The imminent arrival of a long-anticipated next-generation cellular technology presents some cutting-edge security challenges. Here's how to get ready.
As TLS 1.3 was ratified earlier this year, I was recollecting how we got started with it here at Cloudflare. We made the decision to be early adopters of TLS 1.3 a little over two years ago. It was a very important decision, and we took it very seriously.
It is no secret that Cloudflare uses nginx to handle user traffic. A little less known fact, is that we have several instances of nginx running. I won’t go into detail, but there is one instance whose job is to accept connections on port 443, and proxy them to another instance of nginx that actually handles the requests. It has pretty limited functionality otherwise. We fondly call it nginx-ssl.
Back then we were using OpenSSL for TLS and Crypto in nginx, but OpenSSL (and BoringSSL) had yet to announce a timeline for TLS 1.3 support, therefore we had to implement our own TLS 1.3 stack. Obviously we wanted an implementation that would not affect any customer or client that would not enable TLS 1.3. We also needed something that we could iterate on quickly, because the spec was very fluid back then, and also something Continue reading
I am a huge believer in “knowledge is key”. Yeah… I know… just reading that statement you are probably saying “well yeah… duh”.
Of course knowledge is key… duh, Fish! We know that! We love knowledge. We are knowledge seekers and we love to learn! I mean… if we didn’t love learning and knowledge why would we be reading this? Okay… got it. You love knowledge. You want to grow your knowledge. I hear you. You are basically saying… bring on the knowledge… max the setting! Got it.
So you most likely extend that desire for knowledge to most of the areas in your life.
For example….
Let’s Continue reading
In order to plan the transition to virtualizing their business, enterprises must consider the required functionality, as well as complexity, cost, and performance.
Part of its database build-out includes a new blockchain managed service.
Efficient packet dropping is a key part of Cloudflare’s distributed denial of service (DDoS) attack mitigations. In this post, we introduce a new tool in our packet dropping arsenal: L4Drop.
We've written about our DDoS mitigation pipeline extensively in the past, covering:
xt_bpf
module, and drops it.Both iptables and Floodgate send samples of received traffic to Gatebot for analysis, and filter incoming packets using rules generated by bpftools. This ends up looking something like this:
This pipeline has served us well, but a lot has changed since we implemented Floodgate. Our new Gen9 and ARM servers use different network Continue reading
Today on the Datanauts we examine why people stretch clusters, the problems this can cause, and alternative design strategies. Our guest is Erik Ableson, owner of the consultancy Infrageeks.
The post Datanauts 152: No More Stretched Clusters! appeared first on Packet Pushers.
Mobile service providers stand to benefit from the growing promise of network slicing, but many are not taking full advantage of the opportunity.
I'm about to embark on a new adventure.
The service mesh proxy was initially developed by Lyft and breezed through the CNCF incubation process a year faster than its fellow graduates.
“Our dominance in the core is why VMware avoids doing PoCs in accounts when we are in a head-to-head fight,” said CEO Dheeraj Pandey.
The company is building a corporate campus in Sunnyvale, California, to provide a home for its more than 1,000 employees in the Valley.
Today, the Internet Society’s Online Trust Alliance released its fifth annual Email Marketing & Unsubscribe Audit. OTA researchers analyzed the email marketing practices of 200 of North America’s top online retailers and, based on this analysis, offer prescriptive advice to help marketers provide consumers with choice and control over when and what messages they receive. The Audit assesses the end-to-end user experience from signing up for emails, to receiving emails, to the unsubscribe process and its results.
In the 2018 Audit, seventy-four percent of the top online retailers received “Best of Class” designation, meaning they scored eighty percent or higher in OTA’s analysis of their email marketing. In addition, ten retailers received perfect scores, meaning they adopted all twelve of OTA’s best practices. They are: Dick’s Sporting Goods, Home Depot, Lands’ End, Musician’s Friend, Office Depot, OpticsPlanet, Sierra Trading Post, Staples, Talbots, and Walgreens.
In the subscribe process there were several positive findings. The percentage of sites that had subscribe forms that were easy for the user to find was 94% in 2018, up from 85% in 2017. In addition, one-quarter of sites offered incentives such as free shipping to entice users to subscribe, down slightly from 28% in 2018.
DriveScale is all about the software. And what is the software? Much of the magic happens in DriveScale Composer. The chief value of DriveScale Composer is to compose any compute to any disk or flash, in a scalable way.
The post BiB 061: Understanding DriveScale Composer Architecture appeared first on Packet Pushers.
In this Network Collective community roundtable episode, Nick Russo and Jeff Tantsura join us to close out our MPLS series with an episode on Fast Reroute.
We would like to thank VIAVI Solutions for sponsoring this episode of Network Collective. VIAVI Solutions is an application and network management industry leader focusing on end-user experience by providing products that optimize performance and speed problem resolution. Helping to ensure delivery of critical applications for businesses worldwide, Viavi offers an integrated line of precision-engineered software and hardware systems for effective network monitoring and analysis. Learn more at www.viavisolutions.com/networkcollective.
Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/
The post Episode 40 – MPLS Part 4 – Fast Reroute appeared first on Network Collective.
The third edition of the India School on Internet Governance (inSIG) took place from 13–15 October 2018 at the India International Centre in New Delhi in partnership with the Internet Society Indian Chapters: Delhi, Trivandrum, Mumbai, and Kolkata. It was supported by the Beyond the Net Funding Programme with the participation of Olaf Kolkman, the Internet Society’s Chief Internet Technology Officer.
Ninety participants joined a three day activity event which included workshops, role play exercises and discussions. The event focused on educating emerging leaders from India and other South Asian countries, such as Afghanistan, Bangladesh, Nepal, and Sri Lanka on their role in the global Internet Governance ecosystem.
On 12 October 2018, two events were co-hosted: Firstly, The Internet Infrastructure Security Day, a workshop to learn more on pen Internet standards and sharing good practices as part of the Global Forum on Cyber Expertise (GFCE) – and secondly, India’s first Youth Internet Governance Forum (YIGF), which conducted multiple sessions on topics of relevance to young Internet users, particularly those in secondary school, college, and early employment. Both events were live streamed and viewed by over 1,500 participants.
A range of several industry experts offered insight into India’s Continue reading