+1. Why focus on earnings when revenue growth is high?? Obviously you don't want to go out of business and unit earnings need to be reasonable for when you shift from growth to extracting value but if people will fund it shoot for the moon. I'm a NET investor of course, big fan.
For as long as investors believe there is potential growth that can be turned into a profit in future.
It’s clear people believe that CloudFlare have a good chance of seriously competing with the “big” players. AWS has quarterly revenue of about $140B, CloudFlare at about $0.2B has a lot of potential growth ahead.
Their strategy is clearly to expand into more of the cloud services industry. There are a few missing pieces currently (VPS, Containers, Database servers) but I’m confident they have plans in those areas.
The interesting thing is that they are approaching each area thy go into with new ideas. Although I wouldn’t be surprised if we see them make some acquisitions at some point.
If you listen to their earnings call, the CEO emphasizes that he wants Cloudflare to be positioned along side the Big Tech Cloud, not against. But, I think you're right. Cloudflare will slowly encroach into the space of Workers + Workers KV + Pages and double down on serverless + edge compute – chip away at Lambda/App-engine with a gateway type product to offer with it. Currently, they're mostly focused on CDN + ZeroTrust security.
Cloudflare's genius is in offering free CDN service for most solo people. That seems to be like the way Photoshop allowed pirating of the software with little DRM control, get people to use the product first. I wish SalesForce did that, they have no free plan. For my scrappy company, we just use excel sheet for CRM.
> I'm curious how long these companies can have losses.
Parent didn't ask about access to credit or market capitalization rates, they asked how long they can burn for. If you no longer need credit because you're profitable, then keeping your asset value up is moot.
So yes it very much is an optional spend. I welcome you to listen to a podcast by the CFO of NetSuite:
Their cash or cash equivalents is $1,821.8 million. Net loss was $77.5 for the quarter. Without any changes, they could keep this up for about 6 years.
However, Cloudflare has 79.2% gross margin, indicating that delivering their services is highly profitable. If they ever needed more money, they could simply raise it or scale-back in other areas.
> Their cash or cash equivalents is $1,821.8 million. Net loss was $77.5 for the quarter. Without any changes, they could keep this up for about 6 years.
That's incorrect. They didn't burn $77m in cash in the quarter, GAAP net loss is not equal to them losing cash from operations. The calculation doesn't lead out to six years accordingly. They're no longer burning cash (as they previously were):
"Net cash flow from operating activities was $40.6 million, compared to negative $8.8 million for the fourth quarter of 2020. Free cash flow was $8.6 million, or 4% of total revenue, compared to negative $23.5 million, or 19% of total revenue, in the fourth quarter of 2020."
That could still slip back occasionally into the red, of course. More likely it's going to be two steps forward and one step back, culminating soon in predictably cash flow positive operations.
Everything about Cloudflare reminds me of early Google. Loved by most, providing great services for free or very affordable, communicates both formally and informally via proxies/employees, seems to be providing only innovative and in-demand services, more reliable than any alternative, humble and honest when they fuck up, and increasing in market share.
I am very concerned about when that bubble bursts, considering the essentially MitM nature of many of CF's offerings.
Cloudflare is already more insidious to me than Google was at the point you mention. Cloudflare pretends they're not the hosting provider of their customers but a neutral ISP in between which is of course ridiculous because their customers pay them money to host content (even if temporary) on CF servers so it can be accessible online through CF IP ranges.
Where the ultimate source of content lies is an implementation detail and irrelevant for anyone looking to, for example, file DMCA claims.
As an example, my partner has written a free story and published it on one website, where it was then copied onto a different website by a third party where it's being sold, with much of the content already accessible. Filing DMCA claims is hopeless as Cloudflare will only (pretend to) forward the complaint to the "actual" owner and hoster of the website, with no guarantees about deliverability or anything. Here's the kicker! Even if you somehow manage to reach the "actual" hosting provider and they kick the offending party off their servers, that party can transparently migrate to another host and Cloudflare will even cache their pages for them until they are up again. See no evil, hear no evil, blatantly ignore established laws with weasel words indeed.
