September 2018 Summaries
37 posts from Cloudflare
Filter
Month:
Year:
Post Summaries
Back to Blog
In this talk, the speaker discusses how Cloudflare Workers can be used to create a global network of multilingual websites. The speaker provides several use cases for using Cloudflare Workers in conjunction with other technologies such as AWS, and Microsoft Azure.
FURTHER READING:
- Real World Serverless - Austin (US)
COMMENTS:
Sep 30, 2018
12,710 words in the original blog post.
The Speedchecker team successfully moved their API gateway to Cloudflare Workers and reduced costs by a factor of 10. They previously used the open-source Kong API gateway, which had limitations in scalability and replication setup complexity. By switching to Cloudflare Workers, they benefited from its per request pricing, powerful DDOS protection, and compatibility with their existing infrastructure. The migration process was seamless, requiring no changes to users' API code or authentication methods. Overall, the team found Cloudflare Workers to be a cost-effective and reliable alternative to commercial API gateway solutions for companies with existing codebases for authentication and analytics.
Sep 29, 2018
1,584 words in the original blog post.
On September 29, 2018, John Graham-Cumming of Cloudflare expressed shock over the depiction in NCIS Season 16 Episode 1 where incorrect use of random numbers for encryption led to a nuclear reactor crisis. Despite being a competitor of Glowbeam Technologies, which was portrayed in the episode, Cloudflare clarified that there are significant differences between the two companies. These include: Cloudflare's Lava Lamps not being an "encryption engine", all staff undergoing background checks, multiple sources of randomness used by Cloudflare, and adherence to standard encryption algorithms instead of inventing their own. Following these events, Cloudflare acquired Glowbeam Technologies' assets.
Sep 29, 2018
205 words in the original blog post.
Cloudflare has introduced a new feature called Workers KV, which is a low-latency key-value data store that lives within its network across 152+ data centers worldwide. This feature complements the existing Cloudflare Workers platform, allowing developers to write serverless code that runs on the edge of the Internet and provides faster engagement with users compared to other platforms. The Workers KV is a highly distributed, eventually-consistent key-value store designed for applications requiring high speed and fault tolerance. It enables developers to build various types of applications, such as API gateways, dynamic data customization, configuration management, and cloud functions. Currently in limited beta, the pricing for Workers KV includes $0.50 per GB-month of additional storage and $0.50 per million additional KV reads beyond the included minimums.
Sep 28, 2018
1,445 words in the original blog post.
In celebration of its 8th birthday, Cloudflare launched a series of new services and features aimed at benefiting both customers and the global internet community. These include key-value storage across Cloudflare's global cloud network with Workers KV, the Bandwidth Alliance that reduces data transfer charges from major cloud hosts, and Cloudflare Registrar which eliminates hidden fees typical of many domain registration providers. Other new offerings focus on improving the internet's security and performance for free. The company also hosted its fourth annual Cloudflare Internet Summit featuring discussions with thought leaders, executives, entrepreneurs, researchers, and operators about the future of the internet.
Sep 28, 2018
722 words in the original blog post.
In 1864, Charles Babbage described the first key-value store as part of his Analytical Engine, which was never built. Today, Cloudflare has announced a native key-value store for its Workers platform called Workers KV. This functionality is just the start of a sequence of announcements around storage and databases on the edge. Values are written into Workers KV via the standard Cloudflare API and are available within seconds at every one of Cloudflare's 150+ global PoPs. Some use cases for Workers KV include shopping cart storage, A/B testing, authentication verification, and page construction. With the addition of Workers KV, Cloudflare Workers moves closer to being a complete compute platform embedded inside the Internet.
Sep 28, 2018
1,567 words in the original blog post.
Cloudflare has launched a new domain registrar service that aims to be more secure and affordable than existing options. The company's registrar is built around three principles: trust, security, and fair pricing. It offers features such as two-factor authentication, automatic locking of domains, and free personal data redaction on WHOIS. Unlike other registrars, Cloudflare promises to never charge more than the wholesale price each top level domain registry charges for registering a domain. The service is currently available only to existing Cloudflare customers transferring their existing domains, but new domain registration will be opened up in the future.
Sep 27, 2018
1,554 words in the original blog post.
