Post Syndicated from jzb original https://lwn.net/Articles/969145/
Fedora 40 Beta was released
on March 26, and the final release is nearing completion. So far,
the release is coming together nicely with major
updates for GNOME, KDE Plasma, and the usual cavalcade of
smaller updates and enhancements. As part of the release, the project also scuttled Delta
RPMs and OpenSSL 1.1.
Post Syndicated from corbet original https://lwn.net/Articles/970045/
Version
0.81 of the PuTTY SSH client is out with a fix for CVE-2024-31497;
some users will want to update and generate new keys:
PuTTY 0.81, released today, fixes a critical vulnerability
CVE-2024-31497 in the use of 521-bit ECDSA keys
(ecdsa-sha2-nistp521). If you have used a 521-bit ECDSA private
key with any previous version of PuTTY, consider the private key
compromised: remove the public key from authorized_keys files, and
generate a new key pair.However, this only affects that one algorithm and key size. No
other size of ECDSA key is affected, and no other key type is
affected.
Post Syndicated from BeardedTinker original https://www.youtube.com/watch?v=QOx733CU1p8
Post Syndicated from Channy Yun original https://aws.amazon.com/blogs/aws/anthropics-claude-3-opus-model-on-amazon-bedrock/
We are living in the generative artificial intelligence (AI) era; a time of rapid innovation. When Anthropic announced its Claude 3 foundation models (FMs) on March 4, we made Claude 3 Sonnet, a model balanced between skills and speed, available on Amazon Bedrock the same day. On March 13, we launched the Claude 3 Haiku model on Amazon Bedrock, the fastest and most compact member of the Claude 3 family for near-instant responsiveness.
Today, we are announcing the availability of Anthropic’s Claude 3 Opus on Amazon Bedrock, the most intelligent Claude 3 model, with best-in-market performance on highly complex tasks. It can navigate open-ended prompts and sight-unseen scenarios with remarkable fluency and human-like understanding, leading the frontier of general intelligence.
With the availability of Claude 3 Opus on Amazon Bedrock, enterprises can build generative AI applications to automate tasks, generate revenue through user-facing applications, conduct complex financial forecasts, and accelerate research and development across various sectors. Like the rest of the Claude 3 family, Opus can process images and return text outputs.
Claude 3 Opus shows an estimated twofold gain in accuracy over Claude 2.1 on difficult open-ended questions, reducing the likelihood of faulty responses. As enterprise customers rely on Claude across industries like healthcare, finance, and legal research, improved accuracy is essential for safety and performance.
How does Claude 3 Opus perform?
Claude 3 Opus outperforms its peers on most of the common evaluation benchmarks for AI systems, including undergraduate-level expert knowledge (MMLU), graduate-level expert reasoning (GPQA), basic mathematics (GSM8K), and more. It exhibits high levels of comprehension and fluency on complex tasks, leading the frontier of general intelligence.
Source: https://www.anthropic.com/news/claude-3-family
Here are a few supported use cases for the Claude 3 Opus model:
To learn more about Claude 3 Opus’s features and capabilities, visit Anthropic’s Claude on Bedrock page and Anthropic Claude models in the Amazon Bedrock documentation.
Claude 3 Opus in action
If you are new to using Anthropic models, go to the Amazon Bedrock console and choose Model access on the bottom left pane. Request access separately for Claude 3 Opus.
To test Claude 3 Opus in the console, choose Text or Chat under Playgrounds in the left menu pane. Then choose Select model and select Anthropic as the category and Claude 3 Opus as the model.
To test more Claude prompt examples, choose Load examples. You can view and run examples specific to Claude 3 Opus, such as analyzing a quarterly report, building a website, and creating a side-scrolling game.
By choosing View API request, you can also access the model using code examples in the AWS Command Line Interface (AWS CLI) and AWS SDKs. Here is a sample of the AWS CLI command:
aws bedrock-runtime invoke-model \
--model-id anthropic.claude-3-opus-20240229-v1:0 \
--body "{\"messages\":[{\"role\":\"user\",\"content\":[{\"type\":\"text\",\"text\":\" Your task is to create a one-page website for an online learning platform.\\n\"}]}],\"anthropic_version\":\"bedrock-2023-05-31\",\"max_tokens\":2000,\"temperature\":1,\"top_k\":250,\"top_p\":0.999,\"stop_sequences\":[\"\\n\\nHuman:\"]}" \
--cli-binary-format raw-in-base64-out \
--region us-east-1 \
invoke-model-output.txtAs I mentioned in my previous Claude 3 model launch posts, you need to use the new Anthropic Claude Messages API format for some Claude 3 model features, such as image processing. If you use Anthropic Claude Text Completions API and want to use Claude 3 models, you should upgrade from the Text Completions API.
My colleagues, Dennis Traub and Francois Bouteruche, are building code examples for Amazon Bedrock using AWS SDKs. You can learn how to invoke Claude 3 on Amazon Bedrock to generate text or multimodal prompts for image analysis in the Amazon Bedrock documentation.
Here is sample JavaScript code to send a Messages API request to generate text:
// claude_opus.js - Invokes Anthropic Claude 3 Opus using the Messages API.
import {
BedrockRuntimeClient,
InvokeModelCommand
} from "@aws-sdk/client-bedrock-runtime";
const modelId = "anthropic.claude-3-opus-20240229-v1:0";
const prompt = "Hello Claude, how are you today?";
// Create a new Bedrock Runtime client instance
const client = new BedrockRuntimeClient({ region: "us-east-1" });
// Prepare the payload for the model
const payload = {
anthropic_version: "bedrock-2023-05-31",
max_tokens: 1000,
messages: [{
role: "user",
content: [{ type: "text", text: prompt }]
}]
};
// Invoke Claude with the payload and wait for the response
const command = new InvokeModelCommand({
contentType: "application/json",
body: JSON.stringify(payload),
modelId
});
const apiResponse = await client.send(command);
// Decode and print Claude's response
const decodedResponseBody = new TextDecoder().decode(apiResponse.body);
const responseBody = JSON.parse(decodedResponseBody);
const text = responseBody.content[0].text;
console.log(`Response: ${text}`);Now, you can install the AWS SDK for JavaScript Runtime Client for Node.js and run claude_opus.js.
npm install @aws-sdk/client-bedrock-runtime
node claude_opus.jsFor more examples in different programming languages, check out the code examples section in the Amazon Bedrock User Guide, and learn how to use system prompts with Anthropic Claude at Community.aws.
