[X] My Assistant

I'm currently using HV as a guinea pig to try out Cloudflare. If you notice any changes in how HV performs, for better or worse, let me know. It will take up to 24 hours for the name servers to be updated, you can tell that they have updated for you if the IPs no longer resolve to 94.100.y.z.

If you can be arsed, also let me know how it performs with HTTPS.

Seems like it's country related. My ping improved and my t/s didn't drop or increase at all

Seems like it's country related. My ping improved and my t/s didn't drop or increase at all

Because Cloudflare is in Milan and is directly connetted to [peering.seabone.net] seabone.
If you tracert old hentaiverse or alt.hentaiverse you will se that the traffic is still routed through seabone, so as long as cloudflare's processing time is short enough you won't really see the difference since the routing is very similar.

This post has been edited by Sapo84: Feb 22 2017, 05:40

Also, I don't expect all 3.5m users to log in at once, and many will never log in again. If the numbers have to be pregenerated, they can be queued and allocated as people show up.

I don't think Tenb has physical access to the servers, and even if he has i do not think that they would allow him to plug a random USB into a server in a db centre.

Pregenerating and then uploading a huge file full of random bytes seems more realistic. Then again, I'll wait for the kill off of the IPB. 'tis about time

Much better ping than before, but t/s doesn't feel any different (about 3t/s).

C:\>ping hentaiverse.org

Pinging hentaiverse.org [2400:cb00:2048:1::6818:768] with 32 bytes of data:
Reply from 2400:cb00:2048:1::6818:768: time=10ms
Reply from 2400:cb00:2048:1::6818:768: time=10ms
Reply from 2400:cb00:2048:1::6818:768: time=10ms
Reply from 2400:cb00:2048:1::6818:768: time=10ms

Ping statistics for 2400:cb00:2048:1::6818:768:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 10ms, Maximum = 10ms, Average = 10ms

This post has been edited by Dammon: Feb 22 2017, 22:27

I don't think Tenb has physical access to the servers, and even if he has i do not think that they would allow him to plug a random USB into a server in a db centre.

I would have, but it's quite a long roundtrip. Not that having a source of "true" randomness is all that important in the grand scheme of things. The servers get plenty of seeding from the network traffic, so what you get from the PRNG is effectively indistinguishable from true random.

average 18ms.
It is faster... too fast!!

"Currently, CloudFlare essentially controls 11% of the 10k biggest websites, over 8% of the 100k biggest websites, and almost 5% of sites on the entire web. According to their own numbers from 2012, they had more traffic than several of the most popular sites and services on earth combined, and almost half the traffic of Facebook. It has only grown since. And unlike every other backbone provider and mitigation provider, they can read your traffic in plaintext, TLS or not." [Well, other CDNs can too.]

"Could you claim with a straight face that all this intercepted data isn't used by intelligence agencies, whether with CloudFlare's cooperation or not? It would be the perfect intelligence source, and the only way to have a guarantee that target sites will never start encrypting the data - after all, that's what they're expecting the service to do for them!"

"There's no proof they are connected to any governments as far as I know, but they have now become this standard thing that everyone enables because it's free, and the surveillance possibilities are _vast_, even worse than cookies/advertising IMO because there is almost no way to circumvent it as a normal end user." [Since Cloudflare, unlike some other CDNs, is aggressive about blocking proxies.]

vs

"We did extensive benchmarks several months ago and found CloudFlare to be the fastest or near the fastest in every metric (and is saving us $100's per month). It works fantastically well as a low-cost CDN, and yes CDN's have a lot of value to a lot of sites."


Well, I just want the users to be aware what the tradeoffs are. After all, it's their privacy that is at stake. One-stop shopping at a few big companies is easier than targeted intrusions at many smaller ones. And it's suspicious to me that Cloudflare serves things like ISIS chatrooms and doesn't get bothered about it much by the government. If mass data export is already part of their business model, how far down the pyramid of "evil" does it go?

Cloudflare is cheap. Maybe they're cheap because you're the product.

Realistically though.. there are over a hundred certificate authorities in the world. A rogue government could easily acquire a certificate for whatever they want, either by "convincing" them or just penetrating the CA's system. The only way to discover that would be using certificate pinning, which no one does, and even that only works if you manage to pin it before it's MITM'ed.

