Home / Companies / Cloudflare / Blog / December 2023

December 2023 Summaries

12 posts from Cloudflare

Filter
Month: Year:
Post Summaries Back to Blog
This project involved developing a differentially private version of DAP (Data Aggregation Protocol) which is a protocol designed by Cloudflare. The new version uses cryptographic techniques to protect sensitive information while still allowing aggregated data to be analyzed. It was implemented in the Rust programming language, and various differential privacy mechanisms were explored before finally settling on discrete Gaussian and discrete Laplace mechanisms. By adapting the Daphne implementation of DAP, a toy deployment of DAP with differential privacy was successfully run on network error logging data.
Dec 22, 2023 3,458 words in the original blog post.
The Federal Communications Commission (FCC) has proposed new net neutrality rules for internet service providers (ISPs), which would introduce significant protections for consumers and establish the responsibility held by ISPs. Net neutrality is the principle that ISPs should not discriminate against the traffic flowing through them, ensuring equal access to all legal content, applications or services. The FCC has gone back and forth on open internet rules over the past 15 years, with periods of promulgation and repeal, as well as court battles. Despite this fluctuation, surveys show that more than 80% of Americans support net neutrality principles. The proposed rules aim to ensure that ISPs do not block or throttle subscribers' access to content, nor engage in paid prioritization. The FCC is also proposing a "watch, learn, and act as required" case-by-case approach to interconnection challenges between networks.
Dec 21, 2023 1,563 words in the original blog post.
As schools approach winter break, they become more vulnerable to cyberattacks due to reduced staff presence and extended downtime. With fewer personnel on-site, routine monitoring and response to potential threats may be delayed, providing cybercriminals with an opportunity for attack. Schools store sensitive student and staff data, and the consequences of a successful cyberattack can be severe. Project Cybersafe Schools is a program designed to help eligible K-12 public school districts in the United States with a package of Zero Trust cybersecurity solutions at no cost and without any time limits. Since its launch, the program has received interest from over 200 school districts across more than 30 states and Guam, protecting over 60,000 students, teachers, and staff through Cloudflare's cloud email security and DNS filtering services.
Dec 20, 2023 955 words in the original blog post.
Cloudflare's new product, Turnstile, is designed to protect websites from spam and abuse while minimizing the impact on user experience. It achieves this by providing a simple yet robust solution for preventing fraudulent activity without requiring users to solve CAPTCHAs or other complex security challenges. Turnstile offers two modes of operation: Managed Mode and Pre-Clearance mode. In Managed Mode, Turnstile automatically detects and mitigates threats such as bots, scrapers, and account takeovers by issuing a challenge that must be solved before accessing the protected endpoint. Pre-Clearance mode is an enhancement to Managed Mode that offers greater flexibility in handling security challenges. In this mode, Turnstile issues turnstile tokens upon solving a challenge once per session. These tokens are automatically applied to the Cloudflare zone they were issued on, and their validity time can be controlled by adjusting the "Challenge Passage" setting within the dashboard. To implement Turnstile with Pre-Clearance, developers need to override the browser's fetch() function to introspect the Cf-Mitigated header for 'challenge.' If a challenge is issued, an overlay containing a Turnstile widget will appear in the web application. Once the user solves the Turnstile challenge, the overlay disappears, and the requested API result is shown successfully. Overall, Turnstile provides an effective way to secure websites against fraudulent activity while maintaining a positive user experience. It offers a range of features and customization options that make it suitable for various use cases across different industries.
Dec 18, 2023 1,445 words in the original blog post.
The Australian Government's new Cybersecurity Strategy is a comprehensive blueprint for securing the nation against cyber threats. By focusing on six key areas - addressing skills shortages in the sector, encouraging threat intelligence sharing and blocking, protecting critical infrastructure, developing sovereign capabilities, fostering resilience regionally and globally, and harmonizing international cyber standards - this strategy aims to make Australia a world leader in cybersecurity by 2030. At Cloudflare, we strongly support the goals outlined in this Strategy. We are committed to helping businesses of all sizes protect their digital assets against evolving threats, including quantum computing and artificial intelligence (AI). Our advanced security tools can help organizations detect and respond to potential breaches quickly and effectively. We also commend the government's efforts to promote threat sharing among industry peers, as effective cyber defense requires a collaborative approach across sectors and industries. We actively participate in Information Sharing and Analysis Centers (ISACs) to share our insights on emerging vulnerabilities with other members. Moreover, we are dedicated to protecting critical infrastructure organizations – both large enterprises and smaller entities that form the backbone of communities. To this end, we have launched Project Safekeeping in Australia and other global markets, offering no-cost and no-time limit Enterprise-level cybersecurity products for these critical entities. We believe that fostering a diverse workforce is essential to creating a strong cybersecurity ecosystem. As such, we actively promote diversity in our teams through inclusive recruitment practices and training programs aimed at mitigating unconscious bias. Lastly, we fully support the Strategy's aim of promoting a free and open Internet while encouraging competition among technology vendors. We also advocate for harmonizing international cyber standards to reduce operational burdens on businesses without compromising security levels. In conclusion, Cloudflare is excited to work with the Australian government and industry partners to help implement this ambitious Cybersecurity Strategy. Together, we can make Australia a safer place online and ensure that everyone – from critical infrastructure providers to everyday citizens – can enjoy the benefits of a secure digital environment.
Dec 18, 2023 1,686 words in the original blog post.
