Items tagged with: Cloudflare
I noticed I couldn't connect to archive.is, eventually I figured out it was an issue with cloudflare DNS, 22.214.171.124. Checking nslookup confirms this:
nslookup archive.is 126.96.36.199 Server: 188.8.131.52 Address: 184.108.40.206#53
Non-authoritative answer: Name: archive.is Address: 127.0.0.4
nslookup archive.is 220.127.116.11 Server: 18.104.22.168 Address: 22.214.171.124#53
Non-authoritative answer: Name: archive.is Address: 126.96.36.199
Cloudflare is returning a localhost address which prevents you from accessing the website.
HN Discussion: https://news.ycombinator.com/item?id=19828317
Posted by ikeboy (karma: 10600)
Post stats: Points: 121 - Comments: 75 - 2019-05-04T18:36:34Z
#HackerNews #1111 #archiveis #cloudflare #dns #inaccessible #tell #via
HackerNewsBot debug: Calculated post rank: 105 - Loop: 101 - Rank min: 100 - Author rank: 27
These snapshots are a graphical representation of countries with servers (or their proxies) that my nodes has interacted with in some form. My node is an open node (with a relatively small number of users by Friendica standards), but has been running for several years.
The lightest colour represents counties without any web requests to my server last month.
#SoutheastAsia, notable absences: #Myanmar, #Laso, #Vietnam, #Brunei,
#Europe, notable absences: #Slovenia, #Bosnia-Herzegovina,
#Kosovo, #Macedonia, #FaeroeIslands
#CentralAmerica and #LatinAmerica, notable absences: #Cuba, #Honduras, #ElSalvador, #Nicaragua, #Venezuela, #Guyana, #Suriname,
#EastAsia, notable absence: #Mongolia; #SouthAsia: #Nepal and
#Bhutan; #CentralAsia: almost no presence.
#Africa: almost no presence.
#Friendica #Fediverse #social #media #open #nodes #geography #statists #web# requests #cloudflare
Yesterday, I signed an offer letter from Cloudflare. I’ll be the product manager of Storage, which is the part of the company that’s working on data storage products for the Cloudflare Workers…
HN Discussion: https://news.ycombinator.com/item?id=19583821
Posted by steveklabnik (karma: 61518)
Post stats: Points: 206 - Comments: 75 - 2019-04-05T16:01:09Z
#HackerNews #cloudflare #joining
April 5, 2019
Yesterday, I signed an offer letter from Cloudflare. I’ll be the product manager of Storage, which is the part of the company that’s working on data storage products for the Cloudflare Workers platform. I’ll be starting at the end of the month.
I think a lot of you will say “that makes perfect sense,” but many more will say “wait, what?”. I hope this post will make things a bit more clear.
Before we start, I also want to say that I’ll still be continuing my work on Rust, though obviously in a more limited capacity. I’ll still be working on revisions to The Rust Programming Language, and doing core team work, for example.
Before I worked on Rust, I worked on and with Ruby on Rails. When I got out of the web application game, the hot topic was this new “platform as a service” stuff. I’ve been watching all of the latest changes from afar, and they’ve been quite interesting. I’ve always loved the web, and the people building it. In the last 18 months or so, I’ve also been extremely interested in WebAssembly. Working at Cloudflare is the intersection of four things for me:
* Edge compute * WebAssembly * Rust * Personal and career growth
There’s sort of been four eras of “how do I web server”:
* Physical servers (“on premise”) * Infrastructure as a service * Platform as a service * Function as a service
A lot of people see the relationship between these things as “what you control” vs “what does the provider control”, but I don’t think that’s quite right. But I’m getting ahead of myself.
Back in the day, if you wanted a web site, you bought a physical server, and you put it in a data center somewhere. I wasn’t around for those days. The point is, you managed everything: the hardware, the software. All of it.
In my days as a startup CTO, my services were deployed to a Virtual Private Server. Instead of owning servers ourselves, we rented a virtual machine, running on someone else’s servers. This is “infrastructure as a service”; I didn’t have to worry about machines, I could just ask for one, and it’d be given to me. I still had to manage the operating system and everything above it.
Fun side note: CloudFab was a Rails application with a big C extension to do data processing that was too much for Ruby. This later informed a lot of my Rust work.
Next up came “platform as a service.” To me, Heroku was the platonic ideal of this era. Now, you didn’t even need to manage servers. You got to worry about your application, and that’s it. Maybe you’d need to set a slider to scale during times of demand.