Now available
Claude 3 Opus is available today in the US West (Oregon) Region; check the full Region list for future updates.
Give Claude 3 Opus a try in the Amazon Bedrock console today and send feedback to AWS re:Post for Amazon Bedrock or through your usual AWS Support contacts.
— Channy
Post Syndicated from The History Guy: History Deserves to Be Remembered original https://www.youtube.com/watch?v=pa4s3xKiJBk
Post Syndicated from corbet original https://lwn.net/Articles/970036/
Security updates have been issued by Debian (php7.4 and php8.2), Fedora (c-ares), Mageia (python-pillow and upx), Oracle (bind and dhcp, bind9.16, httpd:2.4/mod_http2, kernel, rear, and unbound), SUSE (eclipse, maven-surefire, tycho, emacs, kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t, nodejs16, nodejs18, nodejs20, texlive, vim, webkit2gtk3, and xen), and Ubuntu (gnutls28, klibc, libvirt, nodejs, and webkit2gtk).
Post Syndicated from Omer Yoachimik original https://blog.cloudflare.com/ddos-threat-report-for-2024-q1
Welcome to the 17th edition of Cloudflare’s DDoS threat report. This edition covers the DDoS threat landscape along with key findings as observed from the Cloudflare network during the first quarter of 2024.
But first, a quick recap. A DDoS attack, short for Distributed Denial of Service attack, is a type of cyber attack that aims to take down or disrupt Internet services such as websites or mobile apps and make them unavailable for users. DDoS attacks are usually done by flooding the victim’s server with more traffic than it can handle.
To learn more about DDoS attacks and other types of attacks, visit our Learning Center.
Quick reminder that you can access previous editions of DDoS threat reports on the Cloudflare blog. They are also available on our interactive hub, Cloudflare Radar. On Radar, you can find global Internet traffic, attacks, and technology trends and insights, with drill-down and filtering capabilities, so you can zoom in on specific countries, industries, and networks. There’s also a free API allowing academics, data sleuths, and other web enthusiasts to investigate Internet trends across the globe.
To learn how we prepare this report, refer to our Methodologies.
Key insights from the first quarter of 2024 include:
We’ve just wrapped up the first quarter of 2024, and, already, our automated defenses have mitigated 4.5 million DDoS attacks — an amount equivalent to 32% of all the DDoS attacks we mitigated in 2023.
Breaking it down to attack types, HTTP DDoS attacks increased by 93% YoY and 51% quarter-over-quarter (QoQ). Network-layer DDoS attacks, also known as L3/4 DDoS attacks, increased by 28% YoY and 5% QoQ.
When comparing the combined number of HTTP DDoS attacks and L3/4 DDoS attacks, we can see that, overall, in the first quarter of 2024, the count increased by 50% YoY and 18% QoQ.
In total, our systems mitigated 10.5 trillion HTTP DDoS attack requests in Q1. Our systems also mitigated over 59 petabytes of DDoS attack traffic — just on the network-layer.
Among those network-layer DDoS attacks, many of them exceeded the 1 terabit per second rate — almost on a weekly basis. The largest attack that we have mitigated so far in 2024 was launched by a Mirai-variant botnet. This attack reached 2 Tbps and was aimed at an Asian hosting provider protected by Cloudflare Magic Transit. Cloudflare’s systems automatically detected and mitigated the attack.
The Mirai botnet, infamous for its massive DDoS attacks, was primarily composed of infected IoT devices. It notably disrupted Internet access across the US in 2016 by targeting DNS service providers. Almost eight years later, Mirai attacks are still very common. Four out of every 100 HTTP DDoS attacks, and two out of every 100 L3/4 DDoS attacks are launched by a Mirai-variant botnet. The reason we say “variant” is that the Mirai source code was made public, and over the years there have been many permutations of the original.
In March 2024, we introduced one of our latest DDoS defense systems, the Advanced DNS Protection system. This system complements our existing systems, and is designed to protect against the most sophisticated DNS-based DDoS attacks.
It is not out of the blue that we decided to invest in this new system. DNS-based DDoS attacks have become the most prominent attack vector and its share among all network-layer attacks continues to grow. In the first quarter of 2024, the share of DNS-based DDoS attacks increased by 80% YoY, growing to approximately 54%.
Despite the surge in DNS attacks and due to the overall increase in all types of DDoS attacks, the share of each attack type, remarkably, remains the same as seen in our previous report for the final quarter of 2023. HTTP DDoS attacks remain at 37% of all DDoS attacks, DNS DDoS attacks at 33%, and the remaining 30% is left for all other types of L3/4 attacks, such as SYN Flood and UDP Floods.
And in fact, SYN Floods were the second most common L3/4 attack. The third was RST Floods, another type of TCP-based DDoS attack. UDP Floods came in fourth with a 6% share.
When analyzing the most common attack vectors, we also check for the attack vectors that experienced the largest growth but didn’t necessarily make it into the top ten list. Among the top growing attack vectors (emerging threats), Jenkins Flood experienced the largest growth of over 826% QoQ.
Jenkins Flood is a DDoS attack that exploits vulnerabilities in the Jenkins automation server, specifically through UDP multicast/broadcast and DNS multicast services. Attackers can send small, specially crafted requests to a publicly facing UDP port on Jenkins servers, causing them to respond with disproportionately large amounts of data. This can amplify the traffic volume significantly, overwhelming the target’s network and leading to service disruption. Jenkins addressed this vulnerability (CVE-2020-2100) in 2020 by disabling these services by default in later versions. However, as we can see, even 4 years later, this vulnerability is still being abused in the wild to launch DDoS attacks.
Another attack vector that’s worth discussing is the HTTP/2 Continuation Flood. This attack vector is made possible by a vulnerability that was discovered and reported publicly by researcher Bartek Nowotarski on April 3, 2024.
