undefined | Better HN

0 pointscsande171y ago0 comments

If Cloudflare really is serious about this for R2, that's going to be difficult for them to communicate in a trustworthy way. Their other products (in particular their flagship DDOS mitigation service) definitely seem to operate on a "free, but if your site is large enough you'll get an email from salespeople threatening to disconnect you unless you pay $$$" basis, using the boilerplate "don't overburden our servers" clause in their ToS.

0 comments

8 comments · 3 top-level

normie30001y ago· 4 in thread

> don't overburden our servers

Does this effectively mean DDoS protection that's free until you actually use it?

Terr_1y ago

Speaking as a bystander, a more-charitable option might be: "DDoS protection is free for targets which fit a generic risk-profile and are targeted randomly or only for small-scale spite."

P.S.: In contrast, imagine a website dedicated to journalistic content about how {dictator} is a crook and a parasite that has made {country} weak and a joke to the rest of the world. If there's a regular nation-state level DDoS from nodes in {country}, Cloudflare might say: "Hey, uh, your situation is not normal anymore, and it's not exactly your fault be we are a business that needs to recoup costs..."

Aeolun1y ago

> Hey, uh, your situation is not normal anymore, and it's not exactly your fault be we are a business that needs to recoup costs...

In exactly none of the posts about these debacles did CloudFlare say anything of the sort. It’s always comic book villain levels of communication.

geodel1y ago

Thats basically for everything. Do you think home insurance will pay if you burn down house every year. Or car insurance if you trash it few times a year. I see DDOS protection as kind of insurance for event happening once in a while, if it happens all the time one definitely needs something more than a free service.

gjs47861y ago

Yeah, but they aren't the ones, presumably, who are DDOSing their own site.

Warning: Insurance is not going to pay if YOU burn down your home /// even a little bit ///!!!

1 more reply

jgrahamc1y ago· 1 in thread

"Unmetered Mitigation: DDoS Protection Without Limits"

https://blog.cloudflare.com/unmetered-mitigation/

"Cloudflare mitigates record-breaking 71 million request-per-second DDoS attack"

https://blog.cloudflare.com/cloudflare-mitigates-record-brea...

"Mitigating a 754 Million PPS DDoS Attack Automatically"

https://blog.cloudflare.com/mitigating-a-754-million-pps-ddo...

csande17OP1y ago

You've posted these links without much context, but yes, I do think Cloudflare does a pretty good job of backing up the specific claim that they'll absorb a large, random DDoS attack for you. (Although it doesn't seem like the attack in your last link could even have been attributed to any specific customer in the first place.)

Where things start to get shaky is if your site uses a lot of bandwidth for legitimate traffic, or otherwise uses the service in an unusual way. Personally I see it like an old shared hosting plan that will probably let you use some burst capacity if you get Slashdotted, but operates under a vague shared understanding that the service is only for "normal websites". (Which includes a lot of policies and content guidelines that only become problems if you show up on someone's "sort by usage descending" dashboard.)

I think publishing a specific amount of bandwidth that customers are allowed to consume would go a long way to putting R2 in the former category. Maybe that number is your maximum object size multiplied by your GET request limit, maybe it's your current total network capacity, maybe it's eight octillion zottabits per second.

gregoryl1y ago

That's cloudflares CTO.

j / k navigate · click thread line to collapse