Yes, getting the private key for the "real" certificate would be less obvious, and it could possibly be easier to obtain that from Cloudflare than extracting it from a VM or a dedicated server, but if it's intelligence agencies you are worried about, it would be trivial to surreptitiously extract your private key from either of those with cooperation from the host - which is a requirement you already place on Cloudflare - and probably not particularly challenging even without it.

HTTPS really is not some final solution to protect your data from your government. It helps, certainly, but if you want to start throwing out baseless accusations, the CAs are just as likely to be compromised as Cloudflare.

That came up in the thread on [news.ycombinator.com] Hacker News.

I'd be the first to admit that the CA model is absolutely not a solution that works well overall[1], but regardless of that, it's very hard to get away with a non-targeted attack on TLS (eg. by compromising a CA). Only targeted attacks are really viable, dragnet surveillance is not.

The problem with the way CloudFlare breaks the trust model, is that it's broken for everybody - not just high-risk individuals in a targeted attack, but every single person that talks to a site going through CF. It's completely viable to do dragnet surveillance or modification without anybody realizing it, and this makes it a much bigger breach than the CA model.

A couple more tidbits from here,
[www.crimeflare.com] http://www.crimeflare.com/honeypot.html
- Matt Prince admits he was already in contact with the Department of Homeland Security in 2008, and selling them data,
- On his LinkedIn profile, he listed "Substantial work with government and law enforcement officials in the United States and abroad".

I'm not making accusations, for the most part, I'm looking at capabilities and likelihoods. For accusations, you need evidence, and that doesn't show up until years later. Microsoft was on board with Prism since 2007, and it wasn't leaked until 6 years later, as we well know.

HTTPS really is not some final solution to protect your data from your government.

Shhh! You'll scare all the non-savvy people who believe that the padlock protects them from everything!

The guy founded Project Honeypot, and then he set up a CDN that's infamous for providing low-cost, in fact, free, services to sites like credit card fraudsters. You really don't think that's indicative? You can see how he thinks. Understand the man. He doesn't identify with the criminals, he's not trying to help them.

And there is the question of the gap. How are Cloudflare able to sell their amazing package of services so far below the prices of their competitors, and why doesn't anybody compete at the same price? Cloudflare don't have access to any special technology that no-one else does. The notion that they are being subsidized with taxpayers' money fits perfectly. It is not an accusation. I can still damn well say, how about it?

People were making our dragnet surveillance harder, how can we get them to stop? We have literally billions of dollars to spend on it, but how can we best use them to that end?

dsfargeg

If you really think terrorists want your porn game logs , wait until you see this [news.ycombinator.com] https://news.ycombinator.com/item?id=13718752

This post has been edited by qw3rty67: Feb 24 2017, 08:53

I'm not sure how many $5000+ enterprise packages Cloudflare sells, but it's certainly not "free" past the hobbyist segment.

Conspiracy theories aside, the problems they solve are easily worth the hypothetical decrease in privacy. For one, especially with the rise of IoT, stuff like DDoS mitigation is starting to become unfeasible for companies that don't have Google or Amazon level of resources. Sure it would be nice to have a few dozen anycasted locations of our own with the necessary terabit of aggregated bandwidth, but that's not really realistic.

Edit: I read through the incident report from the link above, and while the actual impact seems to have been minimal, it's obviously not ideal. It was however fixed the day before our switchover.

Average 137ms ping on hentaiverse.org, 301ms ping on alt.hentaiverse.org
South Korea here.

But some of other South Korean users suffered unusual delay, about 0.5 turn/s. Maybe related to time zone when they played, but not sure.



edit : I suffered delay too(normally 2t/s -> under 1t/s), and checked ping again.
Average 260~270ms ping on hentaiverse.org, but lost ping happened(1/100 try)
For alt server, everything was same.
Each ping test was done by written time/edited time.

This post has been edited by aided: Feb 24 2017, 20:28

I fiddle around some with distributed architectures and replication in my day job. Eventual consistency is... weird. I wonder if you affix players to "play" nodes, tied by just a persistence cookie, sharing a common HV message bus/database/blob/something. Depending on your latency, throughput, and replication in backend stores, must've been a kinda fun project.

