alt Hacker NewsCloudflare claimed they implemented Matrix on Cloudflare workers. They didn't
Comments
Technical blogs from infrastructure companies used to serve two purposes: demonstrate expertise and build trust. When the posts start overpromising, you lose both.
I don't know enough about this specific implementation to say whether "implemented Matrix" is accurate or marketing stretch. But the pattern of "we did X" blog posts that turn out to be "we did a demo of part of X" is getting tiresome across the industry.
The fix is boring: just be precise about what you built. "We prototyped a Matrix homeserver on Workers with these limitations" is less exciting but doesn't erode trust.
I'd love to see a root cause analysis post by Cloudflare for this one. The ones they do after outages are always interesting to read. How did this make it into the blog? What is the review process for these posts and what failed this time? What measures will be taken to restore Cloudflare blog's reputation?
I found the source code Jade was referring to, and it looks like the author just noticed this thread: https://github.com/nkuntz1934/matrix-workers/commit/0823b47c...
So the original post had this added to the top:
> This post was updated at 11:15 a.m. Pacific time to clarify that the use case described here is a proof of concept. Some sections have been updated for clarity.
But then the bottom still says:
> Our team is using Matrix on Workers, handling real encrypted communications. It is fast, it is cheap, and it is arguably one of the most secure ways to deploy a homeserver today.
Which one is it?
Days after the fake story about Cursor building a web browser from scratch with GPT-5.2 was debunked. Disbelief should be the default reaction to stories like this.
Since cloudflare are busy editing this blog post to say something completely different from what it originally said, I feel that this archive link is relevant
It is worrying to see a major vendor release code that does not actually work just to sell a new product. When companies pretend that complex engineering is easy it makes it very hard for the rest of us to explain why building safe software takes time. This kind of behavior erodes the trust that we place in their platform.
> Traditionally, operating a Matrix homeserver has meant accepting a heavy operational burden. You aren't just installing software; you are becoming a system administrator. You have to provision virtual private servers (VPS), tune PostgreSQL for heavy write loads, manage Redis for caching, configure reverse proxies, and handle rotation for TLS certificates. It’s a stateful, heavy beast that demands to be fed time and money, whether you are sending one message a day or one million.
I have limited experience with Matrix, but you don't actually need Synapse (reference homeserver) which is quite a resource hog and not even remotely easy to setup/administer.
You can just use the lightweight Continuwuity homeserver for the Matrix part, and Caddy for the reverse proxy/TLS/ACME part, installed on a VPS. Both require minimal configuration, and provide packages for many Linux distributions, as well as Docker images.
(Continuwuity is a fork of conduwuit which was a fork of Conduit. Conduit was abandoned, but is now active again, and there are also other active forks as well. However, it seems to me that Continuwuity is currently the most active fork.)
Bloody hell that's embarrassing, for both Cloudflare and the blog author. Did he not have anyone review it before publishing?
So many failures coming out of Cloudflare these days, feels like they peaked a while ago and are slowly declining into incompetence.
That the original post to HN linked in the blog was done on a throwaway kind of implies a level of awareness (on the part of the dev) that the code/claims were rubbish :)
Embarrassing, coming from a company like Cloudfare
Ahh, so that is what "shipping at the speed of inference" means
Honestly I like Cloudflare's CDN and DNS but beyond that I don't really trust much else from them. In the past though their blog has been one of the best in the space and the information has been pretty useful, almost being a gold standard for postmortems, but this seems especially bad. Definitely out of line compared to the rest of their posts. And with the recent Cursor debacle this doesn't help. I also don't really get their current obsession with porting every piece of software on Earth to Workers recently...
I've never thought someone should be fired based on a blog post but man, this comes real close.
I hope this isn't in bad taste, but I applied for the editor-in-chief position at Cloudflare back in August when they had it open. I'm still very interested in the role. If anyone at cf is reading this, my email is bro @ website in bio.
Not the first time Cloudflare has done this. Click around some of the docs for Realtime SFU, it's all AI slop. Hard to tell if anything is hallucinated or not. https://developers.cloudflare.com/realtime/sfu/sessions-trac...
“This architecture shifts the paradigm for self-hosting. It turns "running a server" from a chore into a utility. You get the sovereignty of owning your data without the burden of owning the infrastructure”
Yeah, this is just shameful. Obviously written by an LLM with zero oversight. If this engineer doesn't get fired I'll lose all trust in Cloudflare.
Blog post now says: "* This post was updated at 11:15 a.m. Pacific time to clarify that the use case described here is a proof of concept. Some sections have been updated for clarity." But parts of it are still misleading.
It’s not a working or complete implementation, but…
The developer just "cleaned up the code comments", i.e. they removed all TODOs from the code: https://github.com/nkuntz1934/matrix-workers/commit/2d3969dd...
Professionalism at its finest!
Did they really vibe code a partial implementation and blog about it?
That's one way to destroy the CF blog credibility!
In 2026, you should be implementing MLS instead of Matrix.
nkuntz1934 Senior Engineering TPM @ Cloudflare
Of course, this is done by a manager. Classic corporate mindset, I can do what these smelly nerds do every day, hold my bear.
He doesn't even know how git works, huh?
What a clown.
Um what's up with companies trying to recreate really big projects using vibe coding.
Like okay, I am an indie-dev if I create a vibe coded project, I create it for fun (I burn VC money of other people doing so tho but I would consider it actually positive)
But what's up with large companies who can actually freaking sponsor a human to do work make use of AI agents vibe code.
First it was cursor who spent almost 3-5 million$ (Just came here after watching a good yt video about it) and now Cloudflare.
Like, large corpos, if you are so much interested in burning money, atleast burn it on something new (perhaps its a good critique of the browser thing by Cursor but yeah)
I am recently in touch with a person from UK (who sadly got disabled due to an accident when he was young) guy who is a VPS provider who got really impacted by WHMCS increase in bill and He migrated to 1200 euros hostbill. Show him some HN love (https://xhosts.uk/)
I had vibe coded a golang alternative. Currently running it in background to create it better for his use cases and probably gonna open source it.
The thing with WHMCS alternatives are is that I made one using gvisor+tmate but most should/have to build on top of KVM/QEMU directly. I do feel that WHMCS is definitely one of the most rent seeking project and actually writing a golang alternative of it feels sense (atleast to me)
Can there not be an AI agent which can freaking detect what people are being charged for (unfairly) online & these large companies who want to build things can create open source alternatives of it.
I mean I am not saying that it stops being slop but it just feels a good way of making use of this tech aside from creating complete spaggeti slop nobody wants, I mean maybe it was an experiment but now it got failed (Cursor and this)
A bit ironic because I contacted the xhosts.uk provider because I wanted to create a cloudflare tunnels alternative after seeing 12% of internet casually going through cf & I saw myself being very heavily reliant on it for my projects & I wasn't really happy about my reliance on cf tunnels ig
[dead]
[flagged]
everybody is vibing everything now, code, messages, reviews, everything
My charitable read on this is that an individual vibe-coded both the post and repository and was able to publish to the Cloudflare blog without it actually being reviewed or vetted. They also are not an engineer and when the agent hallucinated “I have built and tested this and it is production grade,” they took it at face value.
You can tell since the code is in a public repository and not Cloudflare’s, which IMO is the big giveaway that this is a lesson for Cloudflare in having appropriate review processes for public comms and for the individual to avoid making claims they cannot substantiate or verify independently.