In theory they try to get people hired for their competence rather than their network. A widely-cited anecdotal example of this reportedly working well is the Rooney Rule: https://www.espn.com/nfl/playoffs06/news/story?id=2750645
This thread also has a lot of anecdotal examples of failure modes of 'diverse slate' rules, though, such as people who have already decided who to hire still interviewing women candidates just to appease the rule, thus wasting everyone's time.
key features implemented in a multi-process architecture, using plenty of C++ and Rust written modules
Which is exactly the point—the UI is written in HTML/CSS, not the native platform language, and the high-performance modules are written in C++ and Rust, also not the native platform language.
There are no second chances in the court of public opinion, no punishment severe enough, no act of restitution sincere enough.
This just isn't true. Look into how Dan Harmon gave a genuine apology and accounting for his wrongdoing and was forgiven. Can you point to Sabatini doing anything that even arguably rises to that level of contrition?
Should a lack of contrition prevent Sabatini from ever working again? He should be indefinitely held in contempt of the court of public opinion?
I fully understand criticism of his personal manner but I have not seen much criticism of his actual work. Why not allow a position where he is not managing career paths?
Edit: He lost his positions, he suffered consequences. When are the consequences enough, is there ever a point?
If learning that Cloudflare took action against literal, self-identified Nazis—who praise Hitler, deny the Holocaust, and drove a car into a crowd and killed a woman—made you worried that Cloudflare might take action against you, you're really telling on yourself.
I don't condone that stuff at all. The big risk comes from 5 or 6 digit member enterprises where you can't properly vet your partners, employees, or contractors. What if a situation like Yandex happens and you find out your code has obscene comments on the backend? What if you have a sponsor that wasn't properly vetted. What if you wind up in a catastrophic PR situation, say BP oil spill. Or, what if someone goes onto a public comment form and posts that obscene stuff and you don't realize it?
Enterprises are massive machines that move EXTREMELY slow. And the risk of not being able to catch something in time is there, and since Cloudflare has now done it once, that means they could be pressured into it in the future. And would the media or Twitter be defending a poor Oil and Gas company if their source code had obscene things in it from a malicious developer, or would they push for Cloudflare to remove them?
Even if the odds of this are so low. I would be doing a disservice to my clients and enterprises if I didn't advise them of this possible risk that could cripple a company. Anything that can be easily stopped by using another vendor, so essentially free, when compared to a risk of something that could result in a company losing hundreds of millions or billions of dollars is an easy choice to make.
Corporations are risk averse, and this plays into both sides. Activists abuse this to pull advertisers of people they don't like. But they also have to understand that services which can cause risk are avoided like the plague.
I strongly disagree with the analogy between CDNs and ISPs. ISPs operate on the user-side, they have no business filtering what the user sees. CDNs operate on the server-side, they have the power and responsibility to decide who they want to do business with, and to not provide services to harmful customers—I'm sure we agree ISPs shouldn't provide services to harmful customers either (spam, malware, phishing, etc).
This is so overwrought. We're not talking about Embrace, Extend, Extinguish here, where Microsoft wanted to exploit their OS monopoly to bend the Internet to its will. Cloudflare's products are popular because they solve real problems; Cloudflare is not responsible for the popularity of outsourcing SSL termination, the difficulty of implementing SSL properly is, and if Cloudflare ceased operating tomorrow there would still be vendors and customers for SSL termination aplenty.
That's what domain fronting is for, and even though the GFW attempts to filter by SNI, genetic algorithms like Geneva are able to find workarounds: https://geneva.cs.umd.edu/papers/foci21.pdf
Since the project at the OP link is mostly/initially aimed at Russia, in my own experience, it's not always just DPI — it's often DPI combined with a firewall. Roskomnadzor can order to block access to a domain, but then they can also specify an IP or a subnet instead. For example, that's what happened when they tried to block Telegram, which does not use DNS at all.
