Today all that’s left of the ancient city of Semiyarka are a few low earthen mounds and some scattered artifacts, nearly hidden beneath the waving grasses of the Kazakh Steppe, a vast swath of grassland that stretches across northern Kazakhstan and into Russia. But recent surveys and excavations reveal that 3,500 years ago, this empty plain was a bustling city with a thriving metalworking industry, where nomadic herders and traders might have mingled with settled metalworkers and merchants.

Radivojevic and Lawrence stand on the site of Semiyarka. Credit: Peter J. Brown

Welcome to the City of Seven Ravines

University College of London archaeologist Miljana Radivojevic and her colleagues recently mapped the site with drones and geophysical surveys (like ground-penetrating radar, for example), tracing the layout of a 140-hectare city on the steppe in what’s now Kazakhstan.

The Bronze Age city once boasted rows of houses built on earthworks, a large central building, and a neighborhood of workshops where artisans smelted and cast bronze. From its windswept promontory, it held a commanding view of a narrow point in the Irtysh River valley, a strategic location that may have offered the city “control over movement along the river and valley bottom,” according to Radivojevic and her colleagues. That view inspired archaeologists’ name for the city: Semiyarka, or City of Seven Ravines.

Archaeologists have known about the site since the early 2000s, when the US Department of Defense declassified a set of photographs taken by its Corona spy satellite in 1972, when Kazakhstan was a part of the Soviet Union and the US was eager to see what was happening behind the Iron Curtain. Those photos captured the outlines of Semiyarka’s kilometer-long earthworks, but the recent surveys reveal that the Bronze Age city was much larger and much more interesting than anyone realized.

When in doubt, it’s potentially monumental

Most people on the sparsely populated steppe 3,500 years ago stayed on the move, following trade routes or herds of livestock and living in temporary camps or small seasonal villages. If you were a time-traveler looking for ancient cities, the steppe just isn’t where you’d go, and that’s what makes Semiyarka so surprising.

A few groups of people, like the Alekseeva-Sargary, were just beginning to embrace the idea of permanent homes (and their signature style of pottery lies in fragments all over what’s left of Semiyarka). The largest ancient settlements on the steppe covered around 30 hectares—nowhere near the scale of Semiyarka. And Radivojevic and her colleagues say that the layout of the buildings at Semiyarka “is unusual… deviating from more conventional settlement patterns observed in the region.”

What’s left of the city consists mostly of two rows of earthworks: kilometer-long rectangles of earth, piled a meter high. The geophysical survey revealed that “substantial walls, likely of mud-brick, were built along the inside edges of the earthworks, with internal divisions also visible.” In other words, the long mounds of earth were the foundations of rows of buildings with rooms. Based on the artifacts unearthed there, Radivojevic and her colleagues say most of those buildings were probably homes.

The two long earthworks meet at a corner, and just behind that intersection sits a larger mound, about twice the size of any of the individual homes. Based on the faint lines traced by aerial photos and the geophysical survey, it may have had a central courtyard or chamber. In true archaeologist fashion, Durham University archaeologist Dan Lawrence, a coauthor of the recent paper, describes the structure as “potentially monumental,” which means it may have been a space for rituals or community gatherings, or maybe the home of a powerful family.

The city’s layout suggests “a degree of architectural planning,” as Radivojevic and her colleagues put it in their recent paper. The site also yielded evidence of trading with nomadic cultures, as well as bronze production on an industrial scale. Both are things that suggest planning and organization.

“Bronze Age communities here were developing sophisticated, planned settlements similar to those of their contemporaries in more traditionally ‘urban’ parts of the ancient world,” said Lawrence.

Who put the bronze in the Bronze Age? Semiyarka, apparently.

Southeast of the mounds, the ground was scattered with broken crucibles, bits of copper and tin ore, and slag (the stuff that’s left over when metal is extracted from ore). That suggested that a lot of smelting and bronze-casting happened in this part of the city. Based on the size of the city and the area apparently set aside for metalworking, Semiyarka boasted what Radivojevic and her colleagues call “a highly-organized, possibly limited or controlled, industry of this sought-after alloy.”

Bronze was a part of everyday life for people on the ancient steppes, making up everything from axe heads to jewelry. There’s a reason the period from 2000 BCE to 500 BCE (mileage may vary depending on location) is called the Bronze Age, after all. But the archaeological record has offered up almost no evidence of where all those bronze doodads found on the Eurasian steppe were made or who was doing the work of mining, smelting, and casting. That makes Semiyarka a rare and important glimpse into how the Bronze Age was, literally, made.

