Cloudflare is slow and Cloudflare can’t do much about it
hiranyey.dev“Cloudflare is slow [in India] and Cloudflare [probably] can’t do much about it [but I don’t know because I’m not paying for support]” would be a more accurate title, although it’s far too snarky.
“Cloudflare is slow because of an Indian ISP” or “Cloudflare is slow in India and Cloudflare can’t do much about it” would both still be improvements.
"Cloudflare is slow in India and Cloudflare can’t do much about it because certain parties are unwilling to bear the cost of the necessary changes"
Would be the most accurate.
So likely what happened is India just blocked one ISP because a website they wanted to block resolved to it, without bothering to check what the IP was or who it belonged to.
I remember Australia making similar mistakes when their list of sites to block got leaked, and it included URL's which were specific to logged in users (so it would have blocked that users login as opposed to the site).
Misleading title as it lacks context.
It could be argued that the title is just plain wrong - this doesn't seem to be a problem with cloudflare as the title would imply, it is an issue caused by the user's ISP and other ISPs in their country blocking certain IP addresses for some reason or another.
I think it's accurate. The first Cloudflare refers to the product, and the second Cloudflare refers to the company.
Ultimately if Cloudflare's customers see slow performance, it doesn't really matter who is to blame. The customers just have a bad experience.
Well, this is tantamount to saying "X Server is Slow"—when accessed from Japan, when your server is in a datacenter in North America. I know we're talking India here, but it's a personal experience, my server wasn't slow, but felt like it in Japan. There is a specific context that yielded this result, and that's important to actually having a meaningful story that isn't just clickbait for a blog on HN.
In this particular scenario, CloudFlare isn't slow, but their experience of accessing it under the context of x circumstance is.
How is it accurate? Who's to say that Cloudflare can't do much about it?
But it does matter who is to blame. Cloudflare's service works as intended. The only problem is with incompetent oppressive governments, which is not something they can account for, not should they be expected to.
From India, and cloudflare to my website resolves to the same ip block. The 172.67.198.x is very much reachable. In fact I can ping and access the exact ip in the article. Not sure what the OP's problem was, but it does not seem to be cloudflare or a govt block.
Edit: Link to screenshots: https://imgur.com/a/d7zLuCP
Russia has blocked Cloudflare before too. You can see it in the issues for jsDelivr (which apparently handles a lot of traffic for TASS, since they use the CDN and browsers don't share caches for privacy reasons). https://github.com/jsdelivr/jsdelivr/issues/762 https://news.ycombinator.com/item?id=24894135 https://learningjquery.com/2012/01/why-to-use-google-hosted-...
India is blocking a bunch of the IPs.
Here's a new acronym for us: "Problem Exists Between User And Internet; PEBUI.
This is definitely the next 5 years+ of computing. More and more nations making more and more wild ass decisions about the internet & users ending up disconnected. PEBUI.
It was a completely foreseeable result of a very small minority's war on internet standards. First forcing everyone to use TLS, and then forcing everyone to use stronger forms of TLS that couldn't be inspected. Absolutely no fucks given about the many downsides, no alternatives considered.
What did they think countries were gonna do? Just give up governing? Did they really think a web browser was going to defeat an entire nation state's domestic and foreign policy?
Rather than allow the user to determine their own level of security and privacy, they forced the user to choose the strongest method, which of course forced governments to use more extreme measures to fulfill their legislative requirements. Rather than just spying on users or filter their traffic, now they outright just block the internet. Thanks internet standards paternalists! Having no internet is so much better than internet without privacy.
> result of a very small minority's war [...] forcing everyone to use TLS
You are seriously suggesting that the move to TLS was a bad thing? Before the era of TLS, I, as a child, could see everyone's private information on any network I was on.
> user to determine their own level of security and privacy
Because your average person can be trusted to understand the nuances of cybersecurity? Get real! The average software engineer would struggle with these settings.
> Thanks internet standards paternalists! Having no internet is so much better than internet without privacy.
You're saying this sarcastically but it's absolutely true. If the government blocks a service because they can't use it to spy, citizens get angry at their government. Working as intended.
