Rendered at 22:00:43 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
simonw 2 days ago [-]
Looks like Cloudflare still haven't shipped the most valuable possible feature for Cloudflare Workers though: hard billing caps.
I want to set a cap of $100/month and know, for sure, that if something untoward happens my apps will all stop serving traffic rather than me getting hit with a bill for $1000s.
I've dealt with this before. The problem with doing a billing cap is that now you are bringing an out-of-band batch system (billing) in-band. The only way to do a dollar cap is to constantly calculate your bill.
Capping it at 100K requests is a lot easier, because it's a single number that can be incremented easily in a distributed way.
It's the same reason it took AWS forever to offer billing caps, and even today, they label it as best effort. They don't guarantee you won't pay more than your set limit.
nlitened 2 days ago [-]
I am very sure what you’re saying is not true. It’s a viable-looking technical excuse, but you can easily understand that it’s false.
Let’s make a thought experiment.
CEO of Cloudflare introduces hard billing caps at a _business_ (not technical) level. Your organization will never be billed more than the level you set. Your app may stop, or may continue running, but above the monthly cap it’s free for you, it becomes Cloudflare’s expense if they didn’t pause the services.
I guarantee you that in this case, all technical issues you’re talking about would be solved in three weeks, and your service would go down within 3 seconds after hitting the cap.
If CEO decision were that any over-usage above the cap is deducted from employee bonuses from the specific product division that didn’t stop spending in time — all technical challenges would be solved in 48 hours.
Currently, there are literally zero organizational incentives for CloudFlare to develop any usage caps
AnthonyMouse 2 days ago [-]
You're describing a way to get the technical people to do the work, but that was never the problem. If you want them to do it you just tell them to, and then they spend however many hours doing it, instead of doing something else.
All technical problems are like that. You throw labor hours and hardware at them and progress is made. The question is, how much does it take, and is it worth that much? Which in turn depends on how willing you are to patronize someone else if they don't.
nlitened 2 days ago [-]
That’s kinda my point. We don’t have usage caps not because they are technically hard or impossible to implement (they’re not). It’s because the leadership thinks (likely correctly) that implementing them would just hurt company’s bottom line.
jt2190 1 days ago [-]
> [L]eadership thinks (likely correctly) that implementing them would just hurt company’s bottom line.
Exactly. There's little "win" here for the business, especially when the simpler "just cap at n requests" solution exists. Pursuing this solution:
- introduces more technical complexity (increased cost of developing, testing and maintentance)
- forces overage costs onto the vendor, who will then... increase prices to cover these costs, which upsets customers and makes the company less competitive.
- doesn't improve cost prediction (since n requests can be costed out a $/request quite easily and reliably)
(The cynical will say something about "the business has an incentive to _not_ fix this issue because they get paid for overages", but this assumes that Cloudflare has the, "monopolistic" market power to make customers unhappy and still charge whatever they want. In this case implementing billing caps wouldn't do anything because Cloudflare could just... charge whatever they want.)
ImPostingOnHN 1 days ago [-]
Isn't that the point OP made, only repeated?: The price cap functionality which customers want, is missing, not for lack of feasibility or capability (as was previously claimed above), but because the company makes more money overcharging customers, and thus doesn't want to fix the problem.
AnthonyMouse 12 hours ago [-]
The cynical option isn't the only one.
Suppose it would cost them X million dollars a year to provide the feature and providing it would cost them nothing in terms of sales, and indeed get them a few more because people like the feature. Well, it still costs them that amount to provide it, so then the question is whether X is less than Y. But you don't control how much it costs them to implement it, only how much of your business you're going to take somewhere else without it, and if nobody is willing to do that then why would you expect them to spend the money?
It doesn't have to be that they're purposely screwing you. It's just that if you don't care enough to choose differently then why would they?
ImPostingOnHN 9 hours ago [-]
> The cynical option isn't the only one.
> Suppose it would cost them X million dollars a year to provide the feature and providing it would cost them nothing in terms of sales, and indeed get them a few more because people like the feature. Well, it still costs them that amount to provide it, so then the question is whether X is less than Y.
lol, that is the cynical option!
It's just "we profit more by charging people for overages than we would if we put in a price cap", with more words!
It's the same as making a subscription people can enroll in online, but cancelling it requires going to the HQ in person, or writing a registered mail demand letter, etc.
After all, why build a way to cancel online subscriptions online if X is more than Y? Maybe it's more profitable to keep charging people for something they don't want.
"The cynical option" is any option which consistently puts pure profitability ahead of doing the right thing by customers, society, or human decency in general, and that is precisely the Cloudflare decision criteria we're discussing.
mentat 1 days ago [-]
You’re very sure because you’ve built one at scale? This is such peak HN. And you have plenty of other people who have never built a billing system at scale to agree with you. The OP is right, this is in fact very very hard for the reasons they say.
londons_explore 2 days ago [-]
Seems like a weak excuse... If you build a billing system which can calculate bills with low latency 99.9% of the time, but perhaps fails when there is a net split for example, then you can simply let the company write off the loss for that 0.1% of the time the billing system is down.
manwe150 1 days ago [-]
This seems the real answer. The question of whether the billing team can set accurate maximums is largely disjoint from the question of whether the engineering team shuts off service precisely at that moment.
simonw 1 days ago [-]
I'd be happy for the vendor to eat the difference if their accounting systems let me spend a little over my configured cap, personally.
(I get that they're not happy to do that.)
ustad 2 days ago [-]
The cost of each request or token may have a fixed cost - you do not have to query the main billing system for such things.
MikeNotThePope 2 days ago [-]
How about implementing a prepaid system where you set your budget, and if you exceed it, everything just pauses until you pay more?
_heimdall 1 days ago [-]
That wouldn't change anything in this case. Either way you would need to (a) be able to know the state of billing in band before executing a request or (b) accept a slight out of band delay where cloudflare may allow a few extra requests through and eat the cost.
It is a very solvable problem, I just don't think pre- vs postpaid changes it.
dbbk 1 days ago [-]
Vercel achieved it perfectly fine
cj 2 days ago [-]
Not that it helps, but I think this is only a problem if you’re paying by credit card.
