Category: Uncategorized

Editor’s Note: Sign up for Unlocking the World, CNN Travel’s weekly newsletter. Get news about destinations opening, inspiration for future adventures, plus the latest in aviation, food and drink, where to stay and other travel developments.

CNN
 — 

There are many ways to explore the seven mountains that surround the picturesque UNESCO World Heritage city of Bergen on Norway’s fjord-studded west coast. The newest, however, might well be record-breaking.

A three-kilometer-long (1.8-mile) cycling and pedestrian tunnel has been blasted through the base of Løvstakken mountain and its makers say it’s the longest purpose-built tunnel of its kind.

Fyllingsdalstunnelen, as it’s known, opened on April 15 with a family day of sporting activities, following four years of construction that began in February 2019. The state-funded mega-project cost close to $29 million, or 300 million Norwegian kroner.

“We Norwegians are usually modest people,” Camilla Einarsen Heggernes, a spokesperson for rail company Bybanen Utbygging, tells CNN, “But in this instance we would say that the tunnel is 100% state of the art.”

It takes a little under 10 minutes to whizz through the tunnel by bike and around 40 if strolling by foot. To break up the monotony of the windowless tunnel, there are a variety of art installations throughout, as well as different colors and lighting to help users place where they are on the journey and offer a sense of direction.

At the center point is a “sundial” installation – where the sun definitely will never shine – which shows the time of day, again helping to orientate visitors and also to break up the otherwise long line of sight. The tunnel is otherwise perfectly straight, apart from slight curvatures at entrance and exit.

If you’re wondering how cyclists and pedestrians can use the same space, there are two lanes in the tunnel: a 3.5-meter wide bike lane and a 2.5-meter-wide lane for walkers and runners. “We have laid down a blue rubber flooring throughout the tunnel, similar to an athletic track, explains Einarsen Heggernes. “This makes it more pleasant to use than if one would just walk on asphalt.”

The new tunnel came about as a byproduct of Bergen’s second Bybanen tram line, which opened in November 2022. The tram line through the mountain required a parallel evacuation tunnel, so the developers decided to make the new tunnel multipurpose.

Bergen is Norway’s second-largest city and the port city is linked to Oslo, the Norwegian capital, by the 496-kilometer Bergensbanen railway line. This stunning rail journey crosses Europe’s largest high mountain plateau, the Hardangervidda, and its snow-clad vistas were the backdrop for the battle scenes in the “Star Wars” sequel “The Empire Strikes Back.”

While the Fyllingsdalstunnelen is pitching itself as the world’s longest purpose-built cycle tunnel, the reason for that caveat is the 3.6-kilometer-long Snoqualmie Tunnel in Washington, just east of Seattle. This former train tunnel is now a passageway for cyclists, runners and walkers and is part of the 250-mile Palouse to Cascades State Park Trail.

Six European cities made it in CNN Travel’s recent roundup of 10 of the world’s most bike-friendly cities. Copenhagen has 385 kilometers of bike lanes, having introduced its first one way back in 1892. Strasbourg in France has around 6,000 bikes available at self-service stations 24/7 which tourists can use. And the Swiss capital of Bern has a exhilarating downhill trail for riders who feel the need for speed. The best bit is that cyclists can get a funicular up to the top then ride down – no uphill struggle.

An intermittent outage at Cloudflare on Tuesday briefly knocked many of the Internet’s top destinations offline. Some affected Cloudflare customers were able to pivot away from the platform temporarily so that visitors could still access their websites. But security experts say doing so may have also triggered an impromptu network penetration test for organizations that have come to rely on Cloudflare to block many types of abusive and malicious traffic.

At around 6:30 EST/11:30 UTC on Nov. 18, Cloudflare’s status page acknowledged the company was experiencing “an internal service degradation.” After several hours of Cloudflare services coming back up and failing again, many websites behind Cloudflare found they could not migrate away from using the company’s services because the Cloudflare portal was unreachable and/or because they also were getting their domain name system (DNS) services from Cloudflare.

