[HN Gopher] Issues with Cloudflare Images
___________________________________________________________________
Issues with Cloudflare Images
Author : danielskogly
Score : 388 points
Date : 2021-12-07 16:44 UTC (6 hours ago)
(HTM) web link (blog.klungo.no)
(TXT) w3m dump (blog.klungo.no)
| r1ch wrote:
| The Argo (optimized routing to the origin) pricing makes no sense
| to me either. Cloudflare charge for bandwidth when you enable
| Argo, but on ALL requests, not just those that hit your origin.
| There's actually zero change in routing for the cached requests -
| the client still hits the nearest CF datacenter, but now you're
| being charged for bandwidth on every cache hit when you used to
| pay nothing.
|
| I like Cloudflare but some of the pricing decisions on the
| premium features definitely leave me scratching my head.
| cabyn wrote:
| I was very excited about CF Images, but after doing some basic
| napkin math the pricing was way more than expected. That, coupled
| with some of the other limitations you mentioned, had me abandon
| CF images pretty quick!
| breakingcups wrote:
| That's basically the case for almost every paid Cloudflare
| product.
| j4e wrote:
| This is as close as I've ever come to HN celeb status. I posted
| the "how do I get the original image" the article links to.
| stavros wrote:
| You'll always be an HN celeb to me.
| mj4e wrote:
| <3
| stavros wrote:
| Wait if you keep adding letters to your username I'll never
| recognize you!
| mj4e wrote:
| I don't know how I did that. Safari seemed to generate
| two logins! #celeb
| rhizome wrote:
| They automatically give you an extra account when you get
| famous enough.
| bavxo wrote:
| > No way to track how many images has been served
|
| How is it possible that they shipped this product in this state?
| [deleted]
| danielrhodes wrote:
| I love Cloudflare, but these Image products are a black mark on
| their reputation.
|
| Every point the author says is 100% correct. I'll add one more
| point, which ended up making it a total non-starter: you can't
| import lots of images because their rate limits are so
| pernicious. If you have tens of thousands or millions of images,
| keeping within their single digit per second rate limit, which
| appears to be totally non-negotiable, makes it impossible to add
| images at any scale.
|
| They have another product called Cloudflare Images which can work
| from Workers: but here the pricing is almost absurd and from the
| data they show on their dashboard, they only cache a tiny
| percentage of the requests. This means you end up paying a lot
| more than makes sense.
| youngtaff wrote:
| Why do you want to import them - why not just fetch them from
| origin based on demand?
| simonswords82 wrote:
| I can't stand Cloudflare, the only cause of downtime we've in
| the last 5 years...we've switched to Microsoft Front door
| danielrhodes wrote:
| Cloudflare is pretty great in a lot of ways. They have a
| lot of promising products, and I have never had problems
| with their reliability (and I've seen it handle billions of
| requests).
| javajosh wrote:
| Context-free recommendations for a competitor smacks of
| "jumping on the bandwagon", which isn't a good look for you
| or the product you're hawking.
| simonswords82 wrote:
| Sorry may bad - I do see how it comes across that way but
| I'm not saying Microsoft's platform is perfect either or
| in any way hawking.
| Ensorceled wrote:
| Kind of negates the "Image store" feature of Cloudflare
| Images ...
| stanmancan wrote:
| I was always resizing images myself and storing separate versions
| before I heard about Cloudflare Images. The CF implementation
| looked a bit confusing and expensive though and I ended up using
| Bunny.net and it's been fantastic. Incredibly easy to use, the
| API is dead simple, you can pass in different parameters live and
| it will manipulate the source image and cache it for future
| requests. It's cheap and support is top notch. Highly recommend
| people check it out if they're looking for something like this.
| It's so much easier sending up the original file and being able
| to change dimensions on the fly.
|
| Update your UI and now thumbnails need to be 400x400 instead of
| 250x250? Just update the parameters and you're done. No need to
| manually resize your whole back catalogue as they'll be done on
| demand.
| PaywallBuster wrote:
| I was looking at the CORS issue just today, you could add a
| Transformation Rule that will match any /cdn-cgi/ requests and
| add a static CORS headers
| alin23 wrote:
| When I first saw this product announced, I immediately wanted to
| replace my manual solution with it. I've been putting it off
| because other work had to be done, but now that I read this, I
| think I'll stick with my current workflow for now.
