End-to-End Integrity with IPFS
This post describes how to use Cloudflare's IPFS gateway to set up a website which is end-to-end secure, while maintaining the performance and reliability benefits of being served from Cloudflare’s edge network. If you'd rather read an introduction to the concepts behind IPFS first, you can find that in our announcement. Alternatively, you could skip straight to the developer docs to learn how to set up your own website.
By 'end-to-end security', I mean that neither the site owner nor users have to trust Cloudflare to serve the correct documents, like they do now. This is similar to how using HTTPS means you don't have to trust your ISP to not modify or inspect traffic.
CNAME Setup with Universal SSL
The first step is to choose a domain name for your website. Websites should be given their own domain name, rather than served directly from the gateway by root hash, so that they are considered a distinct origin by the browser. This is primarily to prevent cache poisoning, but there are several functional advantages as well. It gives websites their own instance of localStorage and their own cookie jar which are sandboxed from inspection and manipulation by malicious third-party documents. Continue reading
Cloudflare goes InterPlanetary – Introducing Cloudflare’s IPFS Gateway
Today we’re excited to introduce Cloudflare’s IPFS Gateway, an easy way to access content from the InterPlanetary File System (IPFS) that doesn’t require installing and running any special software on your computer. We hope that our gateway, hosted at cloudflare-ipfs.com, will serve as the platform for many new highly-reliable and security-enhanced web applications. The IPFS Gateway is the first product to be released as part of our Distributed Web Gateway project, which will eventually encompass all of our efforts to support new distributed web technologies.
This post will provide a brief introduction to IPFS. We’ve also written an accompanying blog post describing what we’ve built on top of our gateway, as well as documentation on how to serve your own content through our gateway with your own custom hostname.
Quick Primer on IPFS
Usually, when you access a website from your browser, your browser tracks down the origin server (or servers) that are the ultimate, centralized repository for the website’s content. It then sends a request from your computer to that origin server, wherever it is in the world, and that server sends the content back to your computer. This system has served the Internet well for decades, Continue reading
Welcome to Crypto Week
The Internet is an amazing invention. We marvel at how it connects people, connects ideas, and makes the world smaller. But the Internet isn’t perfect. It was put together piecemeal through publicly funded research, private investment, and organic growth that has left us with an imperfect tapestry. It’s also evolving. People are constantly developing creative applications and finding new uses for existing Internet technology. Issues like privacy and security that were afterthoughts in the early days of the Internet are now supremely important. People are being tracked and monetized, websites and web services are being attacked in interesting new ways, and the fundamental system of trust the Internet is built on is showing signs of age. The Internet needs an upgrade, and one of the tools that can make things better, is cryptography.
Every day this week, Cloudflare will be announcing support for a new technology that uses cryptography to make the Internet better. Everything we are announcing this week is free to use and provides a meaningful step towards supporting a new capability or structural reinforcement. So why are we doing this? Because it’s good for the users and good for the Internet. Welcome to Crypto Week!
A more Continue reading
The Week in Internet News: Facebook to Fact-Check Videos and Photos
Fight against fakes: Facebook plans to fact-check videos and photos posted on the social media platform in an effort to combat misinformation, reports the Associated Press on SeattleTimes.com. Fact-checkers will use several methods, including analyzing image metadata, to determine accuracy, and Facebook will label photos and videos that are fakes, the company said.
Regulating IoT: A controversial Internet of Things security bill has passed the California legislature, ZDNet reports. The bill requires IoT device makers to build in “reasonable security,” but the legislation is vague about what that might entail, critics say. Still, it’s the first bill passed in the U.S. that addresses IoT security.
Fake reports of fake news law’s demise: Malaysia’s opposition party has blocked efforts to repeal a controversial law that penalizes the spread of fake news, StraitsTimes.com reports. Critics say the law, which includes penalties of up to six years in prison for spreading misleading information, is an attack on free speech, but the Senate blocked the repeal in a challenge to the new government of Prime Minister Mahathir Mohamad.
Angry Birds tackles blockchain: We’ve talked about a lot of potential uses of blockchain technology here, but this is a new one. The Continue reading
Lumina Networks Snags Cisco, Ericsson Executives to Lead Its Engineering
The SDN company hired Cisco's Avinash Parwaney as VP of engineering.
Neat Cisco Nexus Features You Might Have Missed
A brief review of some new Cisco Nexus features you may have missed hearing about.
Openswitch OPX 3.0.0 Installation On Ubuntu 18.04.1 LTS
I have covered installation of Openswitch OPX 2.3.2 on Linux Ubuntu 16.04 in a previous article. I will go further with this time and cover installation of Openswitch 3.0.0 on Ubuntu 18.04 (upgrade from 16.04). Firstly, it is worth to add that I haven't been successful with installation of any OPX version on Ubuntu 18.0.4.1. I have done several test with different Oracle VirtualBox versions (5.1, 5,2) but I have always got the error message VBoxManage: error: Code NS_ERROR_FACTORY_NOT_REGISTERED (0x80040154) - Class not registered (extended info not available). According to the words of developers installation of OPX 3.0.0 has been tested with Ubuntu 16.04 and Oracle VirtualBox 5.2.
1. Openswitch OPX 3.0.0 Installationon Ubuntu 18.04.1 Using Nested Virtualization
As I do not posses any spare hardware I decided to do a little workaround with the help of nested virtualization. Nested virtualization refers to virtualization that runs inside an already virtualized environment. In other words, it is the ability to run a hypervisor inside of a virtual machine (VM), which itself runs on a hypervisor. I installed Openswitch OPX 3.0.0 Continue reading
Valley-Free Routing in Data Center Fabrics
You might have noticed that almost every BGP as Data Center IGP design uses the same AS number on all spine switches (there are exceptions coming from people who use BGP as RIP with AS-path length serving as hop count… but let’s not go there).
