Is BGP Safe Yet? Cloudflare Launches Website to Check Whether your ISP Prevents Route Leaks & Hijacks

Louis Poinsignon writes on the Cloudflare blog:

BGP leaks and hijacks have been accepted as an unavoidable part of the Internet for far too long. We relied on protection at the upper layers like TLS and DNSSEC to ensure an untampered delivery of packets, but a hijacked route often results in an unreachable IP address. Which results in an Internet outage. 

The Internet is too vital to allow this known problem to continue any longer. It’s time networks prevented leaks and hijacks from having any impact. It’s time to make BGP safe. No more excuses.

In June 2019, large parts of the Internet were put offline for no fault of theirs, thanks to Verizon — just one of the many hundreds of Internet Service Providers across the world who do not have security practices and filtering in place to prevent such a thing from happening.

Tom Strickx wrote on the Cloudflare blog back then:

Today at 10:30UTC, the Internet had a small heart attack. A small company in Northern Pennsylvania became a preferred path of many Internet routes through Verizon (AS701), a major Internet transit provider. This was the equivalent of Waze routing an entire freeway down a neighborhood street — resulting in many websites on Cloudflare, and many other providers, to be unavailable from large parts of the Internet. This should never have happened because Verizon should never have forwarded those routes to the rest of the Internet. To understand why, read on.

And this sort of thing happens a lot. And it isn’t just an inconvenience, it can also cause tremendous damage. Lily Hay Newman, writing for Wired, says:

BGP disruptions happen frequently, generally by accident. But BGP can also be hijacked for large-scale spying, data interception, or as a sort of denial of service attack. Just last week, United States Executive Branch agencies moved to block China Telecom from offering services in the US, because of allegedly malicious activity that includes BGP attacks. 

To make this internet a better place for everyone, Cloudflare has today launched an effort to push ISPs to implement checks and filtering to prevent BGP leaks & hijacks. The company has launched IsBGPSafeYet.com, a website that lets you check whether your Internet Service Provider (ISP) or broadband provider has BGP filtering in place or not. You can run the test in your browser and get instant results.

Check Your ISP on IsBGPSafeYet.com →

Indian ISPs Fail the Test

I ran the test for my ISPs Jio & ION and both of them failed the test. I also asked a few of my friends to run the test on their respective ISPs, and so far all Indian ISPs are failing the test. Here’s a non-exhaustive list:

Indian ISPs Failing the Test:

If you’re using any of the above ISPs, let them know.

If you’re in India, please run the test on IsBGPSafeYet.com in your browser and let me know on Twitter, so I can update this list.

April 18, 2020 ✚ Permalink

Modernist Sandcastles

Artist Calvin Seibert grew up on a ski resort strongly influenced by brutalist architecture in 1960s Colorado. 

“The construction sites were never fenced in, so they were great places to play and always had piles of sand,” he says. Later, after studying at the School of Visual Arts in New York, Seibert began making modernist sandcastles.

April 13, 2020 ✚ Permalink

The Morning Show Producers Feel Early Reviews Were an 'Attack on Apple'

Julia Alexander, writing for The Verge:

Early reviews for The Morning Show weren’t exactly positive, and executive producers Kerry Ehrin and Mimi Leder believe a lot of the feedback was an “attack on Apple.”

Both Leder and Ehrin felt like critics were reviewing Apple TV Plus as a service, and looping in The Morning Show with those critiques.

The Apple TV+ service launched with much hype and marketing around four shows — The Morning Show, For All Mankind, See, and Dickinson. I haven’t yet seen See or For All Mankind, but Dickinson and The Morning Show both look fabulous. I personally like watching The Morning Show, but that’s largely due to the star cast it has and the cinematography/direction, not because of its writing. I can see why the reviews were bad.

But to say that the reviews were an attack on Apple? Ha!

November 20, 2019 ✚ Permalink

Mubi Launches in India

Mubi is a streaming service that is known for its sparse-but-meaningful catalog of films, has become available in India, reports Manish Singh for Techcrunch.

The London-headquartered firm is offering a three-month subscription in India at Rs 199 ($2.8), after which it would charge $7 a month or $67 a year (this way, the monthly cost works out to about $5.5). This is substantially lower than the £9.99 monthly subscription fee it charges to subscribers in the U.K., and the $10.99 it charges in the U.S.

I first learned about Mubi through a comment on some random Reddit thread. Mubi has made a name for itself by curating a small collection of critically acclaimed films in its catalog — a catalog that refreshes every few weeks.

I’ve been wanting to try out Mubi for a while now, but never really pushed the lever owing to its high subscription price. Now that it has arrived in India with a low entry barrier (and it also has a nice app for Apple TV), I might just take the plunge.

November 19, 2019 ✚ Permalink

Automattic Raises $300 million in Series D

Matt Mullenweg, writing on his personal blog about Automattic’s latest Series D round from Salesforce Ventures at a $3 billion valuation.

For Automattic, the funding will allow us to accelerate our roadmap (perhaps by double) and scale up our existing products—including WordPress.com, WordPress VIP, WooCommerce, Jetpack, and (in a few days when it closes) Tumblr. It will also allow us to increase investing our time and energy into the future of the open source WordPress and Gutenberg.

Automattic has long been one of my most revered companies on the internet. The way WordPress has evolved over the years, complimented by products like Jetpack and VaultPress, it truly remarkable.