|
| What I've been doing is first resize an image to multiple
| specific sizes using Vips
| (https://www.libvips.org/API/current/using-cli.html)
| for size in 8120 5260 3840 2560 1920 1200 992 768 576 320
| vipsthumbnail $img --vips-progress --linear \
| --size=$size --vips-concurrency=(sysctl -n hw.ncpu) -o
| $size'_%s.png' \
| --eprofile='/System/Library/ColorSync/Profiles/sRGB Profile.icc'
| \ --delete --rotate end
|
| Optimize them using ImageOptim (https://imageoptim.com/mac)
| imageoptim (dirname $img)
|
| Then use some kind of template to add a srcset on my websites.
|
| This one is using Plim
| (https://plim.readthedocs.io/en/latest/syntax.html#tag-attrib...)
| which I use on Lunar's website (https://lunar.fyi)
| img alt="background" srcset=${
| ','.join(f'/static/img/stars/{width}_stars.png {width}w'
| for width in [8120, 5260, 3840, 2560, 1920, 1280, 1024, 768, 640,
| 320]) }
|
| This one is using Hugo which I use on https://alinpanaitiu.com
| {{ $paths := ( apply [8120, 5260, 3840,
| 2560, 1920, 1200, 992, 768, 576, 320, 64] "printf"
| "/images/%d_stars.png %dw" ) }} {{ $srcset := delimit
| $paths "," }} <img alt="background"
| srcset="{{ $srcset }}">
|
| Having a CDN in front which could do this for me is what I've
| been dreaming of, so I can simply have an _images_ folder with
| the unaltered images instead of all those variants. But what I
| want isn't always what I need.
|
| Maybe what I need is something like a reverse proxy that can
| generate the variant on the fly when it is requested by the
| browser through the srcset.
| mr90210 wrote:
| It seems to me that there is still a lot of for small
| entrepreneurs to launch cloud services that the big providers do
| not address properly.
| tomaskafka wrote:
| Don't use it then :).
|
| Either they care and will be forced to fix the problems, or they
| don't, and you will have made a wise decision to avoid.
| [deleted]
| carom wrote:
| I've run into a lot of these issues using it and I've even
| reported them on every available channel.
|
| The original image is my biggest complaint. I was making a
| service where users would want to batch retrieve what they've
| uploaded. No response on the forums to that.
|
| Also hit the CORS issue, so rather than fetching an image and
| loading it into a canvas I have to use a fake image element. This
| makes the canvas untrusted.
|
| Delete was also annoying. I wanted to blow out my dev environment
| and there was no way to just purge everything.
|
| I kinda stalled, was going to try S3 since the original image
| thing was such a breaker for me. I was vocal about all these same
| issues, making my own threads and bumping others in the forum.
| vicjicama wrote:
| Hi!
|
| I am working on an alternative service for the optimized images
| and deliver them over a CDN [1], for the images it generates a
| series of down-scaled images and provides a helper script to get
| the right image. Right now all the documentation and examples are
| focused on NodeJS [2], but I am working on examples for Dart,
| Ruby and Python.
|
| Some of the features are:
|
| - Optimized images - Custom domain - Public and Private files
| over a CDN - Upload widget, API, UI, dashboard and webhook - Bulk
| delete and bucket manipulation - CORS configuration
|
| I am working on a couple features for the private files and image
| handling (based on the feedback from the users), let me know if
| you want to give it a try!
|
| [1] https://bucket.listws.com [2]
| https://bucket.listws.com/docs/bucket/docs/intro
| rob74 wrote:
| > _No way to retrieve original image_
|
| that's probably the logical continuation of video hosting - if
| you upload something to, say, YouTube, you also don't expect to
| be able to retrieve the original video from there. It may be a
| high-quality version, but it still gets reencoded on upload...
| [deleted]
| cobookman wrote:
| Well, Vimeo does allow downloading the original video. When I
| think YouTube I think of a Video Social Media network. Similar
| to how I don't expect to download the original picture on
| Instagram, Snap, or Facebook.
|
| Where-as Vimeo is closer to a video hosting service.
