57 comments

[ 27.4 ms ] story [ 1708 ms ] thread
This headline reminded me to check my position on the waiting list. On April 1st, I was at #166319. Now I'm at #166208.

If they keep adding capacity at the same rate, I should get access about 100 years from now :(

My wait-list number has dropped by half since I signed on. There is hope.
Did the number drop by more than 211 in the last 25 days?

If so, the wait list isn't a simple FIFO queue.

It should not be a FIFO. They probably want diversity of countries, ISPs, devices, etc. According to your profile you're located in China so they're surely not short of Chinese test subjects for a VPN ;)
It's either a FIFO or the message you are #xxxxx on the waiting list is bullshit.
Care to share your number?
I don't really get why they're rolling it out so slowly.
To shake out the bugs without overburdening the support team. There's a lot of device/network heterogeneity out there.
"Not looking to get around country-blocks" - yep, as found it does not work in China
Cloudflare is a MiTM on the internet at large.
What about Akamai or Cloudfront?

Cloudfront certainly aren’t the first CDN, and I highly doubt they’re the largest.

Cloudflare uses a reverse proxy design for its CDN features.
As do Akamai and CloudFront. It’s not a MITM when it’s a contracted service sites choose to use rather than an attack.
Right. Hence why GP said it was an MITM attack on the Internet at large, and not on any specific, individual website.

Cloudflare is an existential risk to the Internet, a terribly bad actor with a terribly bad track record. Their actions are, depending on how generous and optimistic you are, somewhere between painfully ignorant and outright malicious. There aren't any explanations for their behaviour that are sensible or charitable.

Nobody anywhere should use their products. Someone does so not only at their own peril, but everybody else's (so they should be blamed, too.) The company and their enablers will face a reckoning once the last good parts of the Internet are done dying by their hand.

I had to look it up to make sure I knew exactly what a 'reverse proxy' is

> a reverse proxy is a type of proxy server that retrieves resources on behalf of a client from one or more servers.

Isn't that what every CDN does? Isn't that the definition of a CDN?

Some CDNs, you put the content on them and link to it. Some reverse proxy back to your ‘origin’ server(s). Some, like Akamai, offer both.
VPNs for everyone - literally the worst idea of all time
Maybe, however it is quite justified to mitigate the recently applied anti-free speech laws
ISPs/Carriers are MiTMing all kinds of traffic [0]. A VPN that promises to protect you from this, in addition to offering low latency due to their superior network and routing tech, might be a big plus, too [1][2]. I think its too early to dismiss VPN-for-all as an idea dead in the water. Time will tell. From what I know and what I've read so far, Warp might indeed be the VPN that you've wanted all along but never knew.

[0] https://techscience.org/a/2015103003/

[1] https://patents.justia.com/patent/9736710

[2] https://patents.justia.com/patent/20170086092

I will stick with a couple VM's in a couple countries and tinc vpn + ssh client for remote access. I can destroy and recreate them periodically to change out IP addresses.
(All of the comments on this post say they are from 10-15 minutes ago, but I remember reading them hours ago, and Algolia shows they were made days ago. <- For potential future reference, my/this comment was posted at 3:42pm US/Pacific on April 28th of 2019.)
View the same comments from the profile page of their authors and they’re days old. This feels like some zombie post resurrection trickery with the time stamps.

dang?

The comments might have been folded/combined with another thread's in a way that reset their timestamps.
Sorry for the confusion. It's because when moderators or story reviewers re-up a post, as described at https://news.ycombinator.com/item?id=11662380, the timestamp is adjusted to be the re-up time, on the front page and the comments page (/item).

Well, not precisely the re-up time—rather the timestamp that answers the question, "when would a submission with this many points have been posted in order to have this rank on the front page". Of the three variables—points, timestamp, rank— rank is normally the dependent one, but on re-upping, timestamp becomes a dependent variable since the software is setting a rank (randomly, but usually around #20).

If you see a timestamp inconsistency on HN, this is likely why. You can always tell which post is the earlier one by comparing the IDs in their URLs. The timestamps converge after a day or two, so the confusion is at least temporary.

The original timestamp remains visible on other pages, such as /from?site=domain.com and /submitted?id=username, e.g. https://news.ycombinator.com/submitted?id=chkuendig and https://news.ycombinator.com/from?site=dailydot.com for the current article.

We started doing this because it turned out that if you lob a story onto the front page with an old (say "2 days ago") timestamp, the thread will turn into "how is this story on the front page when it was posted 2 days ago".

