0

Lights, Camera, Action! Business and Pro customers get bundled streaming video

Beginning December 1, 2022, if you have a Business or Pro subscription, you will receive a complimentary allocation of Cloudflare Stream. Here’s what this means:

• All Cloudflare customers with a Biz or Pro domain will be able to store up to 100 minutes of video content and deliver up to 10,000 minutes of video content each month at no additional cost
• If you need additional storage or delivery beyond the complimentary allocation, you will be able to upgrade to a paid Stream subscription from the Stream Dashboard.

Cloudflare Stream simplifies storage, encoding and playback of videos. You can use the free allocation of Cloudflare Stream for various use cases, such as background/hero videos, e-commerce product videos, how-to guides and customer testimonials.

Upload videos with no code

To upload your first video Stream, simply visit the Stream Dashboard and drag-and-drop the video file:

Once you upload a video, Stream will store and encode your video. Stream automatically optimizes your video uploads by creating multiple versions of it at different quality levels. This happens behind-the-scenes and requires no extra effort from your side. The Stream Player automatically selects the optimal quality level based on your website visitor’s Internet connection using a technology Continue reading

0

Don’t roll your own high cardinality analytics, use Workers Analytics Engine

Workers Analytics Engine (or for short, Analytics Engine) is a new way for developers to store and analyze time series analytics about anything using Cloudflare Workers, and it’s now in open beta! Analytics Engine is really good at gathering time-series data for really high cardinality and high-volume data sets from Cloudflare Workers. At Cloudflare, we use Analytics Engine to provide insight into how our customers use Cloudflare products.

Log, log, logging!

As an example, Analytics Engine is used to observe the backend that powers Instant Logs. Instant Logs allows Cloudflare customers to stream a live session of the HTTP logs for their domain to the Cloudflare dashboard. The backend for Instant Logs is built on Cloudflare Workers.

Briefly, the Instant Logs backend works by receiving requests from each Cloudflare server that processes a customer's HTTP traffic. These requests contain the HTTP logs for the customer’s HTTP traffic. The Instant Logs backend then forwards these HTTP logs to the customer’s browser via a WebSocket.

In order to ensure that the HTTP logs are being delivered smoothly to a customer's browser, we need to track the request rates across all active Instant Logs sessions. We also need to track the request rates Continue reading

0

Project A11Y: how we upgraded Cloudflare’s dashboard to adhere to industry accessibility standards

At Cloudflare, we believe the Internet should be accessible to everyone. And today, we’re happy to announce a more inclusive Cloudflare dashboard experience for our users with disabilities. Recent improvements mean our dashboard now adheres to industry accessibility standards, including Web Content Accessibility Guidelines (WCAG) 2.1 AA and Section 508 of the Rehabilitation Act.

Over the past several months, the Cloudflare team and our partners have been hard at work to make the Cloudflare dashboard¹ as accessible as possible for every single one of our current and potential customers. This means incorporating accessibility features that comply with the latest Web Content Accessibility Guidelines (WCAG) and Section 508 of the US’s federal Rehabilitation Act. We are invested in working to meet or exceed these standards; to demonstrate that commitment and share openly about the state of accessibility on the Cloudflare dashboard, we have completed the Voluntary Product Accessibility Template (VPAT), a document used to evaluate our level of conformance today.

Conformance with a technical and legal spec is a bit abstract–but for us, accessibility simply means that as many people as possible can be successful users of the Cloudflare dashboard. This is important because each day, more and more Continue reading

0

Goodbye, Alexa. Hello, Cloudflare Radar Domain Rankings

The Internet is a living organism. Technology changes, shifts in human behavior, social events, intentional disruptions, and other occurrences change the Internet in unpredictable ways, even to the trained eye.

Cloudflare Radar has long been the place to visit for accessing data and getting unique insights into how people and organizations are using the Internet across the globe, as well as those unpredictable changes to the Internet.

