The Internet is broken. It’s fundamentally flawed in the ways that only things which are put together as patchwork can be. This is the inherent danger of starting a network, not realizing even a modicum of its potential, and then building everything on top of what already existed. It’s a patch job, and we live on it.
That’s the reality that I’ve come to, at least, over the past few days. Part of that reality was reached during an unrelated talk with CloudFlare CEO Matthew Prince. (You might remember CloudFlare as the accidental CDN that I wrote about a few months ago.) We were discussing some things that CloudFlare is doing and I came to the realization that there were a number of problems and broken areas that are ripe for fixing. Interestingly, CloudFlare is positioning itself to do just that, at least in a few of them.
If I had to pick a predominant issue, in my opinion, it would be that we’ve commoditized the Internet. In many instances, it’s a great idea for the engineers to be in the background. But when it comes to the Internet, this is just flawed thinking. There are far too many issues that can come up, and many of them have.
In commoditizing web hosting and ISP, we’ve lost our focus on the infrastructure that makes everything run. Instead, massive banks of servers are bought up, then resold at the slimmest possible profit margins. With very few exceptions, sales and support teams will make up far more of a company’s personnel than is represented by engineers. It’s a fatal flaw, and it’s one that we’re now forced to fix.
In talking to Prince, I relayed to him that it seems like CloudFlare is often times a bandage on a broken arm company. It provides easily-deployed, effective patching of problems, without being in the position to actually fix what’s going on behind the scenes. Prince doesn’t disagree:
“We see our role as a problem solver for the hard challenges of the Internet. We are different because we are 90% engineers. We started with security and performance.”
So what’s broken? Here are a few things, other than just the model by which we try to run the Internet as a whole.
We’re running out of IP addresses, but a fix is on the horizon. But IPv4 can’t talk to the fix of IPv6. As if by some cosmic geek joke, someone thought that it would be just fine for these two networks to not understand one another.
In the end it slows the IPv6 transition, which in and of itself is prohibitively expensive. Hosts aren’t going to want to transition their users over to a network that that isn’t visible by anyone who remains on v4, and the only way to get around it is a box that is again costs hundreds of thousands of dollars, and a single unit isn’t enough.
“SSL is way too hard. It’s absurd that SSL isn’t available on every website. It’s the same problem as IPv6, wherein there isn’t an impetus to be the first mover.”
And that’s why we continue to have the issues that we do where people are having accounts compromised, passwords stolen and identities thieved. Again, it’s a scenario where we didn’t ever see the Internet becoming what it is today, so we’ve patched in things to make it work, without taking into account how difficult they are for the lay person.
Of all of the problems, this is the easiest to solve, and yet it’s been the hardest to master. It would only seem to make sense that we could have fixes to problems automatically deployed. But because so many upgrades to one system can break another, it just doesn’t work.
Unfortunately, it’s just another way in which our Internet is presently broken. If we look at the number of issues that we see worldwide (the PSN incident, recently) then you can see that what we’re doing isn’t work.
So what’s the fix? According to Prince, CloudFlare is at least part of it.
“Hosting providers – we don’t pay them, they don’t pay us. But their operations guys love us because we solve big problems and buy them time.”
To that end, Prince relates the story of a recent Apache vulnerability. While sites around the world were sitting unprotected, CloudFlare rolled out the patch within two hours. So, for a site running Apache behind CloudFlare, it would have been perfectly safe. Time was made for the engineers to fix the problem, while making certain that the site was protected.
It’s the same story with SSL. With CloudFlare, enabling it is as simple as designating a subdomain with a click (that is if you’ve set up your SSL on a separate subdomain initially). Prince tells me that CloudFlare is working on ways to make SSL even easier, in hopes of providing an even better option in the future.
These are just a few of the ways in which things are broken right now, and yet we keep piling on “fixes” that are missing the critical aspect of being a catalyst. That catalyst effect is crucial because we need temporary solutions to the problems that don’t change the problems themselves.
The entire CloudFlare story reminds me that there are many more opportunities for companies to make a healthy living by being the temporary fix to long-term problems. There’s a lot to be said for a service that simply buys time for issues to be resolved and CloudFlare has been doing this quite well.
In the interest of full disclosure, I’m a CloudFlare customer. But not a paying one. My websites both run on CloudFlare’s free offering because I’ve not seen the need to upgrade just yet. But I might soon, because as the company continues to evolve it’s making my life easier and I’m willing to pay for things that do that.