Petra Kota Mawar: Keajaiban Arsitektur Batu di Yordania

Sejarah Singkat Petra Kota Mawar

Petra Kota Mawar berdiri megah di selatan Yordania. Kota ini berkembang melalui peradaban Bangsa Nabatea. Awalnya, masyarakat Nabatea membangun Petra sebagai pusat dagang. Selain itu, mereka menguasai jalur rempah strategis. Oleh karena itu, Petra cepat berkembang. Kemudian, kota ini berubah menjadi pusat ekonomi penting. UNESCO akhirnya menetapkan Petra sebagai Situs Warisan Dunia. Bahkan, dunia mengenalnya sebagai Kota Mawar karena warna batunya. Selanjutnya, wisatawan global terus berdatangan setiap tahun.

Keunikan Arsitektur Petra

Arsitektur Petra menampilkan teknik pahat luar biasa. Pengrajin memahat bangunan langsung dari tebing batu. Selain itu, mereka mengandalkan ketelitian tinggi. Al-Khazneh menjadi ikon paling terkenal. Bangunan ini sering disebut The Treasury. Namun, Petra memiliki ratusan struktur lain. Oleh karena itu, setiap sudut menghadirkan kejutan visual. Selanjutnya, warna batu berubah mengikuti cahaya matahari. Akibatnya, Petra tampak hidup sepanjang hari.

Sistem Air Canggih Bangsa Nabatea

Bangsa Nabatea menciptakan sistem air Petra yang inovatif. Mereka membangun kanal dan waduk. Selain itu, mereka mengontrol banjir gurun. Oleh karena itu, kota tetap bertahan lama. Selanjutnya, sistem ini Continue reading

HN816: Inside the Case: A Hardware Deep Dive with Meter (Sponsored)

Our topic today is the designing and building of high-performance networking hardware. If you assume the hardware details don’t matter, you’re missing the intentional engineering required to build truly reliable and quiet infrastructure. In this sponsored episode, we discuss Meter’s hardware philosophy with our guest, Joshua Markell, Head of Hardware at Meter. Joshua walks us... Read more »

Packet Trimming Deep Dive – Part III

Virtual Output Queue (VOQ)


The Silicon One VOQ Architecture

Instead of using dedicated deep interface buffers for packet queuing, Cisco Silicon One utilizes a Centralized Shared Memory architecture paired with a logical Virtual Output Queue (VOQ) mechanism. Because the VOQ concept is implemented within the Ingress (Rx) NPU entity, this queuing stage occurs after the initial ingress lookups but before the packet is switched across the internal fabric to the egress.

The VOQ model turns the traditional egress queuing model, where packets wait for serialization in a hardware buffer on the specific egress interface, upside down. While a VOQ is physically located on the ingress NPU, its ability to send traffic is controlled by the state of a small hardware Output Queue (OQ) on the egress interface.


Priority Mapping and Default State

As shown in Figure 9-3, a QoS policy can be created where a packet received on interface gi1/0/1 is assigned to Traffic Class 6 if the DSCP bits are set to EF (Expedited Forwarding). This configuration instantiates a VOQ specifically for that traffic class. In this hierarchy:

TC 7 (Control Plane/CS6): Mapped to OQ 1, the highest Strict Priority (Level 1).

TC 6 (DSCP-TRIMMED/EF): Mapped to OQ 2, Continue reading

Technology Short Take 191

Welcome to Technology Short Take #191! This is my semi-regular collection of links related to technology disciplines, including networking, security, cloud computing, storage, and programming/development. I hope that I’ve managed to curate an interesting and useful set of links for readers. Enjoy!

Networking

Security

Lab: More Complex EVPN/VXLAN Bridging Scenario

In the first EVPN/VXLAN lab, we added the EVPN control plane to bridging over VXLAN. Now, let’s try out a more complex scenario: several EVPN MAC-VRFs mapped to different VLAN segments on individual PE-devices.

