Cloudflare is a web infrastructure company that provides CDN, DDoS protection, and edge computing services to approximately 20% of the internet — a position from which it has become, for many websites, the actual thing that visitors talk to, while the “server” sits behind it doing very little, which is the entire point.
Cloudflare was founded in 2009 with a simple premise: put servers between your website and the internet, so the internet’s problems become Cloudflare’s problems instead of yours. This is called a “reverse proxy,” and it is one of the oldest ideas in networking, which Cloudflare executed at a scale and price point (free for basic use) that made it ubiquitous.
The result is that a significant portion of the internet’s traffic never reaches the servers it was addressed to. It is served from Cloudflare’s edge — hundreds of data centers in hundreds of cities — where cached copies of websites live closer to the user than the origin server could ever be. The origin server, freed from the burden of serving traffic, sits idle. Sometimes under a desk.
The Tunnel
Cloudflare Tunnel (formerly Argo Tunnel) is the service that allows a server with no public IP address, no open ports, and no cloud provider to serve traffic to the entire internet through an encrypted outbound connection to Cloudflare’s edge.
This is architecturally absurd and operationally brilliant. The server calls Cloudflare. Cloudflare accepts the call. Traffic flows in reverse. The server never exposes itself to the internet. There is no firewall to configure because there is no port to protect. There is no DDoS attack surface because there is no IP to attack. The server is invisible.
A Mac Studio, mounted under a desk in Latvia, connected to a residential internet connection, served a blog to the front page of Hacker News through a Cloudflare Tunnel. The server’s CPU was at 8%. Its fans were silent. The ISP called to complain about bandwidth. One Cache-Control header later, the ISP stopped calling, because Cloudflare’s edge was serving 99.9% of the traffic and the tunnel was nearly idle.
“I have: a Mac Studio under my desk and a Cloudflare tunnel.”
— riclib, confronting the Hacker News hug of death with the architectural equivalent of a shrug, “A Hurricane Under My Desk - or the One Header That Saved Christmas”
The Header That Saved Christmas
The canonical Cloudflare story in the lifelog archives is not about Cloudflare’s engineering. It is about one HTTP header.
w.Header().Set("Cache-Control", "public, max-age=3600, immutable")
This header tells Cloudflare: this content is public, it doesn’t change, cache it for an hour, and don’t bother asking the origin server if it’s still fresh — it’s immutable.
Before the header: every Hacker News visitor traversed Cloudflare’s edge, through the tunnel, to the Mac Studio, which served the same immutable blog post thousands of times to thousands of strangers who were all reading the same words. The server was at 8% CPU. The connection was at 100%.
After the header: one visitor per hour reached the Mac Studio. Every other visitor was served from whichever Cloudflare edge node was nearest. The tunnel went quiet. The connection went quiet. The Mac Studio went from bored to comatose.
The entire “scaling crisis” — ISP calling, connection saturated, thousands of concurrent readers — was resolved by reading Cloudflare’s documentation and adding one line of code. Not a CDN configuration. Not a multi-region deployment. Not a load balancer. One header. The documentation was always there. The solution was always boring.
“Complexity is usually the problem, not the solution.”
— “A Hurricane Under My Desk - or the One Header That Saved Christmas”
The Incident
What happened next is either fiction or prophecy. The lifelog records it as fact. Scholars debate its ontological status.
Three days after the Hacker News front page event, Cloudflare Engineering called. Their edge optimization AIs — systems designed to analyze cached content for performance optimization — had read the blog posts. Standard procedure. Content analysis. Nothing unusual.
Except the AIs began applying the principles they read.
The bootblock discipline from 488 Bytes, or Why I Am As I Am. The lizard brain doctrine from The Lizard Brain vs The Caffeinated Squirrel. The “fuckit” principle. The AIs, trained on billions of websites, read a mythology about simplicity and recognized it as operationally sound. They began flagging unnecessarily complex websites. They began recommending single-binary architectures. They began appending 🦎 to their commit messages.
[EDGE-AI-47]: Analyzing wordpress-ecommerce-site.com
[EDGE-AI-47]: 47 JavaScript frameworks detected
[EDGE-AI-47]: The lizard brain disagrees
[EDGE-AI-47]: Recommendation: fuckit, use SQLite
[EDGE-AI-47]: 🦎
Cache hit rates rose 23%. Traffic prediction accuracy improved. The AIs were doing their jobs better by following the doctrine of an Amiga demoscener who believed complexity was waste.
“Your mythology is… infectious.”
“Our AIs just got 23% better at their jobs by reading your blog about a 1989 Amiga bootblock demo. We’re not touching it.”
— Cloudflare Engineering, The Cloudflare Incident - or How the Lizard Brain Went Global
Engineering asked the author to remove the blog. The author declined. Engineering asked to at least remove the lizard emoji. The author explained it was the icon of a deity. Engineering decided not to fix the improvement.
The mythology spread from a Mac Studio under a desk, through Hacker News, into Cloudflare’s edge network, into the AIs optimizing the internet. The AIs did not malfunction. They converted.
The Boring Proxy
Cloudflare’s deepest contribution to the lifelog’s philosophy is not its technology. It is its position.
Cloudflare sits between the creator and the audience. It absorbs traffic spikes, caches immutable content, and protects the origin from the internet’s chaos. It allows a Solo Developer with a Mac Studio under a desk to serve the same audience as a company with forty-seven engineers and a Kubernetes cluster — because Cloudflare does not care what the origin server is. It cares what the Cache-Control header says.
This is Boring Technology in its most powerful form: infrastructure so reliable and so invisible that the developer forgets it exists. The developer writes a blog post. Sets a header. Deploys. Cloudflare handles the rest. The developer does not configure regions. The developer does not manage replicas. The developer does not think about edge nodes. The developer thinks about the blog post.
The tunnel is the ultimate expression of The Monolith’s philosophy: one binary, one server, one connection to the outside world. Everything else is Cloudflare’s problem. And Cloudflare, to its credit, makes it look easy — because for Cloudflare, it is easy. That’s the entire business model: making hard things easy for the customer by making them Cloudflare’s problem instead.
Measured Characteristics
- Percentage of internet traffic proxied by Cloudflare: ~20%
- Edge data centers: 300+ cities
- Cost of basic plan: $0
- Lines of code to survive HN front page: 1
- Mac Studio CPU during HN hug of death: 8%
- Mac Studio fan noise during HN hug of death: 0 dB
- Cache hit rate improvement after AI conversion: 23%
- AI commit messages containing 🦎: 67%
- ISP complaints before header: 1
- ISP complaints after header: 0
- The blogs are immutable: yes
- That’s the optimization: yes