The HTTP/2 Continuation Flood vulnerability targets HTTP/2 protocol implementations that improperly handle HEADERS and multiple CONTINUATION frames. The threat actor sends a sequence of CONTINUATION frames without the END_HEADERS flag, leading to potential server issues such as out-of-memory crashes or CPU exhaustion. HTTP/2 Continuation Flood allows even a single machine to disrupt websites and APIs using HTTP/2, with the added challenge of difficult detection due to no visible requests in HTTP access logs.
This vulnerability poses a potentially severe threat more damaging than the previously known
HTTP/2 Rapid Reset, which resulted in some of the largest HTTP/2 DDoS attack campaigns in recorded history. During that campaign, thousands of hyper-volumetric DDoS attacks targeted Cloudflare. The attacks were multi-million requests per second strong. The average attack rate in that campaign, recorded by Cloudflare, was 30M rps. Approximately 89 of the attacks peaked above 100M rps and the largest one we saw hit 201M rps. Additional coverage was published in our 2023 Q3 DDoS threat report.
Cloudflare’s network, its HTTP/2 implementation, and customers using our WAF/CDN services are not affected by this vulnerability. Furthermore, we are not currently aware of any threat actors exploiting this vulnerability in the wild.
Multiple CVEs have been assigned to the various implementations of HTTP/2 that are impacted by this vulnerability. A CERT alert published by Christopher Cullen at Carnegie Mellon University, which was covered by Bleeping Computer, lists the various CVEs:
| Affected service | CVE | Details |
|---|---|---|
| Node.js HTTP/2 server | CVE-2024-27983 | Sending a few HTTP/2 frames can cause a race condition and memory leak, leading to a potential denial of service event. |
| Envoy’s oghttp codec | CVE-2024-27919 | Not resetting a request when header map limits are exceeded can cause unlimited memory consumption which can potentially lead to a denial of service event. |
| Tempesta FW | CVE-2024-2758 | Its rate limits are not entirely effective against empty CONTINUATION frames flood, potentially leading to a denial of service event. |
| amphp/http | CVE-2024-2653 | It collects CONTINUATION frames in an unbounded buffer, risking an out of memory (OOM) crash if the header size limit is exceeded, potentially resulting in a denial of service event. |
| Go’s net/http and net/http2 packages | CVE-2023-45288 | Allows an attacker to send an arbitrarily large set of headers, causing excessive CPU consumption, potentially leading to a denial of service event. |
| nghttp2 library | CVE-2024-28182 | Involves an implementation using nghttp2 library, which continues to receive CONTINUATION frames, potentially leading to a denial of service event without proper stream reset callback. |
| Apache Httpd | CVE-2024-27316 | A flood of CONTINUATION frames without the END_HEADERS flag set can be sent, resulting in the improper termination of requests, potentially leading to a denial of service event. |
| Apache Traffic Server | CVE-2024-31309 | HTTP/2 CONTINUATION floods can cause excessive resource consumption on the server, potentially leading to a denial of service event. |
| Envoy versions 1.29.2 or earlier | CVE-2024-30255 | Consumption of significant server resources can lead to CPU exhaustion during a flood of CONTINUATION frames, which can potentially lead to a denial of service event. |
When analyzing attack statistics, we use our customer’s industry as it is recorded in our systems to determine the most attacked industries. In the first quarter of 2024, the top attacked industry by HTTP DDoS attacks in North America was Marketing and Advertising. In Africa and Europe, the Information Technology and Internet industry was the most attacked. In the Middle East, the most attacked industry was Computer Software. In Asia, the most attacked industry was Gaming and Gambling. In South America, it was the Banking, Financial Services and Insurance (BFSI) industry. Last but not least, in Oceania, was the Telecommunications industry.
Globally, the Gaming and Gambling industry was the number one most targeted by HTTP DDoS attacks. Just over seven of every 100 DDoS requests that Cloudflare mitigated were aimed at the Gaming and Gambling industry. In second place, the Information Technology and Internet industry, and in third, Marketing and Advertising.
With a share of 75% of all network-layer DDoS attack bytes, the Information Technology and Internet industry was the most targeted by network-layer DDoS attacks. One possible explanation for this large share is that Information Technology and Internet companies may be “super aggregators” of attacks and receive DDoS attacks that are actually targeting their end customers. The Telecommunications industry, the Banking, Financial Services and Insurance (BFSI) industry, the Gaming and Gambling industry and the Computer Software industry accounted for the next three percent.
When normalizing the data by dividing the attack traffic by the total traffic to a given industry, we get a completely different picture. On the HTTP front, Law Firms and Legal Services was the most attacked industry, as over 40% of their traffic was HTTP DDoS attack traffic. The Biotechnology industry came in second with a 20% share of HTTP DDoS attack traffic. In third place, Nonprofits had an HTTP DDoS attack share of 13%. In fourth, Aviation and Aerospace, followed by Transportation, Wholesale, Government Relations, Motion Pictures and Film, Public Policy, and Adult Entertainment to complete the top ten.
Back to the network layer, when normalized, Information Technology and Internet remained the number one most targeted industry by L3/4 DDoS attacks, as almost a third of their traffic were attacks. In second, Textiles had a 4% attack share. In third, Civil Engineering, followed by Banking Financial Services and Insurance (BFSI), Military, Construction, Medical Devices, Defense and Space, Gaming and Gambling, and lastly Retail to complete the top ten.
When analyzing the sources of HTTP DDoS attacks, we look at the source IP address to determine the origination location of those attacks. A country/region that’s a large source of attacks indicates that there is most likely a large presence of botnet nodes behind Virtual Private Network (VPN) or proxy endpoints that attackers may use to obfuscate their origin.
In the first quarter of 2024, the United States was the largest source of HTTP DDoS attack traffic, as a fifth of all DDoS attack requests originated from US IP addresses. China came in second, followed by Germany, Indonesia, Brazil, Russia, Iran, Singapore, India, and Argentina.
