Home / Companies / Cloudflare / Blog / July 2018

July 2018 Summaries

20 posts from Cloudflare

Filter
Month: Year:
Post Summaries Back to Blog
Ashcon Partovi, a computer science and business undergraduate at the University of British Columbia in Vancouver, Canada, has developed an API for Minecraft that runs exclusively on Cloudflare Workers. The API is designed to address an essential problem for Minecraft developers: too many APIs with too many restrictions. It requires only 1 HTTP request with no rate limiting and no client-side caching. Partovi's API processes over 400k requests per day from users all around the world, handling approximately 1.8 million fetches per day with a high cache hit rate. The use of Cloudflare Workers has enabled Partovi to solve complex technical problems without worrying about host infrastructure or cloud regions.
Jul 31, 2018 3,193 words in the original blog post.
Cloudflare has made significant improvements to its network's performance by optimizing NGINX, a popular web server software. The company estimates that these changes save the internet approximately 54 years of wait time per day. By modifying NGINX to handle slow disk I/O operations in separate threads and using non-blocking open() calls, Cloudflare has achieved peak p99 TTFB improvements by a factor of six. These optimizations have resulted in faster load times for the 10 million websites, apps, and APIs that use Cloudflare's services.
Jul 31, 2018 1,658 words in the original blog post.
QUIC (Quick UDP Internet Connections) is a new encrypted-by-default internet transport protocol designed to accelerate HTTP traffic and improve security, with the goal of eventually replacing TCP and TLS on the web. Built-in security features include authentication and encryption from the transport protocol itself, making connections faster and more secure. QUIC also provides first class support for multiplexing different HTTP streams onto the same connection, reducing head-of-line blocking. Challenges in supporting this radical new protocol include addressing compatibility with existing network infrastructure and optimizing UDP performance on endpoints.
Jul 26, 2018 2,509 words in the original blog post.
In Q2 2018, Cloudflare released several products aimed at improving internet "end-to-end" control for individuals and businesses alike. These include the Mobile SDK for mobile app visibility and performance tracking, Workers for moving workloads to the Cloudflare Network, Argo Tunnel for secure host connections, and Spectrum for protecting TCP services with DDoS protection. Additionally, Stream Delivery simplifies video delivery costs, Rocket Loader improves website paint times, and Dynamic Steering supports load balancing across multiple geographic regions. The company also launched its privacy-first consumer DNS service 1.1.1.1 in April 2018.
Jul 26, 2018 1,003 words in the original blog post.
On July 25, 2018, Stephen Pinkerton announced the launch of Cloudflare's 1.1.1.1, a fast and privacy-focused recursive DNS resolver. The project aims to improve internet security by promoting new standards around private DNS. Since its inception, there has been significant interest from users who are concerned about their web history being tracked due to recent legislation allowing ISPs to do so. Cloudflare encourages IT departments and network administrators to adopt 1.1.1.1 for their organizations, as it provides secure internet access while ensuring that users benefit from the latest advancements in internet standards.
Jul 25, 2018 272 words in the original blog post.
Cloudflare has released its zero trust solution, Cloudflare Access, which provides fast and secure access control for applications. The platform leverages Cloudflare's global network of data centers to evaluate permissions and serve pages at the edge of their network. It integrates with popular identity providers like GSuite and Okta, eliminating the need for users to manage a new set of credentials. Access is available in two plans: Basic ($3 per user, per month) and Premium ($5 per user, per month). The first five users are free. New features include policy rules based on IP addresses or building detours, as well as access groups that allow for quicker application of policies to sets of users.
Jul 24, 2018 1,381 words in the original blog post.
In July 2018, Google's Chrome browser began flagging all non-secure connections as "not secure." This move is part of a broader effort to drive site owners towards a more secure web by addressing the design flaws of the original unencrypted web. The push for HTTPS has seen significant growth in recent years, with many large websites adopting it by default. Despite this progress, some website owners still question the necessity of secure connections for sites without the need for confidentiality. However, as Google continues to move towards a "secure by default" web, the adoption of HTTPS is likely to become even more widespread.
Jul 24, 2018 1,571 words in the original blog post.
