Understanding Where the Internet Isn’t Good Enough Yet

Understanding Where the Internet Isn’t Good Enough Yet
Understanding Where the Internet Isn’t Good Enough Yet

Since March 2020, the Internet has been the trusty sidekick that’s helped us through the pandemic. Or so it seems to those of us lucky enough to have fast, reliable (and often cheap) Internet access.

With a good connection you could keep working (if you were fortunate enough to have a job that could be done online), go to school or university, enjoy online entertainment like streaming movies and TV, games, keep up with the latest news, find out vital healthcare information, schedule a vaccination and stay in contact with loved ones and friends with whom you’d normally be spending time in person.

Without a good connection though, all those things were hard or impossible.

Sadly, access to the Internet is not uniformly distributed. Some have cheap, fast, low latency, reliable connections, others have some combination of expensive, slow, high latency and unreliable connections, still others have no connection at all. Close to 60% of the world have Internet access leaving a huge 40% without it at all.

This inequality of access to the Internet has real-world consequences. Without good access it is so much harder to communicate, to get vital information, to work and to study. Inequality of access Continue reading

Why I joined Cloudflare — and why I’m excited about Project Pangea

Why I joined Cloudflare — and why I’m excited about Project Pangea
Why I joined Cloudflare — and why I’m excited about Project Pangea

If you are well-prepared to take up the challenge, you will get to experience a moment where you are stepping forward to help build a better world. Personally, I felt exactly that when about a month ago, after a long and (COVID) complicated visa process, I joined Cloudflare as a Systems Engineer in Austin, Texas.

In the early 2000s, I experienced while travelling throughout the Benin Republic (my home country) and West Africa more generally, how challenging accessing the Internet was. I recall that, as students, we were often connecting to the web from cybercafés through limited bandwidth purchased at high cost. It was a luxury to have a broadband connection at home. When access was free (say, from high school premises or at university) we still had bandwidth constraints, and often we could not connect for long. The Internet can efficiently help tackle issues encountered (in areas like education, health, communications, ...) by populations in similar regions, but the lack of easy and affordable access, made it difficult to leverage. It is in such a context that I chose to pursue my studies in telecoms, with the hope of being able to somehow give back to the community by Continue reading

Announcing Project Pangea: Helping Underserved Communities Expand Access to the Internet For Free

Announcing Project Pangea: Helping Underserved Communities Expand Access to the Internet For Free
Announcing Project Pangea: Helping Underserved Communities Expand Access to the Internet For Free

Half of the world’s population has no access to the Internet, with many more limited to poor, expensive, and unreliable connectivity. This problem persists despite large levels of public investment, private infrastructure, and effort by local organizers.

Today, Cloudflare is excited to announce Project Pangea: a piece of the puzzle to help solve this problem. We’re launching a program that provides secure, performant, reliable access to the Internet for community networks that support underserved communities, and we’re doing it for free1 because we want to help build an Internet for everyone.

What is Cloudflare doing to help?

Project Pangea is Cloudflare’s project to help bring underserved communities secure connectivity to the Internet through Cloudflare’s global and interconnected network.

Cloudflare is offering our suite of network services — Cloudflare Network Interconnect, Magic Transit, and Magic Firewall — for free to nonprofit community networks, local networks, or other networks primarily focused on providing Internet access to local underserved or developing areas. This service would dramatically reduce the cost for communities to connect to the Internet, with industry leading security and performance functions built-in:

  • Cloudflare Network Interconnect provides access to Cloudflare’s edge in 200+ cities across the globe through Continue reading

Introducing Flarability, Cloudflare’s Accessibility Employee Resource Group

Introducing Flarability, Cloudflare’s Accessibility Employee Resource Group
Introducing Flarability, Cloudflare’s Accessibility Employee Resource Group

Hello, folks! I’m pleased to introduce myself and Cloudflare’s newest Employee Resource Group (ERG), Flarability, to the world. The 31st anniversary of the signing of the Americans with Disabilities Act (ADA), which happens to fall during Cloudflare’s Impact Week, is an ideal time to raise the subject of accessibility at Cloudflare and around the world.

There are multiple accessibility-related projects and programs at Cloudflare, including office space accessibility and website and product accessibility programs, some of which we will highlight in the stories below. I wanted to share my accessibility story and the story of the birth  and growth of our accessibility community with you.

About Flarability

Flarability began with a conversation between a couple of colleagues, almost two years ago. Some of us had noticed some things about the workspace that weren't as inclusive of people with disabilities as they could have been. For example, the open floor plan in our San Francisco office, as well as the positioning of our interview rooms, made it difficult for some to concentrate in the space. To kick off a community discussion, we formed a chat room, spread the word about our existence, and started hosting some meetings for Continue reading

Outage Reporting

With so many enterprises all over the Internet forced to make a choice between just a handful of viable content distribution platforms for their content and services then nobody should be surprised when a single platform's outage has massive service impact. But that's not what's prompted me to write this note. It's Akamai's report of the incident that I found unusual.

Comparing Open Source BGP Stacks

Open source BGP stacks are very important, but I don’t think they get the love they deserve. There’s lots going on in open source BGP stacks and I can’t keep up. So I thought I’d like to quantitatively compare them. This is one, often tiny, aspect of evaluating a BGP...

Welcome to Cloudflare Impact Week

Welcome to Cloudflare Impact Week
Welcome to Cloudflare Impact Week

If I'm completely honest, Cloudflare didn't start out as a mission-driven company. When Lee, Michelle, and I first started thinking about starting a company in 2009 we saw an opportunity as the world was shifting from on-premise hardware and software to services in the cloud. It seemed inevitable to us that the same shift would come to security, performance, and reliability services. And, getting ahead of that trend, we could build a great business.

Welcome to Cloudflare Impact Week
Matthew Prince, Michelle Zatlyn, and Lee Holloway, Cloudflare’s cofounders, in 2009.

One problem we had was that we knew in order to have a great business we needed to win large organizations with big IT budgets as customers. And, in order to do that, we needed to have the data to build a service that would keep them safe. But we only could get data on security threats once we had customers. So we had a chicken and egg problem.

Our solution was to provide a basic version of Cloudflare's services for free. We reasoned that individual developers and small businesses would sign up for the free service. We'd learn a lot about security threats and performance and reliability opportunities based on their traffic data. And, Continue reading

Cloudflare’s Handling of an RCE Vulnerability in cdnjs

Cloudflare's Handling of an RCE Vulnerability in cdnjs
Cloudflare's Handling of an RCE Vulnerability in cdnjs

cdnjs provides JavaScript, CSS, images, and fonts assets for websites to reference with more than 4,000 libraries available. By utilizing cdnjs, websites can load faster with less strain on one’s own origin server as files are served directly from Cloudflare’s edge. Recently, a blog post detailed a vulnerability in the way cdnjs’ backend automatically keeps the libraries up to date.

This vulnerability allowed the researcher to execute arbitrary code, granting the ability to modify assets. This blog post details how Cloudflare responded to this report, including the steps we took to block exploitation, investigate potential abuse, and remediate the vulnerability.

This vulnerability is not related to Cloudflare CDN. The cdnjs project is a platform that leverages Cloudflare’s services, but the vulnerability described below relates to cdnjs’ platform only. To be clear, no existing libraries were modified using this exploit. The researcher published a new package which demonstrated the vulnerability and our investigation concluded that the integrity of all assets hosted on cdnjs remained intact.

Disclosure Timeline

As outlined in RyotaK’s blog post, the incident began on 2021-04-06. At around 1100 GMT, RyotaK published a package to npm exploiting the vulnerability. At 1129 GMT, cdnjs processed this package, resulting in Continue reading

High-availability connectivity for Kubernetes with dual ToR

Many platform operators in large enterprises who run Kubernetes on-premises want to leverage Border Gateway Protocol (BGP) to peer with other infrastructure. Calico Enterprise uses BGP to establish connectivity between workloads without an overlay, peer with infrastructure inside and outside of the cluster, and integrate with top-of-rack (ToR) switches to provide that connectivity.

Calico ToR connectivity has existed for some time now. However, for customers with high-availability requirements, a new high availability Kubernetes capability in Calico Enterprise now supports connectivity with dual ToR switches. From an operational standpoint, a cluster that is peered to two ToR switches will still have an active link, even if one switch becomes unavailable, thus ensuring the cluster always has a network connection. Because of the two ToR switches per rack, the whole setup is often referred to as “dual ToR.”

Dual ToR peering provides a redundant path for customers with cluster applications that cannot tolerate service downtime or failure, and require a high-availability solution. Kubernetes cannot do this on its own.

More specifically, Calico:

  • Enables cluster operators to connect with, and take advantage of, dual ToR switches
  • Provides two active, independent planes of connectivity between cluster nodes when a dual plane cluster is Continue reading

Weekend Reads 072321


The next tech talent wars may be less about the free stuff, and more about the freedom to work from anywhere in the world. Those famously expensive Silicon Valley campuses that double as adult playgrounds, with their nap pods and herb gardens and bike-shares, are competing with a newfound love for the home office.


There are some features in any architecture that are essential, foundational, and non-negotiable. Right up to the moment that some clever architect shows us that this is not so.


Looking at the Resource Public Key Infrastructure (RPKI) landscape today, it is vastly different from two to three years ago. At the time, resource holders around the world had created a considerable amount of Route Origin Authorization (ROAs), but actually using RPKI data to perform Route Origin Validation (ROV) was only done by a handful of networks


A newly discovered breed of cyber assault is threatening corporate networks. Dubbed “FragAttacks” (Fragmentation and Aggregation Attacks) by Mathy Vanhoef, the researcher who discovered them, these security breaches are a subcategory of digital airborne attacks performed over Wi-Fi networks.


While there’s enormous promise in AI-powered tools and machine learning, they are very much a double-edged sword. Cybercriminals and other threat Continue reading

Microservices workflow orchestration

A recurring pattern in software architecture is the need to trigger a process or workflow that is implemented across multiple microservices and then report to the user the results when the process completes.

In a previous project, I faced this issue when building a SaaS application in the Intelligent Document Processing (IDP) space. The application was supposed to take a collection of scanned pages, split it in documents, and for each document perform several document understanding tasks. There is a mix of per-page-bundle, per-page and per-document processing steps.

Given the desire to develop each step independently and be able to scale the processing independently (e.g. page OCR consumes more resources than other tasks) I designed a system around a message bus (RabbitMQ) and individual workers that pull requests from message queues.

Unfortunately there aren’t a whole lot of easy to use solutions available for this type of design. Googling for “rabbitmq workflow orchestration” the most helpful link I get is for an article that recommends the use of BPMN for this type of design. That is rather centered in the Java ecosystem. For my use case I needed something that worked well in python and would be preferably language Continue reading

Microservices workflow orchestration

A recurring pattern in software architecture is the need to trigger a process or workflow that is implemented across multiple microservices and then report to the user the results when the process completes.

In a previous project, I faced this issue when building a SaaS application in the Intelligent Document Processing (IDP) space. The application was supposed to take a collection of scanned pages, split it in documents, and for each document perform several document understanding tasks. There is a mix of per-page-bundle, per-page and per-document processing steps.

Given the desire to develop each step independently and be able to scale the processing independently (e.g. page OCR consumes more resources than other tasks) I designed a system around a message bus (RabbitMQ) and individual workers that pull requests from message queues.

Unfortunately there aren’t a whole lot of easy to use solutions available for this type of design. Googling for “rabbitmq workflow orchestration” the most helpful link I get is for an article that recommends the use of BPMN for this type of design. That is rather centered in the Java ecosystem. For my use case I needed something that worked well in python and would be preferably language Continue reading

New Virtual Event Platforms Other than Zoom

Whether you’ve got an online class, a business meeting, or just a virtual hangout with some friends, it seems that we are using more and more virtual event platforms by the hour. This begs the question, what other new virtual event platforms are there other than zoom that could possibly cater to your user needs in a better way? Let’s get into it, shall we?

BigMaker 

Another prominent and useful virtual event platform, BigMaker is a browser-based virtual event platform that has an easy user interface with successful integrations and great features. It is used by brands, such as Panasonic, Google, and more. BigMaker provides its users with the standard features, such as session recording, surveys, polls, and screen sharing. Apart from that, you can also stream your event on YouTube or even Facebook, add company colors and logos to the virtual event, and it even comes with an in-built function for marketing that allows you to reach out to new leads regarding your upcoming virtual event. It has several other notable features that are: 

  • Audience Handouts
  • Landing Pages
  • Microsites

Price: BigMaker can cost you around $79 – $299+ on a monthly basis according to your needs.

Hopin 

Another great Continue reading

Heavy Networking 590: What It Takes To Build An ISP In 2021

There's a huge amount that goes into building an ISP, from getting access to poles to run fiber, operating a cable plant, setting up customer support and billing, getting network gear in place---not to mention developing a viable business model and funding the whole thing. On today's Heavy Networking podcast we talk with Jim Troutman of Tilson Technology Management about building a local ISP in New England.

Heavy Networking 590: What It Takes To Build An ISP In 2021

There's a huge amount that goes into building an ISP, from getting access to poles to run fiber, operating a cable plant, setting up customer support and billing, getting network gear in place---not to mention developing a viable business model and funding the whole thing. On today's Heavy Networking podcast we talk with Jim Troutman of Tilson Technology Management about building a local ISP in New England.

The post Heavy Networking 590: What It Takes To Build An ISP In 2021 appeared first on Packet Pushers.

AWS’s Egregious Egress

AWS’s Egregious Egress
AWS’s Egregious Egress

When web hosting services first emerged in the mid-1990s, you paid for everything on a separate meter: bandwidth, storage, CPU, and memory. Over time, customers grew to hate the nickel-and-dime nature of these fees. The market evolved to a fixed-fee model. Then came Amazon Web Services.

AWS was a huge step forward in terms of flexibility and scalability, but a massive step backward in terms of pricing. Nowhere is that more apparent than with their data transfer (bandwidth) pricing. If you look at the (ironically named) AWS Simple Monthly Calculator you can calculate the price they charge for bandwidth for their typical customer. The price varies by region, which shouldn't surprise you because the cost of transit is dramatically different in different parts of the world.

Charging for Stocks, Paying for Flows

AWS charges customers based on the amount of data delivered — 1 terabyte (TB) per month, for example. To visualize that, imagine data is water. AWS fills a bucket full of water and then charges you based on how much water is in the bucket. This is known as charging based on “stocks.”

On the other hand, AWS pays for bandwidth based on the capacity of their Continue reading

Empowering customers with the Bandwidth Alliance

Empowering customers with the Bandwidth Alliance

High Egress Fees

Empowering customers with the Bandwidth Alliance

Debates over the benefits and drawbacks of walled gardens versus open ecosystems have carried on since the beginnings of the tech industry. As applied to the Internet, we don’t think there’s much to debate. There’s a reason why it’s easier today than ever before to start a company online: open standards. They’ve encouraged a flourishing of technical innovation, made the Internet faster and safer, and easier and less expensive for anyone to have an Internet presence.

Of course, not everyone likes competition. Breaking open standards — with proprietary ones — is a common way to stop competition. In the cloud industry, a more subtle way to gain power over customers and lock them in has emerged. Something that isn’t obvious at the start: high egress fees.

You probably won’t notice them when you embark on your cloud journey. And if you need to bring data into your environment, there’s no data charge. But say you want to get that data out? Or go multi-cloud, and work with another cloud provider who is best-in-class? That’s when the charges start rolling in.

To make matters worse, as the number and diversity of applications in your IT stack increases, the Continue reading

IBM builds ransomware protection into on-prem storage

With ransomware attacks growing in frequency and little being done to stop them, IBM is well-timed with its anti-ransomware Safeguarded Copy for its FlashSystems and on-premises storage-as-a-serivce offerings.Safeguarded Copy is part of the IBM FlashSystem family of all-flash storage arrays, and it automatically creates immutable snapshots of date and stores them securely—meaning they cannot be accessed or altered by unauthorized users, the company says. Read about backup and recovery: Backup vs. archive: Why it’s important to know the difference How to pick an off-site data-backup method Tape vs. disk storage: Why isn’t tape dead yet? The correct levels of backup save time, bandwidth, space Safeguarded Copy is based on technology from IBM’s DS8000 mainframe storage array, which does the same thing as described above: it creates immutable copies  of data that can be used to restore damaged original data volumes or build new and uncorrupted volumes.To read this article in full, please click here

1 703 704 705 706 707 3,852