netlab release 25.12 (25.12.02 to be exact – I had a few PEBCAK moments) was published last Friday. Here are the highlights:
Note: This post was updated with additional details regarding AWS Lambda.
Last year we announced basic support for Python Workers, allowing Python developers to ship Python to region: Earth in a single command and take advantage of the Workers platform.
Since then, we’ve been hard at work making the Python experience on Workers feel great. We’ve focused on bringing package support to the platform, a reality that’s now here — with exceptionally fast cold starts and a Python-native developer experience.
This means a change in how packages are incorporated into a Python Worker. Instead of offering a limited set of built-in packages, we now support any package supported by Pyodide, the WebAssembly runtime powering Python Workers. This includes all pure Python packages, as well as many packages that rely on dynamic libraries. We also built tooling around uv to make package installation easy.
We’ve also implemented dedicated memory snapshots to reduce cold start times. These snapshots result in serious speed improvements over other serverless Python vendors. In cold start tests using common packages, Cloudflare Workers start over 2.4x faster than AWS Lambda without SnapStart and 3x faster than Google Cloud Run.
In this blog post, we’ll explain Continue reading
Go’s embed feature lets you bundle static assets into an executable, but it stores them uncompressed. This wastes space: a web interface with documentation can bloat your binary by dozens of megabytes. A proposition to optionally enable compression was declined because it is difficult to handle all use cases. One solution? Put all the assets into a ZIP archive! 🗜️
The Go standard library includes a module to read and write ZIP archives. It
contains a function that turns a ZIP archive into an io/fs.FS
structure that can replace embed.FS in most contexts.1
package embed import ( "archive/zip" "bytes" _ "embed" "fmt" "io/fs" "sync" ) //go:embed data/embed.zip var embeddedZip []byte var dataOnce = sync.OnceValue(func() *zip.Reader { r, err := zip.NewReader(bytes.NewReader(embeddedZip), int64(len(embeddedZip))) if err != nil { panic(fmt.Sprintf("cannot read embedded archive: %s", err)) } return r }) func Data() fs.FS { return dataOnce() }
We can build the embed.zip archive with a rule in a Makefile. We specify the
files Continue reading
Daftar Pustaka
Indonesia adalah gugusan pulau yang memesona. Negara ini menyimpan ribuan potensi wisata pantai yang luar biasa. Setiap sudut menawarkan keindahan yang berbeda. Dari Sabang hingga Merauke, surga bahari tersimpan. Seorang traveler sejati pasti ingin menjelajahinya. Berikut daftar 9 pantai terbaik pilihan traveler. Pantai-pantai ini menawarkan pengalaman liburan tak terlupakan.
Daftar Pustaka
Selama hampir 160 tahun, Amandemen ke-14 menetapkan bahwa setiap orang yang lahir di wilayah Amerika Serikat berhak menjadi warga negara Amerika. Aturan itu hanya membuat sedikit pengecualian. Misalnya untuk anak diplomat atau anggota militer asing. Karena itu, banyak orang menganggap aturan tersebut sebagai fondasi utama identitas Amerika.
Namun, pemerintahan Donald Trump memicu perdebatan panas sejak awal masa jabatannya. Ia menandatangani perintah eksekutif untuk mengakhiri hak kewarganegaraan otomatis bagi anak yang lahir dari orang tua tanpa izin tinggal atau berstatus visa sementara. Trump melihat hal tersebut sebagai bagian dari reformasi imigrasi besar. Dia menilai bahwa keamanan nasional selalu menjadi prioritas utama.
Sementara itu, aktivis hak sipil dengan tegas menolak langkah keras tersebut. Mereka menyebut hak kewarganegaraan berdasarkan kelahiran sudah dijamin konstitusi, bukan sekadar kebijakan politik yang bisa diubah secara sepihak. Bahkan Cecillia Wang, Direktur ACLU, menegaskan bahwa tidak ada presiden yang bisa menghapus janji fundamental Amandemen ke-14.
Selanjutnya, banyak pengadilan federal langsung menghentikan perintah eksekutif Trump. Mereka menyatakan tindakan itu melanggar Konstitusi. Continue reading
In this episode of the Hedge, Geoff Huston joins Tom Ammon and Russ White to finish the discussion on the ideas behind DNS over HTTPS (DoH), and to consider the implications of its widespread adoption. Is it time to bow to our new overlords?
This is part two of a two part series. This is a “best of the Hedge” repost.
download
In the first VXLAN lab, we covered the very basics. Now it’s time for a few essential concepts (before introducing the EVPN control plane or integrated routing and bridging):
Note: This post was updated to clarify the relationship of the internal WAF tool with the incident on Dec. 5.
On December 5, 2025, at 08:47 UTC (all times in this blog are UTC), a portion of Cloudflare’s network began experiencing significant failures. The incident was resolved at 09:12 (~25 minutes total impact), when all services were fully restored.
A subset of customers were impacted, accounting for approximately 28% of all HTTP traffic served by Cloudflare. Several factors needed to combine for an individual customer to be affected as described below.