I mean, the real end-state of network security design is to force governments into a situation where they only have two options: let through everything, or completely block the entire Internet. At which point said government can’t pretend to outside observers that it’s actually offering anything called “the Internet” to those people, and has to admit that it is instead some kind of North Korea-like totalitarian state where only an elite class of proven patriots can be trusted to access the outside world. So then those outside observers can get mad, impose sanctions, etc.
Without TLS, blocking is unneeded yes, because they can just rewrite what you would read, make individual news articles disappear, etc. With TLS, you are near-explicitly informed that the people between you and your information source want to be involved in your access to knowledge.
Rather be clueless than have a mind full of lies, no?
> which of course forced governments to use more extreme measures to fulfill their legislative requirements
fuck this
> First forcing everyone to use TLS, and then forcing everyone to use stronger forms of TLS that couldn't be inspected. Absolutely no fucks given about the many downsides, no alternatives considered.
Absolutely. Forcing strong TLS is absolutely a good thing. Enforcing privacy is absolutely a good thing.
The problem isn't with that decision, but the governments who don't understand that, and thus it is up to the citizens to change that.
That's like saying we should just end world hunger. Yeah, we should. But is it gonna happen? No. So giving people food aid is better than just saying all hunger should just disappear.
Word hunger is outside of most peoples control. But overthrowing a local government is directly within the population's control.
> Rather than allow the user to determine their own level of security
You're proposing we let users "opt" into insecurity. And it doesn't seem like anything user's want: it seems like what governments what to coral their citizens into.
Further, I'm not sure what viable insecure plans we have that make sense; what has been on offer that we ought have considered?
It's just getting messy now, and who knows what's next, but I have a hard time seeing insecurity as going well for governments. I don't think they have the iron will to deny their citizens internet access, which is their only real power.
Right way
India is well known for blocking CDNs IPs for a variety of reasons (don't like the content, or because you can VPN on top of them).
I've seen some CDNs who don't use anycast and rely primarily on DNS to cycle thru the IP pools vended in India because the government is slow to add new addresses to block and they maintain a cool down period before reintroducing them.
The shitty part is that the entity in India issuing this never reaches out to the CDNs to communicate exactly what they object to.
I don't have much to add about the title except to suggest taking it with a hint of skepticism. Personally, I have a strong affinity for Cloudflare. It has consistently come to my rescue on numerous occasions. I haven't encountered any issues with speed while using their services. It's possible that my fast ISP plays a role, or perhaps the original poster needs to optimize their CF services. However, I believe it's unfair to make a straightforward claim that "They are slow" without considering potential biases. The performance of the services will always vary, and ultimately, the maximum output will depend on the specifics (end point?)
I stopped using their caching because they literally won't stop caching the old version of my site. It's just a Google Pages site and I have no idea how to get them to refresh their cache. But a year later they still return the old page. Just using DNS pass through rather than caching and the site works fine.
They have a "Purge Cache" [1] button on their UI (and there is also an API endpoint).
[1] https://developers.cloudflare.com/cache/how-to/purge-cache/
This is not accurate ay all. A problem with ISPs blocking IP addresses is not a Cloudflare problem.
If only China have access to HN, we will get this kind of posts every second
Not just a problem in india, happens in some european countries as well.
Title seems a bit unfair. Tl;dr: cloudflare is slow due to gov censorship in india
Even that's unfair. Not like every Indian ISP was tested.
Doesn't get faster than cloudflare https://www.dnsperf.com/
Except Cloudflare is irrelevant for people running their own little sites on VPSes, and can make it worse, as the article demonstrates.
Any idea why DigitalOcean is so good?
It uses Cloudflare.
DigitalOcean has issues similar to Cloudflare. Read the end section of https://freesoftware.life/how-using-cloudflare-free-plan-des...
I agree with article's title that Cloudflare is slow but I don't agree that Cloudflare can't do much about it. For instance, putting efforts to remove bots and malicious actors from using its platform is one thing, Cloudflare can do with more seriousness.
Cloudflare turned out to be a big mistake for us. Read our experience:
https://freesoftware.life/how-to-speed-up-your-wordpress-web...
https://freesoftware.life/how-using-cloudflare-free-plan-des...