Home / Companies / Cloudflare / Blog / August 2021

August 2021 Summaries

22 posts from Cloudflare

Filter
Month: Year:
Post Summaries Back to Blog
Cloudflare's hardware engineering team has been working on their generation 11 server since mid-2020, with the goal of introducing a new server platform to their edge network every 12 to 18 months. The design of these servers is in parallel with efforts to design next-generation edge servers using the Ampere Altra Arm architecture. AMD EPYC 7713 64-Core Processor was chosen for the generation 11 server, providing a 29% performance boost over the previous model while maintaining similar power consumption and thermal properties. The memory configuration has been updated to 384GB DDR4-3200, offering a several percent performance improvement with cost benefits. Samsung's PM9A3 SSDs were selected for Gen 11, providing a significant increase in read and write bandwidths compared to the previous generation drives. The network front remains unchanged with Mellanox ConnectX-4 dual-port 25G Ethernet. Cloudflare is also deploying open source firmware using OpenBMC for enhanced transparency, security, and integrity.
Aug 31, 2021 2,257 words in the original blog post.
The text discusses the implementation of async Rust libraries and the concept of self-referential types. It explains how futures work, why they were unsafe initially, and how Pin/Unpin made them safe. The author also demonstrates using Pin/Unpin to write tricky nested futures. He provides a detailed example of implementing a TimedWrapper that wraps an async function and collects metrics about it. The post concludes with a summary of the key points discussed, emphasizing the importance of understanding self-referential types and how Pin/Unpin can be used to write safe code in Rust.
Aug 26, 2021 2,375 words in the original blog post.
Cloudflare has introduced a new feature on its Workers platform that allows developers to view and filter console.log output and exceptions from a worker without any additional cost or configuration needed. The "Logs" tab in the dashboard displays detailed logs, including event status, type, request headers if triggered by an HTTP request, and sensitive URLs and headers are automatically redacted. This feature is also available for Durable Objects open beta users to help understand interactions between their Worker and a Durable Object. Advanced filtering can be done using wrangler CLI, Cloudflare's command-line tool for deploying Workers.
Aug 24, 2021 749 words in the original blog post.
Cloudflare has improved its Magic Transit GRE tunnel health check system, resulting in a more stable experience for customers and significantly reducing CPU and memory usage at its edge locations. The new system involves consistent hashing to assign tunnels to servers, allowing them to frequently check the weather for a few tunnels and share overall weather reports without overwhelming workloads. This led to over 70% reduction in CPU usage and nearly 85% decrease in memory usage.
Aug 23, 2021 1,405 words in the original blog post.
Cloudflare has announced the inclusion of its Browser Isolation service with its Teams Enterprise Plan at no additional cost, making browser isolation more accessible for businesses. The Browser Isolation service protects sensitive data inside web browsers by allowing administrators to define Zero Trust policies controlling who can copy, paste, and print data in any web-based application. This approach helps mitigate risks from malware and zero-day threats by shifting the risk of executing untrusted website code from users' local browsers to a secure browser hosted on Cloudflare's edge network. The service also provides administrators with more control over data loss prevention, allowing them to configure policies for copy-paste and printing functionality with per-rule granularity in the Cloudflare for Teams Dashboard.
Aug 20, 2021 1,066 words in the original blog post.
Cloudflare has introduced Tenant Control in its Gateway service, a feature that helps keep work-related activities separate from personal ones. Organizations can deploy Cloudflare Gateway to their corporate devices and apply rules ensuring that employees can only log in to the corporate version of the tools they need. This prevents users from logging into the wrong instance of popular applications and ensures that corporate data stays within corporate accounts. The service also provides security from threats on the Internet by sending all traffic leaving a device to Cloudflare's network where it can be filtered. Tenant Control is now available for customers to configure in the Cloudflare for Teams dashboard.
Aug 20, 2021 815 words in the original blog post.
In August 2021, Cloudflare's autonomous edge DDoS protection systems detected and mitigated a 17.2 million request-per-second (rps) DDoS attack, the largest HTTP DDoS attack ever seen by the company. The attack was launched by a powerful botnet targeting a financial industry customer of Cloudflare. The traffic originated from over 20,000 bots in 125 countries worldwide. This specific botnet has been observed twice within a few weeks, attacking different Cloudflare customers with varying intensity. Additionally, Mirai-based DDoS attacks have increased by 88% and 9% for L3/4 and L7 attacks respectively in July alone. The rise of these powerful botnets highlights the need for automated, always-on protection against such threats.
