Security updates for Thursday

Post Syndicated from original https://lwn.net/Articles/892214/

Security updates have been issued by Fedora (frr, grafana, gzip, and pdns), Oracle (java-11-openjdk), Red Hat (java-11-openjdk and kernel), Scientific Linux (java-11-openjdk), SUSE (dcraw, GraphicsMagick, gzip, kernel, nbd, netty, qemu, SDL, and xen), and Ubuntu (libinput, linux, linux-aws, linux-aws-5.13, linux-azure, linux-azure-5.13, linux-gcp, linux-gcp-5.13, linux-hwe-5.13, linux-kvm, linux-oracle, linux-oracle-5.13, linux-raspi, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, inux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-snapdragon, linux, linux-aws, linux-azure, linux-azure-5.4, linux-azure-fde, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, and linux-oem-5.14).

Проверка на „Биволъ“ Министърът на транспорта си уреди през подчинен специалния режим на движение

Post Syndicated from Николай Марченко original https://bivol.bg/%D0%BC%D0%B8%D0%BD%D0%B8%D1%81%D1%82%D1%8A%D1%80%D1%8A%D1%82-%D0%BD%D0%B0-%D1%82%D1%80%D0%B0%D0%BD%D1%81%D0%BF%D0%BE%D1%80%D1%82%D0%B0-%D1%81%D0%B8-%D1%83%D1%80%D0%B5%D0%B4%D0%B8-%D0%BF%D1%80%D0%B5.html

четвъртък 21 април 2022


Министърът на транспорта и съобщенията Николай Събев е злоупотребил със служебното положение, показа проверката на „Биволъ“ за личния му автомобил. Преди около месец личният му джип Mercedes–Benz GLE63AMG е включен…

Two OpenWrt updates

Post Syndicated from original https://lwn.net/Articles/892161/

The OpenWrt 21.02.3
and 19.07.10
updates have been released. These updates contain some security fixes and
improved device support. It’s noting that this is the last 19.07 update:

OpenWrt 19.07.10 is the final release of the 19.07 release branch,
this branch is now end of life and we will not fix problems on this
branch any more, not even severe security problems. We encourage
all users still using OpenWrt 19.07 to upgrade to OpenWrt 21.02 or
more recent OpenWrt versions.

Router distributions are easy to forget about; now might be a good time to
check any relevant systems and, if needed, doing in upgrade.

AI literacy research: Children and families working together around smart devices

Post Syndicated from Sue Sentance original https://www.raspberrypi.org/blog/ai-literacy-children-families-working-together-ai-education-research/

Between September 2021 and March 2022, we’ve been partnering with The Alan Turing Institute to host a series of free research seminars about how to young people about AI and data science.

In the final seminar of the series, we were excited to hear from Stefania Druga from the University of Washington, who presented on the topic of AI literacy for families. Stefania’s talk highlighted the importance of families in supporting children to develop AI literacy. Her talk was a perfect conclusion to the series and very well-received by our audience.

Stefania Druga.
Stefania Druga, University of Washington

Stefania is a third-year PhD student who has been working on AI literacy in families, and since 2017 she has conducted a series of studies that she presented in her seminar talk. She presented some new work to us that was to be formally shared at the HCI conference in April, and we were very pleased to have a sneak preview of these results. It was a fascinating talk about the ways in which the interactions between parents and children using AI-based devices in the home, and the discussions they have while learning together, can facilitate an appreciation of the affordances of AI systems. You’ll find my summary as well as the seminar recording below.

“AI literacy practices and skills led some families to consider making meaningful use of AI devices they already have in their homes and redesign their interactions with them. These findings suggest that family has the potential to act as a third space for AI learning.”

– Stefania Druga

AI literacy: Growing up with AI systems, growing used to them

Back in 2017, interest in Alexa and other so-called ‘smart’, AI-based devices was just developing in the public, and such devices would have been very novel to most people. That year, Stefania and colleagues conducted a first pilot study of children’s and their parents’ interactions with ‘smart’ devices, including robots, talking dolls, and the sort of voice assistants we are used to now.

A slide from Stefania Druga's AI literacy seminar. Content is described in the blog text.
A slide from Stefania’s AI literacy seminar. Click to enlarge.

Working directly with families, the researchers explored the level of understanding that children had about ‘smart’ devices, and were surprised by the level of insight very young children had into the potential of this type of technology.

In this AI literacy pilot study, Stefania and her colleagues found that:

  • Children perceived AI-based agents (i.e. ‘smart’ devices) as friendly and truthful
  • They treated different devices (e.g. two different Alexas) as completely independent
  • How ‘smart’ they found the device was dependent on age, with older children more likely to describe devices as ‘smart’

AI literacy: Influence of parents’ perceptions, influence of talking dolls

Stefania’s next study, undertaken in 2018, showed that parents’ perceptions of the implications and potential of ‘smart’ devices shaped what their children thought. Even when parents and children were interviewed separately, if the parent thought that, for example, robots were smarter than humans, then the child did too.

A slide from Stefania Druga's AI literacy seminar.
A slide from Stefania’s AI literacy seminar. Click to enlarge.

Another part of this study showed that talking dolls could influence children’s moral decisions (e.g. “Should I give a child a pillow?”). In some cases, these ‘smart’ toys would influence the child more than another human. Some ‘smart’ dolls have been banned in some European countries because of security concerns. In the light of these concerns, Stefania pointed out how important it is to help children develop a critical understanding of the potential of AI-based technology, and what its fallibility and the limits of its guidance are.

A slide from Stefania Druga's AI literacy seminar.
A slide from Stefania’s AI literacy seminar. Click to enlarge.

AI literacy: Programming ‘smart’ devices, algorithmic bias

Another study Stefania discussed involved children who programmed ‘smart’ devices. She used the children’s drawings to find out about their mental models of how the technology worked.

She found that when children had the opportunity to train machine learning models or ‘smart’ devices, they became more sceptical about the appropriate use of these technologies and asked better questions about when and for what they should be used. Another finding was that children and adults had different ideas about algorithmic bias, particularly relating to the meaning of fairness.

A parent and child work together at a Raspberry Pi computer.

AI literacy: Kinaesthetic activities, sharing discussions

The final study Stefania talked about was conducted with families online during the pandemic, when children were learning at home. 15 families, with in total 18 children (ages 5 to 11) and 16 parents, participated in five weekly sessions. A number of learning activities to demonstrate features of AI made up each of the sessions. These are all available at aiplayground.me.

A slide from Stefania Druga's AI literacy seminar, describing two research questions about how children and parents learn about AI together, and about how to design learning supports for family AI literacies.
A slide from Stefania’s AI literacy seminar. Click to enlarge.

The fact that children and parents, or other family members, worked through the activities together seemed to generate fruitful discussions about the usefulness of AI-based technology. Many families were concerned about privacy and what was happening to their personal data when they were using ‘smart’ devices, and also expressed frustration with voice assistants that couldn’t always understand the way they spoke.

A slide from Stefania Druga's AI literacy seminar. Content described in the blog text.
A slide from Stefania’s AI literacy seminar. Click to enlarge.

In one of the sessions, with a focus on machine learning, families were introduced to a kinaesthetic activity involving moving around their home to train a model. Through this activity, parents and children had more insight into the constraints facing machine learning. They used props in the home to experiment and find out ways of training the model better. In another session, families were encouraged to design their own devices on paper, and Stefania showed some examples of designs children had drawn.

A slide from Stefania Druga's AI literacy seminar. Content described in the blog text.
A slide from Stefania’s AI literacy seminar. Click to enlarge.

This study identified a number of different roles that parents or other adults played in supporting children’s learning about AI, and found that embodied and tangible activities worked well for encouraging joint work between children and their families.

Find out more

You can catch up with Stefania’s seminar below in the video, and download her presentation slides.

More about Stefania’s work can be learned in her paper on children’s training of ML models and also in her latest paper about the five weekly AI literacy sessions with families.

Recordings and slides of all our previous seminars on AI education are available online for you, and you can see the list of AI education resources we’ve put together based on recommendations from seminar speakers and participants.

