Tootfinder

How long does it take to complete a cloudflare capcha 💀
#cloudflare

Have been sorting out my redirects on Cloudflare and made some notes:
https://www.simoncox.com/short-articles/2025-10-08-creating-cloudflare-redirects/

Cloudflare warns the US government that site-blocking efforts in Europe and Asia to combat online piracy are creating digital trade barriers for US providers (Ernesto Van der Sar/TorrentFreak)
https://torrentfreak.com/cloudflare-te

»Datenleck durch Salesloft – Cloudflare, Palo Alto, Zscaler betroffen:
Viele Unternehmen sind von der Salesloft-Drift-Schwachstelle betroffen. Auch große und namhafte wie Cloudflare, Palo Alto und Zscaler.«
So klug sind KI-Chatbots und deswegen alles andere als sicher. Wenn deswegen nicht einige Unternehmen schwere Schaden erhalten? IT-Sicherheit ein ewiges Thema.
🙄

Datenleck durch Salesloft: Cloudflare, Palo Alto, Zscaler betroffen
Viele Unternehmen sind von der Salesloft-Drift-Schwachstelle betroffen. Auch große und namhafte wie Cloudflare, Palo Alto und Zscaler.

#Cloudflare just got faster and more secure, powered by #Rust
https://blog.cloudflare.com/20-percent

#Cloudflare Radar listet mal spontan eine neue Domain in deren Top 100.
https://radar.cloudflare.com/domains/domain/14emeliaterracewestroxburyma02132.su

🎶🎶 Cloudflare ruins everything around me 🎶🎶

Don't miss today's Metacurity for a crush of infosec developments you should know, including
--Cloudflare, Palo Alto Networks, and Zscaler are caught up in Salesloft Drift attacks,
--UK watchdog says military doesn't know Afghan breach-related costs are,
--Jaguar Land Rover hit by cyber incident,
--Amazon disrupted Midnight Blizzard op,
--Trump reactivates ICE spyware contract,
--Gov'ts are flocking to surveillanceware
--Hackers tried t…

Cloudflare, Palo Alto Networks, and Zscaler are caught up in Salesloft Drift attacks
UK watchdog says military doesn't know Afghan breach-related costs are, Jaguar Land Rover hit by cyber incident, Amazon disrupted Midnight Blizzard op, Trump reactivates ICE spyware contract, Gov'ts are flocking to surveillanceware, much more

Cloudflare expands its Project Galileo program, providing access to its Bot Management and AI Crawl Control tools for free to nonprofits and independent media (Mediaweek)
https://www.mediaweek.com.au/cloudflare-expands-project-galileo-to…

Cloudflare tunnels are pretty cool.

Cloudflare combines a new Email Sending feature with Routing into a unified Email Service to let developers send emails from Cloudflare Workers, in private beta (Cloudflare)
https://blog.cloudflare.com/email-service/

Announcing Cloudflare Email Service’s private beta
Today, we’re launching Cloudflare Email Service. Send and receive email directly from your Workers with native bindings—no API keys needed. We're unifying email sending and routing into a single service built for developers. Sign up for the private beta.

@… https://blog.cloudflare.com/enterprise-grade-features-for-all/

Every Cloudflare feature, available to everyone
Cloudflare is making every feature available to any customer.

Super scheiss Software, welche ihre Scheiss-Lizenzserver hinter einem Scheiss-Cloudflare verstecken muss, so dass man seinen Servern eigentlich das ganze Scheiss-Internet öffnen muss.
Scheiss-Sicherheit. 🤬
Ich glaube, ich gehe heute besser nicht ein Bier trinken mit Kollegen, da gute Laune… 🙄

happens to the best of us
https://blog.cloudflare.com/deep-dive-into-cloudflares-sept-12-dashboard-and-api-outage/

A deep dive into Cloudflare’s September 12, 2025 dashboard and API outage
Cloudflare’s Dashboard and a set of related APIs were unavailable or partially available for an hour starting on Sep 12, 17:57 UTC. The outage did not affect the serving of cached files via the Cloudflare CDN or other security features at the Cloudflare Edge.

Cloudflare, Zscaler among companies impacted by Salesloft Drift incident https://therecord.media/salesloft-drift-breach-cloudflare-zscaler-palo-alto-networks

Weekend Reads
* BGP zombie hunting
https://blog.cloudflare.com/going-bgp-zombie-hunting/
* Inside AI data centers

BGP zombies and excessive path hunting
A BGP “zombie” is essentially a route that has become stuck in the Default-Free Zone (DFZ) of the Internet, potentially due to a missed or lost prefix withdrawal. We’ll walk through some situations where BGP zombies are more likely to rise from the dead and wreak havoc.

