HS120: Eight New Year’s Resolutions for 2026
As you wind down 2025, what should you be planning to do for 2026? The Heavy Strategy team breaks it down for you with eight resolutions for the new year. From setting an AI strategy to cloud optimization, Johna and John can help you enter the new year prepared for what’s next. Other resolutions include... Read more »
Shifting left at enterprise scale: how we manage Cloudflare with Infrastructure as Code
The Cloudflare platform is a critical system for Cloudflare itself. We are our own Customer Zero – using our products to secure and optimize our own services.
Within our security division, a dedicated Customer Zero team uses its unique position to provide a constant, high-fidelity feedback loop to product and engineering that drives continuous improvement of our products. And we do this at a global scale — where a single misconfiguration can propagate across our edge in seconds and lead to unintended consequences. If you've ever hesitated before pushing a change to production, sweating because you know one small mistake could lock every employee out of critical application or take down a production service, you know the feeling. The risk of unintended consequences is real, and it keeps us up at night.
This presents an interesting challenge: How do we ensure hundreds of internal production Cloudflare accounts are secured consistently while minimizing human error?
While the Cloudflare dashboard is excellent for observability and analytics, manually clicking through hundreds of accounts to ensure security settings are identical is a recipe for mistakes. To keep our sanity and our security intact, we stopped treating our configurations as manual point-and-click tasks and Continue reading
IBM Broadens Its Enterprise Software Stack With Confluent Buy
This year, about 45 percent of the revenues at Big Blue will come from software. …
IBM Broadens Its Enterprise Software Stack With Confluent Buy was written by Timothy Prickett Morgan at The Next Platform.
NB555: AI and APIs Drive HPE’s Dual-Platform WLAN Strategy; Dell, HPE Dangle VMware Alternatives
Take a Network Break! Our Red Alert calls out a dangerous vulnerability in the popular open-source React library. On the news front, HPE decides on a “both and” strategy for its two wireless portfolios and rolls out an option to let customers pick and choose among cross-platform features in Mist and Aruba Networking Central through... Read more »Tech Bytes: How to Get DPUs from Niche to Transformative (Sponsored)
RG Nets builds gateways and centralized-authentication appliances to help manage and automate revenue-generating networks. On today’s Tech Bytes, we talk with RG Nets founder Simon Lok. But instead of talking about RG Nets, we delve into DPUs. This specialized hardware, which provides additional compute for network devices, has the potential to move from a niche... Read more »HN807: A ‘CLI Lifer’ No More
Andy Lapteff once considered himself a ‘CLI lifer.’ As a network engineer he wasn’t interested in Python. He didn’t want to learn to code. He had no desire to embrace any of the developer-like processes and tools creeping into the profession, particularly around network automation. That’s changed. On today’s Heavy Networking, Andy shares the professional,... Read more »netlab 25.12: Cisco IOS/XR Configuration Modules, More VXLAN Goodies
netlab release 25.12 (25.12.02 to be exact – I had a few PEBCAK moments) was published last Friday. Here are the highlights:
- Significantly improved Cisco IOS/XR support. With the netlab release 25.12, you can configure VLANs, VRFs, static routes, route redistribution, OSPF default routes, BGP confederations, and BGP local-as
- VXLAN-over-IPv6 on Arista EOS
- VXLAN with ingress replication on Cisco Catalyst 8000v
- The shutdown link/interface attribute can be used to start labs with interfaces turned off
- Large BGP community lists, implemented on Arista EOS, FRR, and Junos. You can use standard- or large community lists in routing policies
- The netlab validate command will reread validation tests from a modified lab topology file every time you run it. It can also read validation tests from a separate file.
Python Workers redux: fast cold starts, packages, and a uv-first workflow
Note: This post was updated with additional details regarding AWS Lambda.
Last year we announced basic support for Python Workers, allowing Python developers to ship Python to region: Earth in a single command and take advantage of the Workers platform.
