Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
dymk 6 hours ago

That’s like saying you should buy car insurance after you wreck your car

alwa 6 hours ago | parent | next [-]

How? Isn’t it more like the difference between carrying an umbrella every day and ducking into the corner shop to buy one when you notice it’s raining?

Johnny555 42 minutes ago | parent [-]

That's a good analogy since the corner shop is going to be sold out of their small stock of umbrellas during the rain storm so you won't be able to buy one until the rainstorm is over but at least you'll have protection for the next storm. If staying dry is important to you, you should buy the umbrella before the rain.

nmz 19 minutes ago | parent [-]

Not if you live in a desert, which most blogs do.

Johnny555 10 minutes ago | parent [-]

That continues the analogy -- it doesn't rain often in the desert, but almost all deserts receive rain. And since it rains so rarely, you're certainly not going to find an umbrella during the rainstorm.

So again, if staying dry in the rain is important to you, buy an umbrella before the rain, if you don't care about getting wet from time to time, then no need for the umbrella.

While the personal blog owner may not care about DDoS related downtime, he may face extra usage charges due to higher bandwidth, CPU usage, etc that he'd like to avoid.

variadix 6 hours ago | parent | prev | next [-]

Depends on the distribution of accidents and the distribution of costs. If P(ddos) * Cost(ddos) < P(no ddos) * P(cloudflare outage) * Cost(cloudflare outage) then you would be better off not using Cloudflare.

This is not considering other issues with Cloudflare, like them MITM the entire internet and effectively being an unregulated internet gatekeeper.

hypeatei 6 hours ago | parent | prev | next [-]

Unless your server literally starts on fire because of DDoS, no it isn't. Your things will be just fine after an attack, it isn't that serious.

OkayPhysicist 3 hours ago | parent | prev | next [-]

Insurance protects you from big expenses. What's the big expense here? Oh, my site's down for a bit.

grayhatter 5 hours ago | parent | prev | next [-]

Sounds reasonable if the car insurance could magically and near instantly fix your car, undo all the property damage and no one could get injured.

Insurance for physical things is different for services, they don't map as an analogy. A better one would be, Because you buy a new car every hour, it's like buying insurance for every car after someone steals your 700th car. That prevents your car from getting stolen.

thfuran 6 hours ago | parent | prev | next [-]

But you can just download a new car.

phyzome 5 hours ago | parent | prev | next [-]

My site being down for a couple days is not an unacceptably large loss, unlike an uninsured car being wrecked.

It also isn't a good analogy because insurance doesn't apply retroactively to wrecks that happened before start of term, and is event-based rather than providing continuous value.

Johnny555 37 minutes ago | parent [-]

I thought that's why it's a good analogy - DDoS protection doesn't apply retroactively to prior attacks (or even current attacks, it's hard to apply DDoS protection while your site is down due to DDoS). If you want protection from DDoS, you need it before the DDoS. If you want to insure your car in case of accident, you need to insure it before the accident.

5 hours ago | parent | prev | next [-]
[deleted]
shortrounddev2 6 hours ago | parent | prev | next [-]

No its like saying you should buy a new battery after your battery dies. Yeah, its nice to have a spare battery around i guess but its not like your battery dying will significantly ruin your finances

c22 6 hours ago | parent [-]

It's more like buying the plug-in version after the battery dies...

You already experienced the downtime, so if not having downtime was a goal you already failed. If avoiding downtime is not important then there's no reason to add anti-downtime capability to your system. The most charitable modeling of this approach is that the downtime incident may prompt one to realize that avoiding downtime actually is an important property for their system to possess.

Dylan16807 2 hours ago | parent [-]

The actual charitable model is that you expect close to zero attacks, but if you actually get hit your expected rate of future attacks goes up by an order of magnitude or two. And it's that change in expectations that gets you to buy protection.

You don't care about going down once, you do care about frequent outages. And you know this from the start, you don't realize it later.

unethical_ban 6 hours ago | parent | prev | next [-]

That's like saying my personal blog going down is as impactful to my health and finances as getting into an automobile accident.

Assume a "personal" blog or site is not making money for the owner, and they have backups of the site to restore if the VM gets wiped or defaced. Why spend money on DDoS protection if it is unlikely to ever occur, much less affect someone monetarily?

jimmydorry 5 hours ago | parent [-]

Depending on the host, you may get charged a big bill for traffic. If you're hosting at home, your ISP may blackhole all traffic to your residence (affecting your day job and being a nightmare). When it comes to DDoS, most providers are quick to blackhole, and slow to unfreeze, without getting the run around.

iso1631 5 hours ago | parent | prev [-]

It's like saying you should buy volcano insurance after you get hit by a volcano