Cloudflare, a company that provides security and performance services to over 9 million websites worldwide, is working on improving encryption and building a better web. They have recently launched the SSL Test Tool, which helps website owners understand what they need to do to move their site to HTTPS by detecting common issues. The tool runs 12 tests across three key categories of errors: HTTPS Disabled, Client Errors, and Cryptography Errors. Additionally, Cloudflare is using intelligent systems that automatically triage support tickets and present relevant debugging information upfront to the agent assigned to the ticket. These efforts aim to drive adoption of a more secure internet and improve customer experience on their platform.
Jul 24, 2018 957 words in the original blog post.
In July 2018, Cloudflare introduced Dynamic Steering for Load Balancing, a feature that directs traffic to the fastest pool of origins based on a user's location. To build this feature, two key problems were addressed: deciding which origin pool was the fastest and distributing this decision across 151 global locations. The solution involved using Exponential Weighted Moving Average (EWMA) to calculate round trip time (RTT) from edge locations and propagating this data to every machine serving requests. This feature is available for Enterprise customers and those with the Geo Routing add-on for Load Balancing.
Jul 21, 2018 1,112 words in the original blog post.
In December 2017, Cloudflare launched the Athenian Project to help protect U.S. state and local election websites from cyberattacks. Since then, the need for such protection has become more urgent due to increased threats against digital infrastructure. The project aims to provide tools and resources to election officials to secure their systems. Cloudflare's services include DDoS mitigation, Web Application Firewall (WAF), IP reputation database, and ability to block traffic by country or IP address. The company has also tailored the Athenian Project to better address the needs of state and local election officials, offering more tools, how-to videos, support help, set up flexibility, and an Athenian Project-specific terms of service. Cloudflare remains committed to keeping U.S. election websites secure in upcoming elections and beyond.
Jul 19, 2018 1,355 words in the original blog post.
In 2017, Xinhua reported that there would be 200 million IPv6 users in Mainland China by the end of this year. As of mid-year, a rapid growth in IPv6 users and traffic originating from Mainland China has been observed. The need for IPv6 is driven by the fact that IPv4 address pools have been exhausted, making it difficult to provide an IP address to each subscriber's device, especially in large networks like China Mobile with over 900 million mobile subscribers and 670 million 4G/LTE subscribers. To solve the addressability of clients, many networks use Carrier Grade NAT (CGN) or NAT64, which allows IPv6 addresses to be given to subscribers but then translated to IPv4 addresses. On June 7th, China Mobile started announcing IPv6 address blocks to the internet and has seen a significant increase in IPv6 usage since then.
Jul 19, 2018 435 words in the original blog post.
Scott Helme, a security researcher and founder of Report URI, discusses the challenges faced by his company as it deals with an increasing variety of websites using its service. One such challenge is addressing concerns about sharing client IP addresses and User Agent strings with Report URI. To tackle this issue, he proposes using Cloudflare Workers to receive reports on a subdomain of the user's own site and then forward them to Report URI. This solution maintains simplicity while allowing users to shield their client's IP addresses or any other information in the payload from Report URI. The worker can also be used for advanced tasks such as downsampling report volume, hiding UA strings, and more. Pricing starts at $5 per month for 10 million requests, making it an affordable solution for most websites.
Jul 17, 2018 1,656 words in the original blog post.
GL.iNet has introduced a new router model, the AR750S, which supports DNS-over-TLS using Cloudflare's 1.1.1.1 resolver. This feature encrypts DNS queries before leaving the local network, enhancing privacy and preventing eavesdropping. The router can also force DNS traffic to be encrypted for all clients, including IoT devices with hard-coded DNS settings that would otherwise ignore the router's DNS settings. The AR750S maintains the same form factor as its predecessor, the AR750, and includes other useful features such as external storage capacity, an OpenVPN client, and micro USB power port.
Jul 14, 2018 831 words in the original blog post.
