
Google, Microsoft, Qualcomm and Baidu Announce Joint Investment in CloudFlare - oroup
http://www.forbes.com/sites/katevinton/2015/09/22/google-microsoft-qualcomm-and-baidu-announce-joint-investment-cloudflare/
======
chubot
If your website is well-coded and administered, does CloudFlare offer any
performance benefit? (leaving aside security for now)

If a page is static, then CloudFlare can cache it. But if you set your cache
headers appropriately, and use efficient serving code like nginx, I imagine
serving static content is pretty darn cheap.

If a page is dynamic, then how can CloudFlare really speed it up? You don't
want them serving stale pages to users. So it has to hit your server every
time, in which case the user might as well hit your server. In that case, I
don't really see how CloudFlare improves things.

Am I misunderstanding how CloudFlare works? It seems like if you follow
typical performance tips like [1] then most of CloudFlare's benefit is
eliminated.

I guess [1] does tell you to use a CDN. You can save end user network latency
for cached static pages, since they cache them in multiple geographic
locations. But if you have a simple site with 1 .js and 1 .css file per page,
and compress and minify everything, I wonder if it's worth it.

[1] [http://www.amazon.com/dp/0596529309](http://www.amazon.com/dp/0596529309)

~~~
brandon272
I was using CloudFlare on a site that has a wide overseas following with a lot
of visitors from different continents. I was getting a lot of complaints that
the site was terribly slow. When I went back to just serving the site directly
from it's server in Atlanta, the complaints ceased.

Since then I have been hesitant to use it again.

~~~
pakled_engineer
You get a lot of "testing your browser" delays if you're from certain regions,
also the annoying captcha gateway if behind a big mobile NAT that was
blacklisted somewhere because of one spammer or maliscious user, or if using
some VPNs/Tor especially the free tier VPNs

~~~
manigandham
This is part of their security features. All of them can be disabled if you
want.

------
Karunamon
Silly question: How does CloudFlare make any money?

Any random can put any site behind their (very fully featured) free services
and get free CDN, free antimalware, and free $other_services, with no seeming
limits as to the amount of traffic you get. This has no impact on the target
site. There are no ads or any other such. Their enterprise products only offer
a few more features at a massive cost hike.

How are the bandwidth costs not eating them alive, and how are the free users
being subsidized?

~~~
philip1209
The consumer freemium model is probably negligible money in the grand scheme
of things. Here is an article about how Cloudflare developed a keyless SSL
tool to bring Goldman Sachs on as a client:

[http://www.wired.com/2014/09/new-internet-security-tool-
guar...](http://www.wired.com/2014/09/new-internet-security-tool-guards-
goldman-sachs-eavesdroppers/)

Downtime is expensive for large companies, including financial institutions. A
DDOS that takes down the site could cause a dip in the stock price. CloudFlare
technology (should) prevent DDOS and other basic security issues. It does this
without appliances and without having access to private SSL keys.

Imagine the opportunity cost of a bank going offline, and you can start to
understand just how much money CloudFlare stands to make from large
corporations.

~~~
dublinben
Wouldn't any large enterprise client like this already have a CDN or DDOS-
proof hosting provider?

~~~
philip1209
I don't know for sure, but they likely have to provide a private key to these
providers. Other big disadvantage of a "DDOS-proof hosting provider" is that
they likely are not distributed, so absorbing large DDOS is hard.

~~~
rdl
Just to set a baseline: _Nothing_ is DDoS-proof. (even CloudFlare).

What you want is DDoS resistance which is as strong as possible, and
sufficiently strong for your application.

It's essentially impossible to have a single location anywhere in the world
which is able to resist the largest attacks today (many hundreds of gigabits
per second); even if your site somehow has 10Tbps of interconnects, the
networks near you will get saturated. (And I don't think you could buy 10Tbps
of interconnect to various networks at a single building today)

You could accomplish bigger-than-single-site DDoS resistance in three ways:

1) Direct private connections to users (there are systems which are unsuited
for the public Internet!)

2) Buying lots of long-haul off-Internet transport to networks around the
world; running your own private network which interconnects in-core in various
important networks around the world.

3) Building a highly redundant global distributed front end which then
backhauls traffic (over public networks, private networks, some combination),
and potentially handles some or all of that traffic at the edge directly
(cache, and maybe someday edge processing...)

(#3 can also be accomplished with an application having a loosely coupled
front end; if you're just serving static content this is trivial. If you can
deal with eventual consistency, it's also relatively easy. It becomes
incredibly difficult for regular web apps or anything with lots of writes
which need to be globally atomic. There's a lot of great CS work to be done,
and then tool development, to make truly distributed web apps possible, then
easy...)

#1 and #2 are incredibly expensive as the number of users scales up. #3 is
what ~everyone does, even the biggest DDoS targets. CloudFlare and other
providers are good at doing #3 for you so you don't have to, but theoretically
a large company with a lot of money could do this themselves. It's probably
not a core competency of a large financial institution to do this, so modulo
trust issues, it makes sense for them to pay a provider to do it. We're
working particularly hard at technical solutions to the trust issues, cost,
etc. to make it a good solution for anyone.

------
Nux
Welcome to the Cloudflare-net.

Half the internet is behind CloudFlare now. Since they can't easily "own" the
Internet, they could as well own CloudFlare.

Not impressed and I hate all this hiding behind Cloudflare and other proxy
services; most of the cases are just hipster/hype powered, rather than in
actual need.

~~~
JorgeGT
I use CloudFlare because I like their DNS service; I've switched off
proxy/caching entirely :|

~~~
nly
It's pretty amusing that the DNS has such a distributed design yet everyone
wants to centralise their authoritative nameservers on services like Route 53
and Cloudflare. Latency shouldn't really be an argument in the case of DNS
because it was designed such that folks would be using their ISPs low-latency
caches/recursors

In theory, HTTP could have been the same way, if it wasn't for for complete
lack of respect caching got once the web moved to dynamic database-driven
designs and the temptation for middleboxes to overstep their remit.

~~~
NDizzle
Are you saying that Route 53 and Cloudflare don't have distributed DNS? How
could they not be, when my OLD PAL 4.2.2.2 has been distributed since the 90s?

~~~
nly
I'm sure they have geographically distributed and anycasted servers. I'm
talking more the moral or sociological impact, post-Snowden, of relinquishing
control of our services to a handful of third parties en masse. It seems that
building systems that are designed to be distributed, federated and
cooperative isn't actually enough to overcome our natural tendency to want to
pool resources and build communal lines of defence against the perceived 'Big
Bad'.

Broken middleboxes meant HTTP/2 needed to become TLS-only, which now means
middleboxes can't be used at all, which means no caching, which means we all
go to Cloudflare or another CDN as a professional MITM service. It's all
fairly ludicrous. In principle the idea of ISP web caches was a good one, just
like how ISP provided DNS caches are essential in keeping the Internet as we
know it reliable.

~~~
manigandham
HTTP/2 is not TLS only and does not require encryption.

However if you are using encryption, how do you expect ISP caches to work?
Like you said "middleboxes can't be used at all".

------
yalogin
Is Amazon competing in this space? Since AWS is used heavily in the startup
world, it seems like a no brainer to also provide cloudflare functionality,
more so given that they have servers all over the world.

~~~
rajathagasthya
Amazon has CloudFront which is a CDN, but I don't think it offers any security
features like CloudFlare does.

~~~
rmdoss
Oh, it does. Their have their Kona WAF... Just a lot more expensive.

Incapsula or Sucuri are the ones that compete with a lower pricing.

------
chinathrow
Well, that alone makes the move to CloudFlare even more unlikely at all. More
huge investors means more control over what CF does and what CF will do with
all the data they see flowing through. Bigest MITM just got bigger, at least
financial wise.

Not for me.

------
TorKlingberg
Why Qualcomm? They make mobile chips. Are we going to see SoCs specially
optimized for communicating with CloudFlare servers? That sounds like a
potentially bad idea.

~~~
pakled_engineer
Both MS and QC have jointly invested in CDN mobile video streaming before like
“DASH: Dynamic Adaptive Streaming for Better Mobile Video User Experience.”

Since Cloudflare has full China access the goal would be to take over the
local streaming market I guess, sell Xiaomi or MS phones with streaming
packages that likely MS will provide or lease out.

~~~
pki
MS also has china access via Azure China

------
polskibus
How does CloudFlare compare to Akamai? Are they direct competitors?

~~~
adventured
Sort of. CloudFlare is eating into the bottom third of Akamai's business. A
skeptic on that might say that Akamai's is an enterprise, high-end solution,
and that CloudFlare is for everything else - and so they don't really compete.
My contention is that CloudFlare will climb upwards, taking ever great amounts
of their business (as so often happens in tech).

~~~
josh2600
Climbing up is a lot harder than climbing down.

~~~
rdl
In tech it is well known to be the opposite of that. Low end products move
upward. It's very hard for high end focused companies to move downward.

~~~
josh2600
Counterpoint: uber, but yes I hear you.

~~~
rdl
Uber's moving down from Uber Black to UberX, Pool, etc., but wasn't really an
"incumbent" (they are young), and it was fundamentally cheaper-than-limo even
from the beginning (by letting you pay by the ride vs. per time block).

This is more about big established companies. It's not really even technical;
it's protecting their revenue, employee/management structures, etc. built
around high-end from low end.

It would be interesting to find organizations which did historically build
super high end stuff which moved down into consumer. Both successful and
unsuccessful examples.

iRobot MIGHT be an example -- moved down from DARPA and Packbot to the Roomba;
but they weren't really established, and those were different sectors.

Apple has sort of moved downmarket from computers (and, expensive ones) to
cheaper ones to phones. But those were mostly adjacent sectors, not in their
core product.

I'd love some counter examples where it was within the same product, an
established company (say, 10+ years selling the old product), and moved in at
the low end.

~~~
arscan
Tesla is on that trajectory. But the plan was always to go for the lower
market eventually and use the higher end markets to incubate the technology,
so I don't know if it counts. I think you just need some serious institutional
discipline to make it work.

Same deal with SpaceX.

~~~
rdl
Someone on Twitter suggested Nokia; the entire cellphone market definitely
moved from high-cost to high-volume. Nokia was amazingly strong right before
smartphones. Even through the smartphone days, they got costs down so the
delivered cost of a Nokia phone in Africa was less than Apple pays to ship an
iPhone 6S to me from China...

~~~
josh2600
FWIW, minus the Burning Platform memo, it's entirely possible that we could
still be looking at Nokia as a large player on the world stage.

------
fweespeech
Yeah, at this point, we honestly and genuinely need large CloudFlare
competitors.

So hopefully one of their competitors is able to get more competitive.

~~~
josefresco
Is Google's Cloud DNS product a competitor?
[https://cloud.google.com/dns/](https://cloud.google.com/dns/)

Doesn't seem like it has the "firewall" capabilities of CF.

Also found this:
[http://alternativeto.net/software/cloudflare/](http://alternativeto.net/software/cloudflare/)

Because of the size of the WordPress market, Sucuri.net might be a legit
competitor.

~~~
fweespeech
You are mostly listing CDNs and/or DNS services. None of which are
"competitors" to what Cloudflare is offering.

Akamai and Incapsula are the only real competitors and, tbh, none of them are
particularly "good" which is why CloudFlare has been so successful.

Sucuri is fine for a corporate blog or the like but it just really isn't
usable for a high traffic site with alot of dynamic content.

~~~
danielcid
Curious why you say that of Sucuri? Have you tried us recently?

We have some very very large sites using our services now with great
performance. During the last 6-12 months we basically rewrote our entire
stack, built our anycast network and focused a lot on performance optimization
and expanding out services.

You can ping me directly if you prefer too.

thanks!

Daniel Cid (CTO/Founder of Sucuri)

~~~
fweespeech
I haven't used it in the last 8 months, so its quite possible this stack
rewrite leads to reasonable performance.

However, I'm not going to try it on a production website to see.

------
duncans
Following this iOS Content Blocker furore, a CloudFlare-type service could be
an ideal place from which to inject and serve ads; as opposed to the client-
perf-sapping script tags the industry has been using so far.

~~~
scurvy
One of their future business plans is/could be to replace your low performing
ads with their higher performing ads in far-flung locations you're not
optimizing for.

------
ck2
I can't get to the original link, something forbes is messing with, however
this works:

[http://google.com/search?q=cache:http://www.forbes.com/sites...](http://google.com/search?q=cache:http://www.forbes.com/sites/katevinton/2015/09/22/google-
microsoft-qualcomm-and-baidu-announce-joint-investment-cloudflare/)

~~~
sudhirj
That's because the Forbes interstitial is one giant ad that your newly found
blocker is blocking.

------
pdknsk
Personally I dislike CloudFlare for the simple reason that they encourage site
owners to use their _lossless_ image optimisation service, which isn't
lossless. Thus many images appear different than intended when hosted behind
CloudFlare. I wrote about this earlier:
[https://news.ycombinator.com/item?id=10192587](https://news.ycombinator.com/item?id=10192587)

Quote from their website.

 _The Lossless mode removes all the unnecessary bloat from an image file, such
as the image header and meta data, without removing any image data. This means
images will appear exactly the same as they would have before._

The last sentence is false, at least for images with color profiles on all
non-mobile browsers. There are other possible minor cases.

~~~
aaron42net
Do they just strip the color profiles? Or do they apply them and convert to
sRGB?

------
brownbat
See also, discussion of the CloudFlare blog post:
[https://news.ycombinator.com/item?id=10215560](https://news.ycombinator.com/item?id=10215560)

------
rebelde
So does Cloudflare now get around the slowness of passing through the Great
Firewall? (Currently, I don't use CF and our website is slow from inside
China.)

~~~
georgebashi
Yes, they wrote a blog post about it here: [https://blog.cloudflare.com/how-
we-extended-cloudflares-perf...](https://blog.cloudflare.com/how-we-extended-
cloudflares-performance-and-security-into-mainland-china/)

------
maartendb
I'd love to see more transparency in the way Cloudflare, or CDNs in general,
decide to cache or not cache your content. For example: Cloudflare publishes
crawl frequencies in their pricing table but what do they actually do with
that content? Push it to all their edges? I'd doubt that. I guess it's based
on website traffic, your website pricing plan, ... but it seems quite
arbitrary to me.

~~~
manigandham
All of this is answered in their documentation [1] and admin console help
text.

Most CDNs only cache in the local POP on the first request and respect the
headers the origin sends. The crawl frequencies are for keeping things
available if your origin is offline and depends on your plan as listed on the
site.

1\. [https://support.cloudflare.com/hc/en-
us/articles/200168256-W...](https://support.cloudflare.com/hc/en-
us/articles/200168256-What-are-CloudFlare-s-caching-levels-)

------
strangemix
Why was Fidelity not mentioned in the headline?

[http://www.marketwatch.com/story/fidelity-google-
microsoft-b...](http://www.marketwatch.com/story/fidelity-google-microsoft-
baidu-and-qualcomm-back-cloudflare-to-help-build-a-better-internet-2015-09-22)

------
pjbrunet
I liked the CloudFlare concept (protecting good people) until I found it
protects bad people as well: scammers, thieves, cybersquatters, phishing.
CloudFlare makes it very difficult to contact the web host cloaked by
CloudFlare.

CloudFlare is helping the scum of the Internet. They need to be held
accountable for what they're serving, if they're not going to reveal who is
hosting the site. If there's a way to find the originating IP of these
scumbags, I would like to know. Obviously traceroute doesn't work because the
IPs show up as CloudFlare.

The way I see it, CloudFlare should be required to publish who is hosting the
websites they cloak. Otherwise you're encouraging a lawless Internet where
anything goes without any consequences. I sincerely hope these larger
companies address this problem.

I hope some journalists dig into this because I think there's a good story
here. Maybe CloudFlare doesn't have the staff to review the activities of the
sites they're protecting? That's a serious problem, in my opinion, because
their cloaking technology is very effective.

~~~
harshreality
Have you thought about that beyond your knee-jerk reaction? One of the primary
reasons for using cloudflare is resistance to denial of service attacks, and
you want cloudflare to helpfully publish the real IP of the server CF is
proxying for?

Scammers, thieves, phishing, and cybersquatting are weak or nonsensical
reasons for demanding that CF reveal the IP they're proxying for. If a site is
breaking the law, use the legal system to request the real server IP from
cloudflare.

I suppose you're also against Tor, because it cloaks client-side evildoers
like CF cloaks server-side evildoers?

~~~
pjbrunet
I should be able to easily contact the web host and say, "Heads up, your
server is doing some bad stuff." This works because hosts don't want to be in
business with scum. They take care of it. Because it's the right thing to do,
or because they would rather not be involved in a lawsuit, on the wrong side
of a PR nightmare. Pretty basic, Internet 101. If I email abuse@cloudflare.com
nobody gives a shit. It's irresponsible. A lawsuit should be a last resort.

I'm not advocating a more or less anonymous Internet by criticizing
CloudFlare.

PS: I enjoyed your comment and upvoted it.

~~~
snug
Have you tried
[https://www.cloudflare.com/abuse/](https://www.cloudflare.com/abuse/)

------
mdekkers
I am a long-standing CF partner and supporter. This really does not fill me
with happy, warm thoughts. I love the CF tech and offering, but am going to be
forced to look around for alternatives.

~~~
simonsez10000
Why?

~~~
marodox
Because giant tech companies only have malicious intent and now CF will be
spying on everyones lives, duh.

------
astrowilliam
Does anyone have a link to a viable contender? I have used cloudflare in the
past and it was great but now I need a new service.

~~~
eli
We use Amazon Cloudfront, but it's more like a traditional CDN so not exactly
the same.

I've also heard good things about
[https://www.fastly.com/](https://www.fastly.com/)

------
EugeneOZ
Congrats, CloudFlare, I always liked to use your services.

------
dzhiurgis
They must have also have some very useful browsing data.

------
cagenut

        “The world is looking for their Android,” Prince says. “We’re the Android of cloud services.”
    

I can't tell if this is inane exec-speak or if this means they really intend
to branch out into stuff like a dropbox/gdrive storage product and a
compute/ec2 like service.

full disclosure: I start work for a competitor at the end of the month

~~~
tlianza
I think it's more like they're part of the "Android ecosystem" where you have
a lot of choice around fundamental components, as compared to the iOS
ecosystem.

I get your point that Android, broadly, is a competitor to Apple. But, I think
he's not just highlighting that the world needs an Amazon alternative (it has
several).

I think he's saying the world needs a more open ecosystem where they have the
choice of best-of-breed components from different companies. And, in that
world, you might be able to pick the world's best compute stack from one
company, use Cloudflare as the world's best edge/networking stack, etc.

