Skip to main content

Patching the Internet

When CloudFlare approached me about joining the company there was one thing that really stood out about the potential for their service: the ability to 'patch the Internet'.

CloudFlare sits between people's browsers and the web servers they are trying to reach.  All the traffic (DNS, HTTP, and HTTPS) passes through the CloudFlare network.  This blog post was served up (and protected and accelerated) by CloudFlare.

But as the traffic passes through CloudFlare it's possible to modify it, and that opens up huge potential for fixing Internet problems on an enormous scale.

Today, CloudFlare has rolled out a service that informs people that they've been infected by the nasty DNSChanger malware.  This makes sense for CloudFlare to do because so many of the web's users touch CloudFlare sites every month.  In this case CloudFlare is helping to protect end-users, just as it protects web sites.

And this sort of virtual patching can come anywhere in the network stack from fixing DDoS attacks, to filtering out an Apache Range vulnerability, to deleting hashing attacks, to killing SQL injections.  As new attacks arise we are able to, for our users, 'patch the Internet'.

Patching allows us to do other things like insert any service automatically across a web site (such as adding web analytics), to filter out private information (such as an email address) if the visitor might be malicious, or simply insert a message notifying visitors of, for example, an upcoming service disruption.

It also lets us do things like add SSL quickly to site, enable IPv6 even when the site is on IPv4 only and will, soon, allow us to turn on new protocols like SPDY even when the actual web site only supports HTTP.

The potential for this two way patching is very large and we've recently announced a developer program to let people build their own apps that can be installed with a single click of an On button in the CloudFlare UI.

I'd be interested in hearing from people about ideas on how best to 'patch the Internet'.  I'll personally send a signed copy of The Geek Atlas to the person with the best idea.

Comments

sep332 said…
An "Edit" button. You can change the content of a page and save your changes for later visits. Optionally: a history of your edits to a page, or a way to share your changes, or see that other people have edited the page, or "subscribe" to changes from certain users. Like turning the web into your private wiki.
sep332 said…
An "Edit" button. You can change the content of a page and save your changes for later visits. Optionally: a history of your edits to a page, or a way to share your changes, or see that other people have edited the page, or "subscribe" to changes from certain users. Like turning the web into your private wiki.
Anonymous said…
sep332, sounds like ShiftSpace
tz said…
I run a number of firefox extensions for security. It would be nice if I could just use a proxy to get a "clip" of a site without javascript, flash, java (some harboring malware if the site slips up). Also no images. A quick and/or mobile view that I could click-through to get the full version. I would also say adblock, but I don't normally mind ads after I know I want to really read a site.

Also handle SSL verifying certificates using a Perspectives or similar method to detect and defeat anyone who managed to register google.com at some obscure CA.

I could use any browser, but by simply setting the proxy or just going through your service insure a much higher level of security.

Also a "printer friendly" version, or export to kindle feature that would clean things up or at least make it so that I didn't get a teeny thin column of text on 20 pages of paper.
Can CF act as "smart" a dependency management of sorts for at least well known JS/CSS libraries; copied from amazon kindle fire and google loader--

For example, if I have a javascript src file included in the html page,


script src="js/jquery-min.1.2.3.js"


then CF returns that directly instead of the host server --

for a more complicated dependency management, inspired by maven--


script src="js/jquery-min[1.0,).js"


this would resolve to the latest version served if available or lower version until 1.0
Can CF act as "smart" a dependency management of sorts for at least well known JS/CSS libraries; copied from amazon kindle fire and google loader--

For example, if I have a javascript src file included in the html page,


script src="js/jquery-min.1.2.3.js"


then CF returns that directly instead of the host server --

for a more complicated dependency management, inspired by maven--


script src="js/jquery-min[1.0,).js"


this would resolve to the latest version served if available or lower version until 1.0

Popular posts from this blog

Your last name contains invalid characters

My last name is "Graham-Cumming". But here's a typical form response when I enter it:


Does the web site have any idea how rude it is to claim that my last name contains invalid characters? Clearly not. What they actually meant is: our web site will not accept that hyphen in your last name. But do they say that? No, of course not. They decide to shove in my face the claim that there's something wrong with my name.

There's nothing wrong with my name, just as there's nothing wrong with someone whose first name is Jean-Marie, or someone whose last name is O'Reilly.

What is wrong is that way this is being handled. If the system can't cope with non-letters and spaces it needs to say that. How about the following error message:

Our system is unable to process last names that contain non-letters, please replace them with spaces.

Don't blame me for having a last name that your system doesn't like, whose fault is that? Saying "Your last name …

All the symmetrical watch faces (and code to generate them)

If you ever look at pictures of clocks and watches in advertising they are set to roughly 10:10 which is meant to be the most attractive (smiling!) position for the hands. They are actually set to 10:09.14 if the hands are truly symmetrical. CC BY 2.0image by Shinji
I wanted to know what all the possible symmetrical watch faces are and so I wrote some code using Processing. Here's the output (there's one watch face missing, 00:00 or 12:00, because it's very boring):



The key to writing this is to figure out the relationship between the hour and minute hands when the watch face is symmetrical. In an hour the minute hand moves through 360° and the hour hand moves through 30° (12 hours are shown on the watch face and 360/12 = 30).
The core loop inside the program is this:   for (int h = 0; h <= 12; h++) {
    float m = (360-30*float(h))*2/13;
    int s = round(60*(m-floor(m)));
    int col = h%6;
    int row = floor(h/6);
    draw_clock((r+f)*(2*col+1), (r+f)*(row*2+1), r, h, floor(m…

The Elevator Button Problem

User interface design is hard. It's hard because people perceive apparently simple things very differently. For example, take a look at this interface to an elevator:


From flickr

Now imagine the following situation. You are on the third floor of this building and you wish to go to the tenth. The elevator is on the fifth floor and there's an indicator that tells you where it is. Which button do you press?

Most people probably say: "press up" since they want to go up. Not long ago I watched someone do the opposite and questioned them about their behavior. They said: "well the elevator is on the fifth floor and I am on the third, so I want it to come down to me".

Much can be learnt about the design of user interfaces by considering this, apparently, simple interface. If you think about the elevator button problem you'll find that something so simple has hidden depths. How do people learn about elevator calling? What's the right amount of informati…