The Gen 13 program doubled compute density by jumping from 96 to 192 cores, but that came with an 83% drop in L3 cache. The team explains how a bold hardware bet, combined with Cloudflare's FL2 Rust-based software rewrite, turned that trade-off into a win across throughput, latency, and power efficiency.

From counterintuitive fan physics to credit card pen tests on chassis intrusion switches, this conversation covers the full stack: CPUs, memory, storage, networking, security, and what's next — including post-quantum readiness at the hardware layer.

Mentioned blog posts:

• Launching Cloudflare's Gen 13 servers: trading cache for cores for 2x edge compute performance 
• Inside Gen 13: how we built our most powerful server yet

Timestamps

00:53 — Blog recap: what Cloudflare announced (including agents can now actually create Cloudflare accounts, buy domains, and deploy)

03:52 — From Gen 11 to Gen 13: the evolution of Cloudflare's servers

05:04 — Doubling compute power while cutting cache by 83%

06:54 — The journey to choosing the right CPU

10:04 — Scratchpad vs bookshelf: cache and memory explained

12:08 — Why 192 cores won over 128 cores

15:35 — FL2: Cloudflare's Rust-based software rewrite

18:12 — Hardware and software co-design: why neither works alone

18:37 — Memory, storage, and networking upgrades

22:18 — Dual GPU support and future accelerators

23:25 — Inside the Gen 13 chassis: what changed visually

24:51 — Why adding a 5th fan saves power (counterintuitive physics)

25:59 — Server security: memory encryption, PCIe encryption, intrusion detection

30:12 — 50% better performance per watt and what that means at scale

33:54 — The Austin lab: where hardware gets tested before production

35:10 — How AI helped design Gen 13

37:13 — 500 terabits per second: Cloudflare's network milestone

38:30 — What's next: Gen 14, rack-scale design, and post-quantum hardware

41:16 — Supply chain planning: lessons from COVID and the AI buildout

Vinti talks about growing Cloudflare's enterprise business 80% year over year, the moment Michelle Zatlyn walked into her first all-hands, how she uses AI to prepare for customer meetings, and why sales is really a math problem.

This conversation is part of the Women of Cloudflare series.

The conversation explores why the Internet and the cloud were not designed for an AI-agent world, and what infrastructure needs to change as software agents begin generating code, running workflows, and interacting directly with online services.

Ming and Anni walk through several announcements from Cloudflare’s Agents Week, including new tools for agent infrastructure, memory, developer workflows, AI Gateway, email, artifacts, browser automation, security, and agent-ready websites.

At the end of the episode, there is also a fun recap video made by Zeke Sikelianos (Principal Systems Engineer, Developer Relations), using a deepfake version of himself to summarize the week’s announcements through Thursday.

Check all the blogs and CFTV videos on our Agents Week Hub

0:27 — Intro: special Agents Week edition

0:41 — Ming Lu and Anni Wang join the show

3:13 — Main takeaway from Agents Week

6:40 — Monday: Agent Cloud, sandboxes, containers, and CLI

11:34 — Tuesday: security, Cloudflare Mesh, and enterprise MCP

17:02 — Wednesday: Project Think, browser automation, and Agent Lee

24:23 — Thursday: Email Service, Artifacts, and the AI platform

31:53 — Friday: feature flags, agent readiness, shared compression, and memory

40:15 — What’s still coming after Friday

42:04 — Feedback and reaction from the week

45:23 — Zeke Sikelianos deepfake recap video

Recent research suggests the number of qubits required to break today’s encryption could fall dramatically, accelerating the urgency for companies and the Internet ecosystem to migrate to post-quantum security. Google has set a 2029 migration target, and Cloudflare is working toward a similar timeline.

Bas, who has spent years deploying post-quantum cryptography at Cloudflare, explains why the shift from theoretical risk to practical planning is happening now, what “Q-Day” would actually mean, and why upgrading the Internet’s cryptography is one of the largest coordinated security transitions ever attempted.

The episode also covers the difference between post-quantum encryption and authentication, how quantum computers work, and what organisations should start doing today to prepare.

Check the Cloudflare Blog:

blog.cloudflare.com/post-quantum-roadmap

Timestamps

0:00 — Cold open: “It’s quite a shock”

0:40 — World Quantum Day and why this matters now

2:30 — Sharon Goldberg: the big picture of post-quantum cryptography

4:20 — Why Cloudflare is targeting 2029

7:00 — Encryption vs authentication and the “harvest now, decrypt later” risk

10:50 — Bas Westerbaan: background and path into cryptography

18:30 — How quantum computers actually work

23:40 — Why RSA and elliptic-curve cryptography are vulnerable

28:10 — Why the quantum timeline may be accelerating

33:00 — Cloudflare’s post-quantum deployment progress

40:20 — How AI could help the industry migrate faster

48:10 — What companies should start doing today

58:00 — Quick-fire round and the Internet in a post-quantum world

João is joined by Ming Lu (Principal Product Manager at Replicate) and Anni Wang (Product Manager) to discuss why AI agents are becoming one of the biggest shifts happening on the Internet right now.

They explore how agents are starting to generate more code than developers, why the Internet is moving toward agents interacting with other agents, and what infrastructure is needed to build and run them securely at scale.

The conversation also previews some of the themes of Agents Week: building and running agents on Cloudflare’s platform, securing agent access to tools and data, managing the large volumes of data agents generate, and how the web itself may change as machines increasingly consume content.

Check our Agents Week site:

cloudflare.com/agents-week 

⸻

Timestamps

01:11 — Meet Ming Lu and Anni Wang

01:55 — What Agents Week is and why Cloudflare launched it

02:44 — Why agents are becoming a major shift for the Internet

04:33 — Why agents need new infrastructure for compute, storage, and security

05:02 — The rise of personal and enterprise agents

06:43 — Running agents on Cloudflare’s platform

07:34 — Security challenges when agents access tools and data

09:13 — How agents may change how the web is consumed

10:23 — Managing the massive data agents generate

11:21 — Working with multiple AI models and switching between them

12:43 — What it’s like launching a Cloudflare Innovation Week

14:07 — The energy and chaos of building announcements

14:52 — Final thoughts and what to expect next week

Built on Astro and designed for today’s developer workflows, EmDash combines the familiarity of traditional CMS platforms with a modern architecture: serverless deployment, TypeScript throughout, and a plugin system designed to solve one of WordPress’s biggest challenges — security.

The conversation explores why plugin vulnerabilities account for the vast majority of WordPress security issues, and how EmDash addresses that by running plugins in sandboxed Worker isolates with tightly scoped permissions. Matt and Matt also discuss how AI agents were used during development, why the project is MIT licensed, and how the CMS is designed from the ground up to work with AI agents through MCP and structured content.

Later in the episode we see the EmDash playground, how WordPress sites can be imported in minutes, and how developers can start building plugins and extensions today.

More info:

Introducing EmDash — the spiritual successor to WordPress that solves plugin security

Try out the EmDash admin interface here: https://emdashcms.com/playground 

⏱️ Timestamps

00:45 — Intro: EmDash launch and April 1 announcement

02:09 — What EmDash is and why Cloudflare built it

04:07 — Why WordPress architecture struggles on modern infrastructure

06:30 — Scaling storage, media, and modern hosting models

07:00 — The plugin ecosystem: WordPress’s strength and weakness

08:19 — Matt Taylor’s background in CMS and media platforms

09:03 — Matt Kane’s work with Astro and Gatsby

11:21 — How the idea for EmDash started inside the Astro community

13:36 — Building the CMS with AI agents

17:21 — Sandbox plugins with Cloudflare Dynamic Workers

19:17 — Solving the plugin security problem

22:16 — Why EmDash is MIT licensed

25:52 — Early feedback from Yoast and the WordPress ecosystem

27:05 — Designing a CMS for AI agents and MCP workflows

30:43 — Demo: the EmDash playground and dashboard

33:22 — Flexible content types and built-in SEO

35:05 — Editing directly on the live page

37:18 — Early community feedback and plugins already appearing

39:03 — x402 and the future of agent-era monetization

40:17 — SEO architecture and plugin extensibility

41:43 — What’s next for EmDash

Michelle explains how Cloudflare’s security team used Kimi to scan internal codebases and found more than 40 confirmed security issues — at a fraction of the cost of proprietary models. The conversation explores why open models are rapidly becoming competitive with closed alternatives, how Cloudflare builds efficiency with custom inference engines and prefix caching, and what the Replicate acquisition means for bring-your-own-model workflows on Workers AI.

Later in the episode, we also hear from Dina Kozlov about Dynamic Workers and Code Mode (now in open beta), followed by another Women of Cloudflare segment with Alexandra Messe Rodriguez.

⏱️ Timestamps

00:00 — Cold open: Kimi finds 40+ security issues

00:30 — Intro and Cloudflare blog highlights

03:06 — Michelle Chen joins the show

05:44 — The rise of open models and Kimi 2.5

07:14 — Finding 40+ security issues with AI

10:40 — The real cost of running AI agents

16:26 — Making inference efficient: caching, kernels, and architecture

19:42 — Replicate and bring-your-own-model on Workers AI

25:08 — Favorite AI use case: fashion e-commerce images

29:05 — Dina Kozlov: Dynamic Workers and Code Mode

33:13 — Women of Cloudflare: Alexandra Messe Rodriguez

Chema shares how a 1998 paper on SQL injection launched his career in hacking, his path from running a startup in Madrid to becoming a Microsoft MVP for 14 years, and how he ended up leading cybersecurity at Telefónica for more than a decade — after telling them “you don’t have enough money to make me work for you.” He also explains why he left Telefónica in 2025 to join Cloudflare, and what surprised him about the company’s technical depth.

The conversation explores how AI is changing cybersecurity, from AI agents competing in Capture-the-Flag contests to automated attack chains running around the clock. Chema also discusses the black market for zero-day vulnerabilities, Cloudflare’s role in Europe, and how AI may reshape the economics of the Internet.

We also hear the story behind his famous beanie hat, a Bluetooth exploit that Apple initially called “a feature” until Steve Wozniak got involved and a quick-fire round covering his first computer, favorite hacks, admired researchers, and why Gemini once hallucinated that he went to jail.

⏱️ Timestamps 

01:00 — How SQL injection in 1998 started his career

02:36 — From startup to Microsoft MVP to training Spain's cyber forces

04:36 — Black Hat, Def Con, and the global hacking scene

05:53 — How Telefonica recruited Chema

08:49 — 20 years of daily blogging as "brain gym"

10:27 — The beanie hat origin story

14:34 — Why he left Telefonica to join Cloudflare

17:41 — What customers are most worried about: AI security

22:55 — Cloudflare's role in Europe: sovereignty, resilience, and growth

26:58 — How AI is disrupting the Internet's business model

28:44 — The evolution of hacking: from phreaking to AI agents

37:42 — The Dirty Tooth iPhone Bluetooth exploit and Steve Wozniak

41:39 — Quick-fire round: first computer, favorite hack, Kevin Mitnick

43:58 — Google Gemini hallucinated that Chema went to jail

46:49 — The future of the Internet and Cloudflare

Heather talks about her first days at Cloudflare just after the IPO, what it takes to explain a highly technical company to Wall Street, and how finance, strategy, and storytelling come together in investor relations.

This conversation is part of the Women of Cloudflare series for Women’s Empowerment Month.

Check the Cloudflare Blog:

https://blog.cloudflare.com

🎧 Subscribe for weekly conversations about the Internet and Cloudflare:

https://ThisWeekinNET.com

⸻

⏱️ Timestamps

00:38 — From banking and startups to Cloudflare

02:21 — Joining Cloudflare right after the IPO

04:16 — Explaining a deeply technical company to investors

06:31 — Communicating Cloudflare’s story to analysts

08:51 — The role of investor relations inside a tech company

11:16 — Being a woman in finance and tech

13:11 — Advice for people starting a career in finance

We discuss why brand still wins, how marketers are becoming “context engineers,” and how Cloudflare connects deep technical products to clear narratives that resonate with customers.

We also touch on the role of real-world events like RSA Conference, where Cloudflare will be present, and why in-person moments still matter in an increasingly AI-driven, digital-first world.

⏱️ Timestamps

01:44 — News roundup (AI, policy, product updates)

03:25 — Meet Jeff Samuels (Cloudflare CMO)

04:07 — Background: startups, policy, global experience

06:46 — From product to marketing mindset

08:25 — Lessons from OpenDNS and Cisco

11:47 — Marketing in tech: empathy and understanding systems

13:27 — Lifecycle marketing and customer connection

15:05 — Why Cloudflare (people, mission, opportunity)

16:49 — Marketing as the “architect” of go-to-market

18:38 — Brand vs demand

20:48 — Events like RSA and why they still matter

27:02 — AI and the shift to orchestration

31:39 — What’s next for Cloudflare marketing

34:02 — Quick fire: skills, mistakes, brand vs performance

36:49 — Advice for marketers entering tech

37:27 — One word for Cloudflare: opportunity

Sofia explains how she transitioned into tech through self-learning and hands-on building, and how AI is changing the way engineers work today. She also reflects on observability, teamwork, and finding balance as an engineer.

⏱️ Timestamps

00:12 — Sofia Cardita: background and role at Cloudflare  

00:49 — From psychology to engineering

02:02 — Self-learning and building from scratch

03:03 — What she enjoys about engineering (proudest projects)

04:18 — Observability and understanding systems

04:59 — Advice for getting started

05:07 — AI as a learning tool

05:55 — Going deeper despite AI

06:10 — Using AI in daily workflows

07:02 — Productivity: rest, focus, and balance

Cloudflare One is evolving into an agile, composable, and programmable SASE platform, built natively on Cloudflare’s global network spanning 300+ cities. The conversation explores how organizations can modernize remote access, secure AI adoption, and replace legacy architectures that often take 18 months to deploy with migrations completed in 4–6 weeks.

The episode covers:

• Post-quantum encryption now in GA for Cloudflare One

• Deepfake defense through a new Nametag partnership

• Adaptive access with user risk scoring and signals from CrowdStrike and SentinelOne

• Programmable gateway policies using Cloudflare Workers

• DLP visibility for Microsoft 365 Copilot, ChatGPT, Gemini and more

• Clipboard controls for browser-based RDP sessions

• Closing the boot-to-login security gap with the Cloudflare One client

• CASB remediation for Microsoft 365 and Google Workspace

The episode also includes a run-through of other recent Cloudflare blog posts, including AI Security for Apps (now GA), slashing agent token costs by 98% with RFC 9457, Nvidia Nemotron 3 Super on Cloudflare, and a new stateful API vulnerability scanner.

