Elections in 2024, Thanksgiving trends and AI inference in 100 cities

Hello everyone and welcome to This Week in Net. It's the November 27th, 2023 edition and there's Thanksgiving, Black Friday, Cyber Monday this week. So in this one you can expect some 2024 election perspectives and Cloudflare is helping there because cybersecurity is really important during elections, of course. We also traveled to London to go over a deep dive blog post on how to execute an object file and we also go to New York to hear about workers AI updates. That's our developers platform. So I'm João Tomé, but it's in Lisbon, Portugal and we start with Jocelyn Woolbright from our public policy team. Jocelyn is also in Lisbon and we recorded this on the day before Thanksgiving in the West, so on Wednesday. Hello Jocelyn and welcome to This Week in Net. Hi, thanks for having me. For those who don't know, where are you based? Yeah, so I'm based here in Lisbon, Portugal. And in the US, where are you originally from? Yeah, so I'm originally from Florida and I moved to Portugal about two years ago. Let's go to the blog post you wrote this week all about elections. 2024, the year of elections. That's the blog post you wrote. And actually before that, why don't you tell our audience what do you do at Cloudflare? Yeah, that's great. So my name is Jocelyn. I work on our public policy team and under the public policy team houses our impact team. So our impact team really revolves all around how we can help build a better Internet at Cloudflare. And a majority of what I do is I manage a lot of our different impact projects. So as we'll talk about a little bit today, we have a ton of different projects where we provide free upgraded Cloudflare services to vulnerable groups. So we have Project Galileo with nonprofits and human rights defenders. We have the Athenium Project with state and local governments, Cloudflare for campaigns for campaigns. So really that anything that falls in the realm of providing free upgraded services to really vulnerable communities will typically be under my purview. I've been here at Cloudflare for about four years. So it's been really interesting to see how our impact projects and kind of our environmental social governance part of Cloudflare has really grown in the last four years. Exactly. And those projects are really amazing. We've discussed it here in the show a few times, Project Galileo, even Athenium. This blog post is more related to elections. So it's more related to Project Athenium in a sense, right? Yeah. So it's interesting. We have so many different types of ways that we support election entities. And that's why the 2024 elections is so interesting, because there's so many different players in the election space. And we've really found a way to kind of provide protection to a range of different groups that work in elections. In the sense, the blog post you wrote starts with the number of elections in 2024, not only in the United States, but also in several countries. More than 70 elections scheduled in 40 countries around the world, which is a lot. Although every year, there's a lot of elections. But the US election plays a big role, right? Because it has several elections until the final presidential election related to Republicans and Democrats, the primaries. So it will be a full year of small elections until the big one, in a sense, right? Yeah, it's really interesting. So when it comes to 2024 and looking at elections, for example, you have the legislative and presidential elections in the US. You have general elections in India. And then you also have elections to appoint members of the European Parliament. And there's also so many more, like you said, there's more than 70 that are happening. And it's actually estimated that there's going all these elections are going to cover a population of roughly 2.3 billion people. So that's really why we're saying 2024 is the year of elections. And we're really excited to figure out what's the best, what role can Cloudflare play in kind of promoting trust in the electoral systems in the United States with all of the smaller elections and smaller local governments, but also thinking about the large elections. I think a lot of people forget that there are elections happening all the time. And we typically focus on the really big presidential ones, but even the smaller ones are very important in making sure that there's trust in those processes. It really starts at the local level, in my opinion. Absolutely. Makes sense. Even sometimes the local level has more vulnerabilities. They don't have as many dollars in this case or euros or whatever, what have you, for protection, to protect size. So sometimes it's even more important to be aware of those and helping protect those, right? Yeah, definitely. And I think one of the things I've learned the past kind of four years working at Cloudflare, when we kind of look at our space in the elections kind of processes, that trust is really the most crucial aspect of democratic elections, because it really ensures the integrity and fairness and legitimacy of the whole process. And when we talk about promoting