Aug 19, 2021 1,175 words in the original blog post.
The author adopted a pet named Ziggy and noticed its mischievous behavior while searching for food on the kitchen counter. To monitor Ziggy's actions remotely, the author decided to set up a pet cam using a Raspberry Pi with a camera module. They used Motion, a program that sets up the camera as a web server, and connected it to the Internet via Cloudflare Tunnel for secure access. The author also implemented Google authentication through Cloudflare Teams to ensure only authorized users could view the pet cam feed.
Aug 19, 2021 1,651 words in the original blog post.
Cloudflare has introduced a new feature, Access for SaaS applications, which extends its Zero Trust security model to cover Software-as-a-Service (SaaS) apps. This enables users to apply consistent security controls across both self-hosted and SaaS applications while consolidating logs in one place. The solution works by integrating with the Amazon Web Services (AWS) management console, Zendesk, and Salesforce, allowing teams to add a Zero Trust layer over every resource they use. This feature is designed to secure applications hosted on Cloudflare's network and SaaS apps that support Security Assertion Markup Language (SAML) authentication. It also supports enforcing managed devices and Gateway for SaaS applications, ensuring sensitive data can only be accessed with a corporately managed device.
Aug 18, 2021 930 words in the original blog post.
Cloudflare has introduced a new feature called Purpose Justification, which prompts users to provide a reason for accessing an application before logging in. This helps administrators monitor and control data access, ensuring that only necessary information is accessed for specific business purposes. The feature can be added to any existing or new Access application with just two clicks, allowing administrators to log and review employee justifications, add additional layers of security, customize modal text, and meet regulatory requirements for data access control. Purpose Justification capture in Cloudflare Access helps fulfill policy requirements and enables a thoughtful privacy and security framework for access controls.
Aug 18, 2021 1,058 words in the original blog post.
In April 2021, Cloudflare announced the revival of Project Jengo as a response to a patent troll called Sable Networks that sued them. The project is a prior art search contest where participants are asked to find evidence showing that Sable's patents are invalid because they claim something already known at the time the patent application was filed. Cloudflare committed $100,000 in cash prizes for winners who successfully find such prior art. The first chapter of this contest has now ended, and three winners have been selected to share a total of $20,000 in cash prizes. The contest is ongoing with $80,000 still to be given out.
Aug 18, 2021 2,290 words in the original blog post.
Cloudflare for Teams has introduced new device-based rules, allowing administrators to create rules based on several factors about the device, such as its OS, patch status, and domain join or disk encryption status. This enhances their existing Zero Trust model by considering not only the user's identity but also the security posture of the device they are connecting from. The new features cover a blind spot for applications and data, ensuring that users can access resources based on multiple factors with per-resource granularity. Six additional posture types have been added to improve device rule configuration. These enhancements aim to provide more comprehensive control over user access in a Zero Trust environment.
Aug 17, 2021 1,069 words in the original blog post.
Cloudflare for Teams has introduced a new feature called Shadow IT Discovery that helps detect and block unapproved SaaS applications with just two clicks. This feature addresses the problem of increasing usage of shadow IT, where users bypass approved applications to use alternative services, potentially compromising sensitive data. By using Cloudflare Gateway, administrators can now gain visibility into the SaaS applications being used in their environment and categorize them as approved or unapproved. This feature also provides insights into popular applications and helps IT teams anticipate software license needs earlier in the procurement lifecycle.
Aug 16, 2021 874 words in the original blog post.
Cloudflare is introducing a developer summer challenge, rewarding 300 participants with boxes of their most popular swag. To participate, developers must build a project using Cloudflare Workers and at least one other product in the rapidly expanding developer platform. Submissions will be judged based on innovation, integration of multiple Cloudflare products, and meeting basic challenge requirements. The challenge is open for submissions until November 1, 2021.
Aug 13, 2021 1,247 words in the original blog post.
Cloudflare is hosting a Summer Developer Challenge for its community members to participate in and win prizes. The challenge requires participants to use at least two products from the Cloudflare developer platform. The top 300 submissions will receive a box of popular swag items. The author shares their experience building the landing page and signup workflow for this contest, which includes using Pages, Workers, and Workers KV. They discuss routing, building and optimizing client pages, including HTML into the worker, accepting form submissions, sending transactional emails, and overall performance of the application.