Check the Cloudflare Blog:

https://blog.cloudflare.com/tag/sase

⏱️ Timestamps

00:37 — Blog run-through: AI Security for Apps, RFC 9457 agent errors, API vulnerability scanner

02:17 — Nvidia Nemotron 3 Super on Cloudflare

03:29 — What is agile SASE and Cloudflare One?

05:44 — Composability and programmability explained

07:53 — Built on Cloudflare’s global network vs legacy vendors

09:07 — The truly programmable SASE platform

10:04 — Custom gateway policies with Cloudflare Workers

12:16 — Post-quantum encryption in Cloudflare One

13:14 — Harvest now, decrypt later

14:34 — Boot-to-login security with the Cloudflare One client

17:35 — Independent MFA in Cloudflare Access

19:13 — Deepfake defense and Nametag partnership

22:15 — User risk scoring and adaptive access

25:26 — Data security: DLP, CASB, and browser-based RDP

27:21 — Microsoft 365 Copilot visibility

29:05 — Partner stories: TachTech and Adapture

33:09 — Zero Trust onboarding with Terraform

35:25 — Key takeaways

We discuss how threat intelligence helps organizations prioritize risks, how attackers are increasingly leveraging automation and AI tools, and why botnets, supply-chain attacks, and credential-theft campaigns continue to evolve.

The conversation explores how attackers gain initial access, how criminal ecosystems operate across infrastructure providers and services, and how AI is beginning to influence reconnaissance, social engineering, and large-scale campaigns.

We also examine geopolitical dimensions of cyber operations, the growing sophistication of phishing and identity attacks, and the role of threat intelligence in helping defenders anticipate and mitigate attacks before they escalate.

Check the full 2026 Cloudflare Threat Report

⏱️ Timestamps

00:12 — Introduction: Special 2026 Threat Report edition

00:58 — Threat Intelligence: Helping organizations prioritize defense

01:53 — Global Trends: Identity weaponization and hyper-volumetric attacks

04:44 — Record-breaking DDoS: Attack volume doubled from 2024 to 2025

05:40 — AI and cybercrime: shrinking the time from access to data theft

08:10 — Living off the Cloud: Malware hidden inside Google Calendar and OneDrive

10:43 — State-sponsored evolution: Cyber activity linked to the Ukraine war

11:28 — Persistent espionage: Chinese and Iranian state actors

13:56 — Industrialized cybercrime: Effectiveness over elegance

16:35 — The recruitment attack: Deepfakes in remote hiring processes

19:01 — Laptop farms: North Korean operators inside Western companies

21:28 — Detecting AI interviewees and “digital tics”

23:13 — Token theft: How attackers bypass MFA protections

25:40 — Human-in-the-loop phishing: Building trust before the payload

27:54 — Infrastructure rug-pulling: The “Nasty Shrew” campaign

31:52 — Advice for CISOs: Managing third-party integration risks

33:55 — Disrupting the chain: Neutralizing 400+ malicious domains in 2025

We explore what AI-first development looks like in practice, how coding agents were used to rewrite and test large API surfaces, and what happens when you treat dependencies as something you can regenerate rather than maintain manually.

The results were surprising: faster local builds, smaller bundles, deployment to Workers with a single command, and a total AI token cost of roughly $1,100.

We also discuss:

• Using voice-to-code workflows (SuperWhisper + local models)

• AI reviewing code multiple times

• Whether AI-assisted rebuilds will become common

• What this means for 2026 and beyond

Mentioned blog posts:

• How we rebuilt Next.js with AI in one week

⏱️ Timestamps 

0:12 — Introduction: the latest on the Cloudflare blog (monitoring post-quantum encryption and ASPA routing; JavaScript Streams — why we deserve a better API)

3:22 — Steve’s role and Workers platform overview

4:34 — How the idea came to be

6:11 — When AI tools became “good enough”

7:13 — Tooling setup: OpenCode, Claude, parallel agents

9:03 — AI beyond coding: management and markdown workflows

10:58 — What AI-first development actually means

12:03 — Performance gains: 4x faster builds, 57% smaller bundles

14:11 — ~$100 in tokens: the real cost

15:35 — Deploying to Workers with one command

17:25 — Community feedback and early adoption

19:09 — Will AI rebuild other frameworks?

20:25 — Voice-to-code workflows (SuperWhisper, Parakeet)

23:31 — Traffic-Aware Pre-Generation (TPR) explained

25:23 — Production caution and security

26:19 — How to get started (use AI to migrate your app)

27:12 — The big takeaway: AI is changing how we build software

Instead of exposing thousands of individual tools (which quickly becomes expensive and brittle), Code Mode lets the model write JavaScript to search and execute against a compact API context. The result is massive compression, lower cost, and better performance.

We also include demos showing how agents can query real infrastructure, navigate multiple accounts, and build things like multiplayer experiences using Durable Objects and WebSockets.

⏱️ Timestamps 

0:53 — Intro: agents, MCP, tokens, and what Code Mode means

2:53 — Why exposing 2,500+ endpoints as tools doesn’t scale

6:49 — How Code Mode works: generate an SDK and let the model write code

9:57 — Demo: querying deployed Workers and infrastructure

14:37 — Multiplayer with Durable Objects (live demo “wow” moment)

24:32 — Compression stats: 2 million tokens → ~1,000 tokens

27:26 — Code Mode SDK v2 and wrapping your own APIs

31:52 — The Sandbox: running untrusted code safely

38:03 — What’s next: progressive disclosure and MCP evolution

Mentioned blog posts:

• Code Mode: give agents an entire API in 1,000 tokens
  
  

Celso explains how Markdown for Agents was conceived, built, and shipped in just one week, why AI systems prefer markdown over HTML, and how converting a typical blog post from 16,000 HTML tokens to roughly 3,000 markdown tokens can reduce cost, improve speed, and increase accuracy for AI models. We also explore Moltworker, a proof-of-concept showing how a personal AI agent originally designed to run on a Mac Mini can instead run on Cloudflare’s global network using Workers, R2, Browser Rendering, AI Gateway, and Zero Trust.

We discuss observability for AI crawlers, new monetization models for publishers, the rapid growth of agent ecosystems, and why AI is becoming less hype and more infrastructure.

Mentioned blog posts:

• Introducing Markdown for Agents
• Introducing Moltworker: a self-hosted personal AI agent, minus the minis

⏱️ Timestamps

1:15 — Introducing Markdown for Agents

1:46 — From idea to ship in one week

2:37 — Why AI systems prefer markdown over HTML

3:30 — HTML “packaging” vs semantic content

4:39 — How Cloudflare converts HTML to markdown in real time

5:19 — Token savings: 16,000 vs 3,000 tokens

6:29 — Context windows, cost, and AI efficiency

8:21 — Tracking markdown trends in Cloudflare Radar

9:05 — Live demo: content negotiation header with curl

11:07 — AI projects in Lisbon: AI Search, PaperCrawl, and more

12:36 — Observability and new monetization models for publishers

13:56 — What is OpenClaw and why it went viral

14:54 — From Hacker News to Cloudflare in hours

17:06 — Running OpenClaw on Cloudflare instead of a Mac Mini

18:05 — Why this is a proof of concept (not a product)

20:06 — Architecture: Zero Trust, Workers, R2, Browser Rendering, AI Gateway

22:32 — Demo: AI agent records and posts a video automatically

24:53 — 10,000 GitHub stars and open source support

26:11 — AI in 2026: intensifying work, not replacing it

Emily explains how privacy officers shifted from GDPR compliance to broader data governance, responsible AI practices, cybersecurity collaboration, and cross-border data frameworks. We explore privacy by design, data minimization, vendor risk, government requests, warrant canaries, digital sovereignty, insider threats, and how AI is reshaping both attacker and defender capabilities.

We also discuss Cloudflare’s approach to responsible AI, how teams use internal controls to avoid misuse of customer data, and why “human in the loop” remains essential for accuracy, safety, and trust.

Check the Cloudflare Blog: blog.cloudflare.com

1:53 — Blogs roundup 

3:58 — How the CPO role has evolved since GDPR

7:04 — From GDPR to AI governance

9:46 — Privacy + cybersecurity: breaches, notifications, preparedness

14:08 — “Fire doors” and incident containment

14:56 — Privacy by design & data minimization

20:07 — Government requests, due process, and transparency

22:08 — Warrant canaries & what Cloudflare will never do

23:17 — Digital sovereignty: localization and global differences

26:25 — Data Localization Suite & Metadata Boundary

28:06 — AI and privacy: rules, training, customer protections

29:35 — Cloudflare’s AI principles

31:32 — AI sovereignty & running inference close to users

32:19 — “AI as an intern”: accuracy and human review

34:31 — Protecting personal data when using AI

36:20 — What’s coming in 2026: regulation & fragmentation

38:37 — Insider threats & Zero Trust

40:33 — Emily’s privacy wish list for 2026

At the start, we also highlight several new posts on the Cloudflare Blog: Moltworker, a self-hosted personal AI agent built with OpenClaw (former MoltBot and ClawdBot) and Cloudflare’s Developer Platform; Post-Quantum Matrix Homeserver, a proof-of-concept encrypted messaging server running entirely on Cloudflare Workers; Route Leak Incident (Jan 22), what happened in Miami and how routing policy safeguards are being improved; Google’s AI Advantage, why crawler separation is needed for fair competition and better protection for publishers.

We then go into the major Internet trends, including the storm-related disruption in three regions in Portugal this week. Our main focus is the government-directed nationwide shutdown in Iran. 

Then we also go over Q4 2025 disruptions: repeated weather-driven outages across Africa and the Caribbean, submarine cable failures, DNS anomalies, and the persistent risk of centralized points of failure. David also explains how Starlink’s global footprint is reshaping Radar visibility — and why the Internet remains remarkably resilient despite a turbulent quarter.

Mentioned blog posts: 

• Cable cuts, storms, and DNS: a look at Internet disruptions in Q4 2025
• Introducing Moltworker: a self-hosted personal AI agent, minus the minis
• Route leak incident on January 22, 2026
• Building a serverless, post-quantum Matrix homeserver

⏱️ Timestamps

0:30 — Weekly blog roundup (Moltworker, Route Leak, Google’s AI Advantage)

4:13 — Storm impact in Portugal: what Radar saw in Leiria, Santarém, and Coimbra

11:55 — Iran’s multi-week Internet shutdown: scale, signals, and how it unfolded

18:15 — The “National Information Network”: partial access, allowlisting, and blocked services

21:24 — Power vs. connectivity: how electricity failures show up as Internet outages

22:33 — Q4 global round-up: Jamaica, Sri Lanka, Indonesia, and cyclone-driven disruptions

30:32 — Technical failures: ISP issues, DNS problems, routing mistakes, and what Radar detects

33:47 — The future of Radar: Starlink visibility, provider-level metrics, and disruption heat maps

At the start, we also go over some of our recent blog posts:

• Acquisitions: Astro and Human Native join the Cloudflare ecosystem.

• Technical Deep Dive: How a small DNS optimization in 1.1.1.1 exposed a decades-old ambiguity in early Internet standards.

• Global Trends: A severe government-directed Internet shutdown in Iran and BGP anomalies observed in Venezuela.

Mentioned topics:

• Cloudflare Impact Report
• The Cloudflare Blog

They discuss how DDoS attacks reached previously “theoretical” scales in 2025, including record-breaking 31 Tbps attacks, the rise of massive botnets like Aisuru, and how geopolitical events increasingly shape cyber activity. Omer explains why traditional scrubbing-center defenses are becoming obsolete, how Cloudflare’s autonomous, globally distributed mitigation works, and why automation and real-time intelligence are now essential.

The conversation closes with practical advice for organizations, common myths about DDoS risk, and what to expect in 2026 as attacks grow larger, faster, and more sophisticated.

DDoS threats related blog posts: https://blog.cloudflare.com/tag/ddos/

Together, they explore what Cloudflare’s global network reveals about how the Internet evolved over the past year — from the rapid rise of AI crawlers and agent traffic, to record-breaking DDoS attacks, the spread of post-quantum encryption, and the growing impact of government-directed shutdowns and outages.

The conversation looks at Internet resilience, security trends, and performance across countries, as well as what changed in Internet services, mobile platforms, and connectivity in 2025, and what these signals might tell us about 2026.

Explore the full Radar Year in Review microsite.

Read the related blog posts on the Cloudflare Blog:

• The 2025 Cloudflare Radar Year in Review: The rise of AI, post-quantum, and record-breaking DDoS attacks
• ChatGPT's rivals, Kwai's quiet rise: the top Internet services of 2025
  
  

Replicate is widely known for making it easy to run thousands of high-quality AI models, from image generation and video to audio and language models, all through a simple, developer-friendly API. Craig breaks down why Replicate became such an important part of the AI ecosystem, and how bringing it into Cloudflare helps make Workers the best place to build and deploy AI and agentic workflows.

And there’s a bonus: we’re giving away Replicate credits so you can try models yourself. Stay tuned to the episode to learn how to get access and start experimenting.

Mentioned blog posts:

• Why Replicate is joining Cloudflare

That speed matters. In just the first 11 days after disclosure, Cloudflare observed more than 1 billion exploitation attempts related to React2Shell, with sustained pressure averaging over 4 million hits per hour, and peaks far higher. Threat actors quickly integrated the vulnerability into large-scale scanning and reconnaissance, targeting even critical infrastructure. If you run React, upgrading is urgent.

Daniele explains how WAF rules are built, how new payload logging improvements help customers understand real attack traffic, and what’s coming next in 2026 — including Firewall for AI, fraud detection, and safer, gradual rule rollouts.

To close the episode, Systems Engineer Steve James gives a hands-on demo of a real-time multiplayer chess app running inside ChatGPT, built with the Agents SDK and Cloudflare Workers.

