CF is the internet cancer right now and one day they'll start the squeeze. Just go with someone else unless you want that future. There are other providers for DDoS protection (as a bonus they're not known for protecting criminals themselves). There are also cloud providers for various services, or you can go with VPS/dedicated.

On a technical level, their support is really bad. They want you to do all the debugging and data collection like they have no access to anything - until you start escalating. I experienced that multiple times.

Four years ago I was a reluctant maintainer of a Cloudflare workers setup. At the time, my thoughts were “Cloudflare is not my app, yet because of these workers, it’s performing business logic, which doesn’t feel right. I want Cloudflare to just be a dumb shield preventing DDOS attacks.”

Now that I’ve used it for a few years professionally, my opinions are much more nuanced and hard to put into words. Cloudflare’s products are mostly pretty good, and the cost savings are very attractive. You just have to be willing to work at their level.

Well, I'd be interested to hear what some of those nuances are, personally. I primarily work in highly regulated industries and air gapped environments. I probably bother to do things that are considered a bother by most, like stick with k8s for most deployment scenarios. I play with CF on my home network and I just don't get it outside of ddos protection and fast delivery. It seems like a nightmare to maintain in the long run. What am I missing?

Yeah the only problem for me that Cloudflare is so dominant and Tech x monopoly is not a good combination

also they are becoming cloud service provider that can really threaten many big player because from bandwidth alone is real game changer

They really are quite spooky

Or choose one dedicated server and just pay ten times less for everything.

Yes that is possible too! We utilse VPS's for some projects and even dedicated servers for a side project I help with.

what's generally the go-to these days for non server-less?

We use vultr. So far all is good. May be a few bucks a month more, but very minor in the grand scheme of things.

Hetzner?

Or you could just, ya know, rent a $5/mo VPS? For "your shitty todo app" it will work fine, has predictable scaling, and a built-in hard spend cap. Except you're not locked in to one particular "corporate overlord", because you can run it on literally thousands of different providers.

While this strategy scales to a few thousands of requests per second simply by replacing the VPS by a beefier dedicated box, using the exact same technology and skills, I suspect the allure is dreams of hyperscaling.

I find their SQL database’s latency to be absolutely unusable, though I haven’t tried in a few months. Otherwise I agree, great free tiers for what I’ve used it for.

Yeah agree, the devex has room for improvement as well. I use it perfectly fine for simpler apps but it could be better.

Big love for cloudflare though - all my apps are hosted with it. Their components and generous free tier have been able to let me ship so many random things.

I love Cloudflare. A lot. But I don't love that they refuse to address the fact their cloud has a single fault zone.

Customers can not, no matter how hard they try, build highly available services using Cloudflare.

They are quite proud of it too if you read the smugness in their blogs about having just 1 region: Earth... Yet they keep having global outages.

I can no longer recommend them.

What do you use instead? and have you completely migrated off CF?

How about no.

Cloudflare is a cancer interjecting itself into all sorts of communication I'd rather have directly with the other party, like my bank, email, blogs, health providers etc.

Gatekeeping the broader internet from people in poorer countries, people using VPNs etc.

I predict they will be the first pushing DRM blobs instead of html/js and killing the open web.

+1

Obligatory resource: https://0xacab.org/dCF/deCloudflare

Any single US entity trying to MITM such large swatches of global internet traffic is inherently dangerous to global freedom. they're a single point of failure for national security letters and secret gag orders that can compel them to perform targeted censorship, backdoor all sorts of software via HTTP distribution channels, assist in US disinformation operations by rewriting third party content, etc. They could be logging literally every plaintext HTTP request and response passing through their servers and leaving it wide open in some noSQL database for hackers to go steal from someday - users have no way to trust that Cloudflare is even competently qualified to protect what they collect, and there's nothing stopping Cloudflare from blatantly lying about what they collect. This wouldn't be as big of an issue if they weren't collecting your social security / national insurance number, name, age, date of birth, address, contact information, credit card details, usernames, passwords, and every other piece of data under the sun on sites that sit behind CF, including government websites and websites that function more or less as public utilities.

Cloudflare poses an impossible to overstate threat to your right to privacy, your right to freedom of speech, to democracy itself, to say nothing of the threat they pose to the free and open web. They are very nearly as large of a stain on what was arguably one of the crowning accomplishments of the human race (the internet) as the largest evil corporations on the planet - Microsoft, Alphabet (Google), Amazon, Meta (Facebook), etc.

My understanding is that S3 egress is only a problem if you need to take data out of AWS, which you can simply avoid by having some kind of dedicated AWS direct connect or some such to route the traffic yourself?

Connecting to an AWS egress point for direct connect reduces the egress price (about half) but doesn't eliminate it. It also costs thousands of dollars a month just to have the connection, so it's not great for small operations. :-/

To my knowledge direct connect is a fixed cost, as is running your own dedicated infrastructure, so you don't pay for bandwidth.

I just pulled the DirectConnect prices from the AWS API, and I think there is still a per/GB charge. Here's a description of a random direct connect point in Amsterdam (Equinix AM3). https://gist.github.com/arashpayan/a91c46c3787ac610e7884b77b...

If I'm reading the description correctly, egress from there is 2 cents/GB, while the regular price for egress (less than 10 TB) from eu-south-1 is 9 cents/GB.

That's Milan to Amsterdam though. Aren't there some mechanisms to have a handoff as close to Milan as possible?

I was pretty sure there was a way to have something that's just a fixed cost, maybe with a partner third party service.

Yeah, you're right. A direct connect in Milan at Equinix ML2 is $2.48/port-hour.

> "description": "$2.48 per connected HC-10G port-hour (or partial hour) (EU (Milan), Equinix ML2, Milano, Italy)"

https://gist.github.com/arashpayan/b115e834191fbc89ac1bc1cdc...

I'm on POOH stack. htmx, OCAML, OpenBSD, and Postgres

I fucking hate that Cloudflare has taken over, their captcha is broken for me on my main browser for years.

I cannot get past it, I click the checkbox, the page reloads and presents the captcha again. Reported as feedback hundreds of times by this point, nothing changed, cannot find out if it's some combination of extensions within my browser. The only way is to fire Chrome (which I hate using) to access some sites when it's strictly needed.

"Just fucking x" is so incredibly lame, only ever regurgitated by the biggest clowns of the industry who need the mental bumpers of this simplistic approach to software development. Can you imagine how 'real' engineers would look having equivalently teenage websites about things like concrete makeup? You embarrass us.

I love Cloudflare, I just wish they did container stuff for when I need it.

They do containers now! Unless it's a specific thing within containers you need to accomplish the stuff you want it to do.

They do offer containers now

That's cool, whatcha got cooking in ya Homelab?

I also utilse Zero Trust for a few projects and panels for some servers

Get out of here with this slop.

Imagine the CEO of CloudFlare coming to the thread to tell you he doesn't like the free marketing.

As dumb as it sounds, I've witnessed a similar thing not long ago, lol.

(Different company, not CloudFlare. I really like CF.)

This? https://news.ycombinator.com/item?id=46313750

The CF CTO - Dane Knetch gave it a RT on X (posted there too)