democracy and transparency, elections are really the cornerstone of this. So providing trust and being able to be kind of a way that we can provide website security for that is something that's really important, in my opinion. And in the last few years, we've really seen that cyber attacks against election infrastructure have been on the rise. So for example, in the US, right before the 2016 election, the Department of Homeland Security actually reported that individuals tried to hack voter registration files in more than 21 states. And also you saw in Europe, hackers targeted not only campaigns of Emmanuel Macron in France, but also government election infrastructure in the Czech Republic and Montenegro. But I think one of the interesting parts is that cyber attacks, you see election officials not only have these challenges with cyber attacks, but also unpredictable website traffic patterns are another huge problem. So for example, you'll have voter registration websites see a flood of legitimate traffic of people looking to register to vote. So election websites really have to respond really quickly and stay online when they do see those unexpected traffic influxes. So imagine like someone's trying to find their polling place on election day and they'll go to like their local county website and the website is down. That can really erode the trust that citizens have in their government and the whole kind of electoral process. So whenever Klaveler, whenever we think about how we want to provide our services to these groups, we really want to make sure that they have the tools to be able to stay online and also the expertise to understand how they can use our services to make sure that when they do see these influxes of traffic, they're able to manage them. And that's really the important part of the trust building when it comes to elections. Makes sense, makes sense. In this case, you were mentioning elections even this week that we're recording. There was elections in Argentina, presidential ones, and in the Netherlands. So all elections are always happening because there's a lot of countries over in the world, but 2024 will definitely concentrate a few. We have some metrics here related to our main findings in terms of elections recently, right? In terms of how we mitigated threats related to US election groups, right? Yeah, definitely. And I think one of the things when we think about all of our projects, so when we talk about like, okay, Klaveler in the election space. So we have Project Galileo, which was launched in 2014, and that's providing free upgraded services to vulnerable groups like nonprofits, journalism organizations, human rights defenders. But when it comes to elections, we actually have a lot of US nonprofit organizations that work in like voting rights, promoting democracy, voter registration, and education. So for this analysis, we actually looked at about 65 organizations that work in this sector that are based in the US. And then we have the Athenium Project, which was launched in 2017. And that's specifically for US state and local government websites. And we have about 390 domains in 33 states protected under the project, which is really exciting. And then the other project that we have specifically is Cloudflare for Campaigns. So that one was launched in January 2020, and that was in partnership with a nonprofit organization called Defending Digital Campaigns. And so that's where we provide free upgraded services to more than 90 political campaigns and 20 political parties in the United States to make sure that campaigns really of all size have the tools they need to stay online and keep their information secure. So those are really a lot of when we talk about the US, that's how we think about the election space. But in this blog, we mainly focused on those entities, just because we have so many of these organizations that we can kind of analyze this data in kind of larger in larger sets. But we also really want to focus, we have a partnership to provide services outside of the US to election management bodies. And that's actually a partnership with the International Foundation of Electoral Systems, which is a really great partner in the space because what they do is actually provide technical assistance and expertise to these large election management bodies. So we've actually been able to provide our services to country election mission, country election commissions in the country of Georgia. We've done it in North Macedonia, Kosovo, Canada. So it's really interesting to see like how we've been able to take our expertise of protecting election entities in the US, and be able to kind of expand that protection to other entities. Because, you know, election security is not only a US issue, it is definitely a global issue. And the more that we kind of rely on the Internet, when it comes to getting information, the more that we're going to be needing these kinds of services to arrange of these groups online. Absolutely. And those countries are really relevant in terms of keeping democracies whole, democracies, democracies. So making sure that the elections are not troubled by attacks