If your company is on an enterprise plan, at least for us all of the limits are pre-negotiated and prepaid, and you aren’t billed for overages (although if you consistently overage, sales will start badgering you to negotiate a limit increase, but my experience is you can simply ignore their demands and they eventually go away)
It does drive me crazy that their enterprise tier “caps” bandwidth. Our company overaged on one of our domains, so we moved the domain out of our enterprise license onto a self-serve plan, and like magic, back to unlimited bandwidth.
iancarroll 2 days ago [-]
My Cloudflare enterprise order form has costs for overages for Workers and the following language about everything else:
> If Customer exceeds any of the Total Quantity for the Services below, Cloudflare will invoice Customer in arrears at a rate that corresponds to the rate set forth in the table after this
one labeled “Excess Usage Pricing.” If no such Excess Usage Pricing table has been added by the Parties to this order form or if such table does not include the Service(s) for which
Customer has exceeded the Total Quantity, then the Parties will negotiate in good faith an increase in the Fees for such Service(s). Should the Parties fail to reach an agreement on
an increase within thirty (30) days of Customer’s receipt of notice from Cloudflare that Customer has exceeded its usage cap for the Service(s), Cloudflare will have the right to
immediately terminate such Service for its convenience, and without liability to Customer or any third party.
2 days ago [-]
lmz 2 days ago [-]
> It does drive me crazy that their enterprise tier “caps” bandwidth. Our company overaged on one of our domains, so we moved the domain out of our enterprise license onto a self-serve plan, and like magic, back to unlimited bandwidth.
You don't see how the spend cap is linked to the bandwidth cap?
philistine 2 days ago [-]
Didn't Cloudflare promise they would deliver every single Enterprise-only feature to the paid tier?
There's your next feature to port, Cloudflare: PEACE OF MIND!
sofixa 2 days ago [-]
Never going to happen at such a platform.
They prefer waiving the occasional DDoS / misconfiguration over giving their customers to cause outages with something so trivially forgotten about and so disconnected from the tech and actual platform.
Havoc 2 days ago [-]
Haven't shipped or don't want to ship...
devdoshi 1 days ago [-]
If it weren't implemented by cloudflare natively, would you be ok using a library or something that wraps or hooks onto your IaC to wrap entry points with a worker (proxy or circuit-breaker, conceptually) with various types of limits (real-time estimated spend, or just counts of operations, or just a on/off switch wired to an email alert). I'm pulling a few of these threads at the moment since I've been ramping up my cloudflare usage.
yanslookup 1 days ago [-]
This smells like a cottage industry similar to detecting soon to be expired ssl certs.
"Oh that thing that was an experiment and had billing caps turned on but we rushed in to production and now the whole business relies on that thing is in an outage and destroying customer trust we've barely earned yet"
I get the flip side but... 2nd order effects oof.
tracerbulletx 1 days ago [-]
It's not valuable for them to have this, and not because they want to skim big bills off of little guys. It's because customers small enough to care about this are not only not worth the investment in the feature, even having them on the platform is nearly a net negative.
__natty__ 1 days ago [-]
I wonder why they didn’t introduce this yet. Same anbout other cloud providers. It’s not that this is some rocket science technology to achieve because they calculate near realtime usage anyway. Can this be because they earn more on people going beyond what they would set limit?
1 days ago [-]
zuzululu 2 days ago [-]
tbh this is my biggest anxiety with cloudflare and this seems intentional
also its funny that i have a backup to cloudflare in case it goes down—that seems to be a regular event now as of lately with CF
Zababa 2 days ago [-]
Yeah, especially with agents this seems necessary.
csomar 1 days ago [-]
To be honest their service is so cheap, that it's extremely unlikely to get such an attack without costing the attacker an equally equivalent amount.
Also, if it's really a problem or you are estimating it'll certainly be a problem, do email alerts or a strict shutdown if xx requests are hitting your account. You can have a simple counter in a KV.
simonw 2 days ago [-]
Hot damn...
> Any agent can now run wrangler deploy --temporary and deploy a Worker to Cloudflare. This temporary deployment stays live for 60 minutes, during which time you can claim the temporary account, making it permanently your own. If you don't, it expires on its own.
Forget about agents, Cloudflare just provided free scratch deployments - ephemeral for 60 minutes - for anyone.
This is going to be amazing for things like PR previews and code review. Being able to deploy a preview to a working URL for free is a huge reduction in friction.
I hope it doesn't get abused so much that they turn it off again.
simonw 2 days ago [-]
I just tried this out:
% npx wrangler deploy --temporary
wrangler 4.103.0
────────────────────
You must accept Cloudflare's Terms of Service (https://www.cloudflare.com/terms/) and Privacy Policy (https://www.cloudflare.com/privacypolicy/) in order to continue. By typing "yes", you agree to these terms. Type "yes" to continue. … yes
Solving proof-of-work challenge…
Temporary account ready:
Account: Educated Celery (created)
Claim within: 60 minutes
Claim URL: https://dash.cloudflare.com/claim-preview?claimToken=CAVe7LzWiGad-redacted
Total Upload: 13.79 KiB / gzip: 4.12 KiB
Uploaded cloudflare-redirect-resolver (2.27 sec)
Deployed cloudflare-redirect-resolver triggers (0.50 sec)
https://cloudflare-redirect-resolver.educated-celery.workers.dev
Current Version ID: 5c12da7f-2749-4ccc-a8f6-79b85da98d10
> I'm amused that it made me accept the terms and conditions without any indication of who I am
as far as i’m aware, that’s fully binding and often an accepted practise - take Minecraft’s server software, where you must accept the EULA with a text flag before running
nextaccountic 2 days ago [-]
but if an agent automatically accepts an EULA for you, is it binding?
halJordan 2 days ago [-]
It would have to be. And it's not new in the law at all. The principal-agent problem was one of the main enablers of the golden age of piracy. But that doesn't mean it isnt a solved problem now (in the law and practically)
sandeepkd 2 days ago [-]
This is a binding from service perspective. The agent use case is being highlighted in this example, however in practice the server does not knows what/who the client is. In fact with API's (user not present in loop) just notifying is good enough based on what I have been told by company legal teams in the past.
