Meet Gatebot – a bot that allows us to sleep
In the past, we’ve spoken about how Cloudflare is architected to sustain the largest DDoS attacks. During traffic surges we spread the traffic across a very large number of edge servers. This architecture allows us to avoid having a single choke point because the traffic gets distributed externally across multiple datacenters and internally across multiple servers. We do that by employing Anycast and ECMP.
We don't use separate scrubbing boxes or specialized hardware - every one of our edge servers can perform advanced traffic filtering if the need arises. This allows us to scale up our DDoS capacity as we grow. Each of the new servers we add to our datacenters increases our maximum theoretical DDoS “scrubbing” power. It also scales down nicely - in smaller datacenters we don't have to overinvest in expensive dedicated hardware.
During normal operations our attitude to attacks is rather pragmatic. Since the inbound traffic is distributed across hundreds of servers we can survive periodic spikes and small attacks without doing anything. Vanilla Linux is remarkably resilient against unexpected network events. This is especially true since kernel 4.4 when the performance of SYN cookies was greatly improved.
But at some point, malicious traffic volume Continue reading
The History of Email
This was adapted from a post which originally appeared on the Eager blog. Eager has now become the new Cloudflare Apps.
QWERTYUIOP
— Text of the first email ever sent, 1971
The ARPANET (a precursor to the Internet) was created “to help maintain U.S. technological superiority and guard against unforeseen technological advances by potential adversaries,” in other words, to avert the next Sputnik. Its purpose was to allow scientists to share the products of their work and to make it more likely that the work of any one team could potentially be somewhat usable by others. One thing which was not considered particularly valuable was allowing these scientists to communicate using this network. People were already perfectly capable of communicating by phone, letter, and in-person meeting. The purpose of a computer was to do massive computation, to augment our memories and empower our minds.
Surely we didn’t need a computer, this behemoth of technology and innovation, just to talk to each other.
The computers which sent (and received) the first email.
The history of computing moves from massive data processing mainframes, to time sharing where many people share one computer, to the diverse collection of personal computing devices Continue reading
A New API Binding: cloudflare-php
Back in May last year, one of my colleagues blogged about the introduction of our Python binding for the Cloudflare API and drew reference to our other bindings in Go and Node. Today we are complimenting this range by introducing a new official binding, this time in PHP.
This binding is available via Packagist as cloudflare/sdk, you can install it using Composer simply by running composer require cloudflare/sdk. We have documented various use-cases in our "Cloudflare PHP API Binding" KB article to help you get started.
Alternatively should you wish to help contribute, or just give us a star on GitHub, feel free to browse to the cloudflare-php source code.
PHP is a controversial language, and there is no doubt there are elements of bad design within the language (as is the case with many other languages). However, love it or hate it, PHP is a language of high adoption; as of September 2017 W3Techs report that PHP is used by 82.8% of all the websites whose server-side programming language is known. In creating this binding the question clearly wasn't on the merits of PHP, but whether we wanted to help drive improvements to the developer experience for Continue reading
Project Jengo Strikes Its First Targets (and Looks for More)
Jango Fett by Brickset (Flickr)
When Blackbird Tech, a notorious patent troll, sued us earlier this year for patent infringement, we discovered quickly that the folks at Blackbird were engaged in what appeared to be the broad and unsubstantiated assertion of patents -- filing about 115 lawsuits in less than 3 years, and have not yet won a single one of those cases on the merits in court. Cloudflare felt an appropriate response would be to review all of Blackbird Tech’s patents, not just the one it asserted against Cloudflare, to determine if they are invalid or should be limited in scope. We enlisted your help in this endeavor by placing a $50,000 bounty on prior art that proves the Blackbird Tech patents are invalid or overbroad, an effort we dubbed Project Jengo.
Since its inception, Project Jengo has doubled in size and provided us with a good amount of high quality prior art submissions. We have received more than 230 submissions so far, and have only just begun to scratch the surface. We have already come across a number of standouts that appear to be strong contenders for invalidating many of the Blackbird Tech patents. This means it is Continue reading
#FuerzaMexico: A way to help Mexico Earthquake victims
Photo Credit: United Nations Photo (Flickr)
On September 19, 1985 Mexico City was hit with the most damaging earthquake in its history. Yesterday -exactly 32 years later- Mexico’s capital and neighbouring areas were hit again by a large earthquake that caused significant damage. While the scale of the destruction is still being assessed, countless people passed away and the lives of many have been disrupted. Today, many heroes are on the streets focusing on recovery and relief.