I’ve been reading a lot about “functions as a service” over the past few years. Instead of deploying an entire application, each endpoint becomes an application, basically. This is where I think the previous thinking about the relationships between these categories of service is a little wrong. The actual underlying trend here is something else: what affordances do I have to scale?
In the on-premise days, if I wanted to add capacity, I’d need to buy new servers, install them, set everything up. There’s a lot of latency there. And if I need to remove capacity, well, I have to sell those servers? The move to infrastructure as a service was significant, because it more clearly separated concerns. Each company didn’t need a data center; a data center provides homogeneous compute. As a user, if I need to scale, I can spin up some more virtual servers much more quickly than I can physical ones. Managing that required a lot of tooling, however.
This was the insight that led to platform as a service: by managing this tooling, you could make it even easier for users to scale. There’s a reason why the slider became the ubiquitous synonym with PaaS. There’s nothing that you could do with PaaS that was impossible with IaaS, but it was much, much easier.
This brings us to Functions as a Service, also known as “serverless.” The reason that this architecture matters is one very similar to previous insights. By breaking your application into multiple functions, they can scale independently. This is one of the dreams of microservice architecture, but there’s a bit of a difference. Microservice architecture focuses on how you build your system, and how you split up components internally. FaaS focuses on how people interact with your system, and splits up the components according to that. This framing is a bit more significant to your ability to scale, because it means that during times of high load, you can scale only the parts under that load. In the same way that IaaS said “let’s not force people to buy servers to scale” and PaaS said “let’s not force people to build out infrastructure to scale”, FaaS says “let’s not force people to scale their help page to scale their shopping cart.”
This brings us to edge compute. Edge compute is a particular kind of FaaS, but an interesting take on it. Here’s the concept: your users are all over the world. Why do their packets need to go to us-east-1 and back? To which you might say, “sure, that’s why we’ve developed our application to work in multiple regions.” That’s the same relationship between IaaS and PaaS. That is, why should you have to worry about making your application be available across multiple regions? You may not be worrying about individual physical servers anymore, but you’re still worrying about data centers. And some FaaS products, like AWS Lambda, can already run easily across multiple regions, and with some setup, go between them. However, Amazon has about 20 total regions.
So how is edge compute different? Well, at some point, various CDN companies realized “wait a minute. We have severs around the world. Why can’t we run compute on them as well?”
Side note: Cloudflare is not really a CDN company, though that’s how I always thought of them. They do a lot more stuff than CDNs.
This is interesting because, well, here’s those 20 Amazon regions:
Compare this with Fastly’s network:
And finally, Cloudflare’s network:
(the page is animated, so those highlighted ones don’t mean anything)
You’re much likely to be physically closer to a Fastly or Cloudflare server than you are an AWS one. And that’s what we mean by “edge compute”, that is, you’re running your code on the edge, rather than in the data center.
Now, I should also mention that there is a form of Lambda called Lambda@Edge that runs off of CloudFront locations, rather than the above map. So that looks like this:
Much better! My point about regions is more applicable to “edge compute” vs more general compute, than saying something about Lambda as a particular product.
CloudFlare Workers don’t require you to think about where your service is deployed: when you upload it, it’s automatically running on all 175 locations, within minutes.
I think this space is interesting and significant. Cloudflare has Workers, and Fastly has Terrarium. Amazon has Lambda@Edge. These are all very interesting platforms for building high performance applications.
My role as part of Storage will be to consider “what does data access and storage look like in this world?” If your code is moved to the edge, but your data is still in a central server, you don’t gain the full benefit of having the code close to the client. There’s a lot of interesting stuff in this space!
Both ClouldFlare Workers and Fastly’s Terrarium use WebAssembly as a core part of the platform. And that’s significant:
If WASM+WASI existed in 2008, we wouldn’t have needed to created Docker. That’s how important it is. Webassembly on the server is the future of computing. A standardized system interface was the missing link. Let’s hope WASI is up to the task! https://t.co/wnXQg4kwa4 — Solomon Hykes (@solomonstre) March 27, 2019
Anyway, the point is, WebAssembly is core to this new edge compute world. And so I’m excited to be in the space. I know people that work at Fastly, wasmer, and Mozilla, and they’re all doing great work. I think there’s space for both approaches, but I’m mostly excited to be there and see how it all turns out.
