Yesterday, I wrote about the way that tech-sector concentration was making it nearly impossible for Russia to block the encrypted messaging service Telegram: because Telegram can serve its traffic through giant cloud providers like Amazon, Russia can only block Telegram by blocking everyone else who uses Amazon. Read the rest
Cloudflare, a company with a history of resisting surveillance and censorship orders (albeit imperfectly and sometimes with undesirable consequences) has announced a new DNS service, hosted at the easy-to-remember address of 1.1.1.1, which accepts connections under the still-novel DNS-over-HTTPS protocol, and which has privacy designed in, with all logs written only to RAM (never to disk) and flushed every 24 hours. Read the rest
Cloudflare has terminated service to Sci-Hub, the site that provides paywall-free access to virtually all scholarly work, citing Aaron Swartz as inspiration -- Cloudflare previously serviced the sci-hub.la, sci-hub.tv, and sci-hub.tw domains, but in response to an injunction obtained by the American Chemical Society, they will no longer provide that service. Read the rest
As Trump FCC Chairman Ajit Pai tries to kill Net Neutrality under cover of Thanksgiving, Cloudflare CEO Matthew Prince has tweeted that he is looking into ways that he can legally take up Josh Constantine's challenge to give Pai "14.4k dial-up speeds for killing net neutrality." (Image: Evan-Amos, CC-BY-SA) (via /.) Read the rest
"Something like ten percent of the web flows through Cloudflare's network," states Nick Sullivan, Head of Cryptography for internet "gatekeeping" service Cloudflare.
So, in order to keep their client's protected, they need to generate a lot of unpredictable, completely random numbers. That's where this wall of lava lamps comes in.
Cloudflare's "Wall of Entropy" sits in the lobby of their headquarters in San Francisco. It uses the unpredictability of its flowing "lava" to assist in randomly generating numbers.
On their blog, they explain how it works, for people both with technical and non-technical backgrounds. This is an excerpt from their non-technical explanation:
Read the restAt Cloudflare, we have thousands of computers in data centers all around the world, and each one of these computers needs cryptographic randomness. Historically, they got that randomness using the default mechanism made available by the operating system that we run on them, Linux.
But being good cryptographers, we’re always trying to hedge our bets. We wanted a system to ensure that even if the default mechanism for acquiring randomness was flawed, we’d still be secure. That’s how we came up with LavaRand.
LavaRand is a system that uses lava lamps as a secondary source of randomness for our production servers. A wall of lava lamps in the lobby of our San Francisco office provides an unpredictable input to a camera aimed at the wall. A video feed from the camera is fed into a CSPRNG, and that CSPRNG provides a stream of random values that can be used as an extra source of randomness by our production servers.