There are two reasons for that design choice:
Read more ...EVPN behind the curtains
Is EVPN magic? Well, like Arthur C Clarke said, any considerable leap in technology is indistinguishable from magic. On that premise, moving from a traditional layer 2 environment to VXLAN driven by EVPN has much of that same hocus pocus feeling. To help demystify the sorcery, this blog aims to help users new to EVPN create some step-by-step understanding of how EVPN works and how the control plane converges. In this blog post, we’ll focus on basic layer 2 (L2) building blocks then work our way up to layer 3 (L3) connectivity and the control plane.
We’ll be using the “reference topology” as our cable plan and foundation to build our understanding of the traffic flow. Our infrastructure will try to demystify a symmetric mode EVPN environment using distributed gateways. All the configurations are defined in this github repo.
If you’d like to follow along as we go, feel free to launch your own CITC blank slate and deploy the above playbook:
EVPN message types
Like any good protocol, EVPN has a robust process for exchanging information with its peers. In EVPN this process uses message types. If you already know OSPF and the LSA messages you can Continue reading
JAMstack podcast episode: Listen to Cloudflare’s Kenton Varda speak about originless code
JAMstack Radio is a show all about the JAMstack, a new way to build fast & secure apps or websites. In the most recent episode, the host, Brian Douglas, met with Kenton Varda, tech lead for Cloudflare Workers and author of Sandstorm.io to discuss some of the infinite uses for running code at the edge.
Listen to what Kenton had to say about serverless technology in this twenty two minute podcast here:
Here's the transcript of the podcast as well:
Brian Douglas: Welcome to another installment of JAMstack Radio. In the room I've got Kenton Varda from Cloudflare.
Kenton Varda: Thanks for having me.
Brian: Thanks for coming all the way across San Francisco to chat with me in person. I'm curious who Kenton is, but I'm also curious what Cloudflare is. Can you answer both questions? Let's start with, "Who is Kenton?"
Kenton: I'm an engineer. I'm the architect of Cloudflare Workers. In a past life I worked for Google for several years. I was once known as the "protocol buffers guy," I was the one who open sourced that. And I founded a company called Sandstorm that was later acquired by Cloudflare.
Brian: I'm Continue reading
Base Go packages
The Go standard library is generally great, but some parts have replacements that are just plain better and remove frustrations that you may have not even realised were frustrations. Here are my recommendations for every Go program.
I wouldn’t recommend that anyone use the standard library version of these for any purpose, since better alternatives exist.
This list may expand in the future.
gorilla/mux
The standard router is fine, but very low level. Here’s some of the features that makes it vital.
Filter on HTTP method
With the standard router you have to manually check that the method is
what you expect it to be, and if the same endpoint has both GET and
POST then you have to route that yourself. With gorilla/mux it’s as simple as:
r := mux.NewRouter()
get := r.Method("GET").Subrouter()
post := r.Method("POST").Subrouter()
get.HandleFunc("/", handleRoot)
get.HandleFunc("/items", handleListItems)
post.HandleFunc("/items", handleUploadItem)
You can also assert that headers are in place, for example to check
X-Requested-With because some API endpoints should not be allowed in
cross-domain XHR requests. Adding it to the router instead of manual
checks simplifies code and reduces risk of forgetting to add the
check.
Pattern URLs
With Continue reading
Celebrating One Year With Our New Website
It is hard for me to believe, but it was one year ago today that we launched this new website! On September 14, 2017, James Wood began our flow of news with a welcoming blog post – and just a few days later the site was heavily used as part of our massive 25th Anniversary celebration. It was the culmination of a rather insane several months in which a whole crew of people within the Internet Society, as well as at our partners Moving Brands and ATTCK, all burned countless hours to make this site a reality.
One year later, we’ve published over 500 news articles and blog posts; published over 120 new resources and tutorials; promoted many events, and maintained a consistent flow of content on the critical issues affecting the Internet.
We’ve built campaign pages, integrated video and graphics (ex. our GIR page), showcased the amazing work our Chapters are doing, integrated social components (ex. our IoT page and Instagram), and pushed the limits of how many links any sane person should have on a page. I continue to be impressed by the beauty of pages like our Issues page (just move Continue reading
We’ve Added Another Google Cloud Course To Our Video Library!
Tune into Joseph Holbrook’s Associate GCP Cloud Engineer Course to learn about the requirements of the GCP Cloud Engineer Associate Exam.
About the Course:
An Associate Cloud Engineer deploys applications, monitors operations, and manages enterprise solutions. This individual is able to use Google Cloud Console and the command-line interface to perform common platform-based tasks to maintain one or more deployed solutions that leverage Google-managed or self-managed services on Google Cloud. The GCP Cloud Engineer Associate is one of Google’s newest certifications, this course will walk you through everything you need to know to ace your certification exam.
Prerequisites:
- Basic knowledge of cloud technologies
- Basic Knowledge of GCP Cloud
- A will to learn GCP Cloud
- Access to a free trial account with GCP
- Ability to use Codelabs and Quiklabs
Wireless Execs High on 5G Distributed Network Architecture
Virtualization is the key to making new 5G use cases a reality, according to top tech chiefs at U.S. wireless operators.
AWS vs. Azure: Users Share Their Experiences
Enterprise IT professionals offer their insights into two of the leading cloud platforms, AWS and Azure.