Announcing Project Pangea: Helping Underserved Communities Expand Access to the Internet For Free

Announcing Project Pangea: Helping Underserved Communities Expand Access to the Internet For Free
Announcing Project Pangea: Helping Underserved Communities Expand Access to the Internet For Free

Half of the world’s population has no access to the Internet, with many more limited to poor, expensive, and unreliable connectivity. This problem persists despite large levels of public investment, private infrastructure, and effort by local organizers.

Today, Cloudflare is excited to announce Project Pangea: a piece of the puzzle to help solve this problem. We’re launching a program that provides secure, performant, reliable access to the Internet for community networks that support underserved communities, and we’re doing it for free1 because we want to help build an Internet for everyone.

What is Cloudflare doing to help?

Project Pangea is Cloudflare’s project to help bring underserved communities secure connectivity to the Internet through Cloudflare’s global and interconnected network.

Cloudflare is offering our suite of network services — Cloudflare Network Interconnect, Magic Transit, and Magic Firewall — for free to nonprofit community networks, local networks, or other networks primarily focused on providing Internet access to local underserved or developing areas. This service would dramatically reduce the cost for communities to connect to the Internet, with industry leading security and performance functions built-in:

  • Cloudflare Network Interconnect provides access to Cloudflare’s edge in 200+ cities across the globe through Continue reading

Introducing Flarability, Cloudflare’s Accessibility Employee Resource Group

Introducing Flarability, Cloudflare’s Accessibility Employee Resource Group
Introducing Flarability, Cloudflare’s Accessibility Employee Resource Group

Hello, folks! I’m pleased to introduce myself and Cloudflare’s newest Employee Resource Group (ERG), Flarability, to the world. The 31st anniversary of the signing of the Americans with Disabilities Act (ADA), which happens to fall during Cloudflare’s Impact Week, is an ideal time to raise the subject of accessibility at Cloudflare and around the world.

There are multiple accessibility-related projects and programs at Cloudflare, including office space accessibility and website and product accessibility programs, some of which we will highlight in the stories below. I wanted to share my accessibility story and the story of the birth  and growth of our accessibility community with you.

About Flarability

Flarability began with a conversation between a couple of colleagues, almost two years ago. Some of us had noticed some things about the workspace that weren't as inclusive of people with disabilities as they could have been. For example, the open floor plan in our San Francisco office, as well as the positioning of our interview rooms, made it difficult for some to concentrate in the space. To kick off a community discussion, we formed a chat room, spread the word about our existence, and started hosting some meetings for Continue reading

Outage Reporting

With so many enterprises all over the Internet forced to make a choice between just a handful of viable content distribution platforms for their content and services then nobody should be surprised when a single platform's outage has massive service impact. But that's not what's prompted me to write this note. It's Akamai's report of the incident that I found unusual.

Comparing Open Source BGP Stacks

Open source BGP stacks are very important, but I don’t think they get the love they deserve. There’s lots going on in open source BGP stacks and I can’t keep up. So I thought I’d like to quantitatively compare them. This is one, often tiny, aspect of evaluating a BGP...

Welcome to Cloudflare Impact Week

Welcome to Cloudflare Impact Week
Welcome to Cloudflare Impact Week

If I'm completely honest, Cloudflare didn't start out as a mission-driven company. When Lee, Michelle, and I first started thinking about starting a company in 2009 we saw an opportunity as the world was shifting from on-premise hardware and software to services in the cloud. It seemed inevitable to us that the same shift would come to security, performance, and reliability services. And, getting ahead of that trend, we could build a great business.

Welcome to Cloudflare Impact Week
Matthew Prince, Michelle Zatlyn, and Lee Holloway, Cloudflare’s cofounders, in 2009.

One problem we had was that we knew in order to have a great business we needed to win large organizations with big IT budgets as customers. And, in order to do that, we needed to have the data to build a service that would keep them safe. But we only could get data on security threats once we had customers. So we had a chicken and egg problem.

