How Cloudflare responded to the “Copy Fail” Linux vulnerability
… Our control plane infrastructure typically adopts the most recent kernel, with reboots scheduled according to specific workload requirements. …
Search
Unweight: how we compressed an LLM 22% without sacrificing quality
… A decode kernel needs ~16 KB for its Huffman lookup table. Since 227 + 16 228, these two kernels cannot share the same compute unit . …
When "idle" isn't idle: how a Linux kernel optimization became a QUIC bug
… In 2017,an issue was found with Linux kernel's CUBIC implementation. …
How we reduced core unit boot time from hours to minutes
… The console output told the story: the system was attempting an IPv4 HTTPS network boot, timing out after several minutes, then trying IPv4 iPXE, timing out again, then repeating both — all before finally reaching the IPv6 HTTPS boot interface that would actually succeed. …
Cloudflare recognized as a 'Leader' in The Forrester Wave for DDoS Mitigation Solutions
… The rule is propagated to the most optimal location in our edge for the most cost-efficient mitigation: either in the Linux kernel’s eXpress Data Path XDP , Linux userspace iptables or in the HTTP reverse-proxy . …
Orchestrating AI Code Review at scale
… Subtle concurrency bugs: Race conditions that depend on specific timing or ordering are hard to catch from a static diff. …