All blog posts
Page 28
Unicode in VCL
There's more to life than just the Latin alphabet. Because we’re a global platform with humans using all kinds of writing systems, recently we added the ability to write synthetic responses — e.g. a web page with an error message — in UTF-8 in Fastly VCL. In this post, Engineering Director Katherine Flavel shares some of the behind-the-scenes work to show how we did that.
Improve response, drive digital change | Fastly
The ability to get real-time data for your site or app, respond quickly, and see your changes reflected in real-time is crucial for businesses today. See the ways in which companies like HotelTonight and Gannett/USA Today have boosted their responsiveness, and freed up their teams to innovate.
Did you see that? Monitoring vs observability
You monitor distributed systems and log data, but what good does it do if you can't observe an actual problem when there is an issue? The reality is, you're drowning in log data and monitoring only gives you a high-level overview of a problem after it’s occurred. Enter observability.
Fastly delivers SOC 2 Type 2 for entire platform
At Fastly, we recognize that our edge cloud platform is an extension of your critical infrastructure and data flows. That means you may rightfully have questions about how we protect the data you share with us and how we can support your own security and compliance obligations. We view meeting those needs as part of our core values of transparency and trustworthiness. Today, we are happy to announce that Fastly has completed a Type 2 Service Organization Control 2 (SOC 2) examination for the management and monitoring of our edge cloud platform.
Observability: Embracing the messiness | Fastly
In this fireside chat, CEO and founder of Honeycomb Charity Majors spoke with Fastly VP of Data Governance, Lisa Phillips. They discussed embracing messiness, enabling customers to fix their own problems, and the power of structured data.
Why performance is key to digital transformation
In the previous post in this series, we explored how leading organizations are staying ahead of the digital transformation curve. In this article, we’ll take a closer look at performance, a key component of successful digital transformation for many customer-facing organizations. We’ll also provide two illustrative use cases of how focusing on performance can drive significant growth while delighting customers along the way.
New Logging Endpoints with Fastly
Every business needs the ability to see how their site is doing, and troubleshoot any issues that may arise. Our real-time logging enables just that, so you can easily view your traffic, understand your site health, and make the changes you need as quickly as possible. And today, we’re thrilled to give you even more control: in addition to the providers you can already choose from, we’ve added Honeycomb and Splunk, and boosted our capabilities with Google BigQuery to support even more logs per second.
Accelerate your digital transformation
Digital transformation is one of the most-discussed topics at executive events — but what does it really mean for businesses? We'll explore the right framework for businesses of all kinds to think through digital transformation, and how to move control and capability to the edge of your organization.
Surfacing Key Indicators of Account Takeovers
This post focuses on the key authentication events that financial services organizations should monitor to defend against account takeovers. We’ll also illustrate how utilizing a threshold-based approach enables organizations to identify irregular request patterns to spot fraudulent authentication and account activity.
3 Key Takeaways from Altitude SF | Fastly
1.4 billion active monthly users, 10 billion requests per day, and 5.2 TB per second peak traffic — these are some of the staggering numbers we heard about at our 7th Altitude conference where customers, partners, and Fastlyans gathered to share experiences, exchange information and insights, and enjoy some tasty food and valuable networking. Here’s a few themes from the event worth highlighting.
Listening to Web Attacks Remixed!
Sigsci-sounds monitor attack and anomaly data and will play a sound for each type of attack or anomaly.
Introducing Platform TLS and Subscriber Provided Prefix
Today we’re announcing two new offerings on the Fastly platform: Platform TLS and Subscriber Provided Prefix. Both empower companies to provide fast, secure web experiences to their customers and end-users, while reducing the workload on their own internal teams. Large companies, such as those offering mass hosting or managing multi-brand portfolios, can now quickly and easily manage hundreds of thousands of certificates in bulk.
Testing HTTP freshness in CDNs
CDNs all use HTTP caching to optimize performance, but sometimes different CDNs do it in slightly different ways and that can make things more complicated for our customers. This blog post makes a case for CDN interoperability and introduces a common test suite to help identify differences between CDNs to start paving the way.
7 business uses for logging
To create effective logs, you first need to consider what you’re trying to achieve in capturing and maintaining logs. If you don't begin with a clear business goal and proactively plan your logging strategy, you take the risk that you’ll find yourself either without the data you need at a critical moment, or overloaded with extraneous information. Here are 7 ways you can use logs.
3 Common logging challenges
Effective logging requires thoughtful planning and consistent tuning and maintenance. Here are three of the biggest challenges of logging.
Patterns for authentication at the edge
Identity is a boring, but necessary element of most website builds. Validating a user’s identity and access rights is something that is in the critical performance path, required site-wide, and often implemented in a bespoke way. Moving it to the edge improves performance, and can simplify your application architecture.
Fastly's Response to SegmentSmack
A remotely exploitable denial-of-service (DoS) attack against the Linux kernel, called SegmentSmack, was made public on August 6th, 2018 as CVE-2018-5390. Fastly was made aware of this vulnerability prior to that date through a responsible disclosure. As part of our initial investigation, Fastly discovered a candidate patch proposed by Eric Dumazet from Google to address this vulnerability. We discussed the vulnerability and the patch with Eric, reproduced the attack, validated the patch as a fix, and estimated the impact of the vulnerability to our infrastructure. We immediately deployed temporary mitigations where we were most vulnerable, while simultaneously preparing and rolling out a patched kernel to our fleet.
Elevating the user experience at Fastly
We’re excited to share several recent user experience updates that enhance WAF, Image Optimizer, and user management functionality in the Fastly control panel.
2018: What is Next for Fastly?
Since Fastly’s founding seven years ago, we’ve remained focused on scaling our business differently, with care and purpose. We’re building a talented team, and carefully select customers who share a similar vision – to create a better internet.
Hijacking the control flow of a WebAssembly program
While WebAssembly has already proven a fertile attack surface for the browser, as more web application code moves to WebAssembly from Javascript there will be a need to research and secure WebAssembly programs themselves. The WebAssembly design obviates common classes of attacks that might be inherited from development languages like C and C++, but there is still some room for exploitation. This tutorial will cover control flow protection guarantees provided by WebAssembly, known weaknesses, and how to use clang control flow integrity (CFI) in WebAssembly programs to mitigate some risks around control flow hijacks.