| dopa42365 wrote:
| Doesn't always seem to be the case though, like you can't
| download the original video of the 'The Batman' trailer
| (https://vimeo.com/633805668) anymore for example?
|
| Used to be available (ProRes Video (apch) 3840x2160 23.976fps
| 685 mbit/s [V: prores hq, yuv422p10le, 3840x2160, 685726
| kb/s]).
|
| Slightly higher quality than the one they published on
| youtube (judge for yourself).
| fnord123 wrote:
| For anyone looking for an alternative, https://imgproxy.net/
| works v. well.
| metalrain wrote:
| So comparing to more traditional established providers like
| Cloudinary it's much cheaper and has less options? Seems
| reasonable.
|
| But surely pricing and analytics is something that needs to be
| resolved.
| rhizome wrote:
| It's easy to throw potshots from the stands, but from the
| article the whole thing sounds less than half-baked. 25% baked,
| maybe. One wonders what the spec and milestones are, if in fact
| it wasn't simply and plainly rushed out for business reasons.
| youngtaff wrote:
| I've used it with clients and it works fine for my use cases
| - image optimisation for web pages
|
| Images get fetched from original, resized to the size needed
| by the client device (desktop vs mobile), and optimized to an
| appropriate format
| jgrahamc wrote:
| I have passed this on to the product manager and engineering lead
| for Cloudflare Images. Thanks for the write up.
| danielskogly wrote:
| You're very welcome! I posted this on the CF Developers discord
| as well. Really hoping that I'll be able to fully migrate over
| to CF Images in the not too distant future :)
| johnebgd wrote:
| Cloudflare Pages has a show stoping bug at the moment.
|
| Link a repo from GitHub then change the name of your GitHub repo
| and the pages breaks but won't let you relink your Github repo
| anywhere.
|
| I opened a ticket with support. I have gotten no where in two
| months (Opened on October 7th 2021).
|
| We ended up switching to Netlify that has a more mature product.
|
| In case someone from Cloudflare cares to investigate this is
| request ID# 2275043 in your support system.
| albertzhao wrote:
| hey, sorry about that delay in response. Following up
| internally about your ticket, so you should hear back very
| soon.
|
| Changing your repo name shouldn't break the project nor prevent
| subsequent builds. It's just the Pages dashboard will still
| show the old repo name - so the only way to update that is to
| delete the project and make a new one: this is a bug we're
| working to fix!
| ColdHeat wrote:
| The Gitlab integration for Pages is also pretty immature. It
| doesn't appear to currently work with Groups/Subgroups. I've
| been back and forth with people on their Discord for maybe a
| week now trying to just get it setup for a test.
| slig wrote:
| Email the CTO, he's always around here and he's very
| responsive.
| jgrahamc wrote:
| Yes. I am. jgc @ you guess the hostname.
| breakingcups wrote:
| It's so sad that Cloudflare only responds to public fires like
| this but is often completely deaf on all the channels you're
| "supposed" to use.
| marccl wrote:
| Thanks for the feedback. I'm on the CF Images product team. We
| will allow the download of the original images, it is actually
| one of the next features coming up. Also we will introduce
| webhooks and Images Analytics next.
| danielskogly wrote:
| That's really great to hear, thank you for letting us know!
| jamesboehmer wrote:
| Thank you. If there's any other feedback you could take from
| this, please know that I've submitted a similar feature request
| for point #6, so that I could know the ID of the image from the
| direct creator upload. Without that, a malicious user of mine
| could possibly create many millions of images, and I would have
| no way of knowing who it was that created the image, and no way
| of knowing which images to delete or track.
| jbergstroem wrote:
| I think Images could greatly benefit from having a tag/label
| system that allows you to decorate it, similar to how
| enterprise cache tags was implemented. That way, it is
| trivial to do things like "delete by user id X" as well as
| covering your use case.
| social_quotient wrote:
| yes, cloudinary has this feature. you can create X amount
| of name value pairs on the assets. its in the ui but also
| in the api - https://cloudinary.com/documentation/image_upl
| oad_api_refere...
| bloodyplonker22 wrote:
| "it is actually one of the next features coming up" is one of
| the most annoying things I hear from enterprise companies that
| I have issues with. I have received this response and waited
| for the feature for over a year or have never seen it released
| at all.
