As someone running a web app, I can see the appeal. I get tens of thousands of "attacks" per day from bots scanning for WordPress/PHP files and that's not even counting the "legitimate" bot traffic crawling your site for content or AI training data.
Now, tens of thousands of requests probably won't do much if you have basic security, caching, and optimization in place. But if your app is a mess, sometimes it's easier to just slap a Cloudflare gate on it and call it a day.
I honestly have no idea what is going on. Lots of broken things in what's supposed to be front products for Google and other "high name" brands. I don't get it: Where is everybody? Is there no one there? Are these companies really dead inside?
MS showing "view summary" button for all meetings, then doing bait-and-switch to tell you to buy Copilot license (on a corporate seat no less, where regular users don't have purchasing decision power) is top annoyance now
It's (at least partially) the layoffs. I've noticed significant degradation in the external-facing administrative layer at these companies. I recently did some work for a company that was trying to partner with Meta's e-commerce platform and even though there was a ton of documentation on how to integrate, etc. the human approval and planning piece of the project was completely dysfunctional on their side.
Unrelated to the article: But am I the only one annoyed by this AI-style writing? The article does actually have value if you are running a WordPress website but these sentences give me nausea:
- That's not a typo. Zero point eight percent.
- don't immediately blame your plugins. Check what's being requested.
- One HTTP request, hundreds of login attempts. That's the amplification. (in bold!)
- So if your cache rate suddenly drops on an otherwise quiet WordPress site, don't immediately blame your plugins. Check what's being requested.
This is a very long post just to say they're now running an SMTP server. I've been sending and receiving emails from Workers for two years; though for sending, you still need an external SMTP server like SES or Postmark.
Don't get me wrong, sending (and delivering) emails is genuinely hard. But we'll only know how good Cloudflare is at it after a couple years of real-world experience.
Was it a right that should be had, should be the question. I don't think you are refuting the parent claim. Americans are rolling over and justifying terrifying out reach from not-very-organized authorities (ICE). The American set of freedom, liberties and rights are more fragile than Trump's ego.
> Was it a right that should be had, should be the question.
Fair, but everything else I said goes through the same.
> Americans are rolling over and justifying terrifying out reach
I just don't see the terror? If someone is coming over here on a student visa and then doing political activism, it seems completely reasonable for the immigration authorities to check that out.
Given the existing DMCA requests and the fact that Google has become way less aggressive about indexing this stuff, it's clear this has been going on for a while. My guess is they've gutted enough of their internal processes that they literally can't restrict access to these files without breaking their own platform.
There are lots of passwords there (though one wonder if they were rotated). Basically, the people doing the hiring are sending PDFs with their credentials to the contractors to do the job.
This relates to Chrome, not to search. In regard to search, they have taken a new direction that I don't think is going to change any time soon. Some time in the last 2 years, they started removing any thing that doesn't get significant natural traffic (ie: have a 30 year old user manual for something odd that people only search for once in a while? -> removed). Last few months, I noticed that they will not index anything that seems broad (ie: if similar content exists, they won't index it regardless of your page authority).
Basically, they are turning search into Tiktok. If you try to make a search, you'll notice that now they give precedence to AI overview, Youtube, News stories, Maps, Products, etc. Anything but content.
> Pages that are engaging in back button hijacking may be subject to manual spam actions or automated demotions, which can impact the site's performance in Google Search results.
Good point. Chrome has a “feature” where if your website is google-flagged, it’ll display a danger alert when visiting it. For some reason I confused that with this.
If you're referring to Google Safe Browsing lists, all major browsers check agains the same list. I've managed to get mine listed there and immediately banned on all major browsers.
Not only that but I think Google listens to "cyber security" companies lists and feed from them. My website got in some of these lists (https://www.virustotal.com/gui/url/a4c9f166d2468f5bbb503ec79...) and I had to go through like 6-7 of them to whitelist my domain again. Something about code and input triggered something in some of these list's filters that my website is hacking related.
I'm actually surprised when I hear someone technical say they still use Google Search (the search product specifically - they still reign supreme with Maps, etc). I used to love it, but that was quite a long time ago.
I personally use Brave Search and perplexity for those very rare instances when brave search doesn't instantly find what I am looking for. Literally the only thing I (rarely) miss from google is super-deep support for boolean search operators, but then I just tag a !g (exactly like DDG's brilliant bangs) on the end and that works. (I also tried Kagi and did like it, but didn't find compelling differences over Brave Search, especially compared to brave search's excellent and free AI.)
As I read your comment, I was thinking "Really? Is it that surprising?" Then I remembered you said "someone technical", and no longer am surprised. Although I work with some technical people, I'm also surrounded by fools. Just the other day, I watched someone at work open a new tab to Google search, type "Google" and then click on Google search in the results, bringing them to the same page they had just left. With how quickly they did it, I can only imagine it is muscle memory and they haven't noticed yet that their new tab is Google search, or that this is better somehow.
People just keep pitching Kagi as revolutionary, especially software engineers and people on HN.
I respect a lot of them, people I respect a lot, and I saw people like Jon Gjengset use it. so I gave it a few months of daily use. I just eventually drifted back to Google. The results weren't better for anything I search for. It felt different, but not better in any measurable way. $10/mo for a different feel is a strange value prop.
DuckDuckGo sits in the same spot for me. I want to like it, and I don't think one company should own web search, but when I need to find something Google finds it first. I wish the answer were different, but that's just how things are.
Only in a very pedantic sense. Google definitely sells the service of doing things based on your data. It is, in fact, their biggest and oldest revenue stream.
Counterpoint, Kagi is profitable and it achieved that milestone solely via user subscriptions, so its incentives are aligned with users, and not advertisers.
And I've found it so good that I haven't used Google, except by accident, in the past 18 months.
Now, tens of thousands of requests probably won't do much if you have basic security, caching, and optimization in place. But if your app is a mess, sometimes it's easier to just slap a Cloudflare gate on it and call it a day.
reply