Ideally the agent is supposed to be responsible to surface its own TOS and the downstream TOS to the user. In other words most likely the agent is on the hook if this goes to court
nextaccountic 2 days ago [-]
> principal-agent problem
Here the agent is not a person. It's unclear this principle holds legally
inigyou 1 days ago [-]
This has never been tried in court, though, at best it probably just protects mojang from liability for banning your server from the IP address entry box (that's a real thing they do) if you don't obey
WolfCop 2 days ago [-]
Why a GET and cancel after headers instead of a HEAD?
simonw 2 days ago [-]
I don't trust everyone online to correctly implement HEAD requests. I'm quite possibly being overly paranoid.
winterqt 2 days ago [-]
Interesting, it’s still live!
usef- 2 days ago [-]
Maybe someone else claimed it?
johanyc 1 days ago [-]
Still live lol
deanputney 4 hours ago [-]
Yeah, it's still up at this time. That's surprising that it's not being auto cleaned up.
avipars 2 days ago [-]
You might want to claim the link or remove it
simonw 2 days ago [-]
I redacted it, but if anyone still has at and wants to steal my demo app they're welcome to it.
xyzzy_plugh 2 days ago [-]
Why?
throw1234567891 2 days ago [-]
Why not
LoganDark 2 days ago [-]
By making it require interactive input to accept TOS they've made most agents unable to use it, but the effort is cool!
aleksiy123 2 days ago [-]
Wasn’t this case pretty much before?
The limits are 100 workers on free and 500 on paid.
And if need more then you can always go their platform which supports tenancy.
As long as you have a cronjob or similar to clean up the cost of having per PR preview is pretty much zero.
tough 2 days ago [-]
unless you have 500 PR's a day =)
On the other hand, we already use regular CF builds for frontend previews, but that doesnt solve a fullstack PR preview much
heipei 2 days ago [-]
This is gonna be amazing for phishing, like most of the features Cloudflare offers (free Turnstile for fresh accounts, CF tunnels, pages.dev, r2.dev).
resonious 2 days ago [-]
Obnoxious reply but I did this myself so I'm compelled to post it: review apps aren't that hard to implement yourself. You just need a VPS, domain name, and Caddy. Then tell any agent to connect the dots.
weird-eye-issue 1 days ago [-]
Cloudflare Workers already support preview urls, and if you set up Github integration they are done automatically
dbbk 1 days ago [-]
> This is going to be amazing for things like PR previews and code review. Being able to deploy a preview to a working URL for free is a huge reduction in friction.
Uh that's already true?
derektank 2 days ago [-]
Would love to know more about how Cloudflare plans to prevent abuse of ephemeral infrastructure to host malicious content. From elsewhere in their documentation, “Cloudflare limits how quickly you can create temporary preview accounts. If the Wrangler CLI cannot create an account because too many temporary preview accounts were requested too quickly, wait before retrying or authenticate the CLI with a permanent Cloudflare account,” and “Cloudflare applies additional abuse prevention checks to temporary preview accounts.”[1] This is a bit vague though. Creating a new account has never been a huge hurdle to overcome but this seems to reduce the barrier to entry even more.
Given how little they do now to stop malicious content hosted behind/by Cloudflare, the bare minimum if anything.
zuzululu 2 days ago [-]
Cloudflare support is pretty active and very responsive to incidents. Here's a token of appreciation.
Anamon 1 days ago [-]
I report several phishing sites to them per week. They take ages to respond, often close to a week. And often, the response will be that they couldn't find any abuse, because I also report to the host which is often much quicker to respond.
Any process that doesn't take down phishing sites within a few hours at most is inadequate for protecting potential victims. Especially when I compare it to all the other providers I report abuses to, Cloudflare doesn't strike me as a company that takes abuse reports particularly seriously.
zuzululu 21 hours ago [-]
impossible to tell if you are trying to defame a company or telling the truth without seeing any evidence to back up your claims
rdtsc 2 days ago [-]
> Would love to know more about how Cloudflare plans to prevent abuse of ephemeral infrastructure to host malicious content
If it helps laugh DDoS attacks they would be incentivized to do the exact opposite. They can charge more for “protection” then.
TeMPOraL 2 days ago [-]
DDoS is one thing you wouldn't be launching from Cloudflare, but if they can get enough types of other bot traffic (whether malicious or "legitimate" or just general grey zone) to use them as the starting point, it improves their error rates when dealing with bot traffic that didn't migrate.
I know no one is writing copy anymore but i wish they tried to edit it a bit so it wasn’t so glaringly obvious. It just sours the product when it seems like so little effort was put into the message. And it’s not even hard - just change the prompt used!
ndjdjxixjenej 2 days ago [-]
[dead]
anilgulecha 2 days ago [-]
If eastdakota/jgc are here.
- simply expose containers to the world directly - without having to go via workers.
- You have other amazing parts of the stack anyway (D1, durable objects, a great object store). These aren't considered "lockin".
- workers is "lockin" - not similar enough to lambda/cloud functions and so becomes CF specific.
Not having a simple container based compute piece has made me hesitate in taking up CF. (Fly or firebase won out)
jgrahamc 2 days ago [-]
I am here but I retired from being CTO of Cloudflare in March 2025 [1] and the current CTO is Dane Knecht (dknecht here). What advantage does decoupling Cloudflare Containers from Cloudflare Workers have?
No per-request billing, portable devops - easier multicloud, known semantics (env variables, entrypoint, websocket lifecycle).
david_shi 2 days ago [-]
Speaking from personal experience, I already know exactly what I’m getting with containers. Same with Postgres.
CuriouslyC 2 days ago [-]
Not sure if it's the only blocker, but I wanted to use containers with UDP/SRT.
htrp 2 days ago [-]
quick piece of feedback, the workers architecture is a little bit annoying when converting from Lambda but hooking up to cloudflare MCP solves 90% of the issues
tailscaler2026 2 days ago [-]
there's absolutely nothing positive we want to encourage copying from AWS's architectural approach to anything.
tough 2 days ago [-]
chuckles
eek2121 2 days ago [-]
I'm pretty sure I heard your groan from all the way over here in Nashville. ;)
unix1 2 days ago [-]
> simply expose containers to the world directly - without having to go via workers.
I run workers and containers and am curious what you mean. Do you have specific use cases in mind outside of the worker invocation model? If so, I'm curious what you'd want to run on Cloudflare. Otherwise, workers don't have to be much of a "lockin" if treated as a thin layer, more like configuration.
