home tags events about login
one honk maybe more

dentangle@chaos.soci.. posted 13 Aug 2024 11:56 +0000

A hosting company that hides its own website behind the skirts of Cloudflare does not inspire confidence.

bert_hubert@fosstodo.. reposted 13 Aug 2024 17:23 +0000
original: dentangle@chaos.social

Ok. So out of the 101 European hosting companies I looked at today who claim to provide a BGP feed, only 13 meet the following basic competence criteria:

- IPv6 (on their website and MX)
- have their own MXs (not gmail or o365)
- are not hiding behind Cloudflare or equivalent
- are not just Hetzner or OVH in a trenchcoat
- their website is up at present and does not have a certificate error

That whittled the list down pretty quickly.

Two of the 13 are in countries at war (Ukraine, Russia)...

dentangle@chaos.soci.. replied 14 Aug 2024 13:28 +0000
in reply to: https://chaos.social/users/dentangle/statuses/112955870703544081

A few people have asked for the list, so I've written it up with a few extra comments. Of the 13 that passed the basic competence tests, only 5 clearly state that they offer BGP feeds on their site. Of those, there's maybe 3 I'd actually consider using.

Mythic Beasts (@beasts), FiberSix and ARP Networks inspire the most confidence.

If anyone has comments or experience with any of these companies, I'd love to hear about it.

https://blog.brettsheffield.com/bgp-hosts

benjojo replied 14 Aug 2024 14:58 +0000
in reply to: https://helvede.net/users/holsta/statuses/112960756629036274

@holsta @dentangle Eh, The two:

- have their own MXs (not gmail or o365)
  • are not hiding behind Cloudflare or equivalent

I don't (personally) see the reason to exclude a supplier over, they both gsuite/o365 (actually usable email+spam filtering+compliance) and cloudflare (anti-ddos+global CDN) provide useful services that are a pain to self replicate. I'd rather the supplier focuses on what they are hopefully good at, running their customer VMs/moving bits :)

benjojo replied 14 Aug 2024 15:21 +0000
in reply to: https://social.gabekangas.com/objects/c95680a4-9000-4935-ad60-f93dc607a1bf

@gabek Sure, Without going into too much of a ideological dive, but people use cloudflare/gsuite because the alternatives are difficult and there are needs that can easily be solved for what is comparatively a low price by these services.

Should there be more cloudflares/gsuite/o365s? Totally.

I wrote a bit about this here: https://benjojo.co.uk/u/benjojo/h/dq8xS9R2BMQXT62T6v

I am a guilty of this myself, While my main stuff does not use cloudflare (other than my blog, because it saves me quite a bit of money on my GAE bill), I do use Gsuite/gmail because it frankly works, and any risk of losing email would be more costly than just having paid google to host my MX for me.

woody@pleroma.pch.ne.. replied 14 Aug 2024 15:21 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/2mrSdH53VV1632zKqq

@benjojo @holsta @dentangle

Ok, let me give you two different reasons then, if competence isn't sufficient...

No one should use or support Gmail or Office365 because Google and Microsoft are trying to create a walled-garden duopoly on email.

No one should use or support Cloudflare because... where to start? Largest malware hoster in the world, second largest child-porn hoster in the world. 40% of the world's phishing sites. Nazis. Al Qaeda, Al-Shabaab, ISIL, the al-Aqsa Martyrs' Brigades, Hamas, and the al-Quds Brigades. Sanctions violations. Kiwi Farms. 8chan. Etc., etc., etc.

benjojo replied 14 Aug 2024 15:42 +0000
in reply to: https://pleroma.pch.net/objects/c71c0ef9-3a0b-4ee8-a0a2-992beb5ae4d6

@woody Yup, cloudflare's content policy is frustrating, I will defo not argue against that. The problem is that people will overlook their content policy for as long as the service is helpful to them, boycotting cloudflare is kinda like boycotting starbucks, many folks do, but I suspect at the end of the day starbucks doesnt really feel that much of a pinch in the grand scheme of things for as long as the end user service is good enough.

Though the email stuff is interesting. For context, bgp.tools does self host it's _outbound_ email, since I don't want to give customer email addresses a 3rd party if I can help it, and sending email to everyone except Outlook/Hotmail/MSN/Live (basically, microsoft but not O365) is basically impossible. So much so that the bgp.tools application layer just considers them invalid email addresses after I spent easily 20 hours of effort trying to make it work unsuccessfully. gmail was no problem.

A lot of email stuff ends up back into gmail/O365 anyway, mimecast/postini/ironport/etc front end stuff for compliance etc, but it all ends up there. I suspect some of this is that it's just a really unsexy software/services to run/sell to people.

benjojo replied 15 Aug 2024 08:47 +0000
in reply to: https://pleroma.pch.net/objects/34c3dca7-3e84-4177-9e35-f2166098c5a6

@woody My wider point I was trying to get at is that social boycotting doesn't really do much when people are willing to use a product that is competitive etc. Cloudflare's content policy is enabled by the US's lax handling of hate speech.

Though from what I understand from working at CF years ago, CSAM does not stay on the network for very long after they are notified of it, since the legal implications (ie, the part CF cares about for the most part) of that is really spicy.

I'm not trying to be overtly pro-cloudflare here, I have axes to grind with them too. (The VPN product being constantly abused, Workers being used for DDoS, The Nazis, Booters etc) but as long as these things are technically legally excusable in the regions they operate (or the mechanisms to enforce are weak)

I don't see cloudflare doing anything about it, because it simply does not make any biz sense for them to do so, they only stand to lose by getting into the game of mass content moderation from PR fuck ups etc. Hell cloudflares even smallest attempt at doing content moderation in the form of their resolver ended up as a PR fuck up https://www.theregister.com/2021/05/21/cloudflare_lgbtq_filtering/

My cynical take is that we cannot take for granted that a US company will abide by social expectations, you force them into that by codifying that into legal expectations.

dentangle@chaos.soci.. replied 14 Aug 2024 15:22 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/2mrSdH53VV1632zKqq

@benjojo @holsta We have very differing opinions on that! 😉

Cloudflare is a problem for the whole Internet. Centralizing services behind one US company is a huge Internet sovereignty and security problem.

Gmail and Office365 are the main *sources* of spam on today's Internet (and no amount of SPF, DMARC or DKIM etc. will protect you from it), and again, are US companies that have far too much influence on Internet standards.

So I wouldn't recommend their use, and I avoid companies that do.

benjojo replied 14 Aug 2024 15:34 +0000
in reply to: https://chaos.social/users/dentangle/statuses/112961057812829434

@dentangle Yeah fair enough, I'm not sure about the spam bit though, from my own anecdotal experience, but maybe my self hosted mail boxes are just not in the email spam lists yet.

The hosting world is basically now divided into two factions, the AWS's of the world, and the smaller folks who are just plodding along (not that it's a bad thing, in some way I appreciate as a customer of them folks like @beasts 's non interest in being a mega provider), and both side offer different services.

Also, the BGP VPS hosting market is a bit of a odd niche, so I would not be surprised if everyone in the ring there is a pretty small shop (FWIW, I have edit access to bgp.services system you used ;) ), Generally if you are one of those hosting operations you end up with HTTP floods and other DDoS slam into your main site, and cloudflare is the most easy thing to deploy there to fix the issue. It's not great, but I don't blame folk for taking the easy path, given a lot of folks are running from one problem to the next!