Notices by Neil Craig (tdp_org@mastodon.social)

Looks like www.bbc.co.uk & www.bbc.com are blocked in Turkmenistan (since this time last week).

#Censorship #Turkmenistan #BBC

We monitor traffic to www.bbc.co.uk & www.bbc.com per country & got alerts that daily requests from Angola have dropped off loads recently.

Looking at the Angola traffic split by network AS. AS36907 traffic looks suspicious! Spidey sense triggered...the "before" traffic was *way* too consistent.

Digging in to the logs, looks like they removed their Fortigates on 6th Sept. which'd been sending 343k req/day for www.bbc.co.uk/ , every single day!

Gotta love being on the internet!

#WebStats #BBC

In the UK at least, "trump" is a euphamism/slang for "fart".
Is that a thing in the USA too?

Here's a few of the prep tasks we've done for the UK General Election in/around our team:
- Add extra CDN/peering capacity
- Ensure personal & machine credentials & TLS cert work & won't expire
- Raise service quotas for safety
- Check that deployment pipeline are clean/deployable
- Ask 3rd parties to be extra-vigilant on change requests
- Rehearse failovers to backup systems
- Make sure all logging/metrics are working correctly
Probably mainly/all pretty obvious but maybe useful.
#BBC #GE2024

I'm updating our roadmap for our internal CDN which serves www.bbc.co.uk & www.bbc.com to the UK.

Which protocols/edge features/security controls (not website content/features/security controls) would you like to see us add?

Already on the list:
- IPv6
- QUIC/h3 (already supported outside UK)
- Post-Quantum Crypto (maybe, needs research)

I can't make any promises but suggestions would be great
Boosts would be ace, TiA!

Edit: Also 👀 for security/performance/reliability tech

#BBC #WebDev #CDN

According to Google, the next thing I should listen to after this week's Risky Business Podcast is...

"Minecraft - Bedtime Meditation
Sleep Stories - Mrs. Honeybee"

🤷🏼♂️

I've been watching "The Misadventures of Romesh Ranganathan" series 4 this week.
Aside from being hilarious & genuinely interesting, I am really pleased to see Romesh challenging & calling out what I agree with him are disgusting anti-gay laws in Uganda.
https://www.bbc.co.uk/iplayer/episode/m001zpqt/the-misadventures-of-romesh-ranganathan-series-4-1-uganda

So, do I put the glue in now or...?

On/around 27th May 2024, the traffic from Azerbaijan to www.bbc.com & www.bbc.co.uk reduced by over 80%.
Looking at our data, I can see that the vast majority of traffic in Azerbaijan comes from AS29049 (Delta Telecom) which is their majority ISP according to Wikipedia.
OONI says tests were passing as recently as 28th May from AS29049 but there's definitely something going on...Unsure exactly what.
(the gap in AS29049 is a GeoIP data migration)
#Azerbaijan #Censorship #InfoSec

My pals in BBC World Service have been doing some awesome work on "lite" versions of their news articles (other page types to follow).
They essentially skip the Server-Side React hydration which means you end up with a simpler HTML+CSS page, no JS.
Page sizes drop significantly:
* Transferred: ~600KB -> 30KB
* Total: 1.65MB -> 135KB
Just append `.lite` on a URL e.g. https://www.bbc.com/mundo/articles/crgyyvdz1dro.lite
There's no on/off UX at the moment but they're working on that too.
#WebDev #WebPerf #WebPerformance #BBC

Per off-the-record chats with F5ers (assuming they're correct), F5 didn't exactly manage OSS NGINX well. I was told that Maxim essentially ran OSS NGINX as a volunteer despite being employed by F5.
That could all be totally wrong but IMO it fits with their behaviour I've experienced - it always felt more like *available* source than *open* source to me.
This might all have serious repercussions, NGINX (& OpenResty which is based on it) is *everywhere*, 32% of the web https://www.netcraft.com/blog/january-2024-web-server-survey

Seems to be a bit of a split in #NGINX - It's been forked by a previous F5 employee in an effort to keep it free from interference.
https://freenginx.org/

Hands up if you caused a global outage today...
Just me?
Sorry!

I was making a change to our "outside the UK" CDN config today for www.bbc.co.uk & www.bbc.com & the change included 2 bugs which pre-testing didn't spot:
- A regex typo which caused 404s on www.bbc.co.uk
- An incorrect TLS cert on the CDN origin which caused 503s on www.bbc.com

These caused ~7 minutes of significant global outage.

I spent most of the afternoon writing tests to catch this for next time.

#DevOps #WebDev #CDN

To add a little detail I should have included initially:

This is a web server/proxy software issue - it's a generic issue (rather than software-specific) so it's going to affect lots of software implementations.

If you run a publicly available website/service, keep an eye on https://www.cve.org/CVERecord?id=CVE-2023-44487.

It'll be announced at midday UTC today (10th Oct 2023).

If there isn't an update you can deploy quickly for your affected services immediately (there should be for the better known software, they've had advance notice) then you should consider disabling the affected element until there is.

Can't share more right now but it's important so don't forget (& tell your friends!).

#WebDev #InfoSec #Security

Earlier we were talking about DDOS & a colleague asked what TLS versions are used by the botnets these days...So I checked the most recent big-ish one we had :
**TLS Protocol Percentage**
TLSv1.3 55.77%
TLSv1.2 44.23%
TLSv1 0.00%
This was over something like 115M total requests.
So the answer is that the botnets have better TLS libs than our overall audience. Fun times.
#infoSec #webDev #TLS #DDOS

@Gargron Not sure if you get any support from Fastly and/or are already aware of it but they offer support for OSS communities via https://www.fastly.com/fast-forward which may be worth a look if you've not already.

@zkat Ah crap, does this mean i need to migrate to somewhere better? (currently on mastodon.social as i had even less idea what i was doing when i first registered than i do now)

@rbairwell @zkat @Gargron Oh wow, yeah, I can imagine he's having a _very_ busy time!
Thanks for the info...I am also considering running my own service - mulling over a serveless architecture which could be fun...