1 00:00:00,000 --> 00:00:04,100 This is epicenter episode 264 with guest mix Sullivan. 2 00:00:12,000 --> 00:00:21,400 This episode of epicenter is brought to you by Microsoft 3 00:00:21,400 --> 00:00:24,700 Azure configure and deploy a Consortium blockchain Network in 4 00:00:24,700 --> 00:00:27,100 just a few clicks with pre-built configurations and 5 00:00:27,100 --> 00:00:30,200 enterprise-grade infrastructure, spend less time on blockchain 6 00:00:30,200 --> 00:00:33,500 scaffolding and more time building your application to 7 00:00:33,500 --> 00:00:37,200 learn more visit aka.ms/offweb Ascender. 8 00:00:37,200 --> 00:00:44,600 Hi welcome to Enter, my name is Sebastien Boucher and my name is 9 00:00:44,600 --> 00:00:46,000 Santiago. Hey Sonny. 10 00:00:46,000 --> 00:00:48,800 How's it going going? Well, how are you pretty good. 11 00:00:48,800 --> 00:00:50,600 It's been a while since we've done this the guy. 12 00:00:51,000 --> 00:00:53,800 Yeah, definitely. I think I think it made most 13 00:00:53,800 --> 00:00:57,200 last one but you said you've done some great episodes as I 14 00:00:57,200 --> 00:00:59,000 congratulations on the coral episode. 15 00:00:59,000 --> 00:01:00,600 It was terrific. I thank you. 16 00:01:00,800 --> 00:01:02,600 I listened to it twice. That's a good one. 17 00:01:03,300 --> 00:01:08,700 Yeah, yeah. So today we're speaking with mix 18 00:01:08,700 --> 00:01:12,900 all oven and make Sullivan is the head of Cryptography at 19 00:01:12,900 --> 00:01:15,900 cloudflare and cloudflare is not, you know one of your 20 00:01:16,100 --> 00:01:19,500 typical companies that we usually cover on the podcast. 21 00:01:20,000 --> 00:01:23,000 It's more of a traditional internet company but they're 22 00:01:23,008 --> 00:01:25,500 doing some like really, really interesting stuff with 23 00:01:25,500 --> 00:01:32,500 cryptography that I really wasn't quite aware of before 24 00:01:33,200 --> 00:01:35,000 recording this podcast. Yeah. 25 00:01:35,000 --> 00:01:37,000 And they're like you a lot too. Like especially like help bring 26 00:01:37,000 --> 00:01:39,700 like a lot of like the centralization Technologies like 27 00:01:39,800 --> 00:01:43,200 tour and ITF bass and whatnot. To like sort of the masses. 28 00:01:43,200 --> 00:01:46,100 Like, you know, a lot of like watching companies are like, you 29 00:01:46,107 --> 00:01:49,200 know, building really cool Tech but like it's really hard to get 30 00:01:49,200 --> 00:01:53,300 this stuff into the hands of like everyday users and you 31 00:01:53,300 --> 00:01:55,300 know, Cloud fair is literally like making this a lot of the 32 00:01:55,308 --> 00:01:59,000 stuff a lot more accessible. Yeah, absolutely. 33 00:01:59,000 --> 00:02:02,300 I mean I think just the fact that a company like cloudflare 34 00:02:02,300 --> 00:02:07,800 is is writing the blog posts quite like long and detailed 35 00:02:07,800 --> 00:02:11,400 blog post about what is ipfs and how they're using it. 36 00:02:11,800 --> 00:02:14,200 And you know, these posts are read by him, probably, tens of 37 00:02:14,200 --> 00:02:16,600 thousands of people outside of the crypto. 38 00:02:16,600 --> 00:02:19,800 Space is just great for the ecosystem, I think. 39 00:02:20,800 --> 00:02:24,500 And yeah, make Nick was a great, great hope, great guests. 40 00:02:24,500 --> 00:02:26,900 Very articulate. And I mean, I really am a huge 41 00:02:26,900 --> 00:02:30,900 fan of, like, Always been a huge fan of like decentralization 42 00:02:30,900 --> 00:02:33,700 projects that aren't necessarily like blockchain focus. 43 00:02:34,000 --> 00:02:37,500 And so Cloud for has been working a lot with tour and ipfs 44 00:02:37,500 --> 00:02:39,200 or like you know really excited me. 45 00:02:40,100 --> 00:02:42,700 Yeah. So hope you enjoyed this episode 46 00:02:42,700 --> 00:02:46,600 with Nick and that we do have a couple of announcements so I 47 00:02:46,600 --> 00:02:50,200 think in the last episode I was on, I mentioned the be at the 48 00:02:50,200 --> 00:02:53,900 hopper Ledger global forum. It is from the 12th to the 15th. 49 00:02:54,100 --> 00:02:57,600 I'll be there on the 12th and the 13th and I have the 50 00:02:57,608 --> 00:02:58,700 discount. Code now. 51 00:02:58,700 --> 00:03:00,900 And so if you're interested in attending it is in Basel. 52 00:03:00,900 --> 00:03:05,500 Switzerland, Brian's Hometown and mayor's old city where he 53 00:03:05,500 --> 00:03:08,000 used to live. I've never been there so. 54 00:03:08,000 --> 00:03:11,200 Yeah, I'm excited at, there's a discount for 15%. 55 00:03:11,400 --> 00:03:20,500 It is hgf 18 Muse. So hgf 18 Muse, you can go to 56 00:03:20,500 --> 00:03:23,300 the events page. If you do, if you search for 57 00:03:23,300 --> 00:03:26,600 hydrologic global forum, you'll find it and if you can't 58 00:03:27,200 --> 00:03:33,100 remember this, Scout code. We tweeted it a few days ago so 59 00:03:33,100 --> 00:03:38,500 you can see it. It was tweeted on on the 23rd of 60 00:03:38,500 --> 00:03:39,700 November. So you can always go back to our 61 00:03:39,708 --> 00:03:43,900 Twitter feed and see it. So hopefully, if you're there, 62 00:03:43,900 --> 00:03:47,300 come say hi. We got to say, see you and Sonny 63 00:03:47,300 --> 00:03:49,400 you mentioned, you re also attending some events. 64 00:03:49,900 --> 00:03:52,900 Yeah. So next month, December 11th. 65 00:03:53,500 --> 00:03:57,300 There's a company called Dora hacks which has hosted a bunch 66 00:03:57,300 --> 00:03:59,600 of like really. Cool blockchain hackathons 67 00:03:59,900 --> 00:04:04,900 throughout the world in China and Berlin and Toronto. 68 00:04:05,400 --> 00:04:09,400 And so they're actually holding their first event here in SF on 69 00:04:09,400 --> 00:04:12,000 December 11th. It's completely free to anyone 70 00:04:12,000 --> 00:04:15,200 to attend. I'll be speaking and mentoring 71 00:04:15,200 --> 00:04:17,399 at this event. So if you want to come back with 72 00:04:17,399 --> 00:04:21,200 me on some cool stuff, definitely check it out free and 73 00:04:21,200 --> 00:04:24,100 it just look it up. On Eventbrite Dora hacks, SF. 74 00:04:24,700 --> 00:04:27,100 I got a question for you. I've never attended a hackathon. 75 00:04:27,700 --> 00:04:29,400 Hmm. What would you, what would you 76 00:04:29,400 --> 00:04:31,100 suggest? Like for some I mean I'm 77 00:04:31,100 --> 00:04:35,700 particularly I know how to code. I don't code like every day 78 00:04:35,700 --> 00:04:38,300 anymore but you know, at some point in my life, I was like a 79 00:04:38,308 --> 00:04:41,300 front end developer and I have some experience with stuff like 80 00:04:41,300 --> 00:04:47,000 node, my smart contract development skills or near zero. 81 00:04:47,700 --> 00:04:53,500 But you know, practically speak a, you know, if I'm interested 82 00:04:53,500 --> 00:04:55,800 in like learning how to do, things is a hackathon, a good 83 00:04:55,800 --> 00:04:59,600 place to stay. To sort of like just, you know, 84 00:05:00,500 --> 00:05:04,600 jump in both feet first or is that not recommended for someone 85 00:05:04,600 --> 00:05:06,900 like me? I would say that there's usually 86 00:05:06,900 --> 00:05:09,600 often, like two classes of people who attend hackathons, 87 00:05:09,600 --> 00:05:12,400 just people who are there to, like, you know, go win. 88 00:05:12,400 --> 00:05:14,300 Like, they want to build a cool project and end up with 89 00:05:14,300 --> 00:05:17,800 something at the end of the, at the end of the weekend and like 90 00:05:17,800 --> 00:05:20,600 actually, like, or there's often people who are there just to 91 00:05:20,608 --> 00:05:23,500 like, learn something. And, you know, I I've worn both 92 00:05:23,500 --> 00:05:27,600 hats throughout my hackathon career, if you will And so, you 93 00:05:27,600 --> 00:05:31,000 know some so sometimes I know I go in with a project, I really 94 00:05:31,000 --> 00:05:33,000 want to build and I'm like, I want to get this done in this 95 00:05:33,000 --> 00:05:35,800 weekend and so I'll do that. But then there's some times 96 00:05:35,800 --> 00:05:38,000 where it's like, you know, I just want to like learn a new 97 00:05:38,000 --> 00:05:41,100 piece of technology. And so I just like try to choose 98 00:05:41,100 --> 00:05:45,400 like a very, very simple product project and that's like, and 99 00:05:46,100 --> 00:05:48,500 honestly like when you were at hackathons like when your 100 00:05:48,600 --> 00:05:50,600 experiment with a new technology, like anyone who's 101 00:05:50,600 --> 00:05:53,200 done this before, you know that like half a Time, get goes into 102 00:05:53,200 --> 00:05:56,100 just, like, installing the software which is, you know, not 103 00:05:56,100 --> 00:05:59,000 not not fun. But yeah, definitely like, you 104 00:05:59,000 --> 00:06:02,300 know, look at checkout like tutorials and like, you know, I 105 00:06:02,300 --> 00:06:04,400 would say, I would say they spend a lot of the hackathon 106 00:06:04,400 --> 00:06:05,800 instead of like building the product. 107 00:06:05,800 --> 00:06:08,700 First, spend like half the first half almost like going through 108 00:06:08,700 --> 00:06:11,600 tutorials and then the second half, if you're feeling 109 00:06:11,600 --> 00:06:14,900 comfortable, then struck start to like try to work on a project 110 00:06:15,200 --> 00:06:18,000 directly. Yeah, right. 111 00:06:18,000 --> 00:06:20,400 Okay. So and maybe like a good 112 00:06:21,000 --> 00:06:24,500 exercise to it's like properly, take some time and go do some 113 00:06:24,500 --> 00:06:27,900 tutorials around people that can prepare Each Mentor, you and 114 00:06:27,900 --> 00:06:30,200 this sort of thing, so a good opportunity to learn. 115 00:06:30,400 --> 00:06:32,800 If you're not going to build like a proper project. 116 00:06:33,000 --> 00:06:36,200 And one of the hackathons is often a lot of mentors there, 117 00:06:36,200 --> 00:06:38,100 and I think that's honestly, sometimes one of like the most 118 00:06:38,100 --> 00:06:41,300 underused, like amenities that hackathons offers. 119 00:06:41,300 --> 00:06:45,100 So definitely talk to the mentors and then also, you know, 120 00:06:45,200 --> 00:06:48,100 especially when I'm doing one of like the more learning style, I 121 00:06:48,100 --> 00:06:51,800 really like to not show up with a team and I really like to like 122 00:06:51,800 --> 00:06:55,200 get to the hackathon and like, find new people there to work 123 00:06:55,200 --> 00:06:57,900 with it just makes it a much more A fun experience in my 124 00:06:57,907 --> 00:06:59,800 opinion. Cool, thanks. 125 00:06:59,800 --> 00:07:01,800 Thanks for the tips. I think. 126 00:07:01,800 --> 00:07:04,200 I'll, maybe I'll look out for some hackathons to attend. 127 00:07:04,200 --> 00:07:07,700 Then sure. All right, so without further 128 00:07:07,700 --> 00:07:10,800 Ado, here's your snake solvent of cloudflare. 129 00:07:13,400 --> 00:07:14,400 Hi. So we're here today with Nick 130 00:07:14,400 --> 00:07:15,900 Sullivan. Who's had a cryptography at 131 00:07:15,900 --> 00:07:17,800 cloudflare. Make thanks for joining us 132 00:07:17,800 --> 00:07:20,200 today. Absolutely thanks for having me. 133 00:07:21,200 --> 00:07:24,300 Yeah, we're really excited about the show when I found out that 134 00:07:25,000 --> 00:07:29,200 the cloudflare was sort of dabbling with ipfs. 135 00:07:29,200 --> 00:07:32,100 It led me to like do a bit more research about what you guys are 136 00:07:32,108 --> 00:07:34,200 doing in the area of Photography and it turns out that you guys 137 00:07:34,200 --> 00:07:36,200 are doing a lot of really, really cool. 138 00:07:36,200 --> 00:07:39,700 Interesting stuff. And I'm always really fascinated 139 00:07:39,700 --> 00:07:44,600 when like companies and the more traditional web space and sort 140 00:07:44,600 --> 00:07:47,800 of intersect with like companies that were more familiar with in 141 00:07:47,800 --> 00:07:50,700 the Block Chain space and projects and companies like in 142 00:07:50,700 --> 00:07:53,300 the sense of ipfs. So that's why I was really, 143 00:07:53,700 --> 00:07:56,900 really happy to have you on. So let's maybe start off by 144 00:07:57,400 --> 00:08:00,300 talking a bit about your background and how you got 145 00:08:00,300 --> 00:08:03,300 involved in cryptography and how you landed it as ahead of 146 00:08:03,300 --> 00:08:08,200 cryptography at Koffler sure. Well, I have always been 147 00:08:08,200 --> 00:08:12,200 interested in math and Mathematics and Solving problems 148 00:08:12,200 --> 00:08:15,300 and puzzles and cryptography in general. 149 00:08:15,700 --> 00:08:20,000 So, when I went to school in Canada University of Waterloo, I 150 00:08:20,200 --> 00:08:26,600 did a pure math degree, and was really kind of enthralled by the 151 00:08:26,600 --> 00:08:29,900 abstract notion of, you know, taking understanding the, the 152 00:08:29,900 --> 00:08:32,400 mathematical World understanding, how objects fit 153 00:08:32,400 --> 00:08:35,400 together. How prime numbers worked, how 154 00:08:35,400 --> 00:08:41,100 you could, you could take something like as simple as you. 155 00:08:41,200 --> 00:08:42,799 No, two and three and five and seven. 156 00:08:42,799 --> 00:08:45,700 And you have the sort of infinite number of interesting 157 00:08:45,700 --> 00:08:49,500 problems and challenges to go through to discover this. 158 00:08:49,500 --> 00:08:53,600 And after I did a master's degree in cryptography, I got 159 00:08:53,600 --> 00:08:57,100 into the computer security world and worked for a little bit at 160 00:08:57,100 --> 00:09:02,000 Symantec. I wrote some documents basically 161 00:09:02,000 --> 00:09:04,900 on the Internet Internet Security, in general, they have 162 00:09:04,900 --> 00:09:07,700 this thing called the internet security threat report, that 163 00:09:08,800 --> 00:09:11,100 kind of help analyze what's going on online online. 164 00:09:12,000 --> 00:09:16,500 My kind of two passions were the internet and understanding you 165 00:09:16,500 --> 00:09:19,800 know what people are doing in this really kind of amazing 166 00:09:19,800 --> 00:09:23,600 interconnected Network that we all enjoy as the internet and 167 00:09:23,600 --> 00:09:26,900 and cryptography which is this, the science of secret 168 00:09:26,900 --> 00:09:31,300 information and so after after leaving somatic, I joined Apple 169 00:09:31,600 --> 00:09:37,600 where I worked on a lot of some sort of secret cryptography 170 00:09:37,600 --> 00:09:40,300 related efforts for about six years or so. 171 00:09:40,600 --> 00:09:43,400 And And eventually I learned about this company called 172 00:09:43,400 --> 00:09:48,900 cloudflare, which was a very young startup at the time, but 173 00:09:49,300 --> 00:09:51,900 was doing some really interesting things. 