6th November 2023
Listen
Listen
So, yesterday, I was online doing some reading for a Media assignment and after accessing one of the texts on JSTOR, I was faced with an error message:
The contents itself depicted an internal server error, which occurred on the Cloudflare network. It seems that it wasn’t just me suffering from this same connectivity issue; I went onto TikTok and saw meme content about the situation, exaggerating at it as the ‘destabilisation of the Internet’ and how people were unable to access fan fiction websites like ao3.
In a company statement, Cloudflare asserted that the “significant outage” was caused by a mishandling of network threat traffic by a configuration file, which “triggered a crash”. The company affirmed that the “issue was not caused, directly or indirectly, by a cyber attack or malicious activity of any kind”, recognising that the system was distributing good and bad configuration files across the network; they expressed condolences to customers and users of the Internet, remarking that “any outage is unacceptable”.
According to the BBC, users reported delays and technical difficulties for using services such as Grindr, Zoom and Canva. More notably, X was presenting a home page message proclaiming a problem with its internal server due to a Cloudflare error and ChatGPT had a message stating “please unblock challenges cloudflare.com to proceed”.
For many – myself included – this was a bizarre and unprecedented event. Through examining comments in both of the TikTok videos linked above, it is evident that only few are aware of Cloudflare and its purpose in sustaining the digital entity of the Internet. Below, I intend to explain what the organisation is, how it helps maintain digital infrastructures and the potential consequences of a failing web.
Cloudflare is a global website protection service employed all across the digital realm, priding itself on helping to “build a better Internet” by solving some of its biggest challenges. They very much embody SaaS (Software as a Service), which is where you virtually access software via a 3rd-party provider, with thousands of customers on a daily basis signing up for their services.
According to them, they serve data from 330 cities in over 125 countries across the world, and proxy around 20% of the web. Approximately 13,000 networks have a direct connection to Cloudflare, which includes every major ISP (Internet Service Provider; e.g – BT, TalkTalk, Sky), cloud provider and enterprise. This reduces latency, improves the application’s performance and HCI (Human Computer Interaction).
The sheer magnitude of their operations and computational power cannot be underestimated, with the Cloudflare network able to reach around 95% of the world’s population within precisely 50 milliseconds. That is roughly 7.6 billion people simultaneously being provided rapidly secure access. On average, a human eye blink takes around 100-400 milliseconds, demonstrating Cloudflare’s lightning-fast capabilities in ensuring you remain connected to the Internet (for the most part, of course, as we must address the Digital Divide and those still lacking equal access).
Despite being renowned as experts in engineering, they recognise the need for members in sales, support, marketing and business development in order to perpetuate meaningful contributions to the Internet.
One of the ways Cloudflare maintains the Internet as we know it is through user authentication; specifically, the use of its custom verification tool replacing CAPTCHA called Cloudflare Turnstile.
According to their blog, humans abandon CAPTCHA puzzles (e.g – “select the images which show stairs/trucks/etc”) 15% of the time and are only useful for bots to solve. This is where Turnstile comes in. Although part of its own services, any website operator on any platform can implement this by adding a few lines of code, unrestricted by web browsers and paywalls.
This authentication method is also privacy-oriented, preserving and protecting users’ data without tracking it (e.g – what other sites a user visits). Tracking was originally a means to verify if users were human or robots, but Turnstile instead combats bots by running a “series of in-browser tests, checking browser characteristics, native browser APIs” (Application Program Interfaces; these are subroutine sets which allow program interaction. In simple terms, it allows 2 program applications to interact without user intervention). It also asks “the browser to pass lightweight tests (ex: proof-of-work tests, proof-of-space tests) to prove that it’s an actual browser”.
Additionally, it combats fraud via automated signups, including “new account fraud”. This is where “bad actors automate the creation of many different accounts to abuse” a platform; Turnstile fights against this via an invisible mode which protects the signup page. Turnstile is completely free for production and users via unlimited usage.
Now, when it comes to the impact of failing web services, the most obvious cultural issue in my opinion is a clear system overreliance. While this isn’t the first time the Internet has suffered an outage before, these service failures can snowball to other services and companies reliant on that aspect of the Internet. So, what exactly is sustaining the interconnected structure of the Internet besides services?
This is what Josh Fomon defines as the most easily understood internet outage, where an ISP or mobile operator is inaccessible or goes down. An ISP or mobile operator’s failure can be attributed to several reasons: severed cabling, hardware failures, natural disasters, human error, cyberattacks or power outages. Although the Internet is still functionable, you cannot use your local devices (such as a computer or phone) to access it due to this outage.
