machination.org

Current status: Living and working in a ecocidal necrostate.

This household has had to fight off something right up to the end of the year. Good riddance 2025, except for every moment The Childe has grown up through and past… too fast.

Today I have a family gathering but it may also need to be a day for de-conflicting local git repositories and iCloud and some dumb things that happened by accident with 2 laptops in play. It is helpful to have a project to go heads-down on, separate from both local and remote obligations.

Remember when end-of-year emails from your services were novel and useful? Yeah, I’m not sure I do either…

Happy Solstice! ☀️🌏

Today’s Cloudflare outage illuminates another infrastructure dependency we’ve sleepwalked into: defensive consolidation. Sites adopt Cloudflare not for performance but survival, protection from the automated scraping that feeds AI systems and other bots that now dwarf human traffic.

In defending against automated consumption, most hand control to intermediaries. When Cloudflare stumbled this morning, some sites that delegated DNS entirely couldn’t even disable Cloudflare to restore access. The protection became a jail.

Once again, this isn’t inherently about Cloudflare.

It’s about thoughtful defense architecture versus reactive adoption. The question isn’t only whether to use these services but how to use them while retaining agency.

Before reaching for the CDN, consider the actual threat. Is it sustained abuse or periodic spikes? Are you conflating high traffic with hostile traffic? A statically generated site, if otherwise practical, might simply weather the storm. Rate limiting at your application layer might suffice. Sometimes vertical scaling costs less than the complexity you’re adding (Cloudflare makes it free or cheap for small endeavors, so once again it depends on how you value things and what you can afford).

When you do need stronger defenses, maintain your exits. Keep authoritative DNS separate from your CDN provider. Use CNAMEs, not full delegation. It is too easy to hand over the DNS keys, especially for a simple web site, but this is like a reverse mortgage on your house. Maintain an origin subdomain for direct access. Document your configuration outside your provider’s walled garden. _Test your ability to redirect traffic _ away from your protector.

I’ve found a lot of the kinds of efforts I’ve worked with can get by with fairly humble technical solutions, and commodified technical solutions can do well by them (I worked on, and owned the end-of-life of a platform that was essentially commodified). It still requires having a person on hand who understands what is being paid for and can take ownership of different circumstances that arise, adapt, and when surprised, learn and iterate.

At the very least, consider whether solutions for immediate problems are worth ceding control. In some cases, sure. But if you didn’t even have the resources on hand to intentionally make the choices and if the results caused unexpected pain, start looking for resources that understand the Internet, value lean and independent development, and are interested in what you do and what you need and can interrogate you and the technologies within reach to find an informed and suitable match.

Did I mention that I am, like everyone, looking for new work?

I might become a decent writer if I put as much effort into composing and finishing prose in private as I did in venting it off as stream of consciousness to a couple of poor victims I portray as friends. Instead, it gets vented there (and sometimes cribbed for here) and I don’t feel the urge to revisit and work it further.

Yesterday’s AWS outage reinforces an old truth: the cloud is—oversimplified but not wrong—someone else’s computer.

This isn’t an argument against cloud adoption. It’s about trust distribution and control boundaries. How much faith do you place in a single provider, how much can you afford to take advantage of their redundancies—or can you afford not to? What’s beyond your control regardless of SLAs? What do those SLAs actually mean? Are you hedging those bets?

The pattern looks familiar: numerous organizations, despite apparent diversity in their offerings, seem to have concentrated their infrastructure in AWS US-East-1. No real surprise. What’s telling is (based on reporting to date) the apparent lack of tested multi-region failover capabilities. When this reportedly DNS-originated incident hit, rapid adaptation failed—if it even existed.

I don’t operate at hyperscale. I am a web developer who evolved through digital professional services into a technology manager. My experience comes from managing other technologists, engineers, and vendors for what was, in terms of staffing a larger medium-sized business where our budget probably couldn’t match what these tech giants spend on toilet paper. Yet we maintained business continuity—for a 24/7 crisis line—through outages. When any cloud component failed, whether SaaS platforms or our AWS deployments, we retained operational capability through alternative pathways, including fallback to “pre-cloud” configurations.

Our teams' recovery strategy addressed both RTO and RPO intuitively, before we knew what those terms were. We identified single points of failure, built redundancy where cost-effective, and accepted calculated risks elsewhere. Most importantly, we tested these failover procedures regularly.

This sounds like common sense. Experience suggests otherwise.

If your organization needs someone who treats information systems and infrastructure as a product serving your team, someone who speaks plainly and pragmatically about availability, threat models, and builds contingency plans that actually meet reality, especially if you’re trying to make the world a better place, I am interested.

I’ve been thinking about the news lately. (That’s a true statement most days of the week, most weeks of the year.)

I’ve been thinking about Jerry of Ben & Jerry’s quitting, because of speech restrictions from Unilever, Ben & Jerry’s parent company.

I’ve been thinking about all the backlash on people who mostly either tried to counter the hagiography of Charlie Kirk or perhaps were venting less tactfully (I’ve been known to).

I’ve been thinking about one of my grandfathers — I’ve mentioned him before in the open air of the Internet: The one who is a veteran of the Battle of the Bulge, who really fought real Nazis. A conservative, a believer in freedom. I think also, like many veterans of that and other wars, he came out of World War II an atheist. (He went in a Quaker, one of the more conservative “programmed” variety, like Nixon.)

He was also a dairy farmer, part of a dairy co-op that supplied Ben & Jerry’s (well before the Unilever acquisition). I do not know what he thought about the hippies making and selling ice cream all over New England and Upstate New York, but I know he didn’t mind eating it or selling to them. (Conversely, Ben and Jerry had to know all these family dairies their milk came from weren’t exactly communes.)

I know he didn’t mind their speech. I know this because when I grew into a teenager, I took positions against what I considered abuses of authority in my small world—positions he wouldn’t take himself. And I got in trouble for them.

And he spoke up in my defense.

“What did I fight for?” my mother has quoted him from that time.

What did he fight for, I wonder. Most days of the week. Most weeks of the year.

And especially today.

The climate crisis, slow-roll-WWIII, no better than band-aids on the social safety net between axe swings at it, and a duopoly political system oscillating between making it all happen or doing nothing people actually need to stop it, and an economy teetering on realizing it.

Imagine, in terms of the kinds of things being cut in proposed House and Senate GOP budget bills, what we could pay for already (accepting ludicrous premises) if we just weren’t flying all those KC-135s and C-17s constantly at $20k+/hour/plane re: Israel/Iran. Or you know, the fucking parade.