Bon-app-etit

Hi, my name is Madeline. I am a risk manager on our security team at Cloudflare.

Welcome to my session, Bone Appetite. This session is not actually going to be about Cloudflare products or technology at all.

It's also not going to be about security risk management, though you might find some themes here in terms of kind of focusing on what we value.

But I am here actually to talk about my app to improve the experience of dining out.

I originally kind of submitted the idea under COVID-19 inspired restaurant app.

And the Cloudflare team kind of came back to me asking, is this the real name?

What do you want your talk to be? And so being the punny person I am, that shows the kind of second thing that popped in my head.

So that's how we got to Bone Appetite.

And if you have any questions throughout this talk, you can submit them to the email address at livestudio at Cloudflare.tv.

Again, livestudio at Cloudflare.tv.

And a little bit about me and kind of what I've been thinking about lately.

So I'm a lover of podcasts, very auditory learner, love to listen, go for walks.

My favorites are kind of behavioral economics podcasts, so I really love economics.

And I love it because they kind of focus on how people really work, and designing incentives and structures to kind of fit actual human behavior.

The second kind of category that I'm going to pull from is kind of like this business entrepreneurial podcast.

I love how I built this by NPR as an example.

And they kind of focus on like what's really identified as problems, and how people build businesses around actually solving problems.

And another kind of podcast that I love is around innovation, and that's Ted Radio Hour.

So thinking of some new and innovative ideas on how we can actually change the world for the better.

So I've been listening to a lot of these podcasts during COVID, as we all are probably a little bit in need of some entertainment and things to do from home.

And COVID has also got me thinking a lot about kind of pausing, and like thinking about the way our world works, and kind of problems in my everyday life, you know, how can we really make things better?

You start to really kind of notice this when we kind of stopped going to the office and having all of our social events.

And at Cluster in general too, we talk about back to better, and kind of what that means for the office.

This is kind of like giving you a little bit of background to kind of why I'm doing this, and how I got to think about this in the first place.

I'm going to tell you a little bit more about my life in the context of some problem statements that I'm trying to solve with going out to team.

So first, probably many of you can relate, I've been standing in line a lot lately, whether it's at the grocery store, at the hardware store, on my weekly ice cream pickup.

And so this is a little bit more bizarre than normal, in that we're all kind of uncomfortable, we're wearing masks, we're being forced to go one way down aisles.

But in some ways, it's kind of not so different from our normal experience, especially for those of us living in San Francisco.

I regularly have to kind of wait to get into a bar, or any popular restaurant that I want to go to.

Which is kind of the first feature of my app.

So I thought it would be really cool if we could figure out a way to design an app that plugs into the software that restaurants use to do their scheduling, and can really optimize for wait time.

And then also, if I kind of show up at a restaurant and figure out that there's a significant wait time, my app could propose some other nearby options, kind of within the filters that I care about, that I could go to instead.

So kind of first feature is really optimizing for time.

I think this also kind of gives, it kind of naturally shuffles the traffic away from these restaurants who kind of already are maxed out, and to ones who maybe don't have as much foot traffic coming in.

The second problem I've been thinking about, is I've been cooking a lot lately, and I'm pretty burned out on cooking.

So every now and again, I order myself a meal. And this is great, because not only do I not have to cook, but I get to support local restaurants, and I feel really good about this.

The problem really comes down to when I have to pick the restaurant.

I spend so much time searching through any given delivery app to find exactly the restaurant I want to eat, the right price, pick my dinner, only to get to my shopping cart and figure out that I have a 60 to 70 minute wait.

And it takes me so long to choose that I usually just go forward with this order.

And I know that if I try to start this process over and find a new restaurant that's going to get there in 30 minutes, that I probably will end up getting my food at the same time.

And I find this in other activities that I've been doing, like picking a Netflix movie.

There are just so many options that I feel like I spend half an hour just scrolling through all the movies that I could potentially watch, and then not actually watching one.

And so there's actually, it turns out that there's some real research on this.

There's one study that I kind of heard about through the Foodonomics podcast by Sheena Iyengar and Mark Lepper.

They did a study on gourmet jams.

And so they basically had two groups of stores. They came in with coupons for a dollar off, and one group got to sample from 24 different jams.