Mentioned blog posts:

• React2Shell and related RSC vulnerabilities threat brief: early exploitation activity and threat actor techniques
• Cloudflare WAF proactively protects against React vulnerability
• Get better visibility for the WAF with payload logging

Stephanie shares how Cloudflare is helping keep the Internet open and resilient — from giving creators transparency and control over AI scraping, to enabling new models of agentic commerce through partnerships with Visa and Mastercard, to empowering organizations of all sizes through Cloudflare’s global network.

The conversation also explores the rise of Agentic Commerce, where AI agents can complete secure payments on behalf of users. Stephanie explains how this shift is emerging, why trust and standards matter, and how Cloudflare is working with key financial institutions to make it safe.

They also discuss what innovation looks like inside large companies, how AI is reshaping industries, and why Cloudflare sees itself as an enabler for both creators and the long tail of innovators.

We talk about:

• How Cloudflare’s global network evolved since 2017
• The hidden fragility of the Internet (and why it still works)
• Routing leaks, Anycast, and automation
• AI’s growing role in network reliability
• What it’s like inside real data centers

Subscribe for more weekly conversations on Internet trends, infrastructure, and technology:

ThisWeekinNET.com

André, who joined Cloudflare as an intern in Lisbon, Portugal, in 2024, explains how radar.cloudflare.com showcases trends in Internet traffic, protocol adoption, and security. He walks us through Radar’s new Top-Level Domain (TLD) insights, how the team uses DNS magnitude to measure domain popularity, and why certificate transparency is crucial for a safer web.

The conversation also goes into outage monitoring, the Data Explorer and URL scanner tools, and how users around the world are finding surprising Internet trends — like the rise of Linux usage in France.

They explore the Research Week blog takeover on Measurement, Resilience, and Transparency, discussing the tricky science of Internet measurement — including a traffic spike in Ukraine that revealed how complex it is to explain data at scale. Marwan shares how Cloudflare is building a framework for Internet resilience, preparing for a post-quantum future with Merkle tree certificates, and tackling the “store now, decrypt later” risk. They also cover Cloudflare’s work to identify users behind Carrier-Grade NAT, innovations in protocol defense, anonymous credentials, and the story behind WARP VPN.

At the heart of it all: how to make the Internet safer, faster, and more transparent, at global scale.

Learn more in the blog series: https://blog.cloudflare.com/tag/research/

In the intro, we also share what’s coming next week on the Cloudflare blog — a special five-day series focused on Internet Measurement, Resilience, and Transparency: the foundations of a faster, safer, and more reliable web for everyone.

The episode covers major announcements, including Cloudflare’s partnership with Mastercard and Visa to secure automated commerce with AI agents through the new Trusted Agent Protocol and Agent Pay (Web Bot Auth).

We also feature clips from rapper and actor Common, who reflects on creativity, connection, and humanity in the age of AI.

Additionally, João speaks with several Cloudflare team members shaping the Internet’s future:

• James Allworth, Head of Innovation — on the relaunch of the Workers website, designed to reflect Cloudflare’s developer platform for the AI era.
• David “Tubes” Tuber, Director of Product Management, Network — on how Cloudflare keeps the Internet fast and reliable, and the story behind Orpheus, a system that ensures the best network path.
• Kenton Varda, Principal Systems Engineer and creator of Workers — on benchmark results, CPU performance, and the future of AI agents that write code securely inside Workers isolates.

Full interviews with each guest will be published in the coming weeks.

Mentioned content:

• Cloudflare Connect 2025
• Workers.cloudflare.com
• Securing agentic commerce: helping AI Agents transact with Visa and Mastercard
• Unpacking Cloudflare Workers CPU Performance Benchmarks
• Code Mode: the better way to use MCP

We cover what to expect from Connect Las Vegas, from 100+ breakout sessions to keynotes focused on AI, innovation, and the future of the Internet — and we go behind the scenes of AI Avenue to learn how AI is reshaping creativity, education, and development.

Know more:

• Connect 2025 Las Vegas
• AI Avenue show

We cover AI, developer tools, security, performance, and how Cloudflare continues to give back to the Internet.

Highlights include:

 • AI & Security: Firewall for AI, Shadow AI protection, and Content Signals Policy.

 • For Creators & Nonprofits: Project Galileo expansion and new tools to control how AI uses content.

 • New Economy: NET Dollar and the x402 Foundation with Coinbase.

 • Developer Platform Upgrades: Cap’n Web RPC, VibeSDK, AI Search updates, PQC in WARP, and more.

 • Investing in the Future: 1,111 interns in 2026 plus new student and startup programs.

Full list of announcements: cloudflare.com/birthday-week

We talk about how culture takes shape, the technical vision of Lee Holloway, and pivotal moments that defined Cloudflare’s journey, as well as where the Internet is headed next. At the end, don’t miss a special easter egg from the journalist who first covered Cloudflare’s launch.

Follow all Birthday Week 2025 announcements: cloudflare.com/birthday-week

In this episode of This Week in NET, João Tomé is joined by Nikita Cano to preview what’s coming in Birthday Week 2025: democratizing development, building a smarter and more open web, securing the future by default, the future of development on Cloudflare, and new performance and networking upgrades.

Don’t miss our special Sunday episode at ThisWeekinNET.com, featuring Cloudflare co-founders Matthew Prince and Michelle Zatlyn reflecting on how Cloudflare came to be 15 years ago.

Follow all announcements at: https://cloudflare.com/birthday-week

Full list of blog posts at: cloudflare.com/ai-week

Inanna walks us through her blog post and technical journey, showing how she used Cloudflare Workers, Durable Objects, and the free tier of our Developer Platform to deploy an open, identity-owned, cryptographically verified social experience — all without running a server.

They discuss what makes ATProto different, how Statusphere works (the “Hello World” of open social apps), and what might be coming next in the world of decentralized platforms. Plus: how WebSockets and Durable Objects can be combined to create live, real-time updates — all running serverlessly.

Later in the episode, we check in with Keith Adler, Machine Learning Engineer, to hear how Cloudflare is making it easier to explore your data with Python notebooks powered by Marimo.

Mentioned blog posts:

• Serverless Statusphere: a walk through building serverless ATProto applications on Cloudflare’s Developer Platform
• Explore your Cloudflare data with Python notebooks, powered by marimo

From Internet pioneers like Geoff Huston, to Cloudflare co-founders Matthew Prince and Michelle Zatlyn, and leaders like Nicholas Thompson (The Atlantic) and Chris Anderson (TED), many Cloudflare experts, and John Graham-Cumming, that started this podcast with João Tomé in 2022. We revisit highlights from some of the most insightful conversations we’ve had over the past 3 years.

We also cover what’s new on the Cloudflare blog — including Jetflow, the White House AI Action Plan, the Q2 2025 DDoS report, and more.

Join us as we celebrate 100 episodes of This Week in NET.

Topics & Timecodes: 00:58 – Favorite Cloudflare Moments: Universal SSL & Heartbleed Impact 04:36 – The Philosophy of Offering Free Services 09:20 – Evolution and Impact of the Cloudflare Blog 14:23 – Unique Cloudflare Teams: Crypto/Research Team 17:37 – The Lava Lamp Wall Story 20:41 – Key Moments for Zero Trust and Workers 22:50 – The Origin of Workers and Culture of Freedom 25:36 – The 1.1.1.1 Public Resolver Story 27:51 – The Legacy and Importance of the Cloudflare Blog 29:56 – The Value of Radar and Transparency 30:53 – Cloudflare’s Future as an Iconic Internet Company

Don’t miss Part 2 of our 100th episode celebration, featuring highlights from past guests and the latest Cloudflare blog stories.

We explore how AI Overviews are changing the old “traffic for content” model and how Cloudflare is helping creators take control through tools like AI Audit. Plus: the future of trustworthy content, bot authentication, and the rise of a fairer content economy.

Send us your questions for a future episode on these topics at ThisWeekinNET@cloudflare.com.

Check the mentioned blog posts here: https://blog.cloudflare.com/tag/pay-per-crawl/

Kenton shares how a real-world project shifted his view from AI skepticism to seeing the promise of AI-assisted coding, while emphasizing the need for strong human review, especially for security. The episode also dives into the architecture of Cloudflare Workers and its first months, Durable Objects, and the vision of the Internet as one programmable computer: “the network is the computer”.

Looking ahead, Kenton predicts a new era of developers powered by AI assistants — building more custom apps than ever — and explains why Cloudflare Workers is built to support that future.

Mentioned blog posts:

• Introducing Cloudflare Workers: Run JavaScript Service Workers at the Edge (2017)
• Defending the Internet: how Cloudflare blocked a monumental 7.3 Tbps DDoS attack
• Everything you need to know about NIST’s new guidance in “SP 1800-35: Implementing a Zero Trust Architecture”
• Cloudflare Log Explorer is now GA, providing native observability and forensics
• Connect any React application to an MCP server in three lines of code
• Cloudflare service outage June 12, 2025

Scott shares insights on how Cloudflare maintains its unique culture amidst rapid expansion, the rigorous selection process (including C-level interviews for every candidate!), and the evolving role of AI in talent acquisition. Discover what it takes to join one of the Internet's most impactful companies.

We also have Jocelyn Woolbright talk about how our Project Galileo is helping NGOs and vulnerable groups for 11 years now.

Mentioned blog posts: Celebrating 11 years of Project Galileo’s global impact

We go into Cloudflare’s proposal of using cryptographic signatures for bots, enabling websites to verify their identity. Why is this important? As AI systems rely increasingly on online content, this standard could help build a better relationship between content creators and AI platforms.

To wrap up, Principal Engineer Kevin Guthrie walks us through the blog post “Performance measurements… and the people who love them”, which explores how teams can better measure, visualize, and communicate web performance, beyond raw metrics.

Mentioned blog posts:

• Forget IPs: using cryptography to verify bot and agent traffic
• Performance measurements… and the people who love them

We explore what MCP is, why it matters now, and how developers can easily spin up their own MCP servers on Cloudflare. The episode includes live demos, practical use cases, and a look at how companies like Stripe, PayPal, and Anthropic are getting involved.

We also cover the latest from the AI and agent ecosystem, including announcements from Microsoft Build, Google I/O, OpenAI’s new responses API, and Anthropic’s growing MCP support.

To wrap things up, Nevi and Dina answer a round of fast questions:

• What’s the biggest technical challenge with MCP today?
• Best surprise you’ve seen from a developer?
• Favorite new server or integration?
• And: Why should people try MCP right now?

We also highlight recent posts on the Cloudflare blog.

Mentioned blog posts:

• Thirteen new MCP servers from Cloudflare you can use today
• MCP Demo Day: How 10 leading AI companies built MCP servers on Cloudflare
• Resolving a request smuggling vulnerability in Pingora
• Bringing connections into view: real-time BGP route visibility on Cloudflare Radar
• Your IPs, your rules: enabling more efficient address space usage

From helping build Australia’s first Internet backbone to now shaping global conversations on resilience, routing security, and cryptography, Geoff shares a rare, unfiltered view of how the Internet grew, and where it’s struggling.

We dive into the critical topics shaping the next decade: Internet resilience, RPKI, the evolution of DNS, QUIC, post-quantum cryptography, and the rise of AI-driven protocols like MCP. We also ask Geoff: if he could redesign the Internet today, what would he change? And what’s on his wishlist for the future? Plus, a rapid-fire round of questions about the power of sharing in the corporate world.

Join us for a candid conversation with someone who has seen — and helped shape — the Internet as we know it, and who loves telling stories about how it all began — from silicon chips to the age of the Internet and AI.

Mentioned blog posts (in the intro):

• Forget IPs: using cryptography to verify bot and agent traffic
• QUIC restarts, slow problems: udpgrm to the rescue
• First-party tags in seconds: Cloudflare integrates Google tag gateway for advertisers

To guide us through the world of distributed denial-of-service (DDoS) attacks, host João Tomé is joined by our DDoS expert, Omer Yoachimik.

We go into the latest data from our Q1 2025 DDoS Threat Report, which reveals a 358% year-over-year increase in DDoS attacks — and explore what’s driving that surge. The report also includes late-breaking data from a hyper-volumetric campaign observed in April 2025, featuring some of the largest attacks ever publicly disclosed.

We also cover which industries and countries are being targeted more often, like gaming and financial services, and discuss why that might be the case.

Mentioned blog posts:

Targeted by 20.5 million DDoS attacks, up 358% year-over-year: Cloudflare’s 2025 Q1 DDoS Threat Report

Host João Tomé shares his firsthand experience during the blackout in Lisbon, Portugal, and how an old battery-powered FM radio came to the rescue. He’s joined by David Belson, Head of Data Insights at Cloudflare.

In Q1 2025, Internet disruptions were driven by cyberattacks, cable cuts, and natural disasters like the Myanmar earthquake and California wildfires. There were no government-directed shutdowns, making Q1 a rare quarter.

Mentioned blog posts:

• How the April 28, 2025, power outage in Portugal and Spain impacted Internet traffic and connectivity
• New year, no shutdowns: the Q1 2025 Internet disruption summary

Next, recorded two weeks ago at our Connect event in London, we talk with Ashley Peacock, a British engineer and Cloudflare Dev Expert who also wrote the book “Serverless Apps on Cloudflare”. We discuss building with Cloudflare, the challenges that come with AI, and whether making things too easy for new developers could create issues — and what lies ahead for the dev community.

We also bring back our short segment “Social Love”, highlighting the amazing feedback Cloudflare’s Developer Week got online.

To wrap up, we recap the week: YouTube celebrated 20 years since its first video, and we highlight our recent blog posts — the Q1 2025 Internet disruption summary, Kelly Russell on why she joined as Chief People Officer, and Mark Jenkins on why he came to build world-class partnerships in EMEA.

Note: Sunil Pai and Craig Dennis have also been hosting a live show called Dry Run, available on Cloudflare TV and our Developer YouTube channel: https://www.youtube.com/c/CloudflareWorkers

Mentioned content:

• Developer Week 2025 hub: cloudflare.com/developer-week/
• Developer Week 2025 wrap-up
• Simple, scalable, and global: Containers are coming to Cloudflare Workers in June 2025
• New year, no shutdowns: the Q1 2025 Internet disruption summary
• Why I joined Cloudflare: to build world-class partnerships in EMEA
• Why I joined Cloudflare as Chief People Officer — Kelly Russell

There’s a lot to go through — new tools and announcements launched during this April week. The vibe in the developer world, with AI, agents, and code-first energy, is contagious. More people, even non-developers, are now empowered to build their own tools and applications.