by foreign or weird patterns, in a sense, are really important there. The Blobos has a lot of viewpoints in terms of attacks. And also, as you were mentioning, some of the international partnerships that we've done recently, which is really interesting. Just to wrap it up in terms of this topic, the elections topic, what do we offer with some of these Galileo project, Athenian project? What do we offer for those that apply and have that protection? Yeah, definitely. So with Project Galileo, we provide our free business level services. With Athenian, we provide our free enterprise, which is our highest level of service. And then Cloudflare for campaigns is really a package of service dedicated to the needs of political campaigns. But I think one of the things that is really important and that we think about a lot on our team is that, you know, Cloudflare, we are really good at providing the layer seven application services, making sure that websites stay online from DDoS attacks, unexpected influxes of traffic. But we're really getting into a space of trying to figure out how we think about internal teams. So we actually provided, we announced our full Zero Trust product set to organizations under Project Galileo, Athenian, and Cloudflare for campaigns to make sure that, you know, if you have an organization that has a significant number of members, or if, for example, if you have a state or local government that is putting information in a self-hosted application of, you know, information about a voter database, like being able to make sure that they have the right types of security products to make sure that that's locked down and only the people that need to access it are able to access it. So we've been growing into the space of providing our Zero Trust products to these groups. And we're really excited to see like in 2024, how we can better support these election entities to make sure that their internal teams are protected and they're not subject to like a phishing attempt or taken down or sensitive voter information is stolen from that type of cyber attack. So I think that's what we're really excited about for 2024. Like how can we get more products in the hands of groups that really need it? And they're doing really great work around the world. Exactly. And with that, avoiding some of the possible problems and vulnerabilities that could arise. Before we go, because it's Thanksgiving, for those who don't understand really about Thanksgiving in the U.S. perspective, and you live in Lisbon, possibly you have to explain this to a lot of Portuguese. Why is the Thanksgiving important to Americans in this case specifically, but generally? Yeah, I love Thanksgiving. It is definitely one of my favorite holidays. And I think it really has, you know, historical roots tracing back to like early celebrations of the harvest and gratitude by Native Americans and Pilgrims. And I think one of the things when I think about Thanksgiving, it really symbolizes bringing families together and community together and really gathering around a meal with people that you love to share stories and strengthen relationships. And that's one of the things I really love about Thanksgiving. I think in the U.S., every family does it differently. And I also really love that. This year, I'll hopefully be celebrating Thanksgiving with some friends, making some pecan pie. So we'll see what that looks like. But yeah, Thanksgiving is definitely one of the times of year where it's just like you get everybody together and you can talk about how thankful you are, you know, for each other. That's really interesting, especially for those who don't celebrate it outside the U.S., for example. But do you have any specific stories related to Thanksgiving you want to share? So one of the parts about Thanksgiving, I always try and help my mom and my grandparents with cooking, but it's always I'm kind of shuffled out of the kitchen. So my brother and I have taken on the task typically of like setting up the table for Thanksgiving. And probably about 10 years ago, we were setting up the table. We're thinking about everything we want to put on it, all the decorations. And we put like these like fake leaves all over the table. And we got all the food on the table. We had these beautiful candles lit. And unfortunately, like the fake leaves and candles don't really mix very well. So what happened, there was like a mini fire along the whole table that happened like halfway through the dinner. So we really had to act really quickly. All the food was saved, but just like a little fire on Thanksgiving, which was fun, but I wouldn't recommend, you know, fake leaves and candles going at the same time. So those things happen. Before you go, actually, I want to share this chart, which is Thanksgiving in 2022. So last year, this is the 2022 perspective. Internet traffic drop in the U.S. states during Thanksgiving time. So that period between 1 p.m. and 6 p.m. local times. And you could see in the central area of the United States, bigger drops in traffic, Internet traffic during Thanksgiving. I love that because I love the idea of people not being on the Internet, you