Cloudflare hat es wieder geschafft, einen massiven Cyberangriff abzuwehren! 🛡️ Am Montag meldete das Unternehmen auf X einen neuen Rekord bei DDoS-Attacken.
Zum Artikel: https://heise.de/-10630141?wt_mc=sm.red.ho.mastodon.mastodo…

There's a scarily good fake Cloudflare page that asks you to run commands on your computer - I saw it myself earlier this week. Don't copy and run commands from strange sites! https://www.techradar.com/pro/security/…

Fake Cloudflare CAPTCHA page laden with malware uncovered in the wild - here's how to stay secure and safe
ClickFix launches with keyboard shortcuts and is scarily effective

«So, to sum it up, Kling wears his mask a bit better than DHH, but as far as I’m concerned it seems clear that both projects are run by fascists. If it walks like a fascist and quacks like a fascist… then why is Cloudflare giving them hundreds of thousands of dollars?»
I think we all know the answer to that one!
https://drewdevault.com/2025/09/24/2025-09-24-Cloudflare-and-fascists.html

Check out today's Metacurity before you leave for the weekend for the top infosec developments you should know, including
--Anthropic blocks Chinese firms citing national security,
--Texas AG sues PowerSchool over breach,
--Qantas CEO takes a pay hit over breach,
--Orleans Parish Sheriff's Office hit by ransomware,
--Bridgestone confirms cyberattack,
--Cloudflare blocked 11.5 Tbps DDoS attack,
--Threat actors bypass Grok's restrictions,

Anthropic blocks Chinese firms citing national security
Texas AG sues PowerSchool over breach, Qantas CEO takes a pay hit over breach, Orleans Parish Sheriff's Office hit by ransomware, Bridgestone confirms cyberattack, Cloudflare blocked 11.5 Tbps DDoS attack, Threat actors bypass Grok's restrictions, much more

Q&A with Cloudflare CEO Matthew Prince on why he thinks AI chatbots imperil the web and journalism's future, his company's pay-per-crawl initiative, and more (Fred Vogelstein/Crazy Stupid Tech)
https://crazystupidtech.com/2025/08/30…

Cloudflare's Matthew Prince has a plan to get Google and the AI oliigarchs to pay for your content even though many are used to getting it for free. He might have enough leverage to make them.
AI chatbots are blowing up the 30-year economic relationship publishers have had with search engines. Many think this will kill the web if not addressed. Google needs to change first. It's resisting. Cloudflare's Matthew Prince is going to try and make them.

>CloudFlare: *stops 3.8Tbps DDoS attack* :blobnomcookie:
>CloudFlare: *stops 7.3Tbps DDoS attack* :blobnomcookie:
>Also CloudFlare: *went down because of improperly implemented React useEffect* :drool:

Weekend Reads
* Monitoring AS-SETs
https://blog.cloudflare.com/monitoring-as-sets-and-why-they-matter/
* IX LAN broadcast traffic

Monitoring AS-SETs and why they matter
AS-SETs, for better or worse, are critical data sources that help build BGP route filters across the Internet. Because these AS-SET objects are based solely on trust, they can be misused. We will cover some of the reasons why operators need to monitor the AS-SET memberships for their ASN, and now Cloudflare Radar can help.

Q&A with Cloudflare CEO Matthew Prince on why he thinks AI chatbots imperil the web and journalism's future, his company's pay-per-crawl initiative, and more (Fred Vogelstein/Crazy Stupid Tech)
https://crazystupidtech.com/2025/08/30…

Cloudflare's Matthew Prince has a plan to get Google and the AI oliigarchs to pay for your content even though many are used to getting it for free. He might have enough leverage to make them.
AI chatbots are blowing up the 30-year economic relationship publishers have had with search engines. Many think this will kill the web if not addressed. Google needs to change first. It's resisting. Cloudflare's Matthew Prince is going to try and make them.

A comprehensive write-up on post-quantum cryptography in today's web.
My favourite quote: "we are in an interesting in-between time, where almost all Internet traffic is protected by post-quantum key agreement, but not a single public post-quantum certificate is used."
https://blog.cloudflare.com/p…

from my link log —
VBARE / versioned BARE: A simple alternative to Protobuf & Cap'n Proto for schema evolution.
https://www.rivet.dev/blog/2025-09-24-vbare-simple-schema-evolution-with-maximum-performance
saved 2025-…

VBARE: A simple alternative to Protobuf & Cap'n Proto for schema evolution
At Rivet, we're building an open-source alternative to Cloudflare Durable Objects — a tool for running stateful compute workloads. VBARE is a small but crucial component in meeting the demanding performance requirements of Rivet Actors.