We go over announcements that reinforce why Cloudflare is the place where builders should create AI agents. We’ve also added observability tools, made deploying existing applications to Cloudflare frictionless, enhanced our platform for enterprise users, and introduced updates that make it the future of global data experiences.

Topics such as Workflows, Hyperdrive, AutoRAG, and support for MCP (Model Context Protocol) are discussed. We also explain how MCP introduces a new standard for how LLMs interface with the world. Other highlights include Realtime, RealtimeKit, and much more.

Check our Developer Week hub: cloudflare.com/developer-week/

Next, Craig Dennis, Developer Educator at Cloudflare, explains what Workers — our developer platform — is all about, and why even non-developers should try building with it.

We also honor the American network engineer Dave Täht, who passed away this week. Tom Strickx, Principal Network Engineer at Cloudflare, shares how Dave’s contributions helped build a better Internet. Without his engineering and advocacy work, FQ-CoDel wouldn’t exist, and modern low-latency networking, from Wi-Fi and Starlink to video conferencing, would likely be far worse today.

Finally, we round up some recent blog highlights: from an April 1 launch to a deep technical post. And also John Graham-Cumming’s journey from programmer and CTO to joining Cloudflare’s board of directors — Dane Knecht, formerly SVP of Emerging Technology and Incubation, has been named Cloudflare’s new CTO.

Mentioned blog posts:

• Three chapters at Cloudflare: Programmer to CTO to Board of Directors
• Project Jengo for Sable — final winners!
• A steam locomotive from 1993 broke my yarn test
• “You get Instant Purge, and you get Instant Purge!” — all purge methods now available to all customers
• Build and deploy Remote Model Context Protocol (MCP) servers to Cloudflare
• Improve your media pipelines with the Images binding for Cloudflare Workers
• Security Week 2025: in review

Follow our Developer Week hub: cloudflare.com/developer-week/

On the table for discussion: a glimpse into some of the announcements Cloudflare made last week, covering topics such as a safer Internet for all; threat research and intelligence (observability); security for AI models and applications; using AI against AI threats; data security everywhere; and simplicity and ease of use, with an improved security dashboard experience.

Check our Security Week 2025 Hub here: cloudflare.com/security-week/

Security Week: in review

Next, we talk about our new wall of entropy—a wave machine installation in the reception of our Lisbon office, contributing to Internet security. Caroline Quick, Head of Real Estate & Workplace Operations, shares how the project came to life and why waves are the perfect fit for our Portugal office.

Finally, in honor of Pi Day (March 14), Thibault Meunier, an engineer from our Research team, explains why Pi (π ≈ 3.14159…) is a fundamental mathematical constant, shaping engineering, computing, and quantum physics.

Related blog posts: Chaos in Cloudflare’s Lisbon office: securing the Internet with wave motion

Check our Security Week Hub (March 17-21, 2025) here: cloudflare.com/security-week/

The episode explores predictions for 2025, examining the intersection of AI and privacy, quantum-resistant encryption, and cybersecurity threats. John Graham-Cumming shares his perspective on how AI capabilities will become more seamlessly integrated into daily life.

Looking ahead to emerging technology trends, the discussion covers IoT devices, DDoS attacks, and zero trust architecture adoption. Cloudflare’s CTO offers insights into the tech industry's shift toward energy efficiency and reduced carbon footprints as AI computing demands continue to grow.

This episode offers insights into Gen 12’s key features, including a 2x performance improvement and 60% better power efficiency compared to earlier generations. Learn how Cloudflare’s hardware engineering team is addressing the AI revolution through innovative thermal design, GPU integration for AI inference, and modular architecture for future adaptability. From testing in the Austin lab to global deployment, gain a closer look at how Cloudflare’s hardware is advancing the future of internet technology.

We also discuss Robotcop and how content creators can prevent bots and crawlers from scraping their sites using a button in the AI Audit section of the Cloudflare dashboard.

Dive into the data yourself at the Cloudflare Radar Year in Review microsite

**Read the blog posts: **

• Cloudflare 2024 Year in Review
• From ChatGPT to Temu: ranking top Internet services in 2024
• Robotcop: enforcing your robots.txt policies and stopping bots before they reach your website

Related links:

• Schneier on Security 
• Follow us @CloudflareTV 
• Read the blog posts at blog.cloudflare.com
• Watch our full video library at cloudflare.tv/ThisWeekInNet

Related links:

• Georgetown Law Center on National Security Report: Social Media: Canary in the Coal Mine 
• Follow us @CloudflareTV 
• Read the blog posts at blog.cloudflare.com
• Watch our full video library at cloudflare.tv/ThisWeekInNet

Related links:

• Follow us @CloudflareTV 
• Read the blog posts at blog.cloudflare.com
• Watch our full video library at cloudflare.tv/ThisWeekInNet

Related links:

• Patent Troll Sable Pays Up
• Project Jengo
• Follow us @CloudflareTV 
• Read the blog posts at blog.cloudflare.com
• Watch our full video library at cloudflare.tv/ThisWeekInNet

Related links:

• Start auditing and controlling the AI models accessing your content 
• Cloudflare’s 2024 Annual Founders Letter
• Cloudflare Birthday Week 2024 Hub 
• Follow us @CloudflareTV 
• Read the blog posts at blog.cloudflare.com
• Watch our full video library at cloudflare.tv/ThisWeekInNet

Related links:

• Paris 2024 Olympics recap: Internet trends, cyber threats, and popular moments 
• Summer 2024 weather report: Cloudflare with a chance of Intern-ets 
• Follow us @CloudflareTV 
• Read the blog posts at blog.cloudflare.com
• Watch our full video library at cloudflare.tv/ThisWeekInNet

Related links:

• Disrupting FlyingYeti's campaign targeting Ukraine 
• Cloudforce One - Unparalleled Threat Intelligence 
• Follow us @CloudflareTV 
• Read the blog posts at blog.cloudflare.com
• Watch our full video library at cloudflare.tv/ThisWeekInNet

Related links:

• Protecting vulnerable communities for 10 years with Project Galileo 
• European Union elections 2024: securing democratic processes in light of new threats 
• Check out Project Athenian at cloudflare.com/athenian 
• Follow us @CloudflareTV 
• Read the blog posts at blog.cloudflare.com
• Watch our full video library at cloudflare.tv/ThisWeekInNet

Host João Tomé is joined by Alissa Starzak, our Deputy CLO and Global Head of Policy, and Jocelyn Woolbright from Public Policy. Together, they discuss Cloudflare’s various Impact initiatives and how these were utilized during the 2024 elections, particularly in the United States.

We explore how Cloudflare assembled a tiger team for the US elections and addressed the unique needs and challenges at the county, state, and national levels, including those of political campaigns. Additionally, we examine Internet and threat trends related not only to the US but also to Europe and other regions.

Learn more:

• Exploring Internet traffic shifts and cyber attacks during the 2024 US election
• How the Harris-Trump US presidential debate influenced Internet traffic
• French elections: political cyber attacks and Internet traffic shifts
• UK election day 2024: traffic trends and attacks on political parties
• Exploring the 2024 EU Election: Internet traffic trends and cybersecurity insights
• Internet insights on 2024 elections in the Netherlands, South Africa, Iceland, India, and Mexico
• Dutch political websites hit by cyber attacks as EU voting starts
• Celebrating 10 years of Project Galileo
• Protecting vulnerable communities for 10 years with Project Galileo
• Cloudflare Impact
• Project Galileo
• Cloudflare for Campaigns
• Athenian Project

Related Links - 

• Watch the TCP 50th Anniversary show 
• TCP - The Cloudflare blog 
• Controlling the Taylor Swift Eras Tour wristbands with Flipper Zero
• Follow us @CloudflareTV 
• Watch our full video library at cloudflare.tv/ThisWeekInNet

Related Links - 

• Security Incident Response (Code Red) 
• Follow us @CloudflareTV 
• Read the blog posts at blog.cloudflare.com
• Watch our full video library at cloudflare.tv/ThisWeekInNet

Related Links - 

• Follow us @CloudflareTV 
• Read the blog posts at blog.cloudflare.com
• Watch our full video library at cloudflare.tv/ThisWeekInNet

Related Links - 

• theNET presents Privacy-first security 
• Follow us @CloudflareTV 
• Read the blog posts at blog.cloudflare.com
• Watch our full video library at cloudflare.tv/ThisWeekInNet

He is joined by guest Nicholas Thompson, CEO of The Atlantic and former editor-in-chief of Wired. In this interview, Thompson discusses the swift growth of AI technology, social media's influence on children, and the challenge of protecting content creators from AI crawlers - a problem Cloudflare’s AI Audit is designed to address. They also explore the current state of traditional media, the Internet and its role in supporting democracy.

To wrap up, we review recent blog posts and spotlight a relevant conversation with Cloudflare’s CEO, Matthew Prince, highlighting the importance of Cloudflare's AI Audit that helps content creators regain control of their content from AI bots.

Mentioned blog posts:

• Start auditing and controlling the AI models accessing your content
• Bigger and badder: how DDoS attack sizes have evolved over the last decade
• DO it again: how we used Durable Objects to add WebSockets support and authentication to AI Gateway
• What’s new in Cloudflare: Account Owned Tokens and Zaraz Automated Actions
• How we prevent conflicts in authoritative DNS configuration using formal verification
• A look at the latest post-quantum signature standardization candidates

• Follow us @CloudflareTV 
• Read the blog posts at blog.cloudflare.com
• Watch our full video library at cloudflare.tv/ThisWeekInNet

In this conversation, host Joao Tome and Celso discuss the rapid growth of Cloudflare Workers, simplifying life for developers, and the importance of observability in AI. Celso also dives into how the challenges for developers have changed since the 1990s tech era and why he believes the Internet is still in its infancy.

Related Links:

• AI Gateway for Developers

• Build durable applications on Cloudflare Workers: you write the Workflows, we take care of the rest

• Building Vectorize, a distributed vector database, on Cloudflare’s Developer Platform

• Migrating billions of records: moving our active DNS database while it’s in use

We also take a look at the grand opening of the new Lisbon office, which serves as Cloudflare’s European headquarters. João Tomé interviewed many executives on the benefits of hiring in Lisbon, the importance of building community in Portugal and why it’s a burgeoning tech hub. Featured Cloudflare executives: John Graham-Cumming (Chief Technology Officer), Janel Riley (VP, Chief Accounting Officer), Dane Knecht (SVP, Emerging Technology and Incubation), Celso Martinho (Senior Director of Engineering) and Doug Kramer (Chief Legal Officer).

Related links:

• 4.2 Tbps of bad packets and a whole lot more: Cloudflare's Q3 DDoS report
• The Cloudflare Network

We discuss how teams across the company — from technical groups to marketing and communications — collaborate to put together a week where Cloudflare aims to give back to the Internet. We also talk about the need for established processes and how new ideas can sometimes change plans.

Check our Birthday Week Hub here: cloudflare.com/birthday-week/

Host João Tomé is joined by Kari Linder, Principal Visual Communications Design Lead and she shares about the inspiration and creation process behind innovation weeks. Discover the creative process and artistry that brings Cloudflare's iconic celebration to life.

Check our Birthday Week Hub here: cloudflare.com/birthday-week/

Host João Tomé is joined by Brendan Irvine-Broque (Group Product Manager) and Kelly May Johnston (Director, Product Management). We dive into some of the key announcements of the week, including the AI audit and major improvements in security, performance, and AI/ML support, such as enhanced threat detection and analytics, faster navigation with Speed Brain, and expanded free tools for all users.

Check our Birthday Week Hub here: cloudflare.com/birthday-week/

The episode explores critical cybersecurity developments, examining Cloudflare's expanded global connectivity, advancements in SSL/TLS security, and the implementation of post-quantum encryption standards. Learn about the latest White House initiatives in routing security and discover how Cloudflare is revolutionizing API protection through sophisticated machine learning techniques, including sequence learning and variable order Markov chains.

Host João Tomé and John Graham-Cumming begin by explaining how Cloudflare recently launched a new “easy button” to block all AI bots, scrapers, and crawlers to help maintain a safe Internet for content creators. It’s available to all customers, including those on our free tier. We demonstrate how to activate this button on the Cloudflare dashboard. We also explain the purpose of the robots.txt file—it resides at the root of your domain and contains directives for search engine crawlers on how to index pages on a website.

Next, we discuss how we recently replaced links to polyfill.io with Cloudflare’s mirror to ensure a safer Internet—polyfill.io is a popular JavaScript library service that can no longer be trusted and should be removed from websites.

We also analyze recent election trends in the UK and France, as well as the Biden vs. Trump US election debate. We were surprised to find that so many websites related to political parties were the targets of DDoS attacks blocked by Cloudflare around the election (or debate) days.

Also mentioned is Cloudflare’s 1.1.1.1 incident on June 27, 2024. The root cause was a combination of BGP (Border Gateway Protocol) hijacking and a route leak.

Mentioned topics:

• Declare your AIndependence: block AI bots, scrapers and crawlers with a single click
• Automatically replacing polyfill.io links with Cloudflare’s mirror for a safer Internet
• French elections: political cyber attacks and Internet traffic shifts
• UK election day 2024: traffic trends and attacks on political parties
• How the first 2024 US presidential debate influenced Internet traffic and security trends
• Exam-ining recent Internet shutdowns in Syria, Iraq, and Algeria
• Cloudflare 1.1.1.1 incident on June 27, 2024

Host João Tomé is joined by Garrett Galow, Director of Product at Cloudflare, to discuss a recent blog post on how we help keep customers safe through leaked password notifications accessible via our dashboard. We also discuss the use of passwords in 2024, the importance of 2FA or multi-factor authentication like hardware keys, offer suggestions, and explore how passwords might become less common in the future.

Lastly, Mickie Betz, Senior Systems Engineer of our Stream video product, discusses Stream Generated Captions. With just one click, users can effortlessly generate video captions using Stream’s latest feature: AI-generated captions for on-demand videos and live stream recordings. Mickie explains how the Stream engineering team developed this feature using our own Workers AI and the Whisper model—an open-source Automatic Speech Recognition model—with just a single API call.

