Automatic Signed Exchanges may dramatically boost your site visitor numbers

Automatic Signed Exchanges may dramatically boost your site visitor numbers
Automatic Signed Exchanges may dramatically boost your site visitor numbers

It’s been about nine months since Cloudflare announced support for Signed Exchanges (SXG), a web platform specification to deterministically verify the cached version of a website and enable third parties such as search engines and news aggregators to serve it much faster than the origin ever could.

Giving Internet users fast load times, even on slow connections in remote parts of the globe, is to help build a better Internet (our mission!) and we couldn’t be more excited about the potential of SXG.
Signed Exchanges drive quite impressive benefits in terms of performance improvements. Google’s experiments have shown an average 300ms to 400ms reduction in Largest Contentful Paint (LCP) from SXG-enabled prefetches.  And speeding up your website usually results in a significant bounce rate reduction and improved SEO.

faster websites= better SEO and lower bounce rates

And if setting up and maintaining SXGs through the open source toolkit is a complex yet very valuable endeavor, with Cloudflare’s Automatic Signed Exchanges it becomes a no-brainer. Just enable it with one click and see for yourself.

Automatic Signed Exchanges may dramatically boost your site visitor numbers

Our own measurements

Now that Signed Exchanges have been available on Chromium for Android for several months we dove into the change in performance Continue reading

What is eBPF? How is it used?

This will be a Series of Posts on eBPF extensively covering XDP and its usage.

https://ebpf.io

New technology, implemented in Linux, extends kernel functionalities without having to modify the kernel, Safe to execute with a verification engine, JIT compiler and LLVM (Virtual Environment) basically a safe and secure tiny VM.

Medium – https://raaki-88.medium.com/what-is-ebpf-how-is-it-used-f897e8fb0934

Some Background

As my career is mainly in Network Engineering, when some talks about Network performance my initial thoughts jump to increase network throughput, Port-Density, High speed and secure interconnect, I recently came across Systems Performance by Brendan Gregg. I have to say I have never ever imagined that the role is sought out, I went through the book (https://www.amazon.co.uk/Systems-Performance-Enterprise-Brendan-Gregg/dp/0133390098) and I was indeed mind blown by the granularity that one can look into an individual system.

I definitely would recommend anyone in Networking/Cloud/Systems Engineering to go through this book if you haven’t t already, it exposes a whole new level of Linux Kernel and E-BPF and Performance methodologies (Chapter 2) which I instantly fell in love with.

What Inspired me?

When I first saw the book I was under the initial impression that this was meant for Linux system Continue reading

Using the eval command in Linux to run variables as commands

There are probably a lot of Linux users who have never encountered the eval command. In fact, it’s not really a "command", but a bash built-in that’s meant to process the value of a variable as a command. For example, if you set up a variable that includes the command to display the current time in Sydney, Australia, it would probably look like this:$ dt="TZ='Australia/Sydney' date"You could then run it like this:$ eval $dtThu Jul  7 06:32:14 AM AEST 2022Doing that can save you the trouble of memorizing the date command syntax and specifying a time zone, but let’s look a little more closely at eval to see what else it can do for you.To read this article in full, please click here

Using the eval command in Linux to run variables as commands

There are probably a lot of Linux users who have never encountered the eval command. In fact, it’s not really a "command", but a bash built-in that’s meant to process the value of a variable as a command. For example, if you set up a variable that includes the command to display the current time in Sydney, Australia, it would probably look like this:$ dt="TZ='Australia/Sydney' date"You could then run it like this:$ eval $dtThu Jul  7 06:32:14 AM AEST 2022Doing that can save you the trouble of memorizing the date command syntax and specifying a time zone, but let’s look a little more closely at eval to see what else it can do for you.To read this article in full, please click here

What is Wi-Fi 7, and will it replace wired Ethernet?

New Wi-Fi standards appear in such rapid succession that it’s often difficult to evaluate the differences between Wi-Fi 5, Wi-Fi 6, and Wi-Fi 6E—all of which are standards adopted in commercial products. And now there’s Wi-Fi 7.Chinese networking-equipment vendor H3C has released what it says is a Wi-Fi 7 router even though the Wi-Fi 7 standard isn’t expected to be finalized until 2024.What is Wi-Fi 7? Wi-Fi 7 or 802.11be is the next Wi-Fi standard being worked on by the Institute of Electrical and Electronics Engineers that promises speeds of a whopping 46Gbps, nearly five times faster than Wi-Fi 6, as well as reduced latency. Wi-Fi 7 (also known as Extremely High Throughput) is expected to deliver higher spectrum efficiency, higher power efficiency, better interference mitigation, higher capacity density, and higher cost efficiency. To read this article in full, please click here

What is Liposomal Curcumin (and How Can It Help You Live a Better Life?)