The fact that they are getting away with it is ridiculous. It would take an actual lawsuit with a huge investment in time and money to challenge the status quo. I know we could never bring meaningful legal action to them.
Not to mention Cloudflare seeing no moral issues with hosting sites such as KF who take joy in bullying people until suicide.
Hey eastdakota, jgrahamc, I'd love to see you actually respond to this in good faith.
Cloudflare continues to be a great company to invest in and one that will make you some serious money if you go big. I have no doubt that they will achieve their goal of being the 4th public cloud. Zero.
It's all about hoovering in new customers into their expanding ecosystem of offerings that do have margin. That's the whole point of Cloudflare bothering with R2 and its pricing scheme. They're punching companies like AWS where it can still hurt somewhat (eg transfer).
The Cloudflare CTO is often on HN to answer questions. Last was a couple of hours ago.
I asked him if he had HN alerts, and this was his answer:
“I have code that monitors Hacker News comments for mentions of various things (including cloudflare, my username). It runs once a minute and uses https://hn.algolia.com/ to find new comments. (..)”
One of Cloudflare's strengths is taking dev issues really seriously. Couple weeks ago we had a post here about Cloudflare Images having lots of issues [1]. The post did outline a lot of valid issues. Someone from the team commented that they had forwarded the post to product manager and engineering lead for Cloudflare Images [2]. Issue 6 (Direct Creator Upload) on the list has been fixed, and the docs updated
I'm not saying what you say is wrong, but I don't think an article exposing Cloudflare issues with 500 votes, is a good example to understand how Cloudflare handle feedback.
I'm on the Images team. We've seen the feedback post even before it hit the HN front page. We do listen to the feedback, and release improvements as fast as we can.
We were able to fix some of these issues immediately. Some took more time due to deeper back-end work required, or design of alternative APIs which we've piloted with some customers. There is of course more in the pipeline.
We're aware that the file size limit is still very low. It's tied to the pricing model, and we don't want to overpromise. We're internally debating how to price the product it in a way that is simple to understand, and still makes sense for different image sizes and usage patterns. It's a surprisingly tough problem. Many "why don't you just…" pricing models don't work for some usages, or create perverse incentives, or are difficult for customers to estimate how much they'll pay.
> but after some months in production, and a severe lack of any meaningful reply from the CF Images team addressing any of these concerns
that's the concern, that the feedback didn't reach the right ears, or trigger actions, until the HN post, when it should have been possible to use normal customer relations channels and get some kind of meaningful reply.
Still, yes, this is a common dilemma these days with many vendors, and that the HN post worked is also better than some!
> Many "why don't you just..." pricing models don't work for some usages, or create perverse incentives
I think back to the story of how Amazon Prime came to be and the intense debate within Amazon leadership whether it would kill the company when logistics was their largest cost center... After they launched anyway (they had to, there's no winning the argument when Bezos believes in something with a conviction of a thousand suns), they found that not only Prime had help establish a moat around the business, but instead drove down the cost of logistics (more warehouses, more delivery vans, own airports/jets) as purchases not only rose but became predictable. The perverse incentives they were worried about were far and few in between, contrary to what they had projected.
I see a similar model at Cloudflare in their steely determination to build a moat around their customers with free ingress and egress.
> ...or are difficult for customers to estimate how much they'll pay.
Rate limiter prices need an update. More expensive than Workers when majority of the requests are good requests!
I'm in that thread canceled my subscription to images this month. Will revisit when the original image is retrievable. Going to build off of GCP cloud storage for now.
Agreed, and I hope they don't lose too much of that as they continue to grow.
My personal experience - I found an issue with a certain DNS query type returning incorrect results and opened a ticket. The first reply was a confirmation of the bug with dig output and then passing it on to the DNS team who fixed it in a matter of days. At most other companies you'd need a personal contact to get that kind of response.