Since then, we’ve been hard at work making the Python experience on Workers feel great. We’ve focused on bringing package support to the platform, a reality that’s now here — with exceptionally fast cold starts and a Python-native developer experience.
This means a change in how packages are incorporated into a Python Worker. Instead of offering a limited set of built-in packages, we now support any package supported by Pyodide, the WebAssembly runtime powering Python Workers. This includes all pure Python packages, as well as many packages that rely on dynamic libraries. We also built tooling around uv to make package installation easy.
We’ve also implemented dedicated memory snapshots to reduce cold start times. These snapshots result in serious speed improvements over other serverless Python vendors. In cold start tests using common packages, Cloudflare Workers start over 2.4x faster than AWS Lambda without SnapStart and 3x faster than Google Cloud Run.
In this blog post, we’ll explain Continue reading
Compressing embedded files in Go
Go’s embed feature lets you bundle static assets into an executable, but it stores them uncompressed. This wastes space: a web interface with documentation can bloat your binary by dozens of megabytes. A proposition to optionally enable compression was declined because it is difficult to handle all use cases. One solution? Put all the assets into a ZIP archive! 🗜️
Code
The Go standard library includes a module to read and write ZIP archives. It
contains a function that turns a ZIP archive into an io/fs.FS
structure that can replace embed.FS in most contexts.1
package embed import ( "archive/zip" "bytes" _ "embed" "fmt" "io/fs" "sync" ) //go:embed data/embed.zip var embeddedZip []byte var dataOnce = sync.OnceValue(func() *zip.Reader { r, err := zip.NewReader(bytes.NewReader(embeddedZip), int64(len(embeddedZip))) if err != nil { panic(fmt.Sprintf("cannot read embedded archive: %s", err)) } return r }) func Data() fs.FS { return dataOnce() }
We can build the embed.zip archive with a rule in a Makefile. We specify the
files Continue reading
9 Pantai Terbaik di Indonesia Versi Traveler: Surga Tersembunyi di Nusantara
Daftar Pustaka
Indonesia adalah gugusan pulau yang memesona. Negara ini menyimpan ribuan potensi wisata pantai yang luar biasa. Setiap sudut menawarkan keindahan yang berbeda. Dari Sabang hingga Merauke, surga bahari tersimpan. Seorang traveler sejati pasti ingin menjelajahinya. Berikut daftar 9 pantai terbaik pilihan traveler. Pantai-pantai ini menawarkan pengalaman liburan tak terlupakan.
Kontroversi Hak Kewarganegaraan di Amerika Serikat
Daftar Pustaka
Latar Belakang Perdebatan Besar di Amerika
Selama hampir 160 tahun, Amandemen ke-14 menetapkan bahwa setiap orang yang lahir di wilayah Amerika Serikat berhak menjadi warga negara Amerika. Aturan itu hanya membuat sedikit pengecualian. Misalnya untuk anak diplomat atau anggota militer asing. Karena itu, banyak orang menganggap aturan tersebut sebagai fondasi utama identitas Amerika.
Namun, pemerintahan Donald Trump memicu perdebatan panas sejak awal masa jabatannya. Ia menandatangani perintah eksekutif untuk mengakhiri hak kewarganegaraan otomatis bagi anak yang lahir dari orang tua tanpa izin tinggal atau berstatus visa sementara. Trump melihat hal tersebut sebagai bagian dari reformasi imigrasi besar. Dia menilai bahwa keamanan nasional selalu menjadi prioritas utama.
Sementara itu, aktivis hak sipil dengan tegas menolak langkah keras tersebut. Mereka menyebut hak kewarganegaraan berdasarkan kelahiran sudah dijamin konstitusi, bukan sekadar kebijakan politik yang bisa diubah secara sepihak. Bahkan Cecillia Wang, Direktur ACLU, menegaskan bahwa tidak ada presiden yang bisa menghapus janji fundamental Amandemen ke-14.