»Ladybird von Cloudflare unterstützt«
— von @…
Da bin ich mal gespannt wie der Ladybird Web-Browser dann wird und ja ich sehe einerseits @… kritisch aber auf der anderen Seite ist die Entwicklung eines von Grund auf…

Ladybird von Cloudflare unterstützt
Das Internet benötigt dringend unabhängige Browser wie den in der Entwicklung befindlichen Browser Ladybird. Das sieht Cloudflare genauso und unterstützt das…

Cloudflare reports Q3 revenue up 31% YoY to $562M, vs. $544.6M est., and forecasts Q4 revenue of $589M, vs. $580M est.; NET jumps 9% after hours (Reinhardt Krause/Investor's Business Daily)
https://www.investors.com/news/technology/cloudfl…

Cloudflare overtaking Apache in the web server survey feels a bit like when people starting using OpenDNS over their local ISP resolvers.
I have an idea of what could be next, but you're not going to like it.
https://www.netcraft.com/blog/october-2025-web-server-survey…

October 2025 Web Server Survey | Netcraft
In the October 2025 survey we received responses from 1,354,989,060 sites across 287,483,538 domains and 13,889,556 web-facing computers. This refl...

Seems #cloudflare maintenance (or #aws outage?) is causing some other service outages. Like my Signal messages won't send at all, and some of the team cannot huddle on Slack

I've now fully transferred everything in to Porkbun. For my simple needs Namecheap and Cloudflare would have been fine too. But Porkbun is nice, and cheap, and feels like they have innovated recently. Good choice for now, inevitably some private equity firm will buy it and enshittify it. (That's what ruined Gandi.)

MongoDB CEO Dev Ittycheria is stepping down after 11 years, replaced by Cloudflare President of Product & Engineering Chirantan Desai, effective November 10 (Jordan Novet/CNBC)
https://www.cnbc.com/2025/11/03/mongodb-ceo-dev-ittycher…

MongoDB CEO Dev Ittycheria steps down, replaced by Cloudflare executive CJ Desai
Dev Ittycheria, who took MongoDB public in 2017, is leaving the CEO role but will stay on the company's board.

happens to the best of us
https://blog.cloudflare.com/deep-dive-into-cloudflares-sept-12-dashboard-and-api-outage/

What I don't get is why does DHH even need so much funding and sponsorships for open source projects. Tens of thousands from framework, cloudflare and god knows who else.
When I made the (then) probably most popular JavaScript open source framework I got zero funding and sponsorship and was doing fine?
I'm not saying that people shouldn't get paid for work, but that dude is a fucking multi-millionaire who drives race cars as a hobby.

nur dadurch lebt der mensch
dass er bestät'gen kann
dass er ein mensch doch ist 🎶

Cloudflare says attackers gained access to a Salesforce instance it uses for internal customer case management, as part of the Salesloft Drift breach (Sergiu Gatlan/BleepingComputer)
https://www.bleepingcomputer.com/news/secu

So much is happening in infosec, so check out today's Metacurity for the most critical developments you should know, including
--UK cops bust man allegedly linked to Collins Aerospace attack,
--Hackers breached a US agency via an unpatched GeoServer,
--GitHub implements new defenses after supply chain attacks,
--Boyd casino operator hit by cyberattack,
--Inc claims PA Attorney General attack,
--UK used AI to find £500m in fraud,
--Cloudflare stopp…

UK cops bust man allegedly linked to Collins Aerospace attack
Hackers breached US agency via unpatched GeoServer, GitHub implements new defenses after supply chain attacks, Boyd casino operator hit by cyberattack, Inc claims PA Atty General attack, UK used AI to find £500m in fraud, Cloudflare stopped 22.2 Tbps attack, much more

I'm giving up on CachyOS. Sank the rest of my evening into it, to no avail. DNS resolution is still unreliable in pacman and Firefox (and everything else) even after taking my network-local DNS server out of the chain, getting rid of systemd-resolved, and trying several different providers (quad9, Cloudflare, Google). The other ThinkPad running openSUSE is having no such issues tonight: it's CachyOS specific (since I see no evidence that it is a hardware issue - local network traffic…

Oh my, @… is fast ! Faster than Cloudflare or Google. With average response time of 12 ms.
Where cloudflare was 22 ms
And Google shited with 232 ms 😆
#dns

An interview with Cloudflare CEO Matthew Prince on the company's new Content Signals Policy, which lets sites fine tune how their data can be used by crawlers (Samuel Axon/Ars Technica)
https://arstechnica.com/ai/2025/10/inside-the-web-i…

Inside the web infrastructure revolt over Google’s AI Overviews
Cloudflare CEO Matthew Prince is making sweeping changes to force Google’s hand.