I'm always surprised by how fast cloudflare rejects my app. I would love to work there, but have gotten a 'Thank you for your application' email within 2 days of applying. Having worked at a unicorn start up and some notable names over the last decade+, never figured out why
I'm at Cloudflare for 1 more week. Feel free to send it my way - happy to give you feedback or pipe it to the recruiting manager for a role that sounds like a good match: smanuel [@] cloudflare.com
Cloudflare are doing some really interesting edge network services, and real competition for the big clouds.
But why do they still host network-destroying tools like ipstress.in, str3ssed.co, cybervm.io, instant-stresser.com and stresser.app? These are all on the first page of Google's results for "booter".
“Booters” are a cat and mouse game. They come and go fast, what’s on the first page of Google today will be removed tomorrow (metaphorically) and be replaced by another (random tech word).(newest TLD). It’s probably not worth CloudFlare’s time having a dedicated team addressing those, I assume they primarily handle them via reports from federal agencies or individuals. They more than likely aren’t hosting the “traffic” that gets sent in a DDoS (probably delegated to a botnet of IoT devices) so I can’t imagine much can be done from the detection front as the traffic to the site is generic user traffic.
They already have an abuse team; if they didn't want to host booters they would resource it appropriately. e.g. I imagine they're pretty good at not hosting CSAM, however much gets thrown at them.
Their abuse team only seems to be reactive instead of proactive. I've reported tens of phishing sites that are just reskins over the same steam password stealer. Instead of realizing they are serving a phishing site they wait for someone to report it.
I have firsthand experience with Zscaler and I will say that they do have a slight leg up with respect to features and functionality geared towards end user protection (ZIA). However I'd say that Cloudflare is closing the gap hard and fast with their Zero Trust, Gateway / SASE.
The tides turn, IMO, when you start to compare ZPA and Cloudflare Tunnel and Access. Zscaler ZPA is way behind the curve here and their deployment options are horrendously legacy in nature. Case in point every "connector" from Zscaler is a VM. People may complain about "cloudflared" but you're never going to see any of Zscaler's client/server code out on a public repo. Cloudflare has far more flexible options to cover more aspects if you're charter is Zero Trust in workloads.
I view Zscaler as a slight pivot with respect to how Palo Alto Networks and Checkpoint operated in the firewall market forever. It's the same old take dumped in the cloud. And at the end of the day Zscaler's pedigree is definitely user focused but now they're trying to shoehorn in workloads and a lot of the product is just not designed to offer a solution for workloads like Cloudflare is. Some of their acquisitions in the last few years were not good or scalable products, either.
The last point I'll mention is that Zscaler offers no public connectivity solutions. So, unlike Cloudflare who's fully ready to take on large scale traffic for your Internet facing applications Zscaler has nothing to support you there. They talk a lot about how many POPs they have globally and the connectivity in those POPs. They also like to claim they handle more requests per day than Google. It doesn't matter though because Zscaler doesn't have the pedigree to operate as a CDN nor would I trust them to given what I've seen of their other product lines.
If I'm betting with my own $$$ Cloudflare will eat Zscaler's lunch over the next few years.
Fastly and Cloudflare are now very different companies.
Fastly is a CDN, Cloudflare has a CDN product in its product range. Cloudflare is an internet technology company, not just a CDN. Cloudflare product range seems to be constantly growing and getting better.
While Fastly technically has other products, they are way off the delivery and execution of Cloudflare. Fastly Cloud@Edge has the potential to be a FAAS / AWS lambda killer but Fastly have failed to realise the product unlike Cloudflare workers, which I don’t think is as technically good as C@E but as a product Cloudflare workers is good enough, simple to use, good value proposition and actively being iterated on. I’d choose cloudflare workers over c@e simply because Fastly make it very hard to use the product and pricing wise despite WASI being extremely interesting.
Go to Fastly’s website, try to figure out their product range, then try to calculate the cost, then try and enter a credit card to use there services. It’s difficult! Contrast to Cloudflare who have a generous free tier to hook you in, nicely tiered products with transparent clearly displayed pricing. The Clodflare tiers are just enough functionality to tempt you to the next tier without even thinking about it when you need to upgrade. Giving Cloudflare your credit card to give the money is trivial, no hunting around the UX or “please contact sales” at the end of every page in small print.