On September 27, 2018, Sam Rhea announced the launch of Cloudflare Registrar, a domain registrar that charges customers only what it pays to registries for domain registration and renewal. Unlike other registrars, Cloudflare does not mark up prices or add fees for services. The company aims to make internet journeys faster and safer by starting at the domain level. Cloudflare Registrar also offers free personal data redaction on WHOIS to protect users' privacy. Access to the service is being rolled out in stages, with priority given to long-time customers. Users can sign up for early access or donate to Girls Who Code to move up in line.
Sep 27, 2018
1,223 words in the original blog post.
Cloudflare has launched the Bandwidth Alliance, a group of cloud and networking companies committed to providing cost-efficient services for mutual customers. The alliance includes Google Cloud, Microsoft Azure, IBM Cloud, DigitalOcean, Linode, Packet, Backblaze, and Scaleway. These companies will provide reduced or waived data transfer fees for their joint customers. The goal of the Bandwidth Alliance is to make the internet faster, safer, smarter, and more efficient by reducing costs for users.
Sep 26, 2018
1,627 words in the original blog post.
The Bandwidth Alliance is a group of cloud providers that have agreed to reduce data transfer fees for mutual customers. To make this possible, three key factors were needed: an ecosystem of like-minded companies, a large global network (such as Cloudflare's 150+ points of presence worldwide), and Argo, a sophisticated traffic routing engine. Argo optimizes connections for minimum latency by examining subnet-to-subnet timing data and determining the fastest paths. The Bandwidth Alliance aims to provide low latency, highly available transit across networks at little to no cost, potentially saving customers more than $50 million per year in cloud bandwidth fees.
Sep 26, 2018
734 words in the original blog post.
The text discusses how internet connections can be affected by changing environments, such as moving from a stable WiFi connection at home to a cellular network while commuting. It highlights the challenges faced in maintaining reliable and efficient data transmission during these transitions. The author introduces QUIC (Quick UDP Internet Connections) as a potential solution to these issues. QUIC is designed to improve internet performance by incorporating features like end-to-end encryption, forward error correction, and stream multiplexing. It aims to provide faster and more reliable connections even in challenging network conditions. The author encourages readers to test out QUIC themselves and mentions Cloudflare's involvement in its development and deployment.
Sep 25, 2018
1,030 words in the original blog post.
Cloudflare has opened a beta deployment of QUIC (Quick UDP Internet Connections) with its test site, cloudflare-quic.com. The company's Systems Engineering Team is known for investing in new technologies before they are standardized or adopted elsewhere. QUIC aims to improve internet security and speed by combining HTTP/2 and TLS 1.3 into a single protocol. To access the test site using QUIC, users need to use a command-line client from one of the various implementations of QUIC that are actively evolving alongside the IETF standard. The blog post provides detailed instructions on how to build and use the ngtcp2 client for this purpose.
Sep 25, 2018
2,831 words in the original blog post.
Cloudflare, a web infrastructure and website security company founded on September 27, 2010, is celebrating its eighth birthday by launching Encrypted SNI (ESNI), a new protocol designed to enhance the privacy of internet users. The protocol aims to address the Server Name Indication (SNI) loophole that allows ISPs and other network observers to see which websites users visit even when they are using HTTPS-encrypted connections. ESNI is supported by Cloudflare, Mozilla Firefox, Apple, Fastly, and other industry players concerned about internet privacy. The protocol is expected to become mainstream in the coming months as more browsers add support for it.
Sep 24, 2018
1,412 words in the original blog post.
Cloudflare has announced support for encrypted SNI (Server Name Indication), an extension to the TLS 1.3 protocol that improves internet user privacy by preventing on-path observers, such as ISPs and firewalls, from intercepting the TLS Server Name Indication (SNI) extension and using it to determine which websites users are visiting. Encrypted SNI, together with other internet security features already offered by Cloudflare for free, will make it harder to censor content and track users on the internet. The encrypted SNI feature is now enabled for all Cloudflare zones using their name servers.
Sep 24, 2018
1,406 words in the original blog post.
Cloudflare is celebrating its 8th birthday by launching a new initiative called Encrypted SNI (ESNI), which aims to make the encrypted web more private and secure. The company has partnered with Apple, Fastly, Mozilla, and others across the industry to develop ESNI as an IETF Draft RFC. This protocol will help protect users' browsing history by preventing ISPs from spying on Server Name Indication (SNI) data. Firefox is expected to become the first browser to support ESNI in their Nightly release, with other major browser makers likely to follow suit.
Sep 24, 2018
1,416 words in the original blog post.
