Michał "rysiek" Woźniak · 🇺🇦I got quoted in The Guardian again, I guess CloudFlare must have been down or something? 
> “These companies have become too big to not fail. And because they handle so much traffic, when they do fail, this immediately becomes a massive problem”
🐦🔥nemo™🐦⬛ 🇺🇦🍉@rysiek Yeah appeantly it had been but solved
https://www.cloudflarestatus.com/incidents/lfrm31y6sw9q
As a result of patches against CVE-2025-55182
https://www.heise.de/news/Weltweites-CDN-Offenbar-wieder-Stoerung-bei-Cloudflare-11103942.html
@nemo indeed. This time it was due to React2Shell mitigation, seems like:
https://www.bleepingcomputer.com/news/technology/cloudflare-down-websites-offline-with-500-internal-server-error/
https://www.bleepingcomputer.com/news/technology/cloudflare-down-websites-offline-with-500-internal-server-error/
@rysiek Yep 😅 well… xD
Dźwiedziu
BjarniBjarniBjarni 🙊 🇮🇸 🍏@rysiek I agree with the conclusion of the article though:
“When AWS went down, their share price went up, because people realised how many people are using them. In some ways [the outage] is great marketing, because you see how many people are using Cloudflare.”
My 2c is that this was GREAT publicity. CloudFlare were working hard to protect people against an active security threat. Minor outage, handled quickly, demonstrating the tricky important work they do... shut up and take my money!
@HerraBRE I would agree with you if these did not take down so many websites and services, for so many people, simultaneously.
The scale is the problem. These companies decided to grow to this size, and allowed themselves to handle that much traffic. This is a lot of power, and with great power comes responsibility.
It's ridiculous to me to measure them with the same measure as any other hosting provider, simply because they themselves insist they are "better" than any old hosting provider.
@HerraBRE their whole shtick, their whole sales pitch was and remains: we are bigger and thus more resilient.
AWS, Azure, and CloudFlare together had four major global outages withing a month and a half. This is not resilience.
They are also monocultures. If the traffic that is handled by CloudFlare was handled by a few dozen smaller providers instead, the likelihood of such a global failure would have been way, way lower simply because their set-ups would have been sufficiently different.
@rysiek Both can be true at the same time.
Like so many things, a logical/good choice for the individual (or an individual organization) can be in aggregate an illogical/harmful choice for society.
This has been true of all manner of centralized Internet services since the dawn of SaaS, possibly longer.
@HerraBRE sure, and it is true here, to some extent. But I am not talking here about the individual choices of the customers, I am talking about the responsibility of these gargantuan providers.
The bigger they are, the more responsibility they have. "We tried" is not good enough if you're handling almost 20% of global web traffic, *and* you build your sales pitch on being resilient and robust.
@HerraBRE and just to be clear, they *do* have an option of saying "sorry, we believe we should not handle more traffic, this is becoming unhealthy to the whole ecosystem."
I have zero hope for them doing that of course. But that option is *always* on the table.
@rysiek I do wonder if there is a reasonable type of legal regulation that would prevent this kind of thing from emerging in the first place.
Because the tendency for this kind of centralization seems to be baked into the fabric Internet, probably related to Metcalf's law.
We need more friction and fences to prevent over-optimization.
@HerraBRE Metcalf's law and economies of scale.
Hard agree on regulation here as one of the things that should be explored.
@rysiek I guess one of my contrarian takes here, is I don't really care about the tech side.
If CloudFlare hurts reliability overall (a big if), the best judges of that are their customers. CloudFlare does not have very strong lock-in, I think the market can handle this one.
I am much more worried about the non-technical failure modes that come with this centralization. The centralization of power, the inevitable? enshittification that is yet to come. The risk that this MITM becomes hostile.
@rysiek It's IMO *worse* if they do a super good job at the tech stuff. Because that increases the risk and impact of all the other badness.
We've seen this before with Facebook - they did a GREAT job on the tech front, super reliable, super performant. The first social network that actually scaled up to handle global traffic levels (all the ones that came before got bogged down under the weight of the hockey stick). Too bad they were also psychopaths, no we're stuck with 'em.
@HerraBRE my point is that centralization and behemoths like these are always dangerous, for many different reasons.
But when CloudFlare fails, it cuts right to their reliability narrative. Calling them out on that might make people realize their size and position is dangerous, even if we're talking reliability alone.
Remember, too, that as with any huge company, "nobody got fired for choosing CloudFlare". Piercing through that is difficult. The above helps.