Lucas Pardue
@simmervig.org
Protocol nerd at Cloudflare. QUIC WG co-chair. Thoughts belong to me.
HTTP/2-based DoS attacks are here to stay. Many implementations are hardened to them. Quirky behaviour can trigger defenses and cause ENHANCE_YOUR_CALM.
Read one of my latest trips down a debugging rabbit hole.
blog.cloudflare.com/go-and-enhan...
Read one of my latest trips down a debugging rabbit hole.
blog.cloudflare.com/go-and-enhan...
Go and enhance your calm- demolishing an HTTP:2 interop problem
HTTP/2 implementations often respond to suspected attacks by closing the connection with an ENHANCE_YOUR_CALM error code. Learn how a common pattern of using Go's HTTP/2 client can lead to unintended ...
blog.cloudflare.com
October 31, 2025 at 1:37 PM
HTTP/2-based DoS attacks are here to stay. Many implementations are hardened to them. Quirky behaviour can trigger defenses and cause ENHANCE_YOUR_CALM.
Read one of my latest trips down a debugging rabbit hole.
blog.cloudflare.com/go-and-enhan...
Read one of my latest trips down a debugging rabbit hole.
blog.cloudflare.com/go-and-enhan...
Reposted by Lucas Pardue
Glad to announce that my team at @cloudflare.social released a 1.0.0 version of a cross-browser web performance testing agent that supports
Chrome, Firefox, Safari and Edge.
Thank you to @tkadlec.bsky.social for making it happen and writing most of the code so far!
github.com/cloudflare/t...
Chrome, Firefox, Safari and Edge.
Thank you to @tkadlec.bsky.social for making it happen and writing most of the code so far!
github.com/cloudflare/t...
GitHub - cloudflare/telescope: Cross-browser web performance testing agent
Cross-browser web performance testing agent. Contribute to cloudflare/telescope development by creating an account on GitHub.
github.com
October 30, 2025 at 2:32 PM
Glad to announce that my team at @cloudflare.social released a 1.0.0 version of a cross-browser web performance testing agent that supports
Chrome, Firefox, Safari and Edge.
Thank you to @tkadlec.bsky.social for making it happen and writing most of the code so far!
github.com/cloudflare/t...
Chrome, Firefox, Safari and Edge.
Thank you to @tkadlec.bsky.social for making it happen and writing most of the code so far!
github.com/cloudflare/t...
About 6 months ago Louis Navarre reached out to report some DoS-related vulnerabilities in quiche's ack processing. We fixed it up and saw no evidence that the vulnerabilities had been exploited. Check out the deep dive blog post: blog.cloudflare.com/defending-qu...
Defending QUIC from acknowledgement-based DDoS attacks
We identified and patched two DDoS vulnerabilities in our QUIC implementation related to packet acknowledgements. Cloudflare customers were not affected. We examine the
blog.cloudflare.com
October 29, 2025 at 6:01 PM
About 6 months ago Louis Navarre reached out to report some DoS-related vulnerabilities in quiche's ack processing. We fixed it up and saw no evidence that the vulnerabilities had been exploited. Check out the deep dive blog post: blog.cloudflare.com/defending-qu...
Reposted by Lucas Pardue
Some news..
blog.cloudflare.com/moq/
blog.cloudflare.com/moq/
MoQ: Refactoring the Internet's real-time media stack
For years, developers have been stitching together multiple protocols for real-time media, trading latency for scale and simplicity. Media over QUIC (MoQ) is a new IETF standard that resolves this con...
blog.cloudflare.com
August 22, 2025 at 1:17 PM
Some news..
blog.cloudflare.com/moq/
blog.cloudflare.com/moq/
It would be funny it wasn't actually true
In the UK, the water shortage is so bad that the government is urging citizens to help save water by deleting old emails. It really helps lighten the load on water hungry datacenters, you see.
🔗 www.404media.co/uk-asks-peop...
🔗 www.404media.co/uk-asks-peop...
August 12, 2025 at 8:21 PM
It would be funny it wasn't actually true
Watching Usyk vs. Dubois squashed into a sports bar booth in Porto with 4 randoms, 2 from London, 2 from Ukraine, was not on the bingo card. But it all worked out.
