Bonum Certa Men Certa

Clownflare (Cloudflare) and the 'Ecosystem' It Wants to Replace

posted by Roy Schestowitz on Apr 22, 2026,
updated Apr 22, 2026

"Vercel & Next.JS Hacked - Nothing New to Report"

Matt Mullenweg
Author: Ronny Siegel

Clownflare has long been in debt and has long lost money. We've written about this for nearly a decade already. Like many other American "tech giants", it deems it normal to keep losing money as long as some "shareholders" (or lenders) bear the loss at personal risk. They hope for a turnaround or "conversion" one day.

Recently, Clownflare made a move that we deemed to be an attack on WordPress (trying to replace WordPress with its own software in many millions of Web sites). See, the Clownflare aspirations of becoming a 'packet titan' or CDN giant (swallowing the Net's traffic, not just the Web) go further up the stack. Next up: JavaScript/Web browsers? The CMS?

"Hi Dr. & Mrs. Schestowitz," a reader recently told us, letting us know something we've not heard about because we generally dislike and try to avoid JavaScript. "Not sure if this crossed your radar during y'all are on a well deserved sabbatical and retreat — or at least the slowdown — but Vercel and Next.js were recently compromised in a significant supply chain attack. The incident, covered by SecurityWeek, involved attackers gaining access to Vercel's infrastructure in a way that raises serious questions about the integrity of the broader Next.js supply chain - the kind of attack that can silently poison downstream end users who have no idea anything is wrong."

We're not going to suggest this attack was in any way coordinated to weaken or discredit the original, but it sounds familiar in light of what happened to GitHub alternatives at critical times (DDoS attacks).

"What makes the timing especially worth noting," said the reader, is that "we literally just co-published coverage of the Next.js slopfork that Cloudflare put out - Vinext — like a few DAYS ago."

We did indeed. That was about a month ago.

"It's a strange moment to have both pieces land so close together, and together they paint a fairly unsettling picture of the Next.js and React ecosystem right now. On one hand, you have a major cloud vendor essentially forking and rebranding a popular framework with minimal transparency or attribution with ethically ambiguous tools. On the other, you have the original framework's steward - Vercel itself - getting compromised nonstop. Neither story reflects well on either of the projects, and together they raise serious questions about whether the ecosystem has the governance and security posture that its widespread adoption demands. It may be time for the FLOSS community to collectively move on from React and coordinate a migration toward more community-aligned alternatives - like Svelte or SolidJS - that haven't been compromised at their foundation. I'm talking about the same kind of collective push to abandon this pseudo-"open-core," oligopoly driven framework - the same way many of us have already distanced ourselves from things like GitHub (under Microslop) and other BSL/SSPL licensed projects for the betterment of society."

"This feels squarely in your wheelhouse — it touches on corporate stewardship of FLOSS projects, the risks of centralized infrastructure in what many treat as a "community" framework, and the broader tension between venture-backed 'open source' and the trustworthiness users implicitly extend to it. I'd be curious whether you see this as part of a larger pattern you've been tracking, or whether the supply chain angle opens up a new thread worth pulling on - do you see a solution to this?"

In 2022 we began developing our own SSG so that we depend on no vendor with self-serving interests (like Automattic) and instead choose our own destiny though depending on Perl libraries/modules.

All those so-called 'ecosystems' - a term that RMS has long objected to - are nothing but giant risks. They let other entities pull their users in their own direction, like Windows users being subjected to lots of slop by Microslop.

Computer security is not the only risk here; it's complicated.

"Both Svelte and SolidJS have received significant donations from Vercel," we got told, "and SolidJS has taken money from Cloudflare as well. The JavaScript ecosystem outside of entirely static sites is a case study in what happens to FLOSS when Big Tech gets its hooks in - almost funny, really, given that Silicon Valley was built on exactly this pattern: flashy frameworks that promise the world and perpetually under-deliver."

I began using WordPress in 2004 when the software was young and simple - still not much different from b2, which it was based on. Look at what has happened since then. WordPress, at least its back end, is bloated JavaScript that pulls in loads of dependencies and almost a thousand files (not a few dozens like a couple of decades ago).

