Comment by afavour
4 hours ago
Because no one cares enough, including users.
Oddly this centralization allows a complete deferral of blame without you even doing anything: if you’re down, that’s bad. But if you’re down, Spotify is down, social media is down… then “the internet is broken” and you don’t look so bad.
It also reduces your incentive to change, if “the internet is down” people will put down their device and do something else. Even if your web site is up they’ll assume it isn’t.
I’m not saying this is a good thing but I’m simply being realistic about why we ended up where we are.
As a user I do care, because I waste so much time on Cloudflare's "prove you are human" blocking-page (why do I have to prove it over and over again?), and frequently run on websites blocking me entirely based on some bad IP-blacklist used along with Cloudflare.
Unfortunately the internet sucks in 2025.
If you have a site with valuable content the LLM crawlers hound you to no end. CF is basically a protection racket at this point for many sites. It doesnt even stop the more determined ones but it keeps some away.
Yep for anyone unaware of how awful things truly are, look up what a "residential proxy" is. Back in my day we called that a botnet.
And yet half the HN front page every day is promoting LLM stuff.
"The internet sucks", yes, but we're doing it to ourselves.
6 replies →
I just realized, why don't they have some "definitely human" third party cookie that caches your humanness for 24h or so? I'm sure there's a reason, I've heard third party cookies were less respected now, but can someone chime in on why this doesn't work and save a ton of compute?
Because people will solve the challenge once, and then use the cookie in automation tools. It already happens with shorter expiration cookies.
1 reply →
https://developers.cloudflare.com/waf/tools/privacy-pass/
1 reply →
Yes, there are several, and the good one (linked below) lets you use the "humanness" token across different websites without them being able to use it as a tracking signal / supercookie. It's very clever.
https://github.com/ietf-wg-privacypass/base-drafts
https://privacypass.github.io/
I assume that will be for Apple (and eventually Alphabet) to implement via digital IDs linked to real world IDs.
https://www.apple.com/newsroom/2025/11/apple-introduces-digi...
1 reply →
Congrats, you now know what it's like to be a daily Tor user trying to hit normie sites from exit node IPs xD
Why would anyone be a daily Tor user and trying to hit clear-net sites on top of that? This sounds like a bizarre usecase.
2 replies →
I hate it as much (and the challenge time seems to be getting longer, 10s lately for me, what the hell?)
But we can all say thank you to all the AI crawlers who hammer websites with impossible traffic.
I mean, it was a problem before AI crawlers with just bots and attacks in general.
> if you’re down, Spotify is down, social media is down… then “the internet is broken” and you don’t look so bad.
Which changes nothing to you actually being down, youre only down more. CF proxies always sucked - not your domain, not your domain...
There is an upside too. Us humans, we also need our down time occasionally.
Oh, if only computers could continue working while I take a break, or teams continue working while I’m on PTO…
Businesses and peoples’ livelihoods are online nowadays, it’s not just scrolling Twitter for fun.
The internet can’t afford to just “give people mental health breaks.”
> Businesses and peoples’ livelihoods are online nowadays
What happened to having a business continuity plan? E.g. when your IT system is down, writing down incoming orders manually and filling them into the system when it's restored?
I have a creeping suspicion that people don't care about that, in which case they can't really expect more than to occasionally be forced into some downtime by factors outside of their control.
Either it's important enough to have contingencies in place, or it's not. Downtime will happen either way, no matter how brilliant the engineers working at these large orgs are. It's just that with so much centralization (probably too much) the blast range of any one outage will be really large.
1 reply →
I’m not so sure about that. The pre-internet age had a lot of forced “mental health breaks”. Phone lines went down. Mail was delayed. Trains stalled. Businesses and livelihoods continued to thrive.
The idea that we absolutely need 24/7 productivity is a new one and I’m not that convinced by it. Obviously there are some scenarios that need constant connectivity but those are more about safety (we don’t want the traffic lights to stop working everywhere) than profit.
2 replies →
Most businesses are totally fine if they have a few hours of downtime. More uptime is better, but treating an outage like a disaster or an e-commerce site like a power plant is more about software engineer egos than business or customer needs.
If AWS is down, most businesses on AWS are also down, and it’s mostly fine for those businesses.
1 reply →
Shitposting on twitter should never have been a business or livelihood in the first place.
The vast majority of the internet can afford that though, and not the entire thing needs to operate the same way.
Actually, yes, it can. Chill a bit.
> “give people mental health breaks.”
try going outside
Why not?
It's better to have diverse, imperfect infrastructure, than one form of infra that goes down with devastating results.