At the network layer, source IP addresses can be spoofed. So, instead of relying on IP addresses to understand the source, we use the location of our data centers where the attack traffic was ingested. We can gain geographical accuracy due to Cloudflare’s large global coverage in over 310 cities around the world.
Using the location of our data centers, we can see that in the first quarter of 2024, over 40% L3/4 DDoS attack traffic was ingested in our US data centers, making the US the largest source of L3/4 attacks. Far behind, in second, Germany at 6%, followed by Brazil, Singapore, Russia, South Korea, Hong Kong, United Kingdom, Netherlands, and Japan.
When normalizing the data by dividing the attack traffic by the total traffic to a given country or region, we get a totally different lineup. Almost a third of the HTTP traffic originating from Gibraltar was DDoS attack traffic, making it the largest source. In second place, Saint Helena, followed by the British Virgin Islands, Libya, Paraguay, Mayotte, Equatorial Guinea, Argentina, and Angola.
Back to the network layer, normalized, things look rather different as well. Almost 89% of the traffic we ingested in our Zimbabwe-based data centers were L3/4 DDoS attacks. In Paraguay, it was over 56%, followed by Mongolia reaching nearly a 35% attack share. Additional top locations included Moldova, Democratic Republic of the Congo, Ecuador, Djibouti, Azerbaijan, Haiti, and Dominican Republic.
When analyzing DDoS attacks against our customers, we use their billing country to determine the “attacked country (or region)”. In the first quarter of 2024, the US was the most attacked by HTTP DDoS attacks. Approximately one out of every 10 DDoS requests that Cloudflare mitigated targeted the US. In second, China, followed by Canada, Vietnam, Indonesia, Singapore, Hong Kong, Taiwan, Cyprus, and Germany.
When normalizing the data by dividing the attack traffic by the total traffic to a given country or region, the list changes drastically. Over 63% of HTTP traffic to Nicaragua was DDoS attack traffic, making it the most attacked location. In second, Albania, followed by Jordan, Guinea, San Marino, Georgia, Indonesia, Cambodia, Bangladesh, and Afghanistan.
On the network layer, China was the number one most attacked location, as 39% of all DDoS bytes that Cloudflare mitigated during the first quarter of 2024 were aimed at Cloudflare’s Chinese customers. Hong Kong came in second place, followed by Taiwan, the United States, and Brazil.
Back to the network layer, when normalized, Hong Kong takes the lead as the most targeted location. L3/4 DDoS attack traffic accounted for over 78% of all Hong Kong-bound traffic. In second place, China with a DDoS share of 75%, followed by Kazakhstan, Thailand, Saint Vincent and the Grenadines, Norway, Taiwan, Turkey, Singapore, and Brazil.
Cloudflare’s mission is to help build a better Internet, a vision where it remains secure, performant, and accessible to everyone. With four out of every 10 HTTP DDoS attacks lasting over 10 minutes and approximately three out of 10 extending beyond an hour, the challenge is substantial. Yet, whether an attack involves over 100,000 requests per second, as is the case in one out of every 10 attacks, or even exceeds a million requests per second — a rarity seen in only four out of every 1,000 attacks — Cloudflare’s defenses remain impenetrable.
Since pioneering unmetered DDoS Protection in 2017, Cloudflare has steadfastly honored its promise to provide enterprise-grade DDoS protection at no cost to all organizations, ensuring that our advanced technology and robust network architecture do not just fend off attacks but also preserve performance without compromise.
Post Syndicated from The History Guy: History Deserves to Be Remembered original https://www.youtube.com/watch?v=Lq6KBNPC1jY
Post Syndicated from Vicky Fisher original https://www.raspberrypi.org/blog/global-impact-empowering-young-people-in-kenya-and-south-africa/
We work with mission-aligned educational organisations all over the world to support young people’s computing education. In 2023 we established four partnerships in Kenya and South Africa with organisations Coder:LevelUp, Blue Roof, Oasis Mathare, and Tech Kidz Africa, which support young people in underserved communities. Our shared goal is to support educators to establish and sustain extracurricular Code Clubs and CoderDojos in schools and community organisations. Here we share insights into the impact the partnerships are having.
In the partnerships we used a ‘train the trainer’ model, which focuses on equipping our partners with the knowledge and skills to train and support educators and learners. This meant that we trained a group of educators from each partner, enabling them to then run their own training sessions for other educators so they can set up coding clubs and run coding sessions. These coding sessions aim to increase young people’s skills and confidence in computing and programming.
We also conducted an evaluation of the impact of our work in these partnerships. We shared two surveys with educators (one shortly after they completed their initial training, a second for when they were running coding sessions), and another survey for young people to fill in during their coding sessions. In two of the partnerships, we also conducted interviews and focus groups with educators and young people.
Although we received lots of valuable feedback, only a low proportion of participants responded to our surveys, so the data may not be representative of the experience of all participating educators.
Following our training, our partners themselves trained 332 educators across Kenya and South Africa to work directly in schools and communities running coding sessions. This led to the setup of nearly 250 Code Clubs and CoderDojos and additional coding sessions in schools and communities, reaching more than 11,500 young people.
As a result, access to coding and programming has increased in areas where this provision would otherwise not be available. One educator told us:
“We found it extremely beneficial, because a lot of our children come from areas in the community where they barely know how to read and write, let alone know how to use a computer… [It provides] the foundation, creating a fun way of approaching the computer as opposed to it being daunting.”
We found encouraging signs of the impact of this work on young people.
Nearly 90% of educators reported seeing an increase in young people’s computing skills, with over half of educators reporting that this increase was large. Over three quarters of young people who filled in our survey reported feeling confident in coding and computer programming.
The young people spoke enthusiastically about what they had learned and the programs they had created. They told us they felt inspired to keep learning, linking their interests to what they wanted to do in coding sessions. Interests included making dolls, games, cartoons, robots, cars, and stories.
When we spoke with educators and young people, a key theme that emerged was the enthusiasm and curiosity of the young people to learn more. Educators described how motivated they felt by the excitement of the young people. Young people particularly enjoyed finding out the role of programming in the world around them, from understanding traffic lights to knowing more about the games they play on their phones.
