| ▲ | DC-3 10 hours ago |
| It's the old IBM thing. If your website goes down along with everyone else's because of Cloudflare, you shrug and say "nothing we could do, we were following the industry standard". If your website goes down because of on-prem then it's very much your problem and maybe you get to look forward to an exciting debrief with your manager's manager. |
|
| ▲ | lpcvoid 10 hours ago | parent [-] |
| That's lazy engineering and I don't think we as technical, rational people should make that our way of working. I know the saying, but I disagree with it. My fuckups, my problem, but at least I can avoid fuckups actively if I am in charge. |
| |
| ▲ | reassess_blind 10 hours ago | parent | next [-] | | How do you mitigate large scale DDoS? | | |
| ▲ | lpcvoid 9 hours ago | parent [-] | | I don't, since my stuff is reachable only within the company network/VPN. If I needed to though, I would consult the BSI list of official DDOS mitigation services [0] and evaluate each one before deciding. I would not auto-pick Cloudflare. [0] (German) https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Cyber-Si... | | |
| ▲ | reassess_blind 9 hours ago | parent [-] | | When the solution you pick inevitably has downtime too you’re in the same boat. DDoS mitigation is one of those areas that an on-prem solution just isn’t well suited to solve. | | |
| ▲ | lpcvoid 9 hours ago | parent | next [-] | | Yeah, but people aren't using Cloudflare just for DDOS Mitigation. Some are running pretty much everything over it, from DNS to edge caching to load balancing and even hosting. That's what I oppose mainly. | |
| ▲ | lousken 7 hours ago | parent | prev [-] | | Unless you are really big, onprem stuff would be 90% internal anyway. For everything public you'd host your hardware in a datacenter with better high speed connectivity. And pretty much every single datacenter I interacted with in the last 5 years does have a DDOS protection solution that you can order for your network. |
|
|
| |
| ▲ | saubeidl 10 hours ago | parent | prev [-] | | The problem is the people that sign our checks usually aren't technical, rational people. The system isn't designed for technical, rational decision making. | | |
| ▲ | lpcvoid 9 hours ago | parent [-] | | That's fair, yeah, and I agree it's not always feasible - but if you have any influence over technical direction at your org, I encourage what I wrote above. Otherwise yeah, let the pea counters in the C-Levels dig their own grave. |
|
|
