Networking and performance stories today!
- A repeatable and probe-free methodology for measuring CDN performance (@Cloudflare wins, btw)
- A debugging story about global TLS termination
- How we identify multi-user IPs to improve our security services

#CloudflareResearch🔬
We know @Cloudflare is fast (the fastest in most places) and have the scans to prove it. However, most techniques that use active scanning to measure performance aren't verifiable, so as great as our scans are, they aren't enough to convince skeptics.
Enter research.
It turns out that performance can be predicted given a comprehensive map of the Internet's topology. By combining public data sources on Internet eXchange Points (IXPs), off-net caches, BGP, and geodata with smart path prediction algorithms, you can make an educated guess.
Today's blog post by @GVasilis and @marwanfayed goes into detail about just how good this guess can be.
The results show that Cloudflare has the lowest latency globally of any CDN. And now anyone can validate that claim without running a single scan.

blog.cloudflare.com/look-ma-no-pro…
We built the Geo Key Manager to give customers granular control of where their HTTPS certificate private keys are stored. Getting optimal performance out of a geographically distributed key management system is hard, especially at Cloudflare's scale.

blog.cloudflare.com/introducing-cl…
In this fun post, Tanya Verma takes us on a technical deep dive into some of the challenges we faced trying to scale up this service for bigger customers as our network grew larger.

blog.cloudflare.com/scaling-geo-ke…
Security products often take a simplistic view of client IP addresses and apply the same threat algorithms to all of them. The reality is that client IPs are not all equal. Some represent a single person and some represent thousands of individuals behind a NAT or VPN.
Security products that assess whether or not an incoming connection is malicious or not need to take multi-user IPs into account, or face negative consequences like lax security (false negatives) or over-blocking/unnecessary friction (false positives).
This post by interns Nate Sales and Alex Chen explains how we combine our knowledge of the Internet from public datasets with device-reported information to inform other teams at Cloudflare which source IPs are single-user and which are multi-user.

blog.cloudflare.com/multi-user-ip-…
And finally, join @bwesterb @armfazh and @WatsonLadd today at 1:00 on Cloudflare TV for CIRCL: our Go library now includes pairings and quantum-resistant cryptography

cloudflare.tv/event/5BK5weus…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Nick Sullivan

Nick Sullivan Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @grittygrease

14 Oct
Even more from #CloudflareResearch🔬 today. This time we have a deep dive into our paper at ACM SIGCOMM about disentangling the mess of conventions around IP addresses, hostnames, and sockets. Plus, two posts about the future of our "favorite" authentication mechanism: passwords.
Historically, most Internet systems assigned IP addresses to hosts based on which server a service is running on. Cloudflare was designed to be more flexible. In theory, there is no reason IP addresses have to correspond to individual machines or even to hostnames.
To take theory to practice, we ran an experiment to see the impact of taking advantage of the freedom and flexibility brought by this combination of technologies: anycast, SNI, and bpf_sk_lookup. The results were promising.

blog.cloudflare.com/addressing-agi…
Read 11 tweets
13 Oct
The Internet is not simply a loose federation of companies and billions of dollars of deployed hardware; it’s a network of relationships governed by technical standards that form the connective tissue that allows us to build important aspects of modern society on the Internet.
Today on the @Cloudflare blog, we are sharing several articles that highlight how research and standards development intersect to help the Internet evolve into a more secure, more private, more reliable, and trustworthy technology.

#CloudflareResearch🔬
The Internet Engineering Task Force (@ietf) is an open, international community that, with the Internet Architecture Board (@intarchboard) and the Internet Research Task Force (@inretafo), publishes technical documents (the RFC series) to influence the evolution of the Internet.
Read 10 tweets
21 Feb 20
Thread

One of the perks of working at @Cloudflare is that technical people are encouraged to share their voice with the public on the company blog. Generous coworkers donate time, energy, and expertise to enable these amazing builders to teach and explain for the benefit of all.
Some of these posts are timeless, some are extremely timely, and more than a few of them are deep. Very deep.

I'm going to highlight a few of my favorites from the last several years in this thread.

blog.cloudflare.com (bookmark, like, retweet, etc.)
How and why the leap second affected Cloudflare DNS
blog.cloudflare.com/how-and-why-th…

The post-mortem is a staple of the blog. In this one, @jgrahamc explores how an incorrect assumption about how time works caused a serious outage and how a single character was the fix.
Read 21 tweets
9 Nov 19
I was chatting with a friend of mine who hires engineers who told me that in their company's hiring process they have an explicit focus on assessing the candidate's "grit" during the interview process.
Specifically, they try to determine
1) how willing the candidate is to do the thankless grunt work that is needed for team success
2) how likely are they to spend their time reducing the amount of gruntwork their teammates have to do
They consider it an explicit red flag if an engineer is only focused on doing "the hard/fun stuff" or high-visibility projects and expecting their peers to pick up the slack. Such engineers tend to be more interested in their own career progress than the team's success.
Read 9 tweets
9 Jan 19
Richard Barnes (@rlbarnes) just kicked off #RealWorldCrypto with a great overview of MLS, a new proposed standard for group message encryption. There’s still time to contribute: mlswg.github.io
Joanne Woodage (@joannewoodage) outlines a really cool attack on Facebook’s abuse reporting mechanism for encrypted messages. A great example of how popular schemes like AES-GCM can be easily misused. #RealWorldCrypto
The team also came up with a new one-pass authenticated encryption scheme based only on collision-resistant hash functions. It’s somewhat reminiscent of the Keccac team’s Keyac encryption based the a sponge construction: keccak.team/keyak.html
Read 70 tweets
18 Aug 18
Crypto 2018 has affiliated events this year, which is fun. I’m currently attending the Quantum-safe Cryptography for Industry event, a big focus of mine lately. crypto.iacr.org/2018/affevents…

@Cloudflare is a sponsor of Crypto this year, so come see me if you want a webcam cover!
We just heard from Adrian Stanger from the NSA. There is high confidence in the NIST process and no plans to invest in QKD. Algorithm recommendations (key agreement and signatures) to be made around 2023-24. There are no plans to replace AES-256 or SHA2-384.
Brian LaMacchia of @MSFTResearch gives an overview of the cryptographic algorithm transitions we’ve gone through so far in the 21st century.
Read 8 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

:(