Welcome to Miami: HostingCon 2014

Published on by Ashley Gorringe.

This year’s HostingCon will be held in Miami Beach, and the CloudFlare team is busy prepping. This is our fourth year at the show and our team is excited to see partners, customers and friends. You bring the sunscreen, we’ll supply: Complimentary limousine transfers from Miami International Airport to Loews Miami Beach Hotel on Sunday, June 15. Reserve your spot today. CloudFlare t-shirts Live…

CloudFlare Meetups: Set your mind on fire.

Published on by Nick Sullivan.

Education, expertise, and community: these themes define Meetups at CloudFlare. Meetups in our office bring together industry leaders, academics, and field experts to examine topics ranging from the Go programming language, to databases, to cryptography, and more. We’re creating a space for people interested in learning about, and hashing-out, specialized topics together; check out CloudFlare’s upcoming Meetups here. Our latest series on cryptography covers…

BPF - the forgotten bytecode

Published on by Marek Majkowski.

Every once in a while I run into an obscure computer technology that is a hidden gem, which over the years has become mostly forgotten. This is exactly how I feel about the tcpdump tool and its kernel counterpart the packet filter interface. For example, say you run: $ tcpdump -ni eth0 ip and udp and port 53 For most of us this command is pure magic, almost nobody…

The Web is World-Wide, or who still needs RC4?

Published on by John Graham-Cumming.

Two weeks ago we changed our TLS configuration to deprioritize the RC4 encryption method because it is widely thought to be vulnerable to attack. At the time we had an internal debate about turning off RC4 altogether, but statistics showed that we couldn't. Although only a tiny percentage of web browsers hitting CloudFlare's network needed RC4 that's still thousands of people contacting…

Killing RC4: The Long Goodbye

Published on by Nick Sullivan.

At CloudFlare we spend a lot of time thinking about the best way to keep our customers’ data safe. Despite recent troubles, HTTPS is still the best way to deliver encrypted content for the web. As the threat landscape changes we try to keep up with best practices with respect to which cryptographic primitives we use. We recently removed support for RC4 for browsers using TLS 1.…