Join our next free research seminar

We are delighted to start a new seminar series on cross-disciplinary computing, with seminars in May, June, July, and September to look forward to. It’s not long now before we begin: Mark Guzdial will speak to us about task-specific programming languages (TSP) in history and mathematics classes on 3 May, 17.00 to 18.30pm local UK time. I can’t wait!

Sign up to receive the Zoom details for the seminar with Mark:

I want to sign up for the next seminar

The post AI literacy research: Children and families working together around smart devices appeared first on Raspberry Pi.

Трилогията BECOMING: Когато танцът среща киното 

Post Syndicated from Дилян Ценов original https://toest.bg/trilogiyata-becoming-kogato-tantsut-sreshta-kinoto/

„Танцовото кино добива все повече популярност в България, но може би е още непознато за широката публика.“ Така Стефани Ханджийска коментира мястото на танцовото кино в съвременната културна среда у нас. Стефани е танцов артист, хореограф и артистичен директор на Фондация „Човек с шапка“, чиято мисия е да подкрепя, развива, продуцира и разпространява български проекти в областта на съвременния танц и танцовото кино. За да изпълни тази мисия, Стефани обединява усилия с още двама артисти – хореографа и режисьор Коста Каракашян и документалистката Силвия Чернева, и тримата основават програмата „Фокус Кино Танц“.

Първият им съвместен проект е трилогията от късометражни филми BECOMING. Филмите третират темата за идентичността на съвременния човек през призмата на три концепции – за женствеността, за мъжествеността и за юношеството. Трилогията обединява тези различни гледни точки и чрез танца провокира сетивата на зрителя, позволявайки му да намери свой собствен акцент в един концептуален наратив. Дилян Ценов потърси за разговор Стефани Ханджийска, Коста Каракашян и Силвия Чернева, за да разкажат повече за процеса по създаване на BECOMING и за взаимодействието между танца и киното.

INNER BLOOM

В основата на филма на Стефани Ханджийска, режисиран от Коста Каракашян, е „Алиса в страната на чудесата“. Вдъхновена от литературната класика, хореографката поставя героинята си в една тропическа фантазия с наситени топли цветове, без начало и край. Жената на Стефани попада в тази вселена и открива собствената си сила, тяло и сексуалност. „Проследяваме героинята във филма от юношеството, когато тя е във фантасмагорична „тропическа гора“, скача, играе и без да подозира, се появява тази сексуалност, която е първо детска увличаща игра, но после героинята се стряска“, разказва хореографката.

Почти е невъзможно да гледаме филма, без да го пренасяме към реалността и към ролята и позицията на жената в съвременния свят. „Женското тяло продължава да е обект на огромен обществен контрол през 2022 г. За мен „вътрешното разцъфване“ във филма е моментът, в който героинята изцяло приема женското си тяло, неговия сексуален инстинкт, големите промени в различните етапи от живота на една жена. За мен като жени ние разцъфваме не във връзка с другите, а тогава, когато напълно приемем себе си и тялото си“, допълва Стефани.

Богат на символика, INNER BLOOM предоставя редица възможности за интерпретация на една и съща тема, без да се загуби фокусът от основното му послание. Чрез своя танц, в който откриваме множество деликатни препратки и към йогата (чиято мисия също е достигането на баланс между духа и тялото), Стефани Ханджийска рисува една пъстра и хармонична вселена, чийто единствен господар е жената.

SURRENDER

Вторият филм от трилогията BECOMING ни запознава с темата за мъжествеността, представена чрез историите на четирима български танцьори. Продукцията е дело на Коста Каракашян, който заедно с творческия съветник на филма Александър Цеков сглобява пъзел от различни характери. Четиримата герои на Коста се развиват в радикално различни жанрове: брейк, хип-хоп, класически танц и танци на токчета. Кое тогава ги обединява?

„Събирателната точка, на първо място, беше харизмата и пълното сливане с танца, което наблюдаваме и при четиримата танцьори – Кръстьо Методиев (брейк), Реми Тоин (хип-хоп), Никола Хаджитанев (класически танц) и Светослав Серопян (танци на токчета)“, споделя Коста. Режисьорът разказва как първоначалната концепция за филма се е променила: „Отправната точка беше мъжествеността и как самите танцьори дефинират идентичността си, но в разговорите тръгнахме и в други посоки, говорейки за връзката с публиката, за първите спомени от сцената, за професионалните им цели и за все още непокорените върхове в кариерата. От тези идеи видяхме, че съкровеният контакт с публиката е онова, което излиза на преден план и при четиримата.“

В хода на процеса се появява и още един похват, който невинаги присъства в танцовото изкуство – текстът. Тук той идва, за да обогати визуалния разказ и да остави героите сами да говорят за себе си, докато танцуват. „Една от целите на филма е да се запознае публиката по-интимно с четиримата ни завладяващи герои. Искахме да ги оставим да разкажат своите истории. За мен като танцов артист също е важно представянето на професионалните танцьори по един триизмерен начин, за да може публиката да разбере колко сложен, но и удовлетворяващ е нашият вид изкуство“, допълва Коста.

Също както INNER BLOOM, и SURRENDER съдържа в себе си социален елемент, този път от мъжка гледна точка, и показва как възприятията за мъжественост се разширяват. „Смятам, че има нещо леко бунтарско в танца и в начина, по който той ни позволява да експериментираме с различни роли чрез тялото си. Мъжествеността, която виждаме по света, вече е по-рафинирана, мъжете си позволяват да са по-емоционални, по-уязвими и искрени, без да се крият зад проявите на сила или превъзходство. Четиримата мъже във филма са точно такива – искрени, смирени, артистични, готови да изразяват себе си пред една широка публика“, коментира режисьорът.

Онова, което Коста Каракашян извежда на преден план в своя филм, е как, независимо от вида танц и индивидуалността на героите, всеки от тях попада в съвременна концепция за мъжественост. Четиримата споделят едно общо мъжко начало, което с всяко свое разклонение се обогатява, става по-интересно, понякога по-объркващо, но и несъмнено по-богато, чупейки устоите на онова, което допреди няколко години се приемаше като норма в мъжкия свят.

BREAKOFF

Финалното парче от трилогията BECOMING  е филмът BREAKOFF, режисиран от Силвия Чернева. Разликата между него и първите два филма е в това, че танцът тук не се изразява в движенията на тялото, а е показан чрез труда на човека и работата на машините. За да създаде своята творба, Силвия отива в каменоделното училище в село Кунино, където заснема едно от момчетата, работещи в близката каменна кариера. Неговата история е в сърцевината на темата за връзката на човека с природата и за това как той намира себе си в грижата за нея.

„Филмът разказва документална история, но в изразните си средства набляга на ритъма и движението – своеобразния „танц“ на труда и машините, ритъма в монтажа и звуците на мястото. Танцовото кино е жанр, който дава възможност да подходим креативно към това къде и как намираме танца, под какви форми той може да съществува, стига да останем верни на движението като основен носител на историята“, споделя режисьорката.

Изборът на темата за юношеството естествено отвежда Силвия към първоизточника – училищата. „Работата с камък възпитава търпение, решителност, целенасоченост – качества, които на пръв поглед не свързваме с „юношество“. Това напрежение ни развълнува и усетихме потребност да го разработим“, допълва тя.

Онова, което най-силно остава в съзнанието на зрителя, след като гледа филма, е именно контактът на човека с природата, ръчният труд, при който човекът черпи от природата така, че чрез нея да остави нещо след себе си.

„В случая на каменоделството контактът с природата е буквален – с чука си удряш камъка и или той, или дръжката на чука ти се пука. Като някаква борба за надмощие, в която човеците започват да опитомяват същността на земята, нейната плът. Майсторите, които срещнахме и в училището, и в кариерата близо до него, имат страхотен усет за това как и кога можеш да работиш с един камък и с всичките природни фактори, свързани с него – времето, влажността, почвата. Защото камъкът е и крехък и ако не подходиш по правилния начин, може да го раздробиш и съсипеш“, разказва Силвия Чернева.

