[rixthefox]

They really do want to be the center of everything it seems. I wish they would stop trying to be the Cisco of Networking in the sense of trying to convince a lot of people to let them handle critical network functions for a ton of networks.

All it will take is one major outage for everyone to see this is a bad idea.

Why trust a cloud provider who could go down and take half the Internet with it? Why centralize it that much where that is even possible?

[seeekr]

They just keep building on top of the things they've already built that are working really well, expanding into related services. Doesn't seem that different from what AWS is doing, just with a different focus and in a different place in everyone's (or the Internet's) stack.

[yamtaddle]

The focus on a different place in the stack is really, really key, though. It's what's letting them make the kind of "the whole Internet's middle-man" play that they are.

[hn_go_brrrrr]

AWS is going for "the internet's backend". I don't see how that's any different. A SPOF is still a problem, no matter where in your stack it lives.

[yamtaddle]

They're positioned to have much wider reach than even AWS. You probably wouldn't put AWS in front of GCP or Azure. You might put CloudFlare in front of any of those. And once you've done that, well, they offer these other services that compete with the backend you're already using....

Their position in the stack has a great deal of market relevance, which translates to risk if they realize that potential, because they could well end up being a critical part of more of the Internet than AWS is.

[rabuse]

AWS has CloudFront... it's the same thing.

[yamtaddle]

It's not. AWS goes out of their way to make mixing it with other providers so expensive that no-one will do it unless they absolutely have to, because they are chasing lock-in. CloudFlare basically does the opposite—their whole thing is positioning themselves as an intermediary so they can snoop on and get a cut of the action on everyone "else's" traffic... and then cut everyone else out completely, as they bring more services to market. They are positioned like a boa constrictor, coiling around all their partners and providers that sit behind them.

They are not mainly a CDN and aren't even particularly interested in competing with other companies that are mainly CDNs, which becomes crystal clear if you ever negotiate enterprise pricing with them. The CDN's just a means to an end.

Nb. despite all that their public-pricing plans are such excellent values (though, beware, last I checked the $200/m one was the only one with any kind of SLA whatsoever, and not an impressive one) that if I were creating a start-up CloudFlare might well be the very first service I signed up for. If you're a small fish it's damn hard to justify not using them. And the coils squeeze a bit tighter....

[itintheory]

And GCP has a CDN too. Would you use the GCP CDN in front of AWS, or vice versa? It's fairly common to see Cloudflare CDN (& WAF, etc) used in front of services hosted in AWS, GCP, Azure.

[anamexis]

Cloudflare is much more than a CDN.

[bogomipz]

The parent is referring to concerns of a ubiquitous "man in the middle" and you are referring to SPOF. Those are two very different things. At any rate I can always choose two 2 or even 3 cloud providers for diversity against having an SPOF with AWS.

[leokennis]

I think the question you need to ask is: who can build, maintain and operate the needed infrastructure for "task x" better? Cloudflare or you?

For many (most) use cases, CF will operate at a resilience and stability and professionality level far above what they can achieve themselves.

[teddyh]

Of course Cloudflare can do it better. That’s not the argument rixthefox presented. The problem rixthefox stated was that when Cloudflare does go down, they take half the internet with them at once.

[lijogdfljk]

Honest question, does that matter? Ie if we say that they can do it better than i can, hypothetically that means i'll have more downtime than them - yes? If that's true for everyone, then the internet will, in aggregate, be down less with CF than if we distributed better. Assuming of course that they can handle the scale linearly, and that it doesn't cause them to have a worse uptime than if i hosted.

So the question seems to be does the internet going down at the same time outweigh the internet being down for larger periods in aggregate? I don't know, honestly - seems like a tossup.

Is there a better angle to view this from?

edit: My issues with centralization are more about privacy, incentives, points of authority/leaks/autonomy, etc. Downtime seems the least concerning to me.

[teddyh]

> Honest question, does that matter? Ie if we say that they can do it better than i can, hypothetically that means i'll have more downtime than them - yes?

Yes.

> If that's true for everyone, then the internet will, in aggregate, be down less with CF than if we distributed better.

That depends on what we define as “the internet”. If we use any single service as a point of measure, then “the internet” will have more downtime. But my desire to use the internet is very seldom to use one specific service. Instead, I want to accomplish a specific task, and if my usual service goes down, with any luck they will have a competitor which is still up. This is why I think this alternative is better; it will encourage competitors to exist, which will provide a level of redundancy above the simple network layer.

[monkpit]

This isn’t really a value proposition to any of the companies that are looking to use cloudflare.

When something big like AWS goes down, it’s just understood by users that stuff is all broken everywhere. It’s not really an opportunity to get more users just because your thing is still up during this huge outage.

On top of that, if the alternative is less reliable than CF, any marginal gain in users during that outage (users that were only interested in your service because it was still up) will again be lost during subsequent outages for the exact same reason.

[teddyh]

I was arguing from the point of view of an internet user. From the point of view of an individual service provider, of course it makes sense for them to use CF. But in aggregate, the widespread use of CF makes the internet worse.

[staticassertion]

We've seen AWS go down. It's sort of a "haha, look at how much broke" but mostly it's a bunch of images don't load and maybe a few communication apps like Slack fail. 99% of the sites that go down are sites that really don't matter at all.

