50 comments

[ 2.6 ms ] story [ 59.0 ms ] thread
If eastdakota/jgc are here.

- simply expose containers to the world directly - without having to go via workers.

- You have other amazing parts of the stack anyway (D1, durable objects, a great object store). These aren't considered "lockin".

- workers is "lockin" - not similar enough to lambda/cloud functions and so becomes CF specific.

Not having a simple container based compute piece has made me hesitate in taking up CF. (Fly or firebase won out)

> simply expose containers to the world directly - without having to go via workers.

I run workers and containers and am curious what you mean. Do you have specific use cases in mind outside of the worker invocation model? If so, I'm curious what you'd want to run on Cloudflare. Otherwise, workers don't have to be much of a "lockin" if treated as a thin layer, more like configuration.

> You have other amazing parts of the stack anyway (D1, durable objects, a great object store).

Instead, if you mean accessing these resources from containers, it's a bit clunky [0] but it's there - you should be able to access worker bindings from containers through those outbound handlers.

[0] https://developers.cloudflare.com/containers/platform-detail...

I think you have it the other way around? D1, DO, KV are lockin. The worker is not lockin as it's just JavaScript/WASM and can run in a regular browser.
I’m going to need a wrapper for all these services offering this service.
I know no one is writing copy anymore but i wish they tried to edit it a bit so it wasn’t so glaringly obvious. It just sours the product when it seems like so little effort was put into the message. And it’s not even hard - just change the prompt used!
Wouldn't it make more sense to merge the temporary account into an existing one, instead of claiming it as a new account?

This could lead to people having a large amount of separate accounts.

Would love to know more about how Cloudflare plans to prevent abuse of ephemeral infrastructure to host malicious content. From elsewhere in their documentation, “Cloudflare limits how quickly you can create temporary preview accounts. If the Wrangler CLI cannot create an account because too many temporary preview accounts were requested too quickly, wait before retrying or authenticate the CLI with a permanent Cloudflare account,” and “Cloudflare applies additional abuse prevention checks to temporary preview accounts.”[1] This is a bit vague though. Creating a new account has never been a huge hurdle to overcome but this seems to reduce the barrier to entry even more.

[1] https://developers.cloudflare.com/workers/platform/claim-dep...

Given how little they do now to stop malicious content hosted behind/by Cloudflare, the bare minimum if anything.
Correct me if I'm wrong, but does Cloudflare still not have a "Create Account" button on the account listing page? I think you still have to sign up from scratch doing plus-code email tricks, then invite your original email address as an admin, juggling multiple accounts. They should consider fixing that first.
Oh actually it's worse now, they blocked email addresses with + in them!
Cloudflare: let's give the bots their own accounts so they can scrape harder.

Also Cloudflare: let's send normal humans who are trying to go about their daily lives into endless Turnstile spinner loops with absolutely zero recourse, grievance, or support infrastructure.

It's a clean way to charge AI to read content too.
I'm sure they don't want humans to have that experience - the issue is that the human behavior looks very bot-like. This is usually only experienced by people whose setup is peculiar
Yes, and using Firefox or having an ad blocker installed counts as extremely peculiar these days.
Just had 10 rounds of busses, motorcycles and fire hydrants with Google before I decided I don't actually want to see that page so much. So Cloudflare is unfortunately not the only offender here.
There's a certain type of Recaptcha challenge (the 4x4 single-photo one) that I have a 100% failure rate on. If Google decide to serve me 15 of those in a row, I will invariably fail 15 times until they decide to serve one of the other types for round 16. I'm very close to believing that that challenge is actually bugged and unsolvable for everyone, and simply nobody ever bothered to fix it.
Nah, I think this is Google's way of pushing against those who value privacy. Firefox? With uBO? No cookies? Not fetching Google fonts? Must be a bot for sure. /s
Are you still reading webpages personally instead telling your AI to do it?
I’d love a chrome extension to measure just how many times per day I’m met with the Turnstile.

Turnstiles per minute.

