The fact that all traffic is decrypted at their servers makes possible caching optimizations (what most users care about) and inject content,headers. This is the best example of the centralization of the internet.
Does anyone know what Cloudflare's response was regarding them treating Tor traffic suspiciously by putting up never ending captchas?
Trump's website throws a captcha every time I access it from Central America. This is for read only pages. I can only assume CF doesn't care too much and certainly doesn't educate customers very well.
Edit: I'll also admit I love CF as a customer. It makes things fast and easy. But it's concerning. Sorta like every time I use Google search.
Individual customers can set their security settings however they like. If you're seeing a CAPTCHA each and every time you connect to a site served by us (and are not coming from an IP with recent/excessive abuse) the site may have locked down their security settings to require this step.
I understand. But IIRC the defaults aren't so open. Plus I would expect that a site like the one for a presidential candidate would get at least a minor review and a "hey you don't need any 'security' settings here".
Jet.com had a similar issue. I'm pretty sure CF customers are not getting sufficient info/onboarding.
The default setting does not present a CAPTCHA each time. Or even most of the time.
Have you considered that presidential candidates may be subject to more malicious traffic than a typical site (and thus may considering adjusting their settings)?
> I'm pretty sure CF customers are not getting sufficient info/onboarding.
I can ensure you that Enterprise customers are assigned highly technical resources during onboarding that walk them through settings. Is there a specific suggestionyou'd like me to pass along?
Not insulting talented team CF has. The end result though is that viewing a static asset, a policy position, shouldn't be challenging residential users with a captcha. Whatever the cause, this behaviour is wrong. It's particularly noticeable as a ton of other static assets are served. So it's just switching the doc content for a captcha, while still returning all the images and styling.
Jet.com gad the same issue - captcha every time I erased cookies, despite having my own residential IP. Till I brought it to their attention. (Maybe coincidence.)
This mirrors my own experience as a low end user. Devs in Easter Europe would get challenged a lot until we went and whitelisted everyone.
As a former Cloudflare customer, I'm pretty sure they're getting plenty of onboarding if they take the time to really request it. I had one of the more pleasant vendor experiences with them, they happily invited us to their office, sat down and walked through the admin panel and all of the settings we could tune, describing them and providing recommended values or asking questions to figure out what the settings should be.
It's a matter of customers not bothering. You can only hold a customer's hand so closely.
Sure. But customers are not likely to realise the impact on users not in the US or otherwise "dangerous". I get captcha'd every time I clear cookies, to access static content. This is just wrong behaviour.
I highly doubt that CF customers understand. I cannot imagine them saying "yeah, I think requiring people to solve a puzzle before they read a text document seems reasonable".
I get the very real feeling, when using cloudflare-based sites over Tor, that I'm being tracked specifically by the captchas used. It's always the same two or three.
> caching optimizations (what most users care about)
Cloudflare does a really shitty job at that though, I've literally never seen them beat a reasonably configured nginx instance running on GCE or even OVH. (That is for a single instance serving both EU and US markets).
It's honestly baffling that anyone who isn't drowning in bandwidth bills would use them, but I guess antiviruses and PC optimizers are a big industry too.
eh it's a very cheap way to go around delivery speed problems - just know what the tradeoff are and you're golden.
using subdomains one can easily partition bulk traffic which needs caching from secure traffic that requires end to end encryption, and benefit from having a tenth of server hits
sure everyone can host his caches and be better off. but that cost money, and localizing traffic to reduce latency costs even more money. hard to beat free.
>sure everyone can host his caches and be better off. but that cost money, and localizing traffic to reduce latency costs even more money. hard to beat free.
My entire comment was about refuting this.
You don't need to host your own caches to be better off, you'll be better off by simply not having cloudflare in front of your server (even for transatlantic pageloads!).
Tangential, but how do you find OVH? Their hardware, bandwidth, uptime, customer service? I ask because of the conflicting reviews of OVH that a quick google search reveals.
