Merry Christmas And Happy New 2026 Year

Dear friends,

Thank you so much for reading our blog, for all your questions and interesting discussions. You are amazing audience, thanks for being with us.

It is absolute pleasure to wish each and every of you Merry Christmas! Let the coming year be successful, healthy and prosperous for you and your beloved ones. And for now, have a wonderful Christmas time.

Yours sincerely,

Team Karneliuk

How Workers powers our internal maintenance scheduling pipeline

Cloudflare has data centers in over 330 cities globally, so you might think we could easily disrupt a few at any time without users noticing when we plan data center operations. However, the reality is that disruptive maintenance requires careful planning, and as Cloudflare grew, managing these complexities through manual coordination between our infrastructure and network operations specialists became nearly impossible.

It is no longer feasible for a human to track every overlapping maintenance request or account for every customer-specific routing rule in real time. We reached a point where manual oversight alone couldn't guarantee that a routine hardware update in one part of the world wouldn't inadvertently conflict with a critical path in another.

We realized we needed a centralized, automated "brain" to act as a safeguard — a system that could see the entire state of our network at once. By building this scheduler on Cloudflare Workers, we created a way to programmatically enforce safety constraints, ensuring that no matter how fast we move, we never sacrifice the reliability of the services on which our customers depend.

In this blog post, we’ll explain how we built it, and share the results we’re seeing now.

Building a Continue reading

Yayoi Kusama: Seniman Polkadot yang Mengubah Dunia Seni Modern

Perjalanan Hidup Awal yang Penuh Imajinasi

Kisah hidup Yayoi Kusama selalu menarik perhatian banyak pencinta seni. Ia lahir di Matsumoto, Jepang, dan tumbuh dalam lingkungan yang penuh tekanan keluarga. Meski demikian, ia justru menemukan pelarian melalui seni. Imajinasi visualnya berkembang sejak kecil. Ia sering melihat pola berulang yang memenuhi ruang di sekitarnya. Fenomena itu kemudian membentuk identitas artistiknya di masa depan.

Selain itu, Kusama mulai menggambar polkadot sejak usia belia. Pola tersebut muncul dari pengalaman visual yang terus menyertainya. Walau hidupnya tak mudah, Kusama berhasil mengubah kesulitan itu menjadi kekuatan kreatif. Gaya avant-garde miliknya terbentuk dari keberaniannya menolak batas. Karena itu, banyak kritikus menilai konsistensi gagasannya berbeda dibanding seniman lain pada zamannya.

Namun perjalanan menuju panggung dunia tidak terjadi secara instan. Kusama harus menghadapi banyak penolakan. Tetapi tekadnya kuat. Ia terus berkarya dan mencari tempat yang bisa menerima suaranya. Sikap tersebut kemudian menjadi pondasi kesuksesannya.

Era New York dan Lahirnya Seni Eksperimental

Pada tahun 1950-an, Yayoi Kusama mengambil keputusan besar. Ia pindah ke New York untuk mengejar mimpi besar di dunia seni internasional. Kota Continue reading

Worth Reading 121925


In my earlier article on Technitium and Wazuh, I described DNS as both a behavioral signal and an enforcement point. DNS queries appear early in the attack chain, often long before C2 traffic stabilizes.


Cloudflare’s network suffered a brief but widespread outage Friday, after an update to its Web Application Firewall to mitigate a vulnerability in React Server Components went wrong.


You’d think that by now, networks were well enough understood that people would stop making assumptions that we have known, almost since the dawn of networking, to be untrue. Yet as users, developers, and network administrators, we still seem curiously unable to let go of long-held beliefs.


As well as the Mac clones, there were PC-style PowerPC machines – and a version of classic MacOS for them has just been rediscovered, enabling previously unimagined combinations.


Have you ever experienced that moment of panic when you can’t recall a familiar phone number or navigate without a map app? This growing reliance on external memory—known as the “Google Effect”—is a real-world example of how we’ve outsourced core cognitive functions to our devices.