Mentioned topics:

• Helping keep customers safe with leaked password notification
• Introducing Stream Generated Captions, powered by Workers AI

Host João Tomé is joined by Michael Tremante, Director of Product from our Application Security team. We discuss the evolution of application security and its increasing relevance today. We also go into specific use cases, covering firewall security, malware, supply chain risks, and the critical task of monitoring various vulnerabilities, including zero-day threats.

Additionally, we analyze the growing importance of APIs (Application Programming Interfaces), which serve as the essential plumbing that powers technology, now accounting for over half of the dynamic traffic on Cloudflare’s network.

Mentioned topics:

• polyfill.io now available on cdnjs: reduce your supply chain risk
• Introducing Cloudflare’s 2024 API security and management report
• Detecting zero-days before zero-day
• Making Content Security Policies (CSPs) easy with Page Shield
• Application Security Report: Q2 2023

Participating are Mark Nottingham, our Standards Lead, based in Australia; Marwan Fayed, a Systems Engineer from our Research team, usually in the UK but here in Lisbon, Portugal; and Lucas Pardue, a senior software engineer specializing in Internet and web protocols such as HTTP/2, HTTP/3, and QUIC — Lucas is Co-Chair within the IETF (Internet Engineering Task Force) QUIC (Quick UDP Internet Connections) Working Group.

Some context: In May 1974, the IEEE (Institute of Electrical and Electronics Engineers) Transactions on Communications scientific journal published “A Protocol for Packet Network Intercommunication.” Authored by Vint Cerf and Bob Kahn, that was the paper that described the Transmission Control Protocol (TCP) that supported the interconnection of multiple packet-switched networks into a network of networks. Split later into TCP and an Internet Protocol (IP), TCP and IP became core components of the Internet that DARPA launched operationally in 1983. The rest, as they say, is history.

Mentioned topics:

• What is TCP/IP?
• TCP - The Cloudflare blog
• The TCP paper — “A Protocol for Packet Network Intercommunication”

We also feature Emily Hancock, Cloudflare’s Chief Privacy Officer, discussing the nexus of security and privacy. Plus, insights from Carlos Alberto Silva, a Portuguese venture capitalist with extensive experience in cybersecurity investments.

Last but not least, we hear from Dani Grant, a former Cloudflare employee and co-founder of jam.dev, a company dedicated to fixing software bugs and built on Cloudflare's platform.

In the coming weeks, we will host additional security-related conversations.

Host João Tomé (based in Lisbon, Portugal) is joined by our Head of Data Insights, David Belson, based in Boston. We discuss our recent Q1 2024 Internet disruption summary blog post. There were submarine cable failures that impacted 13 countries in Africa. We also address technical issues with RPKI, DNS, and DNSSEC that disrupted connectivity for subscribers across multiple network providers.

Additionally, we give you a teaser from Ranee Bray, Chief of Staff from our Security team, about Cloudflare's presence at the cybersecurity-related RSA Conference next week in San Francisco.

Mentioned topics:

• Q1 2024 Internet disruption summary
• Cloudflare at RSA Conference 2024

Host João Tomé is joined by our Product wizards Rita Kozlov and Phillip Jones. We discuss the week's key announcements, including reaching 2 million developers building on Cloudflare. Each day of last week had different topics, and we shipped new products and functionality geared towards giving developers the components they need to build full-stack applications on Cloudflare. There’s no lack of AI-related news, loads of generally available product announcements, technical deep dives, acquisitions, and sneak peeks into what’s coming next.

We also have our short segment “Social Love”, with Dawn Parzych, from our Developer Marketing team, sharing some social feedback from developers about our innovation week dedicated to them.

Check our Developer Week Hub with all the blog posts and Cloudflare TV segments:cloudflare.com/developer-week/

João Tomé and Oren begin by examining a blog post about how recent generic Top-Level Domains, such as “.beauty”, “.wiki”, “.top”, and “.shop”, have high percentages of phishing emails. They delve into the importance of phishing and email security in 2024, Oren’s experiences with the NSA, Area 1, and Cloudflare. They also cover what companies and users should expect in the email domain. Additionally, they address how AI and generative AI present new challenges, yet show promising signs for the future.

Next, Rita Kozlov, our Sr. Director of Product, shares why developers should look forward to our Developer Week, starting on April 1, 2024. It will be filled with AI (models included), security, and speed (AI inference included).

Finally, we feature a video from our Developer Educator, Craig Dennis, explaining what Workers AI entails and how you can now build entire AI applications on Cloudflare. It was filmed in our San Francisco office, featuring our lava lamp wall.

Check some of the highlighted topics:

• From .com to .beauty: The evolving threat landscape of unwanted email
• Developer Week hub
• Cloudflare + AI hub

João Tomé and John discuss the importance of randomness in securing the Internet for encryption. They explore lavamillions.com, a site John created using our Pages products and also LavaRand to generate random US lottery numbers, and delve into our sources of "chaos" or randomness at our offices, as mentioned in our blog post "Harnessing chaos in Cloudflare offices". In San Francisco, we have a lava lamp wall; in London, a double pendulum wall; and in Austin, suspended rainbows. We announce a new wave installation wall in our Lisbon office, which will also contribute to our encryption process.

The conversation shifts to AI, highlighting Cloudflare's role in discovering and patching a vulnerability affecting all LLM providers. The episode also covers recent Internet outages, including the undersea cable failures that impacted multiple African countries, and shares fun facts about Pi Day and the mathematical constant π (pi).

Last but not least, we debut "Social Love," a short segment where Ryan Knight highlights positive feedback from customers and users on social media. Additionally, Thibault Meunier from our Research team provides a sneak peek into a recent conversation on our Cloudflare Research show about the Privacy Pass protocol.

Check some of the highlighted topics:

• Lavamillions.com
• Harnessing chaos in Cloudflare offices
• Mitigating a token-length side-channel attack in our AI products
• Undersea cable failures cause Internet disruptions for multiple African countries
• Introducing WARP Connector: paving the path to any-to-any connectivity
• Security Week 2024 wrap up

João Tomé and Cloudflare's CSO Grant Bourzikas discuss the week's key announcements. Topics include AI opportunities and risks, ensuring digital visibility and control, focusing on access control and security team monitoring, optimizing CISO spending, and network complexity reduction.

We showcase Cloudflare's new Firewall for AI, designed to safeguard AI applications for free, and our enhanced Defensive AI capabilities to counter emerging threats. Our introduction of Magic Cloud Networking, powered by our acquisition of Nefeli’s multicloud connectivity technology, marks Cloudflare's entry into this market. This product focuses on providing businesses with simple and secure multicloud solutions.

Additionally, there’s a URL scanner update, and email security features. We also have an update on our wall of lava lamps in San Francisco for entropy story — which includes our wall of double pendulums in our London office, and suspended translucent rainbows mobile in Austin. In a nutshell, this is how Cloudflare uses physical sources of entropy to add to the security of the Internet.

Last but not least, we celebrate International Women's Day with a message from our co-founder, Michelle Zatlyn. We also share a video from our London office and showcase some of the amazing images featured in our blog.

Check our Security Hub with all the blog posts and Cloudflare TV segments: cloudflare.com/security-week

João Tomé chats with Verónica Marin about the Developer Experience team. We celebrate our Developers Discord server hitting 40,000 members, discuss the kinds of questions you can get answered there, and highlight our open-source software sponsorship program.

Then, we head to Canada to discuss the latest in Workers AI with Logan Grasby, including new LLMs, image generation models, and more.

We also feature a Security Week teaser with Product Managers Ankur Aggarwal (San Francisco) and Daniele Molteni (London), who share what to expect from our first innovation week of the year.

And, we wrap up with a “moment of zen” from Ólafur Guðmundsson, taken from our extensive interview about his career and DNS standardization, which you can find here for his career journey and here for DNS standardization insights.

Check the highlighted blog posts:

• Cloudflare Developers Discord server
• Unlocking new use cases with 17 new models in Workers AI, including new LLMs, image generation models, and more
• polyfill.io now available on cdnjs: reduce your supply chain risk
• Security Week 2024 hub

João Tomé is joined by Emily Hancock, Cloudflare’s Chief Privacy Officer. We discuss the importance of privacy in the Internet age and its evolution. Our recent blog post reflects on Europe’s GDPR for Privacy Day 2024.

We also highlight what regular Internet users, and companies should have in mind about privacy in general, and Cloudflare’s approach to privacy. How it is interconnected with security. And what to expect in 2024, with AI taking the stage, regulation continuing to change, data localization and data transfer between countries and continents. And we cover what regular Internet users and companies should keep in mind about privacy, Cloudflare’s approach to privacy, and its connection to security.

We also talk about privacy expectations for 2024, focusing on AI, evolving regulations, data localization, and international data transfers.

Next, we head to Brussels, Belgium, to talk with Petra Arts from our policy team about Europe’s Digital Services Act.

To wrap up, we leave a teaser to a deep dive conversation with our DNS guru, Ólafur Guðmundsson, about lessons learned managing engineering teams.

Check the highlighted blog posts:

• Reflecting on the GDPR to celebrate Privacy Day 2024
• All you need to know about the Digital Services Act
• Investing in security to protect data privacy (from 2023)

João Tomé is joined by Grant Bourzikas, Cloudflare’s CSO. We discuss how we dealt with a Thanksgiving 2023 security incident related to an October 2023 Okta compromise that Cloudflare had previously mitigated.

Also, we discuss the significance of our access controls, firewall rules, hardware keys, and Zero Trust architecture in limiting the threat actor's impact. No Cloudflare customer data or systems were affected by this incident, and no services were compromised — that is the result of our investigation, including an independent analysis by CrowdStrike’s Forensic team. We are sharing detailed information about the incident and the measures taken, in line with Cloudflare’s commitment to transparency — aiming to raise awareness and assist others in mitigating similar threats. We outline the attack's timeline and what we understand about the sophisticated threat actor, likely a nation-state.

Furthermore, we define ""Code Red"" to enhance our security posture to further thwart the highly sophisticated threat actors we are seeing more of across all industries. The all hands-on deck approach, security & engineering tightly aligned on the outcome, enabled success. Additionally, we offer guidance on short-lived certifications, the importance of precision, and what CISOs and others can anticipate in 2024 regarding security challenges related to AI, global elections, and various types of DDoS attacks, among others.

We also take a moment to review some of the blog posts published since January, focusing on new capabilities for developers (AI included), product features, an 2024 API report, deep dives, etc.

You can check some of the highlighted blog posts:

• Thanksgiving 2023 security incident
• Cloudflare defeats patent troll Sable at trial
• Adding new LLMs, text classification and code generation models to the Workers AI catalog

João Tomé initially is joined by Rebecca Weekly, our VP of Infrastructure and Head of Hardware Systems Engineering. We delve into Cloudflare’s perspective on hardware, GPUs, CPUs, and the needs of AI services and applications (you’ll learn about AI inference). We also discuss our Cloudflare Gen 12 Server (Bigger, Better, Cooler), Moore’s Law, and what to expect in hardware and AI in 2024.

Next, Andie Goodwin explains the Cloudflare Impact Report, which launched this week, and some of the most impactful projects and endeavors from our company in 2023. We also share some holiday and Christmas stories. Additionally, our Portugal office has a holiday message to everyone.

Last but not least, in the short segment "A Bit of History," our CTO, John Graham-Cumming, discusses the importance of Cloudflare’s blog and how it has shaped the company's culture over the years.

You can check the highlighted blog posts:

• How we used OpenBMC to support AI inference on GPUs around the world
• ML Ops Platform at Cloudflare
• Cloudflare Gen 12 Server: Bigger, Better, Cooler in a 2U1N form factor
• Cloudflare 2023 Impact Report

Also mentioned were:

• A return to US net neutrality rules?
• Australia’s cybersecurity strategy is here and Cloudflare is all in
• Don’t Let the Cyber Grinch Ruin your Winter Break: Project Cybersafe Schools protects small school districts in the US

We cover traffic insights and trends, connectivity and speed, and security. There's also time to explore the most popular Internet services. We answer questions about which generative AI services were most popular, how X/Twitter performed (there's a potential football/soccer trend), and also its competitors like Threads. There's also a surprising e-commerce success called Temu, which outperformed Shein in our rankings, as well as trends in crypto, the metaverse, and those related to Taylor Swift.

In the short segment "Ask the CTO," our CTO, John Graham-Cumming, addresses some audience questions regarding cultural differences in how tech companies operate in Europe versus the US, the evolution of the Internet in the coming years, and the potential impact of some of Cloudflare’s announcements on the industry.

You can check the mentioned blog posts:

• Cloudflare 2023 Year in Review
• From Google to Generative AI: Ranking top Internet services in 2023
• Using DNS to estimate the worldwide state of IPv6 adoption

Other related topics include how to build an AI application using our developer platform, Workers, and its complete ecosystem; the difference between AI Gateway and Workers AI; cost savings, reliability, and efficiency without being a distributed systems expert; and keeping privacy and security in check.

We also highlight how Forrester has recognized Cloudflare as a leader in The Forrester Wave™: Edge Development Platforms, Q4 2023, with the top score in the current offering category.

There are also some answers related to these Cyber Week days on the Internet. Is it a global phenomenon? Does e-commerce interest peak on Black Friday or Cyber Monday, and are attacks increasing during this time?

In the short segment "A Bit of History," our CTO, John Graham-Cumming, goes over how and when Cloudflare built its Zero Trust platform.

You can check the mentioned blog posts:

• Cloudflare named a leader in Forrester Edge Development Platforms Wave, Q4 2023
• Cyber Week: Analyzing Internet traffic and e-commerce trends
• Steve Bray: Why I joined Cloudflare
• Better debugging for Cloudflare Workers, now with breakpoints
• Workers AI Update: Stable Diffusion, Code Llama + Workers AI in 100 cities

From New York, our VP of Developer Relations, Ricky Robinett, introduces two Workers AI (our developer platform with AI capabilities) updates: Stable Diffusion and Code Llama, both now available as part of Workers AI, which is operational in over 100 cities across Cloudflare's global network with AI inference capabilities. Additionally, we've incorporated the Mistral-7B-v0.1-instruct into Workers AI.

In the short segment "Ask the CTO," our CTO, John Graham-Cumming, answers audience questions: Do you believe Cloudflare will have any issues with their free plan as the cost in providing the free plan is higher than the revenue gained from the paid plans?