|
| Thank you for the response, but, at the end of the day, people
| are going to judge Cloudflare on how quickly and accurately
| they can solve these issues.
| tgtweak wrote:
| Cloudinary is really a frontrunner in this. Cloudflare should
| have bought them out vs try to build something that they clearly
| aren't equipped to do.
| duxup wrote:
| Man sounds like their images product needs a "let's take a step
| back and rethink why we hit some of these limits and talk about
| what we can do about it".
|
| Something fundamental seems to have gotten out of hand when it
| comes to the entire offering.
| geektips wrote:
| Offtopic: why cloudflare generally has issue with batch deletes?
| CF worker also doesn't support batch deleting or emptying kv.
| gingerlime wrote:
| Thanks for a great writeup. We are happy with thumbor, but I was
| considering switching to CF images, since we upgraded to
| Enterprise. You saved me a bunch of time and pain!!
|
| As a side note, after upgrading to Enterprise, I feel quite
| disappointed with CF. Caching and the core features work great,
| but other features feel much less mature, enterprise support
| appear slow and not that on top of things. Sorry for the rant,
| but needed to vent a bit :)
| powell1 wrote:
| I'd also add to your feedback by saying that there isn't a
| "Simple" way to integrate it into existing CMS's or even static
| sites, a plugins for the top 3 CMS's would be nice + an "imgbot"
| equivalent for static sites.
| jcsnv wrote:
| We were charged $10k for the first month of use and immediately
| reverted the implementation. CF was kind enough to refund us
| since we're still an early stage co. It would be great if pricing
| was more reasonable
| jbergstroem wrote:
| I would much more prefer if the service cost was tied to image
| operations instead of "displays".
| yawnxyz wrote:
| I remember there was another article about image uploads and
| content moderation (here:
| https://news.ycombinator.com/item?id=28684250), essentially
| saying that if you create a open uploading service, you WILL
| start getting lots of spammy images / abuse.
|
| CF Images always seems like a LOT more $$ than other image
| hosting tools out there. What other service did you end up
| going with?
| jjkmk wrote:
| How does imgur stay alive, out of curiosity.
| Twirrim wrote:
| Ad and analytics money, https://www.thestockdork.com/how-
| does-imgur-make-money/
| Viruptc wrote:
| We went with https://bunny.net/optimizer/transform-api
| arecurrence wrote:
| I often use Bunny CDN where it's $10 a month for UNLIMITED
| image alterations. They charge half a cent per gigabyte on
| traffic of the post processed image (in their bulk tier)
| along with 1 cent per gigabyte for storage.
|
| The nearest competitor is likely over 10x more (Caveat: For
| the workloads I've applied this on).
| stillicidious wrote:
| Those are some seriously egregious egress fees!
| john37386 wrote:
| Lucky for you that you don't check your bills on a quarter
| basis (3 months). It could have been another story to be
| reimbursed and the bills might have more than triple.
| AtNightWeCode wrote:
| "5. Lack of dynamic resizing, only 20 "variants" allowed"
|
| Best practice when it comes to images on the web is to use a
| fixed number of sizes. Why they limited it to 20 I do not know
| though. You should never allow dynamic image resizing since it is
| commonly used in various attacks.
| LukeLambert wrote:
| That's why many image CDNs allow signed URLs. With Cloudflare
| Image Resizing, you'd need to implement that functionality
| using Workers.
| danielskogly wrote:
| Cloudflare is industry leading when it comes to facing those
| kinds of attacks, though, and it's supported in the "Cloudflare
| Image Resizing" [0] product.
|
| Also, using a fixed number of sizes might be best practice when
| it comes to a website you have full control over, and can plan
| the content for. When it comes to user-generated content, where
| you want to give the user the opportunity to select a custom
| crop for an image, you don't necessarily have that kind of
| control.
|
| The alternative we considered was doing the crop on the client
| before uploading the image, but that ensures loss of
| information, and makes it impossible for the user to edit their
| selection at a future time without re-uploading the image.
|
| [0]: https://developers.cloudflare.com/images/image-resizing
| jrochkind1 wrote:
| > You should never allow dynamic image resizing since it is
| commonly used in various attacks.
|
| Can you say or link to more? I'm not following this. Like...
| attacks... on Cloudflare?
