Ask Lemmy

It just means the internet is built on a very flimsy stack of technologies and any of them failing causes huge downstream issues. We saw that with AWS, and now with Cloudflare.

It's only concerning if there are no alternatives, but as it stands there are other companies that all of these websites could have done a failover to when both AWS or Cloudflare went down. But they decided that their websites having a single point of failure was worth the risk over paying for having a proper backup system ready to go.

I remember experts saying 5 or 10 years ago that the increased standardization and centralization of the internet would lead to more frequent and widespread internet blackouts.

First AWS, and now this. It looks like they're right.

I mean, the entire internet is owned by a few corporations. everything from the infrastructure to the entire DNS system is owned and controlled by corporations. in the case of DNS, it's even an american corporation, that so far has kept its hands off of things and supposedly has not been interfered with by the US government.

.

Edit - cloudflare now says it was a misconfigured config, not a DOS attack as they initially reported

The fact that Cloudflare controls half the web is concerning both for unintentional crashes like this, and for something even more insidious; what if they're coerced to cause an intentional outage should cyber war ever break out? An intentional outage for half the web in a cyber war would be devastating to put it nicely.

You know back in my day websites would protect themselves, as was the style at the time.

Now a days they just get cloudflare and put up a cookie notice.

Just one of those things lazy devs do.

The snark of the following comment is not directed towards you, OP, but at the tech industry at large.

What I don't understand is why people are still surprised when this shit happens. Today, cloudflare takes down half the internet, last month it was AWS. Crowdstrike did it last year even more severely. Akamai has also caused major issues like this before, as has Google. M365/azure outages barely get reported on because they are so frequent. Yet, they are all still being used to hold up most of our infrastructure. Every single company I've done IT for has used at least one of these companies for critical infrastructure. There just aren't any other realistic options due to the refusal of non IT people to learn about IT.

If you try to use something other than one of the big companies, you're hit with one or more roadblocks.

1. You "don't have the budget" to selfhost. Bean counters would rather pay $100 a month indefinitely than $5k to buy new hardware that will save $1000 a month for years.

2. No approval for non giant corpo option, because using AWS is cheaper and has brand recognition. This is due to the same economics and myopia that caused Walmart to be one of the only places you can get groceries.

3. There is no other option. Every year that goes by, more small companies get gobbled up by big tech M&A. Unless your company opts to create its own implementation of a service/software, you're stuck with one of only a few options, even if you could get the approval to use something not run on big tech.

4. Even if you manage to jump all of the previous hurdles, the Internet connected software you're using probably relies on big tech infrastructure too. Every company has to navigate all of these hurdles for every saas/infrastructure implementation, and the only ones that successfully do it have to have leadership that not only understands why the decisions have to be made, but also need to be willing to accept the extra cost. Anyone that has dealt with upper management knows that this is exceptionally rare.

So what we are left with is a system that every professional knows is deeply broken and monopolized. The people that actually make the final decisions are largely ignorant and unwilling to invest money in fixing it, instead choosing short term savings and lack of commitment over long term security and continuity.

It even took down the very instance we're posting this on.

You must not have been paying attention when that one Java programmer quit and took his code with him.

I didn't even notice that it went down.

The service providers get 100% of their money all the same.

This causes endless amounts of laziness on their side, and quality goes to hell.

We are causing this laziness.

Unless we, their clients, hold them accountable, and make them feel the impact of their faults in their pockets, things will continue to get worse and worse.

Being a good CDN is an expensive exercise that requires the ability to run POPs in many countries around the world.

Cloudflare captured the market by basically being simultaneously much cheaper, better distributed and ultimately better performing than the incumbents at the time (Akamai and Limelight IIRC)

The rest of the story is capitalism doing capitalist things

There was the Crowdstrike failure that tangled the airports last year, and the AWS outage that took out half the Internet just a few weeks ago. It seems like some one might be probing for vulnerabilities. One day, EVERYTHING might go down, for a while.

We'll get a chance to find out what it was like to read a book instead of a screen.

I find it at least concerning for CloudFlare's change control process. Apparently some new traffic analysis config took half the web? Maybe test things a little more?

I mean... not only is it not very concerning, I barely noticed. If not for news about it here on fediverse, I might not have known. I guess I dont visit the corpo internet all that much.

Most corporate IT hires fucking morons as admins :(

So, and I'm gonna pull my shameless plug ofc, but what about a decentralised internet?

Check out tenfingers or the sub (I put the weblink, is it !lemmy.world/c/tenfingers on lemmy browser apps?).

What about we take the internet back?

Honestly about the same as I did with crowdstrike, the AWS outages. It's not a good idea, could lead to ruin, people won't diversify, Goto step one. It's easier to just have a sensible chuckle and move on at this point.

It's good that it goes down once in a while, so that people notice.

How does one company have that much impact?

Because they are a very good CDN and provide excellent DDos protection. They then expanded to do a whole host of other things, to the point where they do pretty much everything. Basically, they have become the first name most folks think of when they want to put something on the internet. A one stop shop for your web hosting needs. Wouldn't surprise me to learn they rent servers and VPS's as well.

Been seeing it in the selfhosting communities and subreddits for a while now. "Oh I want to put this selfhosted service on the internet. I should put it behind Cloudflare!" Most of the time it's not needed in that context.

Do you think that's concerning?

Well, they did just take out "half" of the internet today so.... In general, if it seems like "everyone" is using a single service, it's probably a good idea to see if an alternative exists and will suit your needs. Which reminds me, I should probably start looking for a replacement for Tailscale. They're starting to look a bit like Cloudflare to me, in the sense that "everyone", including myself tends to recommend them as a VPN.

Obviously it is concerning. We have just been given a window of a glimpse as to what would happen if one service in which so many things rely on, gets messed up. Like today I was having trouble logging into my bank because guess what, they rely on CloudFlare.

I've read individuals relying on services provided by CloudFlare, their processes were interrupted.

I know that CloudFlare has a purpose and its purpose is being served, but there's a reason why people love and should embrace the idea of multiple alternatives and hate monopolies.

It would be like, if Comcast as an ISP has a blackout, do you know how many subscribers they have? Some people in certain areas are all that they have so the blackout would knock them offline for however long. That's why alternatives are important.

Because one company offers a good service many people like, and no other company is doing it, od doing it as well as cloudflare. We are also talking about a security feature where not having it and getting hacked, may be well worse than a few hours of downtime.

Cloudflare is not necessary for the internet at all. People choose to use them.

I am, but what can we do about it? We don't run things.

Not only does it make things brittle, but it makes a smaller number of things for governments to intercept to scan all internet traffic.