IPv6 adoption is estimated at around 13.2% of the time when connections to third-party servers are likely established over IPv6 rather than IPv4, according to data from Cloudflare's public DNS resolver (1.1.1.1). The client side adoption rate was observed at 35.9% for HTTP requests and 30.5% for A and AAAA-type DNS queries handled by 1.1.1.1, while the server side figure stood at 43.3%. Large websites and content sources have a critical role to play in enabling IPv6-capable clients to use IPv6 more often, as almost 40% of queries for domains in the Radar Top 100 are still limited to IPv4-only responses. Continued effort from all those involved can help accelerate progress towards full IPv6 adoption.
Dec 14, 2023 2,277 words in the original blog post.
1. Worldwide Internet traffic is estimated to have reached 376.4 Tbps by the end of November 2023. 2. The average speed of mobile networks globally increased from 59.8 Mbps in January to 64.9 Mbps in November 2023. 3. The average latency for mobile users reached 74.1 milliseconds at the end of November 2023, while the average packet loss rate was 0.08%. 4. Cloudflare’s network handled an estimated 5.9 quadrillion requests in 2023, up from 4.5 quadrillion requests in 2022. 5. In October 2023, nearly a third of the global TLS traffic was encrypted using Elliptic Curve encryption. 6. Post-quantum cryptography usage for TLS 1.3 connections increased to 1.7% by the end of November 2023.
Dec 12, 2023 6,730 words in the original blog post.
This year, 2023, has seen an evolving landscape of popular internet services. Google continues to dominate search engines globally, while Facebook remains the top social media platform despite recent controversies and criticisms. TikTok's rapid growth persists, especially among younger audiences. Microsoft Teams experienced a surge in usage during remote working and learning due to the COVID-19 pandemic, but its popularity has declined as people return to physical offices and schools. Amazon remains the unchallenged leader in e-commerce, while Zoom's video conferencing service saw a decline following widespread vaccination against COVID-19. The rise of generative AI services like OpenAI's ChatGPT demonstrates how quickly technology can change online behavior. Cryptocurrency exchanges experienced fluctuations as the market shifted. In gaming and metaverse sectors, Roblox maintained its popularity, while Oculus continued to grow in virtual reality applications. Overall, internet users continue to gravitate towards services that offer convenience, entertainment, communication, and information access. As technology advances and user preferences evolve, it is essential for service providers to adapt and innovate to maintain their relevance in the ever-changing digital landscape.
Dec 12, 2023 5,810 words in the original blog post.
Cloudflare, an internet security company, has detailed their Machine Learning Operations (MLops) approach that enables them to secure applications and APIs built with AI. They have shared their strategy for creating robust ML models, which includes steps such as data collection, model training, validation, deployment, and monitoring. Their framework is designed to provide a consistent pipeline from data to model, and then model to inference. The company has curated an array of model templates that serve as production-ready data science repositories with example models. These templates are deployed through production to ensure they remain stable foundations for future projects. To start a new project, all it takes is one Makefile command to build a new CICD project in the user's chosen git project. For orchestration, Cloudflare uses Directed Acyclic Graphs (DAGs), which are robust flow chart orchestration paradigms that weave together steps from data to model and then model to inference. They have experimented with different approaches such as Apache Airflow, Argo Workflows, Kubeflow Pipelines, and Temporal. In terms of hardware, the company leverages GPUs for core datacenter workloads and edge inference, and uses observability and metrics consumed by Prometheus to track orchestration performance, maximize hardware utilization, and operate within a Kubernetes-native experience. Adoption is an important aspect of MLops, and Cloudflare has found success when they can help get projects started and shape the pipelines for success. They have shared their components for shared use such as notebooks, orchestration, data versioning (DVC), feature engineering (Feast), and model versioning (MLflow) to enable collaboration across teams. Overall, Cloudflare's MLops approach is designed to help secure applications and APIs built with AI by leveraging the power of their network and providing a consistent pipeline from data to model and then model to inference.
Dec 07, 2023 1,833 words in the original blog post.
Cloudflare recently announced Workers AI, allowing developers to run serverless GPU-powered AI inference on its global network. To manage this effectively, Cloudflare leverages OpenBMC, an open-source firmware stack from the Open Compute Project (OCP). One key area of focus was updating Baseboard Management Controllers (BMCs), which are embedded microprocessors responsible for remote power management and other features on most servers. With OpenBMC, Cloudflare has been able to adjust its BMC firmware to accommodate new GPUs while maintaining operational efficiency with respect to thermals and power consumption. The company used the PID controller theory to fine-tune the fan settings for better cooling of the GPU-equipped servers. They also established communication with the GPU using SMBus protocol and leveraged OpenBMC's applications for simple configuration, making sensor data and inventory information available via IPMI or Redfish. Overall, Cloudflare has been able to leverage OpenBMC to gain more control and flexibility with its server configurations without sacrificing efficiency at the core of its network. This demonstrates the importance of being able to modify server firmware without being locked to traditional device update cycles.
Dec 06, 2023 1,745 words in the original blog post.
Cloudflare's 1.1.1.1 public DNS resolver has been ruled by Germany's Higher Regional Court not to be an appropriate tool for addressing online infringement or moderating content more generally. The court held that DNS services are protected under the EU's Digital Services Act, which recognizes different obligations for various Internet service types and lists DNS resolvers as non-hosting services.
Dec 05, 2023 2,191 words in the original blog post.
Cloudflare is planning to transition from a 1U chassis design to a 2U form factor for its Gen 12 Compute servers due to increasing CPU TDP and the need for better thermal management. This change will allow for larger fans, more efficient heat dissipation, and sufficient room for PCIe attached accelerators/GPUs. The move to 2U chassis design is expected to increase rack density, improve overall Total Cost of Ownership (TCO) benefit, and fully utilize available rack space and power budget. This technical readiness investigation has shown promising results, with the Gen 12 Compute servers set to launch into production soon.
Dec 01, 2023 1,350 words in the original blog post.