Radivojevic and her colleagues expected to find traces of earthworks or the buried foundations of mud-brick walls, similar to the earthworks in the northwest, marking the site of a big, centralized bronze-smithing workshop. But the geophysical surveys found no walls at all in the southeastern part of the city.

“This area revealed few features,” they wrote in their recent paper (archaeologists refer to buildings and walls as features), “suggesting that metallurgical production may have been dispersed or occurred in less architecturally formalized spaces.” In other words, the bronze-smiths of ancient Semiyarka seem to have worked in the open air, or in a scattering of smaller, less permanent buildings that didn’t leave a trace behind. But they all seem to have done their work in the same area of the city.

Connections between nomads and city-dwellers

East of the earthworks lies a wide area with no trace of walls or foundations beneath the ground, but with a scattering of ancient artifacts lying half buried in the grass. The long-forgotten objects may mark the sites of “more ephemeral, perhaps seasonal, occupation,” Radivojevic and her colleagues suggested in their recent paper.

That area makes up a large chunk of the city’s estimated 140 hectares, raising questions about how many people lived here permanently, how many stopped here along trade routes or pastoral migrations, and what their relationship was like.

A few broken potsherds offer evidence that the settled city-dwellers of Semiyarka traded regularly with their more mobile neighbors on the steppe.

Within the city, most of the ceramics match the style of the Alekseevka-Sargary people. But a few of the potsherds unearthed in Semiyarka are clearly the handiwork of nomadic Cherkaskul potters, who lived on this same wide sea of grass from around 1600 BCE to 1250 BCE. It makes sense that they would have traded with the people in the city.

Along the nearby Irtysh River, archaeologists have found the fainter traces of several small encampments, dating to around the same time as Semiyarka’s heyday, and two burial mounds stand north of the city. Archaeologists will have to dig deeper, literally and figuratively, to piece together how Semiyarka fit into the ancient landscape.

The city has stories to tell, not just about itself but about the whole vast, open steppe and its people.

Antiquity, 2025 DOI: 10.15184/aqy.2025.10244  (About DOIs).

Read full article

Comments

During the season, the backup quarterback practices less than any other player on the team. The key is to stay ready and prepare mentally.

As golden hour settles over Avtar Dhillon’s farm in Abbotsford, B.C., rows of delicate purple flowers are in full bloom. Inside lies an ancient spice some Canadian farmers are beginning to get excited about.

This year’s newest iPhones included one momentous change that marked a new phase in the evolution of Apple Silicon: the Apple N1, Apple’s first in-house chip made to handle local wireless connections. The N1 supports Wi-Fi 7, Bluetooth 6, and the Thread smart home communication protocol, and it replaces the third-party wireless chips (mostly made by Broadcom) that Apple used in older iPhones.

Apple claimed that the N1 would enable more reliable connectivity for local communication features like AirPlay and AirDrop but didn’t say anything about how users could expect it to perform. But Ookla, the folks behind the SpeedTest app and website, have analyzed about five weeks’ worth of users’ testing data to get an idea of how the iPhone 17 lineup stacks up to the iPhone 16, as well as Android phones with Wi-Fi chips from Qualcomm, MediaTek, and others.

While the N1 isn’t at the top of the charts, Ookla says Apple’s Wi-Fi chip “delivered higher download and upload speeds on Wi-Fi compared to the iPhone 16 across every studied percentile and virtually every region.” The median download speed for the iPhone 17 series was 329.56Mbps, compared to 236.46Mbps for the iPhone 16; the upload speed also jumped from 73.68Mbps to 103.26Mbps.

Ookla noted that the N1’s best performance seemed to improve scores most of all in the bottom 10th percentile of performance tests, “implying Apple’s custom silicon lifts the floor more than the ceiling.” The iPhone 17 also didn’t top Ookla’s global performance charts—Ookla found that the Pixel 10 Pro series slightly edges out the iPhone 17 in download speed, while a Xiaomi 15T Pro with MediaTek Wi-Fi silicon featured better upload speeds.

Ookla’s testing data suggests Apple’s N1 Wi-Fi chip is more reliable when Wi-Fi connections are spottier. Credit: Ookla

Android phones also sometimes benefit from faster adoption of new technologies and support for 6 GHz Wi-Fi 7 with a 320 MHz channel width. While the N1’s lack of support for these features “does not materially affect performance in real world use for most people,” Android phones like the Pixel 10 series and Samsung’s Galaxy S25 can outrun the iPhone 17 in areas where those technologies are being used.