Liposomal curcumin is a powerful anti-inflammatory that has been shown to be effective in a wide range of inflammatory diseases. It is also a potent antioxidant and has been shown to protect cells from damage caused by oxidative stress.

Liposomal curcumin is thought to be more effective than regular curcumin because it is better absorbed by the body. One study showed that liposomal curcumin was absorbed into the bloodstream four times better than regular curcumin.

Liposomal curcumin has been shown to be effective in treating inflammatory diseases such as arthritis, Crohn’s disease, and ulcerative colitis. It is also thought to be helpful in managing symptoms of Alzheimer’s disease and other forms of dementia.

How does it work?

Liposomal curcumin works by inhibiting the production of inflammatory molecules called cytokines. It is also a powerful antioxidant and protects cells from damage caused by oxidative stress.

Benefits of Liposomal Curcumin

There are many potential benefits of liposomal curcumin. Some of the most well-studied benefits include:

Reduced inflammation

Liposomal curcumin has been shown to reduce inflammation in a wide range of inflammatory diseases, including arthritis, Crohn’s disease, and ulcerative colitis. It is thought to work by inhibiting the production of inflammatory molecules called Continue reading

Announcing support for WASI on Cloudflare Workers

Announcing support for WASI on Cloudflare Workers
Announcing support for WASI on Cloudflare Workers

Today, we are announcing experimental support for WASI (the WebAssembly System Interface) on Cloudflare Workers and support within wrangler2 to make it a joy to work with. We continue to be incredibly excited about the entire WebAssembly ecosystem and are eager to adopt the standards as they are developed.

A Quick Primer on WebAssembly

So what is WASI anyway? To understand WASI, and why we’re excited about it, it’s worth a quick recap of WebAssembly, and the ecosystem around it.

WebAssembly promised us a future in which code written in compiled languages could be compiled to a common binary format and run in a secure sandbox, at near native speeds. While WebAssembly was designed with the browser in mind, the model rapidly extended to server-side platforms such as Cloudflare Workers (which has supported WebAssembly since 2017).

WebAssembly was originally designed to run alongside Javascript, and requires developers to interface directly with Javascript in order to access the world outside the sandbox. To put it another way, WebAssembly does not provide any standard interface for I/O tasks such as interacting with files, accessing the network, or reading the system clock. This means if you want to respond to an event from Continue reading

With Cloud HPC Toolkit, Google Pursues HPC, Intel Pushes OneAPI

The people running Google Cloud can see the tides of HPC changing and know that, as we discussed only a few months ago, there is a fairly good chance that more HPC workloads will move to cloud builders over time as their sheer scale increasingly dictates future chip and system designs and the economics of processing.

With Cloud HPC Toolkit, Google Pursues HPC, Intel Pushes OneAPI was written by Dylan Martin at The Next Platform.

New WAF intelligence feeds

New WAF intelligence feeds
New WAF intelligence feeds

Cloudflare is expanding our WAF’s threat intelligence capabilities by adding four new managed IP lists that can be used as part of any custom firewall rule.

Managed lists are created and maintained by Cloudflare and are built based on threat intelligence feeds collected by analyzing patterns and trends observed across the Internet. Enterprise customers can already use the Open SOCKS Proxy list (launched in March 2021) and today we are adding four new IP lists: “VPNs”, “Botnets, Command and Control Servers”, “Malware” and “Anonymizers”.

New WAF intelligence feeds
You can check what rules are available in your plan by navigating to Manage Account → Configuration → Lists.

Customers can reference these lists when creating a custom firewall rule or in Advanced Rate Limiting. For example, you can choose to block all traffic generated by IPs we categorize as VPNs, or rate limit traffic generated by all Anonymizers. You can simply incorporate managed IP lists in the powerful firewall rule builder. Of course, you can also use your own custom IP list.

New WAF intelligence feeds
Managed IP Lists can be used in WAF rules to manage incoming traffic from these IPs.

Where do these feeds come from?