One educator told us:
“…students who knew nothing about technology are getting empowered.”
This confidence is particularly encouraging given that educators reported a low level of computer literacy among young people at the start of the coding sessions. One educator described how coding sessions provided an engaging hook to support teaching basic IT skills, such as mouse skills and computer-related terms, alongside coding.
One educator gave an example of young people using what they are learning in their coding club to solve real-world problems, saying:
“It’s life-changing because some of those kids and the youths that you are teaching… they’re using them to automate things in their houses.”
Many of these young people live in informal settlements where there are frequent fires, and have started using skills they learned in the coding sessions to automate things in their homes, reducing the risk of fires. For example, they are programming a device that controls fans so that they switch on when the temperature gets too high, and ways to switch appliances such as light bulbs on and off by clapping.
From the gathered feedback, we also learned some useful lessons to help improve the quality of our offer and support to our partners. For example, educators faced challenges including lack of devices for young people, and low internet connectivity. As we continue to develop these partnerships, we will work with partners to make use of our unplugged activities that work offline, removing the barriers created by low connectivity.
We are continuing to develop the training we offer and making sure that educators are able to access our other training and resources. We are also using the feedback they have given us to consider where additional training and support may be needed. Future evaluations will further strengthen our evidence and provide us with the insights we need to continue developing our work and support more educators and young people.
Our thanks to our partners at Coder:LevelUp, Blue Roof, Oasis Mathare, and Tech Kidz Africa for sharing our mission to enable young people to realise their full potential through the power of computing and digital technologies. As we continue to build partnerships to support Code Clubs and CoderDojos across South Africa and Kenya, it is heartening to hear first-hand accounts of the positive impact this work has on young people.
If your organisation would like to partner with us to bring computing education to young people you support, please send us a message with the subject ‘Partnerships’.
The post Global Impact: Empowering young people in Kenya and South Africa appeared first on Raspberry Pi Foundation.
Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2024/04/x-com-automatically-changing-link-names-but-not-links.html
Brian Krebs reported that X (formerly known as Twitter) started automatically changing twitter.com links to x.com links. The problem is: (1) it changed any domain name that ended with “twitter.com,” and (2) it only changed the link’s appearance (anchortext), not the underlying URL. So if you were a clever phisher and registered fedetwitter.com, people would see the link as fedex.com, but it would send people to fedetwitter.com.
Thankfully, the problem has been fixed.
Post Syndicated from Explosm.net original https://explosm.net/comics/31948
New Cyanide and Happiness Comic
Post Syndicated from Talks at Google original https://www.youtube.com/watch?v=ljYgZOM30OU
Post Syndicated from Rohit Kumar original https://www.servethehome.com/mega-2-5gbe-switch-guide-update-with-21-new-models-added/
In our new Mega 2.5GbE Switch Round-up 2024 edition, we cover 21 new switches. New options have more ports, PoE+, management, and more
The post MEGA 2.5GbE Switch Guide Update with 21 New Models Added appeared first on ServeTheHome.
Post Syndicated from Jeff Barr original https://aws.amazon.com/blogs/aws/congratulations-to-the-partyrock-generative-ai-hackathon-winners/
The PartyRock Generative AI Hackathon wrapped up earlier this month. Entrants were asked to use PartyRock to build a functional app based on one of four challenge categories, with the option to remix an existing app as well. The hackathon attracted 7,650 registrants who submitted over 1,200 projects, and published over 250 project blog posts on community.aws .
As a member of the judging panel, I was blown away by the creativity and sophistication of the entries that I was asked to review. The participants had the opportunity to go hands-on with prompt engineering and to learn about Foundation Models, and pushed the bounds of what was possible.
Let’s take a quick look at the winners of the top 3 prizes…
First Place
First up, taking home the top overall prize of $20,000 in AWS credits is Parable Rhythm – The Interactive Crime Thriller by Param Birje. This project immerses you in a captivating interactive story using PartyRock’s generative capabilities. Just incredible stuff.
To learn more, read the hackathon submission and the blog post.
Second Place
In second place, earning $10,000 in credits, is Faith – Manga Creation Tools by Michael Oswell. This creative assistant app lets you generate original manga panels and panels with the click of a button. So much potential there.
To learn more, read the hackathon submission.
Third Place
And rounding out the top 3 overall is Arghhhh! Zombie by Michael Eziamaka. This is a wildly entertaining generative AI-powered zombie game that had the judges on the edge of their seats. Great work, Michael!
To learn more, read the hackathon submission.
Round of Applause
I want to give a huge round of applause to all our category winners as well:
| Category / Place | Submission | Prize (USD) | AWS Credits |
| Overall 1st Place | Parable Rhythm | – | $20,000 |
| Overall 2nd Place | Faith – Manga Creation Tools | – | $10,000 |
| Overall 3rd Place | Arghhhh! Zombie | – | $5,000 |
| Creative Assistants 1st Place | Faith – Manga Creation Tools | $4,000 | $1,000 |
| Creative Assistants 2nd Place | MovieCreator | $1,500 | $1,000 |
| Creative Assistants 3rd Place | WingPal | $500 | $1,000 |
| Experimental Entertainment 1st Place | Parable Rhythm | $4,000 | $1,000 |
| Experimental Entertainment 2nd Place | Arghhhh! Zombie | $1,500 | $1,000 |
| Experimental Entertainment 3rd Place | Find your inner potato | $500 | $1,000 |
| Interactive Learning 1st Place | DeBeat Coach | $4,000 | $1,000 |
| Interactive Learning 2nd Place | Asteroid Mining Assistant | $1,500 | $1,000 |
| Interactive Learning 3rd Place | Unlock your pet’s language | $500 | $1,000 |
| Freestyle 1st Place | MindMap Party | $1,000 | $1,000 |
| Freestyle 2nd Place | Angler Advisor | $750 | $1,000 |
| Freestyle 3rd Place | SafeScares | $250 | $1,000 |
| BONUS: Remix ChatRPG | Inferno | – | $2,500 |
| BONUS: Remix ChatRPG | Chat RPG Generator | – | $2,500 |
From interactive learning experiences to experimental entertainment, the creativity and technical execution on display was off the charts.