However, some customers did manage to pivot their domains away from Cloudflare during the outage. And many of those organizations probably need to take a closer look at their web application firewall (WAF) logs during that time, said Aaron Turner, a faculty member at IANS Research.

Turner said Cloudflare’s WAF does a good job filtering out malicious traffic that matches any one of the top ten types of application-layer attacks, including credential stuffing, cross-site scripting, SQL injection, bot attacks and API abuse. But he said this outage might be a good opportunity for Cloudflare customers to better understand how their own app and website defenses may be failing without Cloudflare’s help.

“Your developers could have been lazy in the past for SQL injection because Cloudflare stopped that stuff at the edge,” Turner said. “Maybe you didn’t have the best security QA [quality assurance] for certain things because Cloudflare was the control layer to compensate for that.”

Turner said one company he’s working with saw a huge increase in log volume and they are still trying to figure out what was “legit malicious” versus just noise.

“It looks like there was about an eight hour window when several high-profile sites decided to bypass Cloudflare for the sake of availability,” Turner said. “Many companies have essentially relied on Cloudflare for the OWASP Top Ten [web application vulnerabilities] and a whole range of bot blocking. How much badness could have happened in that window? Any organization that made that decision needs to look closely at any exposed infrastructure to see if they have someone persisting after they’ve switched back to Cloudflare protections.”

Turner said some cybercrime groups likely noticed when an online merchant they normally stalk stopped using Cloudflare’s services during the outage.

“Let’s say you were an attacker, trying to grind your way into a target, but you felt that Cloudflare was in the way in the past,” he said. “Then you see through DNS changes that the target has eliminated Cloudflare from their web stack due to the outage. You’re now going to launch a whole bunch of new attacks because the protective layer is no longer in place.”

Nicole Scott, senior product marketing manager at the McLean, Va. based Replica Cyber, called yesterday’s outage “a free tabletop exercise, whether you meant to run one or not.”

“That few-hour window was a live stress test of how your organization routes around its own control plane and shadow IT blossoms under the sunlamp of time pressure,” Scott said in a post on LinkedIn. “Yes, look at the traffic that hit you while protections were weakened. But also look hard at the behavior inside your org.”

Scott said organizations seeking security insights from the Cloudflare outage should ask themselves:

1. What was turned off or bypassed (WAF, bot protections, geo blocks), and for how long?
2. What emergency DNS or routing changes were made, and who approved them?
3. Did people shift work to personal devices, home Wi-Fi, or unsanctioned Software-as-a-Service providers to get around the outage?
4. Did anyone stand up new services, tunnels, or vendor accounts “just for now”?
5. Is there a plan to unwind those changes, or are they now permanent workarounds?
6. For the next incident, what’s the intentional fallback plan, instead of decentralized improvisation?

In a postmortem published Tuesday evening, Cloudflare said the disruption was not caused, directly or indirectly, by a cyberattack or malicious activity of any kind.

“Instead, it was triggered by a change to one of our database systems’ permissions which caused the database to output multiple entries into a ‘feature file’ used by our Bot Management system,” Cloudflare CEO Matthew Prince wrote. “That feature file, in turn, doubled in size. The larger-than-expected feature file was then propagated to all the machines that make up our network.”

Cloudflare estimates that roughly 20 percent of websites use its services, and with much of the modern web relying heavily on a handful of other cloud providers including AWS and Azure, even a brief outage at one of these platforms can create a single point of failure for many organizations.

Martin Greenfield, CEO at the IT consultancy Quod Orbis, said Tuesday’s outage was another reminder that many organizations may be putting too many of their eggs in one basket.

“There are several practical and overdue fixes,” Greenfield advised. “Split your estate. Spread WAF and DDoS protection across multiple zones. Use multi-vendor DNS. Segment applications so a single provider outage doesn’t cascade. And continuously monitor controls to detect single-vendor dependency.”

Editor’s Note: Roxanne Jones, a founding editor of ESPN The Magazine and former vice president at ESPN, has been a producer, reporter and editor at the New York Daily News and The Philadelphia Inquirer. Jones is co-author of “Say it Loud: An Illustrated History of the Black Athlete.” She talks politics, sports and culture weekly on Philadelphia’s 900AM WURD. The views expressed here are solely hers. Read more opinion on CNN.

