Cloudflare just published a vibe coded blog post claiming they implemented Matrix on cloudflare workers.
-
Let me just pick a few examples from the code, because this is so bad
This is a core part of the protocol, that's not exactly simple (https://spec.matrix.org/v1.17/server-server-api/#authorization-rules)
They just have TODO comments, and happily accept anything, even if it's blatantly forged
-
This is a core part of the protocol, that's not exactly simple (https://spec.matrix.org/v1.17/server-server-api/#authorization-rules)
They just have TODO comments, and happily accept anything, even if it's blatantly forged
Rather than implementing the critical state resolution algorithm that's the core of Matrix, they just directly insert the latest state into the database. That'll instantly lead to diverging views of the room and incompatibility with every other implementation - and it's also a massive security hole.
-
Rather than implementing the critical state resolution algorithm that's the core of Matrix, they just directly insert the latest state into the database. That'll instantly lead to diverging views of the room and incompatibility with every other implementation - and it's also a massive security hole.
Oh and to top things off, they make trivially false claims in their post. Tuwunel and its predecessors do not and have never used Postgres or Redis.
-
Cloudflare just published a vibe coded blog post claiming they implemented Matrix on cloudflare workers. They didn't, their post and README is AI generated and the code doesn't do any of the core parts of matrix that make it secure and interoperable. Instead it's littered with 'TODO: Check authorisation' and similar
https://blog.cloudflare.com/serverless-matrix-homeserver-workers/
@JadedBlueEyes I suppose "never mind auth" is also post-quantum, in a philosophical sort of way
-
Oh and to top things off, they make trivially false claims in their post. Tuwunel and its predecessors do not and have never used Postgres or Redis.
Honestly this is almost insulting to me, as someone who has spent a nontrivial amount of effort developing a Matrix homeserver, with how low effort it is. And what’s the point? Marketing? I’m not gonna be trusting anything Cloudflare after this.
-
@JadedBlueEyes I suppose "never mind auth" is also post-quantum, in a philosophical sort of way
@barometz
Post quantum openness -
Honestly this is almost insulting to me, as someone who has spent a nontrivial amount of effort developing a Matrix homeserver, with how low effort it is. And what’s the point? Marketing? I’m not gonna be trusting anything Cloudflare after this.
The pricing comparisons are stupid, by the way, too - a bunch of us in the matrix chatrooms got out how many HTTP requests per day we were serving and the per-request cost of Workers would be more expensive than dedicated VPSs - not even counting CPU time or storage costs!
-
Cloudflare just published a vibe coded blog post claiming they implemented Matrix on cloudflare workers. They didn't, their post and README is AI generated and the code doesn't do any of the core parts of matrix that make it secure and interoperable. Instead it's littered with 'TODO: Check authorisation' and similar
https://blog.cloudflare.com/serverless-matrix-homeserver-workers/
@JadedBlueEyes
Pretty solid business strategy!
Cloudflare bills rivaling current military budgets cause you got spammed by invalid room events... /s -
@JadedBlueEyes
Pretty solid business strategy!
Cloudflare bills rivaling current military budgets cause you got spammed by invalid room events... /s@poitzorg Even only counting valid events, a normal matrix server is still consistently serving millions of requests a month!
-
@poitzorg Even only counting valid events, a normal matrix server is still consistently serving millions of requests a month!
@poitzorg per-request pricing is just not the right model for that
-
Cloudflare just published a vibe coded blog post claiming they implemented Matrix on cloudflare workers. They didn't, their post and README is AI generated and the code doesn't do any of the core parts of matrix that make it secure and interoperable. Instead it's littered with 'TODO: Check authorisation' and similar
https://blog.cloudflare.com/serverless-matrix-homeserver-workers/
@JadedBlueEyes what a stupid time to be alive.
-
The pricing comparisons are stupid, by the way, too - a bunch of us in the matrix chatrooms got out how many HTTP requests per day we were serving and the per-request cost of Workers would be more expensive than dedicated VPSs - not even counting CPU time or storage costs!
For those of you that don't know, I develop https://continuwuity.org - a Rust based Matrix homeserver that actually works, and that you can run on a Raspberry Pi, rather than someone else's centralized cloud infrastructure
-
Cloudflare just published a vibe coded blog post claiming they implemented Matrix on cloudflare workers. They didn't, their post and README is AI generated and the code doesn't do any of the core parts of matrix that make it secure and interoperable. Instead it's littered with 'TODO: Check authorisation' and similar
https://blog.cloudflare.com/serverless-matrix-homeserver-workers/
@JadedBlueEyes lol. lmao even.
-
For those of you that don't know, I develop https://continuwuity.org - a Rust based Matrix homeserver that actually works, and that you can run on a Raspberry Pi, rather than someone else's centralized cloud infrastructure
I'm also giving a talk about some of the actual work that goes into building this software in a few days at FOSDEM, if you want to learn more:
-
Cloudflare just published a vibe coded blog post claiming they implemented Matrix on cloudflare workers. They didn't, their post and README is AI generated and the code doesn't do any of the core parts of matrix that make it secure and interoperable. Instead it's littered with 'TODO: Check authorisation' and similar
https://blog.cloudflare.com/serverless-matrix-homeserver-workers/
Lol, just searching for "TODO" in their github repo doesn't disappoint
-
Lol, just searching for "TODO" in their github repo doesn't disappoint
@agowa338 They’re trying to clean up their tracks https://github.com/nkuntz1934/matrix-workers/commit/2d3969dd5e795caa3641d0e237e2b52ca0502463
-
I'm also giving a talk about some of the actual work that goes into building this software in a few days at FOSDEM, if you want to learn more:
Oh look, they’re trying to cover up what they did too
https://github.com/nkuntz1934/matrix-workers/commit/2d3969dd5e795caa3641d0e237e2b52ca0502463
Archive link for posterity:
-
@agowa338 They’re trying to clean up their tracks https://github.com/nkuntz1934/matrix-workers/commit/2d3969dd5e795caa3641d0e237e2b52ca0502463
Wonder if that's because of my LinkedIn post from 15 minutes ago where I said that they're wasting everyones times and mentioned Cloudflare...
https://www.linkedin.com/posts/klausfrank_ai-share-7421952201788608512-oFiv
-
Wonder if that's because of my LinkedIn post from 15 minutes ago where I said that they're wasting everyones times and mentioned Cloudflare...
https://www.linkedin.com/posts/klausfrank_ai-share-7421952201788608512-oFiv
I mean it only got 6 impressions with one of them being by a paying member.
But as I basically have no followers there and I mentioned them it's not that unlikely...
-
Cloudflare just published a vibe coded blog post claiming they implemented Matrix on cloudflare workers. They didn't, their post and README is AI generated and the code doesn't do any of the core parts of matrix that make it secure and interoperable. Instead it's littered with 'TODO: Check authorisation' and similar
https://blog.cloudflare.com/serverless-matrix-homeserver-workers/
