In 2017 Cloudflare had an HTML parser bug that caused encrypted HTTP traffic to be leaked. Any website served by Cloudflare was vulnerable to having all of its traffic leaked into the HTML body response of the website that Cloudflare proxied. Given that Cloudflare is the proxy service for 80% of websites that use proxies, this affected a significant portion of the internet.<p>Cloudflare served private HTTP traffic in response bodies, meaning that website results contained cookies, session data, encrypted traffic, all personally identifiable, and because it was served as response bodies, it was *indexed by search engines*, not to mention anyone else who was scraping websites during the time of the incident. It included credit card information, frames from videos, PII, the works, all linked to individual users.<p>This was ongoing for *months.*<p>Anyone savvy could use this information to hijack accounts, scrape personal information, view private browsing habits. Even when Cloudflare publicly announced it (and tried to blame others) when they thought they had cleaned up most of the data, you could still easily use search engines to find people's personal information by searching for the Cloudflare header strings that started the leaked session information.<p>Many countries have legal policies around data breaches, including required disclosure policies and penalties. In the greatest blind eye turn of the history of the internet, Cloudflare managed to get away with a single blog post, and no other penalties. <a href="https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/" rel="nofollow">https://blog.cloudflare.com/incident-report-on-memory-leak-c...</a><p>THAT is Cloudflare's disruption.
"More importantly, AWS itself is locked-in to its integrated approach: the entire service is architected both technically and economically to be an all-encompassing offering; to modularize itself in response to Cloudflare would be suicidal."<p>Eh, somewhat. AWS is already modular in a lot of ways. You want S3? You got it, no matter where you are. (We're talking after them doing some sort of fee drop here.) You want to run exactly one EC2 instance? No problem. You want a message queue? You don't <i>need</i> anything else. You can integrate it with the notification service but it's optional.<p>Sure, some of their services are integrated, but a lot of that integration is just "this service pulls from S3 and writes to S3", not massive integration at every level.<p>There is some stuff that is deeply tied in, yeah. But it's not like every single AWS service is deeply tied into half the other ones and the moment you open an EC2 instance you also are buying into a dozen other services. (It may feel like it if you put together a network and override the default block storage, but that's really just giving you knobs that are simply preset elsewhere, not really "lockin".) A lot of it is already pretty modular.
Cloudflare is truly amazing.<p>They almost compete with everyone now.<p>DNS: They eat simpledns lunch
Pages: They eat Netlify lunch
Worker: They eat serverless/lambda as in AWS/GCP lunch
R2: They eat AWS Lunch<p>And finally<p>Email Forwarding: They eat ... my own lunch (I'm founder of hanami.run an email forwarding service)<p>That's being said, from a user perspective, if my domain is already on CloudFlare, I can just host everything on it.<p>Right now, cloudflare workers is pretty great to add some dynamic stuff. And pages is great for static site.
If Cloudflare is able to do this now, why wasn't Akamai able to do exactly the same thing when AWS was still a baby? Serious question. Was it lack of vision? Poor execution? Technology or market just not ready yet? Without such an answer, we might have to consider the possibility that Cloudflare <i>isn't</i> any more able to do this than Akamai was.
> The service will be called R2 — “one less than S3,” quipped Cloudflare CEO Matthew Prince in an interview with Protocol ahead of Cloudflare’s announcement<p>Oh I never thought of that. So the next one is Q1 and final one would be P0.
> S3's margin is R2's opportunity<p>Indeed, it looks like "your margin is my opportunity" motto can work both ways for Amazon :)
The egress costs are finally coming to light for CIOs and CFOs. (And pissing them off)<p>Cloudflare has a lot to gain by fixing this.<p>Fascinating company.
It feels like if they released a serverless/Lambda equivalent they would start taking a lot of business from the big 3. Workers are somewhat close, but the v8/isolate pattern limits them to narrower use cases. A more traditional serverless that could sit at the center and be optionally fronted by Workers would be nice.
> Cloudflare’s unique advantages in a world where the Internet is increasingly fragmented<p>Wait, it's the opposite, at least on the infrastructure side. The Internet is increasingly centralized, due to Cloudflare and other big players.
How was it ever possible for S3 to take such a market share. Or is this market share not existing? Coming from the 90ies I could never imagine paying for outgoing traffic when already paying for a server with internet connection. There was a.early time where you would get throttled to 100MBit (and much earlier in time to 10MBit/s) but this is long gone. What do you do with S3 that such prices seem fair for anything other than rarely accessed files?
A great example of counter-positioning. Cloudflare is positioning itself in the market in a way that its competitor (AWS) cannot replicate — their lock-in is predicated on egress fees.
AWS Lightsail now offers S3 object storage with reduced egress fees: 250 GB storage, 500 GB transfer, 5$/month.<p>With standard S3, that egress traffic would cost 45$ -50$.<p>Sounds like AWS is competing with itself.
I thought I could save money by hosting some backend services in-house but soon realized it ended up being more expensive than EC2 solely because of the egress fees.<p>So whether or not Amazon intended it that way, it functions as something that’s anti-competitive because it forces you to go all-in with AWS.
I like this. AWS feels like a proprietary mainframe system (will get downvoted for saying this).<p>Anytime a majority of developer job postings mention a specific product/company certifications, (think PMP, or Microsoft developer certs) , its time to pivot your skill sets.
The post right about this post on HN's front page is titled "Slack is experiencing a service disruption". So for a second I thought CF was having some disruption (outage) which caused Slack to go down.
> <i>It’s impossible to overstate the extent to which AWS changed the world, particularly Silicon Valley. Without the need to buy servers, companies could be started in a bedroom, creating the conditions for the entire angel ecosystem and the shift of traditional venture capital to funding customer acquisition for already proven products, instead of Sun servers for ideas in Powerpoints.</i><p>So the author thinks that shared hosting or servers-for-rent did not exist before AWS' popularity?
Can we use R2 for video? Workers KV prohibit use for video. Video streaming is the #1 growth area since the pandemic. Why is it that we can use it and Workers KV to store images but not video (chunked) ?
Cloudflare could really shake things up on the ML side of things. The egress costs and GPU prices on AWS and GPC make them a nonstarter for most companies, forcing people to rack their own hardware.
>> "The most familiar API for Object Storage, and the API R2 implements, is Amazon’s Simple Storage Service (S3)."<p>Ugh - a clone of S3's functionality - that's not competing.<p>There's been zero innovation in cloud storage beyond S3's primitive capabilities. None of the competing services have gone beyond S3's stunted functionality.<p>Online storage should provide:<p>* An SFTP interface (and no, Amazon's "charge by the hour SFTP interface to S3" doesn't count)<p>* The ability to query and apply filters to queries PLEASE! For goodness sake its 2021.<p>* A webDAV interface<p>* The ability to incorporate object metadata into filtering queries<p>Why is there zero competitive drive in this space?
I find it deliciously ironic that CloudFlare is eating AWS' lunch with their launch of R2, after Amazon did basically the same thing with a bunch of their services built upon open source projects.<p>I suppose it's now corporations stealing market share from each other...