Look carefully at this page:
https://radar.cloudflare.com/as200373
Another 16k of that coming?
https://

Which registrar should I use for a bunch of .com and .org domains?
Gandi
Namecheap
Porkbun
Cloudflare

Le Conseil fédéral a induit Š plusieurs reprises la population en erreur avec de fausses indications sur le choix des F-35 dont le prix explose. https://www.letemps.ch/suisse/comment-une-presentation-biaisee-des-couts-a-pousse-au-choix-du-f-35?shouldPreventPurchase=true&inAppView=3.18.1&didomiConfig.user.externalConsent.value={"purposes":{"consent":{"enabled":["audiencem-hJxaeGrR","cookies","create_ads_profile","create_content_profile","device_characteristics","geolocation_data","improve_products","market_research","measure_ad_performance","measure_content_performance","parselyne-Ya2EC4dG","select_basic_ads","select_personalized_ads","select_personalized_content","use_limited_data_to_select_content"],"disabled":[]},"legitimate_interest":{"enabled":[],"disabled":[]}},"vendors":{"consent":{"enabled":["amazon","c:aws-cloudfront","c:bannerwise-EeHwBjLT","c:chartbeat","c:cloudflare","c:echobox-GqD96L9K","c:forecast-ZRJPAUT7","c:googleana-4TXnJigR","c:hotjar","c:jsdelivr-xdD77X6w","c:jw-player","c:keycdn","c:linkedin","c:magnitein-ePEpbCQ7","c:meta-43HDmFRa","c:microsoft","c:nonli-jnWf8kqD","c:pianohybr-R3VKC2r4","c:pinterest","c:spyri-XAtBPx3i","c:tapadinc-VDTUUcKw","c:tiktok-KZAUQLZ9","c:unrulygro-nKyLqdKi","c:youtube","facebook","google","twitter",1,10,1020,1021,1028,1046,1069,108,109,11,1126,12,120,128,13,130,131,1310,132,136,137,138,142,143,154,156,16,164,202,209,21,211,23,238,24,241,243,25,253,264,28,284,290,30,301,32,36,39,4,412,422,45,469,475,493,50,519,52,559,58,61,612,617,68,684,69,73,76,77,783,790,793,80,81,811,84,85,855,898,91,92,95,965,98],"disabled":[]},"legitimate_interest":{"enabled":[],"disabled":[]}},"user_id":"36B03261-8BC8-4FB4-A026-0543FF748710","created":"2025-05-28T08:36:56.058Z","updated":"2025-08-30T09:35:31.055Z","source":{"type":"app","domain":"ch.letemps.LT"},"action":"webview"}

An interview with Cloudflare CEO Matthew Prince on the company's new Content Signals Policy, which lets sites fine tune how their data can be used by crawlers (Samuel Axon/Ars Technica)
https://arstechnica.com/ai/2025/10/inside-the-web-i…

Inside the web infrastructure revolt over Google’s AI Overviews
Cloudflare CEO Matthew Prince is making sweeping changes to force Google’s hand.

Whoops, trying to browse to mastometrics.com results in a Cloudflare "Error 1000 DNS points to prohibited IP".
Not sure anyone uses that much anymore, but I know @icecubesapp has built-in capability to integrate with it.
cc: @…

