Matt Bullock

😂😂😂

@LakeAustinBlvd IT IS THE BEST! I almost prefer this to having a public holiday.

euro office on an American holiday is an s-tier workday. long form writing nirvana. easily beats long haul flight workday. just a handful of meetings (cigarette and coffee breaks), chat is deadly quiet, anything is possible

@MichaelTremante I cannot wait for you to use your keyboard for you to finally respond to my messages…..😄

My keyboard keys have started turning orange!

@LakeAustinBlvd What about tour fav PM 👋…. I cannot for you to respond with, “Who @irvinebroque”

watching your favorite engineer use ai-agents to automate more and more of their work and interactions each day

@darkmembo @TheNoahHein @threepointone @opencode

@mibullock @TheNoahHein @threepointone @opencode sorry to break it to you - claude got my back

I saw @darkmembo's chat and got a heart attack with all the unreads, the guy gets ddosed by everyone. so I asked "how do you even organise this"; he opened up a terminal with @opencode and typed "what's next". connected to all his tools mail chat services etc. amazed.

@darkmembo @TheNoahHein @threepointone @opencode I may have done this to you + asked it to update your agent so that I am always P1.

@TheNoahHein @threepointone @opencode winners mindset

Me and my first week using @opencode….

@threepointone Me in my next 1-1

bro I feel you

Yesterday a quasi-judicial body in Italy fined @Cloudflare $17 million for failing to go along with their scheme to censor the Internet. The scheme, which even the EU has called concerning, required us within a mere 30 minutes of notification to fully censor from the Internet any sites a shadowy cabal of European media elites deemed against their interests. No judicial oversight. No due process. No appeal. No transparency. It required us to not just remove customers, but also censor our 1.1.1.1 DNS resolver meaning it risked blacking out any site on the Internet. And it required us not just to censor the content in Italy but globally. In other words, Italy insists a shadowy, European media cabal should be able to dictate what is and is not allowed online. That, of course, is DISGUSTING and even before yesterday’s fine we had multiple legal challenges pending against the underlying scheme. We, of course, will now fight the unjust fine. Not just because it’s wrong for us but because it is wrong for democratic values. In addition, we are considering the following actions: 1) discontinuing the millions of dollars in pro bono cyber security services we are providing the upcoming Milano-Cortina Olympics; 2) discontinuing Cloudflare’s Free cyber security services for any Italy-based users; 3) removing all servers from Italian cities; and 4) terminating all plans to build an Italian Cloudflare office or make any investments in the country. Play stupid games, win stupid prizes. While there are things I would handle differently than the current U.S. administration, I appreciate @JDVance taking a leadership role in recognizing this type of regulation is a fundamental unfair trade issue that also threatens democratic values. And in this case @ElonMusk is right: #FreeSpeech is critical and under attack from an out-of-touch cabal of very disturbed European policy makers. I will be in DC first thing next week to discuss this with U.S. administration officials and I’ll be meeting with the IOC in Lausanne shortly after to outline the risk to the Olympic Games if @Cloudflare withdraws our cyber security protection. In the meantime, we remain happy to discuss this with Italian government officials who, so far, have been unwilling to engage beyond issuing fines. We believe Italy, like all countries, has a right to regulate the content on networks inside its borders. But they must do so following the Rule of Law and principles of Due Process. And Italy certainly has no right to regulate what is and is not allowed on the Internet in the United States, the United Kingdom, Canada, China, Brazil, India or anywhere outside its borders. THIS IS AN IMPORTANT FIGHT AND WE WILL WIN!!!

