Days after the fake story about Cursor building a web browser from scratch with GPT-5.2 was debunked. Disbelief should be the default reaction to stories like this.
Honestly I like Cloudflare's CDN and DNS but beyond that I don't really trust much else from them. In the past though their blog has been one of the best in the space and the information has been pretty useful, almost being a gold standard for postmortems, but this seems especially bad. Definitely out of line compared to the rest of their posts. And with the recent Cursor debacle this doesn't help. I also don't really get their current obsession with porting every piece of software on Earth to Workers recently...
Technical blogs from infrastructure companies used to serve two purposes: demonstrate expertise and build trust. When the posts start overpromising, you lose both.
I don't know enough about this specific implementation to say whether "implemented Matrix" is accurate or marketing stretch. But the pattern of "we did X" blog posts that turn out to be "we did a demo of part of X" is getting tiresome across the industry.
The fix is boring: just be precise about what you built. "We prototyped a Matrix homeserver on Workers with these limitations" is less exciting but doesn't erode trust.
It is worrying to see a major vendor release code that does not actually work just to sell a new product. When companies pretend that complex engineering is easy it makes it very hard for the rest of us to explain why building safe software takes time. This kind of behavior erodes the trust that we place in their platform.
Um what's up with companies trying to recreate really big projects using vibe coding.
Like okay, I am an indie-dev if I create a vibe coded project, I create it for fun (I burn VC money of other people doing so tho but I would consider it actually positive)
But what's up with large companies who can actually freaking sponsor a human to do work make use of AI agents vibe code.
First it was cursor who spent almost 3-5 million$ (Just came here after watching a good yt video about it) and now Cloudflare.
Like, large corpos, if you are so much interested in burning money, atleast burn it on something new (perhaps its a good critique of the browser thing by Cursor but yeah)
I am recently in touch with a person from UK (who sadly got disabled due to an accident when he was young) guy who is a VPS provider who got really impacted by WHMCS increase in bill and He migrated to 1200 euros hostbill. Show him some HN love (https://xhosts.uk/)
I had vibe coded a golang alternative. Currently running it in background to create it better for his use cases and probably gonna open source it.
The thing with WHMCS alternatives are is that I made one using gvisor+tmate but most should/have to build on top of KVM/QEMU directly. I do feel that WHMCS is definitely one of the most rent seeking project and actually writing a golang alternative of it feels sense (atleast to me)
Can there not be an AI agent which can freaking detect what people are being charged for (unfairly) online & these large companies who want to build things can create open source alternatives of it.
I mean I am not saying that it stops being slop but it just feels a good way of making use of this tech aside from creating complete spaggeti slop nobody wants, I mean maybe it was an experiment but now it got failed (Cursor and this)
A bit ironic because I contacted the xhosts.uk provider because I wanted to create a cloudflare tunnels alternative after seeing 12% of internet casually going through cf & I saw myself being very heavily reliant on it for my projects & I wasn't really happy about my reliance on cf tunnels ig
That the original post to HN linked in the blog was done on a throwaway kind of implies a level of awareness (on the part of the dev) that the code/claims were rubbish :)
“This architecture shifts the paradigm for self-hosting. It turns "running a server" from a chore into a utility. You get the sovereignty of owning your data without the burden of owning the infrastructure”
Yeah, this is just shameful. Obviously written by an LLM with zero oversight. If this engineer doesn't get fired I'll lose all trust in Cloudflare.
He shouldn't get fired. For all we know he might actually be a decent employee who had a, ekhm, temporary lapse of reason. He didn't destroy anything (except damaging CF brand).
The best CF can do is to post a post-mortem and improve procedures so that can't happen anymore.
I'd love to see a root cause analysis post by Cloudflare for this one. The ones they do after outages are always interesting to read.
How did this make it into the blog? What is the review process for these posts and what failed this time? What measures will be taken to restore Cloudflare blog's reputation?
My charitable read on this is that an individual vibe-coded both the post and repository and was able to publish to the Cloudflare blog without it actually being reviewed or vetted. They also are not an engineer and when the agent hallucinated “I have built and tested this and it is production grade,” they took it at face value.
You can tell since the code is in a public repository and not Cloudflare’s, which IMO is the big giveaway that this is a lesson for Cloudflare in having appropriate review processes for public comms and for the individual to avoid making claims they cannot substantiate or verify independently.
