Using CloudFlare to mix domain sharding and SPDY

Note: this post originally appeared as part of the 2013 PerfPlanet Calendar It’s common knowledge that domain sharding, where the resources in a web page are shared across different domains (or subdomains), is a good thing. It’s a good thing because browsers limit the number of connections per domain: splitting a web page across domains […]

Keeping our open source promise

Back in October I wrote a blog post about CloudFlare and open source software titled CloudFlare And Open Source Software: A Two-Way Street which detailed the many ways in which we use and support open source software. Since then we’ve pushed out quite a lot of new open source projects, as well as continuing to […]

Zero Day Vulnerability in OpenX Source 2.8.11 and Revive Adserver 3.0.1

If you are using OpenX or the new Revive Adserver (fork of OpenX), you need to update it ASAP. Florian Sander discovered a serious SQL injection vulnerability that affects all versions of OpenX and all versions of the Revive Adserver. From the Revive advisory: An SQL-injection vulnerability was recently discovered and reported to the Revive […]

Red October: CloudFlare’s Open Source Implementation of the Two-Man Rule

At CloudFlare, we are always looking for better ways to secure the data we’re entrusted with. This means hardening our system against outside threats such as hackers, but it also means protecting against insider threats. According to a recent Verizon report, insider threats account for around 14% of data breaches in 2013. While we perform […]

What we’ve been doing with Go

Almost two years ago CloudFlare started working with Go. What started as an experiment on one network and concurrency heavy project has turned into full, production use of Go for multiple services. Today Go is at the heart of CloudFlare’s services including handling compression for high-latency HTTP connections, our entire DNS infrastructure, SSL, load testing […]

A (Relatively Easy To Understand) Primer on Elliptic Curve Cryptography

Elliptic Curve Cryptography (ECC) is one of the most powerful but least understood types of cryptography in wide use today. At CloudFlare, we make extensive use of ECC to secure everything from our customers’ HTTPS connections to how we pass data between our data centers. Fundamentally, we believe it’s important to be able to understand […]

Ensuring Randomness with Linux’s Random Number Generator

attribution: Flickr/mark van de wouw license: CC Attribution-NonCommercial-ShareAlike 2.0 Generic When building secure systems, having a source of random numbers is essential. Without them, most cryptographic systems break down and the privacy and authenticity of communications between two parties can be subverted. For example, if you’re reading this using a link to https://blog.cloudflare.com then the SSL connection […]

Why secure systems require random numbers

(Image Copyright (c) Walt Disney) If you’ve been following recent news about technical spying by the US National Security Agency and the UK’s Government Communications Headquarters you may have come across a claim that the NSA was involved in weakening a random number generator. The obvious question to ask is… why mess with random number […]

Details Behind Today’s Internet Hacks

When I woke up this morning I had no idea I’d be on a video conference with CloudFlare, OpenDNS, Google, GoDaddy, Twitter tech folks all day — Rajiv Pant (@rajivpant) August 28, 2013 At 1:19pm (PDT) today, a researcher noticed that the New York Times’ website wasn’t loading. We know the New York Times tech […]