| AtNightWeCode wrote:
| I worked with sites that had performance issues because of
| attacks against dynamic image scaling in Cloudflare (scaling
| probably done with workers). Services like Cloudflare does
| not in general protect against service design issues. I try
| to explain that to people all the time. I also worked with
| another provider where a monthly bill got 5 times higher one
| month because images were requested at many different large
| sizes.
| rhizome wrote:
| Yeah, I've come across sites that allow arbitrary resizing
| via dimension numbers in the URL. Seems like it would be
| easy to CPU ddos by submitting random numbers in those
| fields.
| magicalhippo wrote:
| And it's fairly easy to "snap" to the nearest available
| size variant. That way one can add cached variants after-
| the-fact.
| jrochkind1 wrote:
| Huh. I don't understand how this would effect a site using
| Cloudflare Images. It seems like maybe a DDOS against
| Cloudflare itself, but I don't see how it would be a
| problem for your site. But you say it was, so.
|
| But okay, thanks for providing more context. I have not
| used Cloudflare Images at all, so I don't really know, just
| trying to make sense of it.
| afavour wrote:
| Resizing an image is computationally intensive (at least
| compared to the average HTTP request). You can sidestep that
| by using caching: resize once, then serve the cached version
| from then on.
|
| Dynamic resizing opens you up to a DDOS attack, essentially:
| someone would request the image at 1x1, and 1x2, and 1x3...
| you get the idea. But yeah, if there was anyone able to
| mitigate that risk via other means you'd think it would be
| Cloudflare.
| [deleted]
| jaredcwhite wrote:
| Sounds like they have a ways to go before they're truly
| competitive with Cloudinary.
| leenyburger wrote:
| I thought Cloudflare was going to win the image
| hosting/serving/resizing game based on their original blog post,
| but that doesn't seem to be the case.
|
| I kept getting frustrated with the complexity and changing costs
| of solutions out there, so about a year ago I launched
| https://www.simplefileupload.com. It's a super easy, flat rate
| cost solution to quickly allow users to upload images and files.
| It provides a customizable upload widget and serves files via a
| CDN and firewall to protect against attacks. It doesn't have
| query param image resizing yet, but it's coming!
| adamqureshi wrote:
| THANK YOU!been looking for a upload img simple api to use for
| my new app im building.
| anitil wrote:
| What a fantastic service! I really like how focused it is. Just
| file upload. Database? No. Confusing terms? No. File upload?
| yes.
| kmf wrote:
| Wow, this looks so awesome! Really simple UI too -- gonna have
| to give this a try. I was just struggling with some client-side
| image upload stuff last week, and I love the idea of doing the
| full service integration from client to backend as a product.
|
| BTW - I'm part of the dev advocate team at Cloudflare, would
| you want to chat sometime about your experience with Images?
| Definitely would love to hear your perspective as a dev on what
| could be better!
| aarondf wrote:
| What Colleen has built is indeed quite simple to use.
|
| You just add the JS snippet, SFU handles all the storage and
| just returns a URL.
|
| And bonus points, it's directly uploaded to S3. From the
| documentation: "Simple File Upload uses direct uploads. In a
| direct upload, a file is uploaded to S3 from a user's browser,
| without first passing through your app."
| swyx wrote:
| oh its leenyburger! loving that you are building it in public
| on your Software Social podcast. listening to you two over the
| past year has been really educational.
| mjwhansen wrote:
| thanks for listening, swyx!
| dceddia wrote:
| Cool to see this here! I've been following your journey on the
| Software Social podcast [0] and it's awesome to watch the
| project progress. I also really enjoy that the podcast is not
| all sunshine and rainbows, like you actually talk about the ups
| and downs and it's great. We need more like it.
|
| [0] https://softwaresocial.dev/
| freedomben wrote:
| Ha! I started building the same thing. Luckily for you I never
| finished it ;-D
|
| (just to clarify tone above, it's a total joke because your
| implementation is a lot better than mine was tracking to be)
| Slartie wrote:
| Isn't it a bit too easy to exploit this? Like by maliciously
| uploading tons of data to the account of a site using this
| service in order to exceed their limit and hence break their
| file upload process.
| NicoJuicy wrote:
| In the same context, if you would use .net. I really like
| ImageResizer : https://github.com/imazen/resizer
| junon wrote:
| This is a really respectfully written article, just as a side
| note.