Note that Ookla’s approach can’t control for things like people’s distance from their Wi-Fi router, what kind of router they’re using, and the upload and download speeds set by their ISP. To control for this and minimize outliers, Ookla only publishes median numbers for the phones it’s tracking; it also lumps together phones from the same product families (the iPhone 17 results also include the 17 Pro and the iPhone Air, for example).

Ookla published similar data about the performance of Apple’s C1 cellular modem, also a first-generation chip design. As with the N1, Ookla’s main finding was that the C1 didn’t support the cutting-edge technologies it would need to top the performance charts, but that its speeds were mostly in the same ballpark as the Qualcomm modems in the iPhone 16 and that the C1 actually fared best in countries with less-robust cellular networks.

Since announcing the N1 in the iPhone 17 series in September, Apple has also launched a new Apple M5 iPad Pro with the N1 inside, though the chip was not included in the M5 MacBook Pro that Apple announced at the same time. The N1’s Thread support also makes it a good fit for Apple’s smart home and smart home-adjacent devices like the HomePod speaker or the Apple TV streaming box. The next time we see hardware refreshes for those devices—and updates are supposedly coming sooner rather than later—we expect to see the N1 included.

Read full article

Comments

When a Cloudflare outage disrupted large numbers of websites and online services yesterday, the company initially thought it was hit by a “hyper-scale” DDoS (distributed denial-of-service) attack.

“I worry this is the big botnet flexing,” Cloudflare co-founder and CEO Matthew Prince wrote in an internal chat room yesterday, while he and others discussed whether Cloudflare was being hit by attacks from the prolific Aisuru botnet. But upon further investigation, Cloudflare staff realized the problem had an internal cause: an important file had unexpectedly doubled in size and propagated across the network.

This caused trouble for software that needs to read the file to maintain the Cloudflare bot management system that uses a machine learning model to protect against security threats. Cloudflare’s core CDN, security services, and several other services were affected.

“After we initially wrongly suspected the symptoms we were seeing were caused by a hyper-scale DDoS attack, we correctly identified the core issue and were able to stop the propagation of the larger-than-expected feature file and replace it with an earlier version of the file,” Prince wrote in a post-mortem of the outage.

Prince explained that the problem “was triggered by a change to one of our database systems’ permissions which caused the database to output multiple entries into a ‘feature file’ used by our Bot Management system. That feature file, in turn, doubled in size. The larger-than-expected feature file was then propagated to all the machines that make up our network.”

These machines run software that routes traffic across the Cloudflare network. The software “reads this feature file to keep our Bot Management system up to date with ever changing threats,” Prince wrote. “The software had a limit on the size of the feature file that was below its doubled size. That caused the software to fail.”

Sorry for the pain, Internet

After replacing the bloated feature file with an earlier version, the flow of core traffic “largely” returned to normal, Prince wrote. But it took another two-and-a-half hours “to mitigate increased load on various parts of our network as traffic rushed back online.”

Like Amazon Web Services, Cloudflare is relied upon by many online services and can take down much of the web when it has a technical problem. “On behalf of the entire team at Cloudflare, I would like to apologize for the pain we caused the Internet today,” Prince wrote, saying that any outage is unacceptable because of “Cloudflare’s importance in the Internet ecosystem.”

Cloudflare’s bot management system classifies bots as good or bad with “a machine learning model that we use to generate bot scores for every request traversing our network,” Prince wrote. “Our customers use bot scores to control which bots are allowed to access their sites—or not.”

Prince explained that the configuration file this system relies upon describes “features,” or individual traits “used by the machine learning model to make a prediction about whether the request was automated or not.” This file is updated every five minutes “and published to our entire network and allows us to react to variations in traffic flows across the Internet. It allows us to react to new types of bots and new bot attacks. So it’s critical that it is rolled out frequently and rapidly as bad actors change their tactics quickly.”

Unexpected query response

Each new version of the file is generated by a query running on a ClickHouse database cluster, Prince wrote. When Cloudflare made a change granting additional permissions to database users, the query response suddenly contained more metadata than it previously had.

Cloudflare staff assumed “that the list of columns returned by a query like this would only include the ‘default’ database.” But the query didn’t include a filter for the database name, causing it to return duplicates of columns, Prince wrote.

This is the type of query that Cloudflare’s bot management system uses “to construct each input ‘feature’ for the file,” he wrote. The extra metadata more than doubled the rows in the response, “ultimately affecting the number of rows (i.e. features) in the final file output,” Prince wrote.

