CloudFlare uses a great deal of open source and free software. Our core server platform is nginx (which is released using a two-clause BSD license) and our primary database of choice is postgresql (which is released using their own BSD-like license). We've talked in the past about our use of Kyoto Tycoon (which is released under the GNU General Public License) and we've built many things on top of OpenResty.
And, of course, we make use of open source tools such as gcc, make, the Go programming language, Lua, python, Perl, and PHP, and projects like Sentry, Kibana, and nagios. And, naturally, we use Linux.
It would take a while to write down all the software that we use to build CloudFlare, but all that software has one thing in common: it's open source or free software. Our stack consists of either software we've built ourselves or an open source project (which we've sometimes forked).
Why Build On Open Source
It's probably obvious to most readers why we use open source software: it's reliable, it's easy to modify and it's easy to maintain. But there's another benefit that should not be overlooked: using and working on open source software brings a great deal of job satisfaction for programmers and it helps us hire the best.
We encourage our programmers to release changes they've made to open source software and to release projects through the CloudFlare GitHub page.
At GitHub you'll find projects such as golog (a high-performance Go logger), lua-cmsgpack (an implementation of MessagePack for Lua), a Python-based CNAME flattener, and a macro language for systemtap, amongst others.
You'll also find the ngx_lua module which embeds Lua in nginx. That's not something CloudFlare initially wrote, but we make such extensive use of it that we hired Yichun Zhang. He continues to work full-time on it while at CloudFlare.
And, if you've ever delved into the internals of nginx, you'll know another CloudFlare employee, Piotr Sikora, who recently added the ability to set keys for TLS Session Tickets to nginx.
So, at CloudFlare, open source can get you a job, be your job or, at least, be a significant part of your job.
Where appropriate (i.e. where we think we make the biggest impact and get something we need) we've sponsored external open source projects and paid for improvements that all can use.
We make wide use of the excellent LuaJIT project and after much profiling by engineers we discovered areas where more JITing would improve our performance. Rather than do the work ourselves we sponsored the LuaJIT project. These speedups will be appearing in LuaJIT 2.1 when it is released.
Two Way Street
Of course, it would be easy for us to use open source software, make modifications and not release them. None of the licenses for the software we use force us to release our modifications. But we prefer to give back and not just because of karma.
There are two big advantages to releasing modifications we've made to existing projects: the many eyeballs effect and reducing fork cost.
The first, many eyeballs, is common to any open source project: the more people look at code, the better it gets. And that applies equally to code written by a core team of developers and code written by outsiders. When we contribute changes we've made, others look at the changes and improve them.
And the cost of maintaining a fork provides useful economic pressure making releasing our modifications make sense. It's cheaper for us to release than to maintain a fork and merge as the core of a project changes.
But, what about CloudFlare's secret sauce?
Open Sourcing CloudFlare Core
Our strong bias is to open source everything we've built. When we don't, it's usually because it's highly specific to us and/or because the support cost is high. Ultimately, we'd like to open source all our major components so that they can be used to build a faster, safer, smarter web.
Many of our smaller components are really glue code that don't make any sense to open source as they are so specific to our implementation of the overall system.
We don't believe that there is any chunk of code so clever that it gives us a long term competitive advantage. Instead, our advantage comes from the network we've built, the data we collect on making the web faster and safer, and, most importantly, the people we're able to attract.
A commitment to open source builds trust in the community which helps us continue to build our service and attract the best people.
In fact, the best way to get hired at CloudFlare is to make good contributions to open source projects we find interesting and useful. Contributions like that often speak more loudly than a resume.