174 00:09:51,900 --> 00:09:56,100 For example, they had withstood what was at the time, the 175 00:09:56,100 --> 00:09:59,200 largest distributed denial-of-service in history. 176 00:09:59,300 --> 00:10:02,800 And so a lot of what Club there was doing, was really 177 00:10:02,800 --> 00:10:06,600 interesting to me, because they were offering a free service to 178 00:10:06,600 --> 00:10:11,000 help accelerate the web as well as protect it from threats. 179 00:10:11,200 --> 00:10:14,400 And they're kind of, kind of at the center of everything that 180 00:10:14,400 --> 00:10:17,800 was going on all online. So when I joined cryptography, I 181 00:10:17,800 --> 00:10:22,200 was the first kind of security engineering focused person at 182 00:10:22,200 --> 00:10:24,700 the company. And I've been here for about 183 00:10:24,700 --> 00:10:29,000 five and a half years. Growing the team that the 184 00:10:29,000 --> 00:10:30,900 company has grown tremendously since then. 185 00:10:31,300 --> 00:10:36,000 We're now, you know, a big startup if you will still 186 00:10:36,000 --> 00:10:39,300 private company. But so I started the 187 00:10:39,300 --> 00:10:43,800 cryptography team. I cloudflare in order to use 188 00:10:43,800 --> 00:10:47,800 this really interesting tool which is cryptography, 189 00:10:47,800 --> 00:10:52,600 encryption hash functions. All this sort of really cool 190 00:10:52,600 --> 00:10:56,900 math science that that lets you protect information online as 191 00:10:56,900 --> 00:11:01,100 well as provide properties like integrity and non-repudiation. 192 00:11:01,500 --> 00:11:06,700 And I started building a team to help take cryptography and apply 193 00:11:06,700 --> 00:11:09,300 it to some of the bigger problems that cloud service 194 00:11:09,300 --> 00:11:15,000 facing and to basically spearhead a new research in this 195 00:11:15,000 --> 00:11:17,000 area. And so this is what I've been 196 00:11:17,000 --> 00:11:19,600 doing ever since. So when you are in college 197 00:11:20,000 --> 00:11:23,800 studying or university as us Canadians say and studying 198 00:11:23,800 --> 00:11:27,700 geography in Waterloo and in your, you know, you know, 199 00:11:28,100 --> 00:11:32,200 getting into the your career did you have any idea that I 200 00:11:32,200 --> 00:11:37,700 cryptography would become such an important thing like today? 201 00:11:38,400 --> 00:11:42,600 I mean, just just if you think a block chains It's such a central 202 00:11:42,600 --> 00:11:45,100 place after Central role in the functioning of that technology. 203 00:11:45,100 --> 00:11:47,800 And also just generally the web. Did you think that this was 204 00:11:47,800 --> 00:11:51,300 something that would become? So massively, important for the 205 00:11:51,300 --> 00:11:53,700 world? Well, it's very hard to hard to 206 00:11:53,700 --> 00:11:56,100 see what happened, right? It's hard to predict what 207 00:11:56,100 --> 00:11:58,300 happened. Like, for example, my thesis was 208 00:11:58,300 --> 00:12:03,300 on elliptic curve cryptography which at the time was barely. 209 00:12:03,300 --> 00:12:07,700 Barely ever used for anything in production, it was sort of you 210 00:12:07,700 --> 00:12:11,400 could you could use SSL for your Website, right? 211 00:12:11,400 --> 00:12:13,900 You had you'd have encryption for your website, but everything 212 00:12:13,900 --> 00:12:19,200 that people were using was based on diffie-hellman and RSA, which 213 00:12:19,200 --> 00:12:22,200 were the two standard algorithms developed in the 70s, and 214 00:12:22,200 --> 00:12:24,000 elliptic curves, were this kind of new thing. 215 00:12:24,200 --> 00:12:27,800 And now, this is actually the fundamental glue that holds 216 00:12:27,800 --> 00:12:30,500 together Bitcoin as well as the theory. 217 00:12:30,500 --> 00:12:34,800 I'm and, you know, and it's also the the most fundamental 218 00:12:34,800 --> 00:12:37,800 cryptography for protecting information online, when you're 219 00:12:37,800 --> 00:12:42,200 browsing the internet, so it was very hard to see See at the time 220 00:12:42,200 --> 00:12:45,600 that you know this interest of mine would become one of the one 221 00:12:45,600 --> 00:12:48,800 of the key Technologies to enable technology in the 21st 222 00:12:48,800 --> 00:12:52,000 century. Could you like, give us a little 223 00:12:52,000 --> 00:12:56,100 bit of a brief Lowdown on like what cloudflare is overall? 224 00:12:56,400 --> 00:12:59,000 You know, it's like talking to a traditional boxing companies to 225 00:12:59,000 --> 00:13:01,100 some of our listeners. I'm sure I'd like heard of 226 00:13:01,100 --> 00:13:05,800 cloudflare but maybe don't know. Quite exactly what they do and, 227 00:13:05,800 --> 00:13:09,600 you know, it relatively young company actually write, like I 228 00:13:09,608 --> 00:13:12,200 think only nine years and like, somehow it's grown to become 229 00:13:12,200 --> 00:13:13,800 this. Like almost like centerpiece, 230 00:13:13,800 --> 00:13:17,100 like, very integral part of the entire, like, web 231 00:13:17,100 --> 00:13:19,000 infrastructure. So could you tell us a little 232 00:13:19,000 --> 00:13:20,600 bit about what? The different kind of things 233 00:13:20,600 --> 00:13:22,700 Cloud for is working on and what not sure. 234 00:13:22,700 --> 00:13:25,600 Yes. Well, claw Muffler is a Internet 235 00:13:25,600 --> 00:13:27,300 Security and performance company. 236 00:13:27,900 --> 00:13:31,500 The mission of cloudflare is to help build a better internet and 237 00:13:31,900 --> 00:13:36,200 that's really what we're trying to do is folks who operate 238 00:13:36,200 --> 00:13:40,300 websites and who operate web services and who offer services 239 00:13:40,300 --> 00:13:43,900 online. Whether you're sort of a smart, 240 00:13:43,900 --> 00:13:47,600 the smallest sort of individual, hosting your own blog to a very 241 00:13:47,600 --> 00:13:51,100 large corporation. Large Enterprise that has 242 00:13:51,300 --> 00:13:54,300 massive, massive sets of customers. 243 00:13:54,300 --> 00:13:57,500 And, you know, very, very high requirements will Koffler does 244 00:13:57,500 --> 00:14:03,800 is just help make your site or your your property faster, more 245 00:14:03,800 --> 00:14:07,300 secure, more available and to give you insights. 246 00:14:07,600 --> 00:14:12,600 So, the way that clefts are does, this is using I guess the 247 00:14:12,600 --> 00:14:17,400 two main traditional protocols on the internet, HTTP or https, 248 00:14:17,800 --> 00:14:22,400 the encrypted version and DNS. So clubs are has data centers 249 00:14:22,900 --> 00:14:25,200 distributed all around the world over 150. 250 00:14:25,200 --> 00:14:28,200 I don't have the exact number now but in basically every 251 00:14:28,200 --> 00:14:33,100 continent except for Antarctica. And so the way it works is if 252 00:14:33,100 --> 00:14:36,800 you sign up for cloudflare rather than visitors to your 253 00:14:36,800 --> 00:14:40,400 site going directly to your site, which could have to travel 254 00:14:40,400 --> 00:14:44,200 across the entire world, which do to speed of light 255 00:14:44,200 --> 00:14:47,400 considerations can actually, you know, slow things down, you 256 00:14:47,400 --> 00:14:50,000 connect to the nearest cobbler, Kitchen. 257 00:14:50,000 --> 00:14:53,300 And if we have, if you have sort of static content on your site, 258 00:14:53,300 --> 00:14:54,800 we can serve it directly from there. 259 00:14:54,800 --> 00:15:00,400 So we can also apply rules, so rules to protect against 260 00:15:00,400 --> 00:15:03,200 different types of attacks. So, if you think of people doing 261 00:15:03,200 --> 00:15:06,900 SQL injections, or cross-site scripting attacks, or all these 262 00:15:06,900 --> 00:15:11,700 sort of web security things by being able to inspect the 263 00:15:11,700 --> 00:15:15,700 traffic, we can block these attacks and the part that's 264 00:15:15,700 --> 00:15:20,700 closer to my responsibilities. Is that we also So can provide 265 00:15:20,700 --> 00:15:25,300 encryption so in the early days of the web and and some of the 266 00:15:25,300 --> 00:15:28,400 more challenging things that have web administrator has to 267 00:15:28,400 --> 00:15:31,700 do, is set up encryption and encryption security for your 268 00:15:31,700 --> 00:15:34,800 website. So, to move from HTTP to https, 269 00:15:35,200 --> 00:15:39,300 you have to buy a certificate or get a certificate issued and you 270 00:15:39,300 --> 00:15:42,500 know, manage the configuration and do these sort of things that 271 00:15:42,500 --> 00:15:44,900 are better little tricky and cloudflare makes that kind of 272 00:15:44,900 --> 00:15:49,400 dead simple and handles it on your behalf so clever. 273 00:15:49,600 --> 00:15:53,600 Service has grown tremendously and one of the reasons for that 274 00:15:53,600 --> 00:15:59,100 is that we offer a free service, so there's over 11 million 275 00:15:59,100 --> 00:16:01,600 domains or so that use cloud floats free service, which is 276 00:16:01,800 --> 00:16:04,200 probably why, so many people have heard it. 277 00:16:04,500 --> 00:16:08,100 And so, yeah, you can sign up for cloudflare and get, you 278 00:16:08,100 --> 00:16:10,100 know, denial-of-service protection. 279 00:16:10,100 --> 00:16:14,000 So if someone's trying to knock you off, the internet, will sit 280 00:16:14,000 --> 00:16:16,500 in front, right? And we can see the bad traffic 281 00:16:16,500 --> 00:16:19,000 and we can kind of keep you online while other people are 282 00:16:19,008 --> 00:16:20,600 trying to eat. To take you off. 283 00:16:21,100 --> 00:16:25,500 And so it's, it's great because having all of these different 284 00:16:25,500 --> 00:16:28,200 customers gives us some visibility into what's really 285 00:16:28,200 --> 00:16:32,800 happening on the internet. And we take what we see from the 286 00:16:32,800 --> 00:16:34,800 general General set of customers. 287 00:16:34,800 --> 00:16:37,900 And and if you see an attack against One customer, you can 288 00:16:38,200 --> 00:16:43,000 use it to protect other people. So it's a, it's a real, it's a 289 00:16:43,000 --> 00:16:46,400 real center of the internet, kind of thing, where it things 290 00:16:46,400 --> 00:16:48,600 go through us and we learn about it, and we helped make the 291 00:16:48,600 --> 00:16:52,500 internet better. And we're not only involved in 292 00:16:52,500 --> 00:16:56,200 just providing this service, we're all. 293 00:16:56,200 --> 00:17:01,200 So we really care about making the internet scale going forward 294 00:17:01,200 --> 00:17:03,100 and to make the making the internet better. 295 00:17:03,100 --> 00:17:07,800 So we're involved in standards for example, TLS 1.3, which is 296 00:17:08,200 --> 00:17:10,900 the recent encryption standard for for websites. 297 00:17:10,900 --> 00:17:15,099 We were closely involved with that and and my team we do a lot 298 00:17:15,099 --> 00:17:19,800 of research on the cryptography side to see what new Ways we 299 00:17:19,800 --> 00:17:23,800 can, we can change things. So that in the future, using the 300 00:17:23,800 --> 00:17:27,900 internet is safer, more secure faster than it is today and are 301 00:17:27,900 --> 00:17:30,500 using your own dark fiber between data centers. 302 00:17:31,100 --> 00:17:34,400 Now, we use the, we use the internet, which is why we rely 303 00:17:34,400 --> 00:17:38,600 on strong encryption so much. So every one of clubs there's 304 00:17:38,600 --> 00:17:43,800 data centers, is independent. And I guess you could say 305 00:17:43,800 --> 00:17:47,900 technically decentralized, although administratively 306 00:17:47,900 --> 00:17:51,400 centralized and And we communicate over the Internet 307 00:17:51,400 --> 00:17:54,500 over different interconnections with different networks. 308 00:17:54,500 --> 00:17:58,900 So Koffler is actually the most connected Network on the 309 00:17:58,900 --> 00:18:01,600 internet. We have more peering sessions 310 00:18:01,600 --> 00:18:04,500 with other networks than than anybody else online. 311 00:18:05,800 --> 00:18:10,700 Yes, I we use cloud Fair on our website and we use the the paid 312 00:18:10,700 --> 00:18:12,400 service. And I also use it on some other 313 00:18:12,400 --> 00:18:15,700 websites like the free service. And I kind of see cloudflare, as 314 00:18:15,700 --> 00:18:19,000 this, like, nice blanket of security, but the also provides 315 00:18:19,000 --> 00:18:22,600 like a bunch of optimizations like it, serves your CSS and 316 00:18:22,600 --> 00:18:24,700 JavaScript super fast in your HTML. 317 00:18:25,200 --> 00:18:29,100 And, and it has these like, built-in, you know, like this 318 00:18:29,100 --> 00:18:32,200 built-in fortress-like that you can call upon it will, if 319 00:18:32,200 --> 00:18:34,600 you're, if you're being attacked that, you know, sort of like 320 00:18:34,600 --> 00:18:38,800 coming, I'm into action. If certain rules are being are 321 00:18:38,800 --> 00:18:41,000 being triggered. So yeah, it's a really great 322 00:18:41,000 --> 00:18:45,300 service in like, no wonder that a lot of people are using it and 323 00:18:45,300 --> 00:18:48,000 it does show up at the in a lot of places on the internet and 324 00:18:48,000 --> 00:18:52,200 you very often see cloudflare landing pages and like capture 325 00:18:52,300 --> 00:18:53,700 landing pages quite a bit of mine. 326 00:18:53,700 --> 00:18:55,200 So we'll come back to the capture thing. 327 00:18:55,500 --> 00:19:00,400 But later when in September you and some colleagues of yours 328 00:19:00,900 --> 00:19:03,500 wrote a series of blog posts and we'll link to these in the show 329 00:19:03,500 --> 00:19:06,800 notes and I strongly encourage I remember listening to this to 330 00:19:06,800 --> 00:19:10,200 check out these blog posts because the really terrific. 331 00:19:10,200 --> 00:19:13,500 So it's called crypto week. So welcome to prefer week in 332 00:19:13,500 --> 00:19:17,000 which you described. So all the different things that 333 00:19:17,000 --> 00:19:19,900 classifiers doing with crypto, would like to sort of innovative 334 00:19:19,900 --> 00:19:22,800 stuff. I so like with ipfs with the 335 00:19:22,800 --> 00:19:28,300 rest of tour, like DNS SEC and reading this blog post, I was 336 00:19:28,300 --> 00:19:32,400 like these are great primers for anybody that's really looking to 337 00:19:32,400 --> 00:19:34,800 understand fundamentally how this stuff works like. 338 00:19:34,900 --> 00:19:37,500 How does it DNA like how does your HTTP requests? 