Home / Companies / Cloudflare / Blog / April 2016

April 2016 Summaries

16 posts from Cloudflare

Filter
Month: Year:
Post Summaries Back to Blog
A group of cyber criminals claiming to be the "Armada Collective" has stopped sending ransom threats after being exposed as frauds by CloudFlare. The company published an article earlier this week outing the copycat group, which had not carried out any DDoS attacks despite making threats. Since then, another group calling itself the “Lizard Squad” has emerged with similar tactics but is also believed to be a copycat. CloudFlare advises against paying ransoms and encourages companies to use services like theirs to protect against potential attacks.
Apr 30, 2016 516 words in the original blog post.
In November 2015, Cloudflare rolled out support for HTTP/2, which has since been adopted by more than 88k of the Alexa top 2 million websites. Today, over 70% of sites using HTTP/2 are served via Cloudflare. One key feature of HTTP/2 is multiplexing, which allows multiple HTTP requests to share a single TCP connection, improving performance compared to HTTP/1.1. In addition to multiplexing, HTTP/2 also introduces new features such as Header Compression and Server Push. Since February, Cloudflare has been testing and deploying HTTP/2 Header Compression, resulting in an average 30% reduction in header size for all clients using HTTP/2. Server Push is another major feature of HTTP/2 that enables websites and APIs to speculatively deliver content to the web browser before the browser sends a request for it. This can significantly improve website performance if used judiciously, as it reduces the number of round trips required between the client and server. All Cloudflare customers using HTTP/2 now have Server Push enabled by default. To leverage this feature effectively, users need to add specially formatted Link headers to their responses, indicating which assets should be pushed. Some best use cases for HTTP/2 Server Push include uncacheable content, all assets on a requested page, and the most likely next page. While several browsers currently support Server Push, more tools are expected in the future to help users make educated decisions about its usage. Cloudflare is also looking forward to hearing from customers who experiment with this feature as they continue monitoring HTTP/2 development efforts.
Apr 28, 2016 1,323 words in the original blog post.
On April 28, 2016, a live AMA (Ask Me Anything) session is scheduled to discuss HTTP/2, its features, adoption, and future. The event will be hosted by CatchPoint with experts from Cloudflare, Akamai, and Google participating in answering questions. The session will take place from 2pm-3pm Eastern Time (1600-1700 UTC). Prior to the event, participants can submit their questions and vote on existing ones. Suzanne Aldrich from Cloudflare, Ilya Grigorik from Google, Tim Kadlec from Akamai, and Andrew Smirnov from Catchpoint will be present during the AMA session. For those who need a basic understanding of HTTP/2, resources are available on the Cloudflare HTTP/2 website.
Apr 27, 2016 141 words in the original blog post.
Filippo Valsorda introduces "Go native vendoring" (GO15VENDOREXPERIMENT), a method to freeze dependencies by placing them in a vendor folder within a project. The compiler then checks the vendor folder before searching the GOPATH. However, users might forget to vendor certain packages, causing issues when sharing the program with others. To address this, Valsorda developed a simple static analysis tool using Go's simplicity and libraries. The tool loads packages passed as arguments on the command line, including test files based on a flag, and checks if all non-standard library dependencies are vendored. It can be found at https://github.com/FiloSottile/vendorcheck.
Apr 27, 2016 639 words in the original blog post.
On April 26, 2016, Cloudflare opened its newest data center in Kyiv, Ukraine's capital and largest city. With over 1,000 years of history, Kyiv was the capital of ancient Kyivan Rus', which is considered the ancestor of modern Ukraine, Belarus, and Russia. This marks Cloudflare's 22nd data center in Europe and its 78th globally. By localizing content through new points of interconnection, such as the one in Kyiv, Cloudflare aims to improve website performance for users in various regions by reducing latency. The company plans further expansion in Germany and other European cities.
Apr 26, 2016 337 words in the original blog post.
In March 2016, a group of cybercriminals calling themselves the Armada Collective began sending extortion emails to various online businesses, threatening DDoS attacks if they were not paid in Bitcoin. Over 100 existing and prospective CloudFlare customers received these threats, but no actual DDoS attacks have been launched by this group. Despite their inability to determine who has paid the extortion fee and who has not, the Armada Collective has collected hundreds of thousands of dollars in payments. This is not the first time a group has used the name "Armada Collective," as an earlier iteration did carry out DDoS attacks before going silent in November 2015.
Apr 25, 2016 1,031 words in the original blog post.
Cloudflare has released a suite of upgrades to its Page Rules feature, including API support, additional settings, the ability to pause a page rule, and a mobile-friendly design. The new API allows users to script the creation and modification of page rules, while 13 new settings have been added for more customization options. Pausing a page rule enables easier debugging without losing its configuration, and the updated management panel is now responsive to any device for on-the-go configuration changes. These upgrades are available for all Cloudflare customers.
Apr 19, 2016 495 words in the original blog post.