If all bots are subject to a rate limit, then the system works as designed. Especially if site operators can block bot accounts. Requiring accounts is one of the easiest solutions for that problem. One of the large issues with scrapers is that they pretend to be normal internet visitors that never visited your site before, because any bot that stored cookies would immediately be rate limited by basic config.

Turnstile isn't something Cloudflare put up to annoy you. It's what the website owners decided to put up, for many different reasons.

In the same vein, Anubis has a default configuration that lets honest scrapers and crawlers through, because those can easily be rejected by basic web server configurations. Only scrapers pretending to be browsers need to solve the proof-of-work puzzle. You can disable that feature, of course.

Cloudflare may play this smart: force bots to pay for access, then take 30% of the cut and give the rest to the website owners. That way, websites get paid when the AI slop machine digests their content. Normal visitors get in for free, turn the scraper hellscape into a sustainable model. Bonus points for letting websites set their own rates (pre-declared to scrapers, of course) to dissuade all but the most interested scrapers.

Bots are very close to being able to pass any captcha a human can. We're very close to most sites requiring a login.
Hot damn...

> Any agent can now run wrangler deploy --temporary and deploy a Worker to Cloudflare. This temporary deployment stays live for 60 minutes, during which time you can claim the temporary account, making it permanently your own. If you don't, it expires on its own.

Forget about agents, Cloudflare just provided free scratch deployments - ephemeral for 60 minutes - for anyone.

This is going to be amazing for things like PR previews and code review. Being able to deploy a preview to a working URL for free is a huge reduction in friction.

I hope it doesn't get abused so much that they turn it off again.

Wasn’t this case pretty much before?

The limits are 100 workers on free and 500 on paid.

And if need more then you can always go their platform which supports tenancy.

As long as you have a cronjob or similar to clean up the cost of having per PR preview is pretty much zero.

Obnoxious reply but I did this myself so I'm compelled to post it: review apps aren't that hard to implement yourself. You just need a VPS, domain name, and Caddy. Then tell any agent to connect the dots.
This one has better sandboxing than your VPS setup, though.
This is gonna be amazing for phishing, like most of the features Cloudflare offers (free Turnstile for fresh accounts, CF tunnels, pages.dev, r2.dev).
> This is going to be amazing for things like PR previews and code review. Being able to deploy a preview to a working URL for free is a huge reduction in friction.

Uh that's already true?

Cloudflare Workers already support preview urls, and if you set up Github integration they are done automatically
Lets keep in mind this is cloudflare workers runtime - it only makes sense to deploy small things there, maybe static sites. Unless the agent creates something for cf workers from scratch, asking it to „now deploy to cloudflare” will fail so bad.

This would only work if they would provision docker image deployment, similar to google cloud run, but the still, everything serveless has its own caveats…

Looks like Cloudflare still haven't shipped the most valuable possible feature for Cloudflare Workers though: hard billing caps.

I want to set a cap of $100/month and know, for sure, that if something untoward happens my apps will all stop serving traffic rather than me getting hit with a bill for $1000s.

The safest way to use Workers is on the free tier, which will shut off after 100,000 requests/day: https://developers.cloudflare.com/workers/platform/pricing/#...

This falls Within my predictions of how the AI playing field is become more leveled, in terms with human digital activity. Soon it wouldn't be so what you can do with the computer but what the agent can do BETTER. We are already there for the most part. These are the early steps of full re-genitive self hosting, fully capable AI the is far more advanced then asking it to solve a 2 + 2 question.

The article worded it perfectly; friction-less "efforts"

(comment deleted)
Excuse me for asking, doesnt this make it easier to run a malware bot farm and disappear without a trace?
The idea of giving a non deterministic automated process direct deployment control is fucking madness to me. That’s why I don’t get the obsession with MCP. Deployment can be scripted. It doesn’t need an LLM, it is a completely deterministic process and you want it to run identically every single time.

The right model for agentic API usage is having LLMs write scripts that use APIs. Connecting agents to MCPs and telling them to go and do stuff over and over not only wastes money but invites catastrophe.

(comment deleted)