You can check the mentioned blog posts:

• 2024, the year of elections
• Do hackers eat turkey? And other Thanksgiving Internet trends
• How to execute an object file: Part 4, AArch64 edition
• Workers AI Update: Stable Diffusion, Code Llama + Workers AI in 100 cities
• Workers AI Update: Hello Mistral 7B

Continuing from Lisbon, João Tomé joins Celso Martinho, our Senior Director of Engineering, to discuss two ongoing projects. The first project, Email Routing, now includes subdomain support, new APIs, and enhanced security protocols. The second project, Workers AI, our serverless GPU-powered inference platform that operates on Cloudflare’s global network, now is offering streaming and longer context lengths for LLMs. We explain what that is and how helpful it can be.

There are also some news about Cloudflare One audit capabilities, and WAF rules creation simplified with the introduction of hostname and ASN lists.

Taking a nostalgic turn, we go into retro gaming memories, commemorating the 40th anniversary of the ZX Spectrum home computer, a popular device in the UK and Europe during the 1980s (now in its 41st year in the UK).

Lastly, in the short segment "Ask the CTO," our CTO, John Graham-Cumming, answers audience questions:

• How do you perceive the current AI era compared to the AI and machine learning landscape you observed a few decades ago?
• Do you anticipate Cloudflare venturing into affordable direct server hosting (VPSs, Dedicated Servers, Instances, etc.)?

You can check the mentioned blog posts:

• Email Routing subdomain support, new APIs and security protocols
• Streaming and longer context lengths for LLMs on Workers AI
• Introducing advanced session audit capabilities in Cloudflare One
• Introducing hostname and ASN lists to simplify WAF rules creation

We explain how one of our core data center providers failed catastrophically, and steps were taken to ensure it never happens again. These measures, which we’re calling Code Orange, involve reducing dependence on our core data centers, requiring all Generally Available products and features to have a reliable disaster recovery plan that is tested, recurring audits, and much more.

The mentioned blog:

• Post Mortem on Cloudflare Control Plane and Analytics Outage

We also provide general advice to companies on how to avoid compromises after security breaches and vulnerabilities, even when they stem from vendors. We explain how we ensured that no Cloudflare customer information or systems were impacted by this event, thanks to the real-time detection and swift actions taken by our Security Incident Response Team (SIRT). Our Zero Trust security posture and the use of hardware keys played a vital role.

Furthermore, we delve into how Cloudflare swiftly introduced a HAR Sanitizer tool, available to everyone at no cost, not just our customers. This tool was developed to enhance the security of HAR sharing and was introduced as a response to the recent Okta breach.

You can check the mentioned blog posts:

• How Cloudflare mitigated yet another Okta compromise
• Introducing HAR Sanitizer: secure HAR sharing

Cloudflare's Security Incident Response Team is hiring.

Next, we go to Boston, in the US, to discuss with David Belson, our head of Data Insights, our Q3 2023 Internet disruption summary. They cover various causes of outages, from government-directed exam-related Internet shutdowns to the earthquake in Morocco and fires in Hawaii, along with problems related to damage to submarine cables. They also highlight the disruptions caused more recently in Palestinian networks in the Gaza Strip due to the ongoing conflict.

There’s still time to highlight how Cloudflare mitigated yet another Okta compromise, something we are going to delve more deeply into next week on the show. Additionally, we discuss how our Cache Rules product, alongside Cache Reserve (to enhance control to minimize egress costs), is now generally available, providing users with a better quality of life. We also announce three new features that will help make Email Routing more secure, flexible, and powerful than ever. This includes Email Routing subdomain support, new APIs, and security protocols.

In our “Around NET” short segment, Dan Hollinger joins us from Munich, Germany. Then, in the “Ask the CTO” segment, our CTO, John Graham-Cumming, answers an audience question about how his background in mathematics shapes his approach to tech and programming.

You can check the mentioned blog posts:

• Cyber attacks in the Israel-Hamas war
• DDoS threat report for 2023 Q3
• Q3 2023 Internet disruption summary
• How Cloudflare mitigated yet another Okta compromise
• Introducing HAR Sanitizer: secure HAR sharing
• Cache Rules are now GA: precision control over every part of your cache
• Cache Reserve goes GA: enhanced control to minimize egress costs
• Email Routing subdomain support, new APIs and security protocols
• Empowering our partners with the new Tenant Platform dashboard

From Lisbon, where João Tomé and Dina are, we go to Atlanta, in the US. Chris Draper goes over how network flow monitoring is now generally available and why that's relevant for network engineers.

We highlight some other topics of the week, from a storage-saving partnership with the company Prisma to Project Argus, which brings flexibility to implement multiple server management and security solutions. Also, Cloudflare now has a local presence in Mexico. And in Israel, a rocket alert app, Red Alert, which provides real-time rocket alerts for Israeli citizens, was the target of a malicious app impersonation to get user information, phone calls, and SMS.

There’s also the short segment “Around NET,” with Rebecca Weekly, Cloudflare’s VP of Infrastructure, talking directly from San Jose, California, at the OPC Conference — a summit for the IT Ecosystem.

Last but not least, there’s “A bit of Cloudflare’s history,” with our CTO, John Graham-Cumming, going over how Cloudflare had in 2016 an “Evenly Distributed Future” principle and how it evolved into the “connectivity cloud” of today.

You can check the mentioned blog posts:

• Cloudflare’s Birthday Week 2023 hub
• Network flow monitoring is GA, providing end-to-end traffic visibility
• Introducing the Project Argus Datacenter-ready Secure Control Module design specification
• Malicious “RedAlert - Rocket Alerts” Application Targets Israeli Phone Calls, SMS, and User Information
• How Prisma saved 98% on distribution costs with Cloudflare R2

Next, two other vulnerabilities are highlighted: the Atlassian Confluence CVE-2023-22515 and the hidden WebP vulnerability, which has more significant implications than originally anticipated.

We also delve into some Internet traffic patterns from Israel and the Gaza Strip after a conflict in the region was ignited by the October 7 Hamas attack.

Cloudflare is also celebrating its inclusion as a Top 100 Most Loved Workplace, according to Newsweek. We also explain why the general availability of the Magic WAN Connector makes life easier for large customers.

If you enjoy technical deep dives, this “Virtual networking 101” blog is about the intricacies of tap devices (a virtual network interface that looks like an ethernet network card) and how they are being used for virtual machines, reversing their original purpose.

Last but not least, we premiere our short segment “Ask the CTO”, with John Graham-Cumming answering audience questions.

You can check the mentioned blog posts:

• HTTP/2 Zero-Day Vulnerability Results in Record-Breaking DDoS Attacks
• HTTP/2 Rapid Reset: deconstructing the record-breaking attack
• Uncovering the Hidden WebP vulnerability: a tale of a CVE with much bigger implications than it originally seemed
• All Cloudflare Customers Protected from Atlassian Confluence CVE-2023-22515
• Cloudflare's a Top 100 Most Loved Workplace for the second consecutive year in 2023
• Internet traffic patterns in Israel and Palestine following the October 2023 attacks
• Announcing General Availability for the Magic WAN Connector: the easiest way to jumpstart SASE transformation for your network

You can check previous episodes in our show page: https://cloudflare.tv/ThisWeekInNet

In this week's program, we kick things off with an intro directly from the balcony of our Lisbon office. Then, we dive into the week packed with announcements, tools, and products from Cloudflare’s Birthday Week, where we aim to give back to the Internet.

On Monday, our 13th birthday brought us important sustainability stats (you can cut your network carbon emissions by up to 96%), and we highlighted the significance of dynamically routing traffic across the globe, along with the introduction of Incident Alerts.

Tuesday was all about explaining how Cloudflare functions as a connectivity cloud, providing a modern way to connect and protect your clouds, networks, applications, and users. There’s also mention to the Amazon’s $2bn IPv4 tax — and how you can avoid paying it.

Wednesday was AI day, featuring the launch of Workers AI (serverless GPU-powered inference on Cloudflare’s global network), Vectorize (a vector database for shipping AI-powered applications to production, fast), AI Gateway (making AI applications more observable, reliable, and scalable), and the use of WebGPU in Cloudflare Workers. We also announced a slew of AI-related partnerships, and the annual Founders’ Letter comes with an AI poem (from a model running on Workers AI).

Thursday put the spotlight on databases and a partnership with Microsoft to power their Edge Secure Network. We delved into topics like Hyperdrive (making databases feel global), new Workers pricing (never pay to wait on I/O again), and the arrival of the D1 open beta.

Finally, Friday revolved around privacy and security. We made Post Quantum Cryptography generally available (to safeguard against quantum computers) and introduced Cloudflare Email Retro Scan to tackle email threats lurking in your Office 365. Other highlights included our ability to detect zero-days before they become an issue, and the fact that Cloudflare is now free of CAPTCHAs (Turnstile is free for everyone).

Check our Birthday Week 2023 Hub to see all the blog posts and related Cloudflare TV segments.

In this week's program, we'll explain what to expect during our Birthday Week — the first blog post arrives this Sunday, September 24, 2023. It will bring announcements that will help people build the future on Cloudflare (with AI playing a pivotal role), surprising products, partnerships, and topics from climate and carbon emissions to performance, security, and privacy. But before that, we start with an interesting remote work trend: kneeling chairs, which are making a comeback now after being popular 30 years ago.

Moving from chairs, we delve into our Waiting Room product. There's a behind-the-scenes blog post that explains how we've evolved the core mechanism of our Waiting Room product, detailing exactly how it functions to queue traffic in response to spikes. We also have updates to our Client-Side Security Product: Page Shield. Cloudflare Analytics makes an appearance as well, as it can now suggest rate-limiting thresholds based on historic traffic patterns.

Last but not least, we'll discuss a blog post about typo traps, analyzing traffic to exmaple.com (or is it example.com?).

Plus, we're celebrating one year of episodes of "This Week in NET." This one is episode #38. 🎉

• Cloudflare’s Birthday Week (September 24-29, 2023) Hub

You can check the mentioned blog posts:

• Making Content Security Policies (CSPs) easy with Page Shield
• How Waiting Room makes queueing decisions on Cloudflare's highly distributed network
• New! Rate Limiting analytics and throttling
• Cloudflare Email Security now works with CrowdStrike Falcon LogScale
• Typo traps: analyzing traffic to exmaple.com (or is it example.com?)

In this week's program, we start by welcoming Michele Yetman as Cloudflare's new Chief People Officer. Next, we discuss a new addition to our Load Balancing solution, but also emphasize the importance of Cloudflare Tunnels — a private, secure connection between your data center or web servers and Cloudflare.

Cloudflare’s Birthday Week is approaching later this month, so let's take a look at how these innovation weeks originated and what they involve. The official launch occurred on September 27, 2010. In 2012, Cloudflare began the tradition of unveiling “gifts” in the form of products and partnerships that give back to the Internet during this late September week. For a few years now, Birthday Week has been one of the around seven or eight innovation weeks we typically do each year.

Last but not least, we delve into trends from Cloudflare Radar related to the major earthquake in Morocco and how it impacted the Internet there. We also discuss how the iPhone 15 announcement made tech news-related sites trend in our domain ranking list.

You can check the mentioned blog posts:

• Building companies means building careers: why I joined Cloudflare as Chief People Officer
• Elevate load balancing with Private IPs and Cloudflare Tunnels: a secure path to efficient traffic distribution
• Happy Second Birthday CloudFlare! (from 2012)
• SSL Week Means Less Weak SSL (from 2015)

In this week's program, we're back with episode #36. We start with our most recent announcement: Cloudflare One for Data Protection — our unified suite to protect data everywhere across the web, SaaS, and private applications.

There's also a lot to unpack in terms of new tools and insights from our platform for general Internet insights, Cloudflare Radar. We also showcase how Meter, a provider of Internet infrastructure, is leveraging the Tenant API integration for DNS filtering to help their clients enforce acceptable Internet use policies. Additionally, we draw conclusions from our Application Security report for Q2 2023.

Furthermore, there are some Google.com domain trends, considering that Google was officially founded 25 years ago, on September 4, 1998. Plus, an important warning: if you have an iPhone, update it. Researchers have discovered an actively exploited zero-click vulnerability that can put iPhone users at risk.

You can check the mentioned blog posts:

• Cloudflare One for Data Protection

• What’s next for Cloudflare One’s data protection suite

• Cloudflare Radar’s 2023 overview of new tools and insights

• Cloudflare’s tenant platform in action: Meter deploys DNS filtering at scale

• Star your favorite websites in the dashboard

• Application Security Report: Q2 2023

• Introducing the 2023 Intern-ets!

• An August reading list about online security and 2023 attacks landscape

In this week's program, we discuss Cloudflare’s inaugural 2023 phishing threat report, which delves into millions of malicious emails, brand impersonations, identity deceptions, and other predominant attack trends based on a year's worth of email security data.

Next, we venture into a more technical realm with a blog post that offers developers an improved method to debug Rust and Wasm using our developer platform, Cloudflare Workers. It is followed by two projects, conceived by Cloudflare’s interns, that evolved into features:

Debug Queues from the dash: send, list, and ack messages

Introducing scheduled deletion for Cloudflare Stream

We also shine a spotlight on our new AI hub: ai.cloudflare.com. Here, we explore how both individual developers and expansive enterprises are using Cloudflare to build AI tools. This includes the creation of ChatGPT plugins and a tour of some of our AI tools, like Constellation (allowing everyone to run machine learning models and perform inference on top of Cloudflare Workers).

Finally, we explain the history behind our use of lava lamps — and a lava lamp wall in our San Francisco office — for Internet security. These have come to symbolize Cloudflare’s commitment to security, rooted in the scientific principles of randomness and entropy. We'll retrace the journey from the idea in 2013 to its implementation in 2017. We'll also discuss how our lava lamps story became part of the culture, the subject of news articles, inspired a season of the TV show NCIS, and was popularized by a segment by science YouTuber Tom Scott.

Learning center: How do lava lamps help with Internet encryption?

In this week's program, most of our Portugal team is responsible for welcoming everyone. We also cover some of the blog posts from the last two weeks. This includes Cloudflare Radar's new BGP origin hijack detection system, the most exploited vulnerabilities of 2022, and our Project Cybersafe Schools, which offers free security tools to small K-12 school districts in the United States.