One of the most popular features on Radar has always been the “Most Popular Domains,” with both global and country-level perspectives. Domain usage signals provide a proxy for user behavior over time and are a good representation of what people are doing on the Internet.

Today, we’re going one step further and launching a new dataset called Radar Domain Rankings (Beta). Domain Rankings is based on aggregated 1.1.1.1 resolver data that is anonymized in accordance with our privacy commitments. The dataset aims to identify the top most popular domains based on how people use the Internet globally, without tracking individuals’ Internet use.

There are a few reasons why we're doing this now. One is obviously to improve our Radar features with better data and incorporate new learnings. But also, ranking Continue reading

0

Video: Kubernetes Services Types

Kubernetes services are like networking standards: there are so many to choose from. In his brief introduction to Kubernetes service types, Stuart Charlton listed six of them, and I’m positive there are more. That’s what you get when you’re trying to reinvent every network load balancing method known to mankind ;)

0

About a third of you cloud users need to learn resiliency lessons from Ian

Beyond the human cost, natural disasters like hurricane Ian can take a high toll on business continuity, causing enterprise-infrastructure damage that takes days or weeks to fix at a downtime cost in the six figures per hour. If Ian didn’t get you, now is the time to prepare for a future disaster that might hit your network.Vulnerable areas include cloud providers’ managed services that might require customers to explicitly specify they want their apps, compute, and storage housed in redundant, geographically separate availability zones. According to Uptime Institute, roughly one third of enterprises are architecting cloud apps that are vulnerable to outages in single cloud availability zones, rather than distributing their workloads across multiple zones.To read this article in full, please click here

0

About a third of cloud users need to learn resiliency lessons from Ian

Beyond the human cost, natural disasters like hurricane Ian can take a high toll on business continuity, causing enterprise-infrastructure damage that takes days or weeks to fix while downtime costs in the six figures per hour. If Ian didn’t impact your operations, now is the time to prepare for a future disaster that might hit your network.Vulnerable areas include cloud providers’ managed services that might require customers to explicitly specify they want their apps, compute, and storage housed in redundant, geographically separate availability zones. According to Uptime Institute, roughly one third of enterprises are architecting cloud apps that are vulnerable to outages in single cloud availability zones, rather than distributing their workloads across multiple zones.To read this article in full, please click here

0

About a third of you cloud users need to learn resiliency lessons from Ian

Beyond the human cost, natural disasters like hurricane Ian can take a high toll on business continuity, causing enterprise-infrastructure damage that takes days or weeks to fix at a downtime cost in the six figures per hour. If Ian didn’t get you, now is the time to prepare for a future disaster that might hit your network.Vulnerable areas include cloud providers’ managed services that might require customers to explicitly specify they want their apps, compute, and storage housed in redundant, geographically separate availability zones. According to Uptime Institute, roughly one third of enterprises are architecting cloud apps that are vulnerable to outages in single cloud availability zones, rather than distributing their workloads across multiple zones.To read this article in full, please click here

0

About a third of cloud users need to learn resiliency lessons from Ian

Beyond the human cost, natural disasters like hurricane Ian can take a high toll on business continuity, causing enterprise-infrastructure damage that takes days or weeks to fix while downtime costs in the six figures per hour. If Ian didn’t impact your operations, now is the time to prepare for a future disaster that might hit your network.Vulnerable areas include cloud providers’ managed services that might require customers to explicitly specify they want their apps, compute, and storage housed in redundant, geographically separate availability zones. According to Uptime Institute, roughly one third of enterprises are architecting cloud apps that are vulnerable to outages in single cloud availability zones, rather than distributing their workloads across multiple zones.To read this article in full, please click here

0

DNS Evolution: Innovation or Fragmentation?

How should we engage with evolution and innovation in the Internet’s name space? How can we evolve this name environment if we avoid fragmentation and stay within the confines of the incumbent name system? Are all that we are permitted to vary when we try to innovate in the name space are the values of the labels used within DNS names? This was never a satisfactory answer, and many actors have experimented with various forms of alternative name systems running over the Internet for many years. These efforts inevitably result in a fragmented name space. Is there a better way to respond to these conflicting pressures?

