Archive

Category Archives for "Networking"

End-to-End Integrity with IPFS

End-to-End Integrity with IPFS

This post describes how to use Cloudflare's IPFS gateway to set up a website which is end-to-end secure, while maintaining the performance and reliability benefits of being served from Cloudflare’s edge network. If you'd rather read an introduction to the concepts behind IPFS first, you can find that in our announcement. Alternatively, you could skip straight to the developer docs to learn how to set up your own website.

By 'end-to-end security', I mean that neither the site owner nor users have to trust Cloudflare to serve the correct documents, like they do now. This is similar to how using HTTPS means you don't have to trust your ISP to not modify or inspect traffic.

End-to-End Integrity with IPFS
End-to-End Integrity with IPFS

CNAME Setup with Universal SSL

The first step is to choose a domain name for your website. Websites should be given their own domain name, rather than served directly from the gateway by root hash, so that they are considered a distinct origin by the browser. This is primarily to prevent cache poisoning, but there are several functional advantages as well. It gives websites their own instance of localStorage and their own cookie jar which are sandboxed from inspection and manipulation by malicious third-party documents. Continue reading

Cloudflare goes InterPlanetary – Introducing Cloudflare’s IPFS Gateway

Cloudflare goes InterPlanetary - Introducing Cloudflare’s IPFS Gateway
Cloudflare goes InterPlanetary - Introducing Cloudflare’s IPFS Gateway

Today we’re excited to introduce Cloudflare’s IPFS Gateway, an easy way to access content from the InterPlanetary File System (IPFS) that doesn’t require installing and running any special software on your computer. We hope that our gateway, hosted at cloudflare-ipfs.com, will serve as the platform for many new highly-reliable and security-enhanced web applications. The IPFS Gateway is the first product to be released as part of our Distributed Web Gateway project, which will eventually encompass all of our efforts to support new distributed web technologies.

This post will provide a brief introduction to IPFS. We’ve also written an accompanying blog post describing what we’ve built on top of our gateway, as well as documentation on how to serve your own content through our gateway with your own custom hostname.

Quick Primer on IPFS

Cloudflare goes InterPlanetary - Introducing Cloudflare’s IPFS Gateway

Usually, when you access a website from your browser, your browser tracks down the origin server (or servers) that are the ultimate, centralized repository for the website’s content. It then sends a request from your computer to that origin server, wherever it is in the world, and that server sends the content back to your computer. This system has served the Internet well for decades, Continue reading

Welcome to Crypto Week

Welcome to Crypto Week
Welcome to Crypto Week

The Internet is an amazing invention. We marvel at how it connects people, connects ideas, and makes the world smaller. But the Internet isn’t perfect. It was put together piecemeal through publicly funded research, private investment, and organic growth that has left us with an imperfect tapestry. It’s also evolving. People are constantly developing creative applications and finding new uses for existing Internet technology. Issues like privacy and security that were afterthoughts in the early days of the Internet are now supremely important. People are being tracked and monetized, websites and web services are being attacked in interesting new ways, and the fundamental system of trust the Internet is built on is showing signs of age. The Internet needs an upgrade, and one of the tools that can make things better, is cryptography.

Every day this week, Cloudflare will be announcing support for a new technology that uses cryptography to make the Internet better. Everything we are announcing this week is free to use and provides a meaningful step towards supporting a new capability or structural reinforcement. So why are we doing this? Because it’s good for the users and good for the Internet. Welcome to Crypto Week!

A more Continue reading

The Week in Internet News: Facebook to Fact-Check Videos and Photos

Fight against fakes: Facebook plans to fact-check videos and photos posted on the social media platform in an effort to combat misinformation, reports the Associated Press on SeattleTimes.com. Fact-checkers will use several methods, including analyzing image metadata, to determine accuracy, and Facebook will label photos and videos that are fakes, the company said.

Regulating IoT: A controversial Internet of Things security bill has passed the California legislature, ZDNet reports. The bill requires IoT device makers to build in “reasonable security,” but the legislation is vague about what that might entail, critics say. Still, it’s the first bill passed in the U.S. that addresses IoT security.

Fake reports of fake news law’s demise: Malaysia’s opposition party has blocked efforts to repeal a controversial law that penalizes the spread of fake news, StraitsTimes.com reports. Critics say the law, which includes penalties of up to six years in prison for spreading misleading information, is an attack on free speech, but the Senate blocked the repeal in a challenge to the new government of Prime Minister Mahathir Mohamad.

