Cloudflare sneezed. The internet caught a cold

Hopefully it will be cleared up soon, but as I type this tons of sites ate down because of something wrong at Cloudflare. A couple of unrelated sites I follow showed “500 Internal Server Error”, I guessed it might be Cloudflare and tried a couple of more that I knew used them, and they were down, too. Looks like lots of reports of the same thing on Twitter in the past few minutes.

There are more eggs in fewer baskets than you realize until one of them drops.

One Tweet lists some of the things that are down:

2K Games
League of Legends
Minecraft
Steam
Amazon Web Services
Discord
DoorDash
Gitlab
Shopify
Skype
UPS
Cloudflare
DigitalOcean
Udemy
Coinbase
Valorant
Crunchyroll
Patreon
Legends of Runeterra
Americas Cardroom
eToro
Betfair

damn …people are gonna be pissed tomorrow

It amazes me how angry people get when one of their beloved apps goes down due to a technical glitch. It’s happened to me before. Your apps have been running flawlessly for years and years, and nobody expects them to ever go down for any reason. They even get mad when there’s a maintenance outage. These software programs run on computers over networks. There are a lot of places where things can go wrong, but they rarely do. Some motherboard or memory board on some server somewhere went kapoof. Someone has to figure out which machine it was and hope there’s a spare board in the closet. Take a deep breath and pour yourself a glass of wine. It will be fixed as soon as someone figures out how to fix it. Stop expecting things to work perfectly all the time, forever.

Apparently;y it was fixed quick enough that most of the world didn’t notice , otherwise the 3 news spots I frequent would be exploded with the news …

Only reason I noticed it was I was chatting with a guildie in ESO when something she was babysitting went down because of it.

WTF is the deal with cloudflare anyways - does it really work or is it yet another fake security hoop to jump through to make people think the internet is safe?

[I have never believed I was safe on the net - too easy to screw with computers, the only computer that won’t get hit is one never connected to the net and no new programs are ever added to it.

It isn’t a service to protect the end user, it is a service to protect the websites.

Patreon has been incredibly spotty for me all day.

Well, they should make it seamless so we never have to sit there with a 5+ second waiting screen [and on some programs on kindle it refuses to work]

Making it seemless would defeat the purpose. Those warnings only occur when the site is being overrun (likely for nefarious reasons). The goal is to slow everyone down so the site can cope. And it’s better to show something rather than make people think the connection is broken.

When not facing those problems, Cloudflare (or other DDOS protections) generally are seamless.

That is something similar to the “click here if you aren’t a robot” dialogue or the “identify all images of 1984 Nash Ramblers” grids. It is there for the site’s protection. In this case, to make sure you are a real user and not part of a DDoS attack. It is a “this is why we can’t have nice things” issue.

then whyforhowcome every time I hit up fanfiction net no matter what time of day or day of the week I get the cloudflare thing, yet I have never gotten it anywhere else? I get it on my laptop, my tablet and my phone.

BigT is mistaken about that. It is a feature that can be turned on or off for any Cloudflare customer, and is on all the time. For sites I’m familiar with, it shows up only once a visit.

TIL that they call it a “javascript challenge”.

https://www.namehero.com/startup/forget-blocking-a-cloudflare-js-challenge-is-the-best/

I’ve never seen it on all the time on any site. It always just shows up when that site mentions having DDOS trouble, either on the site itself or on Twitter.

I just went to fanfiction.net in a guest profile (so no cookies, log ins, etc). I’ve not been there in years, and never on this computer or ISP. Yet the page loaded immediately. So it doesn’t seem to actually be on all the time.

Or, if it is, it doesn’t show the delay all the time. That’s how I always assumed it worked: it would show the delay only when necessary, when it thought you might be a bot. But I guess maybe they just turn it on manually when they have trouble, or have some bot set up to turn it on when necessary.

I could see using it instead of captcha on some sites, where a slow load isn’t a big deal. But only showing up once per session would seem to make it not very effective for that. Wait for it once with a human, then use the bot from then on. Surely it at least also rate limits the connections.

Still, Google proves that bots can just run Chrome like anyone else, so I would expect them to start doing that to get around this. The rate limiting would be the better aspect. Make the bots slow enough that you can catch them before they do much damage.

And yet they exist.

And that post didn’t say they don’t. It was an explanation for my mistake.

That said, the one example that someone mention doesn’t seem to be one of them. I would invite an actual example of a site where it is always on. Because, as I said, I’ve never seen one.

Sites I’m thinking of off the top of my head are on-line comic and manga reading sites that mods would probably delete. I’ll DM.

And yet I found nd your link didn’t have it either. I got no abimation and got straight to the main page. It must be something weird in my setup. Maybe they have it on for certain IP addresses is something.

I didn’t say anything about getting to the main page, I said go to that link and do a search. When you do, it (always, for me) shows a customized Cloudflare javascript challenge before taking me to the search results.