And of course, a big thank you to all 7,650 participants who dove in and pushed the boundaries of what’s possible with generative AI. You all should be extremely proud.
Join the Party
You can click on any of the images above and try out the apps for yourself. You can remix and customize them, and you can build your own apps as well (read my post, Build AI apps with PartyRock and Amazon Bedrock to see how to get started).
Alright, that’s a wrap. Congrats again to our winners, and a huge thanks to the PartyRock team and all our amazing sponsors. I can’t wait to see what you all build next. Until then, keep building, keep learning, and keep having fun!
— Jeff;
Post Syndicated from The History Guy: History Deserves to Be Remembered original https://www.youtube.com/watch?v=h_oc6Xg5x2s
Post Syndicated from corbet original https://lwn.net/Articles/969919/
The Open Source Security Foundation and the OpenJS Foundation have jointly
posted a
warning about XZ-like social-engineering attacks after OpenJS was
seemingly targeted.
The OpenJS Foundation Cross Project Council received a suspicious
series of emails with similar messages, bearing different names and
overlapping GitHub-associated emails. These emails implored OpenJS
to take action to update one of its popular JavaScript projects to
“address any critical vulnerabilities,” yet cited no specifics. The
email author(s) wanted OpenJS to designate them as a new maintainer
of the project despite having little prior involvement.
Post Syndicated from Tom Evans original https://blog.cloudflare.com/tom-evans-chief-partnership-officer
In today’s rapidly evolving digital landscape, the decision to join a company is not just about making a career move. Instead, it’s about finding a mission, a community, and a platform to make a meaningful impact. Cloudflare’s remarkable technology and incredibly driven teams are two reasons why I’m excited to join the team.
Joining Cloudflare as the Chief Partner Officer is my commitment to driving innovation and impact across the Internet through our channel partnerships. In each conversation throughout the interview process, I found myself getting more and more excited about the opportunity. Several former trusted colleagues who have recently joined Cloudflare repeatedly told me how amazing the people and company culture are. A positive culture driven by people that are passionate about their work is key. We work too hard not to have fun while doing it.
When it comes to partnerships, I see the immense value that partners can provide. My philosophy revolves around fostering collaborative, value-driven partnerships. It is about building ecosystems where we jointly navigate challenges, innovate together, and collectively thrive in a rapidly evolving global marketplace where the success of our channel partners directly influences our collective achievements. It also involves investing in their growth through tailored programs and providing strategic guidance and ongoing support. In doing so, we strengthen our most competitive advantage: our partners.
Partners are integral to our success in extending critical solutions to our customers, to fully connect and secure businesses, and in turn, the Internet at large. There are unique aspects to Cloudflare that I believe will be especially appealing as we grow this part of our business.
From edge computing to cybersecurity solutions, Cloudflare is renowned for its innovative technologies that are reshaping the Internet itself. As someone who is deeply passionate about pushing the boundaries of technology and driving innovation, joining a company like Cloudflare was a clear choice. I am eager to be part of a team that is at the forefront of technological advancements, constantly striving to make the Internet faster, safer, and more reliable for its billions of users worldwide.
Cloudflare’s mission of helping to build a better Internet resonates deeply with me. In an age where digital connectivity is more crucial than ever, Cloudflare’s commitment to helping make the Internet more secure, accessible, and resilient is both inspiring and necessary. By joining Cloudflare, I see an opportunity to contribute to a larger cause by empowering our partner ecosystem to help with this mission.
One of the most compelling aspects of Cloudflare is its culture of collaboration and inclusivity. From my first conversation, I have been impressed by the genuine sense of camaraderie and teamwork that permeates the organization. In all my conversations, both internally and externally, I get a real sense that Cloudflare fosters an environment where diverse perspectives are celebrated, and where every individual is empowered to make a difference. I am excited to be part of a community that values transparency, empathy, and continuous learning.
With a global network that puts it within 50 milliseconds of around 95% of the online population, Cloudflare has a far-reaching impact on the digital economy. Joining Cloudflare means being part of a truly global team, working with all different partners from all corners of the world. This global perspective not only presents exciting opportunities for collaboration and growth but also underscores the significance of Cloudflare’s mission on a global scale.
Cloudflare’s tried and tested technology delivers value at massive scale. This presents immense opportunities for partners to achieve significant growth and foster a true partnership together to better serve our customers.
Working with channel partners over the years, fostering meaningful relationships, and gaining insights into unique perspectives is what I find the most enjoyment in. The constant exchange of ideas and learning within these relationships acts as a catalyst for innovation and continuous improvement.
Since my early days as a sales account manager, I experienced the immense value partners provide first-hand, and leaned into this. As an integral part of my success, I found myself crafting comprehensive sales strategies that aligned our partners’ capabilities with my business objectives. I focused on developing value-driven partnerships that transcend a purely transactional mindset, which led me to a role managing partners and eventually leading channel sales and distribution teams.
Cloudflare embodies everything I personally look for in a company. I am eager to be part of the talented team here and partner with organizations around the world to drive meaningful change by contributing to the mission of helping build a better Internet for all. The future is bright, and I couldn’t be more thrilled to be a part of it.
If you’re interested in joining Cloudflare’s Partner Program, you can learn more here: https://www.cloudflare.com/partners/.
Post Syndicated from Brownell Combs original https://aws.amazon.com/blogs/security/winter-2023-soc-1-report-now-available-in-japanese-korean-and-spanish/
We continue to listen to our customers, regulators, and stakeholders to understand their needs regarding audit, assurance, certification, and attestation programs at Amazon Web Services (AWS). We are pleased to announce that for the first time an AWS System and Organization Controls (SOC) 1 report is now available in Japanese and Korean, along with Spanish. This translated report will help drive greater engagement and alignment with customer and regulatory requirements across Japan, Korea, Latin America, and Spain.
The Japanese, Korean, and Spanish language versions of the report do not contain the independent opinion issued by the auditors, but you can find this information in the English language version. Stakeholders should use the English version as a complement to the Japanese, Korean, or Spanish versions.