> You have other amazing parts of the stack anyway (D1, durable objects, a great object store).
Instead, if you mean accessing these resources from containers, it's a bit clunky [0] but it's there - you should be able to access worker bindings from containers through those outbound handlers.
Not the OP, but for me it's a simple matter of not wanting to use typescript and the whole swamp on fire that is NPM.
yodon 2 days ago [-]
>Not having a simple container based compute piece made me hesitate in taking up CF
Agreed. I wish CF had something like Azure's new fast-starting Express containers.
csomar 1 days ago [-]
I think you have it the other way around? D1, DO, KV are lockin. The worker is not lockin as it's just JavaScript/WASM and can run in a regular browser.
ndjdjxixjenej 2 days ago [-]
[dead]
jsyang00 2 days ago [-]
> Make snail-game in Cloudflare Worker in TypeScript and deploy it using wrangler, don't ask me questions, do the best you can
Excuse me for asking, doesnt this make it easier to run a malware bot farm and disappear without a trace?
taosu_la 1 days ago [-]
I am a bit worried about being misused by black and gray industries, which could then lead to Cloudflare or the US Congress imposing various restrictions, resulting in the functionality of my ordinary Cloudflare account being limited.
827a 2 days ago [-]
Correct me if I'm wrong, but does Cloudflare still not have a "Create Account" button on the account listing page? I think you still have to sign up from scratch doing plus-code email tricks, then invite your original email address as an admin, juggling multiple accounts. They should consider fixing that first.
quinncom 2 days ago [-]
If I want to onboard a client to Cloudflare, I have to ask them to create an account and then invite me, which is a lot of friction for non-technical people.
A “create account” button accessible to me would be so much better. Then, I create the account and invite the client to join as owner.
827a 2 days ago [-]
Yup exactly. This functionality might be available under their "Organizations" feature, but that is on the Enterprise plan. Almost a year ago they announced that nearly all Enterprise-plan features would be coming to everyone, so I suppose sadly that one didn't make the cut [1]?
The system I follow is creating a new account for the client using a plus-code on my email address (like john+client10@example.com), then I invite my main account (john@example.com), then I can invite clients into that account. Its a PITA.
Cloudflare makes it really hard to spend money. I constantly have to talk to someone in sales to enable some feature after rounds of negotiating on price. I think they would have way more customers, spending much more money, if they just offered transparent pricing, and fully on-demand services.
weird-eye-issue 1 days ago [-]
Oh actually it's worse now, they blocked email addresses with + in them!
2 days ago [-]
dools 2 days ago [-]
The idea of giving a non deterministic automated process direct deployment control is fucking madness to me. That’s why I don’t get the obsession with MCP. Deployment can be scripted. It doesn’t need an LLM, it is a completely deterministic process and you want it to run identically every single time.
The right model for agentic API usage is having LLMs write scripts that use APIs. Connecting agents to MCPs and telling them to go and do stuff over and over not only wastes money but invites catastrophe.
This falls Within my predictions of how the AI playing field is become more leveled, in terms with human digital activity. Soon it wouldn't be so what you can do with the computer but what the agent can do BETTER. We are already there for the most part. These are the early steps of full re-genitive self hosting, fully capable AI the is far more advanced then asking it to solve a 2 + 2 question.
The article worded it perfectly; friction-less "efforts"
aniviacat 2 days ago [-]
Wouldn't it make more sense to merge the temporary account into an existing one, instead of claiming it as a new account?
This could lead to people having a large amount of separate accounts.
kylecazar 2 days ago [-]
I assumed that's how it works if you sign in before claiming the account?
It says to claim you can either sign up or sign in.
2 days ago [-]
piterrro 2 days ago [-]
Lets keep in mind this is cloudflare workers runtime - it only makes sense to deploy small things there, maybe static sites. Unless the agent creates something for cf workers from scratch, asking it to „now deploy to cloudflare” will fail so bad.
This would only work if they would provision docker image deployment, similar to google cloud run, but the still, everything serveless has its own caveats…
simonw 2 days ago [-]
> Unless the agent creates something for cf workers from scratch
The latest models appear to know CF Workers inside out and are very capable of doing that if you ask them to.
I didnt say LLMs dont know cf workers, I meant that the cf workers runtime is kind of unique and you cannot push there any code without making it cf workers ready in the first place.
If you know what youre doing it should be one time step to connect your hono app to cf workers (so not a huge effort) but still its not like tou can run anything there
2 days ago [-]
kentonv 2 days ago [-]
> it only makes sense to deploy small things there
What makes you say that?
piterrro 2 days ago [-]
I’m running entire leadjobs.dev on cloudflare workers and its kind of unreliable for the traffic it gets - around 100 visitors/day. There are some weird errors in d1 from time to time which i cannot debug since its all black box. Also latencies are greater than I would expect, especially, again for d1.
Overall its great value for money to get a globally available, low latency service - but I would think twice before going all in.
As a sidenote, I expected that, thus the architecture of the service is build in a way that it abstracts the cf runtime and I can switch to any other infra, be it dedicated or another cloud, in a matter of a day
kentonv 2 days ago [-]
I'll let you in on a sort of dirty secret:
It's almost always better to use Durable Objects storage, rather than D1. Even if you only want a single global database, it's better to implement that as a singleton Durable Object, than by using D1. Because that's all D1 itself actually is: a singleton Durable Object that exposes an API to its SQLite database. It's just a wrapper.
With raw Durable Objects, you get to bring your code to run on the same machine as the database itself. Your queries run on a local file, synchronously, rather than going over a network. There is essentially zero latency when using sqlite storage in a Durable Object.
If your app does no more than one DB query per request, then D1 is fine: the Worker runs near the end user, and talks over the long-haul network to D1 just once. Whereas with Durable Objects, your Worker would talk over the long-haul network to the Durable Object. No difference.
But if your app ever does two or more queries in series for a single request, then Durable Objects becomes vastly better, because you get to move that query-chaining code to happen directly where the database lives, rather than have multiple round trips.
Really, though, the only reason D1 exists is for comfort. Once you know how to use Durable Objects, there's no reason to use D1. We offer D1 because a lot of people don't want to learn a new model. (Which is fair. People are busy and may have better things to do.)