These lists are based on Cloudflare-generated threat feeds which Continue reading

World’s first Wi-Fi 7 router hits the market

Chinese networking equipment vendor H3C has released what it says is the first Wi-Fi 7 router on the market, well in advance of the standard becoming final, which isn't expected to happen before 2024.The H3C Magic BE18000, announced in June, uses the same 802.11be wireless protocols that are being designed for use as Wi-Fi 7. H3C said that the BE18000 can operate in the 6GHz band and offers a peak throughput of 18,443Mbps, using the newly widened 320MHz channels designed for use with Wi-Fi 7. The router is designed around the latest chipset from Qualcomm, the first designed for Wi-Fi 7, which was released in May.To read this article in full, please click here

There’s a Nasty Security Hole in the Apache Webserver

Here a security hole, there a security hole, everywhere a security hole. One of the latest is an obnoxious one labeled Apache HTTP Server‘s CVE-2022-23943, an Apache memory corruption vulnerability in mod_sed, was uncovered. This one was an out-of-bounds Write vulnerability that enabled attackers to overwrite heap memory. When you say, “overwrite heap memory,” you know it’s bad news. This impacted the Apache HTTP Server 2.4 version 2.4.52 and earlier versions. New Problems It was quickly fixed. But, JFrog Security Research team’s Security Research Tech Lead, worried that while the

Community Spotlight series: Calico Open Source user insights from Cloud Native Technologist, Jintao Zhang

In this issue of the Calico Community Spotlight series, I’ve asked Jintao Zhang from API7.ai to share his experience with Kubernetes and Calico Open Source. API7.ai is an open-source infrastructure software company that helps businesses manage and visualize business-critical traffic, such as APIs and microservices to accelerate business decisions through data. They have built API7 Cloud—an any-cloud, multi-location SaaS ​platform for deploying, controlling, visualizing, and monitoring APIs at scale. It allows users to manage and run their APIs anywhere in one place and increase runtime effortlessly, without worrying about the control plane. Let’s take a look at how Jintao started his Kubernetes journey, and the insights he gained from Calico Open Source.

Q: Please tell us a little bit about yourself, including where you currently work and what you do there.

I am currently working for API7.ai and my title is Cloud Native Technologist. I am mainly responsible for the Apache APISIX Ingress controller project and the service mesh project based on Apache APISIX.

Q: What orchestrator(s) have you been using?

Kubernetes.

Q: What cloud infrastructure(s) has been a part of your projects?

AWS (EKS) and Azure (AKS).

Q: There are many people who are just getting Continue reading

Taking Automation to the Next Level: Using Ansible + GitOps to Manage the Lifecycle of a Containerized Application

taking automation to the next level blog

One of the great advantages of combining GitOps with Ansible is that you get to streamline the automation delivery and the lifecycle of a containerized application.

With the abilities of GitOps we get to:

  • Standardize configurations of our applications.
  • Inherit the benefits of version control of our configurations.
  • Easily track changes of the configuration settings making fixing issues easier.
  • Have one source of truth for our applications.

Combine the above with Ansible and you have everything you need to accomplish configuration consistency for a containerized app anywhere that you automate. 

That leads us to, “how do we combine Ansible and GitOps to manage the lifecycle of a containerized application?”

Simple. By creating an Ansible workflow that is associated with a Git webhook that is part of my application’s repository.

What is a Git webhook you ask?

Git webhooks are defined as a method to deliver notifications to an external web server whenever certain actions occur on a repository.

For example, when a repository is updated, this could trigger an event that could trigger CI builds, deploy an environment, or in our case, modify the configuration of our containerized application. 

A webhook provides the ability to execute specified Continue reading

DDoS attack trends for 2022 Q2

DDoS attack trends for 2022 Q2
DDoS attack trends for 2022 Q2

Welcome to our 2022 Q2 DDoS report. This report includes insights and trends about the DDoS threat landscape — as observed across the global Cloudflare network. An interactive version of this report is also available on Radar.

In Q2, we’ve seen some of the largest attacks the world has ever seen including a 26 million request per second HTTPS DDoS attacks that Cloudflare automatically detected and mitigated. Furthermore, attacks against Ukraine and Russia continue, whilst a new Ransom DDoS attack campaign emerged.

The Highlights

Ukrainian and Russian Internet

  • The war on the ground is accompanied by attacks targeting the spread of information.
  • Broadcast Media companies in the Ukraine were the most targeted in Q2 by DDoS attacks. In fact, all the top five most attacked industries are all in online/Internet media, publishing, and broadcasting.
  • In Russia on the other hand, Online Media drops as the most attacked industry to the third place. Making their way to the top, Banking, Financial Services and Insurance (BFSI) companies in Russia were the most targeted in Q2; almost 45% of all application-layer DDoS attacks targeted the BFSI sector. Cryptocurrency companies in Russia were the second most attacked.

Read more about what Cloudflare is doing Continue reading

1 440 441 442 443 444 3,807