The Internet is broken. Itâs fundamentally flawed in the ways that only things which are put together as patchwork can be. This is the inherent danger of starting a network, not realizing even a modicum of its potential, and then building everything on top of what already existed. Itâs a patch job, and we live on it.
Thatâs the reality that Iâve come to, at least, over the past few days. Part of that reality was reached during an unrelated talk with CloudFlare CEO Matthew Prince. (You might remember CloudFlare as the accidental CDNÂ that I wrote about a few months ago.) We were discussing some things that CloudFlare is doing and I came to the realization that there were a number of problems and broken areas that are ripe for fixing. Interestingly, CloudFlare is positioning itself to do just that, at least in a few of them.
If I had to pick a predominant issue, in my opinion, it would be that weâve commoditized the Internet. In many instances, itâs a great idea for the engineers to be in the background. But when it comes to the Internet, this is just flawed thinking. There are far too many issues that can come up, and many of them have.
In commoditizing web hosting and ISP, weâve lost our focus on the infrastructure that makes everything run. Instead, massive banks of servers are bought up, then resold at the slimmest possible profit margins. With very few exceptions, sales and support teams will make up far more of a companyâs personnel than is represented by engineers. Itâs a fatal flaw, and itâs one that weâre now forced to fix.
In talking to Prince, I relayed to him that it seems like CloudFlare is often times a bandage on a broken arm company. It provides easily-deployed, effective patching of problems, without being in the position to actually fix whatâs going on behind the scenes. Prince doesnât disagree:
âWe see our role as a problem solver for the hard challenges of the Internet. We are different because we are 90% engineers. We started with security and performance.â
So whatâs broken? Here are a few things, other than just the model by which we try to run the Internet as a whole.
Weâre running out of IP addresses, but a fix is on the horizon. But IPv4 canât talk to the fix of IPv6. As if by some cosmic geek joke, someone thought that it would be just fine for these two networks to not understand one another.
In the end it slows the IPv6 transition, which in and of itself is prohibitively expensive. Hosts arenât going to want to transition their users over to a network that that isnât visible by anyone who remains on v4, and the only way to get around it is a box that is again costs hundreds of thousands of dollars, and a single unit isnât enough.
âSSL is way too hard. Itâs absurd that SSL isnât available on every website. Itâs the same problem as IPv6, wherein there isnât an impetus to be the first mover.â
And thatâs why we continue to have the issues that we do where people are having accounts compromised, passwords stolen and identities thieved. Again, itâs a scenario where we didnât ever see the Internet becoming what it is today, so weâve patched in things to make it work, without taking into account how difficult they are for the lay person.
Of all of the problems, this is the easiest to solve, and yet itâs been the hardest to master. It would only seem to make sense that we could have fixes to problems automatically deployed. But because so many upgrades to one system can break another, it just doesnât work.
Unfortunately, itâs just another way in which our Internet is presently broken. If we look at the number of issues that we see worldwide (the PSN incident, recently) then you can see that what weâre doing isnât work.
So whatâs the fix? According to Prince, CloudFlare is at least part of it.
âHosting providers â we donât pay them, they donât pay us. But their operations guys love us because we solve big problems and buy them time.â
To that end, Prince relates the story of a recent Apache vulnerability. While sites around the world were sitting unprotected, CloudFlare rolled out the patch within two hours. So, for a site running Apache behind CloudFlare, it would have been perfectly safe. Time was made for the engineers to fix the problem, while making certain that the site was protected.
Itâs the same story with SSL. With CloudFlare, enabling it is as simple as designating a subdomain with a click (that is if youâve set up your SSL on a separate subdomain initially). Prince tells me that CloudFlare is working on ways to make SSL even easier, in hopes of providing an even better option in the future.
These are just a few of the ways in which things are broken right now, and yet we keep piling on âfixesâ that are missing the critical aspect of being a catalyst. That catalyst effect is crucial because we need temporary solutions to the problems that donât change the problems themselves.
The entire CloudFlare story reminds me that there are many more opportunities for companies to make a healthy living by being the temporary fix to long-term problems. Thereâs a lot to be said for a service that simply buys time for issues to be resolved and CloudFlare has been doing this quite well.
In the interest of full disclosure, Iâm a CloudFlare customer. But not aÂ payingÂ one. My websites both run on CloudFlareâs free offering because Iâve not seen the need to upgrade just yet. But I might soon, because as the company continues to evolve itâs making my life easier and Iâm willing to pay for things that do that.