I'm living next to France and in talking to local geeks the name kept coming up (OVH is a French company). I had been using DigitalOcean but needed more storage space so I tried Kimsufi and SoYouStart which are both OVH-related, and then I started A/B comparing performance of VPSs for OVH and DigitalOcean and saw that the VPSs at OVH were consistently out-performing the same size machines at DigitalOcean. So, I moved everything I plan to keep online for more than a month to OVH. OVH's dashboard for creating and managing machines used to be really horrid but it has improved recently.
I don't know what to make of the bad reviews you found, my personal experience has been great for several years now. Multiple products used, the occasional support ticket with quick response, and decent pricing.
I found OVH's offer to be very good on every point, except customer service. I'm mostly using Kimsufi dedicated servers, and let's just say that when shit goes wrong, you're left alone in the dark.
Anecdote: I had my dedicated server suddenly go down because it overheated. Wouldn't come back to life. Two days after submitting a ticket and getting no input, the machine suddenly came back up without any explanation. A day later, I got a mail saying the motherboard was broken and got replaced. Overall it was a very unpleasant experience, but it's to be expected given the low price of Kimsufi.
I'm surprised people think it's acceptable to be 2 days in the dark just because it's cheaper.
Even really low end companies like nocix (former datashack), 1&1, etc. will reply to your tickets in a few minutes.
It's good to know that this stuff happens with OVH. I'll make sure to stay far from them.
It's up to you to chose the product that fits your needs.
Slow support is part of the deal. And do your own backups because they may switch the disks any time if they detect that something is wrong with it.
This thing happens with Kimsufi servers, a side brand of OVH for cheap dedicated servers. The real OVH servers are more expensive, but you get all the bells and whisles that come with a professional server hosting offer.
Kimsufi is a completely different service to OVH's, even though they are owned by the same company, so you can't really compare the two. Kimsufi is dirt cheap and has a reputation for terrible support.
This is a marketing strategy. Kimsufi are for people to try out dedicated server hosting. It provides a low entry barrier. When used to it, people switch to real server once their need develop.
This is because kimsufi are the cheapest dedicated server of OVH. They do provide support but its delayed and restricted to hardware issues. These servers are intendent for playing around and testing, hence the low price. The offer is also minimal. I use it for some toy web site hosting and mail hosting. It's good for boostraping.
At work we're using OVH for our production, we've been with them for several years. The key point is that the price-performance ratio is very difficult to beat, and it offsets the problems we've had.
We've had very few hardware-related issues, a disk failing or a motherboard to be replaced. In all of those cases, the component were swapped promptly and we've been kept informed of the progress.
Where we're unhappy is with the network, especially with their vRack offering. Looking back at our production incidents of the past 6 months, about 50% of them were caused by some vRack problem where at the same time the public interfaces were up and running just fine.
We're generally happy with customer service, but we pay for VIP support and we speak French to OVH's support agents (I believe that the latter helps a lot).
There's the option for free plans: Basic DDOS protection with the following blurb:
Built-in security measures automatically protect your website against DDoS attacks. CloudFlare's service allows your legitimate traffic to reach your website, while stopping illegitimate traffic at the edge, before it hits your server.
So Cloudflare promises least a minimal protection for free plans.
As for Siege, I assume Cloudflare is optimized to protect from botnets. A single machine running Siege is not a realistic test case. Perhaps it also depends whether your website is mostly static, then Cloudflare can do a lot of caching.
That page argues against your point, even the basic plan does quite a bit to fend of DDOS. In particular, the most common and effective type of DDOS, which is volumetric and based on reflected UDP traffic, is defended against, even on their free tier.
Using a tool like Siege to bring a site behind Cloudflare down doesn't mean it's not protected. A layer 7 attack against a site which can't handle incoming HTTP requests is still possible. Cloudflare, or any other service, can't magically make a site scale.
> That page argues against your point, even the basic plan does quite a bit to fend of DDOS. In particular, the most common and effective type of DDOS, which is volumetric and based on reflected UDP traffic, is defended against, even on their free tier.
Maybe I'm missing something here, where does it mention that the free plan protects against UDP floods?
> Using a tool like Siege to bring a site behind Cloudflare down doesn't mean it's not protected. A layer 7 attack against a site which can't handle incoming HTTP requests is still possible.
Flooding a site using Siege from a single IP falls under the layer 7 attack (correct me if I'm wrong), which is protected against in the Business plan.
> Cloudflare, or any other service, can't magically make a site scale.
Where did I mention that I expect Cloudflare to magically scale a site? A POST or GET flood falls under layer 7 protection, which Cloudflare offers in paid plans.
If it was not clear, the point was that layer 7 protection is offered in the paid plans(Business and Enterprise), but not in the free plan.
> I wish having an advanced degree was a criteria here. A few years ago, I noticed that Britain would give a blanket visa to anyone with an MBA from a list of top international schools.
Care to explain the reasoning? It seems shortsighted to limit this proposal to people with advanced degrees, and why only from the top 50 schools in the world? How does this make sense in the context of startups?
> That said, the proposed rule might mean if one gets into YC/techstars, etc. they would be able to get a visa for the US easily.
The article mentions that this is not a visa, but parole. And with the requirement of $345K in funding, getting into YC/Techstars would not be sufficient. Startups would need to raise additional money, unless they receive $100k from the Government.
I make a value judgement that the economy needs startups that work on deep, meaningful technologies. While they are certainly instances where people without advanced education are able to innovate in deep technology disciplines, there are many cases where education is the key barrier to entry. If someone spent a decade getting specialized education in an area like FPGA, MEMS design, etc. I do think they should have an easier path into the country than someone with no specialized education. Canada is trying the "we'll give you a visa if your startup is funded by recognized investors". I think that stops people who have bootstrapped ventures or funding from their own savings/family savings. I'm also not saying advanced education is THE requirement. I'm saying, it should be one of the possible options. That's just my opinion :)
With convertible notes that are sometimes given to member companies of distinguished seed funds, I think getting to 345K isn't a stretch.
> I wouldn't worry too much about what's being said or not said on HN. There are great ideas and topics to be covered here for sure, but they're sprinkled on top of a giant cake made with 1-part self-loathing, 2-parts day-dreaming, and 1-part regular huff-and-puffing.
I don't understand your argument regarding why you would not pay much attention to what is being said on HN. Could you explain?
Probably because there is a noisy minority who voice dogmatic opinions without understanding the constraints of the problem at hand. They are lilliputians, spouting wonderful ideas that collapse in the face of deadlines and budgets. For those of us that have to live in reality, they can be very annoying and disheartening, so it's essential to take their opinions with a fistful of salt.
Interesting interview, but I felt Sam could have asked more probing questions (for the lack of a better phrase) and I don't mean the controversies from the early days of Facebook.
What was the thinking behind acquiring WhatsApp for such a large amount of money and how will they monetize the platform? How is WhatsApp going to be an important part of the future?
Facebook's mission is to connect the world, but in the case of Free Basics, they violated net neutrality principles which is clearly not in the best interest of the users.
Mark Zuckerberg also mentions that he finds it frustrating that people talk about AI turning against humanity, which is one of the things that Elon Musk, Sam and OpenAI are trying to educate the population about. Maybe a discussion about that could have been included in the interview.
If any of the mods are reading this, maybe there could be some way that future interviews can include questions from HN? We could have a discussion about the questions that the HN community wants to ask, and the mods can pick out the questions that generate the most interest from the community?
Seems like a lot of those questions and deeper probing were off the table before the interview even started. Considering Sam Altman was doing the interview and the content was geared towards ycombinator, it was very startup focused.
The money being invested by new investors is being exchanged for shares of the company. Rather than creating new shares, at least some of these shares are likely coming from existing investors who bought them at a lower price at an earlier time.
I'm not sure thats entirely true typically a late round of funding will be some combination of folks taking money off the table and new stock.
There's nothing very "typical" about a 850M raise at 30B. But Groupon infamously raised "Like, A Billion Dollars" of which only about 15% went into the company.
Looking at the title, I was expecting them to share the juicy details of how they handled the huge amount of traffic, the hacking attempts and the engineering problems they are facing. Instead I was met with some sort of PR attempt to explain the downtime.
The point of any game is enjoyment. I found Pokemon Go much more enjoyable with the aid of Pokevision than I do without, since at least then I could find interesting pokemon. Since the last update, I chose to stop playing entirely. It's just not very fun.
The tools gained so much popularity because the in-game tracker stopped working. That was part of why players were upset with killing the third party tools too. There was then no way to track pokemon at all.