And then the other group got to sample from six different jams. So the display of 24 jams got a lot more interest than the display for six jams.

But in terms of actually purchasing the jams, the group that visited the 24 jams only bought the jams 30% of the time.

And then the group that visited the six jams bought it 30% of the time.

And so I think there's some real kind of research around that choice can be really paralyzing to consumers.

So this is kind of the second feature of my app, kind of reducing the consumer standstill produced by all this choice, and providing just a recommendation of maybe three restaurants.

So I've kind of decided that this restaurant that I've tried to go to is full.

I go into my app. It's optimizing by wait time and also kind of my own criteria and location.

And it's just going to give me three options. So this is a lot less painful for me.

I'm likely to choose faster and actually just be happier. Of course, I want my app to propose these restaurants randomly so we aren't kind of favoring any one restaurant or allowing restaurants to pay for priority here.

The third thing I've been thinking about lately is just like all the other things that I don't like about the dining experience and trying to think of what does back to better look like here.

So the things I think about with San Francisco restaurants, waiting in really tight entrances, scrunching myself up against another visitor's table, let someone else pass by and get to the hostess stand, or worse, being on the other end of that and having someone behind and perched on my dinner.

So space is kind of one quality factor that I think about. The sixth issue is also getting a lot more attention because of COVID, and that we really don't want someone topping on our table during this pandemic.

And they're kind of like small, small quality factors, but they're also really more serious factors.

And I personally had a back injury about four years ago.

And when I was really hurt, I carried my own cushion around.

I carried it back and forth to my contracting job, and my new seat every day, at least I was comfortable.

And to my brother's horror, I also did this at bars.

And so I don't really know why restaurants pick these really uncomfortable chairs.

Maybe it's style. Maybe it's cutting costs on furniture.

Maybe it's to get you to turn over the table quicker, or just a general lack of consideration.

But that's something that I really kind of value in a restaurant.

If I see an outdoor picnic table, I probably prefer to go somewhere else, even now.

And too, when I think about the aging population, I think this becomes even more important.

I think about my own grandparents and kind of the issues we've had going out to eat, whether it's like not knowing that our reservation is on the top floor, and having them climb up, you know, a set of stairs and barely making it to the table, to kind of this open floor plan restaurant that has so much noise that my grandma can't hear at all, and kind of ruins our family dinner out.

That kind of brings me to my third feature to ask, is focusing our filters not just on the food ratings and prices, but also kind of these quality factors, like how much space is there?

Is it comfortable to sit there for a while? Can you actually hear the people across the table?

And then by having that information on the restaurants and allowing customers to sort by that information, you can also provide that feedback to restaurants.

Like, hey, customers are searching for this thing.

Maybe you should consider adding this to your dining experience. And that's going to follow the concept of aligning results with what we actually care about as consumers.

And so going back to kind of like my TED podcast in the intro, they did a really good one on kind of what we value, and kind of aligning businesses with like what we value overall rather than just kind of the money or profits.

And so that's also kind of what I think could differentiate this app from some of the kind of similar apps that already have some of this functionality that maybe would allow you to get in line for a restaurant already, or maybe give you a review of the quality of food and dining experience, is that this app is really not going to be supported by kind of restaurants and promoting ads or having people being able to influence the reviews.

It's really kind of all about the user and providing this quality dining experience.

And so to kind of recap my solution, Bon Appetit is going to serve customers through first optimizing the dining experience based on wait time.

They don't want to wait anymore.

Proposing limited options so that we reduce the pain of going through the choice factors, and allowing us to search based on comfort criteria, and kind of also kicking out kind of any skew on the actual restaurant rating and focusing this back on the customers of the diners who are actually going to enjoy this experience.

So the reason I want to share this thought experiment, I've been thinking about this in the context of kind of my daily life, but also much more kind of bigger scale issues.

And I think that COVID-19 is a real opportunity to change our current systems, whether this is how our cities are run, and solving kind of the quality of life around traffic and congestion, and still kind of keeping the things that we like about cities, like walkable cities and access to kind of social events.

We could apply it to the airline industry and making changes to kind of how they've pushed us into these smaller, smaller seats over time in the name of profit, and to focus the attention back on kind of the customers and the overall experience.