know, being more present for their friends and their family. So I really love to see this chart. It drops in every state, except actually, no, every state. There's not one state that it doesn't drop. The one that drops the least, I think it's New Jersey, 8%, minus 8% drop. So there's that. Yeah, that's great. Oh, well, that's a wrap. Thank you, Justin. Yeah, thanks so much. I'll talk to you later. Happy Thanksgiving. Bye-bye. Now it's time to go to London to understand a bit more about a deep dive blog post that we wrote last week on how to execute an object file. This is actually a series of blog posts. This is the fourth blog post and it started in 2021. Hello, Oksana. You're Oksana Karitonova? That's right. And what do you do at Cloudflare? I'm a system engineer in the Linux kernel team. Can you help me pronounce your name correctly? Oksana Karitonova. Oksana Karitonova. Yep, perfect. Good. And you wrote a blog post. This is a blog post. First, it's a deep dive, a technical deep dive. And next, it's not an isolated blog post. It's a blog post that, in a sense, it's a blog post that started in 2021 with part one. So this is the fourth part of that blog post. And that initial volume was started by Ignat from the Linux kernel team too. And you are stepping in, continuing those volumes in a sense, right? Yeah, that's correct. The whole series of blog posts started two years ago by my colleague Ignat. He's currently my manager. And the initial work was done for x86 CPU. Because at that time, when we needed to do this work for our internal needs, majority of our service were x86. And now we are working with ARM CPUs. And it's not because there is a lot of assembly code. It doesn't work for ARM as it worked for x86. So basically, I needed to repeat the same work just for ARM. But it's some parts are repeating, but others, when we touch assembly listings, they're completely different because assembly is very tied to CPU. So Oksana, what is the purpose of this blog post? What does it serve, really? We tried to solve our problem in Cloudflare when we needed to build a bridge between legal requirements for certain libraries and the rest of our system, where we needed to inline this library, which is built according to some legal requirements to the rest of our system. And this is basically what we did. Exactly, with this blog post and even the others. But the others are about more specific things. This one is another specific thing in a sense. And this, if I understand it correctly, it's building that bridge for the systems we have. And these are the systems that protect data, right? It's all about protection data in our data centers, right? Yeah, that's true. Because the data is most important. What we have is data of our customers. And to protect it, there are certain requirements from the legal, from government. Excuse me, I'm not a specialist in those areas, but technically, we have to follow them. And sometimes they're very different from the rest of our system, how it goes through the built-in process. And it's almost impossible to link them together at the same time in the way usually it's done. But what we did in the blog post, it allowed us to basically build separately one system and took the system and use it as part of another system. So again, it's the bridge to make all the systems comply. And it's not always as easy as you were mentioning. This is very, very technical because it's like a real process of trying to make different software, different systems to understand what is intended in this case, that legal requirements library, right? Yeah, because when something is designed, for example, Linux kernel was designed from engineering perspective, how the object files would get executed in the system. It was designed from their engineering perspective. I don't think many people really have needs to hook into system and inline their another code. But sometimes in real life, this is what needs to be done according to some legal requirements, according to some needs, anything. And you're trying to find the way how to make it work together. Exactly. So it works. And in this case, because we have this Anacast, this distributed network, when you deploy software, like in this case, like a new software is deployed, it goes to all of the data centers, it spreads out, right? It is. Yeah. And this is why I think about security first, because when we deploy it widely and use it in production, and anything can happen, there's some Internet-based processes, and there's some libraries, which can also have access to a system. And there's so many things that you need to keep in mind. And this is why at the end of the blog post, as at the beginning of the first blog post, there was a paragraph, think about security first. Make sure there's no chance, there's vulnerability, there's explorations of areas in the software in a sense. Yes. Yes. Correct. Because even inside Linux, there's a lot of precautions. There is like memory randomizer in my blog post, I mentioned this. So we even kind of statically get one library and in line think, okay, this is our memory, and we just can address these memories statically. And