The complainants about Fastly can be the result of they only want to deal with enterprise customers. That’s fine but the likes of AWS, DigitalOcean, dev service companies where built on hooking developers with easy entry/pricing who then took the product to there day jobs at the enterprises. I often hear it called the flywheel effect. Cloudflare seem to be taking the hook devs, build a fan base, make it attractive + easy to use approach to grow organically not lock out the small spenders and only talking to enterprise level spenders.
To me, Cloudflare is essentially an early Google, but more network technology-oriented. Their modus operandi seems to be “Solve problems which can only be solved by one central actor, employ good people, do good things, and then, when everything is centralized around us…” but they haven't quite reached that last part yet. We all know what happened to Google though, so I’m not very optimistic.
I build marketing websites for B2B companies and almost always run them through Cloudflare's free plan. DNS management is fast/simple, it's good at blocking bots, and it gives us options in the future without having to jump through a million hoops to approve a new vendor.
Given the pace of innovation and the type of products I've seen from Cloudflare over the past couple of years, it seems like they're on their way to compete with AWS and other IaaS by essentially reducing the need for infra itself. Basically what Google App Engine hoped to achieve but fell short of.
At work, we are running a programmable global proxy in front of our application and paying peanuts for it. Soon, we expect to cut huge cost when R2 is released and with products like their Zero Trust and Argo Tunnels, we hope to eliminate a lot of scaffolding and fluff from our infra.
I'm bullish too. I've always been extremely skeptical when it comes to vendor lock, but after a very shallow look at Pages + Workers with SvelteKit + Adapters [1] I'm ready to drink the Kool-Aid.
Sign me up for the future where infrastructure is a pluggable cog that I don't have to think about if I'm not trying to build highly scalable systems.
I also like Cloudflare due to their open source projects and free services. 1.1.1.1 is insanely fast, domain registration is one of the cheapest thing and worker are joy to use.
92 comments
[ 3.4 ms ] story [ 162 ms ] threadOnce upon a time similar criticism was leveled at Amazon and Salesforce.
It’s clear people believe that CloudFlare have a good chance of seriously competing with the “big” players. AWS has quarterly revenue of about $140B, CloudFlare at about $0.2B has a lot of potential growth ahead.
Their strategy is clearly to expand into more of the cloud services industry. There are a few missing pieces currently (VPS, Containers, Database servers) but I’m confident they have plans in those areas.
The interesting thing is that they are approaching each area thy go into with new ideas. Although I wouldn’t be surprised if we see them make some acquisitions at some point.
Also they announced acquisition of Vetrix. I've never heard of it but seems interesting that they're venturing into app-level security market as well: https://cloudflare.net/news/news-details/2022/Cloudflare-Acq...
Cloudflare's genius is in offering free CDN service for most solo people. That seems to be like the way Photoshop allowed pirating of the software with little DRM control, get people to use the product first. I wish SalesForce did that, they have no free plan. For my scrappy company, we just use excel sheet for CRM.
(And these days it's a tad over $16B)
$140B would be insane.
Since it’s still in a growth phase with revenue, the losses can continue as a customer acquisition cost.
They can scale back at any time.
Parent didn't ask about access to credit or market capitalization rates, they asked how long they can burn for. If you no longer need credit because you're profitable, then keeping your asset value up is moot.
So yes it very much is an optional spend. I welcome you to listen to a podcast by the CFO of NetSuite:
https://a16z.com/2015/05/15/a16z-podcast-why-saas-revenue-is...
NetSuite's most profitable year was...2009. Yes that 2009. They basically turned off S&M when the economy crashed.
However, Cloudflare has 79.2% gross margin, indicating that delivering their services is highly profitable. If they ever needed more money, they could simply raise it or scale-back in other areas.
TLDR: They could go for a very long time.