Obviously if you need uptime better than AWS, don't use AWS, or use AWS and someone else. The reason people are fine accepting this is because the impact of "50% of the internet goes down" is hilariously unimpactful - 99% of the internet is just not anything to care about.

[leokennis]

So if I understand your reasoning correctly, you’d rather have 60 minutes of downtime per self hosted service per year (all at different times), than 60 minutes of downtime per decade for all these services at the same time (all fixed once CF fix their incident)?

[teddyh]

Yes. For each individual service outage, I’ll probably be able to find a replacement or do without that single service for a while. When ⅓ of all the internet goes down, that’s it; we’ll all just suffer for the duration.

It’s like with stocks. A single stock I own might go bust, but with a diversified portfolio, I won’t really care. But if ⅓ of all stocks go bust at the same time, that’s a market crash.

[nine_k]

It reminds me the days of Google flourishing in early 2000s: they added more and more wonderful stuff (such as mail, or maps) while improving their flagship offering, search, more and more. A lot of people were their sincere fans.

[robertlagrant]

Sort of agree, except Cloudflare's new products all seem to scale nicely off their core competencies, so they can offer them more cheaply and (hopefully) more reliably. Maps and mail were more like "ways of getting to know you really really well".

[ethbr0]

That's why I've been really impressed with their strategic execution: they seem to have a pretty laser focus on "Given what we already have now, and how much it costs to operate, what can we do that Amazon/Google/Microsoft can't easily duplicate at a competitive price point?"

With a healthy dash of "What are people actually trying to accomplish?"

The weakness at hyperscale is that all products feel like some mistranslation of the generalized form of an HR request: almost for everyone, but perfect for no one. Probably because nothing less than a TAM of "everyone" moves their revenue needle.

[peterhadlaw]

But then what happened....

[bombcar]

Apparently the fire nation attacked ...

[solardev]

Isn't that what AWS, Google, Azure, etc. have done forever? Cloudflare is easier to use, and IMO, just plain better.

It's actually kinda nice to have half the internet go down at once. People can just stop work, wait a few minutes, and it magically comes back up. Making downtime somebody else's problem is a huge advantage...

[ranger_danger]

History always repeats itself. Popular company gets too big, then splits up, then slowly merges back, ala AT&T.

[Kye]

I saw a chart of this a while back. It really is consolidating right back down to where it was before it broke up.

[onetimeusename]

what you say makes sense and even I doubt that cloudflare will remain committed to being content neutral even if they want to be, a different issue. Government can get corporations to do what they want.

However, people continue to use cloudflare because it is easy, solves problems people don't like dealing with, and does the job. I don't know what the alternative pitch is to businesses so that cloudflare isn't so central to the internet.

[dirheist]

Yeah, also for cloudflares core business proposition (ddos mitigation and DNS forwarding/filtering) you need to be massive and to have multiple PoP's in order to assess whether or not a certain IP requesting a certain URL and sending over a certain length of packets should be accepted or whether a challenge should be served. You can't know any of these things unless you have an extensive network and clients.

[eastdakota]

“Pardon me, Cisco”: https://youtu.be/T47T_mG7YbU

[mwcampbell]

The opening of that ad backfired by making me nostalgic for the earlier, more decentralized Internet that I accessed via dialup as a teenager. The good news is that lots of sites and services still can run just fine on a single dedicated server, as they did back then, especially since some dedicated server providers (like OVHcloud) have DDOS protection. So while Cloudflare's marketing efforts sometimes succeed in making me excited about your products (as I'm afraid you can see from my other recent comments), I think I'll continue to resist the further centralization of the Internet under big providers like Cloudflare.

[bombcar]

I'm waiting for them to buy tailscale.

[rcarmo]

That would certainly improve the UX on their own product. Tailscale completely nailed that - even the daemon is nicer to use and manage than Cloudflare's.

[BowBun]

Agreed. I think they do a lot of good for the ecosystem, but there's no reason to give one organization so much trust and to continue centralizing everything you do on their platform. They're very, very good at cultural and enterprise marketing though. My boss and countless others are completely sold that they should handle all of our complexities.

[remram]

The Cisco of Networking is Cisco.

[mschuster91]

> Why trust a cloud provider who could go down and take half the Internet with it? Why centralize it that much where that is even possible?

The problem is that governments worldwide have done little to curb abusive behavior that makes this all but necessary to survive on the Internet:

- India (for US/UK based callcenter scams) and Turkey (for German based) don't do shit against scam callcenters. There have been multiple high-profile Youtubers making videos exposing these scammers and police there hasn't done anything, some have even boasted about having connections to bribed police officers protecting them.

- Russia, China, North Korea and Iran haven't been kicked off of the Internet despite both nations actively running hacking campaigns and sheltering hackers and "bullet proof" hosters.

- Western governments still don't mandate open source or at least audits for Internet-connected appliance software, which means that there are tons of devices (smart cameras, other smart home systems, routers, ...) out there that end up compromised, and on top of that residential Internet connection speeds routinely cross 100 MBit/s these days giving compromised appliances an awful lot of leverage for DDoS attacks (which is the chief use case for employing Cloudflare, AWS Cloudfront+WAF and others).

There simply is too much abuse in the system

[johnklos]

Yes! We need centralize the abuse where the NSA can get what they want.