339 00:19:38,700 --> 00:19:40,800 Function. Like, when you call a website, 340 00:19:42,000 --> 00:19:45,500 Like what, who are the different parties at play here, where the 341 00:19:45,500 --> 00:19:49,700 trust points, you know, where the vulnerabilities and how is 342 00:19:49,700 --> 00:19:51,500 cloudflare doing it better? So, I thought these these 343 00:19:51,500 --> 00:19:54,900 posters really terrific but in this post, you mentioned through 344 00:19:54,900 --> 00:19:59,800 the trust relationships that one has to engage in when using the 345 00:19:59,800 --> 00:20:01,200 internet. So whether that's like visiting 346 00:20:01,200 --> 00:20:05,000 a website or, you know, chatting online or is like using social 347 00:20:05,000 --> 00:20:09,800 media, what are your thoughts about how we trust the internet 348 00:20:09,900 --> 00:20:13,600 sort of a broad scale? Do you think most people have a 349 00:20:13,600 --> 00:20:16,600 good understanding of where the trust points are on the internet 350 00:20:16,600 --> 00:20:20,800 and if and if not how can how can companies like Cloud fire? 351 00:20:20,800 --> 00:20:24,200 Like help, make that better. Yeah. 352 00:20:24,200 --> 00:20:27,600 So I would say in general people don't understand the trust 353 00:20:27,600 --> 00:20:33,700 relationships online you enter in a website and you go to that 354 00:20:33,700 --> 00:20:37,800 website and it comes to you you enter in host name or URL and it 355 00:20:37,800 --> 00:20:41,700 goes to you click on a link or open an app and you just get 356 00:20:41,700 --> 00:20:44,100 content. But there's a lot of interesting 357 00:20:44,100 --> 00:20:48,500 things that go on behind the scenes and a lot of these have 358 00:20:48,500 --> 00:20:53,800 to do with trust and trusting. And actually Lee the implicit 359 00:20:53,800 --> 00:20:56,700 trust that is built into the technology that you're using to 360 00:20:56,700 --> 00:21:02,000 browse the internet to, to show you what you expect. 361 00:21:02,000 --> 00:21:06,700 And to make sure that what you're getting is something that 362 00:21:06,700 --> 00:21:11,700 you're intending to get. And so there are a lot of 363 00:21:11,700 --> 00:21:14,600 parties that are involved in this, and some of the very 364 00:21:15,100 --> 00:21:21,300 obvious ones are registrar's. So a registrar's a company that 365 00:21:21,300 --> 00:21:25,900 you use to buy a Name. And so if you if you if you buy 366 00:21:25,900 --> 00:21:29,900 google.com or mysite.com then you have a registrar and you 367 00:21:29,900 --> 00:21:34,000 kind of work with this registrar to to make sure that your 368 00:21:34,000 --> 00:21:39,700 website is advertised and your web registers connected to a DNS 369 00:21:39,700 --> 00:21:42,700 provider. And so when you type in 370 00:21:43,300 --> 00:21:47,900 cloudflare.com into your browser behind the scenes, you have to 371 00:21:47,900 --> 00:21:50,800 know what IP address is cloud. For.com is on. 372 00:21:50,900 --> 00:21:54,400 So there's this entire Our system called DNS which is a 373 00:21:54,400 --> 00:22:00,000 name system which which is managed by a lot of different 374 00:22:00,000 --> 00:22:02,200 entities around. It's sort of one of the first 375 00:22:02,200 --> 00:22:06,500 decentralized systems or I guess hierarchical systems out there. 376 00:22:06,500 --> 00:22:10,300 So you have to look at where who.com is and then.com tells 377 00:22:10,300 --> 00:22:14,700 you who example.com minutes and then you talk to example.com and 378 00:22:14,700 --> 00:22:19,000 then it'll tell you what IP address, you actually use to 379 00:22:19,000 --> 00:22:23,300 connect to two example.com. So from just a Just the names, 380 00:22:23,300 --> 00:22:26,500 two numbers perspective, the internet is based on IP 381 00:22:26,500 --> 00:22:29,900 addresses. Your numbers DNS is kind of the 382 00:22:29,900 --> 00:22:34,400 phone book that goes from your name to a number of other pieces 383 00:22:34,400 --> 00:22:38,500 that you have to have to trust involved when you're doing 384 00:22:38,500 --> 00:22:42,800 encrypted connections. So if you're going to an HTTP 385 00:22:42,800 --> 00:22:49,000 version of a site that site has a cryptographic key, and at this 386 00:22:49,000 --> 00:22:52,500 is embedded into a certificate and so, they present you A 387 00:22:52,500 --> 00:22:56,100 certificate and you do the sort of handshake and then you have a 388 00:22:56,100 --> 00:22:58,800 secure Channel. And so, one of the things that 389 00:22:58,800 --> 00:23:01,400 your browser has to do is know how to trust, which 390 00:23:01,400 --> 00:23:06,300 certificates, correspond to which websites and this is a 391 00:23:06,400 --> 00:23:08,600 another system, another sort of system of different 392 00:23:08,600 --> 00:23:11,200 organizations that make up something called the public key 393 00:23:11,200 --> 00:23:14,300 infrastructure. And so your browser, trusts a 394 00:23:14,300 --> 00:23:17,400 bunch of certificate authorities, who are the only 395 00:23:17,400 --> 00:23:20,400 ones that are allowed to Mint, certificates for different host 396 00:23:20,400 --> 00:23:23,400 names. And so the system has been 397 00:23:23,400 --> 00:23:28,200 around since the 90s and there's been some problems with it over 398 00:23:28,200 --> 00:23:31,200 time certificate authorities have been compromised and that's 399 00:23:31,200 --> 00:23:33,700 put a lot of people at risk certificates. 400 00:23:33,700 --> 00:23:39,100 Themselves need to have an expiration period or else you 401 00:23:39,108 --> 00:23:42,600 know certificates from the 1990s using old cryptography that's 402 00:23:42,600 --> 00:23:44,100 been broken would still be valid. 403 00:23:44,100 --> 00:23:48,000 So there's there's a lot of challenges with with trusting 404 00:23:48,000 --> 00:23:51,300 this and and and we don't even need anything. 405 00:23:51,500 --> 00:23:54,900 To this even more. But but even at the lower layers 406 00:23:54,900 --> 00:23:58,900 of the internet IP addresses, the internet is set of, you 407 00:23:58,900 --> 00:24:02,000 know, hundreds of thousands of interconnected networks that 408 00:24:02,200 --> 00:24:07,600 have to actually exchange data. So when you, when you're one 409 00:24:07,600 --> 00:24:11,600 network and you say, hey this IP address to dot-to-dot 2.2 or 410 00:24:11,600 --> 00:24:18,600 1234 belongs to me then. Well, you need to be Authority, 411 00:24:18,600 --> 00:24:22,000 you need to actually, you know, trust that when someone says 412 00:24:22,000 --> 00:24:24,800 yeah, you know, send that traffic to me that it actually 413 00:24:24,800 --> 00:24:26,900 belongs to you. So there's there's multiple 414 00:24:26,900 --> 00:24:30,100 different layers and and the intro blog post, really goes 415 00:24:30,100 --> 00:24:34,500 into this in-depth. And so, as a general user, all 416 00:24:34,500 --> 00:24:39,900 of this is happening behind the scenes and and you really have 417 00:24:39,900 --> 00:24:41,900 to trust it. There's you know, there's the 418 00:24:41,900 --> 00:24:45,200 very minimal thing that you have in browsers which is that 419 00:24:45,200 --> 00:24:48,300 padlock Which doesn't apply some things. 420 00:24:48,300 --> 00:24:51,500 It implies that you know the certificate is that you're 421 00:24:51,500 --> 00:24:54,200 getting is valid for the site and this is the site that you 422 00:24:54,200 --> 00:24:57,600 that you're trying to go to. But there's a lot of threats out 423 00:24:57,600 --> 00:25:00,000 there and there's a lot of ways that people try to manipulate 424 00:25:00,000 --> 00:25:03,000 this and hijack this and you know, steal people's traffic but 425 00:25:04,100 --> 00:25:08,600 generally this is not a well understood Thing by the public. 426 00:25:08,800 --> 00:25:12,900 So companies like cloudflare are investing in various 427 00:25:12,900 --> 00:25:16,800 technologies that, you know, helps hopefully this for folks 428 00:25:16,800 --> 00:25:21,900 like help make it so that if we are connecting with other 429 00:25:21,900 --> 00:25:24,600 entities around around the internet that we can trust them 430 00:25:24,800 --> 00:25:29,000 and we have to agree on protocols to do this and Define 431 00:25:29,000 --> 00:25:31,700 these protocols and Implement them and get everyone to kind of 432 00:25:31,700 --> 00:25:36,500 agree on standards and so that's that's one of the one of the 433 00:25:36,700 --> 00:25:40,500 interesting organizational challenges and Inter 434 00:25:40,500 --> 00:25:43,100 organizational challenges that we have to deal with right now 435 00:25:43,100 --> 00:25:49,900 but luckily For our security. And for people's privacy online 436 00:25:50,100 --> 00:25:52,500 is that there are a lot of organizations who do care about 437 00:25:52,500 --> 00:25:56,200 this into, you know, are impacted when malicious things 438 00:25:56,200 --> 00:25:58,800 happen. So companies like cloudflare and 439 00:25:58,800 --> 00:26:02,500 others are working to help improve the situation. 440 00:26:05,000 --> 00:26:07,300 If you've listened to previous episodes with Marley gray and 441 00:26:07,300 --> 00:26:09,800 Matt koerner, you know, that Microsoft is committed to 442 00:26:09,808 --> 00:26:12,400 providing enterprise-grade tools and infrastructure for 443 00:26:12,400 --> 00:26:15,100 blockchain developers. Well, the Azure blockchain 444 00:26:15,100 --> 00:26:17,500 workbench is perfect for organizations building, 445 00:26:17,500 --> 00:26:20,000 Consortium networks, take the etherium proof of authority 446 00:26:20,000 --> 00:26:22,700 template, for example, it's ideal for permission that works 447 00:26:22,700 --> 00:26:25,000 for consensus, participants are known and reputable. 448 00:26:25,600 --> 00:26:28,000 Etherium on Azure has on chain Network governance, that 449 00:26:28,000 --> 00:26:30,200 leverages parodies extensible, proof of authority. 450 00:26:30,200 --> 00:26:32,900 Client, each Consortium member has the power to govern the 451 00:26:32,900 --> 00:26:34,700 network or delegate their consensus. 452 00:26:34,900 --> 00:26:37,600 Disciplines to a trusted operator and parodies. 453 00:26:37,700 --> 00:26:39,900 Webassembly support allows developers to write smart 454 00:26:39,900 --> 00:26:44,500 contracts and familiar languages like C C++ and rust as your 455 00:26:44,500 --> 00:26:47,000 blockchain workbench was created on the same principles that 456 00:26:47,000 --> 00:26:49,700 drive all Production Services in Azure, so, you know, you're 457 00:26:49,700 --> 00:26:52,500 relying on secure redundant infrastructure, that can scale 458 00:26:53,000 --> 00:26:55,800 and we built in services. Like authenticating apis off 459 00:26:55,800 --> 00:26:58,200 chain databases and secure Key Management Services. 460 00:26:58,400 --> 00:27:00,500 You can scaffold your infrastructure in just a few 461 00:27:00,500 --> 00:27:03,800 hours to learn more about Azure blockchain workbench and how 462 00:27:03,800 --> 00:27:06,100 Microsoft is Dancing. Blockchain usability, and 463 00:27:06,100 --> 00:27:09,800 Enterprise, check out, aka.ms/offweb the center and 464 00:27:09,800 --> 00:27:12,500 start building today. We'd like to thank Microsoft 465 00:27:12,500 --> 00:27:14,000 Azure for their support of epicenter. 466 00:27:15,200 --> 00:27:17,700 A lot of these authorities that you mentioned like, you know, 467 00:27:18,000 --> 00:27:20,700 for example, the certificate authorities or, you know, you 468 00:27:20,700 --> 00:27:23,000 mentioned, DNS is like, a hierarchical system. 469 00:27:23,500 --> 00:27:25,600 Where do these, where do these authorities come from? 470 00:27:25,600 --> 00:27:29,200 Like, sort of, who decided them and like, you know, was it just 471 00:27:29,200 --> 00:27:31,100 happened to be like all the companies were around. 472 00:27:31,100 --> 00:27:33,500 Like, back in the 80s, like they just happen to, like be 473 00:27:33,500 --> 00:27:36,600 grandfathered in. How does that process work? 474 00:27:37,400 --> 00:27:41,600 Well yeah, the internet has evolved over the years, in 475 00:27:41,600 --> 00:27:46,400 various different ways. And you know, originally we can 476 00:27:46,400 --> 00:27:49,400 go into like the origins of the internet as a DARPA project and 477 00:27:49,800 --> 00:27:56,300 and the the switch to TCP IP in the 80s and the the evolution of 478 00:27:56,300 --> 00:28:01,500 the DNS, but it's really sort of happened organically over time 479 00:28:01,500 --> 00:28:04,600 and then some organizational body. 480 00:28:04,800 --> 00:28:07,900 He's have been put in place to help guide this. 481 00:28:08,300 --> 00:28:12,500 And so for example internet protocols there's a volunteer 482 00:28:12,500 --> 00:28:15,300 group called the internet engineering task force ietf. 483 00:28:15,300 --> 00:28:20,400 So if you've heard about rfcs when people say oh RFC, whatever 484 00:28:20,400 --> 00:28:23,900 whatever this is a certain protocol, like DNS is, is a set 485 00:28:23,900 --> 00:28:26,200 of rfc's. That's what the ietf does. 486 00:28:27,100 --> 00:28:32,200 There's I Anna, which is an organization that is associated 487 00:28:32,200 --> 00:28:36,400 with, with managing names and numbers and They have lots of 488 00:28:36,400 --> 00:28:40,200 processes around that. There's I can there's a there's 489 00:28:40,200 --> 00:28:45,700 the set of regional Registries. So there's a, the entire IP 490 00:28:45,700 --> 00:28:47,800 space. North America has a group called 491 00:28:47,800 --> 00:28:51,500 Aaron and they distribute up the IPS to different organizations 492 00:28:51,500 --> 00:28:54,800 by different bids. So these these are often 493 00:28:54,800 --> 00:29:01,300 organizations that are a mix of profit nonprofit but generally 494 00:29:01,300 --> 00:29:05,500 have a mandate to be good stewards for the Annette and to 495 00:29:05,800 --> 00:29:09,500 make sure that this is this technology that we all rely on 496 00:29:09,500 --> 00:29:13,900 to something that is available for everyone in the world, that 497 00:29:13,900 --> 00:29:17,700 enables kind of equal access and that, you know, continues to to 498 00:29:17,700 --> 00:29:21,100 grow in terms of having both commercial and non-commercial 499 00:29:21,100 --> 00:29:25,000 uses. So one thing I find interesting 500 00:29:25,000 --> 00:29:29,300 is often when people are talking about like cryptography / 501 00:29:29,300 --> 00:29:32,900 blockchain things there seems to often be like three somewhat 502 00:29:32,900 --> 00:29:37,100 independent goals that often get like correlated together. 