Макар и различен като стилистика от останалите два филма, BREAKOFF стои намясто в трилогията. И тук движението на тялото е двигател на събитията. А от запаметяването му на лента се ражда нов жанр, който съхранява нещо ефимерно и му помага да заживее собствен живот и да достигне до много по-широка аудитория.

Премиерата на BECOMING се състоя на 3 февруари т.г. в Дома на киното в София. След прожекцията авторите Стефани Ханджийска, Коста Каракашян и Силвия Чернева проведоха дискусия със зрителите. На 26 април в 20:30 ч. отново в Дома на киното първите две части на трилогията – INNER BLOOM и SURRENDER, ще бъдат показани в рамките на тазгодишното издание на фестивала за документално кино Master of Art.
Заглавна снимка: © Владимир Груев / „Фокус Кино Танц“

Източник

Национално съгласие… Някой виждал ли го е?

Post Syndicated from Емилия Милчева original https://toest.bg/natsionalno-suglasie/

След заредили се едно след друго социологически проучвания, в които ГЕРБ пак е първа политическа сила, партийният лидер Бойко Борисов извади от джоба си призив за национално съгласие – за да „се измъкнем от катастрофата, в която сме“. Дори предложи да е под егидата на президента Радев – понеже носи отговорност за тия, дето е довел на власт. Като че ли може да има отговорник по консенсуса в държава, която винаги се разделя на победили политици и провалени политици.

Не беше ли това любима мантра на ДПС – правителство на националното съгласие, – която Движението от години периодично лансира? Каквото било – било, сядат политиците, разбират се за едни приоритети и тръгва програма за ускорено икономическо развитие. В български вариант това би означавало едни партии да се съгласяват с други, защото „приоритетите ми са по-добри от приоритетите ти“, „олигарсите ми са по-добри от олигарсите ти“ и т.н. Във варианта на Бойко Борисов със сигурност означава всички да са съгласни с Бойко Борисов.

„Национално съгласие“ е напълно изтърбушена от съдържание фраза – всички говорят за него, обаче никой не го е виждал. Ако приемем, че депутатите са представителство на част от нацията, то техният консенсус по дадена тема би бил национално съгласие. Но на последните няколко вота те представляват все по-малка част от тази нация, следователно и единодушието им не би било „национално съгласие“.

В управленската коалиция съгласието също е дефицитна стока – заменено е от компромиси в името на споделената власт. Къде по-дребни, къде по-големи. Например от лидера в коалицията „Продължаваме промяната“ са наясно какво разпищолване е в държавните горски стопанства и какви ги върши БСП, но не ѝ навлизат в „ловните полета“. Оставили са и лидерката Корнелия Нинова да играе една лоша имитация на Мая Манолова като вицепремиер и министър на икономиката.

„Демократична България“ предлага да се изпрати оръжие за Украйна, но не настоява на всяка цена и няма да излезе от коалицията, ако не стане. Значи прави компромис с убедения си и промотиран евро-атлантизъм, след като БСП заплаши с напускане. В действителност компромисът е направен по-отрано, още когато ДБ се съгласиха да влязат в коалиция с политическа сила, известна със своите симпатии към режима на Путин.

„Ако днес има избори в България, ще ги спечели Владимир Путин“, каза в предаването „Панорама“ на БНТ съпредседателят на ДБ Христо Иванов. А по какво личи, че не ги е спечелил? Хибридната пропаганда на Русия така и не е дефинирана като заплаха за националната сигурност, което означава, че няма как да бъде мобилизиран ресурс за противодействие. Вярно, изгонени бяха руски дипломати, но руската посланичка Елеонора Митрофанова не бе експулсирана за арогантността си и обидите си към българите.

Премиерът Кирил Петков се надяваше, че след като българският посланик в Москва Атанас Кръстин бе извикан в края на март в София „за консултации“, ще последва реципрочно действие спрямо Митрофанова. Но това не се случи. А правителството премълча, че Кръстин се е прибрал обратно в руската столица. Помнят се и вътрешнокоалиционните разпри за българския батальон, който да засили източния фланг на НАТО, както и смяната в 12 без 5 на кандидата за военен министър проф. Тодор Тагарев с представителя на България в НАТО Драгомир Заков поради несъгласие на БСП.

От гледна точка на политологията националното съгласие е принцип в политиката и бива издиган от партии или правителства при особено тежки обстоятелства, при социално-политическа безизходица. Например национално съгласие би било необходимо за реформирането на пенсионната система, тъй като е процес с дълъг хоризонт. Съгласието би означавало, че този процес е необратим и промените няма да бъдат коригирани или обезсмислени от следващо правителство.

Когато Борисов говори за национално съгласие, някой може да се подведе, че се е преобразил в йерофант. Обаче си е същият автократ, зареден и с желание за мъст след ареста си. Иска съгласие – и веднага след това казва, че „без да си замине Кирил Петков, не могат да говорят по никаква тема с нас“. Явно съгласието започва с изпълняване на условия, поставени от ГЕРБ.

По каква тема изобщо може да се говори с ГЕРБ, които си връщат предишното самочувствие и наглост, наблюдавайки провалите на управляващите и липсата на елементарна коалиционна култура? Най-вероятно ще „помагат“ с каквото и както могат на процесите на разпад в коалицията и ще чакат на пусия, докато ДПС гледат сеир. Борисов и партията му се окопитиха от изборните загуби и вече са минали в настъпление.

Пушилката с арестите на лидера на ГЕРБ, пиарката му Севделина Арнаудова и бившия министър на финансите Владислав Горанов трая от ден до пладне, а протестите на пътните фирми в цялата страна не спират – с тежки машини и работници, които не са получавали заплати от месеци (независимо колко са прибрали онези, които им възлагат работа). Правителството е с вързани ръце – не е доказало, че договорите са нередовни (макар миналата година Кирил Петков и Асен Василев да им посветиха няколко пресконференции), и ще трябва да изплати парите, на първо време 50%, а след проверка на парламентарната Регионална комисия – и останалата половина от сумата. Сто процента от парите обаче ще си получат фирмите, които са поставяли маркировки, пътни знаци и мантинели.

Освен това от ГЕРБ са изискали и получили от Министерството на енергетиката текста на меморандума с офшорките Gemcorp Holdings и IP3 International. На нарочна пресконференция Бойко Борисов и Делян Добрев запитаха защо, след като няма обвързващи задължения, страните ще се отнасят до международен арбитраж, кой стои зад офшорките, как така са им обещани държавни и общински активи и съфинансиране за енергийни проекти във всички сфери – комплекса „Марица Изток“, столичната „Топлофикация“, интерконектора с Гърция и др. Наред с това призоваха правителството да прекрати меморандума и не пропуснаха да го критикуват за провала на акцията по изкупуване на зърно.

Историята с Gemcorp не свършва дотук – парламентът одобри предложението на ГЕРБ парламентарна анкетна комисия да провери не само меморандума, но и всички останали меморандуми и писма за намерения от служебните кабинети насам. А докато българските спецслужби разнищят офшорките за последните пет години – проверка, обещана от премиера Кирил Петков с неизвестен краен срок, разследващият сайт BIRD ги изпревари с ново разкритие.

Изданието първо писа за руската следа в Gemcorp, създадена с пари на руски олигарх и управлявана от кадър на руската ВТБ, известна като „банката на Путин“. BIRD продължава, като извади на бял свят участие на Gemcorp във фирмата за батерии OCSiAl, в която основни акционери са руски банкер, свързан с олигарха Роман Абрамович, и назначен от Путин съветник по предприемачество. Разследването идва на фона на уверенията на правителството, че няма руснаци и нищо, свързано с батерии, в меморандума за инвестиции. Самият меморандум обаче стана медийно достояние и от написаното в него се вижда, че е побрал всички бъдещи проекти в енергетиката в себе си.

