Thibault Meunier, writing on the Cloudflare blog:

We want to get rid of CAPTCHAs completely. The idea is rather simple: a real human should be able to touch or look at their device to prove they are human, without revealing their identity. We want you to be able to prove that you are human without revealing which human you are! You may ask if this is even possible? And the answer is: Yes! We’re starting with trusted USB keys (like YubiKey) that have been around for a while, but increasingly phones and computers come equipped with this ability by default.

Let’s face it, CAPTCHAs are annoying. I may have clicked on thousands of little photos of traffic lights so far, and it’s been an annoyance every single time.

If you have a YubiKey, you can try out the flow on https://cloudflarechallenge.com — a test website setup by Cloudflare.

I’d love to see where this initiative goes.

Ax Sharma, writing for BleepingComputer:

A large BGP routing leak that occurred last night disrupted the connectivity for thousands of major networks and websites around the world.

Although the BGP routing leak occurred in Vodafone’s autonomous network (AS55410) based in India, it has impacted U.S. companies, including Google, according to sources.

You should also read Anurag Bhatia’s fantastic analysis here.

Time and again, these companies prove that initiatives like this one and this one need to be taken a lot more seriously for the Internet to become a better place.

Bron Gondwana, CEO of FastMail, explains on the company blog why “Now more than ever, it’s time for email.

He says,

Through all the interruptions and turmoil in your life, email is a constant. Everyone has email, and every email system can email every other. It lets us stay connected, but doesn’t demand an immediate response. You can read it in your own time, and have the space to craft a thoughtful reply.

The beauty of Email is that you can use it in your own way. While it’s a great form of asynchronous communication, it’s also a fantastic tool for collaborating with your team and getting work done much faster. At Readdle, we have been working on some exceptional new things for Spark that we can’t wait to show you.

I have been using FastMail as my primary email service provider for several years now, and it is worth every $$. It’s great to see an email service so focused on privacy and core email experience. FastMail has been rock solid over the years and I urge you to consider it. If you sign up using this link, you’ll get 10% off.

Backblaze has just announced that it’s cloud storage service B2 is getting S3 compatible APIs. This is a massive release that makes the low-cost service compatible with tons of products, services, plugins, and apps out there.

For reference, B2 pricing starts at just $0.005/GB/month compared to $0.021/GB/month offered by Amazon.

Jacob Kastrenakes has a lovely article up on The Verge explaining the new 6GHz Wi-Fi and what is means to consumers. If you remember, 6GHz Wi-Fi was supposed to be named Wi-Fi 6, but as it turns out, sensible naming for technology is a very rare trait.

Devices are expected to start supporting 6GHz Wi-Fi by the end of 2020, so its implementation isn’t far away. When it arrives, expect to see it branded under the name “Wi-Fi 6E.”

Realistically speaking, Wi-Fi 6 devices won’t be common till 2022 at least.

But what exactly is Wi-Fi 6E? Jacob explains:

To get a little more specific, the FCC is opening up 1,200MHz of spectrum in the 6GHz band. For the past two decades, Wi-Fi has been operating with roughly 400MHz of spectrum, and all available channels had to be split up within that limited space. Channels on the 6GHz band are expected to be 160MHz each in size. Only two channels at that size could fit inside the currently available airspace.

This sounds exciting. As someone who lives in an over-populated vertical city like Mumbai, I’m stoked. I currently use 3 Netgear Orbi devices in my house, and will happily switch to whatever reasonable 6E range Netgear releases in India.

Mark Gurman, Debby Wu, and Ian King writing for Bloomberg:

[Apple] is working on three of its own Mac processors, known as systems-on-a-chip, based on the A14 processor in the next iPhone. The first of these will be much faster than the processors in the iPhone and iPad, the people said.

Apple is preparing to release at least one Mac with its own chip next year, according to the people.

ARM-based Macs have been rumored for a long time, but Bloomberg’s team has some exciting news:

The first Mac processors will have eight high-performance cores, codenamed Firestorm, and at least four energy-efficient cores, known internally as Icestorm. Apple is exploring Mac processors with more than 12 cores for further in the future, the people said.

Imagine a world where running 12+ cores is common.

Is BGP Safe Yet? Cloudflare Launches Website to Check Whether your ISP Prevents Route Leaks & Hijacks

Louis Poinsignon writes on the Cloudflare blog:

BGP leaks and hijacks have been accepted as an unavoidable part of the Internet for far too long. We relied on protection at the upper layers like TLS and DNSSEC to ensure an untampered delivery of packets, but a hijacked route often results in an unreachable IP address. Which results in an Internet outage. 

The Internet is too vital to allow this known problem to continue any longer. It’s time networks prevented leaks and hijacks from having any impact. It’s time to make BGP safe. No more excuses.

In June 2019, large parts of the Internet were put offline for no fault of theirs, thanks to Verizon — just one of the many hundreds of Internet Service Providers across the world who do not have security practices and filtering in place to prevent such a thing from happening.

Tom Strickx wrote on the Cloudflare blog back then:

Today at 10:30UTC, the Internet had a small heart attack. A small company in Northern Pennsylvania became a preferred path of many Internet routes through Verizon (AS701), a major Internet transit provider. This was the equivalent of Waze routing an entire freeway down a neighborhood street — resulting in many websites on Cloudflare, and many other providers, to be unavailable from large parts of the Internet. This should never have happened because Verizon should never have forwarded those routes to the rest of the Internet. To understand why, read on.

And this sort of thing happens a lot. And it isn’t just an inconvenience, it can also cause tremendous damage. Lily Hay Newman, writing for Wired, says:

BGP disruptions happen frequently, generally by accident. But BGP can also be hijacked for large-scale spying, data interception, or as a sort of denial of service attack. Just last week, United States Executive Branch agencies moved to block China Telecom from offering services in the US, because of allegedly malicious activity that includes BGP attacks. 

To make this internet a better place for everyone, Cloudflare has today launched an effort to push ISPs to implement checks and filtering to prevent BGP leaks & hijacks. The company has launched IsBGPSafeYet.com, a website that lets you check whether your Internet Service Provider (ISP) or broadband provider has BGP filtering in place or not. You can run the test in your browser and get instant results.


Indian ISPs Fail the Test

I ran the test for my ISPs Jio & ION and both of them failed the test. I also asked a few of my friends to run the test on their respective ISPs, and so far all Indian ISPs are failing the test. Here’s a non-exhaustive list:

Indian ISPs Failing the Test:

If you’re using any of the above ISPs, let them know.

If you’re in India, please run the test on IsBGPSafeYet.com in your browser and let me know on Twitter, so I can update this list.

Sebastiaan de With & Ben Sandofsky, makers of the insanely good camera apps for iPhone — Halide & Spectre, have just published their deep-dive and Technical Readout of the LIDAR sensor and the read cameras on the new 2020 iPad Pros.

A fantastic look at the new LIDAR sensor, its capabilities, and (current) possibilities. I sure hope Apple has some big plans for it in the near future, and doesn’t just intend to use it for their AR push.

Don’t miss the QnA at the end.