503 00:29:37,100 --> 00:29:39,400 But I think actually should often be thought of as somewhat 504 00:29:39,400 --> 00:29:43,200 independent and I think the three here, what I see is like 505 00:29:43,300 --> 00:29:48,100 privacy security and like decentralization and the third 506 00:29:48,100 --> 00:29:51,500 one decentralization is just like very vague kind of concept 507 00:29:51,500 --> 00:29:52,900 that came up in the last few years. 508 00:29:53,100 --> 00:29:54,500 Along with the Block Chain space. 509 00:29:54,800 --> 00:29:57,000 And so, you know, the reading through your blocked through 510 00:29:57,000 --> 00:29:59,600 your blog, post are the welcome to crypto week. 511 00:29:59,600 --> 00:30:02,200 You talked about like, you know, a lot of the stuff about like 512 00:30:02,200 --> 00:30:05,300 they're mutability that ipfs. Provide was kind of goes along 513 00:30:05,300 --> 00:30:07,900 with security. You talked about the Privacy 514 00:30:07,900 --> 00:30:11,700 that tour provides but not too much to talk about like 515 00:30:11,700 --> 00:30:14,100 decentralization. And so, you know, whether it be 516 00:30:14,100 --> 00:30:16,400 a fair characteristic to say that, like, when you guys are 517 00:30:16,400 --> 00:30:19,600 approaching this like cryptography on the internet, 518 00:30:19,600 --> 00:30:21,200 you guys are really much more folk. 519 00:30:21,200 --> 00:30:22,900 They almost like you're willing to accept. 520 00:30:23,000 --> 00:30:25,400 Kept this like these like authorities and centralization 521 00:30:25,400 --> 00:30:28,700 that exist on the internet but are trying to focus primarily on 522 00:30:28,700 --> 00:30:31,200 improving and almost you know, like kind of becoming one of the 523 00:30:31,200 --> 00:30:34,000 central authorities on the internet but really trying to 524 00:30:34,000 --> 00:30:37,700 focus on pushing the security and privacy side of things but 525 00:30:37,700 --> 00:30:39,300 that be like a fair characterization. 526 00:30:40,700 --> 00:30:44,500 Well I would say that cloudflare is trying to serve its customers 527 00:30:44,800 --> 00:30:48,300 and Club. Fleurs customers are not only 528 00:30:48,300 --> 00:30:51,600 websites and web services that use cloudflare but you think of 529 00:30:51,600 --> 00:30:55,300 users of the internet as a whole and if the internet becomes more 530 00:30:55,300 --> 00:30:58,500 functional and if people are happier online and are more 531 00:30:58,500 --> 00:31:03,200 likely to to do business online, then then it leads to the growth 532 00:31:03,200 --> 00:31:06,100 of the entire industry. So security is one of the one of 533 00:31:06,108 --> 00:31:08,700 the very, very, very most important things for the company 534 00:31:08,700 --> 00:31:12,700 is if you get Where somebody steals data from your website or 535 00:31:12,700 --> 00:31:15,300 someone tries to mess around with your users. 536 00:31:16,100 --> 00:31:20,300 This is going to impact trust, and it's going to impact the 537 00:31:20,300 --> 00:31:23,500 bottom line for bunch of businesses and and same with 538 00:31:23,500 --> 00:31:26,800 privacy. If you think of how people are 539 00:31:26,800 --> 00:31:30,400 really waking up to privacy online and you know what you 540 00:31:30,400 --> 00:31:32,700 share. And what the motivations of 541 00:31:32,700 --> 00:31:38,100 organizations that are based on monetizing individuals, actions 542 00:31:38,100 --> 00:31:40,900 online have done and how that how that's Groan. 543 00:31:41,100 --> 00:31:45,700 I think it's a it's another really big really big Salient 544 00:31:45,700 --> 00:31:47,500 thing to human so security and privacy. 545 00:31:47,500 --> 00:31:50,500 I think are things that human beings understand and relate to 546 00:31:50,500 --> 00:31:54,700 and businesses. Understand decentralization is 547 00:31:55,600 --> 00:31:59,300 is it's more of a more of a second-order goal, right? 548 00:31:59,300 --> 00:32:02,600 I mean, if you don't have decentralisation, you have these 549 00:32:03,700 --> 00:32:06,400 If you have, if you have sort of fully centralized systems, you 550 00:32:06,400 --> 00:32:13,200 have these really, really inherent risks to to, to your 551 00:32:13,200 --> 00:32:15,400 system. So it if you sort of think back 552 00:32:15,400 --> 00:32:20,000 to the mid 20th century the telephone system, the United 553 00:32:20,000 --> 00:32:25,100 States there was a bell, had this massive Monopoly over over 554 00:32:25,100 --> 00:32:28,600 over the way that Communications telecommunications happened and 555 00:32:28,600 --> 00:32:31,500 that led to a lot of really fascinating and amazing 556 00:32:31,500 --> 00:32:36,100 Innovations. You think of the trend Stir like 557 00:32:36,300 --> 00:32:39,900 a lot of radio communications and all the sorts of amazing 558 00:32:39,900 --> 00:32:41,700 things. They they created. 559 00:32:41,700 --> 00:32:46,000 And they actually did connect everybody online but but until 560 00:32:46,200 --> 00:32:50,800 Bell was broken up. We didn't have this disability 561 00:32:50,800 --> 00:32:54,100 for all of these internet companies to kind of come out of 562 00:32:54,100 --> 00:32:56,800 nowhere and be able to compete with each other. 563 00:32:56,800 --> 00:33:01,700 So you have centralization. And I guess if you think in the 564 00:33:01,708 --> 00:33:07,400 corporate terms, Ali's are, are ways to waste it. 565 00:33:07,400 --> 00:33:10,900 Kind of build wealth, and make something really good, but it 566 00:33:10,900 --> 00:33:17,300 also leads to the ability, the tendency to kind of abuse abuse 567 00:33:17,300 --> 00:33:19,700 power. And having a diversity of 568 00:33:19,700 --> 00:33:22,400 participants, A diversity of views in a diversity of 569 00:33:23,300 --> 00:33:27,600 components in the system. And I guess decentralization is 570 00:33:28,000 --> 00:33:31,700 one component of that is, is I guess a result of having a lot 571 00:33:31,700 --> 00:33:34,800 of different participants. Is something that actually 572 00:33:35,200 --> 00:33:38,000 really helps Innovation helps competition and helps things 573 00:33:38,000 --> 00:33:41,200 grow. So it's less relevant to 574 00:33:41,200 --> 00:33:44,100 individual customers and people but but it's it is a 575 00:33:44,100 --> 00:33:46,900 second-order goal and it is something that that we think 576 00:33:46,900 --> 00:33:50,100 about as well. And when talking about the cloud 577 00:33:50,100 --> 00:33:53,900 computing space and how people are running Services, we we do 578 00:33:53,900 --> 00:33:59,000 worry about companies that are kind of massive Central points 579 00:33:59,000 --> 00:34:03,600 of lock-in, right? I mean, if you think of the U.s. 580 00:34:03,600 --> 00:34:05,200 reinvent conference is going on this. 581 00:34:05,400 --> 00:34:08,600 This year, it's the largest trade conference in United 582 00:34:08,600 --> 00:34:11,500 States. And that's that's a company 583 00:34:11,500 --> 00:34:15,199 that, you know, wants everybody to put all of their Computing 584 00:34:15,199 --> 00:34:18,000 workloads onto a single company and there's that there's a lot 585 00:34:18,000 --> 00:34:22,600 of locking associated with that. So I think from a cryptography 586 00:34:22,699 --> 00:34:26,800 perspective decentralization is important, but I think also from 587 00:34:26,800 --> 00:34:31,300 a business perspective having a lot of different options is 588 00:34:31,300 --> 00:34:35,800 important for healthy ecosystem. Yeah there's a thing that you 589 00:34:35,800 --> 00:34:39,300 might be familiar with which is Zuko's triangle Zuko Wilcox a in 590 00:34:39,300 --> 00:34:42,800 the founders, he cash and Zuko's triangle is like you have 591 00:34:42,800 --> 00:34:49,100 security decentralization and human readable names. 592 00:34:49,500 --> 00:34:52,300 I think there's a lot of overlap with with this question here, 593 00:34:52,300 --> 00:34:55,800 where I think like a user experience also plays a big role 594 00:34:56,400 --> 00:34:58,900 or should be considered and like how we build systems. 595 00:34:59,100 --> 00:35:04,100 And so if you have a system that's like secure and and Easy 596 00:35:04,100 --> 00:35:10,600 to use, but where you don't have this robustness, which is it's 597 00:35:10,600 --> 00:35:12,300 meant to be brought on by the centralization. 598 00:35:12,800 --> 00:35:16,500 Then really, you know, you you might have to choose between two 599 00:35:16,500 --> 00:35:18,600 of those in a 3 points on the triangle. 600 00:35:18,900 --> 00:35:23,000 I don't know if someone will actually solve that but it seems 601 00:35:23,000 --> 00:35:24,800 difficult. Yeah, it is difficult. 602 00:35:24,800 --> 00:35:27,100 And there are, there are trade-offs in that you can make 603 00:35:27,100 --> 00:35:31,200 in any one of these little corners and, and finding the 604 00:35:31,200 --> 00:35:35,300 right ones are fighting right. Coughs are hard to do but 605 00:35:36,600 --> 00:35:40,100 considering where we are as a status quo, there's, there's 606 00:35:40,100 --> 00:35:44,100 always improvements to be made to try to, you know, Square, 607 00:35:44,100 --> 00:35:48,500 Zuko's triangle, if you will. Yeah, so let's move on to the, 608 00:35:48,500 --> 00:35:51,400 the core topic. Today, we want to bring you on 609 00:35:51,400 --> 00:35:57,200 to discuss and that's ipfs. So, we then this crypto week 610 00:35:57,700 --> 00:36:01,900 series of blog posts, or was two blog posts about ipfs one that 611 00:36:01,900 --> 00:36:07,100 sort of explained what ipfs is for the, for the, the average 612 00:36:07,100 --> 00:36:11,300 person who doesn't necessarily know, but ipfs and another post. 613 00:36:11,300 --> 00:36:14,600 That describe this experiment is based on this concept of 614 00:36:14,600 --> 00:36:18,800 end-to-end Integrity. So, could you describe like wise 615 00:36:18,800 --> 00:36:23,200 cloudflare experimenting with the up with ipfs and what you 616 00:36:23,207 --> 00:36:24,200 guys are? What are you guys doing here? 617 00:36:24,300 --> 00:36:27,800 Here. Yeah, so I think one of the 618 00:36:27,800 --> 00:36:31,100 important things that clubs are trying to do is to well as I 619 00:36:31,100 --> 00:36:32,600 mentioned, make the internet better. 620 00:36:32,600 --> 00:36:37,800 But one of the aspects of this is connecting users of the web 621 00:36:37,800 --> 00:36:42,300 to some of these new networks that have values and have 622 00:36:42,300 --> 00:36:46,700 properties that the what current web doesn't have and ipfs is one 623 00:36:46,700 --> 00:36:50,900 of them as a Content. Addressed Network, every piece 624 00:36:50,900 --> 00:36:55,800 of content has a hash, As a specific unique fingerprint 625 00:36:55,800 --> 00:36:58,300 associated with it. And unlike the web where you 626 00:36:58,300 --> 00:37:02,600 look things up by a names with ipfs, you can look things up via 627 00:37:03,100 --> 00:37:09,200 a fingerprint of what they are and so the traditional web is is 628 00:37:09,200 --> 00:37:13,500 not necessarily immutable. You you have different things 629 00:37:13,500 --> 00:37:15,600 that can happen. You have a lot of very Dynamic 630 00:37:15,600 --> 00:37:19,700 web pages and you you have services like, Cloud flare that 631 00:37:19,700 --> 00:37:23,800 can see and detect things going wrong and sort of modify and 632 00:37:23,800 --> 00:37:26,900 optimize Things on the Fly, which is great. 633 00:37:26,900 --> 00:37:31,700 But, with ipfs, there are certain use cases that people 634 00:37:31,700 --> 00:37:36,000 have for this, where they just want things to absolutely be 635 00:37:36,100 --> 00:37:39,600 guaranteed, that you're getting exactly what you were set. 636 00:37:39,700 --> 00:37:44,600 And if you think of things like package managers, or image 637 00:37:44,600 --> 00:37:50,000 sharing, or things like this, where you have something that's 638 00:37:50,000 --> 00:37:52,700 static, that's never going to change, then. 639 00:37:52,700 --> 00:37:57,200 Ipfs makes a lot of sense. The ipfs Gateway vote is, is the 640 00:37:57,400 --> 00:38:01,500 I guess the first of what, we're calling the distributed web 641 00:38:01,500 --> 00:38:08,300 Gateway, which is a way to access ipfs as a network through 642 00:38:08,400 --> 00:38:12,000 HTTP. And so people have web browsers. 643 00:38:12,300 --> 00:38:16,000 People don't necessarily on I guess the broadest sense. 644 00:38:16,000 --> 00:38:21,000 There's a lot of there's a lot of experts and people who are 645 00:38:21,000 --> 00:38:24,100 interested in the space who are really keen on on these descent. 646 00:38:24,300 --> 00:38:27,900 Wise networks who run nodes and and are happy to do these sort 647 00:38:27,900 --> 00:38:30,700 of things. But the general populace has a 648 00:38:30,707 --> 00:38:33,200 web browser and they know how to use a web browser. 649 00:38:33,400 --> 00:38:36,700 And so what this Gateway does is allows people with web browsers 650 00:38:36,700 --> 00:38:42,800 to, you know, connect directly to ipfs and as ipfs is static. 651 00:38:43,700 --> 00:38:46,200 Cloud flares are really, really great service for that because 652 00:38:46,200 --> 00:38:49,000 we can do caching, we can keep copies of data really close to 653 00:38:49,008 --> 00:38:51,700 people. We can distribute data all 654 00:38:51,700 --> 00:38:55,200 around the world. And so, You mentioned the 655 00:38:55,207 --> 00:38:59,600 experiment that we did, which is a browser plugin for intent 656 00:38:59,600 --> 00:39:03,400 Integrity. I guess, one of the purists 657 00:39:03,400 --> 00:39:07,700 complained about having a gateway to something like ipfs, 658 00:39:08,200 --> 00:39:12,000 is that as a question is, you know what, if the Gateway 659 00:39:12,000 --> 00:39:15,200 changes the value? I mean, the value of or changes, 660 00:39:15,200 --> 00:39:20,300 the content and the value of ipfs is in the fact that it's 661 00:39:20,300 --> 00:39:24,100 content addressed. So, if you build a website, it's 662 00:39:24,300 --> 00:39:27,100 Is guaranteed to be the same for every single person who sees it. 663 00:39:27,100 --> 00:39:28,800 There's no censorship, there's nothing like that. 664 00:39:30,100 --> 00:39:34,100 It's just you publish one thing once and then it becomes, you 665 00:39:34,100 --> 00:39:37,300 know, there in the universe forever and this is why it's 666 00:39:37,300 --> 00:39:39,100 called the interplanetary file system. 