Cloudflare launches 1.1.1.1 DNS service with privacy, TLS and more

There was an important development this month with the launch of Cloudflare’s new 1.1.1.1 DNS resolver service. This is a significant development for several reasons, but in particular it supports the new DNS-over-TLS and DNS-over-HTTPS protocols that allow for confidential DNS querying and response.

Why 1.1.1.1?

Before we get to that though, Cloudflare joins Google’s Public DNS that uses 8.8.8.8 and Quad9 DNS that uses 9.9.9.9, by implementing 1.1.1.1 as a memorable IP address for accessing its new DNS service. IP addresses are generally not as memorable as domain names, but you need access to a DNS server before you can resolve domain names to IP addresses, so configuring numbers is a necessity. And whilst a memorable IP address might be cool, it’s also proved important recently when DNS resolvers have been blocked or taken down, requiring devices to be pointed elsewhere.

The 1.1.1.1 address is part of the 1.1.1.0 – 1.1.1.255 public IP address range actually allocated to APNIC, one of the five Regional Internet Registries, but it has been randomly used as an address for Continue reading

HPC Provides Big Bang, But Needs Big Bucks, Too

Supercomputers keep getting faster, but they are keep getting more expensive. This is a problem, and it is one that is going to eventually affect every kind of computer until we get a new technology that is not based on CMOS chips.

The general budget and some of the feeds and speeds are out thanks to the requests for proposal for the “Frontier” and “El Capitan” supercomputers that will eventually be built for Oak Ridge National Laboratory and Lawrence Livermore National Laboratory. So now is a good time to take a look at not just the historical performance of capability

HPC Provides Big Bang, But Needs Big Bucks, Too was written by Timothy Prickett Morgan at The Next Platform.

One in five serverless apps has a critical security vulnerability

Serverless computing is an emerging trend that is likely to explode in popularity this year. It takes the idea of a smaller server footprint to the next level. First, there were virtual machines, which ran a whole instance of an operating system. Then they were shrunk to containers, which only loaded the bare minimum of the OS required to run the app. This led to a smaller footprint.Now we have “serverless” apps, which is a bit of a misnomer. They still run on a server; they just don’t have a dedicated server, virtual machine, or container running 24/7. They run in a server instance until they complete their task, then shut down. It’s the ultimate in small server footprint and reducing server load.To read this article in full, please click here

One in five serverless apps has a critical security vulnerability

Serverless computing is an emerging trend that is likely to explode in popularity this year. It takes the idea of a smaller server footprint to the next level. First, there were virtual machines, which ran a whole instance of an operating system. Then they were shrunk to containers, which only loaded the bare minimum of the OS required to run the app. This led to a smaller footprint.Now we have “serverless” apps, which is a bit of a misnomer. They still run on a server; they just don’t have a dedicated server, virtual machine, or container running 24/7. They run in a server instance until they complete their task, then shut down. It’s the ultimate in small server footprint and reducing server load.To read this article in full, please click here

One in five serverless apps has a critical security vulnerability

Serverless computing is an emerging trend that is likely to explode in popularity this year. It takes the idea of a smaller server footprint to the next level. First, there were virtual machines, which ran a whole instance of an operating system. Then they were shrunk to containers, which only loaded the bare minimum of the OS required to run the app. This led to a smaller footprint.Now we have “serverless” apps, which is a bit of a misnomer. They still run on a server; they just don’t have a dedicated server, virtual machine, or container running 24/7. They run in a server instance until they complete their task, then shut down. It’s the ultimate in small server footprint and reducing server load.To read this article in full, please click here

DNA data storage closer to becoming reality

Hundreds of megabytes of data have been encoded using DNA in the last few years by scientists. But more recently, not only has the media been stored perfectly in the synthetic variant of the genetic instructions that make up all organic life, but archived data files have been individually retrieved with zero errors, too.It appears that Microsoft Research’s target of a DNA storage system actually functioning within a data center by the turn of the decade, as reported by MIT’s Technological Review a year ago, might be becoming increasingly viable.To read this article in full, please click here

Introducing Spectrum: Extending Cloudflare To 65,533 More Ports

Introducing Spectrum: Extending Cloudflare To 65,533 More Ports

Today we are introducing Spectrum, which brings Cloudflare’s security and acceleration to the whole spectrum of TCP ports and protocols for our Enterprise customers. It’s DDoS protection for any box, container or VM that connects to the internet; whether it runs email, file transfer or a custom protocol, it can now get the full benefits of Cloudflare. If you want to skip ahead and see it in action, you can scroll to the video demo at the bottom.