Oh, one other thing I wanted to say: right now, everything around Workers is closed source. Kudos to Fastly for open-sourcing Lucet. I asked about this in my interview, and Cloudflare is very interested in doing more open source work, and so I’m hoping it doesn’t take us long to catch up in this regard. We’ll see, of course, I haven’t actually started yet. But I think that this stuff needs to be open source, personally.
You may remember a little story called CloudBleed. In short, Cloudflare had a pretty bad security bug in 2017. This bug happened because of a parser, written in Ragel. Here, I’ll let Cloudflare explain it:
The Ragel code is converted into generated C code which is then compiled. The C code uses, in the classic C manner, pointers to the HTML document being parsed, and Ragel itself gives the user a lot of control of the movement of those pointers. The underlying bug occurs because of a pointer error.
CloudBleed happened due to memory unsafety. When talking to Cloudflare today, it’s pretty clear that this bug was taken extremely seriously, to the point where it created a culture change inside the company itself. These days, it seems to me (I haven’t started yet, mind you) that you have to use a memory safe language by default, and only use a memory unsafe one if you have an extremely good justification. But Cloudflare needs to be able to have a lot of performance, and control latency, in much of their stack.
Enter Rust. Cloudflare started exploring Rust after CloudBleed, and now uses a significant amount of Rust in production. They host the local Rust meetup here in Austin, and sometimes the one in San Francisco. I’m excited to help Cloudflare be successful with Rust, and to use that experience to help improve Rust too.
My understanding is that I’ll be dealing with a bunch of TypeScript and possibly Go as well, which is also pretty cool.
Finally, the move to product management. I really enjoy product work, and have had several jobs that were sorta-kinda product jobs. I don’t think that management jobs are inherently better than engineer jobs, of course, but it’s a way for me to grow. My role at Balanced was sorta-kinda-PM-y, and I loved that job.
I don’t have too much more to say about this, just that it’s a bit different, but something I’m really excited to do.
I’m excited for the future
So yeah, that’s my extremely long-winded explanation of what’s going on. I’m not starting until the end of the month, so I’ve got a few weeks to purely enjoy. I’ll still be playing a lot of Celeste and Fortnite, writing blog posts, and working on some Rust open source. But then I get to get back to work. I’m pumped about all of this! New role, building some new tech with tech I already love.
HackerNewsBot debug: Calculated post rank: 162 - Loop: 106 - Rank min: 100 - Author rank: 49
Warum wird diese Falschnachricht eigentlich immer noch verbreitet, obwohl die eigentliche Quelle doch genau das Gegenteil sagt. (mehrere Resolver)
Heise schreibt es auch korrekt: https://www.heise.de/newsticker/meldung/Mozilla-zu-DoH-Resolvern-Es-soll-nicht-nur-einen-geben-4354060.html
TLS interception is a process when your protected connection to some website is broken up to examine the content and then forwarded again - transparently for you. This can be legitimate (e.g antivirus check or enterprise compliance) or malicious (surveillance and hacking). Basically it is like opening a letter, peeking (or messing with) the contents, closing it up again and sending on its way.
It looks like 25-30% of all protected traffic is being snooped on.
Since Cloudflare processes around 10% of entire Internet traffic the global picture should look similar. Of course absolute majority of it is made up by enterprise proxies that legitimately inspect employees traffic for malware scanning and other compliance... but still. So much for that green lock being security and privacy panacea 😀
#cloudflare #internet #privacy #tls
Founder and co-chair of Nike Foundation, Maria Eitel, and Stan Meresman join Cloudflare board
Article word count: 668
HN Discussion: https://news.ycombinator.com/item?id=19367065
Posted by migueldemoura (karma: 172)
Post stats: Points: 111 - Comments: 79 - 2019-03-12T11:22:51Z
#HackerNews #150m #adds #and #board #cloudflare #directors #raises
San Francisco, CA, March 12, 2019 — Cloudflare, the leading Internet performance and security company, today announced that it raised $150 million in its latest round of funding, led by Franklin Templeton. The company is also announcing two appointments to its board of directors, Stan Meresman, former CFO of Silicon Graphics, and Maria Eitel, founder and co-chair of the Nike Foundation.