Explore the lab exercise

You can run the lab on your own netlab-enabled infrastructure (more details), but also within a free GitHub Codespace or even on your Apple-silicon Mac (installation, using Arista cEOS container, using VXLAN/EVPN labs).

Toxic combinations: when small signals add up to a security incident

At 3 AM, a single IP requested a login page. Harmless. But then, across several hosts and paths, the same source began appending ?debug=true — the sign of an attacker probing the environment to assess the technology stack and plan a breach.

Minor misconfigurations, overlooked firewall events, or request anomalies feel harmless on their own. But when these small signals converge, they can explode into security incidents known as “toxic combinations.” These are exploits where an attacker discovers and compounds many minor issues — such as a debug flag left on a web application or an unauthenticated application path — to breach systems or exfiltrate data.

Cloudflare’s network observes requests to your stack, and as a result, has the data to identify these toxic combinations as they form. In this post, we’ll show you how we surface these signals from our application security data. We’ll go over the most common types of toxic combinations and the dangerous vulnerabilities they present. We will also provide details on how you can use this intelligence to identify and address weaknesses in your stack. 

How we define toxic combinations

You could define a "toxic combination" in a few different ways, but here Continue reading

We deserve a better streams API for JavaScript

Handling data in streams is fundamental to how we build applications. To make streaming work everywhere, the WHATWG Streams Standard (informally known as "Web streams") was designed to establish a common API to work across browsers and servers. It shipped in browsers, was adopted by Cloudflare Workers, Node.js, Deno, and Bun, and became the foundation for APIs like fetch(). It's a significant undertaking, and the people who designed it were solving hard problems with the constraints and tools they had at the time.

But after years of building on Web streams — implementing them in both Node.js and Cloudflare Workers, debugging production issues for customers and runtimes, and helping developers work through far too many common pitfalls — I've come to believe that the standard API has fundamental usability and performance issues that cannot be fixed easily with incremental improvements alone. The problems aren't bugs; they're consequences of design decisions that may have made sense a decade ago, but don't align with how JavaScript developers write code today.

This post explores some of the fundamental issues I see with Web streams and presents an alternative approach built around JavaScript language primitives that demonstrate something better is possible. 

Continue reading

The most-seen UI on the Internet? Redesigning Turnstile and Challenge Pages

You've seen it. Maybe you didn't register it consciously, but you've seen it. That little widget asking you to verify you're human. That full-page security check before accessing a website. If you've spent any time on the Internet, you've encountered Cloudflare's Turnstile widget or Challenge Pages — likely more times than you can count.

The Turnstile widget – a familiar sight across millions of websites

When we say that a large portion of the Internet sits behind Cloudflare, we mean it. Our Turnstile widget and Challenge Pages are served 7.67 billion times every single day. That's not a typo. Billions. This might just be the most-seen user interface on the Internet.

And that comes with enormous responsibility.

Designing a product with billions of eyeballs on it isn't just challenging — it requires a fundamentally different approach. Every pixel, every word, every interaction has to work for someone's grandmother in rural Japan, a teenager in São Paulo, a visually impaired developer in Berlin, and a busy executive in Lagos. All at the same time. In moments of frustration.

Today we’re sharing the story of how we redesigned Turnstile and Challenge Pages. It's a story told in three parts, by three Continue reading

Bringing more transparency to post-quantum usage, encrypted messaging, and routing security

Cloudflare Radar already offers a wide array of security insights — from application and network layer attacks, to malicious email messages, to digital certificates and Internet routing.

And today we’re introducing even more. We are launching several new security-related data sets and tools on Radar: 

  • We are extending our post-quantum (PQ) monitoring beyond the client side to now include origin-facing connections. We have also released a new tool to help you check any website's post-quantum encryption compatibility. 

  • A new Key Transparency section on Radar provides a public dashboard showing the real-time verification status of Key Transparency Logs for end-to-end encrypted messaging services like WhatsApp, showing when each log was last signed and verified by Cloudflare's Auditor. The page serves as a transparent interface where anyone can monitor the integrity of public key distribution and access the API to independently validate our Auditor’s proofs. 