We could apply it to the music industry, which is kind of focused on really creating superstars and super big concert halls, and that is focused on kind of the artists and the music and sharing that in kind of an intimate setting.

So I think there's a lot of opportunities coming out of this pandemic to think about this and we have a little bit more time on our hands and we can think about how do we make this a better world.

I also think with a lot of the current events that have gone on lately and the Black Lives Matter movement, I think it's clear that there's a lot of systemic change that needs to happen so that we can ensure safety and equal treatment of all people.

And I think we should be thinking about these principles here as well.

We should be just kind of thinking about how we design our systems and that one, work with the way humans actually behave, how we actually function.

We need to focus our policies and solutions on actual problems and what's going to solve those.

And we need to innovate in the way we do things.

So with that, I will see if there are any questions.

So I'm not seeing any questions, so I'd like to go ahead and wrap up and thank Cloudflare for the opportunity to use this platform to talk about Bon Appetit on Cloudflare TV and ask you to stay tuned for the next segment.

This video will walk you through how to export access logs to a third-party SIEM and security intelligence platform using LogPush.

For this demo, we'll use an active Cloudflare domain with access enabled and a pre-configured Google Cloud Storage account.

To learn more about how to configure Cloudflare access, please visit the developer documentation at developers.Cloudflare.com backslash access.

The first step to exporting your Cloudflare access logs is to log into Cloudflare and choose an active domain that has Cloudflare access enabled.

After logging in, navigate to the analytics app in the Cloudflare dashboard, then click the logs tab.

Here, you can set jobs to push your logs outside of Cloudflare's platform.

Cloudflare supports different destinations, such as Amazon S3, Google Cloud Storage, Sumo Logic, and Microsoft Azure.

For this demo, we'll use Google Cloud Storage.

After choosing your preferred service, which in this case is Google Cloud, click next to configure the bucket path.

The first step is to name the bucket.

This name should be consistent with the bucket name in Google Cloud. The next step is to define a subfolder for Cloudflare to push your logs.

You have the option to set daily subfolders, so let's choose yes.

Cloudflare pushes the logs to dated subfolders, so it's very important to set the bucket permission to allow Cloudflare to push logs.

Now that the bucket path is defined, you need to set the route.

Copy the IAM user listed here. Now you need to head to Google Cloud Storage to add that user.

Navigate to Google Cloud Storage, click add members, and paste the user from Cloudflare into the new member field.

Select the storage object admin role, which gives full control of Google Cloud Storage objects.

Click save to complete.

Now, we need to head back to the log push configuration in the Cloudflare dashboard and validate the access.

Click validate access. When clicked, Cloudflare sends a test file to your destination to validate the access and prove ownership.

Now, let's go back to Google Cloud.

Click objects. Here you see a new folder created with today's date.

Click the folder and you should see the test file from Cloudflare.

Click the file, then the link URL, and copy paste the ownership token into the log push configuration within the Cloudflare dashboard.

Then, click prove ownership.

Now that the ownership has been validated, you need to choose a data set.

I'm going to select the HTTP requests. You'll see a list of fields to add to the logs, including cache, performance metrics, firewall, etc.

For now, I'll choose the default selection. If you click advanced settings, you'll see that you can set the time stamp format or choose to only send a random sample percentage of your logs to decrease the log value.

Let's stick with the defaults and click save and start pushing to complete the log push configuration.

Now that the log push configuration is complete, I need to use the log push API to import the data fields from Cloudflare to the Google Cloud Platform.

For this, we'll use Plus9, an API client that eases the work of doing API manipulation.

The first step is to get the ID of the job I've just created.

To do this, run the following API request.

After sending the request to the API, you'll see the job ID.

The second step is to update that job with the job ID from the previous API request.

Take the job ID, add it to the end of the following API request, and change the request to a put.

After clicking send, the same log push fields that you configured in the Cloudflare dashboard will be added to the Google Cloud Platform with the request headers at the end.

After sending the request, confirm that there are no errors, the job has been updated with the same ID, and the fields list is available, including the request headers.

Now that the job has been updated, let's check the bucket for the logs.

You should see the authenticated user aligned with the request.

After reviewing, you'll see that for all of the requests, there are specific fields and request headers with the cf-access -users, which gives a list of authenticated users that have been granted access to the applications.

