NB568: Arm Reaches for More AI Revenue with In-House CPU; Debating the FCC Router Ban
Take a Network Break! Mozilla is our Red Alert topic, with critical vulnerabilities in Firefox and Thunderbird. On the news front, we cover a string of security announcements from Palo Alto Networks, including a new certificate management service to help organizations keep up with shrinking cert lifetimes. Cisco announces new protections for AI agents and... Read more »Tech Bytes: Build Your Automation Foundation on Infrahub’s Data Management Platform (Sponsored)
Today on the Tech Bytes podcast we talk network automation. More specifically, we dig into the need for proper data management to support your network automation initiatives. Automation relies on accurate, up-to-date information about your infrastructure, but that information can be scattered across innumerable repositories, systems, and spreadsheets. And it may, or may not, be... Read more »Cloudflare Client-Side Security: smarter detection, now open to everyone
Client-side skimming attacks have a boring superpower: they can steal data without breaking anything. The page still loads. Checkout still completes. All it needs is just one malicious script tag.
If that sounds abstract, here are two recent examples of such skimming attacks:
In January 2026, Sansec reported a browser-side keylogger running on an employee merchandise store for a major U.S. bank, harvesting personal data, login credentials, and credit card information.
In September 2025, attackers published malicious releases of widely used npm packages. If those packages were bundled into front-end code, end users could be exposed to crypto-stealing in the browser.
To further our goal of building a better Internet, Cloudflare established a core tenet during our Birthday Week 2025: powerful security features should be accessible without requiring a sales engagement. In pursuit of this objective, we are announcing two key changes today:
First, Cloudflare Client-Side Security Advanced (formerly Page Shield add-on) is now available to self-serve customers. And second, domain-based threat intelligence is now complimentary for all customers on the free Client-Side Security bundle.
In this post, we’ll explain how this product works and highlight a new AI detection system designed to identify malicious JavaScript while Continue reading
Worth Reading 032826
In the previous note, the claim was not that the registry layer merely imposes visible fees or administrative inconvenience. The claim was more precise. The first extraction occurs when a scarce, transferable, revenue-enabling resource is kept institutionally discounted through non-asset rhetoric, conditional recognition, and friction around Continue reading
The Last Time
It's fading from our collective memory, but almost thirty years ago the global IT industry was gripped by Y2K fever. Another version of the counter rollover problem is coming back in 2036, 2038 and 2040. Hopefully we will avoid a large amount of hysteria this time around!TNO059: Design for Operations: Getting Vendor Support in the Ops Ecosystem
Scott Robohn and networking expert Russ White dive into the concept of design for operations. That is, they look at how to connect the design of a protocol or solution to how people are actually going to use it. They examine how protocol designers often overlook the teams that must operate them, creating some “inoperable”... Read more »HN820: Cyber Week 2026 Wrap Up with Palo Alto Networks: Agents, Prisma AIRS and NGTS (Sponsored)
Palo Alto Networks released a slew of product news at the 2026 RSA conference around AI security, SASE, and a new certificate lifecycle management offering. On today’s Heavy Networking, sponsored by Palo Alto Networks, Ethan and Drew dig into these announcements to get details about how they work. They also talk about the risks of... Read more »How we use Abstract Syntax Trees (ASTs) to turn Workflows code into visual diagrams
Cloudflare Workflows is a durable execution engine that lets you chain steps, retry on failure, and persist state across long-running processes. Developers use Workflows to power background agents, manage data pipelines, build human-in-the-loop approval systems, and more.
Last month, we announced that every workflow deployed to Cloudflare now has a complete visual diagram in the dashboard.
We built this because being able to visualize your applications is more important now than ever before. Coding agents are writing code that you may or may not be reading. However, the shape of what gets built still matters: how the steps connect, where they branch, and what's actually happening.
If you've seen diagrams from visual workflow builders before, those are usually working from something declarative: JSON configs, YAML, drag-and-drop. However, Cloudflare Workflows are just code. They can include Promises, Promise.all, loops, conditionals, and/or be nested in functions or classes. This dynamic execution model makes rendering a diagram a bit more complicated.
We use Abstract Syntax Trees (ASTs) to statically derive the graph, tracking Promise and await relationships to understand what runs in parallel, what blocks, and how the pieces connect.
Keep reading to learn how we built these diagrams, or deploy Continue reading
LIU011: Inside the Digital Nomad Life: The Good, The Hard, and the Wi-Fi
Alexis Bertholf and Kevin Nanns sit down for a conversation with Andrei Istrate, Senior Mobile Developer at Toptal. Andrei has taken the “mobile” part of his job literally: he’s built a life around travel and experiences rather than settling in one location. Andrei talks about the travel opportunities that remote work has presented, how he... Read more »RPKI ASPA: using the AS-PATH to secure BGP inter-domain routing
RPKI ASPA: a complement to RPKI/ROA that tackles BGP route hijacks through AS path manipulation. Why does BGP remain vulnerable? BGP was designed in an environment of mutual trust. Every…
The post RPKI ASPA: using the AS-PATH to secure BGP inter-domain routing appeared first on AboutNetworks.net.
A one-line Kubernetes fix that saved 600 hours a year
Every time we restarted Atlantis, the tool we use to plan and apply Terraform changes, we’d be stuck for 30 minutes waiting for it to come back up. No plans, no applies, no infrastructure changes for any repository managed by Atlantis. With roughly 100 restarts a month for credential rotations and unboarding, that added up to over 50 hours of blocked engineering time every month, and paged the on-call engineer every time.
This was ultimately caused by a safe default in Kubernetes that had silently become a bottleneck as the persistent volume used by Atlantis grew to millions of files. Here’s how we tracked it down and fixed it with a one-line change.
We manage dozens of Terraform projects with GitLab merge requests (MRs) using Atlantis, which handles planning and applying. It enforces locking to ensure that only one MR can modify a project at a time.
It runs on Kubernetes as a singleton StatefulSet and relies on a Kubernetes PersistentVolume (PV) to keep track of repository state on disk. Whenever a Terraform project needs to be onboarded or offboarded, or credentials used by Terraform are updated, we have to restart Atlantis to pick Continue reading
Hedge 300: Solving Injection Attacks
It’s episode 300, and it’s roundtable time. In this episode, Tom, Eyvonne, and Russ talk about how systems can be designed to prevent injection attacks, and then the perennial unpleasantness of layoffs.
download
Worth Reading: Securing NTP and the Origins of Time
Geoff Huston published an article supposedly describing the challenge of securing NTP, but as is usually the case, he couldn’t skip the prior art going all the way back (almost) to the formation of Earth.
Before coming to the how do we secure NTP section, you’ll learn everything about the wobbly Earth rotation, the changes in the Earth’s angular speed, the impact of tides, the smearing of leap seconds, the differences between UT1 and UTC, why we use quasars to measure time, and everything there is to know about NTP. Have fun!