The issue was not caused, directly or indirectly, by a cyber attack on Cloudflare’s systems or malicious activity of any kind. Instead, it was triggered by changes being made to our body parsing logic while attempting to detect and mitigate an industry-wide vulnerability disclosed this week in React Server Components.
Any outage of our systems is unacceptable, and we know we have let the Internet down again following the incident on November 18. We will be publishing details next week about the work we are doing to stop these types of incidents from occurring.
The graph below shows HTTP 500 errors served by our network during the Continue reading
Sean Goedecke published an excellent set of recommendations for good technical writing, including:
Based on some emails I received in the past (and the lack of response to the lengthy emails I sent), we should apply the same rules to emails (and all other forms of technical communication).
Daftar Pustaka
Dunia musik modern diwarnai oleh sosok yang berbeda. Ia adalah Lizzo, seorang penyanyi, rapper, dan flutis berbakat. Namun, ia lebih dari sekadar seorang musisi. Lizzo adalah gerakan. Ia membawa pesan cinta diri dan body positivity ke panggung global. Dengan suara yang kuat dan kepribadian yang membara, ia menginspirasi jutaan orang.
Lahir dengan nama Melissa Viviane Jefferson, ia memulai perjalanannya di Detroit. Kemudian, ia dibesarkan di Houston, Texas. Di sanalah bakat bermusiknya mulai diasah. Ia belajar bermain flute klasik. Awalnya, ia tidak membayangkan akan menjadi bintang pop. Namun, takdir membawanya ke jalan yang luar biasa. Kini, ia menjadi salah satu ikon paling berpengaruh di generasinya.
Karier Lizzo tidak dibangun dalam semalam. Ia melewati banyak tantangan. Setelah kuliah, ia pindah ke Minneapolis untuk mengejar mimpinya. Di sana, ia membentuk beberapa grup musik. Ia juga merilis album pertamanya secara independen pada tahun 2013. Album itu berjudul “Lizzobangers”. Meskipun belum sukses besar, karyanya mulai mendapat perhatian.
Selanjutnya, ia pindah ke Los Angeles. Perpindahan ini menjadi titik balik dalam karirnya. Ia merilis dua Continue reading
Cloudflare has deployed a new protection to address a vulnerability in React Server Components (RSC). All Cloudflare customers are automatically protected, including those on free and paid plans, as long as their React application traffic is proxied through the Cloudflare Web Application Firewall (WAF).
Cloudflare Workers are inherently immune to this exploit. React-based applications and frameworks deployed on Workers are not affected by this vulnerability.
We strongly recommend that customers immediately update their systems to the most recent version of React, despite our WAF being designed to detect and prevent this exploit.
Cloudflare has been alerted by its security partners to a Remote Code Execution (RCE) vulnerability impacting Next.js, React Router, and other React frameworks (security advisory CVE-2025-55182, rated CVSS 10.0). Specifically, React version 19.0, 19.1, and 19.2, and Next.js from version 15 through 16 were found to insecurely deserialize malicious requests, leading to RCE.
In response, Cloudflare has deployed new rules across its network, with the default action set to Block. These new protections are included in both the Cloudflare Free Managed Ruleset (available to all Free customers) and the standard Cloudflare Managed Ruleset (available to all paying Continue reading
Welcome to the 23rd edition of Cloudflare’s Quarterly DDoS Threat Report. This report offers a comprehensive analysis of the evolving threat landscape of Distributed Denial of Service (DDoS) attacks based on data from the Cloudflare network. In this edition, we focus on the third quarter of 2025.
The third quarter of 2025 was overshadowed by the Aisuru botnet with a massive army of an estimated 1–4 million infected hosts globally. Aisuru unleashed hyper-volumetric DDoS attacks routinely exceeding 1 terabit per second (Tbps) and 1 billion packets per second (Bpps). The number of these attacks surged 54% quarter-over-quarter (QoQ), averaging 14 hyper-volumetric attacks daily. The scale was unprecedented, with attacks peaking at 29.7 Tbps and 14.1 Bpps.
Other than Aisuru, additional key insights in this report include:
DDoS attack traffic against AI companies surged by as much as 347% MoM in September 2025, as public concern and regulatory review of AI increases.
Escalating EU-China trade tensions over rare earth minerals and EV tariffs coincide with a significant increase in DDoS attacks against the Mining, Minerals & Metals industry as well as the Automotive industry in 2025 Q3.
Overall, in the third quarter of 2025, Cloudflare’s autonomous Continue reading
What could be better than watching 0x02 Jeffs discuss networking? How about having Petr Lapukhov of the RFC 7938 fame as a guest discussing AI/ML Data Center Design?
Note: Petr disappeared into the information black hole called Facebook over a decade ago, so I wondered how they allowed him to chat on a podcast for hours. It turns out he moved to NVIDIA, which might influence the podcast content a bit, but I’m pretty sure Petr is still Petr ;)