And so, I’ve been very excited to see what the Automattic team does with its Tumblr acquisition. Tumblr was known to have phenomenal potential back in the day, and with the right team running it now, I long to see where the product goes. At the bare minimum, I hope Tumblr can act as an alternative or replacement to Instagram, which Facebook has already ruined with too many ads.

September 19, 2019 ✚ Permalink

Facebook's Banned App Snooped on 156,000 Indian Users

Zack Whittaker, reports for TechCrunch how Facebook, through its banned Research app, was able to obtain the personal and sensitive device data of about 187,000 users.

He writes:

The social media giant said in a letter to Sen. Richard Blumenthal’s office — which TechCrunch obtained — that it collected data on 31,000 users in the U.S., including 4,300 teenagers. The rest of the collected data came from users in India.

Read that carefully. Of the 187,000 users that Facebook snooped data from, (only) 31,000 were from the U.S. The rest of the users were from India, which makes it about 156,000 users. According to the letter obtained by TechCrunch, a whopping 34,000 users were between the ages of 13 and 17, of which 4,300 were from the US, which means close to a whopping 30,000 users from India whose data Facebook was snoop ing on were underage.

These “research” apps relied on willing participants to download the app from outside the app store and use the Apple-issued developer certificates to install the apps. Then, the apps would install a root network certificate, allowing the app to collect all the data out of the device — like web browsing histories, encrypted messages and mobile app activity — potentially also including data from their friends — for competitive analysis.

The fact that Facebook collected data from over 1.5 Lakh Indian users, of which close to 30,000 users were between 13 and 17 years of age, is truly mind-boggling.

June 13, 2019 ✚ Permalink

WordPress Now Powers 1/3rd of the Web

Joost de Valk, writing on the WordPress.org blog:

WordPress now powers over 1/3rd of the top 10 million sites on the web according to W3Techs. Our market share has been growing steadily over the last few years, going from 29.9% just one year ago to 33.4% now. We are, of course, quite proud of these numbers!

and

Over the years WordPress has become the CMS of choice for more and more people and companies. As various businesses use WordPress, the variety of WordPress sites grows. Large enterprise businesses all the way down to small local businesses: all of them use WordPress to power their site. We love seeing that and we strive to continuously make WordPress better for all of you.

So stoked to see the rise of WordPress.

March 20, 2019 ✚ Permalink

Backblaze Raises its Subscription Prices, But it’s Still Well Worth It

Let’s face it — Backups are IMPORTANT.

There are no two ways of looking at it. You either have backups, or you’re fucked! If not today, then tomorrow.

Without backups, you’re living a risky life that doesn’t value the data you have. Your important files, photos of your loved ones, client files, app preferences, the files you’ve downloaded over the years — they’ll all be gone one day if you don’t have backups.

I have been using Backblaze — a popular online backup service, for many years now. Backblaze has been providing unlimited personal backup service for $5/mon. Whether you have a Mac or a PC, whether you have a measly 128GB SSD in your Mac or whether your PC is stuffed with Muti-terabytes of Hard Drives, Backblaze will back it all up for just $5/month or $50/year. Not only can you do a full restore of your backup — via multiple reliable methods — in the event of a horrible data loss, but you can also log into the website to browse and download individual files, remotely, whenever you want.

These are easily the best $5 you’ll spend in a month to get a feature-rich and reliable backup service for your computer. If you’re in India, that’s less than ₹10 a day, or about the cost of a cutting chaai.

Earlier this week, Gleb Budman — Co-Founder and CEO of Backblaze — announced some changes to the subscription pricing of Backblaze, starting next month. The company is raising the prices of the subscription by $1 month — that’s right, by a dollar.

Monthly Plan: $5 → $6
Yearly Plan: $50 → $60
Two-Year Plan: $100 → $110

This is the first change in pricing since the launch of the service in 2008, over 10 years ago.

Gleb explains why they had to raise the subscription:

The short answer is that we have enhanced the service in many ways and storage costs have gone up. We have continually removed impediments to getting data backed up — no file size restrictions, speeding up uploads, all while data sets have grown larger and larger. We’ve worked hard to avoid raising our prices, which resulted in some great storage innovations and has allowed us to keep our original prices for more than a decade. By making this decision now, we are ensuring we can continue to offer unlimited backup and keep improving our Computer Backup service. I’d like to go into further detail on the two primary sources of our increased costs: 1) enhancements to the service, and 2) the market cost of storage.

Even at $6/m, Backblaze is a fantastic purchase that everyone should be using. Take a look at some of the comments by customers on the blog post announcing this change. People sure are crazy!

If you still aren’t convinced, here are my top three reasons why Backblaze is worth it!

  1. You get Unlimited Backups. I’m currently backing up close to 12TBs of data to the service.
  2. You can Remotely Access and Download any file or folder from your backed up data, using their website. They even give you mobile apps to download files up to 5GB.
  3. You get Native Apps for your Mac or PC that comes with a whole bunch of features to help you efficiently upload your data. You can throttle your uploads depending on how much bandwidth you have or want the app to use, and you’ll need this for that initial batch of uploads.
  4. You can Offload Files to B2 for permanent storage and free up space from your computer. This is especially useful if you work with video projects and have old archival data. Sure, additional B2 pricing applies, but it’s super cheap.

If you aren’t already using Backblaze, do sign up using this link and you’ll get a whole month of Backblaze for Free.

February 15, 2019 ✚ Permalink