I see Encrypted ClientHello (ECH) is trending with confusion. Here's some facts: ECH and VPNs are apples and bananas. Not even close. Do not use a (public) VPN to replace ECH. ECH tends to incentivize centralization. The more sites are behind a single ECH config, or public domain name, the more privacy it offers (in theory). This is why CDNs like Cloudflare can deploy ECH to great effect. Personal servers with 2-3 sites on them? Not so much. (Since IP addresses are NOT hidden with ECH.) ECH encrypts an "inner" TLS ClientHello using an "outer" ClientHello. The inner one is the "real" one containing the sensitive data like the true domain name, and the outer one contains only public information that is shared by all clients. The spec is basically done, not technically finalized yet. No significant changes expected. Web servers also need to be built and configured to support ECH. Most don't support this out-of-the-box. (@caddyserver does, with a DNS plugin for your provider.) Even when a server enables ECH, clients won't know how to use it unless you distribute your ECH configs, which includes the public keys. In practice, this is done by publishing a DNS record, since clients do DNS lookups for IP addresses anyway. DNS is plaintext. Womp womp. Thus, in practice, ECH will only work when clients/browsers are configured to use encrypted DNS (such as DNS-over-HTTPS or DNS-over-TLS). Yes, the circular dependency is somewhat ironic. Simply setting your DNS resolver to Cloudflare (1.1.1.1) or similar will not use ECH. Actually, your DNS resolver doesn't matter. It just has to be encrypted. In at least some browsers, like Chrome, you also have to set a feature flag to enable ECH. Then, you need to make sure you clear your DNS cache, particularly the one in your browser, to ensure it picks up the ECH keys from DNS records. In summary: Enable DNS-over-TLS/HTTPS in your browser (and clear its DNS cache). Set feature flag if applicable. That's it. It will take time before most sites support ECH. Do not rely on it generally yet. But a proper ECH implementation should never leak the true server name in the clear on the wire. Even if there's an issue with the ECH config the client uses (because, maybe the server updated its keys and the client got out of sync), the protocol has a way to resolve that securely if the implementation of ECH is good on both the client and server. There's a lot more to ECH you can learn about, start here: #encrypted-clienthello-ech" target="_blank" rel="nofollow noopener">caddyserver.com/docs/automatic…

Our local GitLab server has been under attack by @AnthropicAI, @Google, @OVHcloud and more! These companies have been hammering our GitLab server, trying to scrape every Haskell commit we made in our lab, resulting in the whole server becoming unresponsive! This is only today!

@appfactory @CFchangelog Thanks for the feedback! I think I need to curate some better dev docs with more working examples. Future we want to integrate Cloudy our AI assistant to help across all rulesets and not just Firewall.

@mibullock @CFchangelog Hey! I would love to see an example of how one creates a ruleset for something like this: > route high latency requests to alternative origins when needed. I should probably just search for it!

Fine-tune your Cloudflare Rules with new TCP-based fields! 🚀 Now you can build policies based on TCP usage & latency (RTT). Optimize routing & understand your traffic like never before. 💡 developers.cloudflare.com/changelog/2025…

@appfactory @CFchangelog Hey 👋🏻 what would you like to see? How we calculate our timing fields or something else ☺️

@CFchangelog I would love to see an example or blog on how this works!

I missed the @Cloudflare earnings call last night did we rebrand?

@ravi_j8 @irvinebroque I have backlogged feature requests for 512kb…..

@irvinebroque @mibullock 128kb is a loooottt!!!!!

if you have 128kb of headers on an HTTP request I have a lot of questions for you but it now just works on Cloudflare thanks to @mibullock

@eastdakota @MDembo spotted you a mile away! @gwenstefani superfan😀

I am struck that it’s an odd path I’ve taken to running a nightclub.

FL2 is just getting started ✨ 10 ms faster, 25% better, and a foundation for what comes next. #BirthdayWeek cfl.re/4h1Jhst

@stinkynerdx @dok2001 @TweetsofTejas If we do still gate it in Transform rules then we should just remove it @dok2001?

@dok2001 @TweetsofTejas The header is business or enterprise only

I want to know what our India customers want?

@GalahadXVI @Cloudflare @CloudflareDev @eastdakota HI Mike, I came across this thread and have escalated to the relevant team who are investigating now. Apologies for responses and delay.

@Cloudflare @CloudflareDev @eastdakota My best guess is something changed at the end of July where unique image transformations stopped being billed under the old legacy plan (before CF Images). But I can’t know for sure -- because Cloudflare closed my ticket without giving any details.

Be very cautious with @Cloudflare . Their support is basically non-existent. If your bill suddenly spikes, even with nothing to indicate any changes on your end, good luck getting help.