Developers, new AI models and a Security Week teaser

Hello everyone and welcome to This Week in Net. It's the March the 1st, 2024 edition. And this week we're going to include a Security Week teaser at the end.

That's one of our innovation weeks that is coming up next week.

I'm João Tomé, coming to you from sunny Lisbon, Portugal.

But we start talking about developers building on our developers platform, Workers.

Our Discord server reached 40,000 users. So we'll discuss that with Verónica in Porto, Portugal.

And then we will go to Calgary, Canada, to get an update on models for developers using Workers AI, to hopefully build some AI magic.

So first thing is first. Hello Verónica and welcome to This Week in Net.

Where does the show find you? Hey João, thank you for inviting me. I'm currently in Porto, but I'm from Venezuela.

And yeah, I've been living here for four years now.

And I've been working at Koffler for more than a year. And previously, I was a product manager, also software engineer, dancer, singer, a lot of things before joining Koffler.

Porto in Portugal, just for those who don't know. In Portugal.

I'm in Lisbon, so we're in the same country. We're not in the same city.

But it's good to have you here, specifically. And we're here to celebrate an achievement.

Our Discord channel, our Koffler developers Discord server reached 40,000 users, right?

Yeah, we currently have a little bit more than that, probably 42,000.

We used to have 20k when I joined one year ago, so we grew a little bit. Quite a lot, yeah.

Even the developers that use workers, our developers platform, has also been increasing.

I think we're over 1 million now of developers that use workers to build stuff, specifically, right?

Yeah, we have a lot of developers. They usually use more pagers and workers.

Those are like the most popular products, but we have more.

And we now have AI products, which is great. We've been doing also AI hackathons in many countries and cities.

And yeah, there are many developers using and starting to know the new products that we have.

Exactly. And actually, in the show, we've been discussing new LLMs models that have been put available in our workers AI, so developers can build with different LLMs, different models there too, right?

Yeah, and we've recently added eight new models in the available models list, so that's great because people have been requesting a lot.

Actually, one of the most requested things is to be able to use custom models, and that's not yet possible, but we've been adding more models to the list.

There's news on the developers front in the next few weeks, for those who want to be interested there.

For those who don't know, our Discord server, specifically for CallFlare developers, for what is that used specifically?

Who are the developers there and how do they use the server specifically?

Well, yes, most of them are developers, but some of them are not.

Probably they are beginners or CEOs or just company owners and people that have the need technical products for their company.

But yeah, most of them are developers, independent ones or already working for some company, and they are back-end, front-end, full-stack, probably mostly full-stack as well.

And what type of questions are answered there specifically?

A lot of different questions, depending on the other products too, right?

Yeah, they ask a lot of questions. Sometimes it could be issues or they provide feedback, but the questions could be, for example, one of the most asked are why CallFlare pages doesn't have a Wrangler thumbnail.

And also the custom models one.

When are you going to support custom models for workers AI? That's going to be soon.

And yeah, also issues. It's a great way to detect issues because people are always reporting issues and also sharing feedback.

And also, it's a great place for people to show what they're building.

We have a channel called What I Built, and they usually share their cool projects there so that more people can see it and they can get inspired with that.

So developers, not only showing what they're building, also help others build using our platform.

So it's like a guideline. Hey, here's how I did this.

You can use the work I did to build your own stuff too, right?

It's a collaborative effort there too, right? Yeah, we have many, many community projects that could be used as templates for people to learn how to use the product.

They can use our templates like the CallFlare official ones, but there are many projects made by the community, sometimes made by our community champions, which are like the power users, and also moderators of the Discord server.

And yeah, they usually start building with the products we launch even before it's launched.

Before I ask you to show how the server works specifically, can you give us some highlights in terms of problems or use cases that you saw that were solved, that were dealt with in the server that you remember, for example?

Well, specific use cases, there are many.

It's cool because we have betas, right? So we need beta testers and it's a great place to find them.

For example, there's a beta right now for browser and rendering API, and there's a wait list for that.

You can find it like in the CallFlare website, but you can get access more quickly on Discord.

And people are every day asking for it, for browsers rendering API and sharing their use cases.

And I'm enabling for them all the time. And that also happens with other betas.

And for example, community champions and MVPs and the experts also participate in beta testing.

And it's a great way for us to get feedback from people, like really, really early in development.

So now let's show people what we've been discussing, how the Discord server CallFlare developers works.