667 00:39:39,100 --> 00:39:42,400 Or one of the reasons is that, you know, publish something, 668 00:39:42,400 --> 00:39:44,100 once it's available at all times. 669 00:39:44,100 --> 00:39:48,300 And if you have a Gateway HTTP is as I mentioned, it's not 670 00:39:48,800 --> 00:39:54,400 really based on this sentence Integrity concept, but with And 671 00:39:54,400 --> 00:39:59,000 ipfs Gateway. You can put the hash as part of 672 00:39:59,000 --> 00:40:03,900 the URL and with this extension, you actually can validate that 673 00:40:03,900 --> 00:40:08,400 that hash in the URL matches. The hash that you expect and the 674 00:40:08,400 --> 00:40:12,300 way that it's actually chained into way that it's actually 675 00:40:12,300 --> 00:40:15,800 change together as with DNS. So, if you have a have a 676 00:40:15,800 --> 00:40:20,300 website, you can say in the typical sense, you have. 677 00:40:20,700 --> 00:40:23,600 Here's my host name and it gives you an IP address and that gives 678 00:40:23,600 --> 00:40:25,800 you the address. So this is this is about routing 679 00:40:26,900 --> 00:40:30,300 with our ipfs experiment, you have this is the hostname. 680 00:40:31,200 --> 00:40:35,100 This is the hash that represents the content on this website and 681 00:40:35,100 --> 00:40:38,800 so what the browser extension does is it just valid. 682 00:40:38,800 --> 00:40:40,900 Make sure that you know what you're seeing on the site 683 00:40:41,300 --> 00:40:44,600 matches exactly what was published in the DNS. 684 00:40:44,600 --> 00:40:48,600 And it's kind of ties in with our with our other efforts of 685 00:40:48,600 --> 00:40:52,200 the week, especially DNS SEC, which is just signatures in the 686 00:40:52,207 --> 00:40:53,700 DN. A, in the DN s itself. 687 00:40:53,800 --> 00:40:57,300 So if you trust the DNS and you've trusted DNS, Central 688 00:40:57,300 --> 00:41:03,300 Authority, then this is a way to, you know, put the put ipfs 689 00:41:03,800 --> 00:41:09,900 into an existing system to help kind of Validate the Integrity 690 00:41:10,600 --> 00:41:14,900 from within the browser. How is like the adoption been of 691 00:41:14,900 --> 00:41:19,600 this cloudflare like ipfs seat? You know, you can almost 692 00:41:19,600 --> 00:41:23,100 consider like ipfs as a CDN of sorts like a Content delivery 693 00:41:23,100 --> 00:41:25,700 Network. And so have you seen that like 694 00:41:25,700 --> 00:41:28,200 Cloud flares? Offering has like help increase 695 00:41:28,200 --> 00:41:31,400 the adoption because you know I actually tried to put my website 696 00:41:31,400 --> 00:41:34,400 onto ipfs. It's been a while actually spent 697 00:41:34,400 --> 00:41:37,000 probably over a year now, so the technologist will be a little 698 00:41:37,000 --> 00:41:40,000 bit more immature. ER, and, you know, I had a quite 699 00:41:40,000 --> 00:41:43,600 a hard time doing so and so like, you know, you guys have 700 00:41:43,600 --> 00:41:47,000 built a lot of the tooling to make this easier and stuff has 701 00:41:47,000 --> 00:41:49,100 been like, the public reception and stuff to this. 702 00:41:49,100 --> 00:41:52,700 Yeah, I think people are really excited about the ipfs Gateway 703 00:41:53,500 --> 00:41:57,200 and they're really excited because of the possibilities 704 00:41:57,200 --> 00:42:02,300 that that it unlocks and content hosting site on ipfs. 705 00:42:02,300 --> 00:42:04,800 I agree. It's, it's relatively immature. 706 00:42:04,900 --> 00:42:09,700 So if you want to host something on ipfs, Can you know, host it 707 00:42:09,700 --> 00:42:13,900 from your your local laptop? Or you can use one of these 708 00:42:13,900 --> 00:42:16,000 Services. That's a pinning pinning 709 00:42:16,000 --> 00:42:18,600 service. But, um, but yeah, the the 710 00:42:18,600 --> 00:42:21,100 publishing side of it, I think needs needs some some 711 00:42:21,100 --> 00:42:24,200 development. But actually integrating the 712 00:42:24,200 --> 00:42:27,200 access side is, is where the Gateway really shines? 713 00:42:27,400 --> 00:42:33,100 So, we've seen all sorts of different customers or websites 714 00:42:33,100 --> 00:42:37,700 or Properties or that that really, you know, believe in. 715 00:42:37,800 --> 00:42:42,900 Centralization and believe in having a source of Truth for the 716 00:42:42,900 --> 00:42:45,900 other data that is distributed beyond their own data centers. 717 00:42:45,900 --> 00:42:51,500 This is actually good for things like disaster recovery and they 718 00:42:51,500 --> 00:42:55,600 need a way to bootstrap their app or they need a way to 719 00:42:55,600 --> 00:42:59,000 bootstrap their application and like the fundamental you know, 720 00:42:59,200 --> 00:43:04,700 belief is that we want to build this in a distributed way but We 721 00:43:04,700 --> 00:43:08,400 don't necessarily, you know, it's one of the drawbacks of 722 00:43:08,400 --> 00:43:11,700 ipfs as it is. Is it's relatively slow to 723 00:43:11,700 --> 00:43:14,800 actually get content. And so having this Gateway is a 724 00:43:14,800 --> 00:43:18,000 way to speed things up. You get all the benefits of 725 00:43:18,000 --> 00:43:23,300 cloud flare in front of this network that you have integrity 726 00:43:23,300 --> 00:43:26,000 protection and you have decentralization. 727 00:43:26,200 --> 00:43:31,400 So it's it's been coming up. We've definitely seen a lot more 728 00:43:31,400 --> 00:43:34,800 adoptions since since we launched this and said, Once ago 729 00:43:35,000 --> 00:43:39,600 and and it not just from the distributed application space. 730 00:43:39,600 --> 00:43:43,300 But also from more traditional companies as well that have have 731 00:43:43,400 --> 00:43:45,400 have an interested in decentralization. 732 00:43:46,200 --> 00:43:49,600 So if I can just sort of rephrase what you guys are doing 733 00:43:49,600 --> 00:43:52,200 here because those different components, I think that need to 734 00:43:52,200 --> 00:43:57,600 be separated out. So yeah, the first is an IPS 735 00:43:57,600 --> 00:44:00,100 Gateway and there are tons of ipfs gateways out there and I 736 00:44:00,100 --> 00:44:01,900 think most of our listeners are probably familiar with them. 737 00:44:01,900 --> 00:44:05,400 So there are these websites that you Go to this URL. 738 00:44:05,400 --> 00:44:08,500 So example, Dash Gateway.com, I think is one of them, you go to 739 00:44:08,500 --> 00:44:15,100 this website, you you pop in a you just add the the IDS hash to 740 00:44:15,100 --> 00:44:19,200 the URL and it serves like this. Gateway is in the back end 741 00:44:19,200 --> 00:44:22,400 connected to an IPS node and it is serving to you the content on 742 00:44:22,400 --> 00:44:25,300 the ipfs network. And the vulnerability here is 743 00:44:25,300 --> 00:44:29,500 that perhaps this website is sort of doing a 744 00:44:29,500 --> 00:44:32,100 man-in-the-middle type of attack, where it's serving you, 745 00:44:32,100 --> 00:44:34,100 another piece of content than the one that you initially. 746 00:44:34,300 --> 00:44:36,800 Question and you haven't really no way of doing the knowing that 747 00:44:36,800 --> 00:44:42,100 unless like you, you know, do like an MP5 or they verify the 748 00:44:42,100 --> 00:44:45,200 hash of the content once you've downloaded it, that it verifies 749 00:44:45,200 --> 00:44:48,600 that it matches with the, hash, the address. 750 00:44:49,200 --> 00:44:51,500 That's right. Well, you guys are doing is like 751 00:44:51,500 --> 00:44:54,500 a Step Beyond that you're actually putting one of those 752 00:44:54,500 --> 00:44:58,700 gateways in the cloudflare sort of wrapper. 753 00:44:59,600 --> 00:45:04,400 So all the ipfs, all content on igfs is now available super fast 754 00:45:04,400 --> 00:45:07,500 in one of these 150 data centers that you mentioned earlier. 755 00:45:08,800 --> 00:45:12,300 Yeah, that's right. So that's the cloudflare ipfs. 756 00:45:12,300 --> 00:45:15,600 Gateway is yeah, it's like you take any typical Gateway and 757 00:45:15,600 --> 00:45:17,500 then you Cloud certify it. Okay. 758 00:45:17,800 --> 00:45:21,700 So that's great because all of a sudden you have this really fast 759 00:45:21,700 --> 00:45:24,300 content at work. Its content delivery Network 760 00:45:24,300 --> 00:45:28,200 that's serving up ipfs content and it's kind of similar I guess 761 00:45:28,200 --> 00:45:30,600 like it reminds me of this project we had a few weeks ago 762 00:45:30,600 --> 00:45:33,100 called blocks route which is like content delivery networks 763 00:45:33,100 --> 00:45:37,700 for blockchains but yeah it's sort of similar to that but then 764 00:45:38,000 --> 00:45:42,200 the issue with Is that if you're using it and maybe you trust 765 00:45:42,200 --> 00:45:48,700 example Gateway.com because some nice crypto persons hosting it, 766 00:45:48,700 --> 00:45:50,400 or I don't know. Something you made meet at a 767 00:45:50,408 --> 00:45:52,300 conference associate, you might trust that person. 768 00:45:53,000 --> 00:45:55,400 The issue here. Is that people when I might not 769 00:45:55,400 --> 00:45:58,900 trust cloudflare or at least popular would like to prove that 770 00:45:58,900 --> 00:46:01,600 the content that they're delivering to you is actually 771 00:46:01,600 --> 00:46:04,400 the content that you requested. So what you feel here is is a 772 00:46:04,408 --> 00:46:09,900 browser plug-in that checks the ipfs Work and make sure that 773 00:46:09,900 --> 00:46:15,000 that content matches the hash that you requested. 774 00:46:15,400 --> 00:46:19,000 What more specifically it checks that the hat if you're using the 775 00:46:19,000 --> 00:46:24,500 clubs or Gateway, as you know, cloudflare Dash ipfs.com, / your 776 00:46:24,500 --> 00:46:27,500 hash value, it checks the value of the content against that hash 777 00:46:28,900 --> 00:46:31,700 the the really, really cool part that I didn't actually go into 778 00:46:31,700 --> 00:46:34,300 detail but so just sorry. So he checks the value of the 779 00:46:34,308 --> 00:46:36,500 content against the hash. So it does this in the browser, 780 00:46:36,500 --> 00:46:38,100 it there's no like browser, right? 781 00:46:38,100 --> 00:46:43,300 It doesn't Sort of like go and do an ipf S request, you know, a 782 00:46:43,300 --> 00:46:46,300 parallel requests to verify it. Checks the hash and it does sort 783 00:46:46,300 --> 00:46:48,700 of the crypto, the hashing, algorithm internally, and 784 00:46:48,700 --> 00:46:51,100 verifies that it matches. It's kind of like doing a navy 785 00:46:51,100 --> 00:46:55,000 and md5 verification. It's it's like md5 but better 786 00:46:55,000 --> 00:46:59,200 hash function and B5 s is a little breakable right now. 787 00:46:59,200 --> 00:47:01,300 But the other really cool thing that you can do with cloud 788 00:47:01,300 --> 00:47:04,000 storage, Gateway is bring your own host name. 789 00:47:04,700 --> 00:47:08,300 So rather than have cloudflare Dash ipfs.com. 790 00:47:08,600 --> 00:47:14,900 Um so whatever you can just have you know my website.com and you 791 00:47:14,900 --> 00:47:17,400 just say my website, I'll cam is on ipfs. 792 00:47:17,500 --> 00:47:22,100 Here's the hash of the root file of my website. 793 00:47:22,200 --> 00:47:23,800 Okay so this is the third thing I want to talk about. 794 00:47:23,800 --> 00:47:27,200 So there's that there's the the Gateway was the verification 795 00:47:27,200 --> 00:47:29,900 tool but then what wraps This Together saying, okay? 796 00:47:29,900 --> 00:47:34,900 Now as it cloudflare user as someone who has a website hosted 797 00:47:34,900 --> 00:47:37,800 on cloud flyer like like epicenter for instance, but you 798 00:47:37,800 --> 00:47:42,100 can, you can Can you can set this thing up on your website or 799 00:47:42,100 --> 00:47:46,700 in your cloudflare account, the Tells cloudflare index, might 800 00:47:46,700 --> 00:47:51,600 like, your guys are running and ipfs node and and it creates 801 00:47:52,700 --> 00:47:55,200 basically a copy of your website and all the web pages on your 802 00:47:55,200 --> 00:48:01,300 website, static content on this ipfs node, that is now available 803 00:48:01,300 --> 00:48:07,000 to the entire ipfs ecosystem. Yeah, it's it's sort of like 804 00:48:07,000 --> 00:48:07,600 that. It's more. 805 00:48:07,800 --> 00:48:13,300 It's more that you have to put your content onto ipfs some way. 806 00:48:14,300 --> 00:48:17,400 And if someone tries to access your website through cloudflare, 807 00:48:17,400 --> 00:48:23,000 we will fetch it from ipfs. So cloudflare as a service 808 00:48:23,200 --> 00:48:26,100 doesn't host content. And and this is, this is sort of 809 00:48:26,100 --> 00:48:29,500 a very important key, part of what clubs are does, is we cache 810 00:48:29,500 --> 00:48:32,700 content, and so we need a place. They're sort of some root of 811 00:48:32,800 --> 00:48:35,300 source of Truth. And so if you're going to use 812 00:48:35,300 --> 00:48:38,600 this service, you can run a local note on your computer and 813 00:48:38,600 --> 00:48:41,900 say, I'm going to host you here and we will grab it from there. 814 00:48:41,900 --> 00:48:46,500 We'll keep a copy around as long as we can and and serve it from 815 00:48:46,500 --> 00:48:49,300 cobblers, cash. Alternatively, you could pay a 816 00:48:49,308 --> 00:48:53,200 service to keep a copy of your content on ipfs and that's 817 00:48:53,200 --> 00:48:56,000 that's the host. And then cloudflare just goes on 818 00:48:56,000 --> 00:49:00,600 to ipfs fetches, your content puts it around the world and 819 00:49:00,600 --> 00:49:03,200 anybody who wants it. Can can get it through us. 820 00:49:04,100 --> 00:49:06,200 That makes sense. Yeah, yeah, that makes sense. 821 00:49:07,200 --> 00:49:09,300 We're not actually hosting things on IP address, although 822 00:49:09,300 --> 00:49:13,500 if you fetch something through ipfs, our node will have a copy 823 00:49:13,500 --> 00:49:17,500 of it. So it actually helps improve 824 00:49:17,600 --> 00:49:22,000 the, the duplication of content in IPS, which is really 825 00:49:22,000 --> 00:49:24,500 important. Because if there's only one copy 826 00:49:24,500 --> 00:49:28,800 of your content in the ipfs network, then it affect that 827 00:49:28,800 --> 00:49:31,600 copy goes offline, then you know, the contents no longer 828 00:49:31,600 --> 00:49:35,000 available. And so essentially what you guys 829 00:49:35,000 --> 00:49:39,600 have done is, you know, allowed for that third part of this like 830 00:49:39,600 --> 00:49:44,200 project it you kind of allowed ipfs almost integrate well with 831 00:49:44,200 --> 00:49:48,500 the existing DNS system, right? So I can now like I can have my 832 00:49:48,500 --> 00:49:52,400 website accessible ipfs hosted website accessible through like 833 00:49:52,400 --> 00:49:55,700 my own personal like domain name, but still going through 834 00:49:55,700 --> 00:49:59,500 Cloud flares. Like CDN, yeah, that's right. 