We at Cloudflare want to make it easy for people to help out those affected in central Mexico. The Mexico Earthquake app will allow visitors to your site to donate to one of the charities helping those impacted.
The Mexico Earthquake App takes two clicks to install and requires no code change. The charities listed are two well respected organizations that are on the ground helping people now.
If you wanted to add your own custom list of charities for disaster relief or other causes, feel free to fork the source of this app and make your own.
#FuerzaMéxico: Una manera de apoyar a los damnificados del SismoMX
El 19 de septiembre de 1985 la Ciudad de México fue afectada por Continue reading
Cloudflare and Google Offer App Developers $100,000 in Cloud Platform Credits
When Cloudflare started, our company needed two things: an initial group of users, and the finances to fund our development. We know most developers face the same issues. The Cloudflare Apps Platform solves the first problem by allowing third parties to develop applications that can be delivered across Cloudflare's edge network to any of the six million sites powered by Cloudflare. The Cloudflare Developer Fund alleviates the second by giving developers the financial support they need to fund their company. Today, we are excited to announce another initiative that will make it possible for developers to make their app dreams a reality.
Cloudflare and Google Cloud are working together to offer developers the resources needed to quickly launch and scale Cloudflare Apps. This partnership will give any Cloudflare Apps developer the chance to access a wide range of benefits including $3k - $100k of Google Cloud Platform (GCP) for one year at no cost. Some startups will also be eligible for 24/7 technical support, and access to GCP’s technical solutions team. This supports a core belief of the Cloudflare Apps initiative: we want developers to focus on building great Apps, not worry about paying for infrastructure. Hundreds of startups have Continue reading
Truth Lives in the Open: Lessons from Wikipedia
Victoria Coleman, CTO, Wikimedia Foundation
Moderator: Michelle Zatlyn, Co-Founder & COO, Cloudflare
Photo by Cloudflare Staff
MZ: What is the Wikimedia Foundation?
VC: We pride ourselves in aiming to make available information broadly
not-for-profit
We’re the 5th most visited site on the planet.
We are the guardians of the project. There are 12 projects that we support, Wikipedia is the most prominent but there are others that will be just as influential in the next 5 years: e.g. Wikidata.
299 languages
Let’s also talk about the things that we don’t do: we don’t do editing. We edit as community members but not as members of the foundation.
We don’t monetize our users, content, or presence. We are completely funded by donations, with an average donation of $15.
MZ: If your mission is to help bring free education to all, getting to everyone can be hard. So how do you get access to people in hard-to-reach areas?
VC: It’s definitely a challenge. We built this movement primarily in NA and EU, but our vision goes beyond that. We started doing some critically refined and focused research in Brazil, Mexico, Nigeria.
Trying to understand what global communities need in other Continue reading
Will Data Destroy Democracy?
Lawrence Lessig, Roy L. Furman Professor of Law and Leadership, Harvard Law School and Darren Bolding, CTO, Cambridge Analytica
Moderator: Matthew Prince, Co-Founder & CEO, Cloudflare
Photo by Cloudflare Staff
MP: If there’s one person responsible for the Trump presidency, it seems there is a compelling argument that that might be you.
DB: I very much disagree with that.
MP: How does Cambridge Analytica work, and how did the Trump campaign use it to win the presidency?
DB: we take that data and match it up with lists of voters, and combine that data science to come up with ideas about you who might want to sell a product to, or in teh case of politics, this is this person's’ propensity to vote, this is the candidate they are likely most interested in. WE also do all the digital advertising. By combining data with digital advertising, we have lots of power.
MP: so you don’t want to take credit for having won the election; but the campaign's use of data and targeting was an important factor in the election.
DB: Yes, and what Cambridge did was basically a great turnaround story.
MP: larry you ran a presidential Continue reading
As Seen on TV
Chris Cantwell, Co-Creator and Show Runner, Halt & Catch Fire
Moderator: John Graham-Cumming, CTO, Cloudflare
Photo by Cloudflare Staff
CC: first off, we have very low ratings! The story came from my father who worked in computers in the early 80s in dallas; later in california. The dynamic between those characters was influenced by my dad.