I'm being semi-flippant but people do need to cope with an internet that is less than 100% reliable. As the youth like to say, you need to touch grass
Being less flippant: an economy that is completely reliant on the internet is one vulnerable to cyberattacks, malware, catastrophic hardware loss
It also protects us from the malfeasance or incompetence of actors like Google (who are great stewards of internet infrastructure... until it's no longer in their interests)
I’ve worked in cloud consulting for a little over five years. I can say 95% of the time when I discuss the cost and complexity tradeoffs of their websites being down vs going multi region or god forbid “multi cloud”, they shrug and say, it will be fine if they are down for a couple of hours.
This was the same when I was doing consulting inside (ie large companies willing to pay the premium cost of AWS ProServe consultants) and outside working at 3rd party companies.
globally coordinated
Users have no options because... everything has been centralized. So it doesn't matter if users care or not.
Users are never a consideration today anyway.
There absolutely are options but we aren't using them because nobody cares enough about these downsides. bsky is up, with Mastodon you even have choice between tons of servers and setting up your own. Yet, nobody cares enough about the occasional outage to switch. It's such a minor inconvenience that it won't move the needle one bit. If people actually cared, businesses would lose customers and correct the issue.
It is a trade-off between convenience and freedom. Netflix vs buying your movies. Spotify vs mp3s. Most tech products have alternatives. But you need to be flexible and adjust your expectations. Most people are not willing to do that
The issue is that real life is not adaptable. Resources and capital are slow.
That's the whole issue with monopolies for example, innit? We envision "ideal free market dynamics" yet in practice everybody just centralizes for efficiency gains.
1 reply →
That's just a post hoc rationalization. If the capital owners don't want something to happen then market dynamics don't matter a lick
It’s time to revolt.
More like it's time for the pendulum to swing back...
We had very decentralized "internet" with BBSes, AOL, Prodigy, etc.
Then we centralized on AOL (ask anyone over 40 if they remember "AOL Keyword: ACME" plastered all over roadside billboards).
Then we revolted and decentralized across MySpace, Digg, Facebook, Reddit, etc.
Then we centralized on Facebook.
We are in the midst of a second decentralization...
...from an information consumer's perspective. From an internet infrastructure perspective, the trend has been consistently toward more decentralization. Initially, even after everyone moved away from AOL as their sole information source online, they were still accessing all the other sites over their AOL dial-up connection. Eventually, competitors arrived and, since AOL no longer had a monopoly on content, they lost their grip on the infrastructure monopoly.
Later, moving up the stack, the re-centralization around Facebook (and Google) allowed those sources to centralize power in identity management. Today, though, people increasingly only authenticate to Facebook or Google in order to authenticate to some 3rd party site. Eventually, competitors for auth will arrive (or already have ahem passkeys coughcough) and, as no one goes to Facebook anymore anyway, they'll lose grip on identity management.
It's an ebb and flow, but the fundamental capability for decentralization has existed in the technology behind the internet from the beginning. Adoption and acclimatization, however, is a much slower process.
2 replies →
Who cares if a couple of websites are down a day or even two?
As long as HN is up and running, everything is going to be O.K.!
There was a problem posting your comment.
So Say We All!
Wealthy, investment-bloated software companies will be fine.
Smaller companies that provide real world services or goods to make a much more meagre living that rely on some of the services sold to them by said software companies will be impacted much more greatly.
Losing a day or two of sales to someone who relies on making sales every day can be a growing hardship.
This doesn’t just impact developers. It’s exactly this kind of myopic thinking that leads to scenarios like mass outages.
You don't lose a day of sales, customers come back when the site is up again.
1 reply →
100% this. While in my professional capacity I'm all in for reliability and redundancy, as an individual, I quite like these situations when it's obvious that I won't be getting any work done and it's out of my control, so I can go run some errands to or read a book, or just finish early.
> But if you’re down, Spotify is down, social media is down… then “the internet is broken” and you don’t look so bad.
In my direct experience, this isn't true if you're running something even vaguely mission-critical for your customers. Your customer's workers just know that they can't do their job for the day, and your customer's management just knows that the solution they shepherded through their organization is failing.
It's really quite funny, many of the ACTUALLY vital systems to running the world as we know it are running off of very different softwares. Cloudflare appears to have a much higher % of non vital systems running on it than say something like akamai.
If akamai went down i have a feeling you'd see a whole lot more real life chaos.
> if “the internet is down” people will put down their device and do something else
In this case, the internet should be down more often.
If the internet is down is what it takes to get you to put it down once in a while, I think thats probably the problem.
Which "user" are you referring to? Cloudflare users or end product users?
End product users have no power, they can complain to support and maybe get a free month of service, but the 0.1% of customers that do that aren't going to turn the tide and have anything change.