CNN
 — 

The ruling earlier this month by a Texas federal judge to suspend the US Food and Drug Administration’s approval of a drug that is used frequently for medication abortions, is very personal for me.

That’s because I took mifepristone years ago during a miscarriage, and it saved my life.

When I was prescribed mifepristone, it had not yet taken center stage in America’s abortion wars. I did not have to make a rushed road trip across state lines to get my medicine, unlike many women who need the drug but live in one of the many states that have restricted access to medication abortion or passed near-total bans on abortion.

I was not forced to set up a secret meet-up with a stranger in order to buy my medicine on the black market, as several women I spoke to recently said they planned to do. Nor did I have to order mifepristone online and find myself navigating the many scammers taking advantage of the current patchwork of state abortion laws in the US.

Mifepristone is one of two drugs used in a medication abortion and the other, misoprostol, was not subject to the ruling by the Texas judge. The two drugs can be administered to someone having a miscarriage, allowing them to terminate the pregnancy when the fetus is not viable.

It happened some years ago: After experiencing more than a day of hemorrhaging during the first trimester of my pregnancy, I visited my ob-gyn, who explained after examining me that my blood pressure was dropping rapidly and the heavy bleeding I was experiencing was an unmistakable sign of a miscarriage.

For many women, being prescribed mifepristone is part of their routine medical care. Not so in my case: As my doctor explained, I was facing a dire medical emergency. I was grateful for the medication that saved my life.

My miscarriage took me by surprise. I had loved being pregnant the first time around, about a decade earlier. And as a healthy woman, I had no reason for fear when I became pregnant again. By the time I was administered mifepristone, I was losing a life that I had already begun to love. And like many other women, despite my level of education or economic status, I could not outrun the statistics that put Black women at higher risk.

Up to one in four known pregnancies will end in a miscarriage. And for Black women, the numbers are alarmingly higher. According to an analysis of 4.6 million pregnancies in seven countries, the risk of a miscarriage for Black women is 43% higher than for White women.

In the Black community, women have traditionally been taught to bear their burdens silently — keep your business to yourself — even after something as devastating as pregnancy loss. We are conditioned to do as I did back then, and keep it moving as we try to outrun the long list of statistics that tell us our lives are in danger from every direction, whether it be from health care risks to societal injustices or other stressors.

During my miscarriage, I was a woman who was afraid, hemorrhaging and in excruciating pain, in desperate need of safe, emergency medical care. Thanks to the administration of mifepristone, I was allowed dignity during my miscarriage. It’s what every woman deserves — whether it be facing a potentially life-threatening miscarriage or seeking an abortion.

I learned from my experience that every miscarriage matters. Women must have access to whatever medicines and counseling we need to help us heal and that includes mifepristone. What we don’t need is to be criminalized by politicians and punitive reproductive laws that have long been out of step with public opinion. Despite the continuing political attacks on women’s reproductive rights, more than 61% of US adults say abortion should be legal in all or most cases, according to Pew Research Center.

After the US Justice Department asked the Supreme Court to intervene, Justice Samuel Alito issued a temporary order to preserve the status quo, ensuring access to the drug while giving the justices more time to study the issue.

I am hoping the justices can put politics aside and focus on the science surrounding the safety of mifepristone, a drug that, thankfully, I had access to when my life was in danger. Mifepristone, a synthetic steroid, is even safer than common prescription drugs including penicillin and Viagra.

Following the science demands that, regardless of where you stand on the issue of abortion, consideration must be made for cases like mine and the millions of other women who for years have safely used this medication for complications surrounding miscarriages.

We do not know how the legal fight over medication abortion will unfold. But women across the nation – in blue and red states alike – are watching. Punitive laws like the one signed last week by Florida Gov. Ron DeSantis seek to criminalize reproductive care providers. And worse, they are stripping us of rights that men take for granted – it’s unlikely they will be prohibited by the law from making health care decisions about their own bodies.

It must end. And I’m betting that whether it be with our voice or our votes, women will have the last word.