| lelandfe wrote:
| I will definitely be using this as reference to myself on how
| to author strong criticism without burning bridges.
| musharofchy wrote:
| Big fan of Cloudflare but they have started a trend of releasing
| "half-baked products" and making them live for all users.
|
| I have also faced issues with their web analytics and pages. It's
| been ~ a year they launched these products and still glitchy.
| pier25 wrote:
| Off topic, but I couldn't read this because the blog is in dark
| mode and doesn't offer a light mode. For a lot of people with
| astigmatism, dark mode is simply unusable for text heavy sites.
|
| There are objective reasons why dark mode is worse than light
| mode, but I think anyone should be able to pick whatever mode
| they prefer.
|
| See this for more info:
|
| https://levelup.gitconnected.com/why-dark-mode-causes-more-a...
|
| I have no data to back this up, but I suspect the main reason
| dark mode is so popular these days it's because there are a lot
| of users using devices in poor light conditions. The second big
| reason is probably more cultural, as dark mode looks more modern,
| unlike these damn boomer UIs from the 90s (sarcasm).
|
| Some people argue about energy efficiency and OLED, which is
| true, but that seems like a niche use case to force dark mode on
| all your users.
| Symbiote wrote:
| Just activate reader mode.
| pier25 wrote:
| Sure, but I shouldn't need to do that.
| PeterisP wrote:
| > dark mode looks more modern, unlike these damn boomer UIs
| from the 90s (sarcasm).
|
| At least for me dark mode brings back all the feelings of the
| 80s text UI, which was predominantly white/gray on black or
| perhaps white/yellow on dark blue - and quite readable. (I also
| recall that in some domains MDA monochrome monitors with green
| or orange on black were popular).
| floren wrote:
| On the other hand, after a few hours using a green-on-black
| VT220, the real world looked slightly purple for a while
| until my eyes adjusted back :)
| danielskogly wrote:
| Thank you for bringing this to my attention, I wasn't aware
| that was even a thing :)
|
| It's not in "dark mode" though, it's simply a dark theme, and
| those have been around since forever. I'll look around for a
| theme that supports both when I get the time, but until then I
| echo the suggestion of a sibling comment to use the reader
| mode.
| LukeLambert wrote:
| Image Resizing is technically a separate product, so I apologize
| if this is off-topic, but it appears to be missing the most
| useful `fit` mode - something like `fit=cover-scale-down`. I
| never want to enlarge an image on the server, since I can do that
| client-side. If I request a version with the dimensions 512x512
| (square), but the source image is only 400x600, there should be a
| way to get a resulting image of 400x400. Am I misreading the
| docs? https://developers.cloudflare.com/images/image-
| resizing/url-...
|
| Edit: Changed suggested name of fit mode for clarity.
| user-the-name wrote:
| Isn't that fit=crop?
| [deleted]
| LukeLambert wrote:
| fit=crop and fit=cover only work well if the source
| dimensions are greater than 512x512. If either dimension of
| the source is smaller, the behavior is useless.
|
| fit=cover will return a square (as requested), but will
| enlarge it (which you never want because it wastes
| bandwidth).
|
| fit=crop will cut off excess pixels if either dimension
| exceeds 512, but it does not always return a square. (And
| contrary to the docs, it does not behave like fit=scale-
| down.)
| gregbrimble wrote:
| I think "scale-down" is the closest to what you're after. If
| you have a 400x600 original, and request 512x512, you'll be
| served a 341x512 image. This maintains the original image's
| aspect ratio, and a fits within the requested (512x512) size.
|
| Original: https://via.placeholder.com/400x600 Resized:
| https://gregbrimble.com/cdn-cgi/image/fit=scale-down,w=512,h...
| LukeLambert wrote:
| I want to maintain the aspect ratio of my crop, not that of
| the source image. Perhaps `fit=cover-scale-down` would be a
| more appropriate name. In other words, I always want a square
| image <= 512px wide. I think this is a very common use case.
| rhizome wrote:
| If there's no way to specify where the center (or w/e) of
| your crop is on the source image, it's not going to happen.
___________________________________________________________________
(page generated 2021-12-07 23:00 UTC)