One caveat: D1's read replica support still isn't exposed in a way that you can use it in raw Durable Objects, so if you are using that, it's a legitimate advantage to D1. But we do plan to bring this functionality to raw Durable Objects at some point.
chondl 7 hours ago [-]
It would really help if this advice was more legible to agents. Spent the last week in Claude Code building a reasonably complex app running entirely on CF Workers, Containers, KV, and D1. Pages were slow due to the multiple round trips to storage on each page since Claude Code used D1. Despite repeated prompting Claude Code had no suggestions for how to improve within the CF platform. I ended up having Claude Code switch to Postgres with an eye towards switching the compute layer to AWS in the near future, since I'm very familiar with how to get performance out of that platform. Claude Code overcame my lack of familiarity to get something running on CF, but it wasn't good enough to get a design that could perform.
piterrro 2 days ago [-]
this is new, thanks for that. I just had a brief talk with Gemini about it and it sparked interest in this model (Durable Objects) which I'm going to dive into deeper.
nextaccountic 2 days ago [-]
why not deploy the worker and d1 on the same machine, just like one would do with durable objects?
kentonv 2 days ago [-]
Part of the point of Workers is they run everywhere, not on a specific machines where they've been "deployed". We generally run a Worker in the colo where we received the HTTP request triggering it.
There is a feature called "smart placement" which, when enabled, tells us to detect if a Worker commonly makes multiple round trips to a particular backend and, if so, try to run the Worker close to that back-end, instead of close to the user. This helps with D1. But even if you have the Worker running in the same colo or even same machine as the D1 database, you're still speaking a network protocol to talk to it, serializing and deserializing data, switch contexts, etc. Directly invoking SQLite locally will still be orders of magnitude faster.
Also with Durable Objects you can have many objects, e.g. one object per user or one object per document, spread around the world. It's a distributed systems building block. Many of the things you can build on it can't really be "smart" auto-detected.
weird-eye-issue 1 days ago [-]
Don't use D1. They make it sound like with read replication it's going to be fast everywhere but if you actually test it that's just a complete lie and in almost all cases you are better off using a central database with something like Supabase or if the data is smaller and per user then Durable Objects
PUSH_AX 1 days ago [-]
This is just objectively wrong, CF hosts an app for me with 1 million MAU
I’m going to need a wrapper for all these services offering this service.
Hackbraten 2 days ago [-]
Cloudflare: let's give the bots their own accounts so they can scrape harder.
Also Cloudflare: let's send normal humans who are trying to go about their daily lives into endless Turnstile spinner loops with absolutely zero recourse, grievance, or support infrastructure.
jwr 2 days ago [-]
I had similar thoughts: "let's convince everyone to outsource the decision on who can access their websites to us, because BOTS BOTS BOTS" and "let's make life easier for bots to do things".
bornfreddy 2 days ago [-]
Just had 10 rounds of busses, motorcycles and fire hydrants with Google before I decided I don't actually want to see that page so much. So Cloudflare is unfortunately not the only offender here.
Anamon 1 days ago [-]
There's a certain type of Recaptcha challenge (the 4x4 single-photo one) that I have a 100% failure rate on. If Google decide to serve me 15 of those in a row, I will invariably fail 15 times until they decide to serve one of the other types for round 16. I'm very close to believing that that challenge is actually bugged and unsolvable for everyone, and simply nobody ever bothered to fix it.
bornfreddy 4 hours ago [-]
Nah, I think this is Google's way of pushing against those who value privacy. Firefox? With uBO? No cookies? Not fetching Google fonts? Must be a bot for sure. /s
2 days ago [-]
moritzruth 2 days ago [-]
First you spread the disease, then you sell the cure.
deadbabe 2 days ago [-]
I think this is more of a “keep friends close but enemies closer” type thing.
throw1234567891 2 days ago [-]
Sounds more like “let’s make money twice”.
TeMPOraL 2 days ago [-]
It's business so they have neither enemies nor friends, just various breeds of cattle to milk.
xnx 1 days ago [-]
Bots are very close to being able to pass any captcha a human can. We're very close to most sites requiring a login.
whh 2 days ago [-]
I’d love a chrome extension to measure just how many times per day I’m met with the Turnstile.
Turnstiles per minute.
IncreasePosts 2 days ago [-]
I'm sure they don't want humans to have that experience - the issue is that the human behavior looks very bot-like. This is usually only experienced by people whose setup is peculiar
Anamon 1 days ago [-]
Yes, and using Firefox or having an ad blocker installed counts as extremely peculiar these days.
isodev 2 days ago [-]
But think of the shareholders
deadbabe 2 days ago [-]
Anyone can be a shareholder.
horacemorace 2 days ago [-]
[flagged]
copperx 2 days ago [-]
I thought there were no rich swes anymore?
aruggirello 2 days ago [-]
The rich swe has no children, he only has AI agents.
skinfaxi 2 days ago [-]
That's unnecessarily presumptuous.
deadbabe 2 days ago [-]
Cloudflare is in the S&P500. If you have a 401k diversified in broad market indexes then most likely… you are a shareholder.
Denzel 2 days ago [-]
About half of US households don’t have any retirement at all. Making their point that “shareholders” are a distinct class separate from the whole of the population.
tough 2 days ago [-]
and sitll the US seems to be one of the biggest markets educated on "being a shareholder" im sure Europe has smaller percentage of them.
TeMPOraL 2 days ago [-]
Yup. Over this side of the pond, stock market is this weird socially acceptable gambling for rich people.
theplumber 2 days ago [-]
This sounds like Elon’s IPO…I give you 0.000000000009% of my company for your whole savings account. Now have a part of the pie!
georgemcbay 2 days ago [-]
> About half of US households don’t have any retirement at all.
...and the top 10% by wealth own 90% of the stock market.
So even among the half that do have retirement savings in 401ks and the like it is on average very little compared to how much the truly wealthy have invested.
cj 2 days ago [-]
No, Cloudflare does not meet the criteria for inclusion in the S&P 500.
What are you talking about? Cloudflare (NET) is not in the S&P500.
Also if you buy a index that invests in a stock that doesn't make you a shareholder. Vanguard, for example, would still be the shareholder in the company's records, not the people who invest in Vanguard's index funds. Of course, its stock price movements will have an impact on your holdings if the stock is in the index but legally, you are not a shareholder.
scotty79 2 days ago [-]
Are you still reading webpages personally instead telling your AI to do it?
prymitive 2 days ago [-]
Maybe your agent could have a little blog where it keeps a diary of cool pages it read for you? And then you subscribe to that?
scotty79 2 days ago [-]
Interesting idea ... doesn't fit my style of content consumption, but it might fit yours.
I went for a personal newsfeed, agent pulls news form ~100 feeds related to my interests. Then reads all articles for me and orders them by how interesting they might be for me. I specifically asked for vector embeddings, up/down votes (-2..+2), visited status, LLM content evaluation. Probably there are some other mechanisms I didn't even bother to check. It's a work in progress but I can see myself replacing most of my news reading with it. For many news the AI summary, which contains main idea behind the item is enough for me. As a bonus it resolves clickbait and is quite good at it. Also no ads, ever. For sure I need to implement some grouping because when the popular story breaks I have many stories about the same thing with mostly overlapping details. AI merging them would be quite cool.
I also asked AI to extract my interests from my browsing/watching histories of my all accounts. V2 of my newsfeed might utilize that somehow for better results.
Silly thing is I made it in one afternoon with my only motivation of being slightly more annoyed with the web on that day.
mannanj 2 days ago [-]
Particular model or LLM that you use?
scotty79 2 days ago [-]
Local ones (through ollama, probably will use something more performant when I move fully to it).
Since then I grew really fond of Qwen3.6 (it's super capable in coding against the DOM) so I'll probably try to move to it with the next iteration.
https://ollama.com/library/qwen3.6
mannanj 1 days ago [-]
Great stuff. Thank you!
CamperBob2 2 days ago [-]
So this actually runs within ollama, which you then leave up full-time? Or only when you manually want to refresh your news feed?
scotty79 2 days ago [-]
The prototype runs through ollama on my laptop while I browse. I usually have few hundreds stories ready from the previous session, as new stories come in they get processed in the background while I browse the old ones. It processes stories faster than I consume them.
When I move it to the server I might consider waking it up periodically to pull and analyze new stories and perhaps notify me if something absolutely great shows up.
There are so many possibilities for tuning it. And I don't need to think how to make it secure (beyond the basics), ultra performant, fitting other people's tastes and so on because this program has audience of one.
CamperBob2 1 days ago [-]
Very cool, so you just time-shift the good content while removing the rest. This program would have an audience of at least two if it were public.
How do the vector embeddings fit into the picture?
scotty79 1 days ago [-]
I was basically throwing stuff at the wall and seeing what sticks and makes a pretty picture for me. Vector embeddings were just one of the things I threw, in hopes of boosting news items thematically similar to the stuff I already liked. I can't really tell how much good or bad are they doing. All I know is that they are fast (embeddinggemma through ollama) and their output is worth few points in some combined heuristics that AI concocted for me.
j45 2 days ago [-]
It's a clean way to charge AI to read content too.
jeroenhd 2 days ago [-]
If all bots are subject to a rate limit, then the system works as designed. Especially if site operators can block bot accounts. Requiring accounts is one of the easiest solutions for that problem. One of the large issues with scrapers is that they pretend to be normal internet visitors that never visited your site before, because any bot that stored cookies would immediately be rate limited by basic config.
Turnstile isn't something Cloudflare put up to annoy you. It's what the website owners decided to put up, for many different reasons.
In the same vein, Anubis has a default configuration that lets honest scrapers and crawlers through, because those can easily be rejected by basic web server configurations. Only scrapers pretending to be browsers need to solve the proof-of-work puzzle. You can disable that feature, of course.
Cloudflare may play this smart: force bots to pay for access, then take 30% of the cut and give the rest to the website owners. That way, websites get paid when the AI slop machine digests their content. Normal visitors get in for free, turn the scraper hellscape into a sustainable model. Bonus points for letting websites set their own rates (pre-declared to scrapers, of course) to dissuade all but the most interested scrapers.
Hackbraten 2 days ago [-]
> Normal visitors get in for free
Except for the unfortunate minority of normal visitors who always get misclassified as bots and get denied access regularly.
I wouldn’t be complaining if Cloudflare’s misclassifier bit any user with the same small probability. But it keeps biting the same users over and over again.
jeroenhd 2 days ago [-]
It'll bite any user that the bots will copy. Every trick a user might use to make themselves unrecognisable on the web is also used by a bot farm somewhere out there.
Website owners that use Turnstile and other such services choose to exclude these users. A tiny margin of false positives isn't going to dissuade most website owners, I imagine only the ones that themselves have issues with Cloudflare will bother to add the necessary rules to permit uncommon users (and the bots that copy them).
ascorbic 2 days ago [-]
> Cloudflare may play this smart: force bots to pay for access
I want to set a cap of $100/month and know, for sure, that if something untoward happens my apps will all stop serving traffic rather than me getting hit with a bill for $1000s.
The safest way to use Workers is on the free tier, which will shut off after 100,000 requests/day: https://developers.cloudflare.com/workers/platform/pricing/#...
Capping it at 100K requests is a lot easier, because it's a single number that can be incremented easily in a distributed way.
It's the same reason it took AWS forever to offer billing caps, and even today, they label it as best effort. They don't guarantee you won't pay more than your set limit.
Let’s make a thought experiment.
CEO of Cloudflare introduces hard billing caps at a _business_ (not technical) level. Your organization will never be billed more than the level you set. Your app may stop, or may continue running, but above the monthly cap it’s free for you, it becomes Cloudflare’s expense if they didn’t pause the services.
I guarantee you that in this case, all technical issues you’re talking about would be solved in three weeks, and your service would go down within 3 seconds after hitting the cap.
If CEO decision were that any over-usage above the cap is deducted from employee bonuses from the specific product division that didn’t stop spending in time — all technical challenges would be solved in 48 hours.
Currently, there are literally zero organizational incentives for CloudFlare to develop any usage caps
All technical problems are like that. You throw labor hours and hardware at them and progress is made. The question is, how much does it take, and is it worth that much? Which in turn depends on how willing you are to patronize someone else if they don't.
Exactly. There's little "win" here for the business, especially when the simpler "just cap at n requests" solution exists. Pursuing this solution:
- introduces more technical complexity (increased cost of developing, testing and maintentance)
- forces overage costs onto the vendor, who will then... increase prices to cover these costs, which upsets customers and makes the company less competitive.
- doesn't improve cost prediction (since n requests can be costed out a $/request quite easily and reliably)
(The cynical will say something about "the business has an incentive to _not_ fix this issue because they get paid for overages", but this assumes that Cloudflare has the, "monopolistic" market power to make customers unhappy and still charge whatever they want. In this case implementing billing caps wouldn't do anything because Cloudflare could just... charge whatever they want.)
Suppose it would cost them X million dollars a year to provide the feature and providing it would cost them nothing in terms of sales, and indeed get them a few more because people like the feature. Well, it still costs them that amount to provide it, so then the question is whether X is less than Y. But you don't control how much it costs them to implement it, only how much of your business you're going to take somewhere else without it, and if nobody is willing to do that then why would you expect them to spend the money?
It doesn't have to be that they're purposely screwing you. It's just that if you don't care enough to choose differently then why would they?
> Suppose it would cost them X million dollars a year to provide the feature and providing it would cost them nothing in terms of sales, and indeed get them a few more because people like the feature. Well, it still costs them that amount to provide it, so then the question is whether X is less than Y.
lol, that is the cynical option!
It's just "we profit more by charging people for overages than we would if we put in a price cap", with more words!
It's the same as making a subscription people can enroll in online, but cancelling it requires going to the HQ in person, or writing a registered mail demand letter, etc.
After all, why build a way to cancel online subscriptions online if X is more than Y? Maybe it's more profitable to keep charging people for something they don't want.
"The cynical option" is any option which consistently puts pure profitability ahead of doing the right thing by customers, society, or human decency in general, and that is precisely the Cloudflare decision criteria we're discussing.
(I get that they're not happy to do that.)
It is a very solvable problem, I just don't think pre- vs postpaid changes it.
If your company is on an enterprise plan, at least for us all of the limits are pre-negotiated and prepaid, and you aren’t billed for overages (although if you consistently overage, sales will start badgering you to negotiate a limit increase, but my experience is you can simply ignore their demands and they eventually go away)
It does drive me crazy that their enterprise tier “caps” bandwidth. Our company overaged on one of our domains, so we moved the domain out of our enterprise license onto a self-serve plan, and like magic, back to unlimited bandwidth.
> If Customer exceeds any of the Total Quantity for the Services below, Cloudflare will invoice Customer in arrears at a rate that corresponds to the rate set forth in the table after this one labeled “Excess Usage Pricing.” If no such Excess Usage Pricing table has been added by the Parties to this order form or if such table does not include the Service(s) for which Customer has exceeded the Total Quantity, then the Parties will negotiate in good faith an increase in the Fees for such Service(s). Should the Parties fail to reach an agreement on an increase within thirty (30) days of Customer’s receipt of notice from Cloudflare that Customer has exceeded its usage cap for the Service(s), Cloudflare will have the right to immediately terminate such Service for its convenience, and without liability to Customer or any third party.
You don't see how the spend cap is linked to the bandwidth cap?
There's your next feature to port, Cloudflare: PEACE OF MIND!
They prefer waiving the occasional DDoS / misconfiguration over giving their customers to cause outages with something so trivially forgotten about and so disconnected from the tech and actual platform.
"Oh that thing that was an experiment and had billing caps turned on but we rushed in to production and now the whole business relies on that thing is in an outage and destroying customer trust we've barely earned yet"
I get the flip side but... 2nd order effects oof.
also its funny that i have a backup to cloudflare in case it goes down—that seems to be a regular event now as of lately with CF
Also, if it's really a problem or you are estimating it'll certainly be a problem, do email alerts or a strict shutdown if xx requests are hitting your account. You can have a simple counter in a KV.
> Any agent can now run wrangler deploy --temporary and deploy a Worker to Cloudflare. This temporary deployment stays live for 60 minutes, during which time you can claim the temporary account, making it permanently your own. If you don't, it expires on its own.
Forget about agents, Cloudflare just provided free scratch deployments - ephemeral for 60 minutes - for anyone.
This is going to be amazing for things like PR previews and code review. Being able to deploy a preview to a working URL for free is a huge reduction in friction.
I hope it doesn't get abused so much that they turn it off again.
as far as i’m aware, that’s fully binding and often an accepted practise - take Minecraft’s server software, where you must accept the EULA with a text flag before running
Ideally the agent is supposed to be responsible to surface its own TOS and the downstream TOS to the user. In other words most likely the agent is on the hook if this goes to court
Here the agent is not a person. It's unclear this principle holds legally
The limits are 100 workers on free and 500 on paid.
And if need more then you can always go their platform which supports tenancy.
As long as you have a cronjob or similar to clean up the cost of having per PR preview is pretty much zero.
On the other hand, we already use regular CF builds for frontend previews, but that doesnt solve a fullstack PR preview much
Uh that's already true?
[1] https://developers.cloudflare.com/workers/platform/claim-dep...
Any process that doesn't take down phishing sites within a few hours at most is inadequate for protecting potential victims. Especially when I compare it to all the other providers I report abuses to, Cloudflare doesn't strike me as a company that takes abuse reports particularly seriously.
If it helps laugh DDoS attacks they would be incentivized to do the exact opposite. They can charge more for “protection” then.
- simply expose containers to the world directly - without having to go via workers.
- You have other amazing parts of the stack anyway (D1, durable objects, a great object store). These aren't considered "lockin".
- workers is "lockin" - not similar enough to lambda/cloud functions and so becomes CF specific.
Not having a simple container based compute piece has made me hesitate in taking up CF. (Fly or firebase won out)
[1] https://blog.cloudflare.com/three-chapters-at-cloudflare-pro...
I run workers and containers and am curious what you mean. Do you have specific use cases in mind outside of the worker invocation model? If so, I'm curious what you'd want to run on Cloudflare. Otherwise, workers don't have to be much of a "lockin" if treated as a thin layer, more like configuration.
> You have other amazing parts of the stack anyway (D1, durable objects, a great object store).
Instead, if you mean accessing these resources from containers, it's a bit clunky [0] but it's there - you should be able to access worker bindings from containers through those outbound handlers.
[0] https://developers.cloudflare.com/containers/platform-detail...
Agreed. I wish CF had something like Azure's new fast-starting Express containers.
https://snail-game.solstice-barometer.workers.dev/
pretty cool.
A “create account” button accessible to me would be so much better. Then, I create the account and invite the client to join as owner.
The system I follow is creating a new account for the client using a plus-code on my email address (like john+client10@example.com), then I invite my main account (john@example.com), then I can invite clients into that account. Its a PITA.
[1] https://blog.cloudflare.com/enterprise-grade-features-for-al...
The right model for agentic API usage is having LLMs write scripts that use APIs. Connecting agents to MCPs and telling them to go and do stuff over and over not only wastes money but invites catastrophe.
The article worded it perfectly; friction-less "efforts"
This could lead to people having a large amount of separate accounts.
It says to claim you can either sign up or sign in.
This would only work if they would provision docker image deployment, similar to google cloud run, but the still, everything serveless has its own caveats…
The latest models appear to know CF Workers inside out and are very capable of doing that if you ask them to.
Here's my GPT-5.5 xhigh + Codex Desktop transcript building one just now: https://gist.github.com/simonw/264bd6b8a39fc34c91c9c867454c6... - code here: https://github.com/simonw/cloudflare-redirect-resolver
What makes you say that?
It's almost always better to use Durable Objects storage, rather than D1. Even if you only want a single global database, it's better to implement that as a singleton Durable Object, than by using D1. Because that's all D1 itself actually is: a singleton Durable Object that exposes an API to its SQLite database. It's just a wrapper.
With raw Durable Objects, you get to bring your code to run on the same machine as the database itself. Your queries run on a local file, synchronously, rather than going over a network. There is essentially zero latency when using sqlite storage in a Durable Object.
If your app does no more than one DB query per request, then D1 is fine: the Worker runs near the end user, and talks over the long-haul network to D1 just once. Whereas with Durable Objects, your Worker would talk over the long-haul network to the Durable Object. No difference.
But if your app ever does two or more queries in series for a single request, then Durable Objects becomes vastly better, because you get to move that query-chaining code to happen directly where the database lives, rather than have multiple round trips.
Really, though, the only reason D1 exists is for comfort. Once you know how to use Durable Objects, there's no reason to use D1. We offer D1 because a lot of people don't want to learn a new model. (Which is fair. People are busy and may have better things to do.)
One caveat: D1's read replica support still isn't exposed in a way that you can use it in raw Durable Objects, so if you are using that, it's a legitimate advantage to D1. But we do plan to bring this functionality to raw Durable Objects at some point.
There is a feature called "smart placement" which, when enabled, tells us to detect if a Worker commonly makes multiple round trips to a particular backend and, if so, try to run the Worker close to that back-end, instead of close to the user. This helps with D1. But even if you have the Worker running in the same colo or even same machine as the D1 database, you're still speaking a network protocol to talk to it, serializing and deserializing data, switch contexts, etc. Directly invoking SQLite locally will still be orders of magnitude faster.
Also with Durable Objects you can have many objects, e.g. one object per user or one object per document, spread around the world. It's a distributed systems building block. Many of the things you can build on it can't really be "smart" auto-detected.
Also Cloudflare: let's send normal humans who are trying to go about their daily lives into endless Turnstile spinner loops with absolutely zero recourse, grievance, or support infrastructure.
Turnstiles per minute.
...and the top 10% by wealth own 90% of the stock market.
So even among the half that do have retirement savings in 401ks and the like it is on average very little compared to how much the truly wealthy have invested.
Also if you buy a index that invests in a stock that doesn't make you a shareholder. Vanguard, for example, would still be the shareholder in the company's records, not the people who invest in Vanguard's index funds. Of course, its stock price movements will have an impact on your holdings if the stock is in the index but legally, you are not a shareholder.
I went for a personal newsfeed, agent pulls news form ~100 feeds related to my interests. Then reads all articles for me and orders them by how interesting they might be for me. I specifically asked for vector embeddings, up/down votes (-2..+2), visited status, LLM content evaluation. Probably there are some other mechanisms I didn't even bother to check. It's a work in progress but I can see myself replacing most of my news reading with it. For many news the AI summary, which contains main idea behind the item is enough for me. As a bonus it resolves clickbait and is quite good at it. Also no ads, ever. For sure I need to implement some grouping because when the popular story breaks I have many stories about the same thing with mostly overlapping details. AI merging them would be quite cool.
I also asked AI to extract my interests from my browsing/watching histories of my all accounts. V2 of my newsfeed might utilize that somehow for better results.
Silly thing is I made it in one afternoon with my only motivation of being slightly more annoyed with the web on that day.
When I touched it the last time I was a fan of gemma4 https://ollama.com/library/gemma4
Since then I grew really fond of Qwen3.6 (it's super capable in coding against the DOM) so I'll probably try to move to it with the next iteration. https://ollama.com/library/qwen3.6
When I move it to the server I might consider waking it up periodically to pull and analyze new stories and perhaps notify me if something absolutely great shows up.
There are so many possibilities for tuning it. And I don't need to think how to make it secure (beyond the basics), ultra performant, fitting other people's tastes and so on because this program has audience of one.
How do the vector embeddings fit into the picture?
Turnstile isn't something Cloudflare put up to annoy you. It's what the website owners decided to put up, for many different reasons.
In the same vein, Anubis has a default configuration that lets honest scrapers and crawlers through, because those can easily be rejected by basic web server configurations. Only scrapers pretending to be browsers need to solve the proof-of-work puzzle. You can disable that feature, of course.
Cloudflare may play this smart: force bots to pay for access, then take 30% of the cut and give the rest to the website owners. That way, websites get paid when the AI slop machine digests their content. Normal visitors get in for free, turn the scraper hellscape into a sustainable model. Bonus points for letting websites set their own rates (pre-declared to scrapers, of course) to dissuade all but the most interested scrapers.
Except for the unfortunate minority of normal visitors who always get misclassified as bots and get denied access regularly.
I wouldn’t be complaining if Cloudflare’s misclassifier bit any user with the same small probability. But it keeps biting the same users over and over again.
Website owners that use Turnstile and other such services choose to exclude these users. A tiny margin of false positives isn't going to dissuade most website owners, I imagine only the ones that themselves have issues with Cloudflare will bother to add the necessary rules to permit uncommon users (and the bots that copy them).
https://developers.cloudflare.com/agents/tools/payments/