Cloudflare is celebrating its 8th birthday with a week-long series of product releases aimed at benefiting their community and contributing to building a better internet. The company's mission includes making the internet faster, respecting individual privacy, combating malicious actors, ensuring reliability, supporting new standards and protocols, increasing accessibility for everyone, democratizing technology, and delivering more value while decreasing costs. This week's releases will focus on these areas, with each day bringing a new product or service that aligns with the company's mission.
Sep 23, 2018
1,732 words in the original blog post.
Cloudflare has introduced a free, high-availability, and low-latency authenticated time service called Roughtime, available at roughtime.cloudflare.com on port 2002. The protocol is designed to be simple and flexible, allowing clients to synchronize their clocks with one or more authenticated servers. It aims to provide accurate enough time for cryptographic applications while ensuring security against man-in-the-middle attacks. Roughtime offers two features designed to make it scalable: batch signing of requests and execution over UDP. The protocol is flexible enough to support a variety of use cases, including web browsers proactively synchronizing their clocks when validating TLS certificates or retroactively avoiding showing users too many warnings.
Sep 21, 2018
2,008 words in the original blog post.
Cloudflare has introduced Opportunistic Onions, a new security feature that provides additional protection and performance benefits to websites using HTTPS. The feature is designed to work with Tor Browser 8.0 and allows users to connect to Cloudflare's onion services without having to face CAPTCHA challenges. This solution also enables more fine-grained rate limiting to prevent malicious traffic, while still maintaining user privacy and anonymity. The feature is now available by default for Free and Pro plans in the Cloudflare dashboard.
Sep 20, 2018
2,477 words in the original blog post.
The text discusses the need for significant improvement in existing operational practices for BGP routing and filtering to stop route leaks and hijacks, which are prevalent in today's Internet routing world. It emphasizes that Internet routing and BGP security along with its operational expertise must improve globally. The author suggests deploying operationally-excellent RPKI (Resource Public Key Infrastructure) as a solution to secure BGP routing. RPKI is a cryptographic method of signing records that associate a BGP route announcement with the correct originating AS number. It also provides an overview of how BGP works and highlights the importance of RPKI in ensuring better BGP route security.
Sep 19, 2018
3,725 words in the original blog post.
Cloudflare has started deploying active filtering using RPKI (Resource Public Key Infrastructure) for routing decisions and signing its routes, aiming to protect users from route hijacks and misconfigurations. The company is also encouraging adoption of Route Origin Validation on the Internet by providing this service to everyone for free. Cloudflare's approach involves signing prefixes through regional internet registries (RIR) portals or APIs, validating certificates, distributing RPKI cache securely via its own content delivery network, and using a lightweight local RTR server. The company is also working on providing a public RTR server using its Spectrum service.
Sep 19, 2018
1,595 words in the original blog post.
Cloudflare has announced full support for CDS (Child DS) and CDNSKEY from RFC 8078, allowing users to enable DNSSEC without requiring them to log in to their registrar to upload a DS record. This feature is now available for all Cloudflare-managed domains that enable DNSSEC in the dashboard. The adoption of DNSSEC has been slow due to issues such as lack of support from default DNS providers, varying levels of technical knowledge among users, and compatibility challenges among registrars. By supporting CDS and CDNSKEY records, Cloudflare aims to simplify the process of enabling DNSSEC for its customers and encourage more widespread adoption of this security measure.
Sep 18, 2018
1,603 words in the original blog post.
Cloudflare introduces its IPFS Gateway, an easy way to access content from the InterPlanetary File System (IPFS) without needing special software. The gateway is hosted at cloudflare-ipfs.com and aims to serve as a platform for many new highly reliable and security-enhanced web applications. This marks the first product released under Cloudflare's Distributed Web Gateway project, which will eventually encompass all of their efforts to support new distributed web technologies. IPFS is a peer-to-peer file system composed of thousands of computers worldwide, each storing files on behalf of the network. Unlike traditional web systems, with IPFS anyone can cache and serve any content for free, making it more resilient and secure. Cloudflare's gateway allows users to access any of the billions of files stored on IPFS from their browser and build websites hosted entirely on IPFS while still being available at custom domain names.
Sep 17, 2018
2,012 words in the original blog post.