ГЕРБ се активизираха и по инициативата и за изпращане на оръжие в Украйна. Темата отново влезе в дневния ред, след като Корнелия Нинова, вицепремиер и министър на икономиката, уволни ръководството на държавния оръжеен търговец „Кинтекс“, а на визита в България бе министърът на външните работи на Украйна Дмитро Кулеба, който също е поставил този въпрос. В отговор се чу нелепото и глуповато обяснение на външната министърка Генчовска, че България била „малка държава“. Двама бивши външни министри – Екатерина Захариева и Даниел Митов, понастоящем депутати от ГЕРБ, поискаха от правителството ясна позиция относно изпращането на оръжие.

Макар от ДБ най-напред да поставиха този въпрос, а ГЕРБ ги последваха, в името на коалиционния мир от градската десница си замълчаха – до вчера, когато излязоха с декларация, с която поискаха помощта за украинските бежанци да не спира и да бъде предоставена военно-техническа помощ на Украйна. След като манкираха и отлагаха разглеждане на военната помощ за Украйна в парламентарните комисии, вчера исканията и на ДБ, и на ГЕРБ за оръжието бяха отхвърлени от Комисията по външна политика. Забележителното е „коалицията“, гласувала срещу тях – „Продължаваме промяната“, БСП, „Има такъв народ“ и „Възраждане“. И това ако не е Путинова коалиция!

На този фон предложението на съпредседателя на ДБ Христо Иванов за обединение по темата за конституционните промени, свързани с реформата на правосъдието, е повече пиар, отколкото реална стъпка. Не го прави за първи път, но със сигурност си дава сметка, че е невъзможно. Оглавяваната от него временна парламентарна комисия за промени в основния закон беше бойкотирана от опозицията в лицето на ГЕРБ, ДПС и „Възраждане“. ГЕРБ постави условие да има съпредседател и след като не го получи, отказа участие. Комисията изобщо не е заседавала, откакто бе създадена през февруари. Голяма е вероятността и така безславно да приключи, тъй като вече не е сигурно и съгласието по конституционните промени в самата управляваща коалиция. По всичко личи, че президентът е изоставил своя конституционен проект – или пък го пази за ново управляващо мнозинство.

А в последните си публични изяви Борисов го ласкае. По-рано през април например той заяви, че от ГЕРБ са сгрешили, като са подценили Румен Радев. „Слушайте внимателно президента Радев. Той е много умен и праволинеен. Затова ние си изядохме шамарите и аз имам вина“, каза Борисов в Добрич. Прелюбопитно. Досега лидерът на ГЕРБ е превъзнасял Живков, Сакскобургготски и Доган.

За месеците в опозиция ГЕРБ се показаха по-големи евро-атлантици, отколкото за десетилетието си на власт, когато се държаха като московски пудели. А откакто избухна войната в Украйна пък Радев започна да възпира евро-атлантизма си и да се изявява повече като протеже на ген. Решетников, с което се прочу в началото на политическата си кариера. Например никога не назовава войната в Украйна като започната от Кремъл, а използва метафората „братоубийствена война“. При поредното му изявление украинският външен министър го поправи: „Ако с Русия сме братски народи, то е като Каин и Авел.“

Може пък Борисов и Радев да готвят някакво национално съгласие. В политиката невъзможни съюзници няма.

Заглавна снимка: © Цветомир Петров / БТА

Източник

[$] Fedora considers deprecating legacy BIOS

Post Syndicated from original https://lwn.net/Articles/891273/

A proposal to “deprecate” support for BIOS-only systems for Fedora, by no longer
supporting new installations on those systems, led to a predictably long
discussion on the Fedora devel mailing list. There are, it seems, quite a few
users who still have BIOS-based systems; many do not want to
have to switch away from Fedora simply to keep their systems up to date.
But, sometime in the future, getting rid of BIOS support seems inevitable since the
burden on those maintaining the tools for installing and booting
those systems is non-trivial and likely to grow over time. To head
that off, a special interest group (SIG) may form to help keep BIOS support
alive until it really is no longer needed.

Tromey: Faster GDB Startup

Post Syndicated from original https://lwn.net/Articles/892074/

On his blog, Tom Tromey writes about speeding up the startup of the GDB debugger. He sees 7x improvements in startup time (e.g. 2.2 to 0.3 seconds) for C++ code.

GDB, essentially, had two DWARF readers. They actually shared a surprisingly small amount of code (which was an occasional source of bugs). For example, while abbrev lookup and name generation (more on that later) was shared, the actual DIE [debugging information entry] data structures were not.

The first DWARF reader created “partial symbols”, which held a name and some associated, easy-to-compute data, like the kind of symbol (variable, function, struct tag, etc). The second DWARF reader (which is still there now) is called when more information was needed about a particular symbol — say, its type. This reader reads all the DIEs in a DWARF compilation unit and expands them into gdb’s symbol table, block, and type data structures.

Both of these scans were slow, but for the time being I’ve only rewritten the first scan, as it was the one that was first encountered and most obviously painful. (I’ve got a plan to fix up the CU expansion as well, but that’s a lengthy project of its own.)

AWS Migration Hub Orchestrator – New Migration Orchestration Capability with Customizable Workflow Templates

Post Syndicated from Channy Yun original https://aws.amazon.com/blogs/aws/aws-migration-hub-orchestrator-new-migration-orchestration-capability-with-customizable-workflow-templates/

You can migrate any workload from an on-premises environment to AWS. The key to a successful migration to AWS is a well-thought-out plan, informative tools, prior migration experience, and a quality implementation. Every step along the way, you can use AWS’s years of experience to build your organizational, operational, and technical capabilities so that you can gain business benefits faster.

In 2017, we introduced AWS Migration Hub, a single location for cloud migration and modernization, giving you the tools you need to accelerate and simplify your journey with AWS. With Migration Hub, you can discover or import your on-premises server details, build a migration strategy with right-sizing recommendations, track migrations across multiple tools in a simple dashboard, and refactor your applications incrementally in any AWS Region.

Today we announce the general availability of AWS Migration Hub Orchestrator, providing predefined and customizable workflow templates that offer a prescribed set of migration tasks, migration tools, automation opportunities, and tracking your progress in one place.

With Migration Hub Orchestrator, you can reduce the migration costs and time by removing many of the manual tasks involved in migrating large-scale enterprise applications, managing dependencies between different tools, and providing visibility into the migration progress. Also, Migration Hub Orchestrator enables customers to customize the templates and add additional steps to suit their workflow needs. At this launch, Migration Hub Orchestrator supports the migrations of SAP NetWeaver-based applications with HANA databases and the rehosting of any applications using AWS Application Migration Service (AWS MGN).

AWS Migration Hub Orchestrator – Getting Started
To get started with AWS Migration Hub Orchestrator, choose Get started to create a new migration workflow in the Migration Hub console.

To create a new workflow, you need to add data sources from your on-premises servers and applications using the AWS discovery tools, group your servers as applications, and download and configure the plugin in your environment. This plugin requires a one-time agentless setup in your source environment.

You can install this plugin as a virtual machine in your VMware vCenter Server environment using the AWS-provided Open Virtualization Archive (OVA) file. Migration Hub Orchestrator uses the plug-in to automatically run migration tasks on the source systems while executing the workflow, such as installing AWS MGN agents on source systems. You can see registered plugins in the Plugins menu.

After completing the prerequisites for Migration Hub Orchestrator setup, you can begin configuring a workflow with your chosen template by clicking the Create workflow button in the Workflows menu.

Choose a workflow template, either Rehost applications on Amazon EC2 or Migrate SAP NetWeaver applications to AWS. This workflow template is a playbook of migration workflow specifications: 1) the step-by-step migration workflow and dependencies, 2) migration services, solutions, or scripts required to automate the migration step, and 3) the required input parameters, such as source virtual machine and application settings, target system settings, replication settings, and cutover requirements for the migration.

To configure your workflow to rehost applications on Amazon EC2 in the next step, enter a name for your workflow, select your application to migrate, configure the source environment, and, optionally, add a description and tags.