Fomon recommends that you access the Internet through a different network to determine if your ISP or mobile provider is down. If your ISP is unresponsive, try using your mobile data to see if the Internet is accessible. If your mobile operator is unresponsive, try using your Wi-Fi network to check. If the Internet is accessible on one of these devices but not the other, there is a potential carrier or ISP outage at play here.
While these outages are usually resolved within a few hours, the best way to keep updated and informed would be to access the Internet through other means besides your ISP or mobile provider (perhaps going to a public network like McDonalds or Asda) and checking Downdetector or the company’s website to see if they have identified the outage.
CDNS ensure the physically close storage of content (images, videos, audio, etc) using networks that utilise global POP (Point Of Presence) servers. A POP is a “physical location that houses data center compute, storage and networking infrastructure where high-speed connections to the internet are established”, designed to allow secure, rapid access to the Internet; this is done by being strategically placed for optimal connection and high performance.
Websites and apps adopt CDNs in order to provide a faster, stable user experience by allowing quicker transmission of information and bypass potential digital bottlenecks (situations that causes delays). In other words, CDNs allow applications to carry out tasks faster and more smoothly without disruption. These are incredibly useful regarding quick service responses due to increased demand and user engagement (for instance, imagine online shopping services on Black Friday: the sheer amount of customers going onto these websites, selecting items, adding them to their basket and finally going to checkout. There is a plethora of variables to take into consideration – e.g – what payment method will the customer use, when will the customer use the website, will the customer return -, so CDNs must be able to handle these highly intensive service requests).
When CDNs fail, sites cannot fulfil their purposes and apps cannot receive the stored content available in these networks, presenting it to users as appearing to be down rather than failures. These faults can happen due to coding errors, cyberattacks or system overreliance, with them often being hard to decipher due to backend operations that users and developers cannot easily access and different CDNs cover specific geolocations. While a CDN network may be operational in part of the world, other parts may have a CDN which is out-of-service. Again, the best way to check is via Downdetector.
Both DNS and BGP are responsible for navigating internet traffic, with DNS translating the domain name (e.g – “google.com”, “liverpoolguildstudentmedia.co.uk”) into an IP address (the unique set of numbers which identify network files & devices; e.g – 192.168.2.2). Now, obviously humans don’t use IP addresses to access websites, as they’re hard to remember and time-consuming; for computers, they comprehend everything in a binary numerical format of 0s and 1s, so each portion of that IP address above has a corresponding binary value. For example, the binary value of 2 is 00000010. That, a computer can understand (I am not an expert of Computer Science but learnt enough in A-Level and GCSE to have a fair grasp of these concepts). Hopefully that makes sense.
BGP is the Internet’s routing protocol, evaluating all of the different potential paths data can travel through and selecting the best route. Cloudflare states that the best analogy to comprehend this is as a postal service; when someone drops a letter into a mailbox, the Postal Service processes the mail and chooses a fast, efficient route to deliver the letter to its recipient.
For those who don’t know, protocols are key rule sets which allow communication between devices. A key example of this right now is in the link within this article via ‘https’, something which I’m sure you see all the time; HTTPS is a secure version of Hyper-Text Transfer Protocol, which allows for info to be exchanged on the Internet. But there are other protocols too, such as FTP (File Transfer Protocol – transfers files across the Internet) and SMTP (Simple Mail Transfer Protocol – sends email).
DNS can fail due to sending traffic to the wrong location or inability to respond to multiple concurrent requests, going down due to cyber attacks, power incidents and human error. BGP issues are harder to detect since a network’s route may not appear visible despite being present, meaning users and developers may presume the route is severed. Additionally, since everything becomes decentralised in this type of outage, information is unable to automatically update. For both of these, it is best to check Downdetector but these problems will likely take a while to be fixed by engineers.
No matter what the type of outage is happening, always use Downdetector for troubleshooting, with Fomon declaring it as “your first line of support during a widespread incident”. Don’t take this guidance just from me, but take it from a specialist too.
At 19:28 yesterday, the Cloudflare system status page asserted that the London server is “operational” and that they are “no longer observing elevated errors or latency across the network”. For a lot of people, this was a minor blip in the continuous evolution of the Internet; to me, this serves as a cautionary tale about how easily these infrastructures can be halted. Who’s to say something of this extent won’t happen again? Regardless, Cloudflare appear like a reliable and trustworthy organisation, so I’m sure if something like this does, they will be the first responders.
Any questions? Did you use the Internet during this outage? Feel free to contact me via johnjoyce4535@gmail.com!
For more news, check out the following link:
