Tell HN: docker pull fails in spain due to football cloudflare block

Posted by littlecranky67 13 hours ago

I just spent 1h+ debugging why my locally-hosted gitlab runner would fail to create pipelines. The gitlab job output would just display weird TLS errors when trying to pull a docker images. After debugging gitlab and the runner, I realized after a while I could not even run "docker pull <image>" on my machine as root:

> error pulling image configuration: download failed after attempts=6: tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match docker-images-prod.6aa30f8b08e16409b46e0173d6de2f56.r2.cloudflarestorage.com

First blaming tailscale, dns configuration and all other stuff. Until I just copied that above URL into my browser on my laptop, and received a website banner:

> El acceso a la presente dirección IP ha sido bloqueado en cumplimiento de lo dispuesto en la Sentencia de 18 de diciembre de 2024, dictada por el Juzgado de lo Mercantil nº 6 de Barcelona en el marco del procedimiento ordinario (Materia mercantil art. 249.1.4)-1005/2024-H instado por la Liga Nacional de Fútbol Profesional y por Telefónica Audiovisual Digital, S.L.U. https://www.laliga.com/noticias/nota-informativa-en-relacion-con-el-bloqueo-de-ips-durante-las-ultimas-jornadas-de-laliga-ea-sports-vinculadas-a-las-practicas-ilegales-de-cloudflare

For those non-spanish speakers: It means there is football match on, and during that time that specific host is blocked. This is just plain madness. I guess that means my gitlab pipelines will not run when football is on. Thank you, Spain.

631 points | 247 commentspage 5

Myzel394 7 hours ago|

Just use a VPN

anthk 11 hours ago||

CF could just sue LaLiga and the judge as interrupting and intercepting telecomms it's a really serious crime in Spain. Call the AEPD too because of consumers' right against both ISP and LaLiga's snooping. Another huge fine.

This is not an issue under the civil code (civilian issues), but something to be dealt under penal (criminal) code.

In Spanish

https://www.fiscal.es/memorias/memoria2020/FISCALIA_SITE/rec...

Oh, and BTW, LaLiga has just partnered with a CF rival.

Now CF can just sue both like hell because of unfair competition:

https://nitter.tiekoetter.com/xataka/status/2042658662850724...

quadrifoliate 11 hours ago||

Looks like they already tried to appeal the block, and lost:

https://x.com/jaumepons/status/1904906677335245294

buzer 9 hours ago||

They could potentially file the suit against Spain in European Court of Human Rights if they have exhausted national remedies. ECtHR has previously ruled some blocks to be illegal, but generally in the context where country sought the ban. Of course in both cases Court is the one that actually orders the ban.

One relevant would be Yildirim v. Turkey where court ordered blocking access to all Google sites because there was one that where someone insulted the memory of Atatürk. This was due to request from Telecommunications Directorate. This then caused the appellant's website to get blocked as well.

Another one would be Vladimir Kharitonov v. Russia.

prmoustache 11 hours ago||

I think they are doing it already.

anthk 11 hours ago||

Yea, La Liga it's crapping out as always. Docker needs either some I2P gateway, or a Tor service.

fc417fc802 6 hours ago|

The pirate streams need an I2P service that way LaLiga might give up.

mschuster91 7 hours ago||

Cloudflare could resolve this without negatively impacting fundamental services... just place all newly registered sites (e.g. <30 days) on a dedicated block of IP addresses. That way, Spain's government-ordered censorship could be limited to (mostly) pirate sites. Or they could invest money in vetting customers properly.

But of course, Cloudflare rather prefers to hold their actual large customers (who don't have much of an alternative to CF) and everyday Spaniard users hostage.

fc417fc802 6 hours ago|

What would prevent a pirate site operator from registering a domain a few months in advance and sitting on it in the meantime?

How do you propose customers ought to be vetted? Why should a host be expected to take on the duties of a hall monitor? Isn't that the judiciary's job?

I think it is actually Spain using their residents as hostages in an attempt to extort Cloudflare and other large providers. The current situation is best described as blatantly corrupt regulatory capture.

mschuster91 4 hours ago||

> What would prevent a pirate site operator from registering a domain a few months in advance and sitting on it in the meantime?

It's driving up the cost and expenses. Operators of legitimate sites don't have to worry during that probation time about anything with the exception of customers in Spain during LL match hours.

LL has ~10 matches / weekend (Fri/Sat/Sun/Mon), that means pirates have to have about 40 domains/CF integrations per month plus more in standby - and more, for longer probation periods.

> How do you propose customers ought to be vetted?

I dunno... stuff like basic KYC measures would be a good start. Copies of ID cards. Government business licenses. Private entities (credit bureaus). Even phone number verification is a serious hurdle for malicious actors, and it ties activities to real world identities that can be held accountable.

Dangerous stuff (e.g. streaming) could only be made available upon a security deposit.

> Why should a host be expected to take on the duties of a hall monitor? Isn't that the judiciary's job?

