What is CloudFlare?

A new appraoch

Established with the notion of being the ‘digital bouncer’ for the internet, CloudFlares beginnings are quite interesting. Stemming from Matthew Prince and Lee Holloway’s Honeypot project and combined with a business plan competition that Matthew entered in with Michelle Zatlyn CloudFlare was born.

Honeypot didn’t actually do anything other than provide information about who and what was attacking web pages and infrastructure. It just allowed administrators to use the information it provided then to react to attackers and the attack vectors they use. The business plan took this model and looked to automate some fucntions and provide web security for customers of CloudFlare.

What does it do?

CloudFlare protects and speeds up websites. CloudFlare have their own network which web traffic is routed through. It allows the optimized deliverey of web pages through filtering and blocking threats and attackers. Vistors and guests see faster results and you see better uptimes.

What do they protect against?

They are well known at taking down and absorbing some of the biggest denial of services in the world. There isn’t an attack that is too large for them allegedly. Recently with the NTP amplificiation attacks[^1] there were denial of services against a variety of targets reaching anywhere from a couple of hundred gigs per second and higher!

Who do they protect?

They’ve protected web assets Turkish escort agengies (where prostitution is frowned upon), polictal parties and even the notorious Lulzsec. Eurovision suffered a variety of outages where it was expected to receive 150 million views during 2012 (Loreen’s winning year!) and when they went down they contacted CloudFlare. Within 15 minutes they were back online. CloudFlare server 30 billion page views per month across 1.5 million customers.

Something of note is Project Galileo. CloudFlare protect political sensitve targets, support LBGT groups (especially in countries where the penality is death for such lifestyles) and do everything in their power to ensure a message is crushed by a DDOS attack. In the cases of sites protected under Project Galileo a DDOS attack more often is state sponsed to crush or silence the message being sent.

I want some flared clouds

There is a freemium model. You can have site(s) protected by CloudFlare for free. Then they move into $20-$200 plans or very large Enterprise plans. They are company dedicated to internet proliferation and sharing the internet for all.

  • Free – protection, speed tweaks, analytics
  • Paid – increased security, crypto, application protection

The team is awesome. You’ve got nothing to loose

I know a few of the team out there and namely one very smart Kiwi (Hi Tim) and it sounds like it is a very cool place to work. Smart people, reliable team members and potential to grow! The CEO is on Twitter and enjoys a chat too. He also links to some great content. The joys of a startup. This technology in the free verison is great for your blog. NetworkInferno has used CloudFlare for a while and its predecessor CiscoInferno did too! You can power your domain or website in no time with CloudFlare’s free plan. Go sign up. It takes 10 minutes for it to be set up and you can be protected. Come and join the others!

Hero culture must die

For a long time I worked in an environment that I thought was great. People were knowledgable when it came to networking and it was my first real step up from a junior role. I learnt a lot about a variety of systems such as storage, firewalls, servers, networking and management. This young naivety held together this thin veneer that was Hero Culture.

In one of my first changes I was a part of I knew something was wrong. It felt wrong. This is not how I did it in the lab. There was configuration missing and some people hadn’t followed the steps. There had been a distinct lack of peer review (maybe for a reason looking back with a dose of hindsight) and those who wrote it were not committing it. With a network propagating a disaster and user experience getting worse the escalation chain was being rattled. This wasn’t going to go unnoticed now.

When all hope had started to fade as a point of no return or rollback had passed at the stage in the upgrade it was the architect, the person who wrote the initial change, came in the pieces that were missing. Emasculation and demeaning the engineers with a curse and a mutter, the architect moved the fingers over the keyboard in a blur and CLI was slapped into four or five touch points. The disaster was averted.

But what is wrong with this? EVERYTHING. Let alone seeming to have been postured into getting the blame, the change engineers were only following what was laid out by our hero. After having save the day there was little that made this stick however. This shouldn’t have in 2014. We are all of diverse skill sets and backgrounds, we have a variety of skills. We shouldn’t hit these EPIC peaks and dastardly troughs. What we should strive for is operational consistency. Something where every team member knows what is happening, knows how to do the work and there are no land mines for team members to step on.

Now, we have all had a moment where we knew the answer to a tricky problem and the team has come through with the goods. It makes you feel good as it does the team knowing they work with switched on engineers. The problem is when Duplicity is involved. It is very different when information is being intentionally kept from staff to stage the aforementioned hero moments. Once people peel the veneer off and realise what is occurring then watch out.

I think this is something that Derick Winkworth touches on rather well. This is a great article about how Hero culture should be something of the past, especially if trying to develop consistency and a DevOps culture.

It is no longer appropriate for hero culture in our IT environments or anywhere. As Derick put it is time for all of us to have a soul-searching moment.