Yeah I'm sure one day it will transpire Cloudflare is affliated with intelligence agencies too. The solution to a "sudden DDoS" is to put their website behind Cloudflare. Wonder who can do those sudden attacks?
That’s been my pet theory from day 1, and not because of DDoS. Simply because they are the SSL terminator for most of the internet and can see anything going on in cleartext (and I’ve seen them protecting some shady stuff)
I recall a PRISM slide showing the diagram of Google and the public internet, with a big arrow on GFE saying, quote, “SSL added and removed here! :-)”
If NSA aren’t installed at Cloudflare, I wonder what they are even doing.
Sorry for necro-replying, but assuming you're talking about cloudflare they already do.
They took down KF (which is hosted in the US, so seemingly to be legal), but have always allowed everything from sites dedicated to livestreaming animal abuse to ISIS-affiliates hosting beheading videos (both which AFAIK is illegal).
Well, we kind of can, given that "SSL added and removed here :-)" was a pretty explicit workaround to the issue of encrypted communications in Google's infrastructure, just not between sites (IIRC).
Either way, if they were directly colluding with Google, they would have had a much simpler time siphoning off that data.
It's within the realm of possibility that NSA is collecting data with Cloudflare's consent. It seems unlikely that Cloudflare would jeopardize their entire business model over it. Unlike other companies in the leaked NSA slides that participated in PRISM, Cloudflare would face a near-total loss of customers. Their entire value proposition is being an unobtrusive traffic intermediary.
Within the realm of possibility? Let's be honest, if you are a top NSA executive and you couldn't find a way to get your hands on Cloudflare's private keys (bribing or threatening the right person), you are not getting your Christmas bonus.
It is of course inconceivable that the NSA do not have the private keys for dozens of browser trusted certificate authorities
That nonetheless doesn't help them unless they are doing active MITM. In order to do that they'd have to have at least some physical presence at Cloudflare or on the path to Cloudflare.
I mean, it is the CIA, but if you encrypt it before it leaves the box, and you're decent good with the key material, how are they going to get at it? Tapping the fiber then gets them encrypted flows, which isn't nothing, but, well, it would be surprising if they had access to the clear text.
Room 641A [1] would be an example of just renting a room in the DC, making it look as boring and nondescript as possible, tap the fiber lines and send a copy of all data to that room
That requires cooperation from a couple people at the company. People that could do it for "patriotic duty", be payed off, simply be coerced, or be replaced by NSA agents (I wonder how many cloudflare employees are NSA plants?). If you want to go even more low-profile, tap the fiber lines a block further down outside the cloudflare PoP and use one of the above techniques to get the key material
Even if it takes the NSA a decade to get an NSA agent hired and moved up in the organization until they have a vector to extract private keys that's still an incredible return on investment
The difference is AT&T didn't publicly make statements that they didn't know about Room 641A and that they weren't helping the NSA. Google's response to PRISM was much more aggressive, and in the wake of the MUSCULAR tapping revelations, Google stepped up their encryption. I haven't worked at Cloudflare but I have worked at Google, so I can't speak to Cloudflare's internal company culture but I can say that Google was not happy about the NSA tapping their fibre.
> Unlike other companies in the leaked NSA slides that participated in PRISM, Cloudflare would face a near-total loss of customers
People didn’t care when they learned about PRISM, why would they care now when it’s a known fact? The sane stance would be to assume Cloudflare is in cahoots with NSA.
All the companies involved in PRISM made public statements saying they ceased participation. Google undertook a costly initiative to add encrypted connections over their datacenter circuits. The NSA leaks were a forcing function that led to a massive uptake of encryption. Up until that point it was common for websites to support only HTTP.
The NSA leaks dominated news cycles for the entirety of 2013.
> All the companies involved in PRISM made public statements saying they ceased participation. Google undertook a costly initiative to add encrypted connections over their datacenter circuits
This is as helpful as Whatsapp's so called E2E encryption comms (that just happens to not be applicable by default in certain situations).
Backups are not encrypted by default. It just takes a single person on the other side of the chat not enabling e2e for your messages to be readable.
Meta data is also not encrypted. Your messaging graph is known to Whatsapp including message timestamps.
Also, IIRC, they (Meta) could also partially bypass the e2e (they can't access past messages but they can receive future messages) without you noticing (unless you have certain settings on whatsapp enabled, settings most people don't even know they exist).
The new feature of sharing past messages with new arrivals to a group also further widens the potential scope of messages leaking.
And it is very difficult to back them up anywhere other than a secret bucket at Google
Also they say messages are E2E encrypted. I don't recall that page saying anything about what happens at rest. Presumably the Meta AI will have, or already has access to them.
but you can also see from curl or traceroute, that the endpoint you talked to was a cloudflare ip and your ssl ended there. after that you can't see inside cloudflare.