I don't know why it being potentially vibe coded or vibe written exonerates the author. "Your job is to deliver code you have proven to work [1]." It is your duty to ensure your work works, no matter what tools you used. You don't get to pass the blame on an AI agent any more than you get to blame intellij autocomplete for your buggy code.
Furthermore, I don't see why we are extending the principle of charity to cloudflare, a billion dollar enterprise controlling a significant part of internet traffic self identifying as a "utility." If cloudflare deserves more of something from us, it is scrutiny and accountability, not charity and deference.
> This post was updated at 11:15 a.m. Pacific time to clarify that the use case described here is a proof of concept. Some sections have been updated for clarity.
But then the bottom still says:
> Our team is using Matrix on Workers, handling real encrypted communications. It is fast, it is cheap, and it is arguably one of the most secure ways to deploy a homeserver today.
41 comments
[ 3.1 ms ] story [ 65.1 ms ] threadI don't know enough about this specific implementation to say whether "implemented Matrix" is accurate or marketing stretch. But the pattern of "we did X" blog posts that turn out to be "we did a demo of part of X" is getting tiresome across the industry.
The fix is boring: just be precise about what you built. "We prototyped a Matrix homeserver on Workers with these limitations" is less exciting but doesn't erode trust.
Professionalism at its finest!
Of course, this is done by a manager. Classic corporate mindset, I can do what these smelly nerds do every day, hold my bear.
He doesn't even know how git works, huh?
What a clown.
Like okay, I am an indie-dev if I create a vibe coded project, I create it for fun (I burn VC money of other people doing so tho but I would consider it actually positive)
But what's up with large companies who can actually freaking sponsor a human to do work make use of AI agents vibe code.
First it was cursor who spent almost 3-5 million$ (Just came here after watching a good yt video about it) and now Cloudflare.
Like, large corpos, if you are so much interested in burning money, atleast burn it on something new (perhaps its a good critique of the browser thing by Cursor but yeah)
I am recently in touch with a person from UK (who sadly got disabled due to an accident when he was young) guy who is a VPS provider who got really impacted by WHMCS increase in bill and He migrated to 1200 euros hostbill. Show him some HN love (https://xhosts.uk/)
I had vibe coded a golang alternative. Currently running it in background to create it better for his use cases and probably gonna open source it.
The thing with WHMCS alternatives are is that I made one using gvisor+tmate but most should/have to build on top of KVM/QEMU directly. I do feel that WHMCS is definitely one of the most rent seeking project and actually writing a golang alternative of it feels sense (atleast to me)
Can there not be an AI agent which can freaking detect what people are being charged for (unfairly) online & these large companies who want to build things can create open source alternatives of it.
I mean I am not saying that it stops being slop but it just feels a good way of making use of this tech aside from creating complete spaggeti slop nobody wants, I mean maybe it was an experiment but now it got failed (Cursor and this)
A bit ironic because I contacted the xhosts.uk provider because I wanted to create a cloudflare tunnels alternative after seeing 12% of internet casually going through cf & I saw myself being very heavily reliant on it for my projects & I wasn't really happy about my reliance on cf tunnels ig
https://news.ycombinator.com/item?id=46780837
So many failures coming out of Cloudflare these days, feels like they peaked a while ago and are slowly declining into incompetence.
Yeah, this is just shameful. Obviously written by an LLM with zero oversight. If this engineer doesn't get fired I'll lose all trust in Cloudflare.
The best CF can do is to post a post-mortem and improve procedures so that can't happen anymore.
That's one way to destroy the CF blog credibility!
You can tell since the code is in a public repository and not Cloudflare’s, which IMO is the big giveaway that this is a lesson for Cloudflare in having appropriate review processes for public comms and for the individual to avoid making claims they cannot substantiate or verify independently.
Furthermore, I don't see why we are extending the principle of charity to cloudflare, a billion dollar enterprise controlling a significant part of internet traffic self identifying as a "utility." If cloudflare deserves more of something from us, it is scrutiny and accountability, not charity and deference.
[1] https://simonwillison.net/2025/Dec/18/code-proven-to-work/
> This post was updated at 11:15 a.m. Pacific time to clarify that the use case described here is a proof of concept. Some sections have been updated for clarity.
But then the bottom still says:
> Our team is using Matrix on Workers, handling real encrypted communications. It is fast, it is cheap, and it is arguably one of the most secure ways to deploy a homeserver today.
Which one is it?
... Oh, dear.