Rustradio – SDR framework now also in the browser, with Wasm
I’ve previously blogged about RustRadio, my GNU Radio like framework for writing software defined radio applications in Rust. And now there’s more progress of an interesting kind.
Anything that tries to do something similar to GNU Radio needs a few things:
- Core framework.
- SDR components (filters, clock recovery, multipliers, etc).
- A user interface.
In addition to these, GNU Radio also has the excellent GNU Radio Companion for interactive creation of flowgraphs, but I’m not tackling that yet.
I have a core framework, and some components (blocks). But the UI has been a bit lacking.
I’ve played around with TUI applications, but I always knew I also wanted to support having a UI in the browser. I’m not as interested in adding support for QT or Windows native UI. The browser will do fine.
There are two ways to get the UI in the browser:
- Have the browser talk to a backend that’s running the actual DSP.
- Running the DSP in the browser, with no need for a backend.
While I’ll want (1) eventually, and have some ideas about that, this post is about running everything in the browser, using Wasm.
I know that this is just scratching the surface Continue reading
500 Tbps of capacity: 16 years of scaling our global network
Cloudflare’s global network and backbone in 2026.
Cloudflare's network recently passed a major milestone: we crossed 500 terabits per second (Tbps) of external capacity.
When we say 500 Tbps, we mean total provisioned external interconnection capacity: the sum of every port facing a transit provider, private peering partner, Internet exchange, or Cloudflare Network Interconnect (CNI) port across all 330+ cities. This is not peak traffic. On any given day, our peak utilization is a fraction of that number. (The rest is our DDoS budget.)
It’s a long way from where we started. In 2010, we launched from a small office above a nail salon in Palo Alto, with a single transit provider and a reverse proxy you could set up by changing two nameservers.
Our first transit provider was nLayer Communications, a network most people now know as GTT. nLayer gave us our first capacity and our first hands-on company experience in peering relationships and the careful balance between cost and performance.
From there, we grew city by city: Chicago, Ashburn, San Jose, Amsterdam, Tokyo. Each new data center meant negotiating colocation contracts, pulling fiber, racking servers, and establishing peering through Continue reading
Best of the Hedge: Episode 30, Network Fundamentals
What are networking fundamentals, and why are they important? Join us for this repost of a classic Hedge discussion with Ethan, Eyvonne, Tom, and Russ.
download
LIU012: Behind the Curtain at Life In Uptime
Kevin and Alexis are back with a behind-the-scenes look at the podcast with guest Melina Bertholf, who joined the team a while back to help manage content. (And yes, sharp-eyed readers will notice a family name shared by Alexis and Melina). After interviewing many guests about their tech journeys, our hosts share their own personal... Read more »TCG073: From Vibes to Governed: What Building a Real Network Agent Reveals About Spec-Driven Development
Vibe coding: give AI a description of what you want, the model writes the code, you ship it, and then you hope for the best. It works great for side projects, but it can fall apart the moment you point an AI agent at production infrastructure. Today, William and Eyvonne sit down with John Capobianco,... Read more »NAN119: Adapting Core Automation Practices to Challenging Environments with Matt Campbell
Eric Chou is joined by Matt Campbell, a seasoned network engineer whose career has taken him into some of the most demanding and high-stakes environments around. Together they’ll explore how Matt’s automation philosophy, lessons learned, and best practices adapt when the margin of error is razor thin. Whether you’re automating basic configs or tackling brownfield... Read more »From bytecode to bytes: automated magic packet generation
Linux malware often hides in Berkeley Packet Filter (BPF) socket programs, which are small bits of executable logic that can be embedded in the Linux kernel to customize how it processes network traffic. Some of the most persistent threats on the Internet use these filters to remain dormant until they receive a specific "magic" packet. Because these filters can be hundreds of instructions long and involve complex logical jumps, reverse-engineering them by hand is a slow process that creates a bottleneck for security researchers.
To find a better way, we looked at symbolic execution: a method of treating code as a series of constraints, rather than just instructions. By using the Z3 theorem prover, we can work backward from a malicious filter to automatically generate the packet required to trigger it. In this post, we explain how we built a tool to automate this, turning hours of manual assembly analysis into a task that takes just a few seconds.
Before we look at how to deconstruct malicious filters, we need to understand the engine running them. The Berkeley Packet Filter (BPF) is a highly efficient technology that allows the kernel to pull specific packets from the network Continue reading
Cloudflare targets 2029 for full post-quantum security
Cloudflare is accelerating its post-quantum roadmap. We now target 2029 to be fully post-quantum (PQ) secure including, crucially, post-quantum authentication.
At Cloudflare, we believe in making the Internet private and secure by default. We started by offering free universal SSL certificates in 2014, began preparing our post-quantum migration in 2019, and enabled post-quantum encryption for all websites and APIs in 2022, mitigating harvest-now/decrypt-later attacks. While we’re excited by the fact that over 65% of human traffic to Cloudflare is post-quantum encrypted, our work is not done until authentication is also upgraded. Credible new research and rapid industry developments suggest that the deadline to migrate is much sooner than expected. This is a challenge that any organization must treat with urgency, which is why we’re expediting our own internal Q-Day readiness timeline.