Introducing Spectrum: Extending Cloudflare To 65,533 More Ports

DDoS Protection

The core functionality of Spectrum is its ability to block large DDoS attacks. Spectrum benefits from Cloudflare’s existing DDoS mitigation (which this week blocked a 900 Gbps flood). Spectrum’s DDoS protection has already been battle tested. Just soon as we opened up Spectrum for beta, Spectrum received its first SYN flood.

One of Spectrum's earliest deployments was in front of Hypixel’s infrastructure. Hypixel runs the largest minecraft server, and because gamers can be - uh, passionate - they were one of the earliest targets of the terabit-per-second Mirai botnet. “Hypixel was one of the first subjects of the Mirai botnet DDoS attacks and frequently receives large attacks. Before Spectrum, we had to rely on unstable services & techniques Continue reading

Abusing Linux’s firewall: the hack that allowed us to build Spectrum

Abusing Linux's firewall: the hack that allowed us to build Spectrum

Today we are introducing Spectrum: a new Cloudflare feature that brings DDoS protection, load balancing, and content acceleration to any TCP-based protocol.

Abusing Linux's firewall: the hack that allowed us to build Spectrum
CC BY-SA 2.0 image by Staffan Vilcans

Soon after we started building Spectrum, we hit a major technical obstacle: Spectrum requires us to accept connections on any valid TCP port, from 1 to 65535. On our Linux edge servers it's impossible to "accept inbound connections on any port number". This is not a Linux-specific limitation: it's a characteristic of the BSD sockets API, the basis for network applications on most operating systems. Under the hood there are two overlapping problems that we needed to solve in order to deliver Spectrum:

  • how to accept TCP connections on all port numbers from 1 to 65535
  • how to configure a single Linux server to accept connections on a very large number of IP addresses (we have many thousands of IP addresses in our anycast ranges)

Assigning millions of IPs to a server

Cloudflare’s edge servers have an almost identical configuration. In our early days, we used to assign specific /32 (and /128) IP addresses to the loopback network interface[1]. This worked well when we had dozens of IP Continue reading

리눅스 방화벽을 남용하기: Spectrum 을 만들 수 있었던 ​해킹​

리눅스 방화벽을 남용하기: Spectrum 을 만들 수 있었던 ​해킹​

This is a Korean translation of a prior post by Marek Majkowski.

얼마전 우리는 Spectrum을 발표하였습니다: 어떤 TCP 기반의 프로토콜이라도 DDoS 방어, 로드밸런싱 그리고 컨텐츠 가속을 할 수 있는 새로운 Cloudflare의 기능입니다.

리눅스 방화벽을 남용하기: Spectrum 을 만들 수 있었던 ​해킹​
CC BY-SA 2.0 image by Staffan Vilcans

Spectrum을 만들기 시작하고 얼마 되지 않아서 중요한 기술적 난관에 부딛히게 되었습니다: Spectrum은 1부터 65535 사이의 어떤 유효한 TCP 포트라도 접속을 허용해야 합니다. 우리의 리눅스 엣지 서버에서는 "임의의 포트 번호에 인바운드 연결을 허용"은 불가능합니다. 이것은 리눅스만의 제한은 아닙니다: 이것은 대부분 운영 체제의 네트워크 어플리케이션의 기반인 BSD 소켓 API의 특성입니다. 내부적으로 Spectrum을 완성하기 위해서 풀어야 하는 서로 겹치는 문제가 둘 있었습니다:

  • 1에서 65535 사이의 모든 포트 번호에 TCP 연결을 어떻게 받아들일 것인가
  • 매우 많은 수의 IP 주소로 오는 연결을 받아들이도록 단일 리눅스 서버를 어떻게 설정할 것인가 (우리는 애니캐스트 대역에 수많은 IP주소를 갖고 있습니다)

서버에 수백만의 IP를 할당

Cloudflare의 엣지 서버는 거의 동일한 구성을 갖고 있습니다. 초창기에는 루프백 네트워크 인터페이스에 특정한 /32 (그리고 /128) IP 주소를 할당하였습니다[1]. 이것은 수십개의 IP주소만 갖고 있었을 때에는 잘 동작 하였지만 더 성장함에 따라 확대 적용하는 것에는 실패하였습니다.

