In the previous note, the claim was not that the registry layer merely imposes visible fees or administrative inconvenience. The claim was more precise. The first extraction occurs when a scarce, transferable, revenue-enabling resource is kept institutionally discounted through non-asset rhetoric, conditional recognition, and friction around Continue reading
Cloudflare Workflows is a durable execution engine that lets you chain steps, retry on failure, and persist state across long-running processes. Developers use Workflows to power background agents, manage data pipelines, build human-in-the-loop approval systems, and more.
Last month, we announced that every workflow deployed to Cloudflare now has a complete visual diagram in the dashboard.
We built this because being able to visualize your applications is more important now than ever before. Coding agents are writing code that you may or may not be reading. However, the shape of what gets built still matters: how the steps connect, where they branch, and what's actually happening.
If you've seen diagrams from visual workflow builders before, those are usually working from something declarative: JSON configs, YAML, drag-and-drop. However, Cloudflare Workflows are just code. They can include Promises, Promise.all, loops, conditionals, and/or be nested in functions or classes. This dynamic execution model makes rendering a diagram a bit more complicated.
We use Abstract Syntax Trees (ASTs) to statically derive the graph, tracking Promise and await relationships to understand what runs in parallel, what blocks, and how the pieces connect.
Keep reading to learn how we built these diagrams, or deploy Continue reading
RPKI ASPA: a complement to RPKI/ROA that tackles BGP route hijacks through AS path manipulation. Why does BGP remain vulnerable? BGP was designed in an environment of mutual trust. Every…
The post RPKI ASPA: using the AS-PATH to secure BGP inter-domain routing appeared first on AboutNetworks.net.
Every time we restarted Atlantis, the tool we use to plan and apply Terraform changes, we’d be stuck for 30 minutes waiting for it to come back up. No plans, no applies, no infrastructure changes for any repository managed by Atlantis. With roughly 100 restarts a month for credential rotations and unboarding, that added up to over 50 hours of blocked engineering time every month, and paged the on-call engineer every time.
This was ultimately caused by a safe default in Kubernetes that had silently become a bottleneck as the persistent volume used by Atlantis grew to millions of files. Here’s how we tracked it down and fixed it with a one-line change.
We manage dozens of Terraform projects with GitLab merge requests (MRs) using Atlantis, which handles planning and applying. It enforces locking to ensure that only one MR can modify a project at a time.
It runs on Kubernetes as a singleton StatefulSet and relies on a Kubernetes PersistentVolume (PV) to keep track of repository state on disk. Whenever a Terraform project needs to be onboarded or offboarded, or credentials used by Terraform are updated, we have to restart Atlantis to pick Continue reading
It’s episode 300, and it’s roundtable time. In this episode, Tom, Eyvonne, and Russ talk about how systems can be designed to prevent injection attacks, and then the perennial unpleasantness of layoffs.
download
Geoff Huston published an article supposedly describing the challenge of securing NTP, but as is usually the case, he couldn’t skip the prior art going all the way back (almost) to the formation of Earth.
Before coming to the how do we secure NTP section, you’ll learn everything about the wobbly Earth rotation, the changes in the Earth’s angular speed, the impact of tides, the smearing of leap seconds, the differences between UT1 and UTC, why we use quasars to measure time, and everything there is to know about NTP. Have fun!