this is how protection, one of the protection mechanism in Linux is use randomized memory. So each time a program got executed, it has different memory addresses. And we have to think about this. So this is also security things. And there's many things inside Linux, which is designed for this. And as a design, there was cases where it was broken. Exactly. And this is why also because we took part of engineering system, like a linker, which was designed with all this security checks and boundary checks. And we just took this part on the hour and executed this binary inside our main program widely in all Cloudflare data center. We have to think, we have to take this responsibility, which we took from the linker on the hour. And the blog post goes along on the technical side. There's a lot of code there, explanations. So it's also educational for those who want to learn more about this topic, right? It's sharing with others, with the industry, what was done. So it's spreading the word in a sense. Yeah, at the beginning, it can be, it can feel a little bit difficult. Honestly, when I was working on this task, when I started working, and it was a bit difficult, how many information, how wide the blast of information under this topic. And what I tried to do in my follow-up blog post, to highlight the things which were not covered in the initial Ignaz blog post and make them more clear. So I would advise to read all of them because I tried not to repeat the information which was given in the first three series and just cover what I didn't understand or what wasn't clear enough from my perspective. And don't feel that if you don't understand all the things, don't feel bad about yourself because we spent a lot of days and hours working on this. Hmm. It's a very technical and working progress, right? It's always building up on what was learned in a sense. Yeah. Yeah. It's work in progress about what you're working on, about what you're studying, about your knowledges. It makes sense. And great work. Thank you, Oksana. Thank you. Thank you, Joel. And that's a wrap. So because this past week was Thanksgiving in the U.S., I wrote a blog post about that fact, in this case, called Do Hackers Eat Turkey and Other Thanksgiving Internet Trends? Just a few highlights in this case. Traffic in the U.S. dropped 10% on a daily aggregation. And there's also a few trends here on the what we call Thanksgiving hour. That's in terms of local states. That's around 3 p.m. in local states. For example, when traffic dropped the most last week on Thursday of Thanksgiving, it dropped as much as 22% compared with the previous week. And you can see that here in that chart. That's a lot. So people were definitely not using the Internet and being with their family. We also put this chart here. Thanksgiving 2023 chart. Internet traffic dropped by U .S. states. And this is the same trend we saw in 2022 as I was showing to Jocelyn before. More drops in traffic in central states and less drop in traffic in coastal states. But more drop in traffic on the East Coast than on the West Coast. So a few trends here that people can explore. And we also noticed that hackers, apparently, they suffered Turkey too because DDoS attacks, from our perspective, Thanksgiving day, November 23rd, was the day with lowest percentage of traffic classified as DDoS attacks targeting the U.S. And of course, email messages also slowed down. So a few conclusions here for those who really enjoy these trends. We also have two videos recorded by Ricky Robinette, our VP of developer relations, about two workers AI blog posts. Workers is our developers platform. And in this case, we have a few workers AI updates. One is stable diffusion, Colama, that are now models available. And also the fact that workers AI is in 100 cities worldwide. That means AI inference, GPU capacity in more than 100 locations. So here's Ricky. What's up, everybody? We just launched stable diffusion on workers AI. So I built a demo application to show you how it works. I have a seven-year-old daughter, and one of our favorite things to do with image generation is to create coloring book pages of anything she can dream up. So that is the application I built. Let's start by making a Pomeranian flying through the sky with a superhero cape on, and we'll create that. And this will take 10 to 30 seconds. So while this is loading, I'm going to switch screens, and I'm going to jump over to my code and show you a quick peek at that. So this is our code. We have an AI endpoint that gets hit, that passes a prompt the user put in. And then we make a request to workers AI. So AI run, we pass our stable diffusion model. And then I have a prompt of a black and white coloring book page of the prompt that the user sent in. And this sends us back the file, and we could save that, but I'm converting this to base64 so that we don't have to deal with file storage. All of this code is on GitHub. So don't worry if what is going on here. I'll drop that link in. And once we have the base64 image, we can send that back as our API response. So that is the code that generates this. Let me look and see. Yes, our image is