When you choose a workflow template for migrating an SAP application, provide source SAP application information. As part of the workflow execution, the service will guide you to deploy the target SAP environment using AWS Launch Wizard, extract application info from the newly deployed stack and migrates the application using an SAP and HANA database-specific replication mechanism like HANA System Replication (HSR).

Select  Review and submit in the Step 3 Configure your workflow, it takes several minutes to create your workflow. You can confirm the list of migration workflows.

Choose one of the migration workflows not started yet and select the Run button to migrate your application with each step in the general rehosting process. It takes several minutes to finish the migration. AWS Migration Hub Orchestrator also allows you to pause, resume, or delete your workflows.

After the completion of migration, you can verify the status of each migration step, from validating the source environment to completing the cutover to AWS.

When you select one of the steps, you can check the details of each step transparently.

Also, you can customize your workflow by adding your own steps, dependencies, and automations to address the needs of your specific use cases. Use the Add option to add steps and specify the custom script that you want to run on the source or destination server as part of that step.

For example, you can perform additional migration readiness checks, change configurations of the target environment, and perform post-migration tests using your own automation scripts. You can also add manual steps as part of the workflow as required.

In the case of the SAP application migration, it includes each migration step in several categories, from validating connectivity to the source server to the cutover to AWS.

As you now know, AWS Migration Orchestrator simplifies the complex migration process that often involves multiple teams and tools by automating the manual tasks involved in migrating large-scale enterprise applications managing dependencies between different tools and providing visibility of migration progress in one place.

We plan to add support for more migration and modernization workflows to reduce the migration costs and time to complete the migration.

Troubleshooting Migration Orchestration
AWS Migration Hub Orchestrator stores the output and logs of steps in S3 bucket under your account. These logs can be used to troubleshoot issues or examine the output of a step. For the tasks that are blocked in the dependent migration service, you can also access the consoles of those services for additional troubleshooting.

Migration Hub Orchestrator is integrated with AWS CloudTrail, a service that provides a record of actions taken by a user, role, or an AWS service to capture all API calls for Migration Hub Orchestrator as events.

If you have more than one AWS account, you can use AWS Organizations in Migration Hub Orchestrator from any member account or organizational unit in your company.

Now Available
AWS Migration Hub Orchestrator is now generally available, and you can use it in all AWS Regions where AWS Migration Hub is available. There is no additional cost for using Migration Hub Orchestrator, and you only pay for the AWS resources that you provision for the migration. To learn more, see the product page.

If you are looking for a Migration Partner to support your cloud adoption, visit the AWS Migration Hub Partners page. Please send feedback to AWS re:Post for Migration Hub or through your usual AWS support contacts.

– Channy

Let’s Architect! Using open-source technologies on AWS

Post Syndicated from Luca Mezzalira original https://aws.amazon.com/blogs/architecture/lets-architect-using-open-source-technologies-on-aws/

With open-source technology, authors make software available to the public, who can view, use, or change it and add new features or support new capabilities. Open-source technology promotes collaboration across different teams, organizations, and people because the process often includes different perspectives and ideas, which typically results a stronger solution.

It can be difficult to create a multi-use solution when building to solve for a specific challenge. With an open-source project or an initiative, multiple teams work together, which prevents coupling and makes the solution easier to generalize.

In this edition of Let’s Architect!, we show you some open-source technologies built with AWS and options for running well-known, open-source projects on AWS.

Firecracker: Secure and Fast microVMs for Serverless Computing

Firecracker was developed at AWS to improve the customer experience of services like AWS Lambda and AWS Fargate. This technology is used to deploy workloads in lightweight virtual machines (VMs), called microVMs. For example, when a new Lambda function is triggered in response to an event, AWS Lambda provisions a microVM (if none already exists) to handle the request. Behind the scenes, this is powered by Firecracker.

This video introduces Firecracker and the concept of virtual machine monitor as a technology to create and manage microVMs. This talk explains Firecracker’s foundation, the minimal device model, and how it interacts with various containers. You’ll learn about the performance, security, and utilization improvements enabled by Firecracker and how Firecracker is used for Lambda and Fargate.

An example host running Firecracker microVMs

An example host running Firecracker microVMs

Deep dive into AWS Cloud Development Kit

AWS Cloud Development Kit (CDK) is an open-source software development framework that allows you to define your cloud application resources using familiar programming languages. It uses object-oriented design to create resources and build an end-to-end process for application development from infrastructure and software-development perspectives.

This video introduces AWS CDK core concepts and demonstrates how to create custom resources and deploy them to the cloud. With AWS CDK, you can make deployments repeatable, automate operations through infrastructure as code, and use the software design patterns while coding your architecture.

AWS CDK is an open-source software development framework for defining cloud infrastructure as code

AWS CDK is an open-source software development framework for defining cloud infrastructure as code

Using Apollo Server on AWS Lambda with Amazon EventBridge for real-time, event-driven streaming

Apollo Server is an open-source, spec-compliant GraphQL server that’s compatible with any GraphQL client. This blog posts covers how you can architect Apollo Server on AWS Lambda in an event-driven architecture. It shows you how to use the Apollo Server on AWS Lambda, integrate it with REST and WebSocket APIs and communicate asynchronously via event bus.

Sample application: a chat app that receives a text message from the client and responds with French and German translations of the message

Sample application: a chat app that receives a text message from the client and responds with French and German translations of the message

Observability the open-source way

Removing the undifferentiated heavy lifting for implementing open-source software can allow you to plug-and-play your favorite solutions with existing AWS services. This video addresses best practices and real-world use cases for Amazon Managed Service for Prometheus, Amazon Managed Grafana, and AWS Distro for OpenTelemetry to gain observability. Observability is fundamental to collect and analyze data coming from your architecture, understand the status of your system, and take action to improve application performance.

Setting up Amazon Managed Service for Prometheus

Setting up Amazon Managed Service for Prometheus

See you next time!

See you in a couple of weeks when we discuss strategies for running serverless applications on AWS!

Looking for more architecture content? AWS Architecture Center provides reference architecture diagrams, vetted architecture solutions, Well-Architected best practices, patterns, icons, and more!

Other posts in this series

Enhance analytics with Google Trends data using AWS Glue, Amazon Athena, and Amazon QuickSight

Post Syndicated from Drew Philip original https://aws.amazon.com/blogs/big-data/enhance-analytics-with-google-trends-data-using-aws-glue-amazon-athena-and-amazon-quicksight/

In today’s market, business success often lies in the ability to glean accurate insights and predictions from data. However, data scientists and analysts often find that the data they have at their disposal isn’t enough to help them make accurate predictions for their use cases. A variety of factors might alter an outcome and should be taken into account when making a prediction model. Google Trends is an available option, presenting a broad source of data that reflects global trends more comprehensively. This can help enrich a dataset to yield a better model.

You can use Google Trends data for a variety of analytical use cases. For example, you can use it to learn about how your products or brands are faring among targeted audiences. You can also use it to monitor competitors and see how well they’re performing against your brand.

In this post, we shows how to get Google Trends data programmatically, integrate it into a data pipeline, and use it to analyze data, using Amazon Simple Storage Service (Amazon S3), AWS Glue, Amazon Athena, and Amazon QuickSight. We use an example dataset of movies and TV shows and demonstrate how to get the search queries from Google Trends to analyze the popularity of movies and TV shows.

Solution overview

The following diagram shows a high-level architecture of the solution using Amazon S3, AWS Glue, the Google Trends API, Athena, and QuickSight.

The solution consists of the following components:

  1. Amazon S3 – The storage layer that stores the list of topics for which Google Trends data has to be gathered. It also stores the results returned by Google Trends.
  2. AWS Glue – The serverless data integration service that calls Google Trends for the list of topics to get the search results, aggregates the data, and loads it to Amazon S3.
  3. Athena – The query engine that allows you to query the data stored in Amazon S3. You can use it for supporting one-time SQL queries on Google Trends data and for building dashboards using tools like QuickSight.
  4. QuickSight – The reporting tool used for building visualizations.

In the following sections, we walk through the steps to set up the environment, download the libraries, create and run the AWS Glue job, and explore the data.