Most modern booters are not maintaining public websites that could be the object of DDoS attacks. They're renting residential IP addresses from free VPN users.
Yeah, their origin is a story of absolute incredible luck. Cloudflare came out of nowhere and suddenly massive sites with huge user bases around the world, including places like 4chan, were getting DDoSed. Then they immediately announce that they transitioned to Cloudflare. Hell of a lucky time to make a company that the entire internet suddenly became absolutely dependent on.
The funny thing about that era is you knew they started using Cloudflare because they went from stable with constant uptime to going down and showing a Cloudflare banner randomly all the time for a good year or so. They ran worse with Cloudflare than they did while they were allegedly getting DDoSed. The whole company glows, as the late great HN commenter Terry Davis would've said.
Am i the only one that actually remembers this time period? It wasn’t that long ago. The confidence of your assertion is completely misplaced. I remember exactly where i was when I first read about CF, on launch day. DDoS attacks were CERTAINLY a big issue before Cloudflare came along. A whole lot of script kiddie energy was poured into them. LHC? Slowloris? IRC C2? This wasn’t niche stuff. That’s why I remember the CF launch, because I and everyone else knew that it was a big deal, given what the landscape had been for quite some time. Sorry if you personally didn’t have your finger on the pulse for whatever reason, but this was far from a niche issue, even for big sites / usual targets like 4chan.
I was there and recalled there being occasional script kiddy DDoS attacks here and there. But the uptime when being attacked was still much, much better than the first 1-2 years of actually using Cloudflare.
"I wrote all the code from scratch, including a 20,000 line of code compiler that makes x86_64 machine code from HolyC or Asm and operates AOT and JIT.
My JIT mode is not interpreted. It optimizes and compiles to x86_64 machine code.
I was chosen by God because I am the best programmer on the planet and God boosted my IQ with divine intellect." -Terry A Davis.
I think OpenAI will try and continue this elsewhere, which would be pretty worrying. It lets them not give up any equity, just use their name to pump stocks and earn capital.
I don't know why Bloomberg TV are asking where this money comes from for OpenAI. It comes from the AMD stock holders. If the AMD stock pumps then OpenAI gets free money to buy more, without giving up equity. If it doesn't then OpenAI just walk away.
specifically, it's coming from new AMD stock holders that are buying shares at much higher than current prices. And those shareholders are buying a company that they value more because AMD is better positioned in the LLM market because of the side effects of the OpenAI integration.
Existing AMD shareholders are getting a great deal; their shares are worth 30% more today and will be worth 5X more if OpenAI gets to use their option. Yes, there is some dilution for existing shareholders, but only after a 5X gain.
OpenAI basically self financed the buying of tens of billions of dollars of GPUs by increasing the enterprise value of AMD, and taking a cut of that. And the increase in value is not just the announcement, but the integration work needed to make AMD GPUs as good as Nvidia for inference.
They are getting a meaningless deal unless they can nearly triple their market value from here. Sam isn't buying AMD shares for more than a penny, what should we value it at?
Sam doesn't get to buy AMD shares for a penny unless it reaches a certain threshold (not sure if those details are public, but I read 3-5X last week's price in these threads). It's common in these deals to have these thresholds for options.
>Existing AMD shareholders are getting a great deal; their shares are worth 30% more today and will be worth 5X more if OpenAI gets to use their option. Yes, there is some dilution for existing shareholders, but only after a 5X gain.
So if I read this right then an existing shareholder benefits up to the point where AMD stock reaches the $600/shr level and after that it becomes a dilution.
For the maximum benefit to existing shareholders, the stock price must get near $600/shr and if that looks unlikely they should consider other investments on less speculative terms. This whole AI thing feels like I'm watching the soapy fluid flow along the bubble exterior to form a droplet of soap on the bottom, thinning and weakening the bubble until it pops due to fluid film rupture at the top of the bubble as the droplet leaks away due to gravity.
OpenAI is supposed to be buying something like $100 billion of chips from AMD. On top of the hundreds of billions to like five other companies for AI chips and other compute. Where do those several hundred billions come from? That's the question being asked here.
Not all of the $100 billion are purchases by OpenAI ("AMD expects to receive more than $100 billion in new revenue over four years from OpenAI and other customers").
For some reason the OpenAI portion of this deal is quoted in gigawatts rather than number of MI450s purchased, which makes it hard to tell how much of that $100 billion is from OpenAI. It's probably around $80 billion.
Just the 1st tranche of shares would be like $6 billion at $220 so if they borrow against that they can fund it. If the hype continues they keep it going