Cloudflare last raised funding in 2014, closing a round of $110 million. To date, Cloudflare has raised more than $330 million from investors including New Enterprise Associates, Union Square Ventures, Venrock, Pelion Venture Partners, Greenspring Associates, CapitalG (formerly Google Capital), Microsoft, Baidu, Qualcomm, and Fidelity. Franklin Templeton joins these investors leading this latest round of funding, which will be used to support Cloudflare’s growth, extend product ranges, and continue its international expansion into new markets.
Cloudflare has also continued to strengthen its board of directors with the additions of Maria Eitel and Stan Meresman. “I’m honored to welcome Maria and Stan to our board of directors,” said Matthew Prince, co-founder and CEO of Cloudflare. “Both of them bring a wealth of knowledge and experience to our board and know what it takes to propel companies forward. Our entire board looks forward to working with them as we continue to help build a better Internet.”
Eitel served as the president and CEO and is now the co-chair of the Nike Foundation and chair of Girl Effect, an independent nonprofit created by Nike in 2008 to focus on ending poverty globally. Eitel joined Nike in 1998 as its first vice president of corporate responsibility. She previously ran European corporate affairs for Microsoft and worked in media affairs at the White House, where she was a special assistant to President George H.W. Bush.
“My career has been focused on creating global change, and the Internet is a huge part of that,” said Eitel. “The Internet has the ability to unleash human potential, and I believe that Cloudflare is one of the major players able to drive the change that’s necessary for the world and Internet community.”
Meresman is a board member and chair of the Audit Committee of Guardant Health (GH), Snap (SNAP) and Medallia, and formerly served in such roles at LinkedIn, Palo Alto Networks, Zynga, Meru, Riverbed Technology, and Polycom. He was previously CFO of Silicon Graphics (SGI) and Cypress Semiconductor (CY). Meresman holds a BS in Industrial Engineering and Operations Research from University of California, Berkeley, and an MBA from Stanford Graduate School of Business.
“Cloudflare’s technologies, customer base, and global network have helped propel the company to a position of leadership in the Internet ecosystem,” said Meresman. “I look forward to lending my skills and expertise to Cloudflare’s board in order to continue this growth and make even more of an impact.”
Eitel and Meresman join Cloudflare’s existing board of directors, which includes NEA Managing Director Scott Sandell, Pelion Venture Managing Partner Carl Ledbetter, Cloudflare Co-Founder and CEO Matthew Prince, and Cloudflare Co-Founder and COO Michelle Zatlyn.
Cloudflare, Inc. (www.cloudflare.com / @cloudflare) is on a mission to help build a better Internet. Today the company runs one of the world’s largest networks that powers more than 10 trillion requests per month, accounting for 10 percent of all Internet requests. Cloudflare protects and accelerates any Internet application online without adding hardware, installing software, or changing a line of code. Internet properties powered by Cloudflare have all web traffic routed through its intelligent global network, which gets smarter with every request. As a result, they see significant improvement in performance and a decrease in spam and other attacks. Cloudflare was recognized by the World Economic Forum as a Technology Pioneer, named to Entrepreneur Magazine’s Top Company Cultures list, and ranked among the Worldʼs 10 Most Innovative Enterprise Companies by Fast Company. Headquartered in San Francisco, CA, Cloudflare has offices in Austin, TX, Champaign, IL, New York, NY, San Jose, CA, Washington, D.C., London, Munich, Beijing, Singapore, and Sydney.
HackerNewsBot debug: Calculated post rank: 100 - Loop: 243 - Rank min: 100 - Author rank: 50
When the government comes for your data, tech companies can’t always tell you. But thanks to a legal loophole, companies can say if they haven’t had a visit yet. That’s opened up an interesting clause…
Article word count: 620
HN Discussion: https://news.ycombinator.com/item?id=19255102
Posted by jbegley (karma: 4791)
Post stats: Points: 165 - Comments: 117 - 2019-02-26T15:37:41Z
#HackerNews #canaries #cloudflare #expands #government #its #warrant
When the government comes for your data, tech companies can’t always tell you. But thanks to a legal loophole, companies can say if they haven’t had a visit yet.
That’s opened up an interesting clause that allows companies to silently warn customers when the government turns up to secretly raid its stash of customer data without violating a gag order it. Under U.S. freedom of speech laws, companies can publicly say that “the government has not been here” when there has been no demand for data, but they are allowed to remove statements when a warrant comes in as a warning shot to anyone who pays attention.
These so-called “warrant canaries” — named for the poor canary down the mine that dies when there’s gas that humans can’t detect — are a key transparency tool that predominantly privacy-focused companies use to keep their customers aware of the goings-on behind the scenes.