Our solution was to provide a basic version of Cloudflare's services for free. We reasoned that individual developers and small businesses would sign up for the free service. We'd learn a lot about security threats and performance and reliability opportunities based on their traffic data. And, Continue reading

Cloudflare’s Handling of an RCE Vulnerability in cdnjs

Cloudflare's Handling of an RCE Vulnerability in cdnjs
Cloudflare's Handling of an RCE Vulnerability in cdnjs

cdnjs provides JavaScript, CSS, images, and fonts assets for websites to reference with more than 4,000 libraries available. By utilizing cdnjs, websites can load faster with less strain on one’s own origin server as files are served directly from Cloudflare’s edge. Recently, a blog post detailed a vulnerability in the way cdnjs’ backend automatically keeps the libraries up to date.

This vulnerability allowed the researcher to execute arbitrary code, granting the ability to modify assets. This blog post details how Cloudflare responded to this report, including the steps we took to block exploitation, investigate potential abuse, and remediate the vulnerability.

This vulnerability is not related to Cloudflare CDN. The cdnjs project is a platform that leverages Cloudflare’s services, but the vulnerability described below relates to cdnjs’ platform only. To be clear, no existing libraries were modified using this exploit. The researcher published a new package which demonstrated the vulnerability and our investigation concluded that the integrity of all assets hosted on cdnjs remained intact.

Disclosure Timeline

As outlined in RyotaK’s blog post, the incident began on 2021-04-06. At around 1100 GMT, RyotaK published a package to npm exploiting the vulnerability. At 1129 GMT, cdnjs processed this package, resulting in Continue reading

High-availability connectivity for Kubernetes with dual ToR

Many platform operators in large enterprises who run Kubernetes on-premises want to leverage Border Gateway Protocol (BGP) to peer with other infrastructure. Calico Enterprise uses BGP to establish connectivity between workloads without an overlay, peer with infrastructure inside and outside of the cluster, and integrate with top-of-rack (ToR) switches to provide that connectivity.

Calico ToR connectivity has existed for some time now. However, for customers with high-availability requirements, a new high availability Kubernetes capability in Calico Enterprise now supports connectivity with dual ToR switches. From an operational standpoint, a cluster that is peered to two ToR switches will still have an active link, even if one switch becomes unavailable, thus ensuring the cluster always has a network connection. Because of the two ToR switches per rack, the whole setup is often referred to as “dual ToR.”

Dual ToR peering provides a redundant path for customers with cluster applications that cannot tolerate service downtime or failure, and require a high-availability solution. Kubernetes cannot do this on its own.

More specifically, Calico:

  • Enables cluster operators to connect with, and take advantage of, dual ToR switches
  • Provides two active, independent planes of connectivity between cluster nodes when a dual plane cluster is Continue reading

Weekend Reads 072321


The next tech talent wars may be less about the free stuff, and more about the freedom to work from anywhere in the world. Those famously expensive Silicon Valley campuses that double as adult playgrounds, with their nap pods and herb gardens and bike-shares, are competing with a newfound love for the home office.


There are some features in any architecture that are essential, foundational, and non-negotiable. Right up to the moment that some clever architect shows us that this is not so.


Looking at the Resource Public Key Infrastructure (RPKI) landscape today, it is vastly different from two to three years ago. At the time, resource holders around the world had created a considerable amount of Route Origin Authorization (ROAs), but actually using RPKI data to perform Route Origin Validation (ROV) was only done by a handful of networks


A newly discovered breed of cyber assault is threatening corporate networks. Dubbed “FragAttacks” (Fragmentation and Aggregation Attacks) by Mathy Vanhoef, the researcher who discovered them, these security breaches are a subcategory of digital airborne attacks performed over Wi-Fi networks.


While there’s enormous promise in AI-powered tools and machine learning, they are very much a double-edged sword. Cybercriminals and other threat Continue reading

Microservices workflow orchestration

A recurring pattern in software architecture is the need to trigger a process or workflow that is implemented across multiple microservices and then report to the user the results when the process completes.

In a previous project, I faced this issue when building a SaaS application in the Intelligent Document Processing (IDP) space. The application was supposed to take a collection of scanned pages, split it in documents, and for each document perform several document understanding tasks. There is a mix of per-page-bundle, per-page and per-document processing steps.