I mean, if you reverse engineer an api for "where is pokemon X", you may as well just reverse engineer your GPS device for "where am I standing" to move your in game character to right where the pokemon is.
Then you can do a for loop and catch all the pokemon in 30 seconds.
Actually catching the pokemon is a 0 skill item. Its literally dragging your finger across the screen.
The entire game is the exploring the real world part.
Depends on how you look at the game. The point of the game for users is to catch pokemon. The point of the game for Niantic is to have users wander around, so they can make money via sponsored locations.
The reason piracy is so popular is because it is free and because it's incredibly convenient, in that order.
The convenience factor is basically, if you want some content (movie, game) it's a simple search and download away (streaming torrents seem to be gaining traction). No legal alternative offers this level of convenience.
I suspect piracy will become harder for the average user due to three letter agencies making life harder for pirates, but it won't stop the determined ones.
Speaking of determined torrenters, Peter Sunde, the founder of TPB had something interesting to say about torrent aggregators being shut down [1]. The idea is that even though downloading torrents itself is p2p, finding the magnet links is still centralized and that is an area that needs to be decentralized.
It's much, much more than that. It's the only way to get an acceptable product.
I have ALSO pirated everything I ever bought until very recently.
DVDs included region forcing, and forced, unskippable adverts and copyright notices. Netflix, .mkvs and .mp4s just have the programme and titles.
Usually someone, somewhere, has put effort into making a good quality rip saving me the time doing so, along with synchronised and corrected subtitles.
For games, the major studios still feel annoying and restrictive copy protection is the way to go. I don't want a £30 game that requires me juggling collections of plastic disks, or an always on net connection to a licensing server they may turn off in a year or two anyway. So the noCD, no licensing server release is a necessary download for me. I tend to mostly buy GOG and independent studios putting out DRM free things these days. EU IV being about the only exception I can think of in the last 2 years.
I'm not a fan of being data mined on how often and how far I read ebooks, listen to audiobooks. So first thing on buying a new ebook from Amazon is rip the protection to read it on my non-amazon reader. First thing to do with an audible book is convert to mp3. If either of those became unfeasible or impossible I would stop buying.
Finally for music, we've had attempts with copy protections and Sony rootkits, but mostly my music collection is complete and they gave up on silly DRM attempts. I only need to rip new stuff that's not available in FLAC.
> I have ALSO pirated everything I ever bought until very recently.
Pirating helps to sell their products, think of it as free advertisement, this is the thing movie studios, music producers and book publishers don't understand. I know folks that for each pirated book they keep buy a physical one, also friends that pirated some movie and by a word of mouth advertise to go and see it in the cinemas, music to buy and go to the concerts etc. If you can't see the product how would you know if it's worth buying? Therefore someone who pirates would never pay anyway and chasing them would make you less money not more!
The legal alternatives just don't have the content I'd like to see. The Netflix catalog for example contains maybe one out of ten movies I'm looking for, whereas it is easy to find even obscure movies using torrents. If you like older or less popular movies you're generally out of luck. At best you can find a DVD, but that won't work for movies that weren't even released in your region.
I don't understand why it is so hard for the studios to offer their whole catalog online and let me download a movie for a buck or two. Add the possibility for user-submitted subtitles and you have an excellent competitor to piracy.
Torrent sites have huge advantage over streaming services is that they can distribute all content.
If streaming services had everything, people would pick one based on price and quality of the actual streaming gladly pay more than current prices are. There is no change in hell that customers pay for Netflix, Hulu, HBO, and Amazon at the same time.
There is obvious business solution for this. Content producers should provide their shows and movies for all streaming services for same price. Streaming services would just exist to stream data and distribute payments from customers.
Current business model of streaming is working against "the internet" and torrents are way to get around it.
No idea if that is true or how many people are putting that much money for contents on monthly basis. Compared to the streaming services this is quite much and with that money you could get a monthly subscription to several services.
Convenience is definitely a factor. We pay for cable TV, Netflix, HBO, and Amazon Prime (with video). I recently bought a nice big TV for my basement den and while it has Netflix and Amazon apps built-in, Comcast blocks you from authorizing the AndroidTV HBOGo app so I need to cast from my phone to watch that. And for cable shows, I'd need to rent another shitty cable box that doesn't work worth a damn anyway.
