1. 22

  2. 7

    Isn’t this conflating different things, hosting and availability?

    Cloudflare [to my knowledge] doesn’t host websites. It’s about improving availability via distributed caching and DDOS mitigation. So it’s conceptually more at the routing level.

    It’s pretty clear that the backbone of the Internet is more centralized and less resilient than it should be. There are too many instances of one person making a mistake in a routing configuration update and blowing up IP connectivity for millions of people.

    1. 3

      Cloudflare somewhat recently launched Cloudflare Workers, which lets you publish websites “hosted” on their servers: https://workers.cloudflare.com/sites

      1. 3

        Hosting is a perfectly reasonable and accurate way to describe what CDNs do for their customers, I think.

      2. 6

        Related comment: https://lobste.rs/s/xbl6uc/cloudflare_outage_on_july_17_2020#c_nt8atu

        For most people, I recommend using shared hosting for websites, rather than standing up your own on a VPS. Shared hosting has the main advantage of the cloud and some more – that somebody else maintains the system for you.

        I have a Linode server with some of my own sites, and the uptime is a lot lower than that of the Dreamhost site. So basically I use the VPS for playing around with stuff, and shared hosting for sites I actually want to be up.

        I feel like I should write a blog post about shared hosting because a large number of people seem not to know what it is. Short answer: A single computer can serve a lot of websites!

        Also the combined cost is very doable: I pay exactly $10 a month for the VPS (could be $5), and less than $10 a month for the shared hosting. I’d rather pay a token amount for steady service than be sucked in to a tech stack with free offerings.

        1. 3

          A static site should be ok almost anywhere. And a good shareholding company should be good at uptimes.

          1. 2

            The last time I was thinking about writing about shared hosting, I came across this interesting 2008 back-and-forth about shared hosting and Rails, between the creator of Rails and Dreamhost itself:



            Basically around 2005-2008 frameworks like Rails and Django became popular. They did not work well on shared hosting for various reasons.

            So people started using VPSes and eventually the cloud. And a deficiency of those systems is that if you’re not mindful of server performance, you might need to add something like Cloudflare on top. You lost that when you moved off shared hosting.

            However, the funny thing is that Rails and Django are no longer as popular. But we didn’t move back to shared hosting, even though they started to make sense again!

            I think there are some newer hosts that are designed for more of the client JS-heavy website architectures, like https://www.netlify.com/ but I haven’t used them. It does seem like the shared hosting services had a lot of technical infrastructure in place to go into that market, but they didn’t really understand the open source software that people wanted to deploy (e.g. the web dev trends). It seems like a missed opportunity.

            Shared hosting gives me a shell on a box that somebody else maintains, and that serves my web pages reliably, and that’s pretty much what I need. Cloud hosting doesn’t give you that. Cloudflare is extra complexity and insecurity for most use cases.

            1. 3

              I have used Netlify and Vercel, but considering that JS runs on browser, actually any webserver is good for a static site with JS.

              I have my own VPS to host my sites mainly because I like it, but Shared hosting should be more than OK for the traffic I get.

              1. 3

                I think there are some newer hosts that are designed for more of the client JS-heavy website architectures, like https://www.netlify.com/ but I haven’t used them.

                But that’s not the same as old school shared hosting, that’s a big Cloud™ Edge® CDN thing, you don’t become more independent and decentralized because of it.. Purely for reliability, sure, heck you could add AWS Lambda to that, to keep your old little server apps running no problem.

                a deficiency of those systems is that if you’re not mindful of server performance, you might need to add something like Cloudflare on top

                I highly doubt that anyone needed a MitM proxy because of insufficient VPS performace when an old school shared box would’ve been sufficient.

                Cloudflare took off because it’s free, “cloud” bandwidth (EC2 and S3 especially) is not free, and they made loooots of promises. “Come to us, we make everything faster and securer and better, we’re so great and it’s free if you’re not enterprise! We’ll defend you against DDoS and scary attackers trying to SQL inject your MongoDB based app and scary shady spammy Tor users trying to do shady things on your read only public static pages too!! We have nice DNS hosting too! All free!!”

                My guess would be that far fewer people put CF in front of their sites because they needed it, rather than just responding to the marketing.

                1. 1

                  I started to use them for DNS for some side domains I want DNS service for free, and my current DNS provider DNSimple only offer 5 domains included in my package. But could have gone to Linode too, also for free. I think Linode runs over Cloudflare, or is it DigitalOcean who does that?

                  1. 1

                    As I found out during the CF incident, DNSimple have switched to using CF DNS servers with whitelabel branding.

                    1. 1


                  2. 1

                    Yeah I’ve never used it, but my point was that I think Dreamhost could have gone into that market. They just needed to “bridge the gap” with some tools.

                    They had basically all the server infrastructure in place (?) The Cloud CDN stuff is mostly an implementation detail, and as long as it serves the traffic, nobody cares (aside from marketing by induced anxiety). The user experience is what counts, e.g. git push to deploy.

                    With dreamhost I have to set up my own 5 line rsync script. Which is obviously doable but it is a barrier. I think learning shell is perhaps one of the most significant barriers for most people using shared hosting.

                    People on this site may not be able to relate to that, but if you spend some time looking over the shoulder of a well-paid software engineer or other tech employee with say 1-5 years experience, you will see they have little experience with the shell.