Code Orange: Fail Small — our resilience plan following recent incidents

On November 18, 2025, Cloudflare’s network experienced significant failures to deliver network traffic for approximately two hours and ten minutes. Nearly three weeks later, on December 5, 2025, our network again failed to serve traffic for 28% of applications behind our network for about 25 minutes.

We published detailed post-mortem blog posts following both incidents, but we know that we have more to do to earn back your trust. Today we are sharing details about the work underway at Cloudflare to prevent outages like these from happening again.

We are calling the plan “Code Orange: Fail Small”, which reflects our goal of making our network more resilient to errors or mistakes that could lead to a major outage. A “Code Orange” means the work on this project is prioritized above all else. For context, we declared a “Code Orange” at Cloudflare once before, following another major incident that required top priority from everyone across the company. We feel the recent events require the same focus.  Code Orange is our way to enable that to happen, allowing teams to work cross-functionally as necessary to get the job done while pausing any other work.

The Code Continue reading

Innovating to address streaming abuse — and our latest transparency report

Cloudflare's latest transparency report — covering the first half of 2025 — is now live. As part of our commitment to transparency, Cloudflare publishes such reports twice a year, describing how we handle legal requests for customer information and reports of abuse of our services. Although we’ve been publishing these reports for over 10 years, we’ve continued to adapt our transparency reporting and our commitments to reflect Cloudflare’s growth and changes as a company. Most recently, we made changes to the format of our reports to make them even more comprehensive and understandable.

In general, we try to provide updates on our approach or the requests that we receive in the transparency report itself. To that end, we have some notable updates for the first half of 2025. But our transparency report can only go so far in explaining the numbers. 

In this blog post, we’ll do a deeper dive on one topic: Cloudflare’s approach to streaming and claims of copyright violations. Given increased access to AI tools and other systems for abuse, bad actors have become increasingly sophisticated in the way they attempt to abuse systems to stream copyrighted content, often incorporating steps to hide their behavior. We’ve Continue reading

Happy Holidays and All the Best in 2026!

They say time goes faster as you get older, and it seems to be true. Another year has (almost) gone by.

Try to disconnect from the crazy pace of the networking world, forget the “vibe coding with AI will make engineers obsolete” stupidities (hint: Fifth Generation Languages and Natural Language Programming were all the rage in the 1980s and 1990s), and focus on your loved ones. I would also like to wish you all the best in 2026!

In the meantime, I’m working on weaning netlab off of a particular automation tool (you can always track the progress on GitHub). Expect the first results in the January netlab release.

How Istio Ambient Mode Delivers Real World Solutions

For years, platform teams have known what a service mesh can provide: strong workload identity, authorization, mutual TLS authentication and encryption, fine-grained traffic control, and deep observability across distributed systems. In theory, Istio checked all the boxes. In practice though, many teams hit a wall.

Across industries like financial services, media, retail, and SaaS, organizations told a similar story. They wanted mTLS between services to meet regulatory or security requirements. They needed safer deployment capabilities like canary rollouts and traffic splitting. They wanted visibility that went beyond IP addresses.

However, traditional sidecar based meshes came with real costs:

  • High operational complexity
  • Thousands of sidecars to manage
  • Fragile upgrade paths
  • Hard to debug failure modes

In several cases, teams started down the Istio service mesh path, only to pause or roll back entirely because the ongoing operational complexity was too high. The value of a service mesh was clear, but the service mesh architecture based on sidecars was not sustainable for many production environments.

The Reality Platform Teams Have Been Living With

In many cases, organizations evaluated service meshes with clear goals in mind. They wanted mTLS between services, better control over traffic during deployments, and observability that could keep up. Continue reading

IPB190: IPv6 in Kubernetes Deployments

Kubernetes is a popular container orchestration platform. Today’s IPv6 Buzz episode explores the benefits of using IPv6 in Kubernetes, and how Kubernetes uses IP addresses in both the control plane and data plane.We also address why the adoption rate is estimated to be so low, from default configurations to issues with non-IPv6-aware applications inside containers.... Read more »
1 21 22 23 24 25 3,856