Angry Birds tackles blockchain: We’ve talked about a lot of potential uses of blockchain technology here, but this is a new one. The Continue reading

Lenovo, NetApp team up vs. Dell EMC, HPE on storage

Lenovo and NetApp's storage alliance, joint venture in China, and new series of all-flash and hybrid flash products announced at Lenovo's Transform event, put them both in a much stronger position in the data center against rivals Dell EMC and HPE.The storage offerings include two familes, each subdivided into all-fash and hybrid -flash products, jointly developed by Lenovo and NetApp and available now worldwide. Several of the products support NVMe (non-volatile memory express), the extremely fast communications protocol and controller able to move data to and from SSDs via the PCIe-bus standard. NVMe SSDs are designed to provide two orders of magnitude speed improvement over prior SSDs.To read this article in full, please click here

Why banks didn’t ‘rip and replace’ their mainframes

Consumer demand for instant 24-hour access to personal bank data has taken the financial world in a new direction in less than one generation. Not only do bank IT departments now rival those of software development companies, but banking networks and infrastructure are at least as complex as a tech firm’s. Personal financial information has become one of the most protected and heavily regulated types of data in the world, and security measures and compliance programs consume the largest percentage of a financial institution’s IT budget.Knowing all this, it’s no wonder the “rip and replace” fad of the early 2000’s never materialized in the banking world. With everyone assuming the turn of the millennium meant “out with the old and in with the new,” companies were ready to rip the mainframes out of their infrastructure to prepare for whatever was next. But what came next never really materialized — or continued to prove inferior to the sheer processing power of the mainframe, which remains the only real choice for high-demand business computing.To read this article in full, please click here

Lenovo, NetApp team up vs. Dell EMC, HPE on storage

Lenovo and NetApp's storage alliance, joint venture in China, and new series of all-flash and hybrid flash products announced at Lenovo's Transform event, put them both in a much stronger position in the data center against rivals Dell EMC and HPE.The storage offerings include two familes, each subdivided into all-fash and hybrid -flash products, jointly developed by Lenovo and NetApp and available now worldwide. Several of the products support NVMe (non-volatile memory express), the extremely fast communications protocol and controller able to move data to and from SSDs via the PCIe-bus standard. NVMe SSDs are designed to provide two orders of magnitude speed improvement over prior SSDs.To read this article in full, please click here

Why banks didn’t ‘rip and replace’ their mainframes

Consumer demand for instant 24-hour access to personal bank data has taken the financial world in a new direction in less than one generation. Not only do bank IT departments now rival those of software development companies, but banking networks and infrastructure are at least as complex as a tech firm’s. Personal financial information has become one of the most protected and heavily regulated types of data in the world, and security measures and compliance programs consume the largest percentage of a financial institution’s IT budget.Knowing all this, it’s no wonder the “rip and replace” fad of the early 2000’s never materialized in the banking world. With everyone assuming the turn of the millennium meant “out with the old and in with the new,” companies were ready to rip the mainframes out of their infrastructure to prepare for whatever was next. But what came next never really materialized — or continued to prove inferior to the sheer processing power of the mainframe, which remains the only real choice for high-demand business computing.To read this article in full, please click here

Openswitch OPX 3.0.0 Installation On Ubuntu 18.04.1 LTS

I have covered installation of Openswitch OPX 2.3.2 on Linux Ubuntu 16.04 in a previous article. I will go further with this time and cover installation of Openswitch 3.0.0 on Ubuntu 18.04 (upgrade from 16.04). Firstly, it is worth to add that I haven't been successful with installation of any OPX version on Ubuntu 18.0.4.1. I have done several test with different Oracle VirtualBox versions (5.1, 5,2) but I have always got the error message VBoxManage: error: Code NS_ERROR_FACTORY_NOT_REGISTERED (0x80040154) - Class not registered (extended info not available). According to the words of developers installation of OPX 3.0.0 has been tested with Ubuntu 16.04 and Oracle VirtualBox 5.2.

1. Openswitch OPX 3.0.0 Installationon Ubuntu 18.04.1 Using Nested Virtualization

As I do not posses any spare hardware I decided to do a little workaround with the help of nested virtualization. Nested virtualization refers to virtualization that runs inside an already virtualized environment. In other words, it is the ability to run a hypervisor inside of a virtual machine (VM), which itself runs on a hypervisor. I installed Openswitch OPX 3.0.0 Continue reading

EVPN behind the curtains

Is EVPN magic? Well, like Arthur C Clarke said, any considerable leap in technology is indistinguishable from magic. On that premise, moving from a traditional layer 2 environment to VXLAN driven by EVPN has much of that same hocus pocus feeling. To help demystify the sorcery, this blog aims to help users new to EVPN create some step-by-step understanding of how EVPN works and how the control plane converges. In this blog post, we’ll focus on basic layer 2 (L2) building blocks then work our way up to layer 3 (L3) connectivity and the control plane.