Set up your environment

Complete the following steps to set up your environment:

  1. Create an S3 bucket where you upload the list of movies and TV shows. For this post, we use a Netflix Movies and TV Shows public dataset from Kaggle.
  2. Create an AWS Identity and Access Management (IAM) service role that allows AWS Glue to read and write data to the S3 buckets you just created.
  3. Create a new QuickSight account with the admin/author role and access granted to Athena and Amazon S3.

Download the external libraries and dependencies for the AWS Glue Job

The AWS Glue job needs the following two external Python libraries: pytrends and awswrangler. pytrends is a library that provides a simple interface for automating the downloading of reports from Google Trends. awswrangler is a library provided by AWS to integrate data between a Pandas DataFrame and AWS repositories like Amazon S3.

Download the following .whl files for the libraries and upload them to Amazon S3:

Create and configure an AWS Glue job

To set up your AWS Glue job, complete the following steps:

  1. On the AWS Glue console, under ETL in the navigation pane, choose Jobs – New.
  2. For Create job, select Python Shell script editor.
  3. For Options, select Create a new script with boilerplate code.
  4. Choose Create.
  5. On the Script tab, enter the following script, replacing the source and target buckets with your bucket names: 
    # Import external library TrendReq needed to connect to Google Trends API and library awswrangler to read/write from pandas to Amazon S3.

from pytrends.request import TrendReq
pytrend = TrendReq(hl='en-US', tz=360, timeout=10) 
import pandas as pd
import awswrangler as wr

# Function get_gtrend, accepts a list of terms as input, calls Google Trends API for each term to get the search trends 
def get_gtrend(terms):
  trends =[]
  for term in terms:
# Normalizing the data using popular movie Titanic as baseline to get trends over time.
    pytrend.build_payload(kw_list=["Titanic",term.lower()])
    df = pytrend.interest_over_time()
    df["google_trend"] = round((df[term.lower()] /df['Titanic']) *100)
    
# Transforming and filtering trends results to align with Analytics use case
    df_trend = df.loc[df.index >= "2018-1-1", "google_trend"].resample(rule="M").max().to_frame()
    df_trend["movie"] = term
    trends.append(df_trend.reset_index())

# Last step in function to concatenate the results for each term and return an aggregated dataset 
  concat_df = pd.concat(trends)
  return concat_df

def main():
  
# Change the bucket and prefix name to Amazon S3 location where movie titles file from Kaggle has been downloaded. 
  source_bucket = "source_bucket"
  source_prefix = "source_prefix"

# Awswrangler method s3.read_csv is called to load the titles from S3 location into a DataFrame and convert it to a list.
  df = wr.s3.read_csv(f's3://{source_bucket}/{source_prefix}/')
  movies = df['title'].head(20).values.tolist()

#  Call the get_trends function and pass the list of movies as an input. Pandas dataframe is returned with trend data for movies.
  df = get_gtrend(terms=movies)

# Change the prefix name to location where you want to store results. 
  target_bucket = "target_bucket" 
  target_prefix = "target_prefix" 

# Use awswrangler to save pandas dataframe to Amazon S3. 
  wr.s3.to_csv(df,f's3://{target_bucket}/{target_prefix}/trends.csv',index= False)


# Invoke the main function
main()

  6. On the Job details tab, for Name, enter the name of the AWS Glue job.
  7. For IAM Role, choose the role that you created earlier with permissions to run the job and access Amazon S3.
  8. For Type, enter Python Shell to run the Python code.
  9. For Python Version, specify the Python version as Python 3.6.
  10. For Data processing units, choose 1 DPU.
  11. For Number of retries, enter .
  12. Expand Advanced properties and under Libraries, enter the location of the S3 bucket where the pytrends and awswrangler files were downloaded.
  13. Choose Save to save the job.

Run the AWS Glue job

Navigate to the AWS Glue console and run the AWS Glue job you created. When the job is complete, a CSV file with the Google Trends values is created in the target S3 bucket with the prefix specified in the main() function. In the next step, we create an AWS Glue table referring to the target bucket and prefix to allow queries to be run against the Google Trends data.

Create an AWS Glue table on the Google Trends data

In this step, we create a table in the AWS Glue Data Catalog using Athena. The table is created on top of the Google Trends data saved in the target S3 bucket.

In the Athena query editor, select default as the database and enter the following DDL command to create a table named trends. Replace the target bucket and prefix with your own values.

CREATE EXTERNAL TABLE `trends`(
  `date` date, 
  `google_trend` double, 
  `title` string)
ROW FORMAT DELIMITED 
  FIELDS TERMINATED BY ',' 
STORED AS INPUTFORMAT 
  'org.apache.hadoop.mapred.TextInputFormat' 
OUTPUTFORMAT 
  'org.apache.hadoop.hive.ql.io.HiveIgnoreKeyTextOutputFormat'
LOCATION
  's3://<< target_bucket >>/<<target_prefix >>/'
TBLPROPERTIES (
  'has_encrypted_data'='false', 
  'skip.header.line.count'='1')

This table has three columns:

  • date – The time dimension for aggregating the data. In this example, the time period is monthly.
  • google_trend – The count of Google Trends values normalized on a scale of 0–100.
  • title – The name of the movie or TV show.

Query the data using Athena

Now you can run one-time queries to find the popularity of movies and TV shows.

In the first example, we find the top 10 most popular movies and TV shows for November 2021. In the Athena query editor, enter the following SQL command to query the trends table created in the previous step:

select title,google_trend
from trends 
where date = date_parse('2021-11-30','%Y-%m-%d')
order by google_trend desc
limit 10

In the following example, we find the top 10 most popular movies and TV shows that have grown most in popularity in 2021 until November 30. In the Athena query editor, enter the following SQL command to query the trends table:

select  title,max(google_trend)-min(google_trend) trend_diff
from trends
where date between date_parse('2021-01-31','%Y-%m-%d') and date_parse('2021-11-30','%Y-%m-%d')
group by title
order by 2 desc
limit 10

Build a dashboard to visualize the data using QuickSight

We can use QuickSight to build a dashboard on the data downloaded from Google Trends to identify top movies and TV shows. Complete the following steps:

  1. Sign in to your QuickSight account.
  2. On the QuickSight console, choose Datasets and choose New dataset.
  3. Choose Athena as your data source.
  4. For Data source name, enter a name.
  5. For Athena workgroup, choose [primary].
  6. Choose Create data source.
  7. For Database, choose default.
  8. For Tables, select the trends table.
  9. Choose Select.
  10. Select Directly query your data.
  11. Choose Visualize.

For the first visual, we create a bar chart of the top movies or TV shows by title sorted in ascending order of aggregated Google Trends values.

  1. Choose the horizontal bar chart visual type.
  2. For Y axis, choose title.
  3. For Value, choose google_trend (Average).

Next, we create a time series plot of Google Trends count by month for titles.

  1. Add a new visual and choose the autograph visual type.
  2. For X axis, choose date.
  3. For Value, choose google_trend (Sum).
  4. For Color¸ choose title.

Clean up

To avoid incurring future charges, delete the resources you created for AWS Glue, Amazon S3, IAM, and QuickSight.

  1. AWS Glue Catalog table
    • On the AWS Glue console, choose Tables under Databases in the navigation pane.
    • Select the AWS Glue Data Catalog table that you created.
    • On the Actions drop-down menu, choose Delete.
    • Choose Delete to confirm.
  2. AWS Glue Job
    • Choose Jobs in the navigation pane.
    • Select the AWS Glue job you created.
    • On the Actions drop-down menu, choose Delete.
  3. S3 bucket
    • On the Amazon S3 console, choose Buckets in navigation pane.
    • Choose the bucket you created.
    • Choose Empty and enter your bucket name.
    • Choose Confirm.
    • Choose Delete and enter your bucket name.
    • Choose Delete bucket.
  4. IAM Role
    • On the IAM console, choose Roles in navigation pane.
    • Choose the role you attached to AWS Glue job.
    • Choose Delete role.
    • Choose Yes.
  5. Amazon QuickSight
    • If you created a QuickSight user for trying out this blog and do not want to retain that access, please ask your QuickSight admin to delete your user.
    • If you created the QuickSight account itself just for trying this blog and no longer want to retain it, use following steps to delete it.
    • Choose your user name on the application bar, and then choose Manage QuickSight
    • Choose Account settings.
    • Choose Delete Account.