The Internet Engineering Task Force (IETF) community has been working on improving and expanding the use of technical foundations for internet security, including updates to Transport Layer Security (TLS). TLS 1.3 was first drafted in April 2014, with ongoing work since then aimed at providing a solid base for broad deployment of improved security on the global internet. In February 2016, the Internet Society hosted the TRON workshop, which concluded that TLS 1.3 was not yet ready due to insufficient real-world testing and unimplemented features. A recent IETF Hackathon in Buenos Aires focused on integrating TLS 1.3 into Firefox and demonstrating interoperability with CloudFlare's test site, achieving significant progress towards making the protocol production-ready.
Apr 18, 2016 597 words in the original blog post.
Cloudflare has introduced two new features and an updated dashboard for its Virtual DNS service. Virtual DNS is a DNS proxy that enhances the performance of hosting providers' networks while protecting them from attacks. Since its launch, it has processed 7 billion queries daily, saving customers 65% bandwidth. The new features include a user-friendly dashboard and API for managing Virtual DNS settings, multi-user control with advanced security options, better cache control, and the ability to deprecate ANY query. These updates aim to improve the service's efficiency and provide more control to users.
Apr 13, 2016 574 words in the original blog post.
In April 2016, Cloudflare announced its plan to stop answering DNS "ANY" queries due to their lack of legitimate use, frequent malicious use, and involvement in large-scale DDoS attacks. The company proposed returning an error code to the querier, sparking a discussion within the DNS protocol community about whether ANY meant ALL. After various experiments and discussions, Cloudflare decided on an approach that returned harmless answers to ANY queries, reducing their amplification factor. This decision was aimed at making the internet a safer place by curbing large-scale DDoS attacks.
Apr 13, 2016 2,133 words in the original blog post.
CloudFlare, a web performance and security company, has launched its 77th data center globally in Taipei, Taiwan. This marks the 28th data center in Asia for the company. The new data center will serve millions of websites previously served from Hong Kong, improving availability and performance for users in Taipei. With this expansion, visitors to CloudFlare-enabled websites can expect a 4x improvement in performance and increased availability.
Apr 11, 2016 300 words in the original blog post.
The article discusses an issue with certain very slow downloads being abruptly terminated and the steps taken to investigate and resolve it. It was discovered that only mobile users experienced the problem when downloading a binary file of around 30MB. After reproducing the problem, it was found that NGINX's reset_timedout_connection setting and send_timeout configuration option were causing the issue. The solution involved adjusting these settings or patching NGINX to react differently on timeout. The author emphasizes the complexity of Linux networking stack and the importance of understanding all corner cases when debugging issues related to timeouts in the "write" path of code.
Apr 11, 2016 1,568 words in the original blog post.
CloudFlare is hosting a cryptography meetup series at its new headquarters in San Francisco, featuring experts from academia and industry discussing encryption protocols and real-world deployment experiences. The talks aim to explore interesting crypto topics in an accessible manner, encouraging practical examples. Confirmed speakers for the April 21st event are Brian Warner, Zakir Durumeric, and Whitney Merrill.
Apr 08, 2016 869 words in the original blog post.
In November 2015, a blog post discussed a latency spike due to misconfigured rmem settings. However, the issue persisted even after adjusting the sysctl. The problem was traced back to high latency in soft interrupt handling code, which is responsible for processing ICMP pings. System Tap scripts were used to measure the time distribution of the main soft IRQ function net_rx_action and found that while most calls were handled quickly, some took up to 32ms. Further investigation revealed that the latency was caused by a slow path in the __inet_lookup_listener function, which is responsible for finding an appropriate connection sock struct structure for a packet. The issue was resolved by deploying two changes: binding TCP connections of CloudFlare's DNS server to ANY_IP address (0.0.0.0:53) and increasing the LHTABLE size in their kernels.
Apr 05, 2016 1,340 words in the original blog post.
The blog post discusses the adoption of ChaCha20-Poly1305, an AEAD (Authenticated Encryption with Additional Data) cipher suite, on the web. It highlights how this cipher suite was initially implemented by Cloudflare to provide better performance and security for mobile users. The post also reviews the history of ChaCha20-Poly1305, its standardization process, and its importance for the future of the web. Additionally, it compares the performance of ChaCha20-Poly1305 with other standard AEADs such as AES-GCM. The post concludes by stating that Cloudflare is committed to pushing the envelope in terms of TLS performance and availability of secure cipher suites, actively participating in the development of TLS 1.3 and open source initiatives.
Apr 04, 2016 1,971 words in the original blog post.
On April 12th, 2016, at 6 PM PDT, CloudFlare and Gandi are hosting a three-part series on Domain Name System (DNS) at the CloudFlare office in San Francisco. The first event will feature Paul Mockapetris, the inventor of DNS and SMTP server, who will discuss the early days of DNS, its security aspects, commercialization, and future prospects. Attendees can enjoy beer while networking with fellow DNS enthusiasts.
Apr 01, 2016 165 words in the original blog post.