Aug 13, 2021 3,326 words in the original blog post.
Cloudflare has announced an expansion of its Cryptographic Attestation of Personhood experiment, adding support for a wider range of devices including biometric authenticators like Apple's Face ID, Microsoft Hello, and Android Biometric Authentication. This will enable users to solve challenges in under five seconds with just a touch or view, without sending private biometric data to anyone. The company is also introducing support for many more hardware tokens in the experiment. Privacy remains at the center of this initiative, with all sensitive biometric data processed on the user's device and never transmitted to Cloudflare. The WebAuthn API prevents transmission of biometric information, ensuring that it stays on the user's device.
Aug 12, 2021 1,213 words in the original blog post.
Cloudflare has introduced Cryptographic Attestation of Personhood, a new method for proving identity or other properties of a user with a piece of hardware. This technique replaces CAPTCHAs with USB security keys and supports on-device biometric hardware. The company aims to improve privacy across the internet by using attestation in the WebAuthn standard, which lets websites know that your security key is authentic without revealing any sensitive information about the user or their device. Cloudflare has also open-sourced the code for this proof of personhood so everyone can benefit and contribute.
Aug 12, 2021 4,220 words in the original blog post.
Cloudflare has introduced Deploy Hooks for its Pages service, allowing users to trigger deployments based on updates made in other places rather than just via GitHub. This feature is particularly useful for bloggers and writers who author content consistently on their site but may not always be editing their copy directly via the code. Deploy Hooks are URLs created on Pages that accept an HTTP POST request to trigger new deployments outside the realm of a git command. The introduction of Deploy Hooks enables users to integrate their headless CMSs and databases with Cloudflare Pages, making it easier for content creators to manage their sites.
Aug 06, 2021 816 words in the original blog post.
Public schools in the United States, especially K-12s, have experienced a significant increase in cybersecurity attacks, with 408 publicly-disclosed incidents reported in 2020 alone. This marks an 18% increase over 2019 and follows an upward trend since the K-12 Cyber Incident Map started tracking incidents in 2016. Despite this growing threat, school districts often invest insufficiently in cybersecurity measures. To address this issue, technology companies like Cloudflare are offering tailored onboarding experiences to provide education entities with enterprise-level security services at an affordable price. One such solution is Cloudflare One, a network-as-a-service solution designed to replace traditional hardware boxes and on-premise appliances with a single network that provides cloud-based security, performance, and control through one user interface. This comprehensive approach helps protect schools from various cyber threats, including ransomware attacks, data breaches, and phishing scams.
Aug 05, 2021 1,100 words in the original blog post.
Postgres is a popular open-source SQL database technology widely used in the industry due to its vast features and reliability. It serves as a foundation for many modern developer experience tools, such as Hasura and Supabase. Many developers use REST APIs to interact with their data, and language-specific libraries like pg allow them to connect with Postgres directly. Cloudflare Workers has released a tutorial on connecting to Postgres inside Workers functions using PostgREST. This enables developers to build applications entirely on Cloudflare's edge, utilizing Workers as a performant API and Cloudflare Pages for the frontend user interface. By using PostgREST with Postgres, developers can build REST API-based applications that are an excellent fit for Cloudflare Workers.
Aug 04, 2021 742 words in the original blog post.
Storage in distributed systems is challenging due to potential race conditions and data loss risks. Durable Objects, a special type of Cloudflare Worker with access to persistent storage, faced these issues until recent changes were implemented. These changes include input gates, output gates, and automatic in-memory caching, which have made applications using Durable Objects faster, more intuitive, and less prone to errors by default. Developers can now write code that works well without needing expertise in database management or concurrency control.
Aug 03, 2021 4,074 words in the original blog post.
Cloudflare and Accenture Federal Services (AFS) have been selected by the Department of Homeland Security (DHS) to develop a joint solution for protecting the federal government against cyberattacks. The solution includes Cloudflare's protective DNS resolver, which will filter DNS queries from offices and locations within the federal government, and stream events directly to Accenture's analysis platform. This collaboration aims to enhance the security and reliability of critical infrastructure across various sectors, including state, local, tribal, and territorial partnerships, as well as the private sector. The solution will be offered by CISA to departments and agencies within the Federal Civilian Executive Branch.
Aug 02, 2021 1,342 words in the original blog post.