You can only have one QuickSight account active for each AWS account. Make sure that other users aren’t using QuickSight before you delete the account.

Conclusion

Integrating external data sources such as Google Trends via AWS Glue, Athena, and QuickSight can help you enrich your datasets to yield greater insights. You can use it in a data science context when the model is under-fit and requires more relevant data in order to make better predictions. In this post, we used movies as an example, but the solution extends to a wide breadth of industries, such as products in a retail context or commodities in a finance context. If the simple inventory histories or the transaction dates are available, you may find little correlation to future demand or prices. But with an integrated data pipeline using external data, new relationships in the dataset make the model more reliable.

In a business context, whether your team wants to test out a machine learning (ML) proof of concept more quickly or have limited access to pertinent data, Google Trends integration is a relatively quick way to enrich your data for the purposes of ML and data insights.

You can also extend this concept to other third-party datasets, such as social media sentiment, as your team’s expertise grows and your ML and analytics operations mature. Integrating external datasets such as Google Trends is just one part of the feature and data engineering process, but it’s a great place to start and, in our experience, most often leads to better models that businesses can innovate from.

About the Authors

Drew Philip is a Sr. Solutions Architect with AWS Private Equity. He has held senior
technical leadership positions within key AWS partners such as Microsoft, Oracle, and
Rackspace. Drew focuses on applied engineering that leverages AI-enabled digital innovation and development, application modernization, resiliency and operational excellence for workloads at scale in the public and private sector. He sits on the board of Calvin University’s computer science department and is a contributing member of the AWS Machine Learning Technical Focus Community.

Gautam Prothia is a Senior Solution Architect within AWS dedicated to Strategic Accounts. Gautam has more than 15+ years of experience designing and implementing large-scale data management and analytical solutions. He has worked with many clients across industries to help them modernize their data platforms on the cloud.

Simon Zamarin is an AI/ML Solutions Architect whose main focus is helping customers extract value from their data assets. In his spare time, Simon enjoys spending time with family, reading sci-fi, and working on various DIY house projects.

Codespaces for multi-repository and monorepo scenarios

Post Syndicated from Gabe Dominguez original https://github.blog/2022-04-20-codespaces-multi-repository-monorepo-scenarios/

Today, we’re releasing exciting improvements that will streamline your Codespaces experience when working with multi-repository projects and monorepos. Codespaces are instant cloud-powered development environments that aim at maximizing your productivity by eliminating set-up times regardless of the type, size, and complexity of your projects.

With our initial release, we wanted to address the most common type of projects hosted on GitHub: cloud-native applications housed in a singular repository. As organization adoption began to scale, we quickly realized we needed to support additional types of projects that required extensive workarounds. With this latest update, we’re excited to release improved support for multi-repository and monorepo projects.

Codespaces configuration for microservices

Many of you told us that you often work with a number of interwoven repositories for your projects. Maybe there is a billing service, an event service, an authorization service, and they’re all dependent on each other. When developing a feature that spans many of these services, you might want to clone and interact with each repository within your codespace.

With this scenario in mind, we have added the ability for users to configure which permissions their codespace should have on creation. This means that users will no longer have to set up a personal access token inside of their codespace to clone or create pull requests for other repositories.

repository permissions code

Even better, you can now specify these repository permissions in your devcontainer.json under the customizations.codespaces.repositories key so that every developer is prompted for the right set of permissions while working on the project.

In the future, we plan to make it even simpler to work with microservices in Codespaces by automatically cloning across multiple services and allowing you to configure how your environment is initialized to run each repository.

Codespaces configuration for monorepos

If you are part of a larger organization and have many teams working in one repository, you may have wished there was an easy way to have a different codespace configuration for each team. We heard you loud and clear and are happy to announce that Codespaces now supports multiple devcontainer.json files inside of your .devcontainer directory, as long as they follow the pattern of .devcontainer/${DIR}/devcontainer.json. If multiple configurations exist, users will be able to select their specific configuration at the time of codespace creation, allowing you to better customize your codespaces to fit the specific needs of your teams.

For example, imagine your docs team works primarily in a few directories and just needs a lightweight configuration to update Markdown files. You could have a devcontainer.json that looks like the following:

oncreatecommand script

This devcontainer.json runs an “onCreateCommand” script specific to setting up the environment for the Docs Team. The script in this scenario uses the permissions granted to “my_org/docs_linter” to pull in a linter repository, which is a useful tool when writing and editing documentation.

Advanced create

As we grow to handle more diverse project types and scenarios, we also want to ensure that we continue to provide the ease of environment creations through simple one-click experiences that don’t require you to spend undue time understanding various configuration options.

However, if you need more flexibility, we’ve created a new advanced create flow for Codespaces that allows you to select various options, such as branch, region, machine type, and dev container configuration while creating your codespace.

configure and create codespace screen
Create a new codespace creation flow

If you want to skip the advanced creation flow, you can easily just select “Create codespace on <branch name>,” and it will create a codespace with the default configuration.

How to get started?

We believe that these three new features will allow for larger organizations to have a smoother experience as they onboard and scale with Codespaces. Repository administrators can create multiple devcontainers, each with permission sets, setup scripts, and a codespace configuration specific for certain teams. And, developers will be able to select the ideal devcontainer, machine type, and region during codespace creation with the advanced creation flow as needed. There’s something for everyone with Codespaces!

Here are some helpful links to help you get started!

If you have any feedback to help improve this experience, be sure to post it on our discussions forum.

Scale Amazon Redshift to meet high throughput query requirements

Post Syndicated from Erik Anderson original https://aws.amazon.com/blogs/big-data/scale-amazon-redshift-to-meet-high-throughput-query-requirements/

Many enterprise customers have demanding query throughput requirements for their data warehouses. Some may be able to address these requirements through horizontally or vertically scaling a single cluster. Others may have a short duration where they need extra capacity to handle peaks that can be addressed through Amazon Redshift concurrency scaling. However, enterprises with consistently high demand that can’t be serviced by a single cluster need another option. These enterprise customers require large datasets to be returned from queries at a high frequency. These scenarios are also often paired with legacy business intelligence (BI) tools where data is further analyzed.

Amazon Redshift is a fast, fully managed cloud data warehouse. Tens of thousands of customers use Amazon Redshift as their analytics platform. These customers range from small startups to some of the world’s largest enterprises. Users such as data analysts, database developers, and data scientists use Amazon Redshift to analyze their data to make better business decisions.

This post provides an overview of the available scaling options for Amazon Redshift and also shares a new design pattern that enables query processing in scenarios where having multiple leader nodes are required to extract large datasets for clients or BI tools without introducing additional overhead.

Common Amazon Redshift scaling patterns

Because Amazon Redshift is a managed cloud data warehouse, you only pay for what you use, so sizing your cluster appropriately is critical for getting the best performance at the lowest cost. This process begins with choosing the appropriate instance family for your Amazon Redshift nodes. For new workloads that are planning to scale, we recommend starting with our RA3 nodes, which allow you to independently tailor your storage and compute requirements. The RA3 nodes provide three instance types to build your cluster with: ra3.xlplus, ra3.4xlarge, and ra3.16xlarge.

Horizontal cluster scaling

Let’s assume for this example, you build your cluster with four ra3.4xlarge nodes. This configuration provides 48 vCPUs and 384 GiB RAM. Your workload is consistent throughout the day, with few peaks and valleys. As adoption increases and more users need access to the data, you can add nodes of the same node type to your cluster to increase the amount of compute power available to handle those queries. An elastic resize is the fastest way to horizontally scale your cluster to add nodes as a consistent load increases.