Given the desire to develop each step independently and be able to scale the processing independently (e.g. page OCR consumes more resources than other tasks) I designed a system around a message bus (RabbitMQ) and individual workers that pull requests from message queues.

Unfortunately there aren’t a whole lot of easy to use solutions available for this type of design. Googling for “rabbitmq workflow orchestration” the most helpful link I get is for an article that recommends the use of BPMN for this type of design. That is rather centered in the Java ecosystem. For my use case I needed something that worked well in python and would be preferably language Continue reading

Microservices workflow orchestration

A recurring pattern in software architecture is the need to trigger a process or workflow that is implemented across multiple microservices and then report to the user the results when the process completes.

In a previous project, I faced this issue when building a SaaS application in the Intelligent Document Processing (IDP) space. The application was supposed to take a collection of scanned pages, split it in documents, and for each document perform several document understanding tasks. There is a mix of per-page-bundle, per-page and per-document processing steps.

Given the desire to develop each step independently and be able to scale the processing independently (e.g. page OCR consumes more resources than other tasks) I designed a system around a message bus (RabbitMQ) and individual workers that pull requests from message queues.

Unfortunately there aren’t a whole lot of easy to use solutions available for this type of design. Googling for “rabbitmq workflow orchestration” the most helpful link I get is for an article that recommends the use of BPMN for this type of design. That is rather centered in the Java ecosystem. For my use case I needed something that worked well in python and would be preferably language Continue reading

New Virtual Event Platforms Other than Zoom

Whether you’ve got an online class, a business meeting, or just a virtual hangout with some friends, it seems that we are using more and more virtual event platforms by the hour. This begs the question, what other new virtual event platforms are there other than zoom that could possibly cater to your user needs in a better way? Let’s get into it, shall we?

BigMaker 

Another prominent and useful virtual event platform, BigMaker is a browser-based virtual event platform that has an easy user interface with successful integrations and great features. It is used by brands, such as Panasonic, Google, and more. BigMaker provides its users with the standard features, such as session recording, surveys, polls, and screen sharing. Apart from that, you can also stream your event on YouTube or even Facebook, add company colors and logos to the virtual event, and it even comes with an in-built function for marketing that allows you to reach out to new leads regarding your upcoming virtual event. It has several other notable features that are: 

  • Audience Handouts
  • Landing Pages
  • Microsites

Price: BigMaker can cost you around $79 – $299+ on a monthly basis according to your needs.

Hopin 

Another great Continue reading

Heavy Networking 590: What It Takes To Build An ISP In 2021

There's a huge amount that goes into building an ISP, from getting access to poles to run fiber, operating a cable plant, setting up customer support and billing, getting network gear in place---not to mention developing a viable business model and funding the whole thing. On today's Heavy Networking podcast we talk with Jim Troutman of Tilson Technology Management about building a local ISP in New England.

Heavy Networking 590: What It Takes To Build An ISP In 2021

There's a huge amount that goes into building an ISP, from getting access to poles to run fiber, operating a cable plant, setting up customer support and billing, getting network gear in place---not to mention developing a viable business model and funding the whole thing. On today's Heavy Networking podcast we talk with Jim Troutman of Tilson Technology Management about building a local ISP in New England.

The post Heavy Networking 590: What It Takes To Build An ISP In 2021 appeared first on Packet Pushers.

AWS’s Egregious Egress

AWS’s Egregious Egress
AWS’s Egregious Egress

When web hosting services first emerged in the mid-1990s, you paid for everything on a separate meter: bandwidth, storage, CPU, and memory. Over time, customers grew to hate the nickel-and-dime nature of these fees. The market evolved to a fixed-fee model. Then came Amazon Web Services.

AWS was a huge step forward in terms of flexibility and scalability, but a massive step backward in terms of pricing. Nowhere is that more apparent than with their data transfer (bandwidth) pricing. If you look at the (ironically named) AWS Simple Monthly Calculator you can calculate the price they charge for bandwidth for their typical customer. The price varies by region, which shouldn't surprise you because the cost of transit is dramatically different in different parts of the world.