That's incorrect. They didn't burn $77m in cash in the quarter, GAAP net loss is not equal to them losing cash from operations. The calculation doesn't lead out to six years accordingly. They're no longer burning cash (as they previously were):
"Net cash flow from operating activities was $40.6 million, compared to negative $8.8 million for the fourth quarter of 2020. Free cash flow was $8.6 million, or 4% of total revenue, compared to negative $23.5 million, or 19% of total revenue, in the fourth quarter of 2020."
That could still slip back occasionally into the red, of course. More likely it's going to be two steps forward and one step back, culminating soon in predictably cash flow positive operations.
I am very concerned about when that bubble bursts, considering the essentially MitM nature of many of CF's offerings.
"Too good to be true" is rarely wrong. TANSTAAFL.
In general as a user get in early on the free plans. Start decoupling when everyone else jumps aboard before the lock-in pain is too high
Where the ultimate source of content lies is an implementation detail and irrelevant for anyone looking to, for example, file DMCA claims.
As an example, my partner has written a free story and published it on one website, where it was then copied onto a different website by a third party where it's being sold, with much of the content already accessible. Filing DMCA claims is hopeless as Cloudflare will only (pretend to) forward the complaint to the "actual" owner and hoster of the website, with no guarantees about deliverability or anything. Here's the kicker! Even if you somehow manage to reach the "actual" hosting provider and they kick the offending party off their servers, that party can transparently migrate to another host and Cloudflare will even cache their pages for them until they are up again. See no evil, hear no evil, blatantly ignore established laws with weasel words indeed.
The fact that they are getting away with it is ridiculous. It would take an actual lawsuit with a huge investment in time and money to challenge the status quo. I know we could never bring meaningful legal action to them.
Not to mention Cloudflare seeing no moral issues with hosting sites such as KF who take joy in bullying people until suicide.
Hey eastdakota, jgrahamc, I'd love to see you actually respond to this in good faith.
I want to hear about R2 on the earnings call. It's such an important part of their future, IMHO.
I asked him if he had HN alerts, and this was his answer: “I have code that monitors Hacker News comments for mentions of various things (including cloudflare, my username). It runs once a minute and uses https://hn.algolia.com/ to find new comments. (..)”
https://news.ycombinator.com/threads?id=jgrahamc
A CTO that is this close to the users I see as a good sign.
1. https://blog.klungo.no/2021/12/07/cloudflare-images-has-a-lo...
2. https://news.ycombinator.com/item?id=29474943
Again not saying this is not the general case
We were able to fix some of these issues immediately. Some took more time due to deeper back-end work required, or design of alternative APIs which we've piloted with some customers. There is of course more in the pipeline.
We're aware that the file size limit is still very low. It's tied to the pricing model, and we don't want to overpromise. We're internally debating how to price the product it in a way that is simple to understand, and still makes sense for different image sizes and usage patterns. It's a surprisingly tough problem. Many "why don't you just…" pricing models don't work for some usages, or create perverse incentives, or are difficult for customers to estimate how much they'll pay.
> but after some months in production, and a severe lack of any meaningful reply from the CF Images team addressing any of these concerns
that's the concern, that the feedback didn't reach the right ears, or trigger actions, until the HN post, when it should have been possible to use normal customer relations channels and get some kind of meaningful reply.
Still, yes, this is a common dilemma these days with many vendors, and that the HN post worked is also better than some!
I think back to the story of how Amazon Prime came to be and the intense debate within Amazon leadership whether it would kill the company when logistics was their largest cost center... After they launched anyway (they had to, there's no winning the argument when Bezos believes in something with a conviction of a thousand suns), they found that not only Prime had help establish a moat around the business, but instead drove down the cost of logistics (more warehouses, more delivery vans, own airports/jets) as purchases not only rose but became predictable. The perverse incentives they were worried about were far and few in between, contrary to what they had projected.
I see a similar model at Cloudflare in their steely determination to build a moat around their customers with free ingress and egress.
> ...or are difficult for customers to estimate how much they'll pay.
Rate limiter prices need an update. More expensive than Workers when majority of the requests are good requests!