So instead if it's not on Netflix or Amazon (god their TV app just got even worse) I often just fire up the VPN and stream a torrent. I've paid for the shows but I just don't want to rent another cable box or deal with casting from mobile. Programs like Popcorn Time are great in that you can bookmark your favorite shows, see which episodes you've already watched, search for new shows from a Netflix-type interface, and watch in 720 or 1080 on demand.
If there was a legit option like this from Comcast (heh, that'll be the day) I'd gladly pay double what you pay to rent a cable box. It's really just that simple and it works much better than any Comcast gear despite being a hacky program with several forks and questionable approach.
I don't hold any illusions about my entitled attitude. I understand that my convenience and preferences don't get to dictate the business policies of content creators and distributors and I know that just because I pay for stuff doesn't mean it's legal to violate copyright in this manner...
...but I don't feel that what I'm doing is particularly immoral even if not particularly legal. At some point I just take stock of how I do things and keep an eye out for better ways to do them. If I can find a way to improve my spare time and how I spend it, I don't mind finding my own ways to do so.
I'd say the opposite with regards to convenience, but maybe I've been away from the scene for a few years now
Nowadays it seems more of a hassle to pirate content, especially here in the UK with torrent sites getting blocked by ISPs (necessitating a need for VPNs or proxy services) along with having to constantly find new sources for torrents as authorities crack down on sites like KickAssTorrents.
I find it easier to just subscribe to Netflix and Spotify, but maybe I have more disposable income now that it doesn't bother me.
I used to have a Spotify subscription. Then I moved out of Sweden and lost half my playlists. Never subscribed again.
I never had a Netflix subscription because I don't have a good enough connection to stream high quality videos - Additionally, I rewatch some series a lot. It's simply more convenient to have them on my hard drive.
The US gov is running around the internet policing copyright for very specific companies, acting like they're doing the world a favour. Calling everybody thieves. Threatening people with fines and prison. "You can just pay for a Netflix/Spotify subscription"... well, no, not everywhere and it's certainly not as convenient for everyone.
Sidenote: Spotify's content bootstrapping was a dump of music from TPB. If it weren't for piracy, we wouldn't have spotify. The system is broken.
You would think music, film, and games would be comparable, but I find that these fall into distinct categories for me.
I am totally okay with paying a monthly flat fee for films and series (mostly watch once and be done with it).
I am also okay with paying once for a game and not keeping the downloaded files around after I finish it. Rather, I let Steam or the HumbleStore handle that, and if these go belly-up one day, I don't feel like I've lost much; the value I get in hours of entertainment is in balance with what I spend there, and I am okay with the limited risk of losing access to some games.
For music on the other hand, I absolutely want the files on my hard disk. Music is replayed over and over, and losing access to what is essentially the soundtrack of your life is something I would like to avoid. I'd love a service that allows me to download, say, up to 8 hours of music (any genre, in an open lossless format) a month from a universal catalogue for a reasonable flat fee (like Netflix), but this simply doesn't exist. It is either streaming or paying way more than I find reasonable.
Interestingly, for games the existence of reliable, affordable legal channels for digital delivery means that I have not felt the urge to illegally download any game at all for over a decade, and the same seems to hold true for many colleagues and friends. People are totally fine with downloading films, series, and music for a variety or reasons, but why bother with games? The money you pay, say, Steam or the HumbleStore seems to flow back to the developers in a fairly fair fashion, there are good deals to be had, and it is all very convenient — for games it just seems like a solved problem.
Games are essentially solved as far as consumption goes. There's still some fuckery going on with DRM in some companies, but that's the minority.
However, they aren't solved when it comes to archival. It's getting constantly worse with the rise of online-only games with closed source, undistributed servers. A subject for another day, though.
Fair point. The archival question is complex because of the inherent difficulty in keeping old software running on modern operating systems. At some point it doesn't pay to keep supporting newer operating systems even if you still have sales; only for the really popular titles. Perhaps containers would work?