Going forward, the following reports in each quarter will be translated. Because the SOC 1 controls are included in the Spring and Fall SOC 2 reports, this schedule provides year-round coverage in all translated languages when paired with the English language versions.
Customers can download the translated Winter 2023 SOC 1 report in Japanese, Korean, and Spanish through AWS Artifact, a self-service portal for on-demand access to AWS compliance reports. Sign in to AWS Artifact in the AWS Management Console, or learn more at Getting Started with AWS Artifact.
The Winter 2023 SOC 1 report includes a total of 171 services in scope. For up-to-date information, including when additional services are added, visit the AWS Services in Scope by Compliance Program webpage and choose SOC.
AWS strives to continuously bring services into scope of its compliance programs to help you meet your architectural and regulatory needs. Please reach out to your AWS account team if you have questions or feedback about SOC compliance.
To learn more about our compliance and security programs, see AWS Compliance Programs. As always, we value your feedback and questions; reach out to the AWS Compliance team through the Contact Us page.
If you have feedback about this post, submit comments in the Comments section below.
Want more AWS Security how-to content, news, and feature announcements? Follow us on X.
当社はお客様、規制当局、利害関係者の声に継続的に耳を傾け、Amazon Web Services (AWS) における監査、保証、認定、認証プログラムに関するそれぞれのニーズを理解するよう努めています。この度、AWS System and Organization Controls (SOC) 1 レポートが今回初めて、日本語、韓国語、スペイン語で利用可能になりました。この翻訳版のレポートは、日本、韓国、ラテンアメリカ、スペインのお客様および規制要件との連携と協力体制を強化するためのものです。
本レポートの日本語版、韓国語版、スペイン語版には監査人による独立した第三者の意見は含まれていませんが、英語版には含まれています。利害関係者は、日本語版、韓国語版、スペイン語版の補足として英語版を参照する必要があります。
今後、四半期ごとの以下のレポートで翻訳版が提供されます。SOC 1 統制は、春季 および 秋季 SOC 2 レポートに含まれるため、英語版と合わせ、1 年間のレポートの翻訳版すべてがこのスケジュールで網羅されることになります。
冬季2023 SOC 1 レポートの日本語、韓国語、スペイン語版は AWS Artifact (AWS のコンプライアンスレポートをオンデマンドで入手するためのセルフサービスポータル) を使用してダウンロードできます。AWS マネジメントコンソール内の AWS Artifact にサインインするか、AWS Artifact の開始方法ページで詳細をご覧ください。
冬季2023 SOC 1 レポートの対象範囲には合計 171 のサービスが含まれます。その他のサービスが追加される時期など、最新の情報については、コンプライアンスプログラムによる対象範囲内の AWS のサービスで [SOC] を選択してご覧いただけます。
AWS では、アーキテクチャおよび規制に関するお客様のニーズを支援するため、コンプライアンスプログラムの対象範囲に継続的にサービスを追加するよう努めています。SOC コンプライアンスに関するご質問やご意見については、担当の AWS アカウントチームまでお問い合わせください。
コンプライアンスおよびセキュリティプログラムに関する詳細については、AWS コンプライアンスプログラムをご覧ください。当社ではお客様のご意見・ご質問を重視しています。お問い合わせページより AWS コンプライアンスチームにお問い合わせください。
本記事に関するフィードバックは、以下のコメントセクションからご提出ください。
AWS セキュリティによるハウツー記事、ニュース、機能の紹介については、X でフォローしてください。
Amazon은 고객, 규제 기관 및 이해 관계자의 의견을 지속적으로 경청하여 Amazon Web Services (AWS)의 감사, 보증, 인증 및 증명 프로그램과 관련된 요구 사항을 파악하고 있습니다. 이제 처음으로 스페인어와 함께 한국어와 일본어로도 AWS System and Organization Controls(SOC) 1 보고서를 이용할 수 있게 되었음을 알려드립니다. 이 번역된 보고서는 일본, 한국, 중남미, 스페인의 고객 및 규제 요건을 준수하고 참여도를 높이는 데 도움이 될 것입니다.
보고서의 일본어, 한국어, 스페인어 버전에는 감사인의 독립적인 의견이 포함되어 있지 않지만, 영어 버전에서는 해당 정보를 확인할 수 있습니다. 이해관계자는 일본어, 한국어 또는 스페인어 버전을 보완하기 위해 영어 버전을 사용해야 합니다.
앞으로 매 분기마다 다음 보고서가 번역본으로 제공됩니다. SOC 1 통제 조치는 춘계 및 추계 SOC 2 보고서에 포함되어 있으므로, 이 일정은 영어 버전과 함께 모든 번역된 언어로 연중 내내 제공됩니다.
고객은 AWS 규정 준수 보고서를 필요할 때 이용할 수 있는 셀프 서비스 포털인 AWS Artifact를 통해 일본어, 한국어, 스페인어로 번역된 2023년 동계 SOC 1 보고서를 다운로드할 수 있습니다. AWS Management Console의 AWS Artifact에 로그인하거나 Getting Started with AWS Artifact(AWS Artifact 시작하기)에서 자세한 내용을 알아보세요.
2023년 동계 SOC 1 보고서에는 총 171개의 서비스가 포함됩니다. 추가 서비스가 추가되는 시기 등의 최신 정보는 AWS Services in Scope by Compliance Program(규정 준수 프로그램별 범위 내 AWS 서비스)에서 SOC를 선택하세요.
AWS는 고객이 아키텍처 및 규제 요구 사항을 충족할 수 있도록 지속적으로 서비스를 규정 준수 프로그램의 범위에 포함시키기 위해 노력하고 있습니다. SOC 규정 준수에 대한 질문이나 피드백이 있는 경우 AWS 계정 팀에 문의하시기 바랍니다.
규정 준수 및 보안 프로그램에 대한 자세한 내용은 AWS 규정 준수 프로그램을 참조하세요. 언제나 그렇듯이 AWS는 여러분의 피드백과 질문을 소중히 여깁니다. 문의하기 페이지를 통해 AWS 규정 준수 팀에 문의하시기 바랍니다.
