Keep up to date with Cloudflare’s latest news. Subscribe to the Blog.
July 18, 2019 2:12PM
Securing access to your APT repositories is critical. At Cloudflare, like in most organizations, we used a legacy VPN to lock down who could reach our internal software repositories. However, a network perimeter model lacks a number of features that we consider critical to a team’s security....
July 10, 2019 1:07PM
For some time I’ve wanted to play with coverage-guided fuzzing. I decided to have a go at the Linux Kernel netlink machinery. It's a good target: it's an obscure part of kernel, and it's relatively easy to automatically craft valid messages....
May 30, 2019 1:00PM
Kali Linux turned six years old this year! In this time, Kali has established itself as the de-facto standard open source penetration testing platform....
May 18, 2019 3:00PM
Recently at I gave a short talk titled "Linux at Cloudflare". The talk ended up being mostly about BPF. It seems, no matter the question - BPF is the answer. Here is a transcript of a slightly adjusted version of that talk....
May 03, 2019 1:00PM
It is unlikely we can tell you anything new about the extended Berkeley Packet Filter, eBPF for short, if you've read all the great man pages, docs, guides, and some of our blogs out there. But we can tell you a war story, who doesn't like those?...
April 24, 2019 6:21PM
Our servers process a lot of network packets, be it legitimate traffic or large denial of service attacks. To do so efficiently, we’ve embraced eXpress Data Path (XDP), a Linux kernel technology that provides a high performance mechanism for low level packet processing....
January 04, 2019 11:02AM
The Linux AIO is designed for, well, Asynchronous disk IO! Disk files are not the same thing as network sockets! Is it even possible to use the Linux AIO API with network sockets in the first place? The answer turns out to be a strong YES!...
November 29, 2018 9:54AM
As TLS 1.3 was ratified earlier this year, I was recollecting how it started here at Cloudflare. We made the decision to be early adopters of TLS 1.3 a little over two years ago....
August 24, 2018 3:11PM
Introducing ebpf_exporter, enabling low level eBPF based metric collection from Linux kernel into Prometheus....
May 13, 2018 4:00PM
How an innocent OS upgrade triggered a cascade of issues and forced us into tracing Linux networking internals....
April 17, 2018 10:11PM
In previous blog post we discussed how we use the TPROXY iptables module to power Cloudflare Spectrum. With TPROXY we solved a major technical issue on the server side, and we thought we might find another use for it on the client side of our product....
February 20, 2018 7:49PM
At Cloudflare we like Go. We use it in many in-house software projects as well as parts of bigger pipeline systems. But can we take Go to the next level and use it as a scripting language for our favourite operating system, Linux?...
February 19, 2018 7:50PM
Cloudflare에서는 Go를 좋아합니다. Go는 많은 내부 소프트웨어 프로젝트와 거대한 파이프라인 시스템의 일부로도 사용되고 있습니다. 하지만 Go를 한단계 더 끌어 올려서 우리가 선호하는 운영체제인 리눅스의 스크립트 언어로 사용할 수 있을까요?...
October 23, 2017 11:28PM
I have a weird setup. I type in Dvorak. But, when I hold ctrl or alt, my keyboard reverts to Qwerty. You see, the classic text-editing hotkeys, ctrl+Z, ctrl+X, ctrl+C, and ctrl+V are all located optimally for a Qwerty layout....
July 07, 2016 11:50AM
A recent blog post posed the question Why do we use the Linux kernel's TCP stack?. It triggered a very interesting discussion on Hacker News....