We will also focus on a more general topic: the process of building things, from new features to the decision-making process of working on shipping new categories of products to the world. How has Cloudflare approached this, from ideas to demos to iteration? And how has the process evolved over the years? Workers, our developer platform used by many thousands of developers, is one example of this.

You can check the mentioned blog posts:

• Cloudflare Radar's new BGP origin hijack detection system
• Hardening Workers KV
• Unmasking the top exploited vulnerabilities of 2022
• Project Cybersafe Schools: Bringing security tools for free to small K-12 school districts in the US
• Introducing per hostname TLS settings — security fit to your needs
• Introducing scheduled deletion for Cloudflare Stream
• Debug Queues from the dash: send, list, and ack messages

In this week's program, we spend most of the time going over some of the recent Cloudflare Radar (our tool for Internet insights) announcements and insights, including Internet disruptions and DDoS threats. Here’s what we discuss, in order:

• How Twitter became X this week.
• Why Kevin Mitnick, hacker and fugitive turned security consultant that died recently, at 59, was a relevant figure worth remembering (and the “Free Kevin” 1990s initiative).
• Measuring the Internet's pulse: trending domains now on Cloudflare Radar
• Routing information now on Cloudflare Radar
• DDoS threat report for 2023 Q2
• Q2 2023 Internet disruption summary
• How Cloudflare is staying ahead of the AMD vulnerability known as “Zenbleed”
• Cloudflare Zaraz steps up: general availability and new pricing
• The day my ping took countermeasures — deep dive.
• Connection errors in Asia Pacific region on July 9, 2023

At the end, there's also a bit of Oppenheimer vs. Barbie movie phenomenon suggestion.

In this week's program, we don't have any blog posts to go over. Instead, we start by discussing “Threads”, the new Twitter alternative from Instagram/Meta. That said, we mostly take the opportunity to pay homage to a piece of Internet history: Minitel.

Before the World Wide Web transformed the Internet into a medium for the masses in the 1990s, Minitel pioneered as a French computer network. In the 1980s, it provided millions of users in France with access to a range of services, including email, online purchases (ecommerce), including train reservations, general search, game playing, chat, and even a form of online porn.

It was 43 years ago, on July 15, 1980, that Minitel was first experimentally rolled out, in Saint-Malo, France. It gained widespread adoption in 1983, 40 years ago, when the French government distributed free terminals to every French telephone subscriber. Minitel was discontinued only on June 20, 2012, which upset some people in France, including farmers (we explain why). It was considered a cultural phenomenon and had an impact beyond France, reaching other countries.

John Graham-Cumming has a few old Minitel devices to show and some stories to share. And last but not least, we pivot from Minitel to the newest Indiana Jones movie. The first Indy movie was released on June 12, 1981, when the Minitel project was just getting started.

MIT’s Minitel dedicated site: https://minitel.us/

In this week's program, we go over our Speek Week recap, mentioning a few blog posts we didn’t cover last week, including how Cloudflare scaled and protected Eurovision 2023 voting with Pages and Turnstile. Next, we talk about a deep dive with insights into the process of investigating networking issues and how to begin debugging dropped packets issues from negative header lengths. There’s also an explanation on how Cloudflare Zaraz now supports JSONata, enabling precise data customization for enhanced workflows.

We also have “A bit of history” moment, to celebrate and remember Alan Turing’s importance to mathematics, computing and AI, given that this month it's the 111 anniversary of his birth (June 23, 1912).

At the end, we have in our new “Around NET” short segment Matthew Bullock, based in London, from the Product team, to talk directly from our London office about some of the products announced during Speed Week.

You can check the blog posts:

• Recapping Speed Week 2023
• How we scaled and protected Eurovision 2023 voting with Pages and Turnstile
• Lost in transit: debugging dropped packets from negative header lengths
• Cloudflare Zaraz supports JSONata

And the Speed Week Hub (https://www.cloudflare.com/speed-week)

In this week's program, we cover some of the announcements, metrics, and deep dives from our innovation week, Speed Week. It's all about how Cloudflare likes to be very fast, the advantages of that performance focus in different products, from Zero Trust to Workers, APIs and Pages, and how we like to prove that we're fast. We benchmark ourselves against our competitors and our previous metrics.

There's something for everyone's taste, from our global network growth — we're in 300 cities and getting closer to end users with connections to 12,000 networks (in 122 unique countries) — to how we use scalable machine learning to reduce the processing time for each HTTP request.

We introduce new tools (Cloudflare Observatory and Cloudflare Snippets), explore new architectures (rethinking cache purge), and even talk about our step-by-step guide to transferring domains to Cloudflare, now that Google Domains is shutting down.

Lastly, we present a world map predominantly orange, highlighting that Cloudflare is the fastest provider based on TCP Connection Time. We also delve into Cloudflare Radar's new Internet and Connection Quality index, which offers comprehensive metrics worldwide, categorized by country and ASN.

For all the blog posts and Cloudflare TV related segments, don’t miss the Speed Week Hub (https://www.cloudflare.com/speed-week)

In this week's program, we give you a teaser of what to expect from our Speed Week 2023. It’s our next innovation week, which is coming after this Sunday, full of announcements, new tools (that include AI and machine learning), and performance metrics. We also discuss the importance of Cloudflare API Gateway and of API-driven applications in general — given that now our service can protect GraphQL APIs against malicious requests. We also explain how exam-related Internet shutdowns in Iraq and Algeria put connectivity to the test, and are recurrent in several countries.

Our fun fact of the week is related to the 40 years of the American science fiction techno-thriller film, WarGames — it was released in June 1983.

At the end, we have in our "Around NET" short segment, Mark Steyn, a Scottish Web Engineer, based in London, from our Product Experience team. He shares how he is doing a “50,000 steps for 50 days” challenge for his 50th birthday that also includes giving money to charity that offers support to children who have been bereaved.

You can check the blog posts:

• Protecting GraphQL APIs from malicious queries
• Exam-related Internet shutdowns in Iraq and Algeria put connectivity to the test

Follow the Speed Week 2023 hub for updates: cloudflare.com/speed-week/

In this week's program, we delve into spatial computing, and Apple’s new Vision Pro headsets. Then, we go over the nine years of Project Galileo, which since 2014 has been helping journalists, human rights defenders, civil rights activists, and other humanitarian organizations. In 2023, this project is protecting more than 2,271 organizations in 111 countries. Next, we talk about the launch of Waiting Room Analytics, a game-changing feature for those services so successful that they need a waiting room. There’s a deep dive about HTTP/3 (the most recent HTTP protocol version) usage this last year, where bots are still not convinced. We also announce that Cloudflare Area 1, our email protection service, earned a SOC 2 report, related to safekeeping sensitive information.

Last but not least, we share a computing fun fact and delve into history. 190 years ago, Ada Lovelace, often credited as the world's first computer programmer, met Charles Babbage, the inventor of the Analytical Engine, a machine designed to be a general-purpose computer (“The greatest machine that never was” — TED talk). You can check here a 2018 conversation with Doron Swade and Sydney Padua about it.

At the end, we have in our new "Around NET" short segment, Patrick Day (usually based in Washington DC and from our Policy and Trust Team), sharing some insights directly from the RightsCon summit, in Costa Rica.

You can check the blog posts:

• Understand the impact of Waiting Room settings with Waiting Room Analytics
• Examining HTTP/3 usage one year on
• Nine years of Project Galileo and how the last year has changed it
• Cloudflare Area 1 earns SOC 2 report

In this week's program, we discuss our CEO, Matthew Prince, visiting Lisbon, Portugal (which includes a picnic). We delve into the Regional Tiered Cache, which offers an additional layer of caching for Enterprise customers with a global traffic footprint, enabling faster content delivery by reducing network latency.

However, the main focus is bidding farewell to Railgun, a web optimization technique launched by Cloudflare ten years ago. We explore why it was developed by John Graham-Cumming, its relevance, and the decision to deprecate it in January 2024.

Lastly, we provide a guide on how to perform dynamic data collection using Zaraz Worker Variables (Cloudflare Zaraz being our server-side third-party manager designed for speed, privacy, and security).

You can check the blog posts: Reduce latency and increase cache hits with Regional Tiered Cache Cloudflare is deprecating Railgun Dynamic data collection with Zaraz Worker Variables

In this week's program, we delve into the fruitful aftermath of our Developer Week. We received valuable feedback and announced the second cohort of the Workers Launchpad, featuring incredible companies building on Cloudflare's Developer Platform. Additionally, we launched our new Open Source Software Sponsorships Program.

We also explore a piece of Internet history related to TCP, followed by a deep dive blog where we discuss how we optimized the performance of our systems to address the memory usage situation in TCP sessions. And last but not least, we explore the transformative power of AI in programming, examining how it will revolutionize the "who" and "how" of the programming world.

Related blog posts:

• Launching our new Open Source Software Sponsorships Program
• Announcing Cohort #2 of the Workers Launchpad
• Recapping Developer Week
• Unbounded memory usage by TCP for receive buffers, and how we fixed it
• Batteries included: how AI will transform the who and how of programming

For more about our Developer Week 2023, visit the Hub for every blog post and announcement — and don't miss CFTV's Developer Week programming.

In this week's program, we go over some of the announcements we’ve made during Cloudflare's Developer Week 2023. We had several AI-related announcements for developers, but also new products and features in our developer platform related to data storage, speed, and how we're building Cloudflare on Cloudflare. In general, we show where we’re headed in the future, powering and powered by AI. Cloudflare is providing essential infrastructure for leading generative artificial intelligence (AI) companies, with products such as R2 Storage. It’s an incredibly exciting time to be a developer.

At the end, we have in our "Around NET" short segment, the participation of Gift Egwuenu (based in Amsterdam), from our Developer Relations team.

For more, visit the Developer Week Hub for every blog post and announcement — and don't miss the rest of CFTV's Developer Week programming

In this week's program, we go over blog posts related to how we built Network Analytics v2, which is a fundamental redesign of the backend systems that power Network Analytics. We give some “May the 4th” trends for the Star Wars fans, and go over how we are building proxy applications on top of Oxy — our modern proxy framework, developed using the Rust programming language — that must be able to handle a huge amount of traffic. There’s privacy highlights celebrating Australia’s Privacy Awareness Week 2023, speed and performance data in LATAM, a new DDoS amplification vector, Sudan Internet patterns during the ongoing conflict, and we welcome our new Chief Security Officer, Grant Bourzikas. Almost here, is our Developer Week.

At the end, we have in our new “Around NET” short segment, Derek Chamorro (based in Austin, Texas — from the Hardware Keys team), after his attendance at the RSA Conference in San Francisco.

Related blog posts:

• Cloudflare is faster than Netskope and Zscaler across LATAM
• How we built Network Analytics v2
• Effects of the conflict in Sudan on Internet patterns
• Celebrating Australia’s Privacy Awareness Week 2023
• SLP: a new DDoS amplification vector in the wild
• Why I joined Cloudflare as Chief Security Officer
• Secure by default: recommendations from the CISA’s newest guide, and how Cloudflare follows these principles to keep you secure
• Oxy: Fish/Bumblebee/Splicer subsystems to improve reliability

In this week's program, we go over some blog posts we wrote about Internet speed, but also our Cloudflare One Zero Trust platform being named in the Gartner® Magic Quadrant™ for Security Service Edge. We talk about some announcements, such as our new Network Analytics dashboard, and how it provides security professionals with insights into their DDoS attack and traffic landscape. There’s also a hardware deep dive, related to memory bandwidth performance and some Easter, Passover and Ramadan trends.

In our “Around NET” short segment, we “travel” to Perth, Australia, to hear from Damian Matacz, from our Network Strategy team.

Related blog posts:

• Internet disruptions overview for Q1 2023
• DDoS threat report for 2023 Q1
• Introducing Cloudflare’s new Network Analytics dashboard
• Cloudflare One named in Gartner® Magic Quadrant™ for Security Service Edge
• Making home Internet faster has little to do with “speed”
• Measuring network quality to better understand the end-user experience
• DDR4 memory organization and how it affects memory bandwidth
• Consent management made easy and clear with Cloudflare Zaraz
• Oxy: Fish/Bumblebee/Splicer subsystems to improve reliability
• How Easter, Passover and Ramadan show up in Internet trends
• Secure by default: recommendations from the CISA’s newest guide, and how Cloudflare follows these principles to keep you secure

In this week's program, which is arriving earlier due to the Good Friday holiday in Europe, we start with Cloudflare's view of the Virgin Media outage in the UK. Then, we get a bit technical and go over the root cause analysis and solution for a bug found in Cloudflare's mTLS implementation. We also talk about the importance of our newest announcement, Rollbacks for Workers Deployments, for developers. There’s a deep dive on how we use Oxy (a Rust project) to deploy new versions of long-lived server software while maintaining a reliable experience. We also discuss how we’re hiring worldwide, but specifically in Portugal (remote included).

In our end of show “Around NET” segment we go to Washington D.C., Zaid Zaid, from our Policy and Trust team, talks about the 2023 Summit for Democracy and Project Safekeeping (that serves under-resourced organizations that are vital to the basic functioning of our global communities).

Check the blog posts:

• Cloudflare’s view of the Virgin Media outage in the UK
• mTLS client certificate revocation vulnerability with TLS Session Resumption
• Introducing Rollbacks for Workers Deployments
• Oxy: the journey of graceful restarts

In this week's program, we “travel” to Australia to talk about recent DDoS attacks on Australian university websites, and threaten more attacks (that includes some suggestions). We also talk about Cloudflare’s commitment to the 2023 Summit for Democracy that is happening in Washington D.C.. Europe’s GDPR regulation is also present when we go over how we are helping protect personal information in the cloud, all across the world. We also go technical, explaining the many faces of our Oxy framework and its importance in powering Cloudflare services and products. We also do a “show and tell” with our R2 Pricing Calculator, that compares our object storage prices with AWS S3.

In the Around NET end of the show segment, we have Sofia Cardita, based in Lisbon and a clinical psychologist turn engineer from our Radar team. She will talk about our new URL scan tool.