0

Kubernetes Unpacked 010: Troubleshooting And Alerting On Kubernetes

In this episode, Michael catches up with Natan Yellin, CEO of Robusta.dev. Michael and Ned chat about how logging and troubleshooting works in Kubernetes today. They discuss three stages of troubleshooting evolution - manual playbooks, automatic playbooks, and the third stage, which is what you do with logs and how automatic remediation can come into play for any Kubernetes environment.

0

Kubernetes Unpacked 010: Troubleshooting And Alerting On Kubernetes

In this episode, Michael catches up with Natan Yellin, CEO of Robusta.dev. Michael and Ned chat about how logging and troubleshooting works in Kubernetes today. They discuss three stages of troubleshooting evolution - manual playbooks, automatic playbooks, and the third stage, which is what you do with logs and how automatic remediation can come into play for any Kubernetes environment.

The post Kubernetes Unpacked 010: Troubleshooting And Alerting On Kubernetes appeared first on Packet Pushers.

0

IBM, Vodaphone, GSMA form group to promote quantum-safe networks

The Global System for Mobile Communications Association (GSMA), IBM and Vodaphone are teaming up to form a task force that will promote quantum-safe cryptography standards for telco networks and, ultimately, enterprise cloud service environments.The idea behind the new group, called the GSMA Post-Quantum Telco Network Taskforce, is to define requirements and create a standards-based roadmap to implement quantum-safe networking and mitigate anticipated security risks.“Telco networks are the underpinning of all enterprise services, regardless of what industry they are in, so it is critical that those networks [get] out in front of the security challenges quantum brings,” said Ray Harishankar, IBM Fellow, vice president, and leader of Big Blue’s Quantum Safe strategy. “The idea of the group is to start to develop a quantum-safe plan now, because the components and standards of that roadmap won’t be developed overnight.”To read this article in full, please click here

0

ITU elects US candidate, quelling concerns about internet fracture

Doreen Bogdan-Martin of the US today defeated Russia’s Rashid Ismailov by a convincing 139 to 25 in a vote to decide who will become the next secretary general of the International Telecommunications Union, allaying Western concerns about nation-state control and interoperability of the internet Bogdan-Martin, who will become the first woman to head the ITU in its 157-year history, is seen by some observers as the candidate most likely to preserve the ITU’s status as a neutral arbiter of a free and open internet, in opposition to recent Russian and Chinese maneuvering in the group that would have placed much more control over the internet’s basic functionality in the hands of nation-states.To read this article in full, please click here

0

MIT-based startup’s cooling tech can cut data center energy costs, footprint

Thanks to innovative cooling technology developed by an MIT-hatched startup, data center managers may soon be able to acquire servers and HPC (high-performance computing) devices that will significantly reduce the energy cost and footprint of the faciities they oversee.The startup, Jetcool, sprang from research conducted at MIT’s Lincoln Labs, and this month received an R&D 100 Award from R&D World magazine, marking it as a standout innovator for its use of what it calls “microconvection” liquid cooling of electronics.To read this article in full, please click here

0

MIT-based startup’s cooling tech can cut data center energy costs, footprint

Thanks to innovative cooling technology developed by an MIT-hatched startup, data center managers may soon be able to acquire servers and HPC (high-performance computing) devices that will significantly reduce the energy cost and footprint of the faciities they oversee.The startup, Jetcool, sprang from research conducted at MIT’s Lincoln Labs, and this month received an R&D 100 Award from R&D World magazine, marking it as a standout innovator for its use of what it calls “microconvection” liquid cooling of electronics.To read this article in full, please click here

0

The (hardware) key to making phishing defense seamless with Cloudflare Zero Trust and Yubico

This post is also available in 简体中文, Français, 日本語 and Español.