We’ll be using the “reference topology” as our cable plan and foundation to build our understanding of the traffic flow. Our infrastructure will try to demystify a symmetric mode EVPN environment using distributed gateways. All the configurations are defined in this github repo. 

If you’d like to follow along as we go, feel free to launch your own CITC blank slate and deploy the above playbook:

EVPN message types

Like any good protocol, EVPN has a robust process for exchanging information with its peers. In EVPN this process uses message types. If you already know OSPF and the LSA messages you can Continue reading

JAMstack podcast episode: Listen to Cloudflare’s Kenton Varda speak about originless code

JAMstack podcast episode: Listen to Cloudflare's Kenton Varda speak about originless code

JAMstack Radio is a show all about the JAMstack, a new way to build fast & secure apps or websites. In the most recent episode, the host, Brian Douglas, met with Kenton Varda, tech lead for Cloudflare Workers and author of Sandstorm.io to discuss some of the infinite uses for running code at the edge.

Listen to what Kenton had to say about serverless technology in this twenty two minute podcast here:

JAMstack podcast episode: Listen to Cloudflare's Kenton Varda speak about originless code

Here's the transcript of the podcast as well:

Brian Douglas: Welcome to another installment of JAMstack Radio. In the room I've got Kenton Varda from Cloudflare.

Kenton Varda: Thanks for having me.

Brian: Thanks for coming all the way across San Francisco to chat with me in person. I'm curious who Kenton is, but I'm also curious what Cloudflare is. Can you answer both questions? Let's start with, "Who is Kenton?"

Kenton: I'm an engineer. I'm the architect of Cloudflare Workers. In a past life I worked for Google for several years. I was once known as the "protocol buffers guy," I was the one who open sourced that. And I founded a company called Sandstorm that was later acquired by Cloudflare.

Brian: I'm Continue reading

Base Go packages

The Go standard library is generally great, but some parts have replacements that are just plain better and remove frustrations that you may have not even realised were frustrations. Here are my recommendations for every Go program.

I wouldn’t recommend that anyone use the standard library version of these for any purpose, since better alternatives exist.

This list may expand in the future.

gorilla/mux

The standard router is fine, but very low level. Here’s some of the features that makes it vital.

Filter on HTTP method

With the standard router you have to manually check that the method is what you expect it to be, and if the same endpoint has both GET and POST then you have to route that yourself. With gorilla/mux it’s as simple as:

r := mux.NewRouter()
get := r.Method("GET").Subrouter()
post := r.Method("POST").Subrouter()
get.HandleFunc("/", handleRoot)
get.HandleFunc("/items", handleListItems)
post.HandleFunc("/items", handleUploadItem)

You can also assert that headers are in place, for example to check X-Requested-With because some API endpoints should not be allowed in cross-domain XHR requests. Adding it to the router instead of manual checks simplifies code and reduces risk of forgetting to add the check.

Pattern URLs

With Continue reading

Celebrating One Year With Our New Website

Images of our home page

It is hard for me to believe, but it was one year ago today that we launched this new website!  On September 14, 2017, James Wood began our flow of news with a welcoming blog post – and just a few days later the site was heavily used as part of our massive 25th Anniversary celebration. It was the culmination of a rather insane several months in which a whole crew of people within the Internet Society, as well as at our partners Moving Brands and ATTCK, all burned countless hours to make this site a reality.

One year later, we’ve published over 500 news articles and blog posts; published over 120 new resources and tutorials; promoted many events, and maintained a consistent flow of content on the critical issues affecting the Internet.

We’ve built campaign pages, integrated video and graphics (ex. our GIR page), showcased the amazing work our Chapters are doing, integrated social components (ex. our IoT page and Instagram), and pushed the limits of how many links any sane person should have on a page. I continue to be impressed by the beauty of pages like our Issues page (just move Continue reading

We’ve Added Another Google Cloud Course To Our Video Library!

Tune into Joseph Holbrook’s Associate GCP Cloud Engineer Course to learn about the requirements of the GCP Cloud Engineer Associate Exam.

About the Course:

An Associate Cloud Engineer deploys applications, monitors operations, and manages enterprise solutions. This individual is able to use Google Cloud Console and the command-line interface to perform common platform-based tasks to maintain one or more deployed solutions that leverage Google-managed or self-managed services on Google Cloud. The GCP Cloud Engineer Associate is one of Google’s newest certifications, this course will walk you through everything you need to know to ace your certification exam.

Prerequisites:

  • Basic knowledge of cloud technologies
  • Basic Knowledge of GCP Cloud
  • A will to learn GCP Cloud
  • Access to a free trial account with GCP
  • Ability to use Codelabs and Quiklabs