WordPress and other "modern" Web 'frameworks' are undesirable for a plethora of legitimate reasons. That those bits of software gets scooped up by companies like Silver Lake (or get attacked by them) may seem inevitable. It can end up a disaster - an issue we've long cautioned about.

The aim of GAFAM or Clownflare (as a company, not a service) is to control everything and everyone. They want "captives", not communities.

Other Recent Techrights' Posts

Brett Wilson LLP is Downsizing, Apparently Closing Down the Oversized and Overpriced Office
Address changed 13 hours ago
The United States Lost Freedom of Speech
independence refers to a condition, not an activity
SLAPP Censorship - Part 127 Out of 200: Lawsuits by Americans Filed in the UK a Burden on British Taxpayers, No Way to Recover the Funds When Americans Lose Their Cases
Are Garrett and Graveley 'pulling a 4Chan'?
 
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, July 04, 2026
IRC logs for Saturday, July 04, 2026
Gemini Links 05/07/2026: Ragebaited and Removing Lines in Emacs
Links for the day
Links 05/07/2026: "Tesla Slams Into Crowded Cafe" and "ChatGPT [Turned] Into a Sociopath"
Links for the day
BRICS and Windows: All-Time Lows
Expect many more Microsoft layoffs in years to come
Do No Evil, Do Not DDoS
Sites that attract DDoS attacks because of their message are sites that are difficult to debunk or debate
France is Winning the Race Against Windows
France instructs, then orders, government agencies to adopt GNU/Linux
Not 2.5% and Not 2.5 Billion Dollars for "Hey Hi"; 2 Waves of Microsoft Layoffs Rumoured This Month, July 8th, Then July 22nd (Just Before 'Results')
People there join unions, knowing they will be terminated silently or otherwise
Microsoft Double Trouble With Slop
What does Microsoft even sell at this point?
Based on US Government Sites, GNU/Linux Has Reached About 8% "Market Share" in Desktops/Laptops
Culled to exclude mobile platforms, GNU/Linux would likely be above 8%
TheLayoff.com is Deleting Comments About IBM Offshoring
Meanwhile, rage-baiting Internet trolls and sometimes trolls who paste in LLM slop are immune from censorship
American Independence Needs Independent Media
The American regime's hostility towards media is an international problem
Techrights Was Always a Community Platform
Techrights is about whistleblowers
Phenomenal Growth for GNU/Linux in Afghanistan
This is impressive because for many years it was registered at near 0%
Daniel Pocock Pursuing Complaint in the United States Against Software in the Public Interest (SPI) et al
It seems like the only people who don't support him are those whom he criticises
Gemini Links 04/07/2026: Busy Squirrel, Independence Day Celebrations, PalmOS Programming
Links for the day
Canonical/Ubuntu is Breaking CP (cp) to Help Microsoft Turn Coreutils Into Proprietary Software for Windows
What we could do reliably in the 1970s (before GNU) we cannot do in 2026?
Free Software Has No Kings or CEOs
The kingdom is a cross-border phenomenon, so national flags and other such symbolism overlook the core problem [...] Free Software can help lead us out of the current imbalances
IBM Replacing the People Who Built IBM With Cheaper and Younger Staff, According to IBM Insiders
This is a very common sentiment in IBM
For USA 250 Microsoft is Messing With Our Minds (2.50%) to Distract From Mass Layoffs
The slopfarms contribute to this noise
"Defective by Design" Turns 20
DBD is still as relevant as ever (probably more relevant than ever before)
A Bicycle for the Feeble Mind, or How Computers Got Worse for Productivity (Intentionally)
Many of us still adopt and champion the "workstation" mentality
Links 04/07/2026: Microsoft Tax Haven (Evasion) Tactics, Tobacco Bans, and More
Links for the day
Links 04/07/2026: 2026 Old Computer Challenge and Trying Gopher
Links for the day