Engineering teams using these services also get "covered" by them - they can finger point and say "everyone else was down too."
Many people care, but none of them can (sufficiently) change the underlying incentive structure to effect the necessary changes.
> if “the internet is down” people will put down their device and do something else.
oh no
On the other hand, it is cool to be up when the internet is down
Also it's free (the basic domain protection offered by CF anyway)
This is essentially the entire IT excuse for going to anything cloud. I see IT engineers all the time justifying that the downtime stops being their problem and they stop being to blame for it. There's zero personal responsibility in trying to preserve service, because it isn't "their problem" anymore. Anyone who thinks the cloud makes service more reliable is absolutely kidding themselves, because everyone who made the decision to go that way already knows it isn't true, it just won't be their problem to fix it.
If anyone in the industry actually cared about reliability and took personal stake in their system being up, everyone would be back on-prem.
Reliability is not even how the cloud got sold to the C Suite. Good God, when my last company started putting things on Azure back in 2015 stuff would break weekly, usually on Monday mornings.
No, the value proposition was always about saving money, turning CapEx into OpEx. Direct quote from my former CEO maybe 9 years ago: We are getting out of the business of buying servers.
Cloud engineering involves architecting for unexpected events: retry patterns, availability zones, multi-region fail over, that sort of thing.
Now - does it all add up to cost savings? I could not tell you. I have seen some case studies, but I also have been around long enough to take those with a big grain of salt.
No the value was bypassing IT.
You no longer needed them to approve a new machine, you just spun it up how you want. Sped things up massively for a while.
7 replies →
> ...does it all add up to cost savings?
IMHO it adds, but only if you are big enough. Netflix level. At that level, you go and dine with Bezos and negotiate a massive discount. For anyone else, I’d genuinely love to see the numbers that prove otherwise.
> There's zero personal responsibility
Unfortunately, this seems to be the unspoken mantra of modern IT management. Nobody wants to be directly accountable for anything, yet everyone wants to have their fingerprints on everything. A paradox of collaboration without ownership.
2 replies →
I mean in the end it's about making a trade off that makes sense for your business.
If the business can live with a couple of hours downtime per year when "cloud" is down, and they think they can ship faster / have less crew / (insert perceived benefit), then I don't know why that is a problem.
More like "don't have choice". It's not like service provider gonna go to competition, because before you switch, it will be back.
Frankly it's a blessing, always being able to blame the cloud that management forced company to migrate to be "cheaper" (which half of the time turns out to be false anyway)
> It also reduces your incentive to change, if “the internet is down” people will put down their device and do something else. Even if your web site is up they’ll assume it isn’t.
I agree. When people talk about the enshittification of the internet, Cloudflare plays a significant role.
> Because no one cares enough, including users.
When have users been asked about anything?
But Spotify was not down. One social media was down.
This:
> if you’re down, that’s bad. But if you’re down, Spotify is down, social media is down… then “the internet is broken” and you don’t look so bad.
is just marketing. If you are down with some other websites it is still bad.
Admittedly when I wrote that I was thinking about the recent AWS outage. Anecdotally, I asked friends and family about their experience and they assumed the internet was down. Almost everything at my work runs on Google cloud so we were still running but we observed a notable dip in traffic during the outage all the same.
> it is still bad
No doubt. But there’s a calculation to make, is it bad enough to spend the extra money on mitigations, to hire extra devops folks to manage it all… and in the majority of end user facing cases the answer is no, it isn’t.
Where I've worked and we've been in the cloud I've always promoted just running in one AZ, I run my own things in one Hetzner DC (hel1). I've done hybrid cloud as well and in that case we only have one AZ for the on-premise stuff anyways (plus offsite backup)
That one time when an AZ goes down and your infra successfully fails over to the other two isn't worth it for a lot of my scale companies, ops consultants seem to be chasing high cloud spend to justify their own high cost. I also factor in that I live in Sweden where most infrastructure outages are exceptionally rare.
Ofc it depends on what kind of company you are and what you're providing.
> If you are down with some other websites it is still bad.
In some cases, absolutely. For the vast majority, it really, really doesn't matter.
(Source: my personal website is down and nobody cares, including me)
> Because no one cares enough, including users.
this is like a bad motivational speaker talk.. heavy exhortations with a dramatic lack of actual reasoning.
Systems are difficult, people. It is "incentives" of parties and lockin by tech design and vendors, not lack of individual effort.
Eh? It's because they are offering a service too good to refuse.
The internet this day is fucking dangerous and murderous as hell. We need Cloudflare just to keep services up due to the deluge of AI data scrapers and other garbage.
[dead]