«Le Conseil fédéral s’est privé, dès le départ et sans en débattre, d’une possibilité de choisir finalement un avion de combat qui Š la fois remplirait les exigences de la défense aérienne et aurait permis d’obtenir une plus-value dans l’intérêt du pays», écrivent les rapporteurs.
https://www.letemps.ch/suisse/comment-une-presentation-biaisee-des-couts-a-pousse-au-choix-du-f-35?shouldPreventPurchase=true&inAppView=3.18.1&didomiConfig.user.externalConsent.value={"purposes":{"consent":{"enabled":["audiencem-hJxaeGrR","cookies","create_ads_profile","create_content_profile","device_characteristics","geolocation_data","improve_products","market_research","measure_ad_performance","measure_content_performance","parselyne-Ya2EC4dG","select_basic_ads","select_personalized_ads","select_personalized_content","use_limited_data_to_select_content"],"disabled":[]},"legitimate_interest":{"enabled":[],"disabled":[]}},"vendors":{"consent":{"enabled":["amazon","c:aws-cloudfront","c:bannerwise-EeHwBjLT","c:chartbeat","c:cloudflare","c:echobox-GqD96L9K","c:forecast-ZRJPAUT7","c:googleana-4TXnJigR","c:hotjar","c:jsdelivr-xdD77X6w","c:jw-player","c:keycdn","c:linkedin","c:magnitein-ePEpbCQ7","c:meta-43HDmFRa","c:microsoft","c:nonli-jnWf8kqD","c:pianohybr-R3VKC2r4","c:pinterest","c:spyri-XAtBPx3i","c:tapadinc-VDTUUcKw","c:tiktok-KZAUQLZ9","c:unrulygro-nKyLqdKi","c:youtube","facebook","google","twitter",1,10,1020,1021,1028,1046,1069,108,109,11,1126,12,120,128,13,130,131,1310,132,136,137,138,142,143,154,156,16,164,202,209,21,211,23,238,24,241,243,25,253,264,28,284,290,30,301,32,36,39,4,412,422,45,469,475,493,50,519,52,559,58,61,612,617,68,684,69,73,76,77,783,790,793,80,81,811,84,85,855,898,91,92,95,965,98],"disabled":[]},"legitimate_interest":{"enabled":[],"disabled":[]}},"user_id":"36B03261-8BC8-4FB4-A026-0543FF748710","created":"2025-05-28T08:36:56.058Z","updated":"2025-08-30T09:35:31.055Z","source":{"type":"app","domain":"ch.letemps.LT"},"action":"webview"}

« Cette résolution de ne pas construire du nouveau s’est imposée récemment, et j’ai vraiment honte qu’elle ne remonte qu’Š cinq ou six ans, quand j’ai réalisé que l’architecture était presque aussi néfaste que l’industrie pétrolière en matière de complicité dans la crise climatique, puisque environ 40% du carbone consommé provient du secteur du bâtiment. »
https://www.letemps.ch/culture/arts/adam-caruso-architecte-la-seule-position-valable-c-est-la-renovation?shouldPreventPurchase=true&inAppView=3.18.1&didomiConfig.user.externalConsent.value={"purposes":{"consent":{"enabled":["audiencem-hJxaeGrR","cookies","create_ads_profile","create_content_profile","device_characteristics","geolocation_data","improve_products","market_research","measure_ad_performance","measure_content_performance","parselyne-Ya2EC4dG","select_basic_ads","select_personalized_ads","select_personalized_content","use_limited_data_to_select_content"],"disabled":[]},"legitimate_interest":{"enabled":[],"disabled":[]}},"vendors":{"consent":{"enabled":["amazon","c:aws-cloudfront","c:bannerwise-EeHwBjLT","c:chartbeat","c:cloudflare","c:echobox-GqD96L9K","c:forecast-ZRJPAUT7","c:googleana-4TXnJigR","c:hotjar","c:jsdelivr-xdD77X6w","c:jw-player","c:keycdn","c:linkedin","c:magnitein-ePEpbCQ7","c:meta-43HDmFRa","c:microsoft","c:nonli-jnWf8kqD","c:pianohybr-R3VKC2r4","c:pinterest","c:spyri-XAtBPx3i","c:tapadinc-VDTUUcKw","c:tiktok-KZAUQLZ9","c:unrulygro-nKyLqdKi","c:youtube","facebook","google","twitter",1,10,1020,1021,1028,1046,1069,108,109,11,1126,12,120,128,13,130,131,1310,132,136,137,138,142,143,154,156,16,164,202,209,21,211,23,238,24,241,243,25,253,264,28,284,290,30,301,32,36,39,4,412,422,45,469,475,493,50,519,52,559,58,61,612,617,68,684,69,73,76,77,783,790,793,80,81,811,84,85,855,898,91,92,95,965,98],"disabled":[]},"legitimate_interest":{"enabled":[],"disabled":[]}},"user_id":"36B03261-8BC8-4FB4-A026-0543FF748710","created":"2025-05-28T08:36:56.058Z","updated":"2025-08-30T09:35:31.055Z","source":{"type":"app","domain":"ch.letemps.LT"},"action":"webview"}

Activity or popularity ranking for Internet properties is full of caveats, but allowing for all that, I was curious how #Twitter has been faring according to two sources of measure (DNS and web browsing measurements primarily).
At the start of 2024, twitter.com was at #44 and #11 according to Cloudflare Radar and the Tranco list respectively.
At the start of 2025 it fell to #59 and …