What happened? Last week, Google announced they had drastically improved upon the quantum algorithm to break elliptic curve cryptography, which is widely used to secure the Internet. They did not reveal the algorithm, but instead provided a zero-knowledge proof that they have one.
This is not even the biggest breakthrough. That same day, Oratomic published a resource estimate for breaking RSA-2048 and P-256 on a neutral atom computer. For Continue reading
HS129: Achieving Operational Excellence
The best strategy in the world won’t succeed if a team falters operationally. But what is operational excellence, and what does it take to acquire it? Cal Poly faculty member (and former Intel strategist) John Miranda shares his thinking with our Heavy Strategy listeners. He discusses concepts like the theory of constraints, root-cause analysis, and... Read more »
PP104: How SocGholish Picks Locks to Let In Ransomware
In the cybercrime industry, initial access brokers specialize in break-ins. They pick digital locks and slide open electronic windows, and then sell that access to other threat actors who specialize in ransomware, exfiltration, and other crimes. SocGholish is a widely used tool in the access broker toolkit. Typically disguised as a legitimate software update, SocGholish... Read more »SONiC developments for visibility into AI/ML networks in 2026
v1.3 Egress sFlow support
RoCEv2 / Ultra Ethernet host adapters bypass the Linux kernel and transfer data directly to GPU memory, rendering traditional host-based network monitoring tools ineffective (tcpdump, Wireshark, eBPF etc.). Ingress/egress packet sampling on the top of rack switch offloads monitoring from the host to the switch to provide visibility into host traffic.In addition, some measurements may only be possible for egress sampled packets. For example, the v1.3 HLD describes how SONiC SAI drivers can support the sFlow Delay and Transit Structures extension:
Depending on platform capabilities, SAI driver may report additional attributes defined in https://github.com/torvalds/linux/blob/master/include/uapi/linux/psample.h. For example, PSAMPLE_ATTR_OUT_TC (egress queue), PSAMPLE_ATTR_OUT_TC_OCC (egress queue depth), and PSAMPLE_ATTR_LATENCY (transit delay) populate the sFlow Transit Delay Structures (https://sflow.org/sflow_transit.txt).Typically this data is only known when packets egress the switch and may only be available for egress sampled packets.
Transit delay and queuing describes the measurements and provides an example. The sFlow transit delay and queue Continue reading
The Internet Is No Longer Built for Humans
Recently a headline number stopped me in my tracks: automated traffic now officially exceeds human traffic on the internet. Not in some niche corner. Across the entire Internet. That is not a prediction about 2028. That is what happened by end of 2025. The data is clear HUMAN Security analyzed over 1 quadrillion digital interactions […]
The post The Internet Is No Longer Built for Humans first appeared on Rick Mur.How we built Organizations to help enterprises manage Cloudflare at scale
Cloudflare was designed to be simple to use for even the smallest customers, but it’s also critical that it scales to meet the needs of the largest enterprises. While smaller customers might work solo or in a small team, enterprises often have thousands of users making use of Cloudflare’s developer, security, and networking capabilities. This scale can add complexity, as these users represent multiple teams and job functions.
Enterprise customers often use multiple Cloudflare Accounts to segment their teams (allowing more autonomy and separation of roles), but this can cause a new set of problems for the administrators by fragmenting their controls.
That’s why today, we’re launching our new Organizations feature in beta — to provide a cohesive place for administrators to manage users, configurations, and view analytics across many Cloudflare Accounts.
The principle of least privilege is one of the driving factors behind enterprises using multiple accounts. While Cloudflare’s role-based access control (RBAC) system now offers fine-grained permissions for many resources, it can be cumbersome to enumerate all the resources one by one. Instead, we see enterprises use multiple accounts, so each team’s resources are managed by that team alone. This allows organic Continue reading
NB569: Adding Drones to Your DR Plan; Collision Avoidance (Orbital, not Wi-Fi)
Take a Network Break! We start with a critical vulnerability in Cisco’s Integrated Management Controller. In the news, Verizon settles patent litigation over IoT antenna technology, Cato Networks lets customers purchase individual services within its SASE offering, and Azure adds private application gateways that don’t require a public IP address. Thousands of F5 Big-IP instances... Read more »HN821: Boring Network Design Is Good
Ethan Banks sits down with Ryan Hamel at the 96th North American Network Operators’ Group (NANOG96). Ryan, a network automation developer for the Zayo Group, talks about why boring network design is actually a good thing. He and Ethan explore why simplicity and standardization are key to long-term success. They also emphasize the importance of... Read more »Hedge 301: SONiC
What’s the deal with SONiC? Is it easy to build and use, or hard? Is it something you should be looking at? Jeff Doyle joins Russ and Tom to look at the SONiC operating system, ecosystem, and deployment.
download
Lab: Summarizing IS-IS Level-1 Routes
IS-IS was designed to carry node addresses (NSAPs) between level-1 routers (called Intermediate Systems) within an area and area prefixes between level-2 routers, resulting in a perfect separation of concerns and forwarding information summarization. When IETF tried to use the same routing protocol for a networking stack with a completely different addressing mentality, something had to give.