Thomas Ptacek

Posts byThomas Ptacek

You should know about Server-Side Request Forgery

This is a post about the most dangerous vulnerability most web applications face, one step that we took at Fly to...

Read more

Building clusters with serf, my new favorite thing

Assume for a second we’d like to see what happens when a web page loads in a browser in Singapore. Easy enough; Fly...

Read more

IPv6 WireGuard Peering

Fly.io transforms containers into swarms of fast-booting VMs and runs them close to users. Now you can connect those...

Read more

Incoming! 6PN Private Networks

More often than not, modern applications are really ensembles of cooperating services, running independently and...

Read more

BPF, XDP, Packet Filters and UDP

Imagine for a moment that you run a content distribution network for Docker containers. You take arbitrary applications...

Read more

Sandboxing and Workload Isolation

Workload isolation makes it harder for a vulnerability in one service to compromise every other part of the platform...

Read more

How CDNs Generate Certificates

It’s been a hectic first couple of weeks at Fly, and I’m writing things up as I go along, because if I have to learn...

Read more