Yep for anyone unaware of how awful things truly are, look up what a "residential proxy" is. Back in my day we called that a botnet.

CF would be a protection racket only if CF is the cause of the problem CF is charging money to solve.

And yet half the HN front page every day is promoting LLM stuff.

"The internet sucks", yes, but we're doing it to ourselves.

You might say the problem CloudFlare is causing is lesser than the ones it's solving, but you can't say they're not causing a new, separate problem.

That they're trying counts for brownie points, it's not an excuse to be satisfied with something that still bothers a lot of people. Do better, CloudFlare.

Because people will solve the challenge once, and then use the cookie in automation tools. It already happens with shorter expiration cookies.

https://developers.cloudflare.com/waf/tools/privacy-pass/

Yes, there are several, and the good one (linked below) lets you use the "humanness" token across different websites without them being able to use it as a tracking signal / supercookie. It's very clever.

https://github.com/ietf-wg-privacypass/base-drafts

https://privacypass.github.io/

I assume that will be for Apple (and eventually Alphabet) to implement via digital IDs linked to real world IDs.

https://www.apple.com/newsroom/2025/11/apple-introduces-digi...

Why would anyone be a daily Tor user and trying to hit clear-net sites on top of that? This sounds like a bizarre usecase.

I mean, it was a problem before AI crawlers with just bots and attacks in general.

> Businesses and peoples’ livelihoods are online nowadays

What happened to having a business continuity plan? E.g. when your IT system is down, writing down incoming orders manually and filling them into the system when it's restored?

I have a creeping suspicion that people don't care about that, in which case they can't really expect more than to occasionally be forced into some downtime by factors outside of their control.

Either it's important enough to have contingencies in place, or it's not. Downtime will happen either way, no matter how brilliant the engineers working at these large orgs are. It's just that with so much centralization (probably too much) the blast range of any one outage will be really large.

I’m not so sure about that. The pre-internet age had a lot of forced “mental health breaks”. Phone lines went down. Mail was delayed. Trains stalled. Businesses and livelihoods continued to thrive.

The idea that we absolutely need 24/7 productivity is a new one and I’m not that convinced by it. Obviously there are some scenarios that need constant connectivity but those are more about safety (we don’t want the traffic lights to stop working everywhere) than profit.

Most businesses are totally fine if they have a few hours of downtime. More uptime is better, but treating an outage like a disaster or an e-commerce site like a power plant is more about software engineer egos than business or customer needs.

If AWS is down, most businesses on AWS are also down, and it’s mostly fine for those businesses.

Shitposting on twitter should never have been a business or livelihood in the first place.

The vast majority of the internet can afford that though, and not the entire thing needs to operate the same way.

Actually, yes, it can. Chill a bit.

> “give people mental health breaks.”

try going outside

Why not?

It's better to have diverse, imperfect infrastructure, than one form of infra that goes down with devastating results.

I'm being semi-flippant but people do need to cope with an internet that is less than 100% reliable. As the youth like to say, you need to touch grass

Being less flippant: an economy that is completely reliant on the internet is one vulnerable to cyberattacks, malware, catastrophic hardware loss

It also protects us from the malfeasance or incompetence of actors like Google (who are great stewards of internet infrastructure... until it's no longer in their interests)

I’ve worked in cloud consulting for a little over five years. I can say 95% of the time when I discuss the cost and complexity tradeoffs of their websites being down vs going multi region or god forbid “multi cloud”, they shrug and say, it will be fine if they are down for a couple of hours.

This was the same when I was doing consulting inside (ie large companies willing to pay the premium cost of AWS ProServe consultants) and outside working at 3rd party companies.

The issue is that real life is not adaptable. Resources and capital are slow.

That's the whole issue with monopolies for example, innit? We envision "ideal free market dynamics" yet in practice everybody just centralizes for efficiency gains.

That's just a post hoc rationalization. If the capital owners don't want something to happen then market dynamics don't matter a lick

More like it's time for the pendulum to swing back...

We had very decentralized "internet" with BBSes, AOL, Prodigy, etc.

Then we centralized on AOL (ask anyone over 40 if they remember "AOL Keyword: ACME" plastered all over roadside billboards).

Then we revolted and decentralized across MySpace, Digg, Facebook, Reddit, etc.

Then we centralized on Facebook.

We are in the midst of a second decentralization...

...from an information consumer's perspective. From an internet infrastructure perspective, the trend has been consistently toward more decentralization. Initially, even after everyone moved away from AOL as their sole information source online, they were still accessing all the other sites over their AOL dial-up connection. Eventually, competitors arrived and, since AOL no longer had a monopoly on content, they lost their grip on the infrastructure monopoly.

Later, moving up the stack, the re-centralization around Facebook (and Google) allowed those sources to centralize power in identity management. Today, though, people increasingly only authenticate to Facebook or Google in order to authenticate to some 3rd party site. Eventually, competitors for auth will arrive (or already have ahem passkeys coughcough) and, as no one goes to Facebook anymore anyway, they'll lose grip on identity management.

It's an ebb and flow, but the fundamental capability for decentralization has existed in the technology behind the internet from the beginning. Adoption and acclimatization, however, is a much slower process.

You don't lose a day of sales, customers come back when the site is up again.

No the value was bypassing IT.

You no longer needed them to approve a new machine, you just spun it up how you want. Sped things up massively for a while.

> ...does it all add up to cost savings?

IMHO it adds, but only if you are big enough. Netflix level. At that level, you go and dine with Bezos and negotiate a massive discount. For anyone else, I’d genuinely love to see the numbers that prove otherwise.

> There's zero personal responsibility

Unfortunately, this seems to be the unspoken mantra of modern IT management. Nobody wants to be directly accountable for anything, yet everyone wants to have their fingerprints on everything. A paradox of collaboration without ownership.

Where I've worked and we've been in the cloud I've always promoted just running in one AZ, I run my own things in one Hetzner DC (hel1). I've done hybrid cloud as well and in that case we only have one AZ for the on-premise stuff anyways (plus offsite backup)

That one time when an AZ goes down and your infra successfully fails over to the other two isn't worth it for a lot of my scale companies, ops consultants seem to be chasing high cloud spend to justify their own high cost. I also factor in that I live in Sweden where most infrastructure outages are exceptionally rare.

Ofc it depends on what kind of company you are and what you're providing.