Working to help the HBCU Smart Cities Challenge
Anyone who knows me knows that I am a proud member of the HBCU (Historically Black College or University) alumni. The HBCU Smart Cities Challenge invites all HBCUs across the United States to build technological solutions to solve real-world problems. When I learned that Cloudflare would be supporting the HBCU Smart Cities Challenge, I was on board immediately for so many personal reasons.
In addition to volunteering mentors as part of this partnership, Cloudflare offered HBCU Smart Cities the opportunity to apply for Project Galileo to protect and accelerate their online presence. Project Galileo provides free cyber security protection to free speech, public interest, and civil society organizations that are vulnerable to cyber attacks. After more than three years working at Cloudflare, I know that we can make the difference in bridging the gap in accessibility to the digital landscape by directly securing the Internet against today’s threats as well as optimizing performance, which plays a bigger role than most would think.
What is an HBCU?
A Historically Black College or University is defined as “any historically black college or university that was established prior to 1964, whose principal mission was, and is, the education of black Americans, and Continue reading
The latest from Cloudflare’s seventeen Employee Resource Groups
In this blog post, we’ll highlight a few stories from some of our 17 Employee Resource Groups (ERGs), including the most recent, Persianflare. But first, let me start with a personal story.
Do you remember being in elementary school and sitting in a classroom with about 30 other students when the teacher was calling on your classmates to read out loud from a book? The opportunity to read out loud was an exciting moment for many of my peers; one that made them feel proud of themselves. I, on the other hand, was frozen, in a state of panic, worried that I wouldn’t be able to sound out a word or completely embarrass myself by stuttering. I would practice reading the next paragraph in hopes that I wouldn’t mess up when I was called on. What I didn’t know at the time was that I was dyslexic, and I could barely read, especially out loud to a large group of people.
That is where I began to know the feeling of isolation. This feeling compounded year after year, when I wasn’t able to perform the way my peers did. My isolation prevailed from elementary school to middle school, through high Continue reading
Helping build a safer Internet by measuring BGP RPKI Route Origin Validation
The Border Gateway Protocol (BGP) is the glue that keeps the entire Internet together. However, despite its vital function, BGP wasn't originally designed to protect against malicious actors or routing mishaps. It has since been updated to account for this shortcoming with the Resource Public Key Infrastructure (RPKI) framework, but can we declare it to be safe yet?
If the question needs asking, you might suspect we can't. There is a shortage of reliable data on how much of the Internet is protected from preventable routing problems. Today, we’re releasing a new method to measure exactly that: what percentage of Internet users are protected by their Internet Service Provider from these issues. We find that there is a long way to go before the Internet is protected from routing problems, though it varies dramatically by country.
Why RPKI is necessary to secure Internet routing
The Internet is a network of independently-managed networks, called Autonomous Systems (ASes). To achieve global reachability, ASes interconnect with each other and determine the feasible paths to a given destination IP address by exchanging routing information using BGP. BGP enables routers with only local network visibility to construct end-to-end paths based on the arbitrary preferences of Continue reading
Introducing Cloudflare’s Third Party Code of Conduct
Cloudflare is on a mission to help build a better Internet, and we are committed to doing this with ethics and integrity in everything that we do. This commitment extends beyond our own actions, to third parties acting on our behalf. Cloudflare has the same expectations of ethics and integrity of our suppliers, resellers, and other partners as we do of ourselves.
Our new code of conduct for third parties
We first shared publicly our Code of Business Conduct and Ethics during Cloudflare’s initial public offering in September 2019. All Cloudflare employees take legal training as part of their onboarding process, as well as an annual refresher course, which includes the topics covered in our Code, and they sign an acknowledgement of our Code and related policies as well.
While our Code of Business Conduct and Ethics applies to all directors, officers and employees of Cloudflare, it has not extended to third parties. Today, we are excited to share our Third Party Code of Conduct, specifically formulated with our suppliers, resellers, and other partners in mind. It covers such topics as:
- Human Rights
- Fair Labor
- Environmental Sustainability
- Anti-Bribery and Anti-Corruption
- Trade Compliance
- Anti-Competition
- Conflicts of Interest
- Data Privacy and Continue reading
The unintended consequences of blocking IP addresses
In late August 2022, Cloudflare’s customer support team began to receive complaints about sites on our network being down in Austria. Our team immediately went into action to try to identify the source of what looked from the outside like a partial Internet outage in Austria. We quickly realized that it was an issue with local Austrian Internet Service Providers.
But the service disruption wasn’t the result of a technical problem. As we later learned from media reports, what we were seeing was the result of a court order. Without any notice to Cloudflare, an Austrian court had ordered Austrian Internet Service Providers (ISPs) to block 11 of Cloudflare’s IP addresses.
In an attempt to block 14 websites that copyright holders argued were violating copyright, the court-ordered IP block rendered thousands of websites inaccessible to ordinary Internet users in Austria over a two-day period. What did the thousands of other sites do wrong? Nothing. They were a temporary casualty of the failure to build legal remedies and systems that reflect the Internet’s actual architecture.
