54 comments

[ 2.6 ms ] story [ 77.1 ms ] thread
Cloudflare are winning these days, they’re just lacking good fine grained permissions. You still have to make an entirely separate account for prod, which messes up SSO since one domain can only be bound to one account.
Not sure what they are winning .. we kept them as a backup but they are so bad that they fail even there
If anyone is interested, you can implement something like that with a few lines of code on the front end. We expose a function that generates a uniformly-distributed hash that you can use for A/B testing and other uses:

  Q.Data.variant()
https://github.com/Qbix/Q.js/blob/main/src/js/Q.minimal.js#L...

And on the back end, you'd use it like this:

https://github.com/Qbix/Platform/blob/main/platform/classes/...

Essentially, this can support a huge number of "variants" and within each variant you can have N equal segments. That will help you do A/B testing and flipping features on or off.

OpenFeature was new to me, neat! Anyone have experience integrating this? https://openfeature.dev
I have had a lot of experience with OpenFeature, and have early commits in a few of the client libraries. It's definitely the future of feature flagging, and the ecosystem is really growing.

Full disclosure, I am the CTO of Flagsmith, and we have seen a clear curve in adoption of OpenFeature over the last few years. It used to be that we were pushing customers to try it out, now they come to us with OpenFeature as a requirement.

The vendor support is pretty mature now and there is coverage across almost all languages. If you're integrating feature flags into a new service, or looking to migrate from e.g. home-grown to a third party solution, OpenFeature is definitely the way I would recommend going.

Has anyone struggled to run their own feature flagging service? After root causing slow app starts to be caused by the equivalent offering from Firebase, I've been cautious to use any off the shelf solutions
Feature flags are so ridiculously simple I have never needed to outsource this to someone else.
Looking at the docs for their JS SDK, they have this warning:

> The client provider requires an API token to fetch flag values. This token is not scoped to a single app, so anyone with the token can evaluate flags across all apps in your account. Use the client provider with caution in public-facing applications.

https://developers.cloudflare.com/flagship/sdk/client-provid...

Can anyone clarify... why the client SDK, designed to be deployed to browsers, requires caution? Does this mean that any client could send requests with a new targetingKey and observe other users' flags?

While flags probably shouldn't be critical information, this seems like an interesting design choice.

More of this please: essential tools for building modern software must be oss; Im fine with paying for a hosted version but just the benefit of learning one tool and being able to use it everywhere (linux, k8s, python etc) is amazing.
Missing gradual rollout of feature flag changes themselves. Yes, you can do percentage based rollouts for individual features but still should have ability to canary all changes before they cause an insta-sev.
A bit tangent but related: These things I'm never sure if I should be shipping on day one with mobile apps (Flutter in particular): Flagships, bug gathering, A/B testing ?

I feel strong inclination too but its also way too early before any real users can prove PMF. I've been using Google stuff but wonder if Flagship and perhaps other Cloudflare offerings can help.

The other side is that again it feels too early for this stuff and I just want to ship something quickly.

The work ivnvolved

a flagship with no pirates, all fired due to ai.
Never underestimate the power of a zero-network-hop abstraction over f(feature_name, context).

And context can be extremely tailored to your niche: specific inventory, from a specific supplier, for a specific user of a specific B2B client of a specific business model subtype, who should or shouldn’t see certain features on that specific inventory at certain times.

When you can write your own logic, and just run this in a tight loop as easily and performantly as you can use a constant, it makes your business incredibly agile. Think some text might change for some customers? Just write the code to make it configurable, and you get tests and flags for free.

Sadly, that zero-hop setup requires a sophisticated client execution engine, which it doesn’t appear Cloudflare has implemented here. Makes sense for their memory constrained workers, less sense for traditional infrastructure.

Statsig has an approach here that I quite like:

> To be able to do this, Server SDKs hold the entire ruleset of your project in memory - a representation of each gate or experiment in JSON. On client SDKs, we evaluate all of the gates/experiments when you call initialize - on our servers.

https://docs.statsig.com/sdks/how-evaluation-works

You can also roll your own - just sync your rulesets to a few data structures every few seconds in a background thread and atomically swap the reference to them. Then you just need a CRUD interface over the applicability ruleset dimensions.

Just be careful to have governance on who can play with which would-be constants. Great power and great responsibility and all that!

When reading your comment, it just reminds me on how feature flags can be misused as application configuration/customization. An antipattern i could observe at various organzations already.

For me feature flags go along with trunk based development to enable features in QA settings, but not on PROD yet, for PO/PM testing. Trunk based development allows for fast/easy devops, without complicated branching strategies.

Application configuration is, for me, part of the application and has the business context for customizing the application accordingly. Not sure if there are specific frameworks/tools out there. But one should clearly distinguish these two.

Which is not hard to do (it is a modulo over a mersenne twister or something similar), but in my recent gigs just Flipper with optional "state of the flags table as of now" endpoint was more than enough. That modulo+random combo required tools like LaunchDarkly to ship SDKs in several languages, and the ones I had to work with were just plain horrible fit for their language of choice. But because the evaluation was relegated to the edge, the whole system got way more complex than desirable. In actuality, I think a refetch of the current flags table "for this customer" every so often is just fine, and way less of a nuisance.

So glad Flipper exists and I don't have to deal with this stuff anymore.

But why would you wrap some proprietary solution around your neck instead of rolling your own custom solution or extending some open source?

The answer for most things pertaining to encloudification seems to be "because it's easy and we are already using cloud provider X". Death by a thousand clickops.

I’m always excited when Cloudflare starts offering things that I had to use other providers for because I know it will be solid.

We used Statsig at Function. It started out as 2 of us using it on one product and within 12 months, large amounts of our product copy and rollouts were driven off of it.

Statsig has client side evals so you can write rules and rollouts based on internal concepts without Statsig’s servers processing a piece of user data. Hoping Cloudflare can build a sophisticated product here so I don’t have use another product in the future!

i see @btown's comment below but also just for education about this space:

- anyone have comments/comparisons about launchdarkly vs posthog vs statsig (is it still alive after openai?) vs _____ vs cloudflare flagship?

like a "beginner/intermediate/advanced" progression of what to look out for/what you will want when it comes to feature flags would be highly helpful for me and many others here

I don’t have experience with the tools Cloudflare has been shipping this year so I can’t speak about the quality, but they have really been pushing out a lot new products and services, no doubt due to agentic coding.
this make perfect sense for cloudflare.

and im sure they can drive down the cost , compared to say launchdarkly

I love their free tier but for playful stuff
This is what "Building for the future" looks like post-layoffs, huh?

Can't even ship with app-scoped tokens...

Feature flags are often ridiculously over engineered.

Check a config, bdd value, env var to dynamically go one path or the other.

That’s all, you must either have a small feature or refactor the code to easily switch at a high level.

If you are not able to do so easily, then yes, complex feature flags implementations might help you, to coordinate feature activation between micro services.

Or if you have many features then a dashboard might be useful.

But I would argue that both are serious indicators that you should avoid feature flags, they are better for local and temporary changes, otherwise the complexity compounds and it become hard to manage and maintain.

Gold-plated booleans-as-a-service
I don't mind it. I don't want to keep track of thousands of feature flags in my DB, have to create an admin dash, etc.

You could call any SaaS tool "excel-as-a-service" and it would hold the same power as your comment.

I’ve seen whole teams at companies set up fail to provide these booleans-as-a-service well. There are whole companies like LaunchDarkly for them.

If you boil it down to this, you may as well boil down every service that exists to bits-as-a-service.

Turns out theres legitimate business value in these things, and complexity in delivering them.

yes, worth every penny
Getting those booleans to the right place at the right time reliably isn't trivial.