No, and that we let ISPs get away with ignoring abuse@ emails is part of why the Internet is such a nasty place these days. You need a license to drive a car on public roads, you need an expensive license to fly a small plane, and you need a goddamn massively expensive license to fly a widebody aircraft. So why shouldn't you need to pass some set of verification before you get access to inarguably the Internet's most powerful data pipes?

fc417fc802 2 hours ago||

> It's driving up the cost and expenses.

That's an interesting point. Are their margins so slim that they can't afford less than ~$50 per domain? I'm not familiar with their revenue model.

This is the sort of thing that could be done via the legislature if Spain were serious and playing by the rules. They could require ISPs to do DNS filtering based on domain age during matches. If they really wanted to do service level filtering they could require hosts such as CF to perform geoblocking in a similar manner during matches.

> Dangerous stuff (e.g. streaming) could only be made available upon a security deposit.

Let's set aside for a moment that I think this suggestion is completely absurd. Are these sites using some prepackaged streaming solution? Do you not realize that I can stream video from any machine using software I control? To an approximation the only thing required to scale streaming up to lots of customers is raw bandwidth. If you don't accommodate seeking you can potentially serve thousands of simultaneous streams with a single cheap VPS (in practice this won't work because a cheap VPS won't have a 100 Gbit pipe).

> So why shouldn't you need to pass some set of verification

Since when have you needed a license or verification to publish? You're acting as though a global impressum requirement is the natural state of affairs. Your demand is an affront to free society.

> we let ISPs get away with ignoring abuse@ emails

That seems like an entirely separate matter, if it's even true at all.

> No

Ah yes, a rousing argument. Obviously you must be correct.

You've failed to make a convincing case as to why deciding what is and isn't permissible isn't the job of the judiciary. If Spain wants to change that then they need to pass laws to that effect but in practice those won't have global reach. Thus they might (for example) engage in international lobbying efforts to incorporate a DMCA equivalent for illegal streaming into the global copyright regime.

Failing the above it is Spain that is in the wrong here and I'm happy to see that CF isn't going along with their overbearing and entirely unreasonable nonsense.

dmitrygr 8 hours ago||

The last sentence of this submission makes no sense. You are in Spain. Allegedly, the country has a representative government. That means that you should have a way to influence the government to fix this idiocy. If, in fact, you don’t, then it is not a representative government and …ahem… further steps may be warranted to remind the government whom they work for.

breppp 9 hours ago||

Vote early, vote often

lofaszvanitt 9 hours ago||

Good. Cloudflare is the next evil entity on the internet.

richwater 10 hours ago||

Spain is a failing country. Their economy is in shambles and the government has ceded internet control to a private corporation who runs football games.

gruez 9 hours ago||

>Their economy is in shambles

But it's among the fastest growing in the EU? Granted, part of this is starting from a low base, but it's hardly "in shambles"

https://data.worldbank.org/indicator/NY.GDP.PCAP.KD.ZG?locat...

nslsm 8 hours ago||

They are doing this by artificially inflating the numbers, destroying the country forever: https://i.imgur.com/0MAeFaF.jpg

gruez 8 hours ago||

>total population change in EU countries

The figures I cited are for GDP per capita, which accounts for population growth. Moreover immigration should have the opposite effect of depressing per-capita GDP, because immigrants typically take lower skilled jobs, dragging overall productivity down. So if anything, the figures are artificially depressed, not inflated.

hunterpayne 26 minutes ago||

You should read down that table a bit. Sure the Spanish economy had higher growth rates the last couple of years. The way they managed to have a higher rate was to have the economy shrink by 8% in 2023. So according to my math, the estimated size of the Spanish economy in 2026 is about the same as the 2023 Spanish economy (within 1%). Hard to claim that as a win.

Technically you can say that they have been in a depression for the last 4 years and counting as their functional growth rate (accounting for inflation of the Euro) is negative over that period (down about 10% inflation adjusted).

embedding-shape 9 hours ago|||

Spain isn't a perfect country, I don't think any is. But the economy isn't in shambles, only someone who doesn't know what they're talking about would say anything like that. It does suck that La Liga can wield so much power, agree, but this is not related to the economy at all...

hunterpayne 23 minutes ago||

Sorry, but this isn't true. The Spanish economy shrank by 8% in 2023. So all those gains in the last couple of years are just catching up to 2023 and not actual growth. Add in inflation and the average Spaniard has lost 10% of their income over that period (2023-now). The median citizen losing 10% of their income in real economic terms does qualify for the vaunted "shambles" title.

chrz 4 hours ago|||

Are you spanish and never went to another country? I only heard such things from never-stop complaining locals that never traveled anywhere. Yeah La Liga is a religion here, but Spain is one of the worlds top of life quality mate

estebank 9 hours ago||

To note that this isn't the executive or legislative but the judiciary doing the bidding.

r2vcap 5 hours ago|

[dead]

More comments...