Vertical cluster scaling

Horizontal scaling has its limits, however. Each node type has a limit to the number of nodes that can be managed in a single cluster. To continue with the previous example, ra3.4xlarge nodes have a maximum of 64 nodes per cluster. If your workload continues to grow and you’re approaching this limit, you may decide to vertically scale your cluster. Vertically scaling increases the resources given to each node. Based on the additional resources provided by the larger nodes, you will likely decrease the quantity of nodes at the same time.

Rather than running a cluster with 64 ra3.4xlarge nodes, you could elastically resize your cluster to use 16 ra3.16xlarge nodes and have the equivalent resources to host your cluster. The transition to a larger node type allows you to horizontally scale with those larger nodes. You can create an Amazon Redshift cluster with up to 16 nodes. However, after creation, you can resize your cluster to contain up to 32 ra3.xlplus nodes, up to 64 ra3.4xlarge nodes, or up to 128 ra3.16xlarge nodes.

Concurrency scaling

In March 2019, AWS announced the availability of Amazon Redshift concurrency scaling. Concurrency scaling allows you to add more query processing power to your cluster, but only when you need it. Rather than a consistent volume of workload throughout the day, perhaps there are short periods of time when you need more resources. When you choose concurrency scaling, Amazon Redshift automatically and transparently adds more processing power for just those times when you need it. This is a cost-effective, low-touch option for burst workloads. You only pay for what you use on a per-second basis, and you accumulate 1 hour’s worth of concurrency scaling credits every 24 hours. Those free credits have met the needs of 97% of our Amazon Redshift customers’ concurrency scaling requirements, meaning that most customers get the benefits of concurrency scaling without increasing their costs.

The size of your concurrency scaling cluster is directly proportional to your cluster size, so it also scales as your cluster does. By right-sizing your base cluster and using concurrency scaling, you can address the vast majority of performance requirements.

Multi-cluster scaling

Although the previous three scaling options work together to address the needs of the vast majority of our customers, some customers need another option. These use cases require large datasets to be returned from queries at a high frequency and perform further analysis on them using legacy BI tools.

While working with customers to address these use cases, we have found that in these scenarios, multiple medium-sized clusters can perform better than a single large cluster. This phenomenon mostly relates to the single Amazon Redshift leader node’s throughput capacity.

This last scaling pattern uses multiple Amazon Redshift clusters, which allows you to achieve near-limitless read scalability. Rather than relying on a single cluster, a single leader node, and concurrency scaling, this architecture allows you to add as many resources as needed to address your high throughput query requirements. This pattern relies on Amazon Redshift data sharing abilities to enable a seamless multi-cluster experience.

The remainder of this post covers the details of this architecture.

Solution overview

The following diagram outlines a multi-cluster architecture.

The first supporting component for this architecture is Amazon Redshift managed storage. Managed storage is available for RA3 nodes and allows the complete decoupling of compute and storage resources. This decoupling supports another feature that was announced at AWS re:Invent 2020—data sharing. Data sharing is primarily intended to let you share data amongst different data warehouse groups so that you can retain a single set of data to remove duplication. Data sharing ensures that the users accessing the data are using compute on their clusters rather than using compute on the owning cluster, which better aligns cost to usage.

In this post, we introduce another use case of data sharing: horizontal cluster scaling. This architecture allows you to create two or more clusters to handle high throughput query requirements while maintaining a single data source.

An important component in this design is the Network Load Balancer (NLB). The NLB serves as a single access point for clients to connect to the backend data warehouse for performing reads. It also allows changing the number of underlying clusters transparently to users. If you decide to add or remove clusters, all you need to do is add or remove targets in your NLB. It’s also important to note that this design can use any of the previous three scaling options (horizontal, vertical, and concurrency scaling) to fine-tune the number of resources available to service your particular workload.

Prerequisites

Let’s start by creating two Amazon Redshift clusters of RA3 instance type, and name them producer_cluster and consumer_cluster. For instructions, refer to Create a cluster.

In this post, our producer cluster is a central ETL cluster hosting enterprise sales data using a 3 TB Cloud DW dataset based on the TPC-DS benchmark.

The next step is to configure data sharing between the producer and consumer clusters.

Set up data sharing at the producer cluster

In this step, you need a cluster namespace from the consumer_cluster. One way to find the namespace value of a cluster is to run the SQL statement SELECT CURRENT_NAMESPACE when connected to the consumer_cluster. Another way is through the Amazon Redshift console. Navigate to your Amazon Redshift consumer_cluster, and find the cluster namespace located in the General information section.

After you connect to the producer cluster, create the data share and add the schema and tables to the data share. Then, grant usage to the consumer namespace by providing the namespace value. See the following code:

/* Create Datashare and add objects to the share */ 
CREATE DATASHARE producertpcds3tb;

ALTER DATASHARE producertpcds3tb ADD SCHEMA order_schema;
ALTER DATASHARE producertpcds3tb ADD ALL TABLES in SCHEMA order_schema;

GRANT USAGE ON DATASHARE producertpcds3tb TO NAMESPACE '<consumer namespace>';

You can validate that data sharing was correctly configured by querying these views from the producer cluster:

SELECT * FROM SVV_DATASHARES;
SELECT * FROM SVV_DATASHARE_OBJECTS;

Set up data sharing at the consumer cluster

Get the cluster namespace of the producer cluster by following same steps for the consumer cluster. After you connect to the consumer cluster, you can create a database referencing the data share of the producer cluster. Then you create an external schema and set the search path in the consumer cluster, which allows schema-level access control within the consumer cluster and uses a two-part notation when referencing shared data objects. Finally, you grant usage on the database to a user, and run a query to check if objects as part of data share are accessible. See the following code:

/* Create a local database and schema reference */

CREATE DATABASE tpcds_3tb FROM DATASHARE producertpcds3tb OF NAMESPACE '<producer namespace>';


/*Create External schema */
CREATE EXTERNAL SCHEMA order_schema FROM REDSHIFT DATABASE 'tpcds_3tb' SCHEMA 'order_schema';

SET SEARCH_PATH TO order_schema,public;


/* Grant usage on database to a user */ 

GRANT USAGE On DATABASE tpcds_3tb TO awsuser;

/* Query to check objects accessible from the consumer cluster */

SELECT * FROM SVV_DATASHARE_OBJECTS;

Set up the Network Load Balancer

After you set up data sharing at both the producer_cluster and consumer_cluster, the next step is to configure a Network Load Balancer to accept connections through a single endpoint and forward the connections to both clusters for reading data via queries.

As a prerequisite, collect the following information from the Amazon Redshift producer and consumer clusters on the Amazon Redshift console in the cluster properties section. Use the producer cluster information if consumer cluster is not mentioned below.

Parameter Name Parameter Description
VPCid Amazon Redshift cluster VPC
NLBSubnetid Subnet where the NLB ENI is created. The NLB and Amazon Redshift subnet need to be in the same Availability Zone.
NLBSubnetCIDR Used for allowlisting inbound access in the Amazon Redshift security group
NLBPort Port to be used by NLB Listener, usually the same port as Amazon Redshift port 5439
RedshiftPrivateIP IP address of Amazon Redshift leader node of the producer cluster
RedshiftPrivateIP IP address of Amazon Redshift leader node of the consumer cluster
RedshiftPort: Port used by Amazon Redshift clusters, usually 5439
RedshiftSecurityGroup Security group to allow connectivity to Amazon Redshift cluster

After you collect this information, run the AWS CloudFormation script NLB.yaml to set up the Network Load Balancer for the producer and consumer clusters. The following screenshot shows the stack parameters.

After you create the CloudFormation stack, note the NLB endpoint on the stack’s Outputs tab. You use this endpoint to connect to the Amazon Redshift clusters.

This NLB setup is done for the both producer and consumer clusters by the CloudFormation stack. If needed, you can add additional Amazon Redshift clusters to an existing NLB by navigating to Target groups page of the Amazon EC2 console. Then navigate to rsnlbsetup-target and add the Amazon Redshift cluster leader node private IP and port.

Validate the connections to the Amazon Redshift clusters

After you set up the NLB, