I haven't really measured the speed from other locations but I will do it and file the ticket to let you know about it.
How does it do this? I'm going to be flipping our content-service from IIS to CloudFront soon so I'm familiar with CloudFront on a theoretical level. Not clear on what you mean.
Even if you were down at the $200/mo plan, that's 45TB/mo before you get to the "95% less expensive" point; I have tens of millions of users worldwide downloading megabytes of packages from me (while the Cydia ecosystem has tons of things much larger, I don't host those: I just have the core package), and I don't often go above 45TB/mo.
Is the idea here that CloudFlare is seriously giving you ludicrously unlimited amounts of bandwidth (and will not give you any crap about it) with a high cache-hit ratio even at their $20/mo plan? If so, I'm going to have to run some insane experiments with their service ;P. (Part of me isn't certain that I want them to hate me that much, though ;P.)
(edit:) Ok, I looked into this some, and this argument ("they don't charge for bandwidth") is just as false as one would expect given that it isn't feasible of them to price that way ;P. Their terms of service makes it very clear that they are only designed for HTML, and that "caching of a disproportionate percentage of pictures, movies, audio files, or other non-HTML content, is prohibited" <- yes, even "pictures".
With this glaring restriction, there is really no way I can imagine any reasonably-normal company getting a 95% reduction in hosting costs over another CDN, even CloudFront: if you are pushing tens of terabytes of mostly-HTML content a month, you are doing something insanely awesome (and we've probably all heard of you ;P).
Yes: if you had a single server somewhere out in the cloud that was sitting in front of yours as a cache (which is how most developers seem to conceptualize this: such as running a copy of Varnish), it is easy to say "ok, I'll cache this for a day"; however, you first are going to run into limits on what can be stored on that box: there is only so much RAM, and it doesn't even make sense to cache everything anyway.
You can spill the content to disk, but now it might actually be slower than just asking my server for the content, as my content might have it in RAM. This is a major differentiating factor, and some CDNs will charge more to get guaranteed access to RAM for either certain files or in certain regions or for certain amounts of data, as opposed to getting spilled off to some slower disk. However, there is also only so much disk.
Even with an infinitely large and very fast disk, though, you don't have one server: in an ideal situation (Akamai), you have tens of thousands of servers at thousands of locations all over the world, and customers are going to hit the location closest to them to get the file. Now: what happens if that server doesn't have the file in question? That is where the architecture of how you build your CDN really starts to become important.
In the most naive case, you simply have your server contact back to the origin; but, that means as you add servers to your CDN, you will require more and more places that will need a copy to get cached. This isn't, in essence, a very scalable solution. Instead, you want to figure out a way to pool your cached storage among a bunch of servers... and somehow not make that so slow that you are better off asking my server for the original copy.
You then end up having bigger servers in each region that a front-line server can fall back on to get the cached copy, but that server is now going to become more and more of a centralized bottleneck, as more and more traffic will have to flow through it (as a ton of stuff always ends up not being currently warm in cache). It also eventually looks more and more like the centralized server straining for storage, and will have to evict items more often.
Some places might spend more time trying to specialize specific front-line servers for specific customers (some kind of hashing scheme), but then the CNAME'd DNS gets more complex and is less likely to be cached in whatever ISP this is, or you can attempt to distribute routing tables between your own servers for where to find content, etc.; this simply isn't a simple problem, and certainly doesn't come down to something as simple as "well, I told them to cache it, so they did: read my Cache-Control headers".
In some cases, you might even "well ahead of time" go ahead and download a file that you think might be valuable to other regions; you might also attempt to optimize for latency, and do prophylactic requests for things that clients haven't even asked for yet, so you can get them cached and ready for when they do (CDNetworks, for example, normally re-request files that are actively used when they are still 20% away from expiring, to make certain that the file never expires in their cache, which would cause a latency spike for the poor user who first requests it afterwards).
> ... Cotendo pre-fetches content into all of its POPs and keeps it there regardless of whether or not it’s been accessed recently. Akamai flushes objects out of cache if they haven’t been accessed recently. This means that you may see Akamai cache hit ratios that are only in the 70%-80% range, especially in trial evaluations, which is obviously going to have a big impact on performance. Akamai cache tuning can help some of those customers substantially drive up cache hits (for better performance, lower origin costs, etc.), although not necessarily enough; cache hit ratios have always been a competitive point that other rivals, like Mirror Image, have hammered on. It has always been a trade-off in CDN design — if you have a lot more POPs you get better edge performance, but now you also have a much more distributed cache and therefore lower likelihood of content being fresh in a particular POP.
Given all of this, what I've heard from people using CacheFront that have shopped around and know enough to pay attention to this kind of metric is that their cache-hit ratio is somewhat poor in comparison to other CDNs you might use. I am thereby curious if that's one of the things that is causing CloudFlare to come up much better than CloudFront, if it is a specific feature from CloudFlare that is helping, or if it is just that CloudFront is so expensive in general (bandwidth from CloudFront is ludicrously bad: even Akamai tends to hit you with initial quotes that are better than what CloudFront offers; but 95% reduction in price seems "unbelievable").
It's really a pretty amazing language, when you embed it you can choose exact what functionality is exposed to the scripts you run in it, so it's pretty good for sandboxes type code (though, imposing memory restrictions is much harder).
As for your comment on the implementation size: I'm not sure which way you meant it (complimentary or pejorative) but I often find people react to this in exactly the opposite fashion I would. I see "self-ish/JS-ish/python-ish semantics in 20kloc of ANSI C? Sign me up!". I find some people see it and assume it to be a toy. It reminds me of the Bill Gates line about (paraphrasing) "measuring software's success by lines of code is like measuring an aircraft's success by its weight".
The most obvious issue that everyone stumbles across is the "counting from 1". It seems like a minor thing, but the context-switch remains a drag when you're dealing with complex data-structures in two languages and only one of them is Lua.
The impedance-mismatch becomes even more apparent when the table-abstraction meets serialization. The lack of distinction between an "array" and a "hash" is awesome when you're in a pure Lua-environment, but it becomes a real problem when you need to exchange data with languages that do depend on this distinction (e.g. if you feed Lua an empty "array" it will later serialize it back to an empty "hash").
The final issue that I can't resist mentioning here is not a language but a community/mindset one. Up to this day Lua doesn't have an established package manager akin to RubyGems, Pip, Maven, Leiningen etc. (Luarocks exists but is... well, I've yet to see someone actually using it)
This is a deadly sin in terms of mainstream adoption. It makes deployment a serious pain in the ass.
GoLang shows how a modern language is supposed to handle this (importing/bundling packages directly from urls). I keep hoping someone will add something similar to lua-core, but I'm sadly not very optimistic about it.
I think many of the driving people behind Lua just don't care about it becoming a mainstream language or not. They care about it shining as an embedded language (and it does!) - it's just a little bitter for those of us who would love to use it on a broader scope.
> ... everyone stumbles across is the "counting from 1" ...
Fair enough :) I find this objection to be largely a matter of taste; it was never an issue for me [added in edit: even when interoperating with C and JS code]. People have made similar complaints about Matlab that I never found persuasive (there are other more persuasive criticisms of Matlab's language design). I think the core argument I'd make here is that if you're using Lua tables in a way that requires array-offset semantics for the index variable, you could probably step up a level of abstraction using ipairs/pairs and save yourself worrying about 1 vs 0.
> The impedance-mismatch becomes even more apparent when the table-abstraction meets serialization.
Lua tables naturally serialize to Lua table syntax (modulo cycles). This is in fact Lua's origin story (if Lua were a spiderman comic, it would be a story of a table description language being bitten by a radioactive register-based VM). At a technical level, how are Lua table literals any less successful a serialization format than JSON (i.e. JS object literals)? To put it another way: JSON doesn't map naturally to XML; should we then conclude that it has an impedance mismatch with respect to serialization?
> doesn't have an established package manager ...
<old guy hat>
The idea that a language should have a package manager has always seemed... confusing... to me. C doesn't have a package manager; people still seem to be able to get the relevant packages when they need them through the OS's package manager. That, to me, seems the sane solution. I realize I may be in the minority.
</old guy hat>
Having said that I agree that LuaRocks' comparative weakness relative to Ruby's gems limits adoption in mainstream programming applications. OTOH, it is vastly easier to get started embedding Lua in a host program than any of its competitors (this is in fact what drove me to try it in the first place). So it's not all friction on the deployment story.
> ... many of the driving people behind Lua just don't care about it becoming a mainstream language or not.
Yes, I think this is likely true. I don't think any of the core contributors care about it being "the next Python/Ruby/Perl". If I had to summarize the emergent aesthetic, it's that Lua is designed to be a just a language with a large set of DIY practices around it, rather than a curated software ecosystem.
This is fine with Linux, which has at least a few sane package management systems between the different distros. This goes out the window with OS X and Windows.
(This may just be an argument that anyone working on server-side software should be working inside a VM that matches your production environment. The Ruby community seems to have shown that people push back very hard on that.)
Nginx+Lua is only the core part that powers this ecosystem. OpenResty comes with a lot of libraries for "usual web stuff", except maybe a default template system.
I've been using this rather simple one 
In the full example, I installed it on Mac OS
(and actually found a small problem with homebrew that should be fixed soon)
Yes, it's seems less than ideal, but in practice it has proven to be a significant advantage (not only) in cross-platform deployments.
The C toolchain has the benefits of being a compiled language (dynamic linking) and ubiquity (autoconf is a mess but sort of works pretty much everywhere). No other language has that, you can not even rely on a recent version of your runtime being available on a given platform. And things get really hairy when you need multiple different versions on the same host.
The rubygems+rbenv approach just works really well, almost independently of the platform that you're dealing with. And once you become used to deployment being this easy your tolerance versus languages lacking this convenience declines rapidly.
Not so much of a problem for me, because I found out I rarely need to use array indices on the same structure in two different languages.
> The impedance-mismatch becomes even more apparent when the table-abstraction meets serialization.
I don't know if you read the Lua mailing list but I have posted about that recently (http://lua-users.org/lists/lua-l/2012-11/msg00683.html) and gotten a reasonable answer (http://lua-users.org/lists/lua-l/2012-11/msg00691.html). I still think separate types for lists and maps (arrays and hashes) are good but the proposed solution is elegant (and a good example of loose coupling: you teach libraries your convention and not the other way around).
> Luarocks exists but is... well, I've yet to see someone actually using it
I can assure you the part of the community using Lua as a standalone language uses it. Embedded users don't really need a package manager anyway.
Things are moving on that front too: the Moonrocks project could become what Rubygems is to Ruby (http://rocks.moonscript.org/).
I developed an Emergency GC patch  for Lua 5.1 (Lua 5.2 come with this feature). With this feature it is easy set a per Lua State/script memory limit. The Emergency GC feature is needed to allow a custom allocator to force the GC to run when the script is at it's memory limit. My EGC patch has been in use by the eLua  for years to help run Lua scripts on Microcontrollers with as little as 64Kbytes of Ram.
Also Lua is fine for large projects .
Bases. That doesn't mean that it wouldn't be good for large code bases. Many languages end up getting used for purposes they weren't designed for.
That said, the nginx/lua combo is wonderful to work with. I got the core of that thing working in just a few hours.
Do you have any performance comparison?
> many more capabilities
As...? Care to compare?
If you can get around the Redis SPOF, OpenResty + Redis is great for large-volume data collection. Thousands of requests/sec on an EC2 Small at < 10% load.
1) What's the difference between OpenResty and the Nginx+Lua module (is the module the core of OpenResty)?
2) How does it compare to Node regarding ecosystem, performance and every day usage/maintainability (if it's comparable)?
1 - openresty is nginx and many official and unofficial modules. From what I've asked the experts, there is supposed to be no difference in the source; openresty is just a single package of many modules with an easy to use ./config and make process.
2 - The nginx module and lua lib ecosystem seems to have most of the basics in order to roll a high level app framework, but only a half baked one exists thus far: https://github.com/appwilldev/moochine Also: https://github.com/antono/valum https://github.com/pintsized/lua-resty-rack
My impression is if you have the time to roll your own sinatra-like framework, it should be pretty straightforward.
You can embed Lua at the access phase, and query your API from there. Some of the Lua libraries of the OpenResty package  might help you do that.
And here  you can find an example of OAuth support.
It is very fast doing that type of stuff in Lua, and it all gets done in the same request context.
There is some new functionality in openresty since that example, so there are probably other choices of ways to implement it.
Silly Computer Science nerds spend a lot of time trying to figure out the most efficient implementation of a recursive Fibonacci number function. "Ooo, let's make sure to take advantage of tail-call optimization, oh, and memoization, aren't we fancy?"
Meanwhile, mathematicians look at the problem and then cock their heads to the side and say "uh, guys, that's way too much trouble, just use the closed form solution and calculate any value in constant time using a tiny number of floating point operations". Because Fib(n) = (phi^n - (1-phi)^n)/sqrt(5), where phi is the golden ratio.
A mathematician looks at the recurrence formula and generalises it (e.g. f(n) = a f(n-1) + b f(n-2) or f(n) = f(n-1)*f(n-2) (solve this one, hint: xkcd) or ...) and investigates its properties. The actual values of the numbers are not of much interest.
And a^n can only be computed in constant time if one uses exp(n log(a)), and (I think) that the scale of the numbers can have a large impact on the accuracy of the result, and so for large n, one needs more operations within both exp and log to give the same (relative) accuracy.
(But seriously: yes, agreed.)