generated. Here is our superhero Pomeranian flying through the sky. I will highlight that as we close out. We really can't wait to see what you build with stable diffusion and all the other models we're putting on workers AI. Please tweet at us, join in our discord. And if you want to get started, check out ai.Cloudflare.com. And there's also Mistral 7b. So we announced that we added the Mistral 7b to workers AI. I am so stoked that we launched Mistral on workers AI today. I wanted to record a quick video showing it off. To do that, I'm awesome, my first workers AI template on GitHub. You can clone this and be up and running with workers AI in just a couple minutes. I've done this for both Mistral and Llama too, so that you can see them side by side. And we're going to start by asking, what should I do at work today? So we'll see what advice they have for me for work today. So uh, Mistral says it's up to me, but if I give more details on my job, it will suggest some things I can do based on that. Llama too, similarly says it doesn't know about my job, but gives me some more kind of generic things I can think about, like prioritizing my task and staying organized, um, and communicating with the team. One of the things I found really fun is to see what different responses I get when I update system prompts. So I'm going to jump in VS code and you can see we have a very basic system prompt right now. You are a helpful AI assistant. I'm going to say you are a grumpy AI assistant. All of your answers are very, very sarcastic. And I will add this on Mistral. I'll also add this on Llama too. So they both get grumpy and we will reload these and we're going to ask the same question, but you can already see, you know, Mistral says, what a pleasure to meet you. I hope you're here to ask me a question so I can waste my time and provide you with a sarcastic response. Llama too says another human who thinks they can just waltz into my digital domain and expect me to be all cheerful and helpful. So I'm going to say, what should I do at work today? And let's see what they say. Mistral says, well, if you're looking for something to do at work today, I suggest you start by finding a way to make your boss's life as miserable as possible. Sorry, Dane. Maybe you can start by stealing their stapler or something. That should keep them busy for a while. Llama too says, oh, great. Now you're asking me for advice on how to waste your time at work. Do you really need me to tell you how to do procrastinate? If so, avoid actual productivity. I think both of these are great answers from a grumpy AI, honestly. But what I found is originally when I started working with large language models, using different prompts, system prompts, prompt engineering, gave me more answers that I wanted and I spent a lot of time on that. Now that there's more language models you can work with, I think also exploring different models to get the right answers for your application is really exciting. So if you want to get started, there are a bunch of details in our blog post on the Cloudflare blog about getting started with Mistral. You can also check out ai.Cloudflare.com. We cannot wait to see what you build with all of the new stuff we're launching. Thanks. We end it for this week with our CDO, John Graham-Cumming, answering a few questions that were sent by our audience. Here's Ask the CDO. Someone asked a question about the Cloudflare free plan. Do you believe Cloudflare will have any issues with their free plan as the cost in providing the free plan is higher than the revenue gain from the paid plans? Well, I'm not sure that's true, the last part. But the truth of the matter is the free plan is enormously important to Cloudflare. It's enormously important because people can try Cloudflare without constraints, as that means that you can come to us and you can try something out on Cloudflare and figure out whether we are the right product for you. And that is incredibly powerful. The other day, I was talking to someone actually who left to go to a competitor, and he decided to return to the company. And I asked him, why did you decide to return? And he had a few reasons. But one of the reasons was he could not even demonstrate the product he was selling to the customer because they were so afraid that something would go wrong in the demonstration. We really have an opposite philosophy, which is to say, look, try it. Try every feature. We want every feature to be available in some form in either our free or very inexpensive paid plans, because we need people to try the product. We need it to be a product that everyone can use. And the other thing the free plan does is it makes Cloudflare work in a self-service fashion in a really, really deep way in that you can then use every aspect of the tool. You don't need to have a training course. You don't need to have professional services. And that pays off with the paid customers because they can deeply integrate Cloudflare into their workflow. They know they can do it themselves. They can learn it. And so I think the free plan is very, very important to Cloudflare, and we have never considered not having it.