This concludes the video walkthrough on how to export access logs to a third-party SIEM and security intelligence platform using LogPush.

If you have any questions or want to use access to secure other applications or resources, visit teams.Cloudflare.com backslash access.

you Hi, we're Cloudflare.

We're building one of the world's largest global cloud networks to help make the Internet more secure, faster, and more reliable.

Meet our customer Nito.

The thing that used to keep me up at night was security. Cloudflare helps to mitigate a lot of those fears.

It actually is the frontline for our platform and actually looks after pretty much all of the security as well as helping us on the cost side as well.

As one of Australia's leading e-commerce platforms, Nito powers the shopping experience for thousands of online retailers.

My name's Justin Hennessy.

I'm the VP of Engineering at Nito. Nito is one of the biggest e -commerce platforms in Australia.

Our platform receives between 85 and 90 million requests per day.

We have about 2 ,800 merchants on our platform, single shop owners who are just trying to sell online, all the way up to quite large organizations who do multi-warehouse sales.

In the landscape that we are now in, with cybercrime being as high as it is, the threats that hit our platform on a daily basis, it's really important to have both internal expertise and really good relationships with technology partners.

Nito first came to Cloudflare to streamline the process of securing its merchant sites.

Using Cloudflare's SSL for SaaS, Nito automatically provisions and manages security certificates across thousands of its customers' vanity domains.

SSL for SaaS is essentially the primary driver why we moved to Cloudflare.

We have a very complex onboarding process, and part of that is issuing certificates to customers.

Cloudflare allowed us to make that a completely automated, one -click process.

Anybody in the business could onboard and go live with a customer.

Soon, Nito found additional opportunities to leverage Cloudflare's platform for enhanced security, performance, and reliability.

The two major things that we've really embarked on this year around workers and AI bot management.

Cloudflare bot management is something that we've just recently turned on.

In its first day, we were able to block 2.4 million requests, and obviously that has a pretty significant cost effect over time.

Cloudflare Workers is actually quite an exciting piece of technology.

It's really allowed us to be quite creative about how we solve different problems.

I would definitely recommend Cloudflare as a technology vendor, because I believe they offer the full gamut of products.

You can start very small, and then you can grow into their feature sets.

With customers like Nito, and over 25 million other Internet properties that trust Cloudflare with their security and performance, we're making the Internet fast, secure, and reliable for everyone.

Cloudflare, helping build a better Internet.

The release of worker sites makes it super easy to deploy static applications to Cloudflare Workers.

In this example, I'll use create-react-app to quickly deploy a React application to Cloudflare Workers.

To start, I'll run npx create-react-app, passing in the name of my project.

Here, I'll call it my-react-app. Once create -react-app has finished setting up my project, we can go in the folder and run the project.

I'll run wrangler-init –site. This will set up some sane defaults that we can use to get started deploying our React app.

wrangler.toml, which we'll get to in a second, represents the configuration for my project, and workers .site is the default code needed to run it on the workers platform.

If you're interested, you can look in the workers .site folder to understand how it works.

But for now, we'll just use the default configuration.

For now, I'll open wrangler .toml and paste in a couple configuration keys.

I'll need my Cloudflare account ID to indicate to Wrangler where I actually want to deploy my application.

So in the Cloudflare UI, I'll go to my account, go to workers, and on the sidebar, I'll scroll down and find my account ID here and copy it to my clipboard.

Back in my wrangler.toml, I'll paste in my account ID, and bucket is the location that my project will be built out to.

With create -react-app, this is the build folder. Once I've set those up, I'll save the file and run npm build.

create-react-app will build my project in just a couple seconds, and once it's done, I'm ready to deploy my project to Cloudflare Workers.

I'll run wrangler publish, which will take my project, build it, and upload all of the static assets to workers.kv, as well as the necessary script to serve those assets from kv to my users.

Opening up my new project in the browser, you can see that my React app is available at my workers .dev domain, and with a couple minutes and just a brief amount of config, we've deployed an application that's automatically cached on Cloudflare servers, so it stays super fast.

If you're interested in learning more about worker sites, make sure to check out our docs, where we've added a new tutorial to go along with this video, as well as an entire new workers site section to help you learn how to deploy other applications to Cloudflare Workers.