So I'm a new developer or someone really interested in this topic.

How can I start specifically?

You would usually go to discord.callflare.com and you can join our server.

And after you follow all the steps, you're going to find this. And after reading the rules, and everything, you can see we have the channels here, the server, general.

We have channels for many products, but we focus more on the developer platform.

So we're not going to have all the products in the channels. In that case, you can ask your question in the general help channel, if it's about other product that doesn't have any channel.

And we have three forums, which are, yeah, general help and pages help and workers help as well, because those are the most used ones.

But we also have channels for other products, like D1, KBQs and other products that are not part of the developer platforms.

There's a lot there.

Yeah, there are many channels. There are many and many people that are willing to help.

That's always good. I've used specifically the Discord server to ask questions to developers specifically in the past.

And you can feel that there's a community there of people trying to help each other, which is great.

And it's just searching the product you want.

It goes a long way, like you were saying, but also those more general topics will also work.

If you really want some guidelines on where should I ask this specifically, that should also work.

You also work in regarding sponsorships, right?

The open source software sponsorship program. How does that work specifically?

Well, so usually people would fill in a form that we have in our website.

And then I review the application. We have some requirements like, of course, being open source, an open source project.

Who can apply? Who could be interested in this specifically?

Any person that has an open source project and that is non-profit and is using Koffer, or not using Koffer, but needing some help with the products.

Imagine that you need the CDN or need more features that are included in our pro plan, because the main advantage of the program is that you get a free upgrade to the pro plan.

So if any of the things that the plan offers, it will be great for your open source project.

But yeah, it has to be a non -profit project and it can be about anything.

It doesn't have to be super technical project just for the developer community, but also we're now accepting projects about education or sports or anything else.

It doesn't have to be 100% related to the developer community.

In that situation, first, when did the program started specifically, the sponsorship program?

It started like three years ago or so.

It's been here for a while. There's a lot of participants at this point.

Yeah, we're sponsoring probably more than 300 projects. We have many famous companies there actually.

And yeah, they use Koffer a lot. We can sometimes adapt the program depending on the needs that the project has.

But yeah, we have many, many, many projects sponsored and we get a lot of applications every day.

So yeah, we can't accept all of them, but we try to review most of them and try to sponsor if we can.

So if I have an open source project that I want to apply, where should I go?

So we have a blog post that we published last year in developer week, where we tell you more about the program and how it works and all the criteria and the benefits you can get.

And if you go to Koffer sponsorships, you can see some of the projects we're currently sponsoring.

These are not all of them, just some of them, but we have many cool projects here.

And if you want to apply for the program, you just have to fill in this form and then I'm going to be notified and I will review your application.

And if it's approved, we can upgrade your plan to pro and depending on other things you need, we can also try to help you with other products depending on the availability and you will get notified via email if your project is accepted.

So this project has to be a non-profit specifically, but what could make the difference in terms of being approved or not?

Depending on, for example, we don't accept personal projects. For example, it's more like projects or like...

useful for the community in a sense, right? Yeah, not like, oh I'm Veronica and I want to I want to sponsor for my personal project.

Yeah, that is like promoting myself.

Usually we don't do that. We can do that sometimes, but we focus more on projects that help more people and like it's an organization or something bigger.

It doesn't have to be super big, but something that is helping more in the community in general.

Makes sense. So this was great to learn a lot about our developers and our platform in a sense.

Do you want to share anything more, Veronica?

Yeah, actually I wanted to share that we recently created a new process for community champs to raise issues and incidents from Discord and it's powered by a bot made by Alec Kromkan, one of our employees, and it's been great because it's letting us detect issues super quickly.

For example, the incident that we had on November 2nd last year, that was a pretty big incident and around 130 people reported issues on Discord and we were able to detect it more quickly.

And also, yeah, many incidents like that, many issues that turn into incidents suddenly and affect thousands of people are detected on Discord thanks to this process and our community champs as well.

So they picked up on, right, really quickly so we can deal with those really quickly so less people will be impacted in a sense, right?

Yeah, we can detect it in minutes and super quickly because our community champs are always there almost 24-7 monitoring everything.

So it helps having people all around the world, right? Different time zones, it helps.

Yeah, we have in many different continents, so yeah, there's always someone there monitoring everything.

That's great, great to hear. Thank you so much and see you next time.

Thank you, thanks for inviting me. See you.

Hi, my name is Logan Grasby.