835 00:49:59,600 --> 00:50:03,500 And because we are so good at issuing. 836 00:50:03,600 --> 00:50:06,700 Certificates and kind of managing that then you also get 837 00:50:07,000 --> 00:50:10,900 get encryption for that website. So sort of automatically. 838 00:50:12,500 --> 00:50:15,600 How do you like see, like the future of, like ipfs? 839 00:50:15,600 --> 00:50:18,900 Do you see like it being like sort of a complimentary service 840 00:50:18,900 --> 00:50:23,300 to like har protocol to http or more Rich more competitive? 841 00:50:23,600 --> 00:50:26,300 Do you see like, you know, maybe websites will be served over 842 00:50:26,300 --> 00:50:30,000 HTTP but like certain assets on the website are over ipfs. 843 00:50:30,000 --> 00:50:32,800 How do you see this like amalgamation of these two 844 00:50:32,800 --> 00:50:37,200 protocols going forward. It's an it's an interesting 845 00:50:37,200 --> 00:50:41,800 question because nobody really knows the hope is that you know, 846 00:50:41,800 --> 00:50:46,000 ipfs provides a specific niche in a specific property that each 847 00:50:46,000 --> 00:50:49,200 be doesn't and that be expectation, would be that they 848 00:50:49,200 --> 00:50:50,900 would both kind of live in parallel. 849 00:50:50,900 --> 00:50:54,500 You can't necessarily do a lot of dynamic stuff with IP ipfs, 850 00:50:54,500 --> 00:50:57,700 but but the Integrity protection, that it has. 851 00:50:57,700 --> 00:51:04,100 And then the actual distributed nature of the hosting I think 852 00:51:04,100 --> 00:51:07,200 makes it useful for Specific application. 853 00:51:07,200 --> 00:51:09,700 So I think you'll find applications that are mostly GDP 854 00:51:09,900 --> 00:51:14,200 applications that are mostly ivfs and applications that are 855 00:51:14,200 --> 00:51:20,900 sort of a mix of the two and it really depends on how well 856 00:51:21,400 --> 00:51:24,800 browsers and other other Technologies adopt this. 857 00:51:24,800 --> 00:51:28,300 So if you have like a mobile app that has native ipfs support or 858 00:51:28,300 --> 00:51:31,200 mobile SDK that comes out with that native ipfs support then 859 00:51:32,500 --> 00:51:35,500 maybe it'll it'll become more popular and apps that would need 860 00:51:35,500 --> 00:51:38,300 this. But yeah, I tend to see them as 861 00:51:38,400 --> 00:51:40,800 complementary. They both have their advantages 862 00:51:40,800 --> 00:51:43,500 and disadvantages. Yeah I just thought I was 863 00:51:43,500 --> 00:51:47,500 speaking with one Binet at level 3 kind of bumped into him and 864 00:51:48,200 --> 00:51:50,300 asking him about about this very thing. 865 00:51:50,300 --> 00:51:55,800 And from his perspective I mean like browser support is at least 866 00:51:56,300 --> 00:52:02,200 partly possible so I guess like chromium is supporting it now 867 00:52:02,200 --> 00:52:04,900 and like they're diversions and maybe Firefox will support it 868 00:52:04,900 --> 00:52:06,900 sooner. Can't remember exactly but you 869 00:52:06,900 --> 00:52:10,200 know browser support is coming and I was sexually quite 870 00:52:10,300 --> 00:52:12,500 surprised to see that how fast that had come. 871 00:52:12,500 --> 00:52:16,500 I mean when we had him on Guess was episode 100? 872 00:52:17,100 --> 00:52:19,900 Well a hundred sixty three weeks ago or something like that. 873 00:52:21,000 --> 00:52:24,300 I thought this is like years to get integrated in the browsers 874 00:52:24,300 --> 00:52:27,500 but it seems like it's moving much faster than Yeah, my 875 00:52:27,500 --> 00:52:30,300 understanding is that the path that they're taking his first 876 00:52:30,300 --> 00:52:35,400 exposing ipfs as of first-order protocol. 877 00:52:35,600 --> 00:52:39,100 So you have HTTP colon slash slash whatever you could have 878 00:52:39,100 --> 00:52:44,500 ipfs colon slash slash whatever and the transition to get there 879 00:52:44,700 --> 00:52:49,500 is is that if you have ipfs colon slash slash you can you 880 00:52:49,500 --> 00:52:53,700 can register a plug-in that is able to handle that for you. 881 00:52:54,100 --> 00:52:56,400 And that's that's sort of the first step. 882 00:52:56,400 --> 00:52:59,700 And then, Eventually down the line, the ipfs node will 883 00:52:59,700 --> 00:53:03,500 potentially be made of in the browser, but right now it's all 884 00:53:03,500 --> 00:53:06,800 browser extensions. So what did you learn from this? 885 00:53:08,000 --> 00:53:17,500 Well, I guess we learned a lot. First that latency is really an 886 00:53:17,500 --> 00:53:22,000 issue when it comes to user experience. 887 00:53:22,400 --> 00:53:26,900 So if you are the first person to ever fetch something through 888 00:53:26,900 --> 00:53:30,900 the ipfs gateway, then it has to go back to our node. 889 00:53:30,900 --> 00:53:33,500 And then our node has to search on the internet and find it and 890 00:53:33,500 --> 00:53:37,600 then get the copy and then send it to the cash. 891 00:53:38,000 --> 00:53:43,300 And then it can eventually take, you know, a long time for Want 892 00:53:43,300 --> 00:53:46,200 to show up. And so for certain applications, 893 00:53:47,200 --> 00:53:53,700 it's The user experience is potentially problematic if you 894 00:53:53,700 --> 00:53:57,400 if you don't have a lot of cashing in a lot of ability to 895 00:53:57,400 --> 00:54:00,500 serve things immediately. The other thing we learned is 896 00:54:00,500 --> 00:54:04,200 that you can build some pretty interesting unexpected 897 00:54:04,200 --> 00:54:10,300 applications even on a platform that is for essentially for 898 00:54:10,300 --> 00:54:13,400 static content as ipfs is as in its current Incarnation. 899 00:54:14,600 --> 00:54:18,000 So one of the examples that we did with the ipfs gateways, we 900 00:54:18,000 --> 00:54:23,900 built a Tribble mirror of Wikipedia. 901 00:54:24,100 --> 00:54:28,200 So you can actually link to this site. 902 00:54:28,200 --> 00:54:32,900 It's on ipfs and you can build essentially search type 903 00:54:32,900 --> 00:54:37,800 capabilities into ipfs, because a search has essentially a 904 00:54:37,808 --> 00:54:41,400 table, which is a static file, and then you can, you can put 905 00:54:41,400 --> 00:54:43,500 Javascript into there. So you can, you can do some 906 00:54:43,500 --> 00:54:45,800 really cool interactive things with ipfs. 907 00:54:45,800 --> 00:54:48,200 It's not just about serving up, static images. 908 00:54:48,200 --> 00:54:50,600 It's a it's a fully-fledged platform. 909 00:54:50,600 --> 00:54:53,200 So I think those those are the two things that we learned about 910 00:54:53,200 --> 00:54:56,000 ipfs. The other thing that we learned 911 00:54:56,000 --> 00:55:03,100 is just just the, the interest in this area is huge. 912 00:55:04,600 --> 00:55:07,400 A lot of people are really trying to figure out how to 913 00:55:08,100 --> 00:55:13,000 engage with and take advantage of and, you know, have reaped 914 00:55:13,000 --> 00:55:19,100 the benefits of of new technology and that provide 915 00:55:19,800 --> 00:55:26,900 provides new features like having having resilience to 916 00:55:26,900 --> 00:55:33,600 single two failures is a big thing, having integrity and and 917 00:55:33,600 --> 00:55:40,100 people are really Billy thinking about trust and hosting websites 918 00:55:40,100 --> 00:55:42,800 and hosting web services, and running things online. 919 00:55:44,100 --> 00:55:48,000 It's more and more important for for people to be able to trust 920 00:55:48,000 --> 00:55:51,600 what you're doing. And as the infrastructure grows, 921 00:55:51,600 --> 00:55:54,500 there's just so many more participants that. 922 00:55:56,200 --> 00:55:59,400 It's hard to hard to actually, you know, implicitly, trust 923 00:55:59,400 --> 00:56:00,300 everything that you're doing online. 924 00:56:00,300 --> 00:56:02,700 So we have to have to build these technical measures and, 925 00:56:02,900 --> 00:56:04,700 and there's a lot of interest in this. 926 00:56:05,500 --> 00:56:08,600 From lots of ankles. Cool. 927 00:56:08,600 --> 00:56:13,600 So one of my favorite stories actually regarding like ipfs and 928 00:56:13,600 --> 00:56:17,700 gateways is, I was talking to Jeremy Johnson from protocol 929 00:56:17,700 --> 00:56:22,600 Labs about a year ago. Last Devcon Defcon 3, so 930 00:56:22,800 --> 00:56:26,300 November 2017. And this was like, right around 931 00:56:26,300 --> 00:56:30,100 like, right after like the whole like, Catalonia and Catalan 932 00:56:30,400 --> 00:56:33,200 referendum around Independence, I was going on. 933 00:56:33,500 --> 00:56:38,600 And so what was happening during that, Process was the Spanish 934 00:56:38,600 --> 00:56:40,000 government. So, you know, there were a lot 935 00:56:40,000 --> 00:56:43,100 of like Pro referendum website, people like website showing 936 00:56:43,100 --> 00:56:46,300 people like how to go vote and like you know just like reasons 937 00:56:46,300 --> 00:56:50,200 why I like you know, just general pro website and the 938 00:56:50,200 --> 00:56:52,800 Spanish government was like sort of censoring these and shutting 939 00:56:52,800 --> 00:56:58,000 a lot of them down and what was really cool was ipfs was 940 00:56:58,000 --> 00:57:02,500 actually being used to keep some of these websites up and so 941 00:57:02,500 --> 00:57:04,700 people were like hosting them on ipfs. 942 00:57:05,200 --> 00:57:07,800 And I thought it was really cool because it was one of like, I 943 00:57:07,808 --> 00:57:09,300 don't know. I think one of the first times 944 00:57:09,300 --> 00:57:12,800 that like, this generation of like, decentralization 945 00:57:12,800 --> 00:57:16,200 Technologies has really been used to like, cause lack of 946 00:57:17,100 --> 00:57:21,100 physical, like a tangible impact on like, current unlike world on 947 00:57:21,100 --> 00:57:24,300 world politics or whatnot. But then there was something 948 00:57:24,300 --> 00:57:28,000 interesting happening where the website were being hosted on 949 00:57:28,000 --> 00:57:33,800 ipfs, but everyone was accessing them through the ipfs dot IO 950 00:57:33,900 --> 00:57:36,300 Gateway. What the Spanish government 951 00:57:36,300 --> 00:57:39,100 essentially ended up, Charlie doing was actually censoring the 952 00:57:39,100 --> 00:57:43,800 ipfs dot IO domain Gateway. And so now people weren't and 953 00:57:43,800 --> 00:57:48,100 most people weren't even aware of any any other gateways and 954 00:57:48,100 --> 00:57:50,500 people didn't have the soft and you know it's not easy to 955 00:57:50,500 --> 00:57:54,300 install the ipfs software and so it just suddenly became very 956 00:57:55,200 --> 00:57:57,800 inaccessible to them. And so this kind of like leads 957 00:57:57,800 --> 00:58:02,400 into the other one of the other kind of centerpieces of your 958 00:58:02,400 --> 00:58:06,000 crypto week that you had was about tour and So how do you see 959 00:58:06,000 --> 00:58:09,200 this like interesting relationship between ipfs and 960 00:58:09,200 --> 00:58:12,800 tour and like what can I be a fast gain by being served over 961 00:58:12,800 --> 00:58:17,400 tour? Yeah so I think I think of tour 962 00:58:17,400 --> 00:58:23,100 as in the same family of Technologies as ipfs and a lot 963 00:58:23,100 --> 00:58:25,600 of these new blockchain distributed web type 964 00:58:25,600 --> 00:58:29,400 Technologies because it really is a lot of independent nodes 965 00:58:29,400 --> 00:58:36,500 that work together to provide a property that you wouldn't get 966 00:58:36,500 --> 00:58:38,500 with a with with the regular web. 967 00:58:38,500 --> 00:58:42,600 So with tour, what it does is it provides you with routing and 968 00:58:42,600 --> 00:58:46,500 anonymity and it uses a Weird encryption approach to do so, 969 00:58:46,800 --> 00:58:53,100 and, and in terms of their trade offs latency is one that they 970 00:58:53,100 --> 00:58:54,800 just don't really care about. It's actually. 971 00:58:54,800 --> 00:58:58,100 Anonymity is much more important than getting things quick. 972 00:58:58,100 --> 00:59:05,600 So the typical web, I mean, the unencrypted web and potentially 973 00:59:05,600 --> 00:59:08,100 even ipfs. If you're talking about 974 00:59:08,200 --> 00:59:12,800 Distributing this content, it's the opposite of a not Anonymous, 975 00:59:12,800 --> 00:59:14,400 right? You're connecting. 976 00:59:14,500 --> 00:59:18,100 Directly with another person and requesting a very specific 977 00:59:18,100 --> 00:59:19,600 thing. And they know what you're asking 978 00:59:19,600 --> 00:59:22,200 and they know who you are. But but it provides Integrity. 979 00:59:22,200 --> 00:59:25,400 So you have one network that provides integrity and one 980 00:59:25,400 --> 00:59:30,300 network that provides anonymity. Then it sort of makes sense to 981 00:59:30,500 --> 00:59:31,700 me. If you want both, you can kind 982 00:59:31,700 --> 00:59:36,000 of put one on top of the other and what cloudflare launched 983 00:59:36,000 --> 00:59:42,400 during crypto week, was essentially a way to access the 984 00:59:42,400 --> 00:59:45,300 Tor Network. It's kind of like Cloudflare put 985 00:59:45,300 --> 00:59:49,300 an ipfs node into the ipfs network clubs, or put a Tor node 986 00:59:49,300 --> 00:59:53,000 into the Tor Network as well. And this Tor Network or note is, 987 00:59:53,100 --> 00:59:58,200 is used to Route any traffic to any site that's on cloudflare. 988 00:59:58,200 --> 01:00:02,700 So, if you connect through Cloud flares, Tor node, which is a DOT 989 01:00:02,700 --> 01:00:04,500 onion address, we've got about 10 of them. 990 01:00:05,000 --> 01:00:07,600 If you connect any one of those and make a request for any site, 991 01:00:07,600 --> 01:00:09,700 that's on cloudflare, it kind of goes through. 