VP9 and AV1 are less affected not because they're free and open source, but because they're backed by large-enough companies (Google) and a consortium that promised they won't claim royalties for the patents used in the formats. Companies outside Google or the consortium can still claim royalties, and indeed they do. See the Sisvel VP9/AV1 patent pool for an example of patent holders claiming royalties for technologies used in VP9 and AV1.
This was not about DDoS defense but the Bot Management feature, which is a paid Enterprise-only feature not enabled by default to block automated requests regardless of whether an attack is going on.
Bots can also cause a DoS/DDoS. We use the feature to restrict certain AI scraper tools by user agent that adversly impact performance (they have a tendency to hammer "export all the data" endpoints much more than regular users do)
It would still fail if you were unluckily on the new proxy (it's not very clear why if the feature was not enabled, indeed):
> Unrelated to this incident, we were and are currently migrating our customer traffic to a new version of our proxy service, internally known as FL2. Both versions were affected by the issue, although the impact observed was different.
> Customers deployed on the new FL2 proxy engine, observed HTTP 5xx errors. Customers on our old proxy engine, known as FL, did not see errors, but bot scores were not generated correctly, resulting in all traffic receiving a bot score of zero. Customers that had rules deployed to block bots would have seen large numbers of false positives. Customers who were not using our bot score in their rules did not see any impact.
What the article says is true, but Firefox mobile doesn't get the basics right. From weird decisions like the new tab page not actually being a tab like in every other browser on Earth, to consistent bugs and lack of polish in basics functions like scroll direction locking or scrolling to hide the top bar.
Another thing is that they appear to have some spam scanning on outbound emails and when they detect something suspicious they simply drop the email silently, and nobody will ever know about it.
What do you mean? Videos on that page are served by CloudFront. If you're seeing issues it may be that videos are not encoded for web playback (faststart, etc.) but I haven't checked.
reply