Writing


Data integration remains essential for AI and machine learning

The nature of human consciousness has so far evaded all, from philosophers to neuroscientists. It should therefore be of no surprise that the artificial intelligence (AI) that we can currently build is limited to more basic pattern recognition within sets of data. Although AI and machine learning (ML) algorithms are getting ever better at doing more with less, we still often need to bring together data from multiple sources for them to produce results that make sense. Humans require a lot of in

Does Social Media Promote Polarization and Absolutism

On 16 May 2020, Kate Bingham was named as the chair of the UK Vaccine Taskforce. In her time in post, she funded the development of a portfolio of vaccines including both the Pfizer-BioNTech vaccine and the Oxford/AstraZeneca vaccine. Her efforts led to the UK starting the deployment of both vaccines outside of clinical trials before any other Western country and achieving the fastest vaccine rollout in Europe. Internationally, whilst she was in post, the UK topped the league tables of funding i

Avoid complexity in data storage decisions

A little while ago, I faced the challenge of migrating a digital asset management system to the cloud. As part of this, I had to migrate out terabytes of data on legacy hardware to a new provider. Add to this the fact that the storage hardware was based in a staffed office in a rural part of England with significantly limited internet speeds. Ultimately, I managed to broker an agreement with a nearby datacentre to allow me to copy data physically to an external hard drive, plug it into a rented

How software development will change in 2022

Over the past year, I have studied in detail how the software development productivity space is changing. Over this time, I have spoken to engineering leaders from dozens of organisations, reviewed the latest literature and even conducted representative opinion polling among software engineers. While the future is uncertain, there are three key trends that technology leaders cannot afford to miss. How tech leaders implement these trends within their organisations will help to define how success

How to prevent developer burnout

Earlier this year, I led a joint research project between engineering productivity business Haystack Analytics and polling firm Survation, to understand the impact of burnout on developers. While there have been attempts to survey developer communities before, this represented the first time representative opinion polling was used to understand software engineers. When it came to burnout, the results were shocking. We found that 83% of software engineers reported that they were suffering from b

EngProd: The Secret of Elite Developer Teams

For companies to be successful, it is important to be able to get new ideas in front of users quickly, so you can keep up with the market and iterate based on real-world feedback. When technology teams find themselves unable to keep up with the pace of product development, they become the blockers of an organization. Ineffective technology leaders will pressure their developers to ship ever more work, causing developer burnout and software instability. By contrast, effective technology leaders

How Data Science Can Drive DevOps Growth - DZone DevOps

To improve, you must measure. Without measuring, you are left reading tea leaves with no understanding of whether you're closer, or further away, from your ultimate goal. Data provides the essential feedback to truly understand how well we're doing—indeed, it often surprises us. This concept is of fundamental importance for Engineering Managers and one I realized the importance of after reading The Goal by Eliyahu Goldratt. Indeed, as many successful organizations do, I had it as my main piece

How To Assess And Improve Your Software Engineering Team's Performance | Hacker Noon

How To Assess And Improve Your Software Engineering Team's Performance Suppose your SRE team has just rolled out a brand new fully self-serve Kubernetes infrastructure, how do you show your boss that it's helped the engineering team deliver faster? Imagine your product engineering team has finally managed to pay down some tech debt through refactoring, how do you show the Product Manager that it was worthwhile for helping your team deliver business value in the long term? As an engineering ma

North Korean Hackers Hide in Plain Sight | Hacker Noon

On the evening of the 25th January 2021, Google’s Threat Analysis Group published details of a campaign targeting security researchers attributed by them to “a government-backed entity based in North Korea”. Google described the attack as using a “novel social engineering method”. Social engineering usually describes attacks that target the human factors of computer security, such as by using phishing emails or phone call impersonation. Whilst highly-competent security experts may consider them

3 Software Ownership Models and Joint Care for Dev Teams | Hacker Noon

In traditional software operations, software would be "thrown over the fence" to operations teams. Technical operations teams would be aided in operating a service using Standard Operating Procedures (SOPs). With the advent of practices like DevOps and the growth in hiring SREs (Site Reliability Engineers), development and operations are increasingly unified. This has allowed "chore" work like deployments and maintenance to be automated. Standard Operating Procedures still play a role in this w