I am a Developer Educator for AI at Cloudflare and I am based in Calgary, Alberta, Canada.

I have been working on helping the team add new models to the AI catalog for workers AI and we recently wrote a blog post announcing the 17 new models that we've just added and we have many more on the way.

These models add a variety of new use cases for developers to be able to build tools that otherwise would have not been possible on Cloudflare's platform.

You can do things now like from an image get detailed descriptions of the contents of the image, the objects in the image.

You can generate images and edit images using AI by combining multiple images together and a text prompt to get varying results and you can do things that are much smaller models but much faster.

Things like summarization and all of these are just really the tip of the iceberg in terms of what we are going to be rolling out.

There's going to be over 50 models on the catalog very soon and so we're really excited to continue to add new use cases for developers building on Cloudflare.

And now it's time for a Security Week teaser.

Next week is our first Innovation Week of the year.

Innovation Weeks are now a part of the Cloudflare tradition for some years.

We usually do a handful of those choosing specific topics every year. To help me with this I have Ankur and Daniel.

Hello Ankur. Hello Daniel. How are you?

Hey Jo. My name is Ankur Agrawal. I'm based out of San Francisco. Product Manager here at Cloudflare working on our gateway product for Zero Trust and we're excited to kind of just give you a little bit of a look into what we're launching or talking about during Security Week.

So for Security Week we really wanted to get the message out there about the products and features and really even our messages about helping making the Internet better.

So we'll have a ton of blog posts and a ton to share but for now I'm going to turn it over to Daniele to kind of maybe walk through some of our focus topics.

And hello everybody. Thanks Ankur. My name is Daniele.

I'm the Group Product Manager for the WAF here at Cloudflare and there are a couple of areas I wanted to talk about for Security Week.

So one big area we're going to talk about is AI.

So 2024 is probably going to be the year of AI. So everybody's talking about that and the promise of AI to revolutionize how we work and generate content is out there.

But also with AI, with the advent of AI, it means that we get new threats, new attack vectors and basically new, if you want, scenarios that we weren't prepared to face.

So because of this change we are investing a lot in new products and features both leveraging AI but also protecting AI.

So if you're interested in the topic, early in the week we're going to launch some protection I could say for LLMs and AIs.

So more about how do we secure AI models on either deployed on Cloudflare or anywhere.

But also we are launching features where we use AI to power the way you interact with the Cloudflare dashboard or in general with our security products.

So if you're interested, stay tuned and of course look out for those AI stories.

Our security week, any innovation week that we have, usually there's a lot of blog posts in each day from Monday to Friday.

What types of topics will be mixed together in terms of the week?

So we're going to have a lot of topics mixed together for application security as well as SASE and basically are helping making the Internet better.

So I'm going to turn it back over to Daniele to walk us through some of the application security pieces.

Yes, thanks. And then as you mentioned Ankur, we're going to intertwine, if you want, blogs and stories of different areas.

So it's going to be AI but also application security. So application security includes all our WAF, DDoS, client-side security or API Gateway, API Shield products.

And we have new features for each one of those areas. So specifically, for example, for PageShield, if you're a customer concerned with GDPR issues, with tracking GDPRs, then definitely look out for a PageShield blog post.

We have also big announcements around analytics and especially how we're going to enable customers to interact with our logs and data and have more insights into the data, more granular insights on the logs.

And also this will help optimizing the cost of your IT toolkit and infrastructure in general and spend.

And one more feature I wanted to quickly touch upon is security for APIs.

So as part of API Gateway, we are expanding the capabilities of that solution.

So if you're interested in managing authentication of API traffic as part of your application and perhaps leverage Cloudflare to meet that use case, then again, this is something for you this week.

A lot to discuss. There's different potential customers that could be served with the different topics that are discussed this week.

What types of customers, of engineers, that people work in this area, security area, should be more aware of what we're launching, Ankur?

Yeah, I can definitely take that.

So on the kind of sassy side of things, this is squirtly focused at practitioners, how it can improve their lives.

But then it's also impactful for CISOs and security leaders because these are definitely security changes or updates that really just make their lives easier.

Something we like to say internally often is just what makes you sleep better at night.

What helps you stop worrying about that latest security vulnerability?

So on the sassy side of things, we've actually focused in a lot on a few different things.

We'll have deep dives on kind of our email security.

Basically, it helps enterprises secure their users' inboxes from messages they receive via either spam or phishing.