  • Routing Security insights continue to expand with the addition of global, country, and network-level information about the deployment of ASPA, an emerging standard that can help detect and prevent BGP route leaks. 

Measuring origin post-quantum support

Since April 2024, we have tracked the aggregate growth of client support for post-quantum encryption on Cloudflare Continue reading

ASPA: making Internet routing more secure

Internet traffic relies on the Border Gateway Protocol (BGP) to find its way between networks. However, this traffic can sometimes be misdirected due to configuration errors or malicious actions. When traffic is routed through networks it was not intended to pass through, it is known as a route leak. We have written on our blog multiple times about BGP route leaks and the impact they have on Internet routing, and a few times we have even alluded to a future of path verification in BGP. 

While the network community has made significant progress in verifying the final destination of Internet traffic, securing the actual path it takes to get there remains a key challenge for maintaining a reliable Internet. To address this, the industry is adopting a new cryptographic standard called ASPA (Autonomous System Provider Authorization), which is designed to validate the entire path of network traffic and prevent route leaks.

To help the community track the rollout of this standard, Cloudflare Radar has introduced a new ASPA deployment monitoring feature. This view allows users to observe ASPA adoption trends over time across the five Regional Internet Registries (RIRs), and view ASPA records and changes over time Continue reading

Worth Reading 022626


The current debate on the existence of an “AI bubble” centers on a single question: is the current high level of investment into AI data centers a massive misallocation of capital or the key to future economic growth?

 


The more I have thought about it, the more convinced I am that the very technological advancements that make my life easier — the most recent being artificial intelligence — actually contribute to a busier, more overwhelming life.

 


Using hot water to cool supercomputers? Nvidia and others are doing it. It’s liquid cooling minus the water chillers.

 


New research shows that these claims aren’t true in all cases, particularly when account recovery is in place or password managers are set to share vaults or organize users into groups.

 


Every employer knows to conduct background checks. However, conducting background checks on IT professionals requires an extra layer of verification, given the privileged access they typically have to IT systems and tools.

Configuring 6PE Route Reflector on Cisco IOS

Imagine you want to deploy a BGP route reflector for MPLS 6PE or L3VPN service. Both services run over MPLS LSPs, use IPv4 BGP sessions, and use IPv4 next hops for BGP routes. There’s absolutely no reason to need IPv6 routing on a node that handles solely the control-plane activity (it never appears as a BGP next hop anywhere), right? Cisco IOS disagrees, as I discovered when running route reflector integration tests for netlab 6PE and (MPLS) L3VPN functionality.

Most platforms failed those tests because we forgot to configure route-reflector-clients in labeled IPv6 and VPNv4/VPNv6 address families1. That was easy to fix, but the IOS-based devices were still failing the tests, with nothing in the toolchain ever complaining about configuration problems.

Read more …

Join Calico at KubeCon Europe 2026: AI Agents, Silent Discos, and Dutch Delights!

The cloud-native community is heading to the historic canals and vibrant tech scene of Amsterdam for KubeCon + CloudNativeCon Europe 2026! From March 23–26, Amsterdam will be buzzing with the latest in Kubernetes, platform engineering, and, of course, all things Calico.

Whether you’re a long-time Calico user or just starting your cloud-native security journey, Tigera has a packed schedule to make your KubeCon experience both educational and unforgettable.

🌍 Meet Our International Team

Traveling from Vancouver, San Francisco, Toronto, Cork, London, and Cambridge, our team is excited to come together in Amsterdam to welcome you! Whether you’re a first-time attendee or a KubeCon veteran, our crew has been through the trenches and is ready to share tips on everything from eBPF security to the best bitterballen in the city.

Securing the Future: AI Agent Workshop

The biggest shift in the ecosystem this year? Autonomous AI Agents. But as we move these agents into production, how do we ensure they are secure, compliant, and observed?

Join us for our featured workshop: Securing Autonomous Continue reading

1 6 7 8 9 10 3,856