moved from a Java HTTP-library script to some kind of Selenium equivalent afterward. They also use a massive amount of proxies, largely compromised machines being sold for abuse.
Sunday, August 30, 2020
Stories of 2020: Five Lives Caught in a Year of Upheaval and Pain
By BY PETER BAKER, JOHN BRANCH, JOHN ELIGON, REID J. EPSTEIN, DAN LEVIN AND MARC STEIN from NYT U.S. https://ift.tt/3gJPdVW
via IFTTT
Saturday, August 29, 2020
New top story on Hacker News: Nagara Rimba Nusa: A Take on Indonesia's New Capital City
Nagara Rimba Nusa: A Take on Indonesia's New Capital City
4 by simonebrunozzi | 1 comments on Hacker News.
4 by simonebrunozzi | 1 comments on Hacker News.
Friday, August 28, 2020
New top story on Hacker News: Tell HN: Check medium's localstorage if you use adblock
Tell HN: Check medium's localstorage if you use adblock
50 by ev1 | 4 comments on Hacker News.
If you have uBlock or similar, it appears medium logs all analytics pings into HTML5 LocalStorage and will keep retrying to send them (and apparently periodically change domains and subdomains to try and send them). I had tens of thousands of entries in localStorage, wasting quite a bit of space, all of them at least 400-600 characters or more. Each time I scrolled it'd add a few dozen more in, to the point where devtools was freezing. Ridiculous. Example: https://ift.tt/2QAyqu0
50 by ev1 | 4 comments on Hacker News.
If you have uBlock or similar, it appears medium logs all analytics pings into HTML5 LocalStorage and will keep retrying to send them (and apparently periodically change domains and subdomains to try and send them). I had tens of thousands of entries in localStorage, wasting quite a bit of space, all of them at least 400-600 characters or more. Each time I scrolled it'd add a few dozen more in, to the point where devtools was freezing. Ridiculous. Example: https://ift.tt/2QAyqu0
Jacob Blake Was Shackled in Hospital Bed After Police Shot Him
By BY JOHN ELIGON, SARAH MERVOSH AND RICHARD A. OPPEL JR. from NYT U.S. https://ift.tt/2G2P2s9
via IFTTT
Thursday, August 27, 2020
Subscribe to:
Posts (Atom)