Links 04/07/2026: USMCA (Covering Software Patents) Might Not be Renewed, Slop Bros Try to Pay Weird Al to Endorse Their Scheme
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, July 03, 2026
IRC logs for Friday, July 03, 2026
Gemini Links 03/07/2026: Mindfulness Practice and "Slop Is Killing the Human Spirit"
Links for the day
Links 03/07/2026: Openwashing of Slop in "Linux" Clothing and "Happy Birthday, America"
Links for the day
John Been (reallinuxuser.com) May Have Crossed Over to the 'Dark Side' of LLM Slop
It 'smells' like it, a scanner seems to concur
Who or What is "Nadeko"?
Fijxu's services make life a lot easier for Free software sticklers
10 Years Since the World Lost Ian Murdock
My wife and I still use Debian, as does this site
No, Microsoft is Not Laying Off 5,000-6,000 But a Lot More
There are "buyouts", "PIPs" (silence layoffs), pink slips, and future waves, not counting subsidiaries and contractors
The Cyber Show's Andy and Helen Confronting 'Upgrades'
the latest from Andy and Helen
statCounter Sees Almost 1 in 10 Desktops or Laptops in Egypt as GNU/Linux Workstations
10% "market share" (for GNU/Linux) was nearly attained last month
The March of GNU/Linux in the Russian Ally, Belarus
record high for GNU/Linux in Belarus
Being Prevented From Accessing One's Own System Means Getting Locked Out, Not Security
a metaphor
Technology is Getting Objectively Worse and Less Reliable
Something went horribly wrong
FOSS Force 2026 Independence Drive Lacks Independence From GAFAM's 'Linux' Foundation
We're not trying to 'bash' FOSS Force
News That Matters, News That's Exclusive, and News LLM Slop Will Never Get Right
Churning out blog posts just for quantity's sake was never our goal
3/4 (Three-Quarter) of Requests Seen by statCounter (Originating From Desktops/Laptops) Deemed to be "Linux" in San Marino
74% Linux, it says...
The Linux Foundation Does Not Work for Linux, Definitely Not for Free Software
works for its biggest sponsors, i.e. companies like Microsoft, IBM, and others
Independence and Software Freedom
Much work remains to be done
The European Patent Office's (EPO) Crisis Week Ends Today, the Rest of the Year Will be EPO Staff on Strike
The outcome of the two-day meeting won't change the fact that EPO staff is on strike for the whole year
European Patent Office (EPO) Series: Operation Monte Titano: Micro-State Diplomacy
On 28th May 2026 EPO President António Campinos paid a visit to the Most Serene Republic of San Marino where he was received with full diplomatic honours
Links 03/07/2026: Slop "Isn’t Replacing Lawyers", "App Fatigue"
Links for the day
Statement on This Week's DDoS Attacks
DDoS attacks are not a "badge of honour". They are a nuisance.
Skinnerboxes as Health Problems and Impediments (Against Happiness)
skinnerboxes are a form of addiction
Costa Ricans' Adoption of GNU/Linux Reaches New Highs
Windows is doing poorly in general
British Women Don't Want to Work for American Men Who Attack American Women
"[g]reeting clients and preparing beverages"
Mass Layoff Event on June 30 at Red Hat? Let Us Know...
We are looking for more Red Hat whistleblowers
Gaming on Windows is in Trouble, XBox is Practically Dead Already
It seems increasingly clear that Microsoft wants to get rid of XBox
New Record for GNU/Linux in the World's Largest Muslim-Majority Population (287,983,025)
Will Indonesians leave GAFAM behind?
SLAPP Censorship - Part 126 Out of 200: Becoming More Aggressive Against Us Only Proves Us Right
the police involved
IBM Red Hat Kicks Out the Community, Promotes Slop
It has gotten so bad
The Register MS Covers "AI" Because It Gets Paid to
A lot of noise "in the news" about "AI" is paid-for trash
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, July 02, 2026
IRC logs for Thursday, July 02, 2026
Gemini Links 02/07/2026: OpenBGPD, Newt and OpenBSD, Indieweb Theme for Ghost
Links for the day