This was largely a story about reverse engineering. The underdog story was interesting: not Bill Gates, not Silicon Valley, but a different story about the computer world.
JGC: and you managed to do 4 seasons
CC: In four seasons we go from ‘83 to ‘94; we cover everything from small networks to building of internet backbone, rise in search and www
JGC: I watched it before I came; it gave me some bad memories because there were AOL disks
CC: We have an incredible prop team. Some comes from RI computer museum; i have to ask our prop master, he might have manufactured them from images online.
JGC: This is a show about tech but also about money; these people are trying to build companies. The same people trying again and again. Is that a metaphor for recycling something?
CC: Yes, i Continue reading
Private Companies, Public Squares
Daphne Keller, Director, Stanford Center for Internet & Society, and Lee Rowland, Senior Staff Attorney, ACLU Speech, Privacy & Technology Project
Moderator: Matthew Prince, Co-Founder & CEO, Cloudflare
Photo by Cloudflare Staff
MP: Technology and law seem like they are colliding more and more. Tech companies are being asked to regulate content. For a largely non-lawyer audience, give us some foundations about basic rules when you have content on your network?
LR: Communications 2.0 makes the 1st amendment almost quaint. The vast majority of speech that we exchange happens online. When it is hosted by private companies, the 1st amendment doesn’t constrain it. So this is a space governed by norms and individual choices of people like Matthew. In the wake of Cloudflare's decision to take down the Daily Stormer, Matthew penned a piece saying it’s scary that we have this power, and I exercised it. We have a completely unaccountable private medium of communication.
MP: There are shields for companies for this; What is intermediary liability and why is this a position at Google/Stanford?
DK: No one knows what it means; it’s a set of laws that tell platforms when they have to take down Continue reading
Betting on Blockchain
Juan Benet, Founder, Protocol Labs, and Jill Carlson, GM, Tezos Foundation
Moderator: Jen Taylor, Head of Product, Cloudflare
Photo by Cloudflare Staff
JT: Tell us about what BlockChain is
JC: Going back to 2008, advent of blockchain came with bitcoin white paper.
The word Blockchain wasn’t mentioned at that point, but that was the advent of this tech.
What it solved was niche problem called double spend problem. Creation of digital cash.
What you see in a bank account isn’t digital cash. The problem in cryptography was how to create digital cash that doesn't rely on 3rd party intermediary. This is what Bitcoin created.
JB: Blockchain packs in lots of stuff: useful as brand. Like internet/web in early 90s, the meaning is fuzzy.
Properties that all of these apps have in common:
Academic definition: A blockchain is an indelible chain of blocks; once you insert information into one of them it remains.
Marketing definition: many applications have been developed over last few years, all have to do with public verifiability. Reliance on cryptographic methods to achieve goals on clearing payments and the ability to check and verify.
Across the board, removing 3rd parties from equation. Establishing publicly verifiable Continue reading
The New Breed of Patent Trolls
Lee Cheng, President & Co-CLO, Symmetry IP LLC, and Vera Ranieri, Staff Attorney, Electronic Frontier Foundation
Moderator: Doug Kramer, General Counsel, Cloudflare
Photo by Cloudflare Staff
DK: Patent--IP issues and challenges are accelerating important supreme court cases. there’s also a flurry of legislative activity about patents. Good idea to talk about this topic: where is this going? How to push world in virtuous direction?
DK: current state of affairs. Vera: at the core is the patent itself, which is issued by and often adjudged by the patent office… is this where the problem lies?
VR: I like to blame everyone. How does someone get a patent in the first place? Someone comes up with an invention, patent attorney, documents it with opaque language, and files. The examiner then interprets the patent and searches for prior art, and says “I think this is what the patent owner is trying to claim.”
In the software space, it’s especially difficult. A lot of where inventing happens in software is right here, in businesses. People have a problem and find a solution by developing software. They don’t patent and publish.
Patent office tends to focus on patents.
DK: Talk about the Continue reading
If I Knew Then What I Know Now: Tales from the Early Internet
Paul Mockapetris, Inventor, DNS, and David Conrad, CTO, ICANN
Moderator: Matthew Prince, Co-Founder & CEO, Cloudflare
Photo by Cloudflare Staff
MP: You guys wrote all this stuff; why is the internet so broken?