                    The cloud lets them kinda avoid the shell. They don’t have to think about file permissions, e.g. is this directory executable? Where do I find the damn logs in this shared hosting setup? The lack of logs really stymied me a different shared host 10-15 years ago.

                    But it seems Dreamhost somewhat got left behind by Rails/Django, and left behind again by JS frameworks and static site generators. Although I’d be interested to hear from people who are still using shared hosting with those open source tools.

                    Also what I mean with the VPS comment is that it’s pretty easy for the uninitiated to misconfigure a web server or database. So instead of fixing underlying issue, they might patch a cache on top.

                    The config burden is on you with a VPS, whereas it’s not with shared hosting.

                    Honestly 90%+ of the caches I’ve ever seen are patching over some performance issue that the developers/sys admins didn’t understand. It’s the lazy performance fix. Cloudflare is to some extent the lazy performance fix.

                    1. 3

                      I think learning shell is perhaps one of the most significant barriers for most people using shared hosting.

                      Not all shared hosts even allow shell access. As I remember, shared hosting was all about FTP :D

                      1. 1

                        (late reply) Dreamhost definitely allows it, and I think most do these days.

                        I think I caught on to “Shared Hosting 2.0”. I remember Shared Hosting v1 did NOT support SSH because it wasn’t very safe. And yes I remember all the Windows and Mac programs that supported FTP to publish to servers because of this.

                        But probably by the time Shared Hosting 2 came around, it had already gotten a bad name in some circles. And when it didn’t run frameworks like Rails and Django, that was sorta the nail in the coffin.

                        But I really think it is quite good now. So yeah I want to write about it, and the SSH vs. FTP issue is a good thing to mention. I would NOT use if it I only had FTP access. The whole point is to get a shell!

                        And it helps that the shell is on a Debian machine which is very similar to my own Ubuntu machine. Lots of things “just work”.

                2. 2

                  I’ve been on Dreamhost since 2004, and sometimes I get weird looks, but it’s remarkably low-fuss. All content comes from Makefiles that stitch together HTML. When I do occasionally need some non-static functionality, I’ve usually been able to add it using small CGI scripts. Coding CGI for simple tasks feels like a breath of fresh air after working with complex web frameworks.

                  1. 1

                    Yeah I actually run a FastCGI script in Python on Dreamhost! It works great, although the Python support for FastCGI has completely rotted! (I had to fork some old Python 2 FastCGI lib support)

                    FastCGI lets me keep a zip file open across requests, with its index :) And save Python startup time.

                    If you see the .wwz prefix here, that’s a zip file with a ton of files served by a FastCGI script.


                    I think I mentioned this on the blog like 3 years ago… But yeah I think it would be cool if you can write FastCGI scripts in Oil. Shared Hosting is really a better cloud for so many use cases.

                    Contrary to popular belief, the uptime of a single box often exceeds the uptime of a distributed system. (TODO: should write a blog post about this, I stated that here awhile ago and lots of people agreed.)

                  2. 1

                    The real problem is elsewhere, imho. Had a VPS for over a decade. Worked flawlessly, great uptime, no trouble, rarely updated and still no outcomes of compromise (identity not stolen, domains not sending bad mail, nothing that actually affected me then or in the two years since I turned it off). Provider decided to sunset the product. Had to backup everything. Never spent the time to put it back up. Now my website doesn’t work.

                    The only thing that was critical was mail, so I did that.

                    1. 2

                      AWS VPS is $5/mo. It’s also the same service as their enterprise product which makes most of their profit. And amazon is (for better or worse) slowly eating the world. So it’s very unlikely to be shut down.

                      1. 1

                        True, I wonder if a time will ever come where they’ll say “It’s time to up sticks and move off your t1.micro” but it doesn’t sound likely.

                        Well, I’m still probably not going to get myself into that state again. Cattle, not pets, for me.

                        1. 1

                          Well, I’m still probably not going to get myself into that state again. Cattle, not pets, for me.

                          Curious, how do you intend to do that? You can get a physical server, but you still have to arrange for rack space and an internet connection. You can be your own ISP, but that’s prohibitively expensive. Not to mention, both of those options will be more volatile than a cloud provider.

                          1. 1

                            My current thought is probably a cloud persistence layer (so managed SQL, probably Aurora, with managed storage, probably S3), DNS on the cloud (which obviously I have now instead of my BIND) and everything else on Kube.

                            Never going back to the solo VPS with my stack on it. It was the right thing to do because I was broke but I’m not broke now and I can easily pay five times as much to not have to worry about it being up in the future. Cloud managed services for everything, as far as I’m concerned.

                  3. 2

                    (on mobile so excuse brevity)

                    I see CF as an actually very useful service (albeit very centralized and with a lot of power – so I hope that they were a non profit). I see (largely fair) criticism of CF or GitHub or other similar services pop up every time there’s an outage. Some of it though, I find to be a weak point though - most users likely won’t have better uptime than these big companies.

                    As an example, I can’t self-host a DDOS prevention service so I must use CF even if they have 99.x uptime. I myself self-host my blog with CF for CDN (and a tor hidden service for those wanting to bypass CF altogether). To my, the more important criteria is if I can still use open standards (DNS in case of CF, Git for GitHub) so whenever I want I can migrate out.

                    1. 1

                      It’s not always about better uptime, it’s about control over your uptime. Got something important planned? Don’t do any maintenance or config changes until after.