Yeah, emulation or containerization works nicely for old games. However, newer games have server components which are required to run the game and/or have any content. When the money runs out, the servers get shut down and usually aren't redistributed. This isn't a problem torrents can solve, unfortunately.
> When the money runs out, the servers get shut down and usually aren't redistributed. This isn't a problem torrents can solve, unfortunately.
IIRC, the cracks for the old always-online UPlay DRM basically contained a MVP implementation of their servers.
And of course, you have MMORPG "emulators", but those take a lot of effort, only come out for ridiculously popular and lasting games, and end up rewriting most of the game logic based on speculation. So the end result is more like Minetest vs Minecraft than cracked Assassin's Creed vs legit Assassin's Creed.
Sidenote2: Hollywood got started because of a move from NYC to get around having to pay licenses to Edison. Hollywood exists because they wanted to infringe the protections without paying.
Hmm ...this is really interesting, I didn't know about 'Hollywood built on piracy' story at all. I did some research and found this interesting comment in one of the articles, which does seem to make sense.
"The proponents of this myth seem to want to suggest an analogy: Hollywood was built by “outlaws”; now Hollywood has become the incumbent, seeking to stop the next generation of “outlaws”. But this is a false equivalence. The Pirate Bay (or Megaupload, etc.) isn’t producing its own movies. Recognizing exclusive rights to a creative work doesn’t prohibit anyone from creating their own works. Stopping someone from offering copies, especially complete, verbatim copies, of a work is not anti-competitive."
That's some impressive variation from how I remember reading it, though you'll note I said licensing not piracy. If memory serves it was equipment licensing that was the issue - rental of cameras, projectors and such.
I don't know enough of the period to know who's right, but looking at the about page tells me all I need to know about the independence of view: "... representing creators across the spectrum of copyright disciplines. He represents the Copyright Alliance in all copyright and related policy issues in a variety of forums". So choose your preferred flavour of spin?
It's well known Edison was an evil bastard for instance. You've only to read a little, especially on Tesla, to realise that. So there's little doubt that moving to Hollywood and escaping Edison's thugs was a good thing. The fact remains he had the movie industry of the time tied up with patents. I think it was actually Edison who pirated a movie, and ended up putting someone out of business in the process.
I am not aware of any write-up, but I was an early beta user and can confirm that you could enter names of release groups into the search field and get hits back then.
Initially I believed in streaming my music, but when they went public I lost half my playlists and has gone back to "files on disk" ever since. It is remarkable how difficult it is to pay for music, I wish we would see more sites like Bandcamp.
It can be free but not that convenient. Pirated content needs to be checked to make sure it's not fake nor malicious, not to mention the technical downsides of the torrent protocol (large bandwidth consumption, insecure, easy to block, slow speed on non port-forwarding routers etc)
It's much easier to buy and download games on Steam or watch movies on Netflix nowadays.
For movies you can find on Netflix that's absolutely true. The difference is that effectively anything can be found via torrent or nzb, while the catalog of any single paid provider, even netflix, is relatively limited. You might get reasonable coverage (although still not as complete) by combining a number of subscription services, but the 'ease' advantage quickly disappears.
I would happily pay a significant multiplier on what I pay for Netflix in order to legally stream any reasonably popular movie released within the past few years, plus a decent selection of older ones. IE, roughly what you would find at your average Blockbuster 10 years ago. (A similar selection of TV shows would be nice too.) Things may be improving, but they're definitely not there yet.
In this thread why are the rental options like iTunes not being discussed? Those distribution channels have the convenience of streaming, and a deep catalog. Is it because everyone wants all the movies for $10/mth or less rather than $5 a show?
Yeh, iTunes and similar options have a pretty good selection, in both SD and HD. It doesn't suffer from the same pains that DVDs had (ie. no advertisements before the movie starts). It is more convenient than torrenting.
So, it strikes me as odd that people here only consider pre-pay streaming options and ignore other viable options as they rant about their rationalization for torrents.
I checked last 10 movies I saw. 2 aren't available on Netfilx at all. Of remaining 6 aren't even available in US. None is available in my country. I think I'll stick to torrents.
Does anyone know what Cloudflare's response was regarding them treating Tor traffic suspiciously by putting up never ending captchas?