Check the blog posts:

• Killnet and AnonymousSudan DDoS attack Australian university websites, and threaten more attacks — here’s what to do about it Cloudflare’s commitment to the 2023 Summit for Democracy
• Helping protect personal information in the cloud, all across the world
• From IP packets to HTTP: the many faces of our Oxy framework
• Upgrading one of the oldest components in Cloudflare’s software stack

In this week's program, we give some highlights from our Security Week that only officially ended on Monday, including the importance of having the fastest Zero Trust proxy. In a very different area, we also go over why the quantum state of a TCP port is the subject of a deep dive this week. There’s also news related to our developer's platform, Cloudflare Workers, from Node.js compatibility to the use of any language with Pages Functions via WebAssembly.

At the end, we have in our new “Around NET” short segment where we go to the Netherlands. Bas Westerbaan from our Research Team talks about post quantum crypto (free, and forever).

​​For more, don’t miss the Security Week Hub (https://www.cloudflare.com/security-week) and our wrap up blog with all the announcements (https://blog.cloudflare.com/security-week-2023-wrap-up/).

Other blog posts mentioned:

• The quantum state of a TCP port
• Cloudflare Access is the fastest Zero Trust proxy
• Use the language of your choice with Pages Functions via WebAssembly
• Node.js compatibility for Cloudflare Workers – starting with Async Context Tracking, EventEmitter, Buffer, assert, and util
• Out now! Auto-renew TLS certificates with DCV Delegation

In this week's program, we go over some of the announcements we’ve made during Cloudflare's Security Week. We had several tools that leverage machine learning and many improvements to our Zero Trust product, making it more accessible and enterprise-ready. We go over phishing and fraud protection, security management, and trends you should know about.

At the end, we have in our new “Around NET” short segment, contributions from Michael Tremante (based in London — from the Applications Security team) and Mia Wang (based in New Jersey — from our Special Projects team and working on our Workers Launchpad Funding Program.

For more, don’t miss the Security Week Hub.

In this week's program, we go over our recent blog posts related to two relevant programming languages, Rust and Python. The related posts are:

• Oxy is Cloudflare's Rust-based next generation proxy framework
• How we built an open-source SEO tool using Workers, D1, and Queues
• How Rust and Wasm power Cloudflare's 1.1.1.1
• Keeping the Cloudflare API 'all green' using Python-based testing

We also discuss how the new Zero Trust navigation is coming soon (and we need your feedback), how to build resiliency into systems with Cloudflare Workers, and why you should go over our White House’s National Cybersecurity Strategy related blog post.

Last but not least, we give you a teaser on what to expect of the upcoming Security Week (one of Cloudflare’s Innovation Weeks). And Andie Goodwin and Angela Huang share some insights about our blog post related to the International Women’s Day and give some suggestions.

Further reading

• Deploying firmware at Cloudflare-scale: updating thousands of servers in more than 285 cities
• Embrace equity on International Women’s Day (and every day)
• Accelerate building resiliency into systems with Cloudflare Workers
• The White House’s National Cybersecurity Strategy asks the private sector to step up to fight cyber attacks. Cloudflare is ready
• New Zero Trust navigation coming soon (and we need your feedback)
• How Cloudflare runs Prometheus at scale
• How we built an open-source SEO tool using Workers, D1, and Queues
• Cloudflare's network expansion in Indonesia

In this week's program, we discuss one year of war in Ukraine and the related Internet trends, cyber attacks, and resilience of the country. We go over Wildebeest, an open-source, easy-to-deploy ActivityPub and Mastodon-compatible server built entirely on top of Cloudflare's Supercloud. We also give some attention to DDoS attacks given that Cloudflare mitigated a record-breaking 71 million request-per-second DDoS attack. There’s also time to talk about Zero Trust and how the Chief Zero Trust Officer could be a new role for a new era of cybersecurity. Last but not least, some highlights on a deep dive on a replacement in Rust for one of the oldest and least-well understood parts of the Cloudflare infrastructure, cf-html.

Read the blog posts:

• One year of war in Ukraine: Internet trends, attacks, and resilience
• Cloudflare mitigates record-breaking 71 million request-per-second DDoS attack
• Welcome to Wildebeest: the Fediverse on Cloudflare
• The Chief Zero-Trust Officer: A new role for a new era of cybersecruity
• ROFL with a LOL: rewriting an NGINX module in Rust

In this week's program, we discuss our bug bounty program that led to Cloudflare's handling of a bug in interpreting IPv4-mapped IPv6 addresses. We go over the uptick in targeted DDoS attacks on healthcare organizations and ways to stay protected. We include topics like the traffic control bug CVE-2022-47929, and new features such as Advanced HTTP Alerts and the ability (for administrators) to manage dedicated egress IPs with Cloudflare Zero Trust.

There’s some talk about North America’s Groundhog Day (including references to the 1993 Bill Murray movie and also current Internet trends).

Lastly, Rita Kozlov gives us a brief guide on what to expect from the Cloudflare Workers platform in 2023.

Read the blog posts:

• Cloudflare's handling of a bug in interpreting IPv4-mapped IPv6 addresses
• Uptick in healthcare organizations experiencing targeted DDoS attacks
• CVE-2022-47929: traffic control noqueue no problem?
• Get notified about the most relevant events with Advanced HTTP Alerts
• Manage and control the use of dedicated egress IPs with Cloudflare Zero Trust

João Tomé is joined by our CTO, John Graham-Cumming. In this week's program, we talk about our a deep dive related to network debugging (A debugging story: corrupt packets in AF_XDP; a kernel bug or user error?), we go over the three new winners of Project Jengo (and defeats for the patent troll), and also Internet disruptions overview for Q4 2022, and Cloudflare’s January 24 incident. We end with a reading suggestion: our three blog posts related to the Data Privacy Day (Jan 28) including the one about Cloudflare’s Data Localization Suite is able to do.

Referenced blog posts:

• A debugging story: corrupt packets in AF_XDP; a kernel bug or user error?
• Three new winners of Project Jengo, and more defeats for the patent troll
• Internet disruptions overview for Q4 2022
• Cloudflare incident on January 24, 2023
• Investing in security to protect data privacy -Navigating the changing data localization landscape with Cloudflare’s Data Localization Suite
• Cyberattacks on Holocaust educational websites increased in 2022
• Inside Geo Key Manager v2: re-imagining access control for distributed systems
• Towards a global framework for cross-border data flows and privacy protection

João Tomé is joined by our CTO, John Graham-Cumming. In this week's program, we talk about our first Innovation Week of the year: CIO Week 2023. We go over several of the announcements we did, thinking of those that try to keep their organizations safe and productive.

For the written recap of the blog posts of the week, you can check our CIO Week 2023 Recap.

For more, don't miss the Cloudflare CIO Week Hub

João Tomé is joined by our CTO, John Graham-Cumming. In this week's program, we talk about one of our most requested features: DNS record comments and tags are now here. And we go over Cloudflare Radar 2022 Year in Review microsite. In the end, we highlight some of the year’s Cloudflare announcements and give a glimpse of what to expect for 2023. Have a good holiday season and a great 2023!

Read the blog posts:

• One of our most requested features is here: DNS record comments and tags
• Cloudflare Radar 2022 Year in Review

And don't miss the Cloudflare Radar 2022 Year in Review microsite.

João Tomé is joined by our CTO, John Graham-Cumming. In this week's program, we discuss the announcements of the week such as Cloudflare Zero Trust services being available for Project Galileo and the Athenian Project, as well as Project Safekeeping (protecting the world's most vulnerable infrastructure), and how we achieved FedRAMP authorization to secure more of the public sector. We also discuss human rights, the war in Ukraine and how Cloudflare helped, sustainability across the organization from data center hardware to offices. There's also a place for policy highlights and how we are helping Internet access (Project Pangea).

To check all the blog posts, Cloudflare TV segments and announcements, don't miss the Cloudflare Impact Week Hub.

João Tomé is joined by our CTO, John Graham-Cumming. In this week’s program, we talk about South Korea (we have a data center there for more than 10 years) and our first country manager there, Alex Kim. We explain how we are making the WAF (Web Application Firewall) smarter with a new machine learning model, in the WAF Attack Score. And we go over our new Security Analytics.

Last, but not least, we give some highlights on what to expect from our Impact Week that is coming on Monday, December 12, 2022, and it’s all about how Cloudflare is having an impact.

Read the blog posts:

• Alex Kim: Why I joined Cloudflare
• Stop attacks before they are known: making the Cloudflare WAF smarter
• New! Security Analytics provides a comprehensive view across all your traffic

João Tomé is joined by our CTO, John Graham-Cumming. This week’s program goes through how we announced this week an adjustment in pricing, that comes with new annual plans, and accelerating innovation. We talk about how Cloudflare partnered to simplify China connectivity for corporate networks and also what our Linux Kernel Key Retention Service does and why you should use it in your next application. At the end, we put to the test OpenAI’s new ChatGPT chatbot (with Cloudflare Workers code).

Read the blog posts:

• Adjusting pricing, introducing annual plans, and accelerating innovation
• Cloudflare partners to simplify China connectivity for corporate networks
• The Linux Kernel Key Retention Service and why you should use it in your next application
• An early look at Thanksgiving 2022 Internet trends

João Tomé is joined by our CTO, John Graham-Cumming. In this week’s program we highlight how Cloudflare was named one of the Top 100 Most Loved Workplaces in 2022; we also talk about the introduction our new system designed to detect route leaks and its integration on Cloudflare Radar and its public API; we go over routing on the Internet, and how prepending can do more harm than good; and how we manage Cloudflare IP addresses used to retrieve the data from the Internet, how our egress network design has evolved, how we optimized it for best use of available IP space and introduce our soft-anycast technology. There are also some Ukraine Internet outage, Thanksgiving, World Cup and Black Friday trends.

Read the blog posts:

• ICYMI: Developer Week 2022 announcements
• Why Cloudflare’s one of the Top 100 Most Loved Workplaces in 2022
• How we detect route leaks and our new Cloudflare Radar route leak service
• Why BGP communities are better than AS-path prepends
• Cloudflare servers don't own IPs anymore – so how do they connect to the Internet?
• https://blog.cloudflare.com/an-early-look-at-thanksgiving-2022-internet-trends/

João Tomé is joined by our CTO, John Graham-Cumming. This week’s program is a special edition to talk about our Supercloud and Developer Week 2022. We go through many of the announcements of new products, tools and features.

Cloudflare’s been building the alternative to that traditional cloud into our network and our developer platform for years. The Supercloud. The term may be new, but that doesn’t mean that it’s not real. Today, we have over a million developers building on the Supercloud. Each of those developers wants to get code running on one machine and perfect it.

Check all the announcements at the Developer Week Hub

João Tomé is joined by our CTO, John Graham-Cumming. In this week’s program we explain how we helped protect the 2022 US midterm elections with our Athenian Project, we also explain what’s coming next week with our Developer Week and how our Workers platform is making a difference to so many companies and developers worldwide. We also include a clip of a fireside chat Matthew Prince, our CEO, did in Lisbon this week (Nov 11, 2022) with Celso Martinho, Director of Engineering.

Read the blog posts:

• Protecting election groups during the 2022 US midterm elections
• 2022 US midterm elections attack analysis

Don't miss these blog posts, which are featured in the episode:

• How the Brazilian Presidential elections affected Internet traffic
• Cloudflare is not affected by the OpenSSL vulnerabilities CVE-2022-3602 and CVE-2022-3786

If you're a developer and you're building something on our platform, we want to hear from you. Check out how to reach us at the end of this segment.

João Tomé is joined by our CTO, John Graham-Cumming. In this week’s program we start to explain why Privacy Gateway is important, we go over what Email Routing does, now that it left Beta, and we talk about our partial outage.

We explain how to create trust with Oblivious HTTP privacy properties and why John moved his YouTube channel "Behind The Screens" dedicated to digging into source code seen in films and on TV, using the Cloudflare ecosystem (from Pages to Stream). There’s also a small Halloween treat.

Read the blog posts:

• Privacy Gateway: a privacy preserving proxy built on Internet standards
• Stronger than a promise: proving Oblivious HTTP privacy properties
• Partial Cloudflare outage on October 25, 2022
• Email Routing leaves Beta
• And here's another one: the Next.js Edge Runtime becomes the fourth full-stack framework supported by Cloudflare Pages
• Page Shield can now watch for malicious outbound connections made by third-party JavaScript code
• Cloudflare Workers and micro-frontends: made for one another

In this week’s program, João Tomé is joined by our CTO, John Graham-Cumming, with two topics at hand. We start with about a programming-deep dive we did in our blog where we unveil a few secrets behind BPF tail calls on x86 and ARM.

Then, we discuss the importance of the “old” DDoS attacks that continue to grow and to create problems for companies (we published Cloudflare’s DDoS threat report 2022 Q3 this week).

Read the blog posts:

• Assembly within! BPF tail calls on x86 and ARM
• Cloudflare DDoS threat report 2022 Q3

In this week’s program, João Tomé is joined by our CTO, John Graham-Cumming. We’ll start on how Cloudflare is going post-quantum to protect the Internet from future threats, then discuss how Cloudflare Pages is getting even faster with Early Hints. There’s also some Nobel prize winners trends, one-click TLS that is now available, Cloudflare Stream supporting AV1 codec and its importance — and a teaser for next week’s deep dive.

Read the blog posts:

• Introducing post-quantum Cloudflare Tunnel
• Defending against future threats: Cloudflare goes post-quantum
• Automatic (secure) transmission: taking the pain out of origin connection security
• Bringing the best live video experience to Cloudflare Stream with AV1
• Total TLS: one-click TLS for every hostname you have
• Cloudflare Pages gets even faster with Early Hints

Original Airdate -- October 7th, 2022

In this week’s program, we’re doing a special edition of This Week in Net covering Cloudflare's Birthday Week 2022 — featuring a broad array of exciting new announcements, products, and more. João Tomé is presenting and is joined by Matt Silverlock, Director, Product Management at Cloudflare.

Visit the Birthday Week Hub for every announcement and CFTV episode — check back all week for more!

In this week’s program, we’re doing a special edition about our GA Week when we announced generally available products. João Tomé is presenting and is joined by our CTO, John Graham-Cumming, for a sum up with some highlights.

Read the blog post

• GA Week 2022: what you may have missed

Visit the GA Week Hub for every announcement and CFTV episode — check back all week for more!