Peter Hutterer announces
udev-hid-bpf, a tool to facilitate the loading of BPF programs that
make human-input devices work correctly.
eBPF was originally written for network packet filters but as of
kernel v6.3 and thanks to Benjamin, we have BPF in the HID
subsystem. HID actually lends itself really well to BPF because,
well, we have a byte array and to fix our devices we need to do
complicated things like “toggle that bit to zero” or “swap those
two values”.
See this article for more information on
the BPF-HID mechanism.
Registration is now open for Take Command, a day-long virtual summit in partnership with AWS. You do not want to miss it. You’ll get new attack intelligence, insight into AI disruption, transparent MDR partnerships, and more.
In 2024, adversaries are using AI and new techniques, working in gangs with nation-state budgets. But it’s “inevitable” they’ll succeed? Really?
Before any talk of surrender, please join us at Take Command. We’ve packed the day with information and insights you can take back to your team and use immediately.
You’ll hear from Chief Scientist Raj Samani, our own CISO Jaya Baloo, global security leaders, hands-on practitioners, and Rapid7 Labs leaders like Christiaan Beek and Caitlin Condon. You’ll get a first look at new, emergent research, trends, and intelligence from the curators of Metasploit and our renowned open source communities.
You’ll leave with actionable strategies to safeguard against the newest ransomware, state-sponsored TTPs, and marquee vulnerabilities.
Can’t make the entire day? Check out the agenda, see what fits
The summit kicks off with back-to-back keynotes. First, “Know Your Adversary: Breaking Down the 2024 Attack Intelligence Report” and “The State of Security 2024.”
You’ll get an insider view of Rapid7’s MDR SOC. Sessions range from “Building Defenses Through AI” to “Unlocking Success: Strategies for Measuring Team Performance” to a big favorite “Before, During, & After Ransomware Attacks.” Though no one really talks about it, there’s a lengthy “before” period, and new, good things you can do to frustrate the bad guys.
Take Command will offer strategies on building cybersecurity culture (yes, it’s difficult with humans). And, of course, preparing for the Securities & Exchange Commission’s Cybersecurity Disclosure Rules. You’ll hear from Sabeen Malik, VP, Global Government Affairs and Public Policy, Kyra Ayo Caros Director, Corporate Securities & Compliance and Harley L. Geiger, Venable LLP.
Now, turning the tables on attackers is possible
Adversaries are inflicting $10 trillion in damage to the global economy every year , and the goal posts keep moving. As risks from cloud, IoT, AI and quantum computing proliferate and attacks get more frequent, SecOps have never been more stressed. And more in need of sophisticated guidance.
Mark your calendar for May 21. Get details here. You’ll be saving a lot more than the date.
Young people taking part in the European Astro Pi Challenge are about to have their computer programs sent to the International Space Station (ISS). Astro Pi is run annually in collaboration by us and ESA Education, and offers two ways to get involved: Mission Zero and Mission Space Lab.
This year, over 25,000 young people from across Europe and eligible ESA Member States are getting their programs ‘uplinked’ to the Astro Pi computers aboard the ISS, where they will be running over the next few weeks.
Mission Zero teams send their art into space
Mission Zero is an exciting activity for kids with little or no experience with coding. We invite young people to create a Python program that displays an 8×8 pixel image or animation. This program then gets sent to the ISS, and each pixel art piece is displayed for 30 seconds on the LED matrix display of the Astro Pi computers on the ISS.
Astro Pis on the ISS
We picked the theme ‘fauna and flora’ as the inspiration for young people’s pixel art, as it proved so popular last year, and we weren’t disappointed: this year, 24,378 young people submitted 16,039 Mission Zero creations!
We’ve tested every program and are pleased to announce that 15,942 Mission Zero programs will be sent to run on the ISS from mid May.
Once again, we have been amazed at the wonderful images and animations that young people have created. Seeing all the images that have been submitted is one of the most enjoyable and inspiring things to do as we work on the Astro Pi Challenge. Here is a little selection of some of our favourites submitted this year:
A selection of Mission Zero submissions
Varied approaches: How different teams calculate ISS speed
For Mission Space Lab, we invite more experienced young coders to take on a scientific challenge: to calculate the speed that the ISS orbits Earth.
Teams are tasked with writing a program that uses the Astro Pis’ sensors and visible light camera to capture data for their calculations, and we have really enjoyed seeing the different approaches the teams have taken.
Some teams decided to calculate the distance between two points in photos of the Earth’s surface and combine this with how long it took for the ISS to pass over the points to find the speed. This particular method uses feature extraction and needs to account for ground sampling distance — how many square metres are represented in one pixel in an image of the ground taken from above — to get an accurate output.
We’ve also seen teams use data from the gyroscope to calculate the speed using the angle readings and photos to get their outputs. Yet other teams have derived the speed using equations of motion and sampling from the accelerometer.
Feature extraction example taken from images captured by the Astro Pis
All teams that took multiple samples from the Astro Pi sensors, or multiple images, had to decide how to output a final estimate for the speed of the ISS. Most teams opted to use the mean average. But a few teams chose to filter their samples to choose only the ‘best’ ones based on prior knowledge (Bayesian filtering), and some used a machine learning model and the Astro Pi’s machine learning dongle to select which images or data samples to use. Some teams even provided a certainty score along with their final estimate.
236 Mission Space Lab teams awarded flight status
However the team choses to approach the challenge, before their program can run on the ISS, we need to make sure of a few things. For a start, we check that they’ve followed the challenge rules and meet the ISS security requirements. Next, we check that the program can run without errors on the Astro Pis as the astronauts on board the ISS can’t stop what they’re doing to fix any problems.
