January 2018 Summaries
12 posts from Cloudflare
Filter
Month:
Year:
Post Summaries
Back to Blog
The tutorial by Ingvar Stepanyan delves into Rust's macro system, specifically focusing on implementing a macro that evaluates Reverse Polish Notation (RPN) at compile-time. Despite the challenges faced in understanding macros through standard resources, Stepanyan shares a recursive approach to handle RPN, a notation using a stack where operands are pushed and operators pop the last two operands for evaluation. The tutorial explains the process of creating a macro that converts RPN into infix notation that Rust understands, detailing the steps to manage token matching, stack manipulation, and operator handling. It emphasizes handling errors gracefully by providing meaningful compile-time error messages for incorrect expressions, leveraging Rust's compile_error! macro and trace_macros feature. Stepanyan concludes by encouraging feedback and suggestions for further topics on Twitter.
Jan 31, 2018
2,765 words in the original blog post.
SEO practices remain relevant in 2018 despite the myth that it's dead. The key to effective SEO is creating good content and avoiding creepy tactics such as spammy links, doorway pages, scraping content, hidden text or sneaky redirects. Google has provided several resources for businesses to improve their SEO, including tools like Lighthouse and guidelines from experts like John Mueller, Gary Illyes, and Matt Cutts. Additionally, using a CDN like Cloudflare can help improve website performance and SEO ranking without causing any harm.
Jan 28, 2018
1,491 words in the original blog post.
David Urbansky, CEO and Co-Founder of SEMKNOX and Site Search 360, shares his experiences in packaging Site Search 360 for Cloudflare Apps. The author explains that Site Search 360 is a search solution for websites, improving user experience by offering a search bar on sites with more than just a handful of pages. He discusses the challenges faced when developing the Cloudflare App and highlights the importance of having a highly customizable off-the-shelf search solution. The author also mentions the benefits of using the Pareto Principle to identify the most frequently used parameters for their Cloudflare app, as well as the support provided by Cloudflare during the development process.
Jan 27, 2018
875 words in the original blog post.
On January 21, 2018, internet access was significantly reduced in the Democratic Republic of Congo, likely due to anti-Kabila protests. The BBC reported that internet access in the capital, Kinshasa, was cut on Saturday. According to monitoring data, traffic from the country dropped by two-thirds during this time. Internet access appears to have been restored three days later, with traffic returning to normal levels.
Jan 22, 2018
154 words in the original blog post.
Web Cache Deception attacks occur when an attacker tricks a user into clicking a link that leads to cached content of a private page. To prevent such attacks, proper configuration of websites is necessary, including returning the correct Cache-Control headers or rejecting requests with extra PATH_INFO. However, some customers may not be able to do this due to third-party software limitations. In response, Cloudflare has released a new tool called Cache Deception Armor Page Rule that helps protect against Web Cache Deception attacks by verifying the URL's extension matches the returned Content-Type. This solution allows static assets to be cached while still providing protection from potential attacks.
Jan 19, 2018
460 words in the original blog post.
Cloudflare has announced its intention to deprecate the use of SPDY for connections made to their edge by February 21st, 2018. The decision comes as adoption of HTTP/2 increases and the majority of web browsers now support it. As a result, only 3.83% of TLS connections to Cloudflare's edge are currently using SPDY. The company had previously supported both SPDY and HTTP/2 for TLS connections but decided to abandon this approach due to the engineering cost associated with maintaining its own patch for NGINX.
Jan 18, 2018
1,000 words in the original blog post.
In February 2017, Cloudflare experienced a security problem known as Cloudbleed due to a bug in their HTML parsing code. This led them to investigate all crashes more thoroughly and they discovered that some were caused by invalid memory accesses resulting in the NGINX process crashing. They used core dumps, which record the state of a terminated process, to help identify these issues. After fixing several bugs causing crashes, they noticed a residual number of "mystery core dumps" that seemed impossible based on their code. These were occurring at a rate of about one per day across their entire fleet of servers.
Their investigation eventually led them to focus on the Intel Xeon E5-2650 v4 processors, which were causing internal parity errors or unpredictable system behavior due to an issue known as BDF76. Applying a microcode update to these Broadwell servers resolved the problem and reduced the rate of core dumps significantly. This allowed them to focus more effectively on other issues in their software.
Jan 18, 2018
2,392 words in the original blog post.
The traditional security perimeter model used by most enterprises is flawed as it trusts all connections from within the network and distrusts those from outside. This strategy becomes ineffective once the firewall or VPN server is breached, granting attackers easy access to sensitive data. Furthermore, this approach requires employees to be physically present in the office or use a VPN, which can slow down work and expose users to various types of attacks.
To address these issues, Google introduced BeyondCorp, a solution that eliminates the concept of an internal network by making applications accessible on the internet. Following this model, Cloudflare has launched Access, a perimeter-less access control solution for cloud and on-premise applications. Similar to BeyondCorp, Access ensures that every connection is authenticated, authorized, and encrypted.
Cloudflare Access works as an unified reverse proxy, integrating with major identity providers like Google, Azure Active Directory, and Okta. It enforces access control by authenticating user credentials and ensuring the connecting device has a valid client certificate signed by the corporate CA. Access also allows administrators to easily modify access policies, session durations, and revoke existing user sessions.
By using Cloudflare's global network of data centers, Access provides adequate redundancy, DDoS protection, and proximity to users or corporate offices. The solution is free for up to one user and costs $3 per seat per month for additional users, with bulk discounts available upon contacting sales.
Jan 17, 2018
719 words in the original blog post.
This article delves into the complexities of SYN packet handling in Linux and how Cloudflare tackles this issue. It explains that each listening TCP socket has two separate queues: the SYN Queue, which stores incoming SYN packets and handles retries; and the Accept Queue, which contains fully established connections ready to be picked up by an application. The article also discusses queue size limits, perfect backlog values, slow applications, SYN floods, and how Cloudflare mitigates these issues at scale. It concludes with a look at the evolving landscape of Linux SYN packet handling and its future prospects.
Jan 15, 2018
2,035 words in the original blog post.
Matthew Prince, co-founder and CEO of Cloudflare, recently announced the opening of their 120th data center in Salt Lake City, Utah. This location holds a special place for both the company's history and the internet itself. The University of Utah, based there, was one of the original four Arpanet locations and has educated founders of numerous technology companies. In addition to this latest expansion, Cloudflare plans to have facilities in 200 cities and 100 countries worldwide by the end of 2018, with 95% of the world's population living in a country with a Cloudflare data center.
Jan 12, 2018
377 words in the original blog post.
Two significant computer bugs named Meltdown and Spectre were announced in January 2018. These vulnerabilities exploit technical systems implemented by modern CPUs to make computers fast, such as branch prediction and speculative execution. The core of these attacks is the ability to exfiltrate information from speculatively executed code through a side channel known as a cache. Meltdown and Spectre can be used to dump the entire memory of a computer, potentially exposing sensitive data like passwords and cryptographic secrets.
Jan 08, 2018
1,402 words in the original blog post.
The European Union's General Data Protection Regulation (GDPR), a new law that harmonizes data privacy laws across the EU and mandates how companies process personal data of EU citizens, will come into effect on May 25, 2018. Cloudflare has been working to achieve GDPR compliance in advance of the effective date and is committed to help its customers prepare for GDPR compliance on their side. The company has made changes to its products, contracts, and policies to ensure compliance with the new regulation. Additionally, it provides a simple process for customers to complete a data processing addendum (DPA) if they need one.
Jan 05, 2018
411 words in the original blog post.