992 01:00:09,900 --> 01:00:14,600 And so, the yeah, the, the bottom of the diagram that I 993 01:00:14,600 --> 01:00:18,300 think you're referencing on the page shows user going through 994 01:00:18,300 --> 01:00:23,200 tour, and then connecting out the tour Point through 995 01:00:23,200 --> 01:00:26,500 cloudflare, and then to the club, flyer, ipfs Gateway, and 996 01:00:26,500 --> 01:00:30,400 then to ipfs. So I think if you're doing, so 997 01:00:30,400 --> 01:00:33,200 you're going to get a very slow connection, but it's going to be 998 01:00:33,900 --> 01:00:37,400 very private even cloudflare doesn't know who you are, but, 999 01:00:37,500 --> 01:00:41,300 but you also gain, you know, the end-to-end Integrity properties 1000 01:00:41,300 --> 01:00:43,300 of ipfs. I think they're pretty cool 1001 01:00:43,300 --> 01:00:45,800 complementary Technologies. If you're okay with things being 1002 01:00:45,800 --> 01:00:49,400 extremely slow, I see. So this whole like onion routing 1003 01:00:49,400 --> 01:00:54,200 service that you guys built that week, you know, I know and like 1004 01:00:54,200 --> 01:00:56,800 the past year, especially on, like, Hacker News and stop. 1005 01:00:56,800 --> 01:01:00,700 There's a lot of people like to, like blame Cloud flares, like, 1006 01:01:01,200 --> 01:01:03,800 like, especially the recapture features for some sort of, like, 1007 01:01:03,800 --> 01:01:07,000 the degradation of the user experience on tour. 1008 01:01:07,800 --> 01:01:10,900 I always thought that it is a bit of like, an unfair blaming. 1009 01:01:11,100 --> 01:01:14,400 But could you explain a little bit of why this whole recapture 1010 01:01:14,500 --> 01:01:20,100 system is like so necessary in the torrent or and then how your 1011 01:01:20,100 --> 01:01:24,000 onion routing service protocol like helps resolve some of those 1012 01:01:24,500 --> 01:01:26,900 pain points? Yeah, absolutely. 1013 01:01:26,900 --> 01:01:31,800 So as I mentioned, people come to cloudflare for security 1014 01:01:33,500 --> 01:01:36,700 insights acceleration, things like this security is one of the 1015 01:01:36,700 --> 01:01:40,200 main things. And if you talk to you, the 1016 01:01:40,200 --> 01:01:44,100 average webmaster or the person running a website, they actually 1017 01:01:44,100 --> 01:01:46,900 do. Really have a very favorable 1018 01:01:46,900 --> 01:01:51,200 opinion of tour, because as an anonymity Network, it's very 1019 01:01:51,200 --> 01:01:55,300 easy to send abusive traffic through it and not have to deal 1020 01:01:55,300 --> 01:01:59,800 with the consequences. So a lot of the traffic that 1021 01:01:59,800 --> 01:02:04,100 actually comes through Tor and comes through exit nodes, is, is 1022 01:02:04,100 --> 01:02:07,400 attack traffic and we it hits our web application firewall. 1023 01:02:07,400 --> 01:02:10,300 And we say, what is this? And, and sort of block it. 1024 01:02:10,300 --> 01:02:15,000 So, the way that the Clusters currently set up and And we're 1025 01:02:15,000 --> 01:02:19,700 hoping to improve the system is, is to use something called IP 1026 01:02:19,700 --> 01:02:23,400 reputation and IP reputation databases to help make a 1027 01:02:23,408 --> 01:02:28,500 determination as to how likely appear HTTP request is going to 1028 01:02:28,500 --> 01:02:33,000 be malicious or not, or part of a flood or not. 1029 01:02:33,000 --> 01:02:38,100 Is this an attack or not? And so what we do is we use a 1030 01:02:38,100 --> 01:02:42,200 captcha to kind of prove that it's a to force the user coming 1031 01:02:42,200 --> 01:02:48,300 through to force to prove They are a human or at least able to 1032 01:02:48,300 --> 01:02:52,100 solve one of these human interaction puzzles and sort of 1033 01:02:52,100 --> 01:02:53,800 once they've proved that their person, then we say, okay, 1034 01:02:53,800 --> 01:02:55,300 great. You can come through do whatever 1035 01:02:55,300 --> 01:02:59,200 you want with this website but where you're coming from seems 1036 01:02:59,200 --> 01:03:04,500 to have a lot of bad requests. And so the kind of danger level 1037 01:03:04,800 --> 01:03:07,900 gets elevated. And and this is something that 1038 01:03:08,200 --> 01:03:12,600 our customers expect is that they have to pay for bandwidth. 1039 01:03:12,600 --> 01:03:16,400 They have to pay for You know what, it takes to administer 1040 01:03:16,400 --> 01:03:20,200 site and run it and deal with comment, spam, and, and deal 1041 01:03:20,200 --> 01:03:23,100 with all these sort of things. And, and, you know, this IP 1042 01:03:23,100 --> 01:03:27,800 reputation is a very coarse way of lowering, the amount of crap 1043 01:03:27,800 --> 01:03:29,800 that you get, if you will on the site. 1044 01:03:29,800 --> 01:03:32,000 So because of how tour works is that? 1045 01:03:32,000 --> 01:03:36,300 There's there's a couple. There's a small set of computers 1046 01:03:36,300 --> 01:03:39,200 that are called, Tor exit nodes where the traffic goes into the 1047 01:03:39,200 --> 01:03:42,800 Tor Network and then exit out of those exits, out of those nodes 1048 01:03:43,300 --> 01:03:48,900 into The internet. These IPS tend to be given a 1049 01:03:48,908 --> 01:03:53,700 pretty bad reputation because there's so much bad stuff coming 1050 01:03:53,700 --> 01:03:56,100 from them. So, this is kind of the Crux of 1051 01:03:56,100 --> 01:03:58,700 the reason why people see so many captures while using Tor. 1052 01:03:58,700 --> 01:04:02,400 And why cloudflare is, is sort of being blamed for the 1053 01:04:02,400 --> 01:04:05,000 degradation of this network. And we didn't like that. 1054 01:04:05,000 --> 01:04:09,000 We think that, you know, towards a valuable tool, we still need 1055 01:04:09,000 --> 01:04:12,100 to protect our customers from attacks and we and like these 1056 01:04:12,100 --> 01:04:15,000 are just, this is, this is who were building The service for in 1057 01:04:15,008 --> 01:04:18,600 this is these are the people who, you know, we want to use 1058 01:04:18,600 --> 01:04:20,600 cloudflare, we still want to give them that service. 1059 01:04:20,600 --> 01:04:24,300 But we also think that the the secondary effects on the 1060 01:04:24,300 --> 01:04:27,600 internet as a whole, it's are important as well. 1061 01:04:27,600 --> 01:04:32,100 So having more people use, an anonymity Network. 1062 01:04:32,100 --> 01:04:35,900 Make having people use, gain these properties of these 1063 01:04:35,900 --> 01:04:39,000 alternative networks, if they choose to use them and not be 1064 01:04:39,000 --> 01:04:42,800 punished for it is something that we're really interested in. 1065 01:04:42,800 --> 01:04:50,200 So, What art or Gateway does is it allows folks who are browsing 1066 01:04:50,200 --> 01:04:56,600 websites on tour to actually access cloudflare websites 1067 01:04:56,600 --> 01:04:58,800 through. As I mentioned a node that's 1068 01:04:58,800 --> 01:05:03,100 running in the Tor Network that has an onion address and if I 1069 01:05:03,100 --> 01:05:05,000 guess every time that you connect through the Tor Network 1070 01:05:05,000 --> 01:05:07,300 to an onion service you connect through a circuit. 1071 01:05:07,300 --> 01:05:10,700 So there's an entry node, there's a Transit node, there's 1072 01:05:10,700 --> 01:05:13,600 a third node, and then you then you can connect to the site. 1073 01:05:13,600 --> 01:05:17,100 So every one of these circuits is unique for every person. 1074 01:05:18,300 --> 01:05:21,600 And when you run an onion service, you actually get a 1075 01:05:21,600 --> 01:05:24,500 circuit ID. You get to know whether or not 1076 01:05:24,500 --> 01:05:29,300 two different connections to the same, to the same service are 1077 01:05:29,300 --> 01:05:32,200 from two different people. And because of that, you can 1078 01:05:33,700 --> 01:05:38,200 actually apply policies on a very selective basis, right? 1079 01:05:38,200 --> 01:05:40,500 So, if someone is actually sending a lot of comment, spam, 1080 01:05:40,500 --> 01:05:43,700 then you can say, you know, this circuit, the circuit is bad, you 1081 01:05:43,700 --> 01:05:46,100 can block this. Without blocking legitimate 1082 01:05:46,100 --> 01:05:48,600 people. And I think this is, this is one 1083 01:05:48,600 --> 01:05:52,800 of the one of the great things that we helped put together with 1084 01:05:52,800 --> 01:05:55,300 this. With this tour thing we work 1085 01:05:55,300 --> 01:05:58,600 with the Tor Browser team as well to help implement this. 1086 01:05:58,600 --> 01:06:02,300 So, if you visit a site that's on cloudflare, will send an HTTP 1087 01:06:02,300 --> 01:06:05,200 header that says, hey by the way, if you want, if you're 1088 01:06:05,200 --> 01:06:09,500 going to reconnect, we have all these onion addresses and you 1089 01:06:09,500 --> 01:06:12,300 can just use these in Connect router instead of connecting 1090 01:06:12,300 --> 01:06:16,800 through an IP address and And this has been very, very 1091 01:06:16,800 --> 01:06:21,600 successful actually we turn it on for all cloudflare Sites with 1092 01:06:21,600 --> 01:06:23,600 all of this. And I mean, you guys are it 1093 01:06:23,600 --> 01:06:26,000 seems like quite quite involve in. 1094 01:06:26,300 --> 01:06:29,100 So the open source space. In fact, Sonny was mentioning 1095 01:06:29,100 --> 01:06:32,300 earlier and I wasn't aware of this, but you guys have quite a 1096 01:06:32,300 --> 01:06:35,200 few crypto libraries that that are open source. 1097 01:06:35,200 --> 01:06:39,500 In fact, some of them are being used by ethereum and a bunch of 1098 01:06:39,500 --> 01:06:41,300 other websites like pretty much off. 1099 01:06:41,300 --> 01:06:43,100 The internet is using your crypto libraries. 1100 01:06:43,400 --> 01:06:46,000 How does this? This and this experimentation 1101 01:06:46,000 --> 01:06:49,000 with ipfs and this tour stuff you guys are working on. 1102 01:06:49,000 --> 01:06:52,400 Like how does this all fit into like your business model? 1103 01:06:52,400 --> 01:06:54,600 Is there are there specific businesses here that you're 1104 01:06:54,607 --> 01:06:58,800 looking to develop? Or is it more just sort of being 1105 01:06:58,800 --> 01:07:03,100 at The Cutting Edge of these Technologies and allowing so the 1106 01:07:03,500 --> 01:07:06,100 the experience of everybody using the web to be improved. 1107 01:07:07,000 --> 01:07:08,900 Well it's part of the mission statement of the company which 1108 01:07:08,900 --> 01:07:13,000 is to help build a better internet and open source is 1109 01:07:13,700 --> 01:07:17,200 something that's core to what we are. 1110 01:07:17,200 --> 01:07:22,700 I think cloud flares doesn't necessarily have Secret Sauce in 1111 01:07:22,707 --> 01:07:25,700 the software, right? Almost everything that we use we 1112 01:07:25,700 --> 01:07:30,400 try to open source because it will be usable for for other 1113 01:07:30,400 --> 01:07:34,100 folks online. So, for example, four years ago, 1114 01:07:34,100 --> 01:07:36,200 we released a library called CFS. 1115 01:07:36,300 --> 01:07:40,000 SL. Which was a go based certificate 1116 01:07:40,000 --> 01:07:44,700 Authority, and you can use it to build certificates and build a 1117 01:07:44,707 --> 01:07:46,500 pki inside your own organization. 1118 01:07:46,500 --> 01:07:49,800 And it actually got picked up by, let's encrypt. 1119 01:07:49,800 --> 01:07:52,500 And now it's the core of the let's encrypt certificate 1120 01:07:52,500 --> 01:07:55,900 Authority as well as you know, Salesforce and a bunch of other 1121 01:07:55,900 --> 01:08:01,500 really big companies are using it and and we've contributed 1122 01:08:01,500 --> 01:08:06,500 code to the go standard Library. So the P 256, which is One of 1123 01:08:06,508 --> 01:08:11,800 the most, well, commonly used elliptic curves one of cloud. 1124 01:08:11,800 --> 01:08:14,100 Fleurs Engineers. You know, we optimized it 1125 01:08:14,100 --> 01:08:15,800 because we do so much cryptography. 1126 01:08:15,800 --> 01:08:18,500 So, you know why not share this with the world. 1127 01:08:18,500 --> 01:08:23,800 And I think it's it's there's no drawback for everybody having a 1128 01:08:23,800 --> 01:08:29,399 better version of cryptographic tools and if you have a faster 1129 01:08:29,399 --> 01:08:33,100 Library that's secure and safe, put it out there for people to 1130 01:08:33,100 --> 01:08:38,100 use I guess so, so far, we've talked a lot about, you know, 1131 01:08:38,100 --> 01:08:41,399 two major decentralization technology, which is ipfs and 1132 01:08:41,399 --> 01:08:43,100 tour. But one that we haven't really 1133 01:08:43,100 --> 01:08:45,800 talked too much about yet which is probably one of the you know 1134 01:08:45,800 --> 01:08:48,800 ones that's the most. Well-known is blockchains right? 1135 01:08:48,899 --> 01:08:53,300 And so I was wondering how do you guys think about 1136 01:08:53,800 --> 01:08:55,899 blockchains? You know, I know you have this 1137 01:08:55,899 --> 01:09:00,800 one protocol, you kind of like dubbed clock chains like as a 1138 01:09:00,808 --> 01:09:03,600 joke but, you know, and that one you're talking about. 1139 01:09:03,800 --> 01:09:08,500 Like, you know, a timing system for like SSL certificates, so 1140 01:09:08,500 --> 01:09:10,800 you can, you know, like, you know, synchronize clocks. 1141 01:09:11,500 --> 01:09:13,899 But, you know, another option I actually worked on a project 1142 01:09:13,899 --> 01:09:17,000 where like, you know, instead of like doing SSL certificate 1143 01:09:17,000 --> 01:09:20,100 expired, expiration, you can do a system where like, you know, 1144 01:09:20,100 --> 01:09:23,200 public a blockchain acts as a public bulletin board where you 1145 01:09:23,200 --> 01:09:28,200 like lists expire or like compromise signing systems. 1146 01:09:28,700 --> 01:09:31,700 Another use case for I think like blockchains within your 1147 01:09:31,700 --> 01:09:35,000 within the web infrastructure is Throughout this entire thing, 1148 01:09:35,000 --> 01:09:38,399 you guys have talked a lot about like using the DNS system, 1149 01:09:38,399 --> 01:09:39,899 right? So you talked about how you 1150 01:09:39,899 --> 01:09:46,200 using DNS for like ipfs like resolution or you know with the 1151 01:09:46,200 --> 01:09:49,300 your you have this other project called encrypted Sni which 1152 01:09:49,300 --> 01:09:53,500 you're trying to basically create like a pki and so you 1153 01:09:53,500 --> 01:09:56,400 know you're using the you're kind of using that DNS system to 1154 01:09:56,400 --> 01:10:00,800 do that as well. And like we mentioned, the DNS 1155 01:10:00,800 --> 01:10:03,000 system is a very like hierarchical system. 1156 01:10:03,700 --> 01:10:08,200 Have you ever thought about maybe exploring the option of 1157 01:10:08,200 --> 01:10:11,100 using blockchains to do so? But you know, so we mentioned 1158 01:10:11,100 --> 01:10:14,900 Zuko's triangle as earlier as well and so you know the cool 1159 01:10:14,900 --> 01:10:16,600 thing was. So super triangle is this whole 1160 01:10:16,600 --> 01:10:21,000 thing about human readability and centralization and security. 