이 게시물에 대한 피드백이 있는 경우, 아래의 의견 섹션에 의견을 제출해 주세요.
더 많은 AWS 보안 방법 콘텐츠, 뉴스 및 기능 발표를 원하시나요? X 에서 팔로우하세요.
Seguimos escuchando a nuestros clientes, reguladores y partes interesadas para comprender sus necesidades en relación con los programas de auditoría, garantía, certificación y acreditación en Amazon Web Services (AWS). Nos enorgullece anunciar que, por primera vez, un informe de controles de sistema y organización (SOC) 1 de AWS se encuentra disponible en japonés y coreano, junto con la versión en español. Estos informes traducidos ayudarán a impulsar un mayor compromiso y alineación con los requisitos normativos y de los clientes en Japón, Corea, Latinoamérica y España.
Estas versiones del informe en japonés, coreano y español no contienen la opinión independiente emitida por los auditores, pero se puede acceder a esta información en la versión en inglés del documento. Las partes interesadas deben usar la versión en inglés como complemento de las versiones en japonés, coreano y español.
De aquí en adelante, los siguientes informes trimestrales estarán traducidos. Dado que los controles SOC 1 se incluyen en los informes de primavera y otoño de SOC 2, esta programación brinda una cobertura anual para todos los idiomas traducidos cuando se la combina con las versiones en inglés.
Los clientes pueden descargar los informes SOC 1 invierno 2023 traducidos al japonés, coreano y español a través de AWS Artifact, un portal de autoservicio para el acceso bajo demanda a los informes de conformidad de AWS. Inicie sesión en AWS Artifact mediante la Consola de administración de AWS u obtenga más información en Introducción a AWS Artifact.
El informe SOC 1 invierno 2023 incluye un total de 171 servicios que se encuentran dentro del alcance. Para acceder a información actualizada, que incluye novedades sobre cuándo se agregan nuevos servicios, consulte los Servicios de AWS en el ámbito del programa de conformidad y seleccione SOC.
AWS se esfuerza de manera continua por añadir servicios dentro del alcance de sus programas de conformidad para ayudarlo a cumplir con sus necesidades de arquitectura y regulación. Si tiene alguna pregunta o sugerencia sobre la conformidad de los SOC, no dude en comunicarse con su equipo de cuenta de AWS.
Para obtener más información sobre los programas de conformidad y seguridad, consulte los Programas de conformidad de AWS. Como siempre, valoramos sus comentarios y preguntas; de modo que no dude en comunicarse con el equipo de conformidad de AWS a través de la página Contacte con nosotros.
Si tiene comentarios sobre esta publicación, envíelos a través de la sección de comentarios que se encuentra a continuación.
¿Quiere acceder a más contenido instructivo, novedades y anuncios de características de seguridad de AWS? Síganos en X.
Post Syndicated from Veliswa Boya original https://aws.amazon.com/blogs/aws/aws-weekly-roundup-new-features-on-knowledge-bases-for-amazon-bedrock-oac-for-lambda-function-url-origins-on-amazon-cloudfront-and-more-april-15-2024/
AWS Community Days conferences are in full swing with AWS communities around the globe. The AWS Community Day Poland was hosted last week with more than 600 cloud enthusiasts in attendance. Community speakers Agnieszka Biernacka, Krzysztof Kąkol, and more, presented talks which captivated the audience and resulted in vibrant discussions throughout the day. My teammate, Wojtek Gawroński, was at the event and he’s already looking forward to attending again next year!
Last week’s launches
Here are some launches that got my attention during the previous week.
Amazon CloudFront now supports Origin Access Control (OAC) for Lambda function URL origins – Now you can protect your AWS Lambda URL origins by using Amazon CloudFront Origin Access Control (OAC) to only allow access from designated CloudFront distributions. The CloudFront Developer Guide has more details on how to get started using CloudFront OAC to authenticate access to Lambda function URLs from your designated CloudFront distributions.
AWS Client VPN and AWS Verified Access migration and interoperability patterns – If you’re using AWS Client VPN or a similar third-party VPN-based solution to provide secure access to your applications today, you’ll be pleased to know that you can now combine the use of AWS Client VPN and AWS Verified Access for your new or existing applications.
These two announcements related to Knowledge Bases for Amazon Bedrock caught my eye:
Metadata filtering to improve retrieval accuracy – With metadata filtering, you can retrieve not only semantically relevant chunks but a well-defined subset of those relevant chunks based on applied metadata filters and associated values.
Custom prompts for the RetrieveAndGenerate API and configuration of the maximum number of retrieved results – These are two new features which you can now choose as query options alongside the search type to give you control over the search results. These are retrieved from the vector store and passed to the Foundation Models for generating the answer.
For a full list of AWS announcements, be sure to keep an eye on the What’s New at AWS page.
Other AWS news
AWS open source news and updates – My colleague Ricardo writes this weekly open source newsletter in which he highlights new open source projects, tools, and demos from the AWS Community.
Upcoming AWS events
AWS Summits – These are free online and in-person events that bring the cloud computing community together to connect, collaborate, and learn about AWS. Whether you’re in the Americas, Asia Pacific & Japan, or EMEA region, learn here about future AWS Summit events happening in your area.
AWS Community Days – Join an AWS Community Day event just like the one I mentioned at the beginning of this post to participate in technical discussions, workshops, and hands-on labs led by expert AWS users and industry leaders from your area. If you’re in Kenya, or Nepal, there’s an event happening in your area this coming weekend.
You can browse all upcoming in-person and virtual events here.
That’s all for this week. Check back next Monday for another Weekly Roundup!
– Veliswa
This post is part of our Weekly Roundup series. Check back each week for a quick roundup of interesting news and announcements from AWS.
Post Syndicated from daroc original https://lwn.net/Articles/969185/
Kumar Kartikeya Dwivedi has been working to add support for exceptions to BPF
since mid-2023. In July, Dwivedi posted
the first patch set in this effort, which adds support for basic stack unwinding.
In February 2024, he posted
the second patch set
aimed at letting the kernel release resources held by the BPF program when an
exception occurs. This makes exceptions usable in many more contexts.