July 19, 2025 at 11:08 PM
Watching Usyk vs. Dubois squashed into a sports bar booth in Porto with 4 randoms, 2 from London, 2 from Ukraine, was not on the bingo card. But it all worked out.
I can predict how these new age checks are going to go using two pictures
July 16, 2025 at 11:55 AM
I can predict how these new age checks are going to go using two pictures
I've heard of crackpot science.
I guess the future equivalent is grokbot science
I guess the future equivalent is grokbot science
"I’ll go down this thread with GPT or Grok and I’ll start to get to the edge of what’s known in quantum physics and then I’m doing the equivalent of vibe coding, except it’s vibe physics,” said Travis Kalanick, the founder of Uber.
gizmodo.com/billionaires...
gizmodo.com/billionaires...
July 16, 2025 at 9:14 AM
I've heard of crackpot science.
I guess the future equivalent is grokbot science
I guess the future equivalent is grokbot science
I'm excited to announce I'll be at gRPC Conf on August 26 2025 to present how Cloudflare built its gRPC support first launched in 2020, and how we've been adding gRPC over HTTP/3 support lately.
Session details at: grpcconf2025.sched.com/event/26BMY/...
Session details at: grpcconf2025.sched.com/event/26BMY/...
gRPC Conf 2025: Bringing HTTP/3 To gRPC at Cloudflare Sc...
View more about this event at gRPC Conf 2025
grpcconf2025.sched.com
July 9, 2025 at 4:37 PM
I'm excited to announce I'll be at gRPC Conf on August 26 2025 to present how Cloudflare built its gRPC support first launched in 2020, and how we've been adding gRPC over HTTP/3 support lately.
Session details at: grpcconf2025.sched.com/event/26BMY/...
Session details at: grpcconf2025.sched.com/event/26BMY/...
Hot off the press, happy to announce the adoption and publication of datatracker.ietf.org/doc/html/dra...
Unencoded Digest is one of the missing pieces for certain use cases like the W3C signature-based integrity work. Helping to cover cases where encoding and transform independence are paramount
Unencoded Digest is one of the missing pieces for certain use cases like the W3C signature-based integrity work. Helping to cover cases where encoding and transform independence are paramount
HTTP Unencoded Digest
The Repr-Digest and Content-Digest integrity fields are subject to HTTP content coding considerations. There are some use cases that benefit from the unambiguous exchange of integrity digests of unenc...
datatracker.ietf.org
July 7, 2025 at 10:03 PM
Hot off the press, happy to announce the adoption and publication of datatracker.ietf.org/doc/html/dra...
Unencoded Digest is one of the missing pieces for certain use cases like the W3C signature-based integrity work. Helping to cover cases where encoding and transform independence are paramount
Unencoded Digest is one of the missing pieces for certain use cases like the W3C signature-based integrity work. Helping to cover cases where encoding and transform independence are paramount
Reposted by Lucas Pardue
An IRTF Retrospective – in which I reflect upon my time as Chair of the IRTF csperkins.org/standards/20...
Colin Perkins : Standards News : An IRTF Retrospective
csperkins.org
June 16, 2025 at 12:47 PM
An IRTF Retrospective – in which I reflect upon my time as Chair of the IRTF csperkins.org/standards/20...
Wouldn't call it vibe coding but I've been using some AI to add features to throwaway test toys written in Go to Get Shit Done.
Look out for some future updates about the $thing these toys are helping to make robust.
Look out for some future updates about the $thing these toys are helping to make robust.
May 16, 2025 at 11:13 PM
Wouldn't call it vibe coding but I've been using some AI to add features to throwaway test toys written in Go to Get Shit Done.
Look out for some future updates about the $thing these toys are helping to make robust.
Look out for some future updates about the $thing these toys are helping to make robust.
Using Internet standards to improve the the way automed traffic / bots can interact with the world. Namely two methods: HTTP Signatures (RFC 9421) and req mTLS flag (draft-jhoyla-req-mtls-flag)
blog.cloudflare.com/web-bot-auth/
blog.cloudflare.com/web-bot-auth/
Forget IPs: using cryptography to verify bot and agent traffic
Bots now browse like humans. We're proposing bots use cryptographic signatures so that website owners can verify their identity. Explanations and demonstration code can be found within the post.
blog.cloudflare.com
May 15, 2025 at 7:38 PM
Using Internet standards to improve the the way automed traffic / bots can interact with the world. Namely two methods: HTTP Signatures (RFC 9421) and req mTLS flag (draft-jhoyla-req-mtls-flag)
blog.cloudflare.com/web-bot-auth/
blog.cloudflare.com/web-bot-auth/
Enjoying Kagi quite a bit
May 11, 2025 at 8:10 PM
Enjoying Kagi quite a bit
AI slop has gotta stop.