Pertarungan Hukum Menuju Mahkamah Agung
Selanjutnya, banyak pengadilan federal langsung menghentikan perintah eksekutif Trump. Mereka menyatakan tindakan itu melanggar Konstitusi. Continue reading
Best of the Hedge: Hedge 6 on DoH (Part 2)
In this episode of the Hedge, Geoff Huston joins Tom Ammon and Russ White to finish the discussion on the ideas behind DNS over HTTPS (DoH), and to consider the implications of its widespread adoption. Is it time to bow to our new overlords?
This is part two of a two part series. This is a “best of the Hedge” repost.
download
TNO051: Networks That Do: From Automated to Autonomous Networks with Meter (Sponsored)
Will it be possible to have fully autonomous networks in the near future? Anil Varanasi, CEO and Co-Founder of Meter, joins Scott Robohn in this sponsored episode to discuss the ongoing evolution from automated to autonomous networks. Anil breaks down how Meter differentiates from other networking vendors, discusses how Meter’s network products are vertically integrated... Read more »Lab: More Complex VXLAN Deployment Scenario
In the first VXLAN lab, we covered the very basics. Now it’s time for a few essential concepts (before introducing the EVPN control plane or integrated routing and bridging):
- Each VXLAN segment could have a different set of VTEPs (used to build the BUM flooding list)
- While the VXLAN Network Identifier (VNI) must be unique across the participating VTEPs, you could map different VLAN IDs into a single VNI (allowing you to merge two VLAN segments over VXLAN)
- Neither VXLAN VNI nor VLAN ID has to be globally unique (but it helps to make them unique to remain sane)
AWS Graviton5 Strikes A Different Balance For Server CPUs
Updated: We have obtained new information in the wake of publishing our story. …
AWS Graviton5 Strikes A Different Balance For Server CPUs was written by Timothy Prickett Morgan at The Next Platform.
Cloudflare outage on December 5, 2025
Note: This post was updated to clarify the relationship of the internal WAF tool with the incident on Dec. 5.
On December 5, 2025, at 08:47 UTC (all times in this blog are UTC), a portion of Cloudflare’s network began experiencing significant failures. The incident was resolved at 09:12 (~25 minutes total impact), when all services were fully restored.
A subset of customers were impacted, accounting for approximately 28% of all HTTP traffic served by Cloudflare. Several factors needed to combine for an individual customer to be affected as described below.
The issue was not caused, directly or indirectly, by a cyber attack on Cloudflare’s systems or malicious activity of any kind. Instead, it was triggered by changes being made to our body parsing logic while attempting to detect and mitigate an industry-wide vulnerability disclosed this week in React Server Components.
Any outage of our systems is unacceptable, and we know we have let the Internet down again following the incident on November 18. We will be publishing details next week about the work we are doing to stop these types of incidents from occurring.
The graph below shows HTTP 500 errors served by our network during the Continue reading
N4N044: Redundancy Vs. High Availability Part 2 – HA Networking Isn’t Free
In Part 1 of Redundancy vs. High Availability, we said that sometimes high availability and redundancy are considered to be the same thing, but we disagree. Holly and Ethan do agree that high availability can be considered a network design goal, and that redundancy is just one technique that can be used to help make... Read more »IPB189: RFC 9898 – Neighbor Discovery Considerations in IPv6 Deployments
The newly published RFC 9898 is the discussion of today’s podcast. The IPv6 Buzz crew explore the complexities of neighbor discovery and review solutions for both operators and architects. They share how this RFC serves as a single, detailed resource to improve your understanding of neighbor discovery and to reduce the potential attack surface in... Read more »Technical Writing: Lower Your Expectations
Sean Goedecke published an excellent set of recommendations for good technical writing, including:
- Keep it short
- Try to make your point in the first sentence
- Details matter less than you think.
Based on some emails I received in the past (and the lack of response to the lengthy emails I sent), we should apply the same rules to emails (and all other forms of technical communication).