No noticeable change here, but well, Long Beach is Long Beach. All I can really say is that learning from H@H, you have an idea of the essentials for distributed content shares.

This post has been edited by magwitch: Feb 24 2017, 19:45

maybe this can be more useful?

C:\>tracert hentaiverse.org

Tracing route to hentaiverse.org [104.24.8.104]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 192.168.0.1
2 <1 ms 1 ms <1 ms {Building's router}
3 <1 ms 1 ms <1 ms {Building's router}
4 1 ms 1 ms 1 ms {Local IP}
5 <1 ms 1 ms 1 ms 10.6.0.10
6 1 ms 1 ms 1 ms 10.6.0.12
7 1 ms 1 ms 1 ms 10.2.0.10
8 1 ms 1 ms 1 ms 10.2.0.2
9 1 ms 1 ms 1 ms 221.147.64.57
10 * * * Request timed out.
11 1 ms 1 ms 1 ms 112.188.52.193
12 3 ms 3 ms 3 ms 112.174.19.45
13 2 ms 2 ms 2 ms 112.174.34.142
14 1 ms 1 ms 2 ms 112.174.93.241
15 2 ms 2 ms 2 ms 112.174.83.206
16 137 ms 137 ms 137 ms 112.174.87.62
17 138 ms 138 ms 138 ms 141.101.72.252
18 137 ms 137 ms 137 ms 104.24.8.104

Trace complete.

C:\>tracert alt.hentaiverse.org

Tracing route to alt.hentaiverse.org [81.171.14.120]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 192.168.0.1
2 <1 ms 1 ms 1 ms {Building's router}
3 <1 ms 1 ms 1 ms {Building's router}
4 2 ms 1 ms 1 ms {Local IP}
5 <1 ms 1 ms 1 ms 10.6.0.10
6 1 ms 1 ms 1 ms 10.6.0.12
7 22 ms 24 ms 22 ms 10.2.0.10
8 39 ms 37 ms 39 ms 10.2.0.2
9 28 ms 28 ms 28 ms 221.147.64.57
10 * * * Request timed out.
11 40 ms 52 ms 41 ms 112.188.52.193
12 47 ms 7 ms 42 ms 112.174.19.41
13 28 ms 29 ms 31 ms 112.174.8.130
14 26 ms 26 ms 24 ms 112.174.83.110
15 175 ms 174 ms 174 ms 112.174.87.154
16 170 ms 175 ms 173 ms pax-ms1.us.leaseweb.net [198.32.176.205]
17 * * * Request timed out.
18 205 ms 205 ms 205 ms te-3-1.bb02.wdc-01.leaseweb.net [31.31.34.87]
19 * * * Request timed out.
20 287 ms 285 ms 286 ms xe-2-0-2.br01.ams-01.nl.leaseweb.net [31.31.38.63]
21 * * * Request timed out.
22 300 ms 299 ms 299 ms po-1003.ce02.ams-01.nl.leaseweb.net [37.48.95.201]
23 301 ms 301 ms 303 ms 81.171.14.120

Trace complete.



ps. for http and https, https was slower(about 10-15%? by feeling)

This post has been edited by aided: Feb 24 2017, 21:40

[news.ycombinator.com] https://news.ycombinator.com/item?id=13718752

Easily countered:
[en.wikipedia.org] https://en.wikipedia.org/wiki/Secure_Remote...ssword_protocol

The ping to hentaiverse.org is now about 150ms for me, lowered from 290~330ms.

But the actual game response seems still be over 300ms. And rush high more often than previous.

This post has been edited by morineko: Feb 24 2017, 22:08

More cloudflare: [security.stackexchange.com] http://security.stackexchange.com/question...-bug-cloudbleed

(tiap also dumped one of these in the tech chat)

Use the alt link?

Longer-term I'm planning on slowing down HV "turns" to the point where latency shouldn't be an issue, but obviously that requires a fairly substantial rebalancing to make sure everything doesn't just take four times longer to do.

Yes,Use the alt link.
However the operation is slower than the communication speed.

If there is a plan to fix it, I will endure for a while.

Is it possible that add actual US servers into HV server group?
It seems most players get lowered latency to the CDN server.