So, all programs submitted to us must pass a rigorous testing process before they can be sent into space. We run each program on several replica Astro Pis, then run all the programs sequentially, to ensure there’s no problems. If the program passes testing, it’s awarded ‘flight status’ and can be sent to run in space.
This year, 236 teams have been awarded flight status. These teams represent 889 young people from 22 countries in Europe and ESA member states. The average age of these young people is 15, and 27% of them are girls. The UK has the most teams achieving flight status (61), followed by the Czech Republic (23) and Romania (22). You can see how this compares to last year and explore other breakdowns of participant data in the annual Astro Pi impact report.
Our congratulations to all the Mission Space Lab teams who’ve been awarded flight status: it is a great achievement. All these teams will be invited to join a live online Q&A with an ESA astronaut in June. We can’t wait to see what questions you send us for the astronaut.
A pause to recharge the ISS batteries
Normally, the Astro Pi programs run continuously from the end of April until the end of May. However, this year, there is an interesting event happening in the skies above us that means that programs will pause for a few days. The ISS will be moving its position on the ‘beta angle’ and pivoting its orientation to maximise the sunlight that it can capture with its solar panels.
The International Space Station
The ISS normally takes 90 minutes to complete its orbit, 45 minutes of which is in sunlight, and 45 minutes in darkness. When it moves along the beta angle, it will be in continual sunlight, allowing it to capture lots of solar energy and recharge its batteries. While in its new orientation, the ISS is exposed to increased heat from the sun so the window shutters must be closed to help the astronauts stay cool. That means taking photos of the Earth’s surface won’t be possible for a few days.
What next?
Once all of the programs have run, we will send the Mission Space Lab teams the data collected during their experiments. All successful Mission Zero and Mission Space Lab teams and mentors will also receive personal certificates to recognise their mission completion.
Congratulations to all of this year’s Astro Pi Challenge participants, and especially to all successful teams.
На петия месец откакто бях избран за министър получавам искане за обяснения по секретен доклад на ДАНС срещу мен, в който се твърди, че застрашавам работата на министерството (и съотв. националната сигурност).
Докладът всъщност е преразказ на получен в ДАНС донос от служител на агенцията при министерството и съдържа изцяло неверни твърдения. Пишем обяснения, в които с документи и публична информация опровергаваме „доклада“ и затваряме темата. (В него нямаше нищо секретно, та ДАНС според мен нарушава закона като свръх-класифицира такива доноси, но заради грифа не мога да споделя детайли).
Знам, че и срещу други министри е имало такъв тип доклади. И докато моята реакция беше като на рутинна неприятност, смятам, че тези доклади-доноси работят успешно като средство за сплашване на принципа „имаш проблем и можем да ти помогнем да си го решиш“, особено с по-лабилни министри.
И това е една от многото причини в меморандума на ППДБ и в проекта на споразумение да сложим „реформа в службите“. В проекта на ГЕРБ пишеше „трябва да проведем разговор за службите“. Дребна разлика.
Та ако се чудите защо отиваме на избори – защото дълбоката държава не иска да си загуби инструментите за паралелна власт, която не подлежи на демократична отчетност. А ние може да направихме много компромиси, но компромис с основната цел – освобождаване на завладяната държава – не направихме.
But if you ignore those oddities, it all looks pretty normal and
things appear fairly calm. Which is just as well, since the first
part of the week I was on a quick trip to Seattle, and the second
part of the week I’ve been doing a passable imitation of the
Fontana di Trevi, except my medium is mucus.
Покрай случая „Нотариуса“ с колеги от Да, България зададохме над 40 въпроса на институциите за да установим механизмите на работа на тази скрита държава.
Една от темите бяха СРС-тата (напр. подслушване, следене), резултатите от които обикновено стоят в гореспоменатите папки. Питахме прокуратура, антикорупционна комисия, бюро за контрол на СРС, МВР. Повечето въпроси останаха без адекватен отговор поради следствена тайна, липса на статистика или просто нежелание да се отговори (КПК, вас гледам).
Другата седмица ще кача пакета въпроси и отговори, но ето няколко заключения:
в действащото законодателство няма ред за унищожаване на доказателства, произичащи от СРС и те се съхраняват безсрочно (според бюрото за контрол на СРС). Това създава условия за злоупотрени
единственият съд в страната, който изглежда да осъществява реален контрол при искания за разрешение за СРС е Софийския градски съд (там половината от исканията са отказани). Специализираният съд е бил машина за безконтролни СРС-та и добре че го закрихме. Софийският градски съд е започнал да отказва проблеми искания за СРС чак след скандала с „двете каки“ – преди това и там е било машина за СРС-та.
няма статистика за удължаванията и спиранията/възобновяванията на досъдебните производства, вкл. на етапа преди привличане на обвиняем, както и за неизпозкваните СРС-та. Т.е. не знаем в колко дела срещу лица на висши държавни длъжности има безкрайни удължавания, със събрани и неизползвани СРС-та.
сигналите за злоупотреби със СРС се препращат между институциите (бюрото за контрол на СРС, Висшия съдебен съвет, Министерство на правосъдието), стигат до инспектората на ВСС, който приема становища, че не може да предприеме действия.
Видимо е, че е създадена среда за контролиране чрез компромати, събрани по наказателно-процесуален ред или от службите за сигурност. Т.е. както казва и Кирил, прократурата и службите създават паралелен мехамизъм за упражяване на власт.
На база на събраната информация имаме разработени изменения в редица закони, за да има реални механизми за контрол, повече видимост върху дейността на тези органи и невъзможност за мащабни злоупотреби като складиране на СРС-та.
Дали тезин промени ще минат зависи от следващия парламент. Но след като махнахме стъкления таван на съдебната реформа с промените в Конституцията, само с прицелени мерки могат да попречат на паралелната държава да контролира дневния ред.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