In the last 8 months, Cloudflare has formed a new Employee Resource Group (ERG) called Proudflare for its employees who identify as part of the LBGTQIA+ community. The group has launched chapters and monthly activities in San Francisco, London, Singapore, and Austin. During Pride month, they transformed their company's social profiles, wrapped their HQ building in rainbow window decals, highlighted several non-profits they support, and threw an inaugural Pride Celebration. Proudflare plans to continue its activities and initiatives for the betterment of the LBGTQIA+ community within Cloudflare and beyond.
Jul 12, 2018 1,030 words in the original blog post.
In a comparison of performance between Cloudflare Workers and other serverless providers, it was found that Workers are seven times faster than a default Lambda function for CPU-intensive workloads. The PBKDF2 algorithm, designed to be slow to compute, was used as a benchmark for the CPU performance of these services. Cloudflare Workers were also six times faster than [email protected] when tested globally. The results showed that Lambda is slower and more expensive than Workers on a per-cycle basis. Additionally, native code execution in Lambda did not significantly improve its performance compared to JavaScript.
Jul 09, 2018 1,066 words in the original blog post.
Deploying Applications on Minikube with Argo Tunnels is an article that demonstrates how to deploy applications using Minikube and expose them to the internet through Cloudflare's edge. The author uses a simple microservice example, written in Python using Flask, to illustrate this process. They explain how to package the application into a Docker image, deploy it into Minikube, and start up Argo Tunnel machinery to get it exposed to the Internet. The article also discusses the benefits of using Argo Tunnels for securing origins and simplifying deployment across multiple regions or cloud providers.
Jul 08, 2018 1,550 words in the original blog post.
The text discusses various techniques used by the author's team to mitigate Distributed Denial of Service (DDoS) attacks, focusing on packet discarding methods. It presents a series of tests performed on an Intel server with a 10Gbps network card, using synthetic traffic to stress test each method. The performance results for each technique are presented in the form of charts and tables. The techniques discussed include: 1. Dropping packets in application code. 2. Disabling Conntrack to speed up packet processing. 3. Using BPF (Berkeley Packet Filter) drop on a socket. 4. Dropping packets with iptables after routing. 5. Dropping packets with iptables in PREROUTING. 6. Nftables DROP before CONNTRACK. 7. tc ingress handler DROP. 8. XDP_DROP (eXpress Data Path). The text also provides a comparison of the performance results for each technique, highlighting that XDP_DROP is the fastest method, capable of dropping 10 million packets per second on a single CPU. The author concludes by stating that their team uses a combination of these techniques to mitigate DDoS attacks effectively.
Jul 06, 2018 2,311 words in the original blog post.
In this blog post, the author demonstrates a technique for debugging serverless apps using Workers IDE. The approach involves returning debug information in a header and is applicable to both JavaScript and TypeScript. The author uses an interceptor pattern to execute code before and after a request, creating a LogInterceptor that adds all log lines to the X-Debug response header as a URL-encoded string if certain conditions are met. Finally, the post provides a Bash function for decoding the debug information returned in the header.
Jul 05, 2018 870 words in the original blog post.
Rocket Loader, a web performance product by Cloudflare, has been re-engineered for contemporary browsers and Web standards. Originally launched in 2011, Rocket Loader improves page load times by minimizing network requests through the bundling of JavaScript files, including third-party, speeding up page rendering, asynchronously loading the bundles, avoiding HTML parsing blockage, and caching scripts locally using LocalStorage. The new version of Rocket Loader has been rebuilt from the ground up to incorporate lessons learned and improve customer page performance. It now executes blocking scripts after all other page assets have loaded while maintaining their intended position in relevant DOM collections.
Jul 04, 2018 2,914 words in the original blog post.
In this text, Zack Bloom discusses the performance of Cloudflare Workers, a serverless JavaScript execution platform. He compares its speed to Amazon's Lambda service and Google's Firebase Functions, using data from thousands of tests conducted worldwide over 12 hours. The results show that at the 95th percentile, Workers is significantly faster than both Lambda (441%) and Firebase Functions (192%). Bloom attributes this performance advantage to factors such as V8 isolates, efficient memory management, and running on Cloudflare's global network of machines. He encourages readers to try out Workers and provides additional resources for learning more about the platform.
Jul 02, 2018 894 words in the original blog post.