If the thread has comments, the timestamps on those comments also get relativized. (Otherwise the thread would fill up with "how can this comment have been posted before the submission?!!")

Perhaps off topic but this was very difficult to read because PC Mag’s advertising was constantly changing sizes. Thank God for Reader View or I’d have abandoned it early
Often I find myself using outline.com as a mirror: https://outline.com/TSWvsv (I realise, the same reason you do not use an ad-blocker might stop you from using mirrors).
"We're not looking to compete with the free" - this seems garbled. Any guess what he meant?
I agree but I don't recall what I was saying.
> But it would definitely be good for the public to understand, at least to dismiss this notion that the internet is a free-for-all. It's not, in itself, resilient against interference.

> And would you want that freedom? I wonder if the individual ultimately would. Maybe there are things governments should be protecting us from. That's a valid discussion that should be had.

Governments, of the past, of the present, have left us with plenty evidence that they are perfectly incapable of protecting their citizens when it doesn't serve either their collective self-interest or the interest of whoever they happen to serve at the time. Imo, there is literally no alternate reality where handing the governments unabated control ends well.

- For starters, the govts don't even get technology.

- As a parallel to the Internet, look no further than the regulations, the standardisation processes that plague the telecommunications industry (who are under influence of the governments world-wide and are actively trying to wrestle the control of the internet away from traditional bodies). It's clear who wins (hint: not the end consumer, and occasionally the governments sneak in backdoors).

There's a reason BigTelco is what it is today (a no-escape surveillance dragnet). It'd be sad if the Internet plunges to such depths.

I'm glad initiatives like tor, i2p, ipfs, datproject, freedombox, nyc-mesh, community-broadband, matrix.org are trying to solve the problems in a myriad of ways. The threat of govts meddling with the Internet irrevocably is real though, esp since a functioning Internet requires quite an expensive yet co-operative infrastructure which is, for all intents and purposes, in control of the BigTech... but I don't see why individuals world-wide should go down without a fight to keep the Internet as neutral as they can, while they can.

--

That aside, I'm interested to know if anyone has seen any huge latency difference between using Cloudflare Warp and using Wireguard behind Google's GlobalLoadBalancer or AWS' GlobalAccelerator (or equivalent StackPath/Cloudflare offering)?

> Imo, there is literally no alternate reality where handing the governments unabated control ends well.

IANA, which controls domain names, is in the US, which means it's technically under the complete control of the US government. That means the civilian-facing Internet and World Wide Web are under the complete control of the US (and always have been, as far as I know).

> For starters, the govts don't even get technology.

The US govt did all the research that led to the current Internet. The World Wide Web was invented at CERN, another governmental organization.

Many of the major advances of the 20th century were funded, organized, and run by governments.

If you meant to say that legislators don't even get technology, that would be a lot more valid. But legislators (in the US) provide funding to people who are at the forefront of their fields.

Thanks. Valid points but when I said governments I didn't just mean the US government. Besides, if history is any indicator, the governments (including democratic ones) are happy to turn a blind-eye to any and all important legislations when it make sense for whosoever is at the helm or in power at the time.
Cloudflare just wants access to your traffic info to resell it.
This would appear to contradict their terms of service. Do you have a citation?
> Since then, right-wing figures like Alex Jones and Tommy Robinson have been banned from some platforms, but remain on the web. What's the company's view on figures like that still being around?

Curious that this is the first thing he thinks about, not for example jihadists that are everywhere on the net too.

Wait no it's not, its' exactly what you expect from the Fake News media that spent waaay more timing talking about Christchruch than Sri Lanka.

THIS IS WHY TRUMP WON.

I’m not very familiar with this topic. Would this be considered a competitor to perimeterless security like Google BeyondCorp?
Something like zscaler's ZIA [0] is in the same ballpark as BeyondCorp, or so I think. Cloudflare Warp is basically a CDN turned on its head: Security and privacy are a huge bonus, whilst low latency and high bandwidth remain its salient features. It is more like the Silk Browser [1], the Opera Turbo/Mini [2], or the Chrome FlyWheel [3] but operating at the network layer, and across all apps.

[0] https://www.zscaler.com/products/zscaler-internet-access

[1] https://news.ycombinator.com/item?id=3215778

[2] https://en.m.wikipedia.org/wiki/Opera_Mini#Functionality

[3] https://ai.google/research/pubs/pub43447

I'm just waiting for them to clarify if they're ok with torrenting over their VPN.
"Do you really want that? What if you can't take down the website? Daily Stormer is really interesting; we shut off service for it, but you can go to Google and read it."