Charging for Stocks, Paying for Flows

AWS charges customers based on the amount of data delivered — 1 terabyte (TB) per month, for example. To visualize that, imagine data is water. AWS fills a bucket full of water and then charges you based on how much water is in the bucket. This is known as charging based on “stocks.”

On the other hand, AWS pays for bandwidth based on the capacity of their Continue reading

Empowering customers with the Bandwidth Alliance

Empowering customers with the Bandwidth Alliance

High Egress Fees

Empowering customers with the Bandwidth Alliance

Debates over the benefits and drawbacks of walled gardens versus open ecosystems have carried on since the beginnings of the tech industry. As applied to the Internet, we don’t think there’s much to debate. There’s a reason why it’s easier today than ever before to start a company online: open standards. They’ve encouraged a flourishing of technical innovation, made the Internet faster and safer, and easier and less expensive for anyone to have an Internet presence.

Of course, not everyone likes competition. Breaking open standards — with proprietary ones — is a common way to stop competition. In the cloud industry, a more subtle way to gain power over customers and lock them in has emerged. Something that isn’t obvious at the start: high egress fees.

You probably won’t notice them when you embark on your cloud journey. And if you need to bring data into your environment, there’s no data charge. But say you want to get that data out? Or go multi-cloud, and work with another cloud provider who is best-in-class? That’s when the charges start rolling in.

To make matters worse, as the number and diversity of applications in your IT stack increases, the Continue reading

IBM builds ransomware protection into on-prem storage

With ransomware attacks growing in frequency and little being done to stop them, IBM is well-timed with its anti-ransomware Safeguarded Copy for its FlashSystems and on-premises storage-as-a-serivce offerings.Safeguarded Copy is part of the IBM FlashSystem family of all-flash storage arrays, and it automatically creates immutable snapshots of date and stores them securely—meaning they cannot be accessed or altered by unauthorized users, the company says. Read about backup and recovery: Backup vs. archive: Why it’s important to know the difference How to pick an off-site data-backup method Tape vs. disk storage: Why isn’t tape dead yet? The correct levels of backup save time, bandwidth, space Safeguarded Copy is based on technology from IBM’s DS8000 mainframe storage array, which does the same thing as described above: it creates immutable copies  of data that can be used to restore damaged original data volumes or build new and uncorrupted volumes.To read this article in full, please click here

What is NAS (network-attached storage) and how does it work?

Network-attached storage (NAS) is a category of file-level storage that’s connected to a network and enables data access and file sharing across a heterogeneous client and server environment.“Ideally, NAS is platform- and OS-independent, appears to any application as another server, can be brought online without shutting down the network and requires no changes to other enterprise servers,” says research firm Gartner in its definition of NAS. Be sure not to miss: What is a SAN and how does it differ from NAS? Pros and cons of hyperconvergence as a service NVMe over Fabrics creates data-center storage disruption Serverless computing: Ready or not? NAS history: evolution of network-attached storage NAS evolved from file servers used in the 1980s to provide access to files for network clients. NAS devices typically consist of bundled hardware and software with a built-in operating system, and they typically use industry-standard network protocols such as SMB and NFS for remote file service and data sharing and TCP/IP for data transfer. In an enterprise setting, NAS can allow IT teams to streamline data storage and retrieval while consolidating their server and storage infrastructure.To read this article in full, please click here

IBM builds ransomware protection into on-prem storage

With ransomware attacks growing in frequency and little being done to stop them, IBM is well-timed with its anti-ransomware Safeguarded Copy for its FlashSystems and on-premises storage-as-a-serivce offerings.Safeguarded Copy is part of the IBM FlashSystem family of all-flash storage arrays, and it automatically creates immutable snapshots of date and stores them securely—meaning they cannot be accessed or altered by unauthorized users, the company says. Read about backup and recovery: Backup vs. archive: Why it’s important to know the difference How to pick an off-site data-backup method Tape vs. disk storage: Why isn’t tape dead yet? The correct levels of backup save time, bandwidth, space Safeguarded Copy is based on technology from IBM’s DS8000 mainframe storage array, which does the same thing as described above: it creates immutable copies  of data that can be used to restore damaged original data volumes or build new and uncorrupted volumes.To read this article in full, please click here

1 703 704 705 706 707 3,852