Today, we are going to dive into a discussion of IP blocking: why we see it, what it is, what it does, who it affects, Continue reading
Heavy Networking 660: Writing The Manual – An Insider’s View Of Product Documentation
On today’s Heavy Networking we get inside the process of technical writing and product documentation from a person deep in the trenches of creating docs. We also talk about why writing as a skill might be worth cultivating even if you aren’t responsible for creating the manual.
The post Heavy Networking 660: Writing The Manual – An Insider’s View Of Product Documentation appeared first on Packet Pushers.
Heavy Networking 660: Writing The Manual – An Insider’s View Of Product Documentation
On today’s Heavy Networking we get inside the process of technical writing and product documentation from a person deep in the trenches of creating docs. We also talk about why writing as a skill might be worth cultivating even if you aren’t responsible for creating the manual.Should You Choose A Manged Kubernetes Service Or Self-Host Kubernetes In The Cloud?
Once your organization has decided to implement Kubernetes, you have to make another incredibly important decision: Where is Kubernetes going to run? In this blog post, we’ll discuss managing Kubernetes yourself in the cloud vs. using a Managed Kubernetes Service or KaaS offering. What’s “Self-Hosted” Kubernetes? Kubernetes by itself is like the foundation of a […]
The post Should You Choose A Manged Kubernetes Service Or Self-Host Kubernetes In The Cloud? appeared first on Packet Pushers.
Kubernetes Unpacked 015: Managing Cloud Costs With FinOps
In this episode of the Kubernetes Unpacked podcast, Michael explores the concept of Financial Operations, or FinOps, with guest Chris Love. As CTOs get their cloud bills, they want to know why and how so much money is being spent. Chris introduces Michael to the concept of FinOps for tracking cloud spend, why it’s important, and how it can help engineers keep their jobs.
The post Kubernetes Unpacked 015: Managing Cloud Costs With FinOps appeared first on Packet Pushers.
Kubernetes Unpacked 015: Managing Cloud Costs With FinOps
In this episode of the Kubernetes Unpacked podcast, Michael explores the concept of Financial Operations, or FinOps, with guest Chris Love. As CTOs get their cloud bills, they want to know why and how so much money is being spent. Chris introduces Michael to the concept of FinOps for tracking cloud spend, why it’s important, and how it can help engineers keep their jobs.What’s new in Calico Enterprise 3.15: FIPS 140-2 compliance, new dashboards, egress gateway pod failover, and more!
Tigera provides the industry’s only active Cloud-Native Application Security Platform (CNAPP) for containers and Kubernetes. Available as a fully managed SaaS (Calico Cloud) or a self-managed service (Calico Enterprise), the platform prevents, detects, troubleshoots, and automatically mitigates exposure risks of security issues in build, deploy, and runtime stages across multi-cluster, multi-cloud, and hybrid deployments.
We are very excited to unveil Calico Enterprise 3.15 and its new capabilities that will further reduce your applications’ attack surface and improve threat detection capabilities. Read this blog to learn about some of the biggest highlights of this latest release.
FIPS-140-2 compliance for US federal regulation
US federal agencies require that any software they use be compliant with the Federal Information Processing Standard (140-2), also known as FIPS 140-2. FIPS 140-2 specifies security requirements that are satisfied by a cryptographic module of applications and environments. With the release of Calico Enterprise 3.15, you can now configure Calico Enterprise to run in a FIPS 140-2 level 1 compliant mode to pass compliance requirements when serving US federal regulatory agencies.
When installing Calico Enterprise, you now have the option to install the platform in FIPS-compliant mode. This will ensure that the Calico components that are Continue reading
IPv6 Buzz 116: Hey Vendors! What About IPv6-Only?
In today's IPv6 Buzz episode, Ed, Scott, and Tom talk about the good, bad, and ugly of vendor support for IPv6-only. While some vendors support dual-stack deployments, things get a little more precarious when you want to turn off IPv4 entirely.
The post IPv6 Buzz 116: Hey Vendors! What About IPv6-Only? appeared first on Packet Pushers.
IPv6 Buzz 116: Hey Vendors! What About IPv6-Only?
In today's IPv6 Buzz episode, Ed, Scott, and Tom talk about the good, bad, and ugly of vendor support for IPv6-only. While some vendors support dual-stack deployments, things get a little more precarious when you want to turn off IPv4 entirely.Hedge 158: The State of DDoS with Roland Dobbins
DDoS attacks continue to be a persistent threat to organizations of all sizes and in all markets. Roland Dobbins joins Tom Ammon and Russ White to discuss current trends in DDoS attacks, including the increasing scope and scale, as well as the shifting methods used by attackers.
Introducing Graphiant: The Future of Network-as-a-Service
As businesses continue to shift towards remote and distributed work environments, the need for secure and reliable network infrastructure has never been greater. Enter Graphiant, a new network-as-a-service (NaaS) provider that offers edge-to-edge security and scalability for businesses of all sizes.