PM: People complain about security flaws, but there is no security in original design of dns. I think of it that we haven’t had the right investment in rebuilding the infrastructure.
Original stuff was only good for 10 years, but we’ve been using it for 30.
DC: The fact that we were able to get Packard from one machine to another in the early days was astonishing in itself.
MP: So what are you worried about in terms of Internet infrastructure that we aren’t even thinking about?
PM: i’m worried about the fact that a lot of places like the ITF are very incremental in their thinking, and that people aren’t willing to take the next big jump. E.g. hesitancy to adopt blockchain
Being able to experiment and try new stuff is important.
The idea that you can't change anything because it will affect the security and stability of the internet. we need to weigh benefits and risks or we will eventually die of Continue reading
Making the World Better by Breaking Things
Ben Sadeghipour, Technical Account Manager, HackerOne, and Katie Moussouris, Founder & CEO, Luta Security
Moderator: John Graham-Cumming, CTO, Cloudflare
Photo by Cloudflare Staff
JGC: We’re going to talk about hacking
Katie Moussouris helps people how to work around security vulnerabilities.
Ben Sadeghipour is a technical account manager at HackerOne, and a hacker at night
JGC: Ben, you say you’re a hacker by night. Tell us about this.
BS: It depends who you ask: if they encourage it; or, we do it for a good reason. “Ethical hacker” - we do it for a good reason. Hacking can be illegal if you’re hacking without permission; but that’s not what we do.
JGC: You stay up all night
BS: I lock myself in the basement
JGC: Tell us about your company.
KM: I was invited to brief Pentagon when I worked at Microsoft; The pentagon was interested in the implementation of this idea in a large corporation like Microsoft.
“Hacking the pentagon”
The adoption of Bug Bounty has been slow. We were interested in working with a very large company like Microsoft. There was interest in implementing ideas from private sector at Pentagon. I helped the internal team at Continue reading
A Cloud Without Handcuffs
Brandon Philips, Co-Founder & CTO, CoreOS, and Joe Beda, CTO, Heptio, & Co-Founder, Kubernetes
Moderator: Alex Dyner, Co-Founder & COO, Cloudflare
Photo by Cloudflare Staff
We’re exploring increasing risk of few companies locking in customers gaining more power over time.
AD: I want to hear your stories about how you got into what you do.
JB: Kubernetes faced problem of either having googlers use rbs or bring X to rest of world. We wanted to have Googlers and outside people using something similar. We chose to do it as open source because you play a different game when you’re the underdog. Through open source we could garner interest. We wanted to provide applicational mobility.
AD: Brandon, talk about your mission and why you started company.
BP: We started CoreOS four years ago; We spent a lot of time thinking about this problem and containers were natural choice. They are necessary for achieving our mission. We wanted to allow people to have mobility around their applications. We wanted to enable new security model through containers. So we started building a product portfolio
AD: There are tradeoffs between using a container or an open source tech; how do you think Continue reading
Making Mobile Faster than Fixed Line
Cole Crawford, Founder & CEO, Vapor IO, and Chaitali Sengupta, Consultant, Qualcomm Datacenter Technologies
Moderator: Michelle Zatlyn, Co-Founder & COO, Cloudflare
Photo by Cloudflare Staff
CC: moved between private and public sector.
CS: her company added 100 million customers in India.
MZ: Let’s start with where we are today: trends or things you’re seeing in the marketplace that weren’t there 5 years ago.
CC: What’s interesting is combination of data mass and data velocity, resulting in a more dynamic internet. E.g. Latency wasn’t mentioned by customers at first; AI is helping to create a new low-latency internet.
CS: One of the biggest things is applying lessons of cloud to telecom to see how we can make systems more centralized and virtualized. Network function virtualization; putting things on general service servers. Now dovetailing into 5G, where we see more bandwidth.
MZ: We’re currently in 4G world; when will 5G standard get finalized?
