Cloudflare's new serverless platform lets its Workers run for 15 minutes before giving them the boot

Instant startup, expanded execution, and more programming languages

Interview Cloudflare CEO Matthew Prince doubts developers care all that much about speed.

It's nice to have, he told The Register in a phone interview about his company's latest serverless product, Cloudflare Workers Unbound. But, he added, it's not the most important thing in an edge computing platform.

"I think we were dead wrong in the value proposition of the platform," Prince said. "We thought that speed was the most important thing. Speed is actually the least important thing. A lot of the world is getting the value proposition of edge computing wrong."

What matters more? Cost, he said, then ease of use. And finally: compliance.

Compliance, he conceded, may not matter much for individual developers, but for large companies it's a big deal.

"It's going to turn out that regulatory compliance is the most important thing of all," he insisted.

Cloudflare CEO Matthew Prince

The boss ... Matthew Prince. Source: Cloudflare

The reason, Prince explained, is that governments around the world are imposing restrictions on technology companies, for example on where they can store their data.

"If you work at a big bank or insurance company or healthcare company or consumer products brand, if you're the CIO or general counsel, what you're terrified by is that increasingly countries are saying the data from their users has to remain local," said Prince. "If you're running all your instances from AWS East, that's a problem."

Edge computing – where processing happens at the edge of the network, close to the client, instead of in a distant data center that may be in another country – helps address that concern.

"What we're hearing from our largest customers is this is the real killer app of edge computing," said Prince. "It's that it will be able to deal with an increasingly complicated regulatory environment."

EU flags against cloudy backdrop

Franco-German cloud framework floated to protect European's data from foreign tech firms slurpage


Cloudflare debuted its initial serverless product, Cloudflare Workers, in 2017. It allows developers to run JavaScript or Rust code against the Service Worker API.

Service Workers are essentially proxy servers that mediate between web applications, the network, and the browser. They're used in Progressive Web Apps (PWAs), for example, to intercept requests to the application server when the PWA is running in the user's browser without a network connection.

Cloudflare Service Workers run on the network edge rather than in the browser. They're used by developers to handle HTTP requests in serverless applications, which are designed to start up, respond to requests, then shut down until called upon again.

A related product, a key-value store called Workers KV, was introduced in 2018.

On Monday, the firm plans to announce Cloudflare Workers Unbound as a private beta, meaning developers have to sign up to be considered for admission.

Workers Unbound improves on Cloudflare Service Workers, now renamed Workers Bundled, by vastly expanding the execution time limit from 10ms (Free tier) and 50ms (on the evidently misnamed Unlimited tier) to 15 minutes.

What's more, Cloudflare is rolling out serverless improvements for both Workers Unbound and Workers Bundled such as instant cold starts: one of the major challenges of serverless platforms is that it generally takes several hundred milliseconds to load application code into memory and get it running.

Unless someone invents a time machine, we don't think anyone will have a faster start time

"We did something pretty clever," said Prince. "The first thing that has to happen when you connect is the TLS handshake. The very first request as part of the handshake, we use that as a hint there's going to be a request. During the time that handshake happens, we pre-warm the Worker so it loads instantly. Unless someone invents a time machine, we don't think anyone will have a faster start time."

Both services promise unthrottled CPUs – other serverless platforms dial down their CPUs – and rapid updates that go live in 15 seconds rather than minutes. And both are getting expanded programming language support. Instead of just JavaScript, C/C++, and Rust, developers will be able to write Cloudflare Worker code in Python, Go, Scala, Kotlin, and COBOL. There's also a way for developers to add other preferred languages.

"If you want to add Lua, you can do that," said Prince.

Then there's the price, which is broken down by resource consumption (data transfer, execution time, and request price) with Workers Unbound and combined into a single figure with Workers Bundled.

Cloudflare claims Workers Unbound costs 75 per cent less than AWS Lambda, 52 per cent less than Google Cloud Functions, and 24 per cent less than Microsoft Azure Functions.

Ninety per cent of the savings, said Prince, come from building a sandboxing platform based on Isolates that is more efficient with underlying computing resources than VMs or containers. The other 10 per cent, he said, comes from lower operating costs, a consequence of a symbolic and mutually beneficial relationship with ISPs around the world that provide access to their data center infrastructure.

Cloudflare's serverless sandboxing relies on the V8 JavaScript engine, "one of the most battle-tested, bug-bountied codebases out there," said Prince, who also noted Cloudflare's platform had been reviewed by some of the researchers involved in uncovering the Spectre process flaws.

Cloudflare, he said, has done a series of mitigations to stay in front of Spectre-style timing attacks. "Because we control the timers, we can stop them to make sure code isn't being used to exfiltrate data," he explained.

Prince expects there will be naysayers, just as VM fans said containers can't be secure. "More and more, platforms will offer an Isolates approach," he said.

To participate in the Workers Unbound private beta, you can sign up on Cloudflare's website. ®

Similar topics

Other stories you might like

  • Experts: AI should be recognized as inventors in patent law
    Plus: Police release deepfake of murdered teen in cold case, and more

    In-brief Governments around the world should pass intellectual property laws that grant rights to AI systems, two academics at the University of New South Wales in Australia argued.

    Alexandra George, and Toby Walsh, professors of law and AI, respectively, believe failing to recognize machines as inventors could have long-lasting impacts on economies and societies. 

    "If courts and governments decide that AI-made inventions cannot be patented, the implications could be huge," they wrote in a comment article published in Nature. "Funders and businesses would be less incentivized to pursue useful research using AI inventors when a return on their investment could be limited. Society could miss out on the development of worthwhile and life-saving inventions."

    Continue reading
  • Declassified and released: More secret files on US govt's emergency doomsday powers
    Nuke incoming? Quick break out the plans for rationing, censorship, property seizures, and more

    More papers describing the orders and messages the US President can issue in the event of apocalyptic crises, such as a devastating nuclear attack, have been declassified and released for all to see.

    These government files are part of a larger collection of records that discuss the nature, reach, and use of secret Presidential Emergency Action Documents: these are executive orders, announcements, and statements to Congress that are all ready to sign and send out as soon as a doomsday scenario occurs. PEADs are supposed to give America's commander-in-chief immediate extraordinary powers to overcome extraordinary events.

    PEADs have never been declassified or revealed before. They remain hush-hush, and their exact details are not publicly known.

    Continue reading
  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading

Biting the hand that feeds IT © 1998–2022