Graphiant offers a unique approach to networking, leveraging advanced technologies like software-defined networking (SDN) and network function virtualization (NFV) to provide a flexible and secure network experience. This focus on security is one of the key advantages of their NaaS offering.
As cyber-attacks target more and more companies, the need for robust security measures has become paramount. Graphiant’s edge-to-edge security approach ensures that data is protected at every stage, from the edge of the network to the cloud.
But security isn’t the only benefit of Graphiant’s NaaS offering. The company also provides a high level of scalability, allowing businesses to expand or contract their network as needed quickly. These features are particularly useful for networks that are growing fast or dealing with fluctuating demands.
In addition to Graphiant’s cutting-edge technology and focus on security, another critical factor in Graphiant’s success is the expertise of its team. Many members of the Graphiant team were also involved in founding Viptela, a Continue reading
Partnering with civil society to track Internet shutdowns with Radar Alerts and API
This post is also available in 简体中文, 繁體中文, 日本語, 한국어, Deutsch, Français and Español.
Internet shutdowns have long been a tool in government toolboxes when it comes to silencing opposition and cutting off access from the outside world. The KeepItOn campaign by Access Now, a group that defends the digital rights of global Internet users, documented at least 182 Internet shutdowns in 34 countries in 2021. Many of these shutdowns occurred during public protests, elections, and wars as an extreme form of censorship in places like Afghanistan, Democratic Republic of the Congo, Ukraine, India, and Iran.
There are a range of ways governments block or slow communications, including throttling, IP blocking, DNS interference, mobile data shutoffs, and deep packet inspection, all with similar goals: exerting control over information.
Although Internet shutdowns are largely public, it is difficult to document and track the ways in which governments implement them. The shutdowns not only impact people’s ability to participate in civil and political life and the economy but also have grave consequences for trust in democratic institutions.
We have reported on these shutdowns in the past, and for Cloudflare Impact Week, we want Continue reading
Applying Human Rights Frameworks to our approach to abuse
Last year, we launched Cloudflare’s first Human Rights Policy, formally stating our commitment to respect human rights under the UN Guiding Principles on Business and Human Rights (UNGPs) and articulating how we planned to meet the commitment as a business to respect human rights. Our Human Rights Policy describes many of the concrete steps we take to implement these commitments, from protecting the privacy of personal data to respecting the rights of our diverse workforce.
We also look to our human rights commitments in considering how to approach complaints of abuse by those using our services. Cloudflare has long taken positions that reflect our belief that we must consider the implications of our actions for both Internet users and the Internet as a whole. The UNGPs guide that understanding by encouraging us to think systematically about how the decisions Cloudflare makes may affect people, with the goal of building processes to incorporate those considerations.
Human rights frameworks have also been adopted by policymakers seeking to regulate content and behavior online in a rights-respecting way. The Digital Services Act recently passed by the European Union, for example, includes a variety of requirements for intermediaries like Cloudflare that come from human rights Continue reading
How Cloudflare helps next-generation markets
One of the many magical things about the Internet is that it doesn’t have a country. The Internet doesn’t go through customs, it doesn’t need a visa, and it doesn’t speak any one language. To reach the world’s greatest information innovation, a user – no matter what country they’re in – only needs a device with a connection. The Internet will take care of the rest. At Cloudflare, part of our role is to make sure every person on the planet with an Internet connection has a good experience, whether they’re in a next-generation market or a current-gen market. In this blog we’re going to talk about how we define next-generation markets, how we help people in these markets get faster access to the websites and applications they use on a daily basis, and how we make it easy for developers to deploy services geographically close to users in next-generation markets.
What are next-generation markets?
Next-generation markets are the future of the Internet. Not only are there billions of people who will use the Internet more, as affordable access increases, but the trends in application development already point towards the mobile-first, sometimes mobile-only, way of providing content and services. The Continue reading
A new, configurable and scalable version of Geo Key Manager, now available in Closed Beta
Today, traffic on the Internet stays encrypted through the use of public and private keys that encrypt the data as it's being transmitted. Cloudflare helps secure millions of websites by managing the encryption keys that keep this data protected. To provide lightning fast services, Cloudflare stores these keys on our fleet of data centers that spans more than 150 countries. However, some compliance regulations require that private keys are only stored in specific geographic locations.
In 2017, we introduced Geo Key Manager, a product that allows customers to store and manage the encryption keys for their domains in different geographic locations so that compliance regulations are met and that data remains secure. We launched the product a few months before General Data Protection Regulation (GDPR) went into effect and built it to support three regions: the US, the European Union (EU), and a set of our top tier data centers that employ the highest security measures. Since then, GDPR-like laws have quickly expanded and now, more than 15 countries have comparable data protection laws or regulations that include restrictions on data transfer across and/or data localization within a certain boundary.
At Cloudflare, we like to be prepared for the future. Continue reading