Hardware keys provide the best authentication security and are phish-proof. But customers ask us how to implement them and which security keys they should buy. Today we’re introducing an exclusive program for Cloudflare customers that makes hardware keys more accessible and economical than ever. This program is made possible through a new collaboration with Yubico, the industry’s leading hardware security key vendor and provides Cloudflare customers with exclusive “Good for the Internet” pricing.

Yubico Security Keys are available today for any Cloudflare customer, and they easily integrate with Cloudflare’s Zero Trust service. That service is open to organizations of any size from a family protecting a home network to the largest employers on the planet. Any Cloudflare customer can sign in to the Cloudflare dashboard today and order hardware security keys for as low as $10 per key.

In July 2022, Cloudflare prevented a breach by an SMS phishing attack that targeted more than 130 companies, due to the company’s use of Cloudflare Zero Trust paired with hardware security keys. Those keys were YubiKeys and this new collaboration with Yubico, the maker of YubiKeys, removes barriers for Continue reading

0

How Cloudflare implemented hardware keys with FIDO2 and Zero Trust to prevent phishing

Cloudflare’s security architecture a few years ago was a classic “castle and moat” VPN architecture. Our employees would use our corporate VPN to connect to all the internal applications and servers to do their jobs. We enforced two-factor authentication with time-based one-time passcodes (TOTP), using an authenticator app like Google Authenticator or Authy when logging into the VPN but only a few internal applications had a second layer of auth. That architecture has a strong looking exterior, but the security model is weak. We recently detailed the mechanics of a phishing attack we prevented, which walks through how attackers can phish applications that are “secured” with second factor authentication methods like TOTP. Happily, we had long done away with TOTP and replaced it with hardware security keys and Cloudflare Access. This blog details how we did that.

The solution to the phishing problem is through a multi-factor  authentication (MFA) protocol called FIDO2/WebAuthn. Today, all Cloudflare employees log in with FIDO2 as their secure multi-factor and authenticate to our systems using our own Zero Trust products. Our newer architecture is phish proof and allows us to more easily enforce the least privilege access control.

A little about the terminology of Continue reading

0

Now all customers can share access to their Cloudflare account with Role Based Access Controls

Cloudflare’s mission is to help build a better Internet. Pair that with our core belief that security is something that should be accessible to everyone and the outcome is a better and safer Internet for all. Previously, our FREE and PAYGO customers didn’t have the flexibility to give someone control of just part of their account, they had to give access to everything.

Starting today, role based access controls (RBAC), and all of our additional roles will be rolled out to users on every plan! Whether you are a small business or even a single user, you can ensure that you can add users only to parts of Cloudflare you deem appropriate.

Why should I limit access?

It is good practice with security in general to limit access to what a team member needs to do a job. Restricting access limits the overall threat surface if a given user was compromised, and ensures that you limit the surface that mistakes can be made.

If a malicious user was able to gain access to an account, but it only had read access, you’ll find yourself with less of a headache than someone who had administrative access, and could change how your Continue reading

0

Back in 2017 we gave you Unmetered DDoS Mitigation, here’s a birthday gift: Unmetered Rate Limiting

In 2017, we made unmetered DDoS protection available to all our customers, regardless of their size or whether they were on a Free or paid plan. Today we are doing the same for Rate Limiting, one of the most successful products of the WAF family.

Rate Limiting is a very effective tool to manage targeted volumetric attacks, takeover attempts, bots scraping sensitive data, attempts to overload computationally expensive API endpoints and more. To manage these threats, customers deploy rules that limit the maximum rate of requests from individual visitors on specific paths or portions of their applications.

Until today, customers on a Free, Pro or Business plan were able to purchase Rate Limiting as an add-on with usage-based cost of $5 per million requests. However, we believe that an essential security tool like Rate Limiting should be available to all customers without restrictions.

Since we launched unmetered DDoS, we have mitigated huge attacks, like a 2 Tbps multi-vector attack or the most recent 26 million requests per second attack. We believe that releasing an unmetered version of Rate Limiting will increase the overall security posture of millions of applications protected by Cloudflare.

Today, we are announcing that Free, Pro and Continue reading