1161 01:10:21,500 --> 01:10:24,100 But Aaron Schwartz actually had this like you know he actually 1162 01:10:24,100 --> 01:10:26,200 made this observation that a blockchain actually is a way to 1163 01:10:26,200 --> 01:10:29,500 get around as you goes triangle and so that kind of led to 1164 01:10:29,500 --> 01:10:32,400 projects like namecoin and handshake and things like this. 1165 01:10:32,700 --> 01:10:34,600 So yes. Oh my Overall question here is 1166 01:10:34,600 --> 01:10:37,500 like how do you guys think about like integrating like blockchain 1167 01:10:37,500 --> 01:10:41,400 technology into some of your offerings or in the just in the 1168 01:10:41,400 --> 01:10:43,100 general web infrastructure as a whole? 1169 01:10:44,500 --> 01:10:47,300 Yeah. So I think there's a there's 1170 01:10:47,300 --> 01:10:51,700 another kind of trilemma that our CEO Matthew prints put out 1171 01:10:51,800 --> 01:10:57,500 in a in a blog post about tour a few years ago about you know 1172 01:10:59,000 --> 01:11:04,800 making things usable secure and having low latency and I think 1173 01:11:05,600 --> 01:11:09,300 when you're in the web context, this is something that's very 1174 01:11:09,300 --> 01:11:11,800 underrated. Is the ability to get things 1175 01:11:11,800 --> 01:11:14,700 fast and to get things. He's immediately. 1176 01:11:15,100 --> 01:11:21,700 And so when it comes to certificates and time and a lot 1177 01:11:21,700 --> 01:11:23,800 of different things, if you're connecting to a website, hundred 1178 01:11:23,800 --> 01:11:25,300 milliseconds is going to kill you. 1179 01:11:26,200 --> 01:11:30,600 And so there's there's a number of initiatives that were 1180 01:11:30,600 --> 01:11:35,500 interested in that are blockchain, ask that our block 1181 01:11:35,500 --> 01:11:41,200 chain, that sort of seemed blockchain blockchain, ask and 1182 01:11:41,200 --> 01:11:44,800 one of those is certificate. Transparency. and so, one of the 1183 01:11:46,500 --> 01:11:50,300 I guess the one of the main differences here is that in a 1184 01:11:50,308 --> 01:11:52,200 lot of the blockchain technologies that we're talking 1185 01:11:52,200 --> 01:11:53,900 about. Its we're talking about fully 1186 01:11:54,100 --> 01:11:57,600 trustless decentralized systems where you have a lot of 1187 01:11:57,600 --> 01:12:00,300 different peers and then you have to this is, this is why 1188 01:12:00,300 --> 01:12:04,300 consensus is so important is being able to have all these 1189 01:12:04,300 --> 01:12:06,900 different pairs and all sort of agree on a specific thing. 1190 01:12:07,600 --> 01:12:10,400 I think in the web pki and at least in the website situation, 1191 01:12:11,500 --> 01:12:14,800 that's Fine. But that's sort of a step too 1192 01:12:14,800 --> 01:12:19,900 far, or at least it's a step that's a little bigger than the 1193 01:12:19,900 --> 01:12:22,100 technology is willing to take us right now. 1194 01:12:22,400 --> 01:12:27,200 So, certificate transparency is an example of one step. 1195 01:12:27,200 --> 01:12:31,100 So it's essentially a hash tree of all the certificates that 1196 01:12:31,100 --> 01:12:34,600 have ever been issued and for certificate, transparency to 1197 01:12:34,600 --> 01:12:37,500 work. You need independent groups to 1198 01:12:38,200 --> 01:12:41,800 manage these these certificates as well. 1199 01:12:43,000 --> 01:12:45,500 So you end up in something with that sort of the analogous of 1200 01:12:46,000 --> 01:12:48,300 like a permission blockchain and with certificate transparency 1201 01:12:48,300 --> 01:12:53,500 you have to you actually don't have to do the look up on the 1202 01:12:53,508 --> 01:12:56,100 machine and you don't have to run a node on your machine and 1203 01:12:56,100 --> 01:12:59,800 you don't have to synchronize with the blockchain and so the 1204 01:12:59,800 --> 01:13:06,100 cost of latency to a system like this is not big enough to slow 1205 01:13:06,100 --> 01:13:10,700 its progress. So I think the main challenge 1206 01:13:10,800 --> 01:13:16,200 for integrating web T.i. traditional web Technologies and 1207 01:13:16,200 --> 01:13:20,400 blockchains is really about being fast and being able to 1208 01:13:20,400 --> 01:13:22,800 synchronize things fast and being able to transfer data fast 1209 01:13:22,800 --> 01:13:28,300 and be able to have of fast consensus and having a fully 1210 01:13:28,600 --> 01:13:31,600 trust list system is is not necessarily conducive to that. 1211 01:13:31,600 --> 01:13:34,500 Although we seen some some pretty good experimentation 1212 01:13:34,500 --> 01:13:37,700 experiments in that direction. I see cool. 1213 01:13:37,900 --> 01:13:43,100 And earlier, you had mentioned that this ipfs Gateway is just 1214 01:13:43,100 --> 01:13:47,600 one of the first projects in this larger decentralized web 1215 01:13:47,600 --> 01:13:50,100 Gateway Series of projects almost. 1216 01:13:50,100 --> 01:13:54,200 So you know what are what are some of the other projects that 1217 01:13:54,200 --> 01:13:58,000 are like you have plan in the sphere of decentralized web? 1218 01:13:58,000 --> 01:14:00,200 One that I thought I think it would be really cool. 1219 01:14:00,200 --> 01:14:02,900 Was like, would be like, you know, maybe in your Cloud Fair 1220 01:14:02,900 --> 01:14:06,300 DNS, like 1.1.11, maybe integrate like namecoin 1221 01:14:06,300 --> 01:14:08,500 resolution, which I thought would be a really cool idea. 1222 01:14:08,500 --> 01:14:10,700 But I don't know what are some of the other ones that you guys 1223 01:14:10,700 --> 01:14:13,300 are thinking about. So we've talked to the Namecoin 1224 01:14:13,300 --> 01:14:17,900 folks, we've talked to Folks at a theorem we're really kind of 1225 01:14:17,900 --> 01:14:20,800 testing the waters at this point and right now we're mostly 1226 01:14:20,800 --> 01:14:24,400 investing in, you know, how can we make the ipfs Gateway better? 1227 01:14:24,500 --> 01:14:26,600 And that's what the short-term road map looks like. 1228 01:14:26,600 --> 01:14:29,900 But but down the road, there's so many interesting Technologies 1229 01:14:29,900 --> 01:14:31,400 in this space solving different problems. 1230 01:14:31,400 --> 01:14:36,100 And you shouldn't be surprised to see any one of those pop-up 1231 01:14:36,300 --> 01:14:39,900 down the line. Yeah, so you mentioned 1.1.1 1232 01:14:40,300 --> 01:14:45,300 that one and so that's a basically a free DNS service 1233 01:14:45,300 --> 01:14:50,300 that you provide, so I guess similar to like Google DNS or 1234 01:14:50,800 --> 01:14:53,600 OpenDNS something like that. But but with with privacy 1235 01:14:53,600 --> 01:14:56,300 apparently and your I was reading your website earlier and 1236 01:14:56,300 --> 01:15:00,800 I guess KPMG is auditing your servers to make sure that you're 1237 01:15:00,800 --> 01:15:02,400 not actually like logging anything. 1238 01:15:02,400 --> 01:15:05,100 And so six privacy is sort of a big deal here. 1239 01:15:05,500 --> 01:15:09,700 I'm curious like what goes into To buying a with people sort of, 1240 01:15:09,700 --> 01:15:14,100 hear about flipping domain names and paying an enormous amounts 1241 01:15:14,100 --> 01:15:17,000 of money for domain names. What goes into buying the IP 1242 01:15:17,000 --> 01:15:23,800 address, that went up 1.1.1. Well, we didn't buy 1.10 101. 1243 01:15:23,800 --> 01:15:27,600 It's actually I mentioned how there's different registration, 1244 01:15:27,600 --> 01:15:29,900 the different authorities and manage IPS. 1245 01:15:29,900 --> 01:15:34,400 And the one space is actually owned by 8p Nick, which is the 1246 01:15:34,400 --> 01:15:36,700 asia-pacific region for Distributing IPS. 1247 01:15:37,000 --> 01:15:42,800 And And they, they never thought that they would be possible to 1248 01:15:42,800 --> 01:15:48,000 even give this IP address to anybody because it was so so 1249 01:15:48,000 --> 01:15:49,700 bad. In terms of the amount of 1250 01:15:49,700 --> 01:15:51,200 garbage traffic, that would come to it. 1251 01:15:51,200 --> 01:15:55,600 So anybody who's building any sort of test for an IP address 1252 01:15:55,900 --> 01:15:58,700 in, any documentation is going to say 1111, it's just the 1253 01:15:58,700 --> 01:16:00,900 simplest example that you can, you can use. 1254 01:16:00,900 --> 01:16:04,200 So there's an enormous amount of background internet background 1255 01:16:04,200 --> 01:16:08,900 radiation hitting the 1.1.1 IP, Address that they were sort of 1256 01:16:08,900 --> 01:16:10,600 like we can't allocate this. There's no. 1257 01:16:10,800 --> 01:16:13,100 There's no reason anybody would ever want to use it. 1258 01:16:13,100 --> 01:16:18,300 It's just so it's basically constantly under DDOS from from 1259 01:16:18,300 --> 01:16:21,200 just the, the background internet radiation and clouds 1260 01:16:21,200 --> 01:16:24,600 layer was one of the organizations that in the world. 1261 01:16:24,600 --> 01:16:27,800 One of the few that could have. Actually, you know, that's no no 1262 01:16:27,800 --> 01:16:31,400 big deal to handle a bunch of unexpected traffic. 1263 01:16:31,400 --> 01:16:35,800 So we made a deal with ap neck and and they're lending us the 1264 01:16:35,800 --> 01:16:41,200 IP address for for the For this project and and and it's been a 1265 01:16:41,300 --> 01:16:45,700 pretty fruitful collaboration with them so far and really 1266 01:16:45,700 --> 01:16:47,700 successful project. That's pretty funny. 1267 01:16:47,700 --> 01:16:50,900 So it kind of shows off your DDOS like capabilities as well 1268 01:16:51,400 --> 01:16:53,500 protection capabilities. Yeah, absolutely. 1269 01:16:54,300 --> 01:16:59,000 And one of the thing we should have mentioned earlier but I 1270 01:16:59,000 --> 01:17:03,400 guess in your office in the maybe like in the lobby or 1271 01:17:03,400 --> 01:17:04,900 something, there's a bunch of lava lamps. 1272 01:17:04,900 --> 01:17:06,600 They are like generating entropy. 1273 01:17:06,600 --> 01:17:07,600 Can you tell us a bit about that? 1274 01:17:07,700 --> 01:17:13,100 That sure. Yeah, so anybody who saw the 1275 01:17:13,100 --> 01:17:17,800 first episode of NCIS this year might recognize they kind of 1276 01:17:17,800 --> 01:17:22,200 stole the plot idea from from cloud flares office. 1277 01:17:22,200 --> 01:17:25,700 But yeah, so we have a wall in our front lobby that has, you 1278 01:17:25,708 --> 01:17:30,500 know, about 100 lava lamps and we record it with a with a 1279 01:17:30,700 --> 01:17:33,000 digital recorder. And we turn that data stream 1280 01:17:33,000 --> 01:17:36,200 into a source of random numbers that we actually, you know, send 1281 01:17:36,200 --> 01:17:39,800 out to our dentist. Centers in our servers and feed 1282 01:17:39,800 --> 01:17:42,400 it into the as an additional rent source. 1283 01:17:42,400 --> 01:17:45,800 So is there any academic research or anything like that? 1284 01:17:45,800 --> 01:17:48,500 That would suggest that lava lamps are actually random. 1285 01:17:49,900 --> 01:17:57,600 Well, the lamps themselves are pretty unpredictable II but the 1286 01:17:57,600 --> 01:17:59,800 main thing is, is it doesn't really matter. 1287 01:18:00,800 --> 01:18:03,800 If you have a sufficiently Advanced Camera, there's going 1288 01:18:03,800 --> 01:18:10,400 to be enough noise in in it to actually actually create enough 1289 01:18:10,400 --> 01:18:13,000 entropy to be a useful useful source. 1290 01:18:14,000 --> 01:18:18,500 And also the lighting is also is is a big part of it at any time 1291 01:18:18,500 --> 01:18:21,600 of day Day, you're going to have different different sources of 1292 01:18:21,600 --> 01:18:24,100 light and people walking in front of the camera. 1293 01:18:24,100 --> 01:18:30,100 And there's, there's enough entropy and in like an HD HD 1294 01:18:30,100 --> 01:18:33,500 film to to use for a lifetime. Right. 1295 01:18:33,900 --> 01:18:35,800 And I'm sure the temperature fluctuations in the room. 1296 01:18:35,800 --> 01:18:37,600 Also affect the lava lamp as well. 1297 01:18:38,300 --> 01:18:40,500 Yeah. It's very hard to predict the 1298 01:18:40,500 --> 01:18:44,100 levels of the lava lamp but it's to protect everything else. 1299 01:18:44,100 --> 01:18:46,800 All the other atmospheric conditions basically impossible 1300 01:18:47,800 --> 01:18:51,200 And even if they were predictable, we mix it in with 1301 01:18:51,200 --> 01:18:53,500 other sources such as Hardware rent numbers. 1302 01:18:54,900 --> 01:18:57,600 Okay, well, with that Nick, I want to thank you for coming on 1303 01:18:57,608 --> 01:18:58,900 the show. Today was a fascinating 1304 01:18:58,900 --> 01:19:02,200 discussion and I look forward to seeing what comes out of clouds 1305 01:19:02,200 --> 01:19:05,500 floating future. I think, now that things are so 1306 01:19:05,500 --> 01:19:10,500 easy, thanks to cloudflare, might look into making our 1307 01:19:10,500 --> 01:19:15,800 website available like as an onion domain like available 1308 01:19:15,800 --> 01:19:17,600 ipfs. You know, do something like 1309 01:19:17,600 --> 01:19:19,200 that. Yeah, absolutely. 1310 01:19:19,700 --> 01:19:24,200 Thanks for having me on Thank you for joining us on this 1311 01:19:24,200 --> 01:19:26,600 week's episode. We release new episodes every 1312 01:19:26,600 --> 01:19:28,600 week. You can find And subscribe to 1313 01:19:28,600 --> 01:19:32,400 the show on iTunes Spotify, YouTube SoundCloud or wherever 1314 01:19:32,400 --> 01:19:34,800 you listen to podcasts. And if you have a Google home or 1315 01:19:34,800 --> 01:19:37,600 Alexa device, you can tell it to listen to the latest episode of 1316 01:19:37,600 --> 01:19:41,500 the epicenter podcast, go to epicenter, .t V /, subscribe for 1317 01:19:41,500 --> 01:19:43,400 a full list of places where you can watch and listen. 1318 01:19:43,900 --> 01:19:46,200 And while you're there, be sure to sign up for the newsletter so 1319 01:19:46,200 --> 01:19:48,600 you get new episodes in your inbox as they're released. 1320 01:19:49,400 --> 01:19:51,800 If you want to interact with us, the guest or other podcast 1321 01:19:51,800 --> 01:19:54,600 listeners, you can Follow us on Twitter and please leave us a 1322 01:19:54,608 --> 01:19:57,400 review on iTunes helps people find the show and we're always 1323 01:19:57,400 --> 01:20:00,300 happy to read them. The thanks so much and we look 1324 01:20:00,300 --> 01:20:01,500 forward to being back next week.