Geek Culture and Gadgets

A Broken Piece of Internet Backbone Might Finally Get Fixed

This spring, services from heavy hitters like Google and Facebook seemed glitchy or inaccessible for people worldwide for more than an hour. But it wasn’t a hack, or even a glitch at any one organization. It was the latest mishap to stem from design weaknesses in the “Border Gateway Protocol,” the internet’s foundational, universal routing system. Now, after years of slow progress implementing improvements and safeguards, a coalition of internet infrastructure partners is finally turning a corner in its fight to make BGP more secure.

Today the group known as Mutually Agreed Norms for Routing Security is announcing a task force specifically dedicated to helping “content delivery networks” and other cloud services adopt the filters and cryptographic checks needed to harden BGP. In some ways the step is incremental, given that MANRS has already formed task forces for network operators and what are known as “internet exchange points,” the physical hardware infrastructure where internet service providers and CDNs hand off data to each others’ networks. But that process coming to the cloud represents tangible progress that has been elusive up until now.

“With nearly 600 total participants in MANRS so far, we believe the enthusiasm and hard work of the CDN and cloud providers will encourage other network operators around the globe to improve routing security for us all,” says Aftab Siddiqui, the MANRS project lead and a senior manager of internet technology at the Internet Society.

BGP is often likened to a GPS navigation service for the internet, enabling infrastructure players to swiftly and automatically determine routes for sending and receiving data across the complex digital topography. And like your favorite GPS mapping tool, BGP has quirks and flaws that don’t usually cause problems, but can occasionally land you in major bridge traffic. This happens when entities like internet service providers “advertise a bad route,” sending data on a haphazard, ill-advised journey across the internet and often into oblivion. That’s when web services start to seem like they’re down. And the risks from this BGP insecurity don’t end with service disruptions—the weaknesses can also be exploited intentionally by bad actors to reroute data over networks they control for interception. This practice is known as “BGP hijacking” and has been used by hackers around the world, including by China, for espionage and data theft.

A handful of prominent CDNs have already been vocal about implementing BGP best practices and safeguards in their own systems and promoting them to others. After the so-called route leak in April, for example, Cloudflare launched a tool called “Is BGP Safe Yet?” to give regular web users insight into whether their internet service provider has implemented cryptographic route checks and filters yet. And on Wednesday, Google published an update on its efforts with MANRS to overhaul its own BGP infrastructure and convince industry contacts to do the same.

Organizations like Google and Cloudflare are increasingly motivated to back this change for the overall health of the internet, but also because BGP route leaks that result in outages reflect poorly on them regardless of where the issue actually originates. Those sorts of major organizations are key to driving adoption of these types of voluntary, cooperative technical changes, because they have relationships with infrastructure providers around the world.

“I spent 20 years in financial services doing cybersecurity for big banks, but a little over two years ago I joined Google, because you start to see that the societal dependence on this infrastructure is so great,” says Royal Hansen, vice president of security engineering for Google Cloud. “My leverage was going to be so much bigger at a Google than it would ever be in one enterprise.”

One of the main BGP safeguards MANRS promotes is RPKI, or “Routing Public Key Infrastructure,” a public database of routes that have been cryptographically signed as a testament of their validity. RPKI adoptees publish the routes they offer and check the database to confirm others’ routes, but the system can only eliminate route leaks and outages through universal adoption. If lots of ISPs or other organizations aren’t using it, providers will still need to accept unsigned, meaning unvalidated, routes.

Source link

Geek Culture and Gadgets

The Journey of Electronic Bottles and the Ocean Plastic Crisis

Duncan and Davies actually cobbled together two generations of electronic bottles. Their first generation of devices, the ones that sailed along the Ganges, had plenty of cell towers to ping along the way, so a SIM card would do. But the researchers also wanted to see how plastic bottles might behave once they get to the ocean. So they outfitted a second generation with GPS. Here they took inspiration from their prior work tracking sea turtles: GPS works great on the open ocean, far away from any cell service. (Their designs are open source, so any plastic researcher can build their own, and even improve upon the system.)

For both versions of the device, they had to figure out how to make an electronics-stuffed tube behave like a real piece of plastic trash. “It’s all about the center of gravity, really,” says Davies. They couldn’t, for instance, load all the batteries onto one side of the bottle. They also left an open cavity within the bottle, so the trapped air would give it buoyancy, keeping about half the device above the waterline and half below. Critically, the bottle had to orient itself such that its antenna pointed skyward, not toward the river bottom.

“We played a lot in buckets in our back gardens, floating the bottles, testing configurations, getting it just right,” Davies says. “The right thickness of wall—the right everything—until we got something that would mimic a bottle. So we threw another bottle in beside it, and they would float in the same orientation.”

Illustration: Alasdair Davies/Arribada Initiative

Confident of the seaworthiness of the GPS versions of the bottles, the team deployed them in Bangladesh, near the mouth of the Ganges, and also in the Bay of Bengal. They then watched how the devices scooted around the Bay of Bengal along similar trajectories. One bottle traveled nearly 1,800 miles in 94 days. They tended to head westward, toward the east coast of India, eventually getting caught up in strong eddy systems. “On the map, we see kind of spiraling starting to happen,” Duncan says. “That’s the indication of where we might be finding accumulations of plastic.”

And that turns out to be the point of carefully engineering plastic bottles to survive grueling journeys down the Ganges and across the Bay of Bengal: It shows where trash tends to gather in these waters. Previously, scientists had developed models—based on variables like ocean currents, winds, and the shapes of coastlines—to show how pieces of plastic might travel around the environment. These models indicate that trash tends to stick around the coast, washing a little ways out, then washing back in, over and over. This new work’s findings lend strong real-world evidence to back up that dynamic: The electronic bottles tended to hug the coastline, traveling hundreds of miles parallel to it instead of immediately washing far out to sea.

Source link