And then we'll also have another one related to DLP.

This will help really identify or flag or even filter possible loss of trade secrets.

So things like source codes being uploaded to repositories that you don't own.

And then lastly, we'll have a deep dive on really just deploying Zero Trust.

So that TLS inspection piece and securing Cloudflare with Cloudflare.

So it's a good story that we've talked about before, but we wanted to do a deeper dive into just what it means privacy-wise of deploying something like Zero Trust at Cloudflare.

And so we believe the collection of these stories combined with the kind of last piece here, just networks that are easier to connect are also easier to secure, will help kind of just build that whole story together and really make the lives of those network practitioners, security practitioners, and those CC-level people just a lot easier.

Makes sense.

So a lot of trends, features, products, enhancements in terms of security announced for next week specifically.

So a lot to uncover. Did we miss something that you want to highlight?

Yeah. The one piece I just wanted to cover was the kind of efforts that we're doing for that help make the Internet better aspect.

So a few of those are next week is actually going to be Super Tuesday here in the US.

So it's a big election day and we're going to have a deep dive into Internet traffic trends we see during that day, as well as touching on our Project Galileo efforts, which is kind of free Cloudflare services for political campaigns to protect and secure kind of free and open elections, as well as just an update on our famous lava lamps.

So it will be an update on their use and how we use them to generate randomness and really generate and protect Cloudflare.

Those are two products that I take close to heart, Project Galileo, and also our lava lamps perspective, randomness perspective.

So updates there are great. Project Galileo is more general, but we also have like helping elections specifically, but it helps thousands of Internet properties be online and sense free, which is great.

Anything, Daniel, from your side?

I'm just very excited to be able to launch a few products and be able to share all the interesting things we've been working on in the last few months.

So yeah, looking forward to that. Exactly. This is the culmination of work of several teams, a lot of people at Cloudflare, different perspectives.

It's about security, but it takes a village because it takes different teams of the company.

And it's really interesting that we're showing how we ourselves use our security products to be safe.

So that's also interesting to take a look next week.

And that's a wrap. Thank you for your teaser for Security Week. Thank you.

Stay tuned. Thank you. Before we go, let's get an update on our blog.

The first one is Polyfill.io is now available on CDNGS to reduce the risk of supply chain attacks.

So you can replace your Polyfill.io links today for seamless experience.

For those who don't know, Polyfill.io is a service that provides code to make sure web features work in older browsers.

And it's now hosted on CDNGS. Moving on, also this week we wrote a blog post about how Cloudflare recently fixed two critical DNSSEC vulnerabilities.

Both of those can exhaust computational resources of validating DNS resolvers.

So these vulnerabilities do not affect our authoritative DNS or DNS firewall products.

We also published a blog post mentioning that we're open sourcing Pingura, our Rust framework for building programmable network services.

So you can read all about it in our blog.

We also have this blog post that digs deeper into Cloudflare's approach to machine learning operations.

It goes into monitoring and how we can continue to evaluate the models that power bot management.

So see you next week for an all about Security Week episode with our CSO, Ran Borzykas.

And also celebrating the return of Jon Stewart to the Daily Show in the US, here's your Moment of Zen with our DNS guru Olafur Gudmundsson in this clip from a long interview that you can check in our show notes.

See you next week. The Internet is always under a threat.

Because it's so important, right?

In a sense. Yes. And the threats come from many different angles.

There are the ones we can talk about. There are the ones who want to bring it down or harm somebody who is on it.

There is the governmental threats.

Governments want to be totally able to dictate what their captive audience sees.

There are businesses that want to rule it for their own benefit or to create a closed ecosystem.

Something like America offline version 2. Yes.

And yes. So keeping the Internet open, keeping the Internet affordable is very important.

And it is also important to realize it has to be affordable and available to everybody.

It doesn't matter if I have the Internet, but nobody in Namibia has it.

That's a bad thing. It has to be available everywhere. There has to be sources on the Internet that everybody can trust.

Something like Wikipedia. This information is getting very easy to do on the Internet.

I'm not going to make any judgments about the hype about AI systems today.

They can be good. They can be bad.

But to some extent, I classify them as you feed the garbage, you get garbage out.

So the inputs have to be done right. Makes sense. And this year we're seeing that in play already.

Yes. So yes, the future is bright and the future could be dark.

It depends on what people vote for and what bad actors get away with.