CS: Standards are getting finalized; trials are getting started. Many 5G systems are up and running NWC America ... is running trials already. I would say end of next year or 2019
MZ: So the future is here and it’s almost distributed? 4G took 2 years to Continue reading
Disruptive Cryptography: Post-Quantum & Machine Learning With Encrypted Data
Shay Gueron, Associate Professor of Mathematics, University of Haifa, Israel, and Raluca Ada Popa, Assistant Professor of Computer Science, UC Berkeley
Moderator: John Graham-Cumming, CTO, Cloudflare
Photo by Cloudflare Staff
Raluca is also a Co-Director of the RISELab at UC Berkeley as well as Co-Founder and CTO of a cybersecurity startup called PreVeil. She developed practical systems that protect data confidentiality by computing over encrypted data as well as designed new encryption schemes that underlie these systems.
Shay was previously a Senior Principal Engineer, serving as Intel’s Senior Cryptographer and is now senior principal at AWS, and an expert in post-quantum, security, and algorithms.
JGC: Tell us about what you actually do.
RP: Computing on encrypted data is not just theoretical; it’s also exciting because you can keep data encrypted in the cloud. It covers hacking attacks while still enabling the functionality of the system. This is exciting because we can cover so many hacking attacks in one shot.
SG: I’m working on making new algorithms; also on making solutions for quantum computers that are increasingly strong.
SG: I’ve been working on cryptography: making it faster, recently I’ve been thinking about solutions for what will happen when we Continue reading
What Will AI Mean for Everyday Life?
Willie Tejada, Chief Developer Advocate, IBM and Anthony Goldbloom, CEO, Kaggle
Moderator: Jen Taylor, Head of Product, Cloudflare
Photo by Cloudflare Staff
JT: Our focus today is really what does AI mean for everyday life. I’m hearing a lot about AI. What is your assessment about where we are and how it is making a difference?
WT: we’re in an unprecedented, interesting era. From a consumer perspective, negative connotation.
It’s an interesting era we are in; these technologies are going to do a tremendous amount in terms of consumers selecting what they buy, Helping patient-centric care.
Combination of data set & availability of resources is fueling AI.
You might hear 90% of the world’s data has been created in the past two years. AI will help us deal with that kind of information overload.
The big difference with programming systems is that AI knows how to understand, reason, learn, interact.
AG: There is a set of techniques through which we can more accurately predict fraud, insurance plans, credit scoring.
This is a jump in the past 15 years.
5 years ago, the ability to do very exciting things with unstructured data, i.e. automating radiology. Then digital networks Continue reading
The View from Washington: The State of Cybersecurity
Avril Haines, Former Deputy National Security Advisor, Obama Administration
Moderator: Doug Kramer, General Counsel, Cloudflare
Photo by Cloudflare Staff
Avril began her career on the National Security Council, and went on to become the first female deputy at the CIA.
DK: How will cyber will play a role in military operations?
AH: We look at it from the perspective of “asymmetric threats”; state actors (those who have high-value assets that they can hold at risk with no threat to them). The US is more technologically advanced and relies on cyber more and more; we are as a consequence more vulnerable to cyber threats. Asymmetric threats thus hold at risk those things that are most important to us.
In the cyber realm we can’t quite define what constitutes a use of force, and saying so can be used against us. So this is an area that is crucial to continue working in; in many respects the US has the most to lose from using a framework that doesn’t work.
“The private sector is utterly critical in creating a framework that is going to work.”
We want to have widely-accepted norms and rules so that we can ask other countries Continue reading
Understanding the prevalence of web traffic interception
This is a guest post by Elie Bursztein who writes about security and anti-abuse research. It was first published on his blog and has been lightly edited.
This post summarizes how prevalent encrypted web traffic interception is and how it negatively affects online security according to a study published at NDSS 2017 authored by several researchers including the author of this post and Nick Sullivan of Cloudflare. We found that between 4% and 10% of the web’s encrypted traffic (HTTPS) is intercepted. Analyzing these intercepted connections further reveals that, while not always malicious, interception products most often weaken the encryption used to secure communication and puts users at risk.
This blog post presents a short summary of our study’s key findings by answering the following questions:
- How is encrypted web traffic intercepted? This section offers a short recap of how man-in-the-middle (MITM) interception is performed.
- How prevalent is HTTPS interception? This section explains how we measured the prevalence of HTTPS interception in the 8 billion connections we analyzed. Next, it summarizes the key trends observed when grouping these interceptions by OS (operating system), browser, and network.
- Who is intercepting secure web communication and why? This section provides an overview of Continue reading