Cloudflare’s proxy service has limits to prevent excessive memory consumption, with the bot management system having “a limit on the number of machine learning features that can be used at runtime.” This limit is 200, well above the actual number of features used.

“When the bad file with more than 200 features was propagated to our servers, this limit was hit—resulting in the system panicking” and outputting errors, Prince wrote.

Worst Cloudflare outage since 2019

The number of 5xx error HTTP status codes served by the Cloudflare network is normally “very low” but soared after the bad file spread across the network. “The spike, and subsequent fluctuations, show our system failing due to loading the incorrect feature file,” Prince wrote. “What’s notable is that our system would then recover for a period. This was very unusual behavior for an internal error.”

This unusual behavior was explained by the fact “that the file was being generated every five minutes by a query running on a ClickHouse database cluster, which was being gradually updated to improve permissions management,” Prince wrote. “Bad data was only generated if the query ran on a part of the cluster which had been updated. As a result, every five minutes there was a chance of either a good or a bad set of configuration files being generated and rapidly propagated across the network.”

This fluctuation initially “led us to believe this might be caused by an attack. Eventually, every ClickHouse node was generating the bad configuration file and the fluctuation stabilized in the failing state,” he wrote.

Prince said that Cloudflare “solved the problem by stopping the generation and propagation of the bad feature file and manually inserting a known good file into the feature file distribution queue,” and then “forcing a restart of our core proxy.” The team then worked on “restarting remaining services that had entered a bad state” until the 5xx error code volume returned to normal later in the day.

Prince said the outage was Cloudflare’s worst since 2019 and that the firm is taking steps to protect against similar failures in the future. Cloudflare will work on “hardening ingestion of Cloudflare-generated configuration files in the same way we would for user-generated input; enabling more global kill switches for features; eliminating the ability for core dumps or other error reports to overwhelm system resources; [and] reviewing failure modes for error conditions across all core proxy modules,” according to Prince.

While Prince can’t promise that Cloudflare will never have another outage of the same scale, he said that previous outages have “always led to us building new, more resilient systems.”

Read full article

Comments

A Cloudflare outage caused large chunks of the Internet to go dark Tuesday morning, temporarily impacting big platforms like X and ChatGPT.

“A fix has been implemented and we believe the incident is now resolved. We are continuing to monitor for errors to ensure all services are back to normal,” Cloudflare’s status page said. “Some customers may be still experiencing issues logging into or using the Cloudflare dashboard.”

The company initially attributed the widespread outages to “an internal service degradation” and provided updates as it sought a fix over the past two hours.

A Cloudflare spokesperson told Ars that the cloud services provider saw “a spike in unusual traffic to one of Cloudflare’s services,” which “caused some traffic passing through Cloudflare’s network to experience errors.”

After the company investigated the “spike in unusual traffic,” Cloudflare’s spokesperson provided a more detailed update, telling Ars, “the root cause of the outage was a configuration file that is automatically generated to manage threat traffic. The file grew beyond an expected size of entries and triggered a crash in the software system that handles traffic for a number of Cloudflare’s services.”

“To be clear, there is no evidence that this was the result of an attack or caused by malicious activity,” the spokesperson said. “We expect that some Cloudflare services will be briefly degraded as traffic naturally spikes post-incident, but we expect all services to return to normal in the next few hours”

About 20 percent of the web relies on Cloudflare to manage and protect traffic, a Cloudflare blog noted in July. Some intermediate fixes have been made, Cloudflare’s status page said. But as of this writing, many sites remain down. According to DownDetector, Amazon, Spotify, Zoom, Uber, and Azure also experienced outages.

“Given the importance of Cloudflare’s services, any outage is unacceptable,” Cloudflare’s spokesperson said. “We apologize to our customers and the Internet in general for letting you down today. We will learn from today’s incident and improve.”

Cloudflare will continue to update the status page as fixes come in, and a blog will be posted later today discussing the issue, the spokesperson told Ars.

It’s the latest massive outage site owners have coped with after an Amazon Web Services outage took out half the web last month. Both the AWS outage and the chaotic CrowdStrike outage last year were estimated to cost affected parties billions.

Critics have suggested that outages like these make it clear how fragile the Internet really is, especially when everyone relies on the same service providers. During the AWS outage, some sites considered diversifying service providers to avoid losing business during future outages.

The outage may have caused some investors to panic, as Cloudflare’s stock fell about 3 percent amid the widespread outage.

Ars will update this story when Cloudflare provides more information on the outage.

This story was updated on November 18 to add new information from Cloudflare.

Read full article

Comments