This post explains how to use Cloudflare's IPFS gateway to set up a secure website while maintaining performance and reliability benefits of being served from Cloudflare’s edge network. The process involves setting up an "ipfs-sec" subdomain, enabling DNSSEC, serving static websites from IPFS using CNAME setup, and verifying the content served by the gateway with a modified browser extension. An example application is also provided - a distributed search engine built on top of Kiwix archives of all StackExchange websites. The author emphasizes that combining IPFS with Cloudflare opens up new possibilities for secure web page delivery through third-party hosting providers and CDNs, and looks forward to seeing more applications developed using this technology.
Sep 17, 2018
2,079 words in the original blog post.
The Internet needs an upgrade, and cryptography can play a significant role in improving its security and privacy. Cryptographic hashes and digital signatures are two main tools that can be used to encode trust relationships on the Internet. This week, Cloudflare is announcing support for new technologies using cryptography to make the Internet better. These include Distributed Web Gateway, DNSSEC, RPKI, Onion Routing, and Roughtime. By strengthening the system of accountability and incorporating privacy-enhancing features, these technologies aim to create a more trustworthy and private internet without sacrificing usability.
Sep 17, 2018
2,510 words in the original blog post.
JAMstack Radio is a podcast that discusses the JAMstack, a new way to build fast and secure apps or websites. In a recent episode, host Brian Douglas interviewed Kenton Varda, tech lead for Cloudflare Workers and author of Sandstorm.io. They discussed various uses for running code at the edge, including serverless technology. Cloudflare Workers is a service that allows users to write JavaScript code that can receive HTTP requests and run arbitrary code on Cloudflare servers at the edge, close to the end user. The podcast also touched upon the future of the web and how it's moving towards more front-end processing and away from managing individual servers.
Sep 15, 2018
3,645 words in the original blog post.
Cloudflare has introduced support for the Cache API, allowing users to have programmatic control over its cache. This feature enables customers to choose what to cache, how long to cache it for, and modify cached results after retrieval. The new API allows users to cache Worker output, cache POST requests, and set Cache-Tag headers from a Worker (Enterprise only). These features provide more control over the Cloudflare cache and improve performance.
Sep 14, 2018
690 words in the original blog post.
Cloudflare has announced that its Workers feature is now supported in the Cloudflare Terraform Provider. Terraform is a tool for managing infrastructure, allowing users to define their infrastructure in simple configuration files and automate API calls. The integration of Cloudflare Workers with Terraform enables users to manage their workers using the same workflow as their code. Instructions on how to set up Cloudflare Workers with Terraform are provided, including setting up environment variables for credentials and creating a Terraform configuration file. Additionally, information is given on importing existing worker scripts and routes into Terraform.
Sep 13, 2018
1,452 words in the original blog post.
Virginia holds a significant place in internet history, particularly Northern Virginia around Ashburn, which has been central to internet infrastructure since the early 1990s with MAE-East (Metropolitan Area Exchange East), one of the first Internet Exchange Points. These points are crucial for ISPs and other networks to exchange traffic. The area has become a data center hub, hosting many major cloud platforms. Although MAE-East no longer exists, new internet exchange points have emerged in its place. Cloudflare's second data center was established in Ashburn, Virginia, and the company continues to expand its network closer to end-users. Today, they are announcing new data centers in Richmond and Norfolk, Virginia, to cover more of the state and neighboring regions.
Sep 12, 2018
239 words in the original blog post.
Cloudflare Workers have been integrated into the Serverless framework as a serverless cloud provider. This integration allows developers to use their familiar development environments and the Serverless framework's command line tool to define, deploy, and test applications on Cloudflare's global compute network. The new plugin enables users to store configuration files in version control alongside application code and quickly send requests to endpoints of interest with specific arguments and headers. This integration simplifies the process of building applications without concern for underlying infrastructure and makes it easier for developers to focus on writing code and deploying their applications quickly and cheaply to a cloud provider that manages servers, networking, and configuration.
Sep 11, 2018
561 words in the original blog post.
In 2015, Cloudflare deployed ECMP routing within their datacenters to distribute traffic across multiple servers. However, they encountered a problem with Path MTU discovery where ICMP packets destined for their Anycast IPs were being dropped. To solve this issue, they created pmtud software and reduced the IPv6 MTU to 1280 bytes. Recently, they increased the IPv6 MTU to 1400 bytes to support UDP traffic in Cloudflare Spectrum while minimizing the probability of encountering Path MTU issues. They continue monitoring ICMP PTB packets and encourage users with misconfigured MSS or weird MTUs to report any issues.
Sep 10, 2018
1,777 words in the original blog post.