그때 "AnyIP" 트릭이 등장하였습니다. AnyIP는 단일 주소가 아니라 전체 IP 프리픽스 (서브넷)을 루프백 인터페이스에 할당하도록 해 줍니다. 사실 AnyIP를 많이 사용하고 있습니다: 여러분 컴퓨터에는 루브백 인터페이스에 Continue reading

IDG Contributor Network: To 400G and beyond: the arrival of adaptive networks and the next technology boom

We live in a world in which we’re regularly streaming Netflix in 4K, using the power of the phones in our pockets to augment our realities with virtual gaming, and even watching basketball from a virtual courtside seat. Our networks have evolved to cater for these technologies, and each evolutionary step has brought with it a technological boom enabled by greater capacity, speed, automation, intelligence and programmability.The next step has arrived and it’s just in time, because when you thought we were finally content with, well, content, new technologies have emerged that push beyond what we ever thought possible.At the 2018 Consumer Electronics Show (CES), Intel Studios unveiled what it’s calling Volumetric Video – and it’s nothing short of stunning. Volumetric Video uses multiple cameras to shoot a 360-degree field of view, but it differs from standard 360-degree or VR video in that it captures footage “from the outside in”. To picture how it works, visualize the action scenes from The Matrix, in which the cameras pan around a frozen-in-mid-air Keanu Reeves. But now imagine being a viewer with the ability to zoom in on any part of that scene or look at any part of the Continue reading

IDG Contributor Network: To 400G and beyond: the arrival of adaptive networks and the next technology boom

We live in a world in which we’re regularly streaming Netflix in 4K, using the power of the phones in our pockets to augment our realities with virtual gaming, and even watching basketball from a virtual courtside seat. Our networks have evolved to cater for these technologies, and each evolutionary step has brought with it a technological boom enabled by greater capacity, speed, automation, intelligence and programmability.The next step has arrived and it’s just in time, because when you thought we were finally content with, well, content, new technologies have emerged that push beyond what we ever thought possible.At the 2018 Consumer Electronics Show (CES), Intel Studios unveiled what it’s calling Volumetric Video – and it’s nothing short of stunning. Volumetric Video uses multiple cameras to shoot a 360-degree field of view, but it differs from standard 360-degree or VR video in that it captures footage “from the outside in”. To picture how it works, visualize the action scenes from The Matrix, in which the cameras pan around a frozen-in-mid-air Keanu Reeves. But now imagine being a viewer with the ability to zoom in on any part of that scene or look at any part of the Continue reading

Encoding data in dubstep drops

Encoding data in dubstep drops

[Warning: Those who can’t stand EDM/dubstep, oh boy do I have bad news for you in regards to this blog post]

Dubstep songs are often criticized as sounding extremely computer generated and often just too aggressi

BrandPost: Managed SD-WAN: New offerings must meet customer demand

In 2017, many service providers introduced their initial managed SD-WAN services to meet early market demand. Throughout the year, they thoroughly tested multiple SD-WAN technologies with the intention of selecting a lead platform for the initial service launch. There were many proofs of concept and beta tests prior to building the services wrap around those initial platforms. Providers developed their own trial programs and started to introduce services to their customers while completing all the necessary support to develop the platform as a fully managed service. Early offers generally included a handful of customers and, at times, restricted the service provider’s own network services.To read this article in full, please click here

Piloting “White Space” to connect the underserved of rural Tanzania

Beyond the Net Journal

As economies develop in Tanzania, rural residents have growing needs for communication and broadband access. However, mobile operators are reluctant to invest in remote areas due to the elevated infrastructure cost and the high percentage of people that can’t afford the payment of the services.

The Internet Society Tanzania Chapter, supported by Beyond the Net Funding Programme in partnership with The University of Dodoma will target the remote areas of Dodoma Region, where conventional deployments are not available. Together, they will build a pilot project using TV White Space equipment as a community network solution.

White Space Internet is not widely adopted so far, but has the potential to transform the way we use wireless Internet. Being a free form of broadband, it is as a good alternative to provide underserved communities with Internet access that is similar to that of 4G mobile. White Space power stations can be charged with solar panels and broadband can travel up to 10 kilometers through vegetation, buildings and other obstacles.

“It’s amazing how life has changed in Tanzania thanks to the Internet”, explains Jabhera Matogoro, project manager and coordinator of Microsoft Innovation Center at the University of Continue reading

1 1,649 1,650 1,651 1,652 1,653 3,841