Is BGP Safe Yet? Cloudflare Launches Website to Check Whether your ISP Prevents Route Leaks & Hijacks

Louis Poinsignon writes on the Cloudflare blog:

BGP leaks and hijacks have been accepted as an unavoidable part of the Internet for far too long. We relied on protection at the upper layers like TLS and DNSSEC to ensure an untampered delivery of packets, but a hijacked route often results in an unreachable IP address. Which results in an Internet outage. 

The Internet is too vital to allow this known problem to continue any longer. It’s time networks prevented leaks and hijacks from having any impact. It’s time to make BGP safe. No more excuses.

In June 2019, large parts of the Internet were put offline for no fault of theirs, thanks to Verizon — just one of the many hundreds of Internet Service Providers across the world who do not have security practices and filtering in place to prevent such a thing from happening.

Tom Strickx wrote on the Cloudflare blog back then:

Today at 10:30UTC, the Internet had a small heart attack. A small company in Northern Pennsylvania became a preferred path of many Internet routes through Verizon (AS701), a major Internet transit provider. This was the equivalent of Waze routing an entire freeway down a neighborhood street — resulting in many websites on Cloudflare, and many other providers, to be unavailable from large parts of the Internet. This should never have happened because Verizon should never have forwarded those routes to the rest of the Internet. To understand why, read on.

And this sort of thing happens a lot. And it isn’t just an inconvenience, it can also cause tremendous damage. Lily Hay Newman, writing for Wired, says:

BGP disruptions happen frequently, generally by accident. But BGP can also be hijacked for large-scale spying, data interception, or as a sort of denial of service attack. Just last week, United States Executive Branch agencies moved to block China Telecom from offering services in the US, because of allegedly malicious activity that includes BGP attacks. 

To make this internet a better place for everyone, Cloudflare has today launched an effort to push ISPs to implement checks and filtering to prevent BGP leaks & hijacks. The company has launched IsBGPSafeYet.com, a website that lets you check whether your Internet Service Provider (ISP) or broadband provider has BGP filtering in place or not. You can run the test in your browser and get instant results.


Indian ISPs Fail the Test

I ran the test for my ISPs Jio & ION and both of them failed the test. I also asked a few of my friends to run the test on their respective ISPs, and so far all Indian ISPs are failing the test. Here’s a non-exhaustive list:

Indian ISPs Failing the Test:

If you’re using any of the above ISPs, let them know.

If you’re in India, please run the test on IsBGPSafeYet.com in your browser and let me know on Twitter, so I can update this list.

Logitech’s MX Master series of mice is fantastic. I started using them with the MX Master 2 and I’m currently using the MX Master 2s. These mice are almost perfect. They’re —

  • Great at Comfort
  • Great at Customizability
  • Great at Performance
  • Great at Battery Life
  • But, Terrible at the ability to Last Long.

That’s right. There are numerous reports on the web about these mice dying on people. Logitech’s MX Master mice keep dying on me like a herd of sheep gracing on top of a steep cliff. I’ve had to go trough 3 different MX Master 2 and this is my second MX Master 2s. I am waiting to see how the MX Master 3 performs for everyone.

I haven’t purchased one yet, because it’s not yet available in India and it’s going to be a few more months before it arrives, due to the COVID-19 pandemic. I’ll wait.

Apple has posted a new job listing on its ‘Jobs at Apple’ website for a Environmental Initiatives Program Manager focused on India and the Middle East.

The main focus of this position is on tracking, monitoring and implementation of environmental regulations in India and the Middle East, establishing relationships to key internal and external partners, and identifying and developing leadership opportunities for Apple in the field of environmental responsibility.

The position is located at Apple India’s offices in Gurugram, India and has a long list of key qualifications.

Apple has just posted a new position on their Jobs at Apple portal for Bengaluru, India.

The AppleCare Digital team is looking for a smart and passionate person to join our team as a content Taxonomist. You’ll help build a world-class, intuitive, and comprehensive taxonomy to help optimize solution\information discovery when searching and browsing our digital channels. You will help build taxonomies for Product\Services, Geo, Channels, OS etc.