My personal experience - I found an issue with a certain DNS query type returning incorrect results and opened a ticket. The first reply was a confirmation of the bug with dig output and then passing it on to the DNS team who fixed it in a matter of days. At most other companies you'd need a personal contact to get that kind of response.
Often times if you send a message that you are looking to improve and wondering what your perceived weaknesses are, they will be honest with you.
But why do they still host network-destroying tools like ipstress.in, str3ssed.co, cybervm.io, instant-stresser.com and stresser.app? These are all on the first page of Google's results for "booter".
Isn't this a conflict of interest?
The tides turn, IMO, when you start to compare ZPA and Cloudflare Tunnel and Access. Zscaler ZPA is way behind the curve here and their deployment options are horrendously legacy in nature. Case in point every "connector" from Zscaler is a VM. People may complain about "cloudflared" but you're never going to see any of Zscaler's client/server code out on a public repo. Cloudflare has far more flexible options to cover more aspects if you're charter is Zero Trust in workloads.
I view Zscaler as a slight pivot with respect to how Palo Alto Networks and Checkpoint operated in the firewall market forever. It's the same old take dumped in the cloud. And at the end of the day Zscaler's pedigree is definitely user focused but now they're trying to shoehorn in workloads and a lot of the product is just not designed to offer a solution for workloads like Cloudflare is. Some of their acquisitions in the last few years were not good or scalable products, either.
The last point I'll mention is that Zscaler offers no public connectivity solutions. So, unlike Cloudflare who's fully ready to take on large scale traffic for your Internet facing applications Zscaler has nothing to support you there. They talk a lot about how many POPs they have globally and the connectivity in those POPs. They also like to claim they handle more requests per day than Google. It doesn't matter though because Zscaler doesn't have the pedigree to operate as a CDN nor would I trust them to given what I've seen of their other product lines.
If I'm betting with my own $$$ Cloudflare will eat Zscaler's lunch over the next few years.
Fastly is a CDN, Cloudflare has a CDN product in its product range. Cloudflare is an internet technology company, not just a CDN. Cloudflare product range seems to be constantly growing and getting better.
While Fastly technically has other products, they are way off the delivery and execution of Cloudflare. Fastly Cloud@Edge has the potential to be a FAAS / AWS lambda killer but Fastly have failed to realise the product unlike Cloudflare workers, which I don’t think is as technically good as C@E but as a product Cloudflare workers is good enough, simple to use, good value proposition and actively being iterated on. I’d choose cloudflare workers over c@e simply because Fastly make it very hard to use the product and pricing wise despite WASI being extremely interesting.
Go to Fastly’s website, try to figure out their product range, then try to calculate the cost, then try and enter a credit card to use there services. It’s difficult! Contrast to Cloudflare who have a generous free tier to hook you in, nicely tiered products with transparent clearly displayed pricing. The Clodflare tiers are just enough functionality to tempt you to the next tier without even thinking about it when you need to upgrade. Giving Cloudflare your credit card to give the money is trivial, no hunting around the UX or “please contact sales” at the end of every page in small print.
The complainants about Fastly can be the result of they only want to deal with enterprise customers. That’s fine but the likes of AWS, DigitalOcean, dev service companies where built on hooking developers with easy entry/pricing who then took the product to there day jobs at the enterprises. I often hear it called the flywheel effect. Cloudflare seem to be taking the hook devs, build a fan base, make it attractive + easy to use approach to grow organically not lock out the small spenders and only talking to enterprise level spenders.
You mean, Google become a $1.8T company?
At work, we are running a programmable global proxy in front of our application and paying peanuts for it. Soon, we expect to cut huge cost when R2 is released and with products like their Zero Trust and Argo Tunnels, we hope to eliminate a lot of scaffolding and fluff from our infra.
Seeing their financials makes me very happy.
Disclosure: I'm an investor
Sign me up for the future where infrastructure is a pluggable cog that I don't have to think about if I'm not trying to build highly scalable systems.
1. https://kit.svelte.dev/docs/adapters