> The latter number will inevitably be smaller, but shouldn't be single-digit.
The space Cloudflare is in could afford plenty of players, I think—more than a single-digit amount. There’s nothing about Cloudflare’s business strategy that implies/necessitates that they’d become a monopoly in a market equilibrium state. The only reason you don’t see a pack of Cloudflare clone-companies, AFAIK, is that the talent required to clone Cloudflare is rare.
(Interestingly, an ISP—especially a cellular ISP familiar with routing roaming circuits—could totally pivot into Cloudflare’s business to expand globally. I wonder why we haven’t seen that?)
> I think the average bar, karaoke DJ (I love karaoke), spa, or other small business that might just use a Facebook page would be served just as well by the kind of hosting provider that gives your website a single IP address pointing to a single machine. Are DDoS attacks and bots really that big of a problem?
I feel like the perspective you’re coming at the problem from here is already heavily influenced by the contraction and centralization that the web went through in the early 2000s. Yes, right now, businesses just want essentially an online business card, and Facebook handles that just fine. But their desires are more of an acknowledgement of the practicalities of what’s economical for them to have built and hosted in the current (or recent-historical, since it takes a while for people’s thoughts on this to shift) web landscape.
Look around the internet of the 90s. Companies didn’t used to build business-card websites. The dreams of even the most run-of-the-mill SME used to be far more grandiose. At the very least, every company who knew what the options were, wanted to host a forum for the community composed of their customers. Many of the web’s most prominent standalone forums were started back then. Why so few today? Because ambitious, dynamic, user-generated-content-filled sites like these do get hurt by spamming and DDoSing. They’re hard to run—and not just in a community-management sense, but in an ops sense.
Cloudflare’s tech (which, again, anyone could offer, not just Cloudflare) can and does provide the protection required to allow SME websites to be a little bit more ambitious again, to the point that they’re not just doing something commoditizable by Facebook.
Talent is everywhere, but a lot of people who have it don't want to move to a big city. So IMO, the next Cloudflare's developers should be as widely dispersed as its POPs.
Edit: The more recently added part of your comment is very insightful, and I hadn't thought about it that way. Still, I think we could go a lot further with old-school hosting providers if we traded PHP and Ruby for Rust, Nim, and the like. Note that I didn't mention garbage-collected languages, because lots of applications running efficiently on a shared host is incompatible with a garbage collector that really wants the whole heap to itself.
GC'd langs like golang, crystal, nim, etc. would probably be just as effective in practice, while remaining more accessible to business app developers.
.NET Core benchmarks since Span<T> have been very interesting, especially relevant to this particular discussion because ASP.NET (web stack) was a primary consumer/driver for Span<T> APIs.
The space Cloudflare is in could afford plenty of players, I think—more than a single-digit amount. There’s nothing about Cloudflare’s business strategy that implies/necessitates that they’d become a monopoly in a market equilibrium state. The only reason you don’t see a pack of Cloudflare clone-companies, AFAIK, is that the talent required to clone Cloudflare is rare.
(Interestingly, an ISP—especially a cellular ISP familiar with routing roaming circuits—could totally pivot into Cloudflare’s business to expand globally. I wonder why we haven’t seen that?)
> I think the average bar, karaoke DJ (I love karaoke), spa, or other small business that might just use a Facebook page would be served just as well by the kind of hosting provider that gives your website a single IP address pointing to a single machine. Are DDoS attacks and bots really that big of a problem?
I feel like the perspective you’re coming at the problem from here is already heavily influenced by the contraction and centralization that the web went through in the early 2000s. Yes, right now, businesses just want essentially an online business card, and Facebook handles that just fine. But their desires are more of an acknowledgement of the practicalities of what’s economical for them to have built and hosted in the current (or recent-historical, since it takes a while for people’s thoughts on this to shift) web landscape.
Look around the internet of the 90s. Companies didn’t used to build business-card websites. The dreams of even the most run-of-the-mill SME used to be far more grandiose. At the very least, every company who knew what the options were, wanted to host a forum for the community composed of their customers. Many of the web’s most prominent standalone forums were started back then. Why so few today? Because ambitious, dynamic, user-generated-content-filled sites like these do get hurt by spamming and DDoSing. They’re hard to run—and not just in a community-management sense, but in an ops sense.
Cloudflare’s tech (which, again, anyone could offer, not just Cloudflare) can and does provide the protection required to allow SME websites to be a little bit more ambitious again, to the point that they’re not just doing something commoditizable by Facebook.