This team services more than 3 billion customers a year across a broad range of digital platforms. The organization is responsible for all support and service of digital content, web assets, customer tools and apps, communities, analytics, SEO and social media. We are the highest volume post sales support function in Apple and carry out to the highest standard of quality and innovation on behalf of our customers worldwide.

Interesting position, but I’m not sure why they had to use backslashes in the summary above.

Aditi Singh, writing for Bar and Bench:

[…] Spotify had approached Saregama to get a license for streaming the latter company’s musical works on its platform. The negotiation talks between the parties also began and the terms of the license were discussed. Subsequently, on Spotify’s request, Saregama also provided copyright of its work a month prior to the launch of Spotify in India.

The license agreement, however, could not be finalized and Saregama requested Spotify to block all of its work on the app..

Spotify India already doesn’t have any of Warner Music content, and this is only going to make its library less appealing.

Mozilla has published a statement on their Open Policy and Advocacy blog about the recent report that it is possible to purchase a cracked software for as little as ₹2000 (US$30) to get ‘write’ rights to the Aadhaar database, allowing you to update any information in there without any kind of verification or checks.

The official Mozilla statement is as follows:

Mozilla is deeply alarmed by recent reports that it is possible to purchase editing rights to the Aadhaar database for a mere 2,000 rupees.

Mozilla has long argued that the Aadhaar lacks critical safeguards. With the demographic data reportedly compromised, it is hard to see how Aadhaar can be trusted for authentication. Access to myriad vital public and private services which require Aadhaar for more than a billion Indians is now at risk.

Mozilla calls for the UIDAI to close these glaring security loopholes, and to engage an independent firm to do a security audit of the Aadhaar. We further call on the Justice Srikrishna Committee and the Government of India to ensure that the forthcoming data protection bill strongly protects Indians, including from the privacy and security harms that they’ve already suffered from Aadhaar.

Apple is Hiring for 9 Different Positions for the Apple Online Store Engineering team in Hyderabad

Apple has updated its Jobs portal with a listing of 9 new available positions for its Apple Online Store (AOS) Engineering team based at its new development campus in Hyderabad, India. These listings were posted on the portal late evening yesterday, just days after the Indian Government approved 100% Foreign Direct Investment for Single-Brand Retail in the country, signaling a major win for Apple, who has been trying to open its own stores in India for a little over 3 years now.

Apple India is hiring for the following positions for the Apple Online Store team in Hyderabad:

  • Software Engineering Manager
  • Machine Learning Engineer
  • Software Engineer
  • Senior Software Engineer
  • Software Engineer in Test
  • DevOps Engineer
  • Engineering Project Manager
  • Platform Engineer
  • Senior Tech Lead

Some of the job descriptions included with these postings:

Today, the Apple Online Store (AOS) provides one of the best multichannel commerce experiences in the world, and operates in 37 countries worldwide.

At AOS, its Engineering team is responsible for the global eCommerce platform that serves millions of customers around the world. We are a team highly skilled Software Engineering Managers, Engineers, Analysts and Project Managers based in Cupertino, London and Singapore.

These nine job listings are specifically for the Apple Online Store Engineering team. There are other available positions currently listed for other teams and other departments, but these 9 jobs were all posted together late yesterday evening.

This development may or may not mean that Apple is preparing to launch an Apple Online Store in India, but one care surely hope. Whatever be the case, what’s certain is Apple is expanding its Apple Online Store Engineering team in Hyderabad, along with its Site Reliability Engineering team, Information Systems & Technology team, the Strategic Data Solutions department, and of course, the Apple Maps team.

Dinakar Peri and Josy Joseph, reporting for The Hindu:

Arihant’s propulsion compartment was damaged after water entered it, according to details available with The Hindu. A naval source said water rushed in as a hatch on the rear side was left open by mistake while it was at harbour.

Oops!