Using data science and machine learning for improved customer support

In this blog post we’ll explore three tricks that can be used for data science that helped us solve real problems for our customer support group and our customers. Two for natural language processing in a customer support context and one for identifying attack Internet attack traffic. Through these examples, we hope to demonstrate how invaluable data processing tricks, visualisations and tools can be before putting data into a machine learning algorithm. By refining data prior to processing, we

Time-Based One-Time Passwords for Phone Support

As part of Cloudflare’s support offering, we provide phone support to Enterprise customers who are experiencing critical business issues. For account security, specific account settings and sensitive details are not discussed via phone. From today, we are providing Enterprise customers with the ability to configure phone authentication to allow for greater support to be offered over the phone without need to perform validation through support tickets. After providing your email address to a Cl

Project Crossbow: Lessons from Refactoring a Large-Scale Internal Tool

Cloudflare’s global network currently spans 200 cities in more than 90 countries. Engineers working in product, technical support and operations often need to be able to debug network issues from particular locations or individual servers. Crossbow is the internal tool for doing just this; allowing Cloudflare’s Technical Support Engineers to perform diagnostic activities from running commands (like traceroutes, cURL requests and DNS queries) to debugging product features and performance using b

Pwned Passwords Padding (ft. Lava Lamps and Workers)

The Pwned Passwords API (part of Troy Hunt’s Have I Been Pwned service) is used tens of millions of times each day, to alert users if their credentials are breached in a variety of online services, browser extensions and applications. Using Cloudflare, the API cached around 99% of requests, making it very efficient to run. From today, we are offering a new security advancement in the Pwned Passwords API - API clients can receive responses padded with random data. This exists to effectively prot

Concise Christmas Cryptography Challenges 2019

Last year we published some crypto challenges to keep you momentarily occupied from the festivities. This year, we're doing the same. Whether you're bored or just want to learn a bit more about the technologies that encrypt the internet, feel free to give these short cryptography quizzes a go. We're withholding answers until the start of the new year, to give you a chance to solve them without spoilers. Before we reveal the answers; if you manage to solve them, we'll be giving the first 5 peopl

Banking-Grade Credential Stuffing: The Futility of Partial Password Validation

Recently when logging into one of my credit card providers, I was greeted by a familiar screen. After entering in my username, the service asked me to supply 3 random characters from my password to validate ownership of my account. It is increasingly common knowledge in the InfoSec community that this practice is the antithesis of, what we now understand to be, secure password management. For starters; sites prompting you for Partial Password Validation cannot store your passwords securely usi

Ten new data centers: Cloudflare expands global network to 165 cities

Cloudflare is excited to announce the addition of ten new data centers across the United States, Bahrain, Russia, Vietnam, Pakistan and France (Réunion). We're delighted to help improve the performance and security of over 12 million domains across these diverse countries that collectively represent about half a billion Internet users. Our global network now spans 165 cities, with 46 new cities added just this year, and several dozen additional locations being actively worked on. Our expansion

Optimising Caching on Pwned Passwords (with Workers)

In February, Troy Hunt unveiled Pwned Passwords v2. Containing over half a billion real world leaked passwords, this database provides a vital tool for correcting the course of how the industry combats modern threats against password security. In supporting this project; I built a k-Anonymity model to add a layer of security to performed queries. This model allows for enhanced caching by mapping multiple leaked password hashes to a single hash prefix and additionally being performed in a determ

Going Proactive on Security: Driving Encryption Adoption Intelligently

It's no secret that Cloudflare operates at a huge scale. Cloudflare provides security and performance to over 9 million websites all around the world, from small businesses and WordPress blogs to Fortune 500 companies. That means one in every 10 web requests goes through our network. However, hidden behind the scenes, we offer support in using our platform to all our customers - whether they're on our free plan or on our Enterprise offering. This blog post dives into some of the technology that

DNS-Over-TLS Built-In & Enforced - 1.1.1.1 and the GL.iNet GL-AR750S

GL.iNet GL-AR750S in black, same form-factor as the prior white GL.iNet GL-AR750. Credit card for comparison. Back in April, I wrote about how it was possible to modify a router to encrypt DNS queries over TLS using Cloudflare's 1.1.1.1 DNS Resolver. For this, I used the GL.iNet GL-AR750 because it was pre-installed with OpenWRT (LEDE). The folks at GL.iNet read that blog post and decided to bake DNS-Over-TLS support into their new router using the 1.1.1.1 resolver, they sent me one to take a l
Load More Articles