Talk Transcript: How Cloudflare Thinks About Security
2019-10-08
This is the text I used for a talk at artificial intelligence powered translation platform, Unbabel, in Lisbon on September 25, 2019....
Continue reading »2019-10-08
This is the text I used for a talk at artificial intelligence powered translation platform, Unbabel, in Lisbon on September 25, 2019....
Continue reading »2019-09-20
We noticed something weird - the TCP sockets which we thought should have been closed - were lingering around. We realized we don't really understand when TCP sockets are supposed to time out! We naively thought enabling TCP keepalives would be enough... but it isn't!...
2018-04-17
In previous blog post we discussed how we use the TPROXY iptables module to power Cloudflare Spectrum. With TPROXY we solved a major technical issue on the server side, and we thought we might find another use for it on the client side of our product....
2018-02-20
At Cloudflare we like Go. We use it in many in-house software projects as well as parts of bigger pipeline systems. But can we take Go to the next level and use it as a scripting language for our favourite operating system, Linux?...
2015-10-23
Compression is one of the most important tools CloudFlare has to accelerate website performance. Compressed content takes less time to transfer, and consequently reduces load times....
October 09, 2015 10:26 AM
In a previous post we discussed the performance limitations of the Linux kernel network stack. We detailed the available kernel bypass techniques allowing user space programs to receive packets with high throughput. ...
June 16, 2015 1:47 PM
Last week during a casual conversation I overheard a colleague saying: "The Linux network stack is slow! You can't expect it to do more than 50 thousand packets per second per core!"...
July 11, 2014 1:00 PM
This was an internal email that I sent to the CloudFlare team about how we are not afraid to throw away old code. We thought it was worth sharing with a wider audience....
February 13, 2014 1:00 AM
On Monday we mitigated a large DDoS that targeted one of our customers. The attack peaked just shy of 400Gbps. We've seen a handful of other attacks at this scale, but this is the largest attack we've seen that uses NTP amplification....
January 21, 2014 4:00 PM
An attack on your site could be catastrophic. Even a small attack can have major implications. Responding quickly to an attack is imperative. ...
December 06, 2012 9:19 AM
With the widespread adoption of high bandwidth Internet connections in the home, offices and on mobile devices, limitations in available bandwidth to download web pages have largely been eliminated....
November 06, 2012 9:09 AM
Today, Google's services experienced a limited outage for about 27 minutes over some portions of the Internet. The reason this happened dives into the deep, dark corners of networking. ...
June 19, 2012 3:56 PM
The other day I wrote a long post describing in detail how we used to and how we now store customer passwords. Some people were surprised that we were open about this....
January 29, 2011 4:26 AM
CloudFlare gets quite a bit of traffic from Egypt -- the country is consistently in the top-20 originators of visitors to our network. That is, until last night when Egypt shut down the Internet. Here is a graph showing traffic to our network from Egypt. ...