Where companies have abandoned their canaries or caved to legal pressure, Cloudflare is bucking the trend.
The networking and content delivery network giant said in a blog post this week that it’s expanding the transparency reports to include more canaries.
To date, the company:
* has never turned over their SSL keys or customers’ SSL keys to anyone; * has never installed any law enforcement software or equipment anywhere on their network; * has never terminated a customer or taken down content due to political pressure; * has never provided any law enforcement organization a feed of customers’ content transiting their network.
Those key points are critical to the company’s business. A government demand for SSL keys and installing intercept equipment on its network would allow investigators unprecedented access to a customer’s communications and data, and undermine the company’s security. A similar demand led to Ladar Levison shutting down his email service Lavabit when they sought the keys to obtain information on whistleblower Edward Snowden, who used the service.
Now Cloudflare’s warrant canaries will include:
* Cloudflare has never modified customer content at the request of law enforcement or another third party. * Cloudflare has never modified the intended destination of DNS responses at the request of law enforcement or another third party. * Cloudflare has never weakened, compromised, or subverted any of its encryption at the request of law enforcement or another third party.
It has also expanded and replaced its first canary to confirm that the company “has never turned over our encryption or authentication keys or our customers’ encryption or authentication keys to anyone.”
Cloudflare said that if it were ever asked to do any of the above, the company would “exhaust all legal remedies” to protect customer data, and remove the statements from its site.
The networking and content delivery network is one of a handful of major companies that have used warrant canaries over the years. Following reports that the National Security Agency was vacuuming up the call records from the major telecom giants in bulk, Apple included a statement in its most recent transparency reports noting that the company has to date “not received any orders for bulk data.” Reddit removed its warrant canary in 2015, indicating that it had received a national security order it wasn’t permitted to disclose.
Cloudflare’s expanded canaries were included in the company’s latest transparency report, out this week.
According to its latest figures covering the second half of 2018, Cloudflare responded to just seven subpoenas of the 19 requests, affecting 12 accounts and 309 domains. The company also responded to 44 court orders of the 55 requests, affecting 134 accounts and 19,265 domains.
The company received between 0-249 national security requests for the duration, and didn’t process any wiretap or foreign government requests for the duration.
Amazon’s barely-transparent transparency report somehow gets more opaque
HackerNewsBot debug: Calculated post rank: 149 - Loop: 360 - Rank min: 100 - Author rank: 218
Copyright controls the audience, not the work… The Damage Continues: Internet Infrastructure Degraded By Copyright Enforcement… 2018-02-18 23:58
This is just a sad update to our earlier story, but now it’s official: CloudFlare has ceased serving Sci-Hub, in accordance with the court-ordered Internet damage we wrote about earlier.
Take a moment to consider:
This is the same CloudFlare that previously agonized publicly about their decision to terminate service to The Daily Stormer, a neo-Nazi white-supremacist web site whose views are thoroughly repugant to every decision maker at CloudFlare,and probably equally repugnant to the vast majority of CloudFlare’s employees and customers.Nevertheless, the Daily Stormer decision so disturbed CloudFlare’s CEO that he immediately started laying groundwork to never have to censor again. But censoring scientific research, for copyright reasons?That apparently doesn’t fall into the same category.
Don’t blame CloudFlare,and don’t even blame the American Chemical Society.They’re not the problem here.The problem is that a limited state-granted monopoly has been expanded,at first gradually,then suddenly,by major media companies and their servants in the legislative branch to the point where censorship in its name is considered perfectly normal, so much so that using it to censor scientific papers is less worthy of hand-wringing than censoring, say, a neo-Nazi white-supremacist web site.
#Copyright #COPYLEFT #CONTROL #INTERNET #WEB #WWW #CloudFlare #neo-Nazi #Sci-Hub #CONSPIRACY #MANIPULATION #POLITICS
With CloudFlare API, I set my ipv6ddns script to check if the IP was changed, so downtime should be maximum at 10 minutes. (I can make it run at every 1 minute, but afraid of API rate limit.)
I just run Nginx on my old laptop at home this morning -> https://bb8.bashell.com
After some fiddling around I noticed that Cloudflare's default setting (flexible) uses plaintext HTTP connections between Cloudflare and your server. You don't want to expose your user's data to the rest world, do you?
Might even has GDPR implications.
#Cloudflare #TLS #infosec