The draft EU copyright proposal, specifically Article 13, is currently undergoing legislative process in Brussels. This provision could hold Internet platforms legally responsible for copyright content uploaded by users and may require automated filtering solutions to remove infringing content at the point of user upload. However, this has led to concerns about excessive censorship and potential legal liability for content sharing providers. The European Parliament Plenary rejected the proposal in July, but it will undergo a full discussion and rescheduled vote on September 12th. This proposal threatens freedom of expression and information online, disrupts user experience, and could diminish diversity by burdening smaller businesses with new obligations. Cloudflare has been troubled by this proposal and encourages users to contact their MEPs to help #SaveYourInternet.
Sep 10, 2018
787 words in the original blog post.
Cloudflare is hosting a series of six global talks on practical use cases for their serverless technology, Cloudflare Workers. The events will take place in San Francisco, London, Austin, Singapore, Sydney, and Melbourne. These talks aim to share real-world stories of how companies and developers are using serverless technology in production environments. For those interested in hosting a similar event in their city or sharing their experiences with serverless deployment, they can email [email protected]. The events will be held at various venues and times, with details available on Eventbrite through the provided links.
Sep 09, 2018
281 words in the original blog post.
On September 9, 2018, an engineer from the Cloudflare Tools team reported that the Bob Ross Ipsum generator was down. The Bob Ross Ipsum is a parody of Lorem Ipsum, which uses phrases from the late artist and TV show host Bob Ross as placeholder text for design layouts. The original website had become unavailable due to high traffic or lack of payment for hosting services. To resolve this issue, a new version was created using Cloudflare Workers, allowing it to be distributed globally across 150+ data centers within minutes and serving content to users within 10ms. The final version of the Bob Ross Lipsum generator is available at https://www.bobrossloremipsum.com.
Sep 09, 2018
888 words in the original blog post.
Many misconceptions surround website security, leading to neglect in investing time and budget for it. Some common myths include believing that small websites are not targets for hackers or that a lack of attacks means no vulnerabilities exist. In reality, every web application is at risk, and the costs of dealing with data breaches can be much higher than the cost of securing a website. Security should involve constant monitoring and testing, as well as collaboration between various stakeholders in an organization. Cloudflare's security services offer protection for websites and help businesses focus on growth while minimizing effort spent on security.
Sep 08, 2018
1,224 words in the original blog post.
On September 5, 2018, Rachele Gyorffy announced a partnership between WP Engine and Cloudflare. Both companies were founded in 2010 and share similar values regarding customer success and technology simplicity. The new joint offering, Global Edge Security powered by Cloudflare, integrates WP Engine's platform with Cloudflare's managed web application firewall (WAF), advanced distributed denial of service mitigation (DDoS), SSL/TLS encryption, and CDN across a global edge network to deliver the world's most secure and scalable digital experience on WordPress today. This partnership aims to provide business-critical security and CDN edge services to Enterprises and SMBs globally.
Sep 05, 2018
190 words in the original blog post.
On August 22, a new vulnerability (S2-057) was discovered in the Apache Struts framework that allows unauthenticated attackers to perform Remote Code Execution (RCE) on vulnerable hosts. This vulnerability is similar to previous Apache Struts vulnerabilities and can be mitigated by adjusting security rules. The exploit involves using Object-Graph Navigation Library (OGNL) expressions, which are often found in Apache Struts RCE payloads. The major difference between this vulnerability and others is the location where the payload can be supplied. Cloudflare has rules to protect against this particular vulnerability and many other Struts vulnerabilities, with no customer action required for Pro, Business, and Enterprise plan users. Since the disclosure, there has been a constant rate of attacks targeting S2-057 vulnerability, but most payloads are only probing rather than attempting to execute malicious actions.
Sep 05, 2018
643 words in the original blog post.
The text discusses the process of enabling ARM64 machines in a network and achieving software parity in a multi-architecture environment. It describes the software stack used by the author's organization, which includes Linux kernel, Debian distribution, and hundreds of packages built in-house. The author explains how they ported their code to ARM64 architecture using cross-compilation tools for Go and Rust languages. They also discuss challenges faced during this process, such as testing failures due to LD_LIBRARY_PATH not working, intermittent segfaults in Go programs, and shared library mixups. The author concludes by mentioning the steps taken to resolve these issues and how they are now supporting ARM64 as a first-class citizen for their developers.
Sep 02, 2018
1,772 words in the original blog post.