Hysterical* thing with this bullshit report to curl's hackerone (hackerone.com/reports/3125...) "HTTP/3 Stream Dependency Cycle Exploit" is we took great pains to standardize a priortization scheme that entirely did away with stream dependencies.
* not the jovial definition
Hysterical* thing with this bullshit report to curl's hackerone (hackerone.com/reports/3125...) "HTTP/3 Stream Dependency Cycle Exploit" is we took great pains to standardize a priortization scheme that entirely did away with stream dependencies.
* not the jovial definition
Unsupported Browser | HackerOne
hackerone.com
May 9, 2025 at 9:48 PM
AI slop has gotta stop.
Hysterical* thing with this bullshit report to curl's hackerone (hackerone.com/reports/3125...) "HTTP/3 Stream Dependency Cycle Exploit" is we took great pains to standardize a priortization scheme that entirely did away with stream dependencies.
* not the jovial definition
Hysterical* thing with this bullshit report to curl's hackerone (hackerone.com/reports/3125...) "HTTP/3 Stream Dependency Cycle Exploit" is we took great pains to standardize a priortization scheme that entirely did away with stream dependencies.
* not the jovial definition
My team at Cloudflare are hiring mid-level and senior engineers to help us go deep on network protocols (HTTP, QUIC, TLS etc.) as we build and deploy our new Rust-based proxy.
More details (including location) over on LinkedIn: www.linkedin.com/posts/lucasp...
More details (including location) over on LinkedIn: www.linkedin.com/posts/lucasp...
The Cloudflare Protocols team is hiring for a number of roles! Come work… | Lucas Pardue
The Cloudflare Protocols team is hiring for a number of roles! Come work with me and my awesome manager Michelle Torres 🏳️🌈.
We're looking for experienced mid-level and senior engineers to go d...
www.linkedin.com
May 8, 2025 at 1:47 AM
My team at Cloudflare are hiring mid-level and senior engineers to help us go deep on network protocols (HTTP, QUIC, TLS etc.) as we build and deploy our new Rust-based proxy.
More details (including location) over on LinkedIn: www.linkedin.com/posts/lucasp...
More details (including location) over on LinkedIn: www.linkedin.com/posts/lucasp...
Check out this cool shit
Let's #DeepDive into udpgrm, a lightweight daemon for graceful restarts of UDP servers. It leverages SO_REUSEPORT and eBPF to route new and existing flows to the correct server instance. blog.cloudflare.com/quic-restart...
QUIC restarts, slow problems: udpgrm to the rescue
udpgrm is a lightweight daemon for graceful restarts of UDP servers. It leverages SO_REUSEPORT and eBPF to route new and existing flows to the correct server instance. Designed for modern protocols li...
blog.cloudflare.com
May 7, 2025 at 10:54 PM
Check out this cool shit
Gearing up to chair the next QUIC WG meeting be like
April 26, 2025 at 10:35 PM
Gearing up to chair the next QUIC WG meeting be like
April 25, 2025 at 8:31 PM
Welcome back, now fix my stuff plz
Since everyone is sharing updates...
A month ago my former manager messaged me and asked to transfer publishing rights for an old library I worked on while I was at CF.
I was so confused, I did the only logical thing possible and... I'm re-joining @cloudflare.social as a Sr Principal Engineer!
A month ago my former manager messaged me and asked to transfer publishing rights for an old library I worked on while I was at CF.
I was so confused, I did the only logical thing possible and... I'm re-joining @cloudflare.social as a Sr Principal Engineer!
April 14, 2025 at 8:47 PM
Welcome back, now fix my stuff plz
Tomorrow's presentation to the HTTP WG is going to be a hoot
March 20, 2025 at 2:39 PM
Tomorrow's presentation to the HTTP WG is going to be a hoot
Discovered a pinball gem on my local town www.pinballrepublic.com
March 8, 2025 at 5:30 PM
Discovered a pinball gem on my local town www.pinballrepublic.com