I don't even know what type of content is on Daily Stormer but I presume it is controversial. I find this quote just a tad disingenuous. I understand Cloudflare is well within its rights to decide there are certain companies they won't work with, but to say this causes no harm whatsoever isn't entirely true.

There are very few CDNs that can withstand a DDOS attack, and certainly very rare for a small publishing company to have that capability in-house. If the content you want is under a DDOS attack and unavailable because no CDN will carry it, then yeah, that would kind of suck.

One can always publish to various P2P platforms that are highly DDOS-resistant, but now the audience has some more work to get to it; it's a barrier. Not an impassable one, but a barrier nonetheless.

For the record, I like Cloudflare, but I also really love free speech. The quote struck me as overly minimizing.

> I find this quote just a tad disingenuous.

Everything about Cloudflare is disingenuous! Remember the bullshit they pulled with Tor and then tried to blame it on Tor being a DDOS vector (defying all logic).

I have more than once got into a debate about how many bags of dicks that Cloudflare sucks, only to find out near the end that the person was a Cloudflare employee and just kept that point to themselves the whole time.

I really wish some company would overtake them in that sector and send them packing, just on principle.

It's literally Nazis.
It's literally not literally Nazis.
Daily Stormer isn't a Neo-nazi site you say? Ok then.
I didn't mean that and for the record I abhor the views espoused on that website, which I have only viewed a few times.
Oh, no. I'm not having that. The Daily Stormer is absolutely, actual, non-metaphorical Nazis.

Here's the first paragraph of the wikipedia entry:

The Daily Stormer is an American neo-Nazi, white supremacist, and Holocaust denial commentary and message board website that advocates for the genocide of Jews.[2][3][4][5] It considers itself a part of the alt-right movement.[6] Its editor, Andrew Anglin, founded it on July 4, 2013, as a faster-paced replacement for his previous website Total Fascism. The website also publishes its content in Spain and Latin America, Italy and Greece.

In conclusion: Nazis.

It's a neo-nazi/white nationalist forum. It's still active I believe behind Tor, but not nearly as accessible, far fewer people actually participating. We're in an era where young men radicalize each other on message boards like these until one of the truly unhinged members heads to a synagogue to murder people worshiping. As we've seen so many times in the past year, they'll often post before they do it, leaving behind a manifesto and a crowd egging them on to get a "high score."

I wish this was actually an outlier and not very common, but unfortunately if you monitor these forums you'll see men working up the courage to commit a mass murder of their own every single day.

In my opinion we should try to put as many barriers we can in front of these types of communities, and it sucks that cloudflare is still working with some of them.

yeah that is pretty controversial stuff! I guess for me this falls into that fringe category of stuff that really should best be only found by those truly seeking it, so I’m morally OK with barriers without total censorship. But I’d also like to think more about how to help those people who get sucked into such things. The more private it becomes, maybe the harder it is to see & help?

All that said I still stand by my original comment, there is a chilling effect on free speech, not to be so glibly dismissed.

So first of all yes, free speech is important. If it were to be curtailed along political lines, my work would be cut long before any of these platforms.

But free speech isn't quite relevant here. The first amendment does not provide a right to a platform or an audience. Would they eventually find other outlets? Of course. But if your ideology is regularly getting people killed I absolutely want you to be handing out fliers at the mall, not sending out links to your anonymous discord or 8chan.

Getting help for these troubled men is a priority, but right now there simply isn't a mechanism for it -- we help those who seek it in America. Finding out who these posters are in the first place is a chore on its own and has been more effectively accomplished by networks of antifascists than by our well-funded intelligence departments, to give you some perspective. So I think that goal will come with more resource allocation to this particular problem, once it's acknowledged. And the current administration does not acknowledge it.

I installed 1.1.1.1/warp+ a day or two after April 1st. My waitlist number has stayed at 243635-something for a couple of weeks now.

Anyone know at what pace they’re letting new users in?

Is this an entire story about Warp, which is what I understand Cloud Flare to have named their Rust fork of WireGuard, that does not once mention WireGuard or Jason Donenfeld? Jason is the hardest working person in show business. A "thank you" might be nice, even if Cloud Flare can't work up the class to contribute directly to Jason's projects. Even if they're not using his code, they're using his design and formal verification work, which, in a cryptosystem, is at least as important.
I clicked this article expecting to find you singing its virtues. Color me surprised.
I don't control what parts of an hour long interview a journalist publishes. I told the journalist about WireGuard and talked about its modern crypto, good performance and nice roaming capabilities.