If we're talking about putting static assets (like basic websites) on their CDN, or moving your backend to Workers, (etc...) you are by definition moving _away_ from single point-of-failure.

> Maybe that's the core of this message. Face your fears. Put your service on the internet. Maybe it goes down, but at least not by yet another Cloudflare outage.

Well I'd rather have my website going down (along with half the internet) be the concern of a billion dollar corporation with thousands of engineers - than mine.

Yuuuuup.

We once had a cloudflare outage. My CEO asked "mitigate it" I hit him back with, okay, but that'll take me weeks/months potentially, since we're tiny, do you really want to take away that many resources just to mitigate a once every few years half the internet is down issue?

He got it really quickly.

I did mitigate certain issues that were just too common not to, but when it comes to this sort of thing, you gotta ask "is it worth it"

Edit: If you're so small, cloudflare isn't needed, then you don't care if you go down if half the internet does. If you're so big that you need cloudflare, you don't wanna build that sort of feature set. The perfect problem.

> you are by definition moving _away_ from single point-of-failure

Depends on the frame of reference of “single point-of-failure”.

In the context of technical SPOFs, sure. It’s a distributed system across multiple geographies and failure domains to mitigate disaster in the event any one of those failure domains, well, fails.

It doesn’t fix that technology is operated by humans who form part of the sociotechnical system and build their own feedback loops (whose failures may not be, in fact are likely not going to be, independent events).

SPOFs also need to contemplate the resilience and independence of the operators of the system from the managing organisation. There is one company that bears accountability for operating CF infra. The pressures, headwinds, policies and culture of that organisation can still influence a failure in their supposedly fully distributed and immune system.

For most people hosting behind Cloudflare probably makes sense. But you need to understand what you’re giving up in doing so, or what you’re sacrificing in that process. For others, this will lead to a decision _not_ to use them and that’s also okay.

That's a bit like the 'nobody was fired for choosing Oracle' argument, but it does make sense.

Still a bit weird to pretend we now have cyber weather that takes our webpages down.

Nice, yea as long as the problem is someone else's then that's just as good as there being no problem at all.

I just paused cloudflare on a site of mine. On a normal day, it would be pretty easy to unpause it if it gets hit by a DDOS. Now cloudflare is down and the site is up again. Small sites do not benefit much from the performance effects of cloudflare either. Site won't be in their cache.

> yet another Cloudflare outage.

Are these common?

I guess by using cloudflare you are pooling your connection with other services that are afraid of being ddosed and actively targetted, whether by politics or by sheer volume. Unless you have volume or political motivations, it might be better not to pool, (or to pool for other purposes)