Honestly about the same as I did with crowdstrike, the AWS outages. It’s not a good idea, could lead to ruin, people won’t diversify, Goto step one. It’s easier to just have a sensible chuckle and move on at this point.
Because one company offers a good service many people like, and no other company is doing it, od doing it as well as cloudflare. We are also talking about a security feature where not having it and getting hacked, may be well worse than a few hours of downtime.
Cloudflare is not necessary for the internet at all. People choose to use them.
There was the Crowdstrike failure that tangled the airports last year, and the AWS outage that took out half the Internet just a few weeks ago. It seems like some one might be probing for vulnerabilities. One day, EVERYTHING might go down, for a while.
We’ll get a chance to find out what it was like to read a book instead of a screen.
So, and I’m gonna pull my shameless plug ofc, but what about a decentralised internet?
Check out tenfingers or the sub (I put the weblink, is it !lemmy.world/c/tenfingers on lemmy browser apps?).
What about we take the internet back?
The service providers get 100% of their money all the same.
This causes endless amounts of laziness on their side, and quality goes to hell.
We are causing this laziness.
Unless we, their clients, hold them accountable, and make them feel the impact of their faults in their pockets, things will continue to get worse and worse.
You know back in my day websites would protect themselves, as was the style at the time.
Now a days they just get cloudflare and put up a cookie notice.
Just one of those things lazy devs do.
Well the average website isn’t going to be able to protect itself from DDoS attacks or easily provide local cache copies of its content in multiple regions all over the world or create secured tunnels protected from general attacks. My company was affected by this and we are putting in contingency plans for this happening again but the whiteboard that we’ve created with all the features we need to reinvent is very full…
Why reinvent the wheel.
It’s not lazy, they just spend that time on other features.
Ya. Like popups and cookie notices.
It even took down the very instance we’re posting this on.
I mean, the entire internet is owned by a few corporations. everything from the infrastructure to the entire DNS system is owned and controlled by corporations. in the case of DNS, it’s even an american corporation, that so far has kept its hands off of things and supposedly has not been interfered with by the US government.
What’s the fear there, that they would figure out what domain names you are resolving?
Try to do secure communication without that sweet domain mame… You can’t!
My thoughts is that they feel the need to control everything. And we all know how that goes usually…
maybe you could hijack sessions by redirecting and capturing authentication i don’t know im not a wizard my grandson is
well, if the people in charge of DNS decided to do something to DNS, they just could and the whole world would be at their mercy for potentially months. with how everything is digital these days, by taking down DNS for a single country you could cripple their economy and many of their public services. that means power, water, infrastructure like bridges, their internet, banking, etc. basically, you name it, it probably uses the internet in some way, and if it uses the internet then chances are it uses DNS. now, eventually, people would work around it if given the chance, but if you do something like that it’s probably happening right before a general invasion of their country.
it’s really bad that we have just one authority in charge of all that, especially one based in the US. with how authoritarian the US is getting, I fully expect DNS to be weaponized in some way at some point.
I’m guessing the concern would be resolving them to the wrong address, either to censor or to serve disinformation.
I remember experts saying 5 or 10 years ago that the increased standardization and centralization of the internet would lead to more frequent and widespread internet blackouts.
First AWS, and now this. It looks like they’re right.
Two things happen when we centralize. Doesn’t matter if it’s big business or infrastructure.
-
Profits go up for the controlling few
-
consumers get fucked.
We get fucked when things go wrong, the system fails, our data gets hacked, our power goes out, our rents go up, insurance rates go up… etc etc. MegaCorps all say sorry, give us 50¢ off our next purchase and a free credit check, and carry on while we eat the losses and increasing costs.
-
Don’t forget the Azure/Intune outage not one week after AWS, too.
The outages are almost beginning to feel deliberate at this point.
Are we just forgetting the gigantic Crowdstrike outage a year ago by Microsoft that halted air traffic for a full day?
Isn’t crowdstrike still being sued for all the damages in aerospace? Kinda crazy
And yet, I had to remind my fiancee that it ever happened last week. People have just… forgotten.
It just means the internet is built on a very flimsy stack of technologies and any of them failing causes huge downstream issues. We saw that with AWS, and now with Cloudflare.
It’s only concerning if there are no alternatives, but as it stands there are other companies that all of these websites could have done a failover to when both AWS or Cloudflare went down. But they decided that their websites having a single point of failure was worth the risk over paying for having a proper backup system ready to go.
Relevant XKCD, as always:
XKCD//2347
I like to think there was a specific person in Nebraska the author had in mind. The University there had a tap into the ARPANET back in the day and always had interesting projects going in that one wouldn’t typically expect in Nebraska.
(Joke stolen from another post that’s since been deleted, so reproduced here.)
DNS doesn’t fail over, unfortunately.
I now imagine all the websites to fail over to the same backup services, effectively ddosing them and creating a chain reaction :D
Yeah! We call those “Cascading Failures”
They’re a nightmare! 😄
And azure also went down too
So many people seem to have just forgotten the crowd strike outage, which halted air traffic for a day and stopped a not-insignificant amount of public infrastructure
for a solid while i had forgotten cloudflare and crowdstrike were different entities, so i spent like 5 minutes scrolling through lemmy, incredibly confused
.
Edit - cloudflare now says it was a misconfigured config, not a DOS attack as they initially reported
except you’re getting it wrong, because it wasn’t an attack, according to Cloudflare. they fucked up a config file on one of their systems and that caused a cascading effect of failures in one system after another.
it was quite literally not working as they intended.
Most of the reporting I have seen suggests a massive traffic spike. Do you have some more information about the config file?
Neat!
“30 minutes”- me when I lie on the internet. Where did you get that number? You realize we can check the news and see that big sites like x and chatgpt were down like 4 hours? Not only that, they said themselves it was not an attack but a misconfiguration. News were reporting it fixed around evening utc while the issue popped up around noon. That’s not a 30 min outage and is a huge failure.
Most corporate IT hires fucking morons as admins :(
More than likely it’s their management who are the morons.
I’ve been a contractor most of my career and I can assure you, fair share of ID10Ts in my circles as well.
Can confirm it’s not industry specific.
Places keep hiring me.
Yes, the increasing centralization of the internet is concerning, and the fact that companies have been vibecoding stuff increases the chances of stuff going wrong. And quality control and testing aren’t a priority anymore, it’s as if they’re just chasing short term profits. Oh wait, they are.
Imma switch my services to Bunny CDN to decrease my reliance on a huge service. And its Slovenian, so that’s pretty nice.
quality control and testing are not a priority anymore
We can see it with crowdstrike some times ago, they fucking rolled out a system-breaking update, this mean that they just builded it without testing!
The snark of the following comment is not directed towards you, OP, but at the tech industry at large.
What I don’t understand is why people are still surprised when this shit happens. Today, cloudflare takes down half the internet, last month it was AWS. Crowdstrike did it last year even more severely. Akamai has also caused major issues like this before, as has Google. M365/azure outages barely get reported on because they are so frequent. Yet, they are all still being used to hold up most of our infrastructure. Every single company I’ve done IT for has used at least one of these companies for critical infrastructure. There just aren’t any other realistic options due to the refusal of non IT people to learn about IT.
If you try to use something other than one of the big companies, you’re hit with one or more roadblocks.
-
You “don’t have the budget” to selfhost. Bean counters would rather pay $100 a month indefinitely than $5k to buy new hardware that will save $1000 a month for years.
-
No approval for non giant corpo option, because using AWS is cheaper and has brand recognition. This is due to the same economics and myopia that caused Walmart to be one of the only places you can get groceries.
-
There is no other option. Every year that goes by, more small companies get gobbled up by big tech M&A. Unless your company opts to create its own implementation of a service/software, you’re stuck with one of only a few options, even if you could get the approval to use something not run on big tech.
-
Even if you manage to jump all of the previous hurdles, the Internet connected software you’re using probably relies on big tech infrastructure too. Every company has to navigate all of these hurdles for every saas/infrastructure implementation, and the only ones that successfully do it have to have leadership that not only understands why the decisions have to be made, but also need to be willing to accept the extra cost. Anyone that has dealt with upper management knows that this is exceptionally rare.
So what we are left with is a system that every professional knows is deeply broken and monopolized. The people that actually make the final decisions are largely ignorant and unwilling to invest money in fixing it, instead choosing short term savings and lack of commitment over long term security and continuity.
I hear where you are coming from, but I think your criticisms are misdirected. For the majority of businesses, using an infrastructure provider is a sensible decision that leads to greater security and stability in the long run for less money than trying to build the same thing on their own. This isn’t a decision made out of stubbornness, laziness, or ignorance about IT. It’s simply that it’s the better option for each individual business.
But when most companies make the decision to use an infrastructure provider, outages and risks are centralized. As you pointed out, the services you rely on are likely to use a provider even if you don’t use one, so this isn’t a problem that a business can solve by buying a server and hiring an IT team. These massive failures aren’t a sign that businesses need to make different decisions. It’s a sign that the infrastructure providers must work harder and spend more money to improve their internal isolation.
When a bridge collapses because the pedestrians happen to walk in step with the resonant frequency of the bridge, we don’t blame the pedestrians for walking incorrectly or for deciding to take the bridge instead of a boat. We blame the designer of the bridge for failing to account for the mundane stresses that the bridge is expected to sustain.
For a lot of people who would self host, $100 at a time is easier to get together than a few thousand at once.
Not talking about individuals, homie. Talking about companies.
I mean, companies avoiding self hosting isn’t just about being cheap. Cloudflare/AWS might cost $100 per mo and only have 95% uptime but you know what you’re getting. Self hosting inherently introduces risk.
That 5k machine might pay for itself in half a year OR it might self destruct in 3 months. The man hours and downtime needed to unfuck that mess might cost more than multiple years of flaky cloud hosting. Alternatively, a change in data retention regulation requires hardware redundency, then next month the revenue stream from that hardware drys up and you’re stuck holding a $10k loss instead of canceling a $100 payment.
-
The fact that Cloudflare controls half the web is concerning both for unintentional crashes like this, and for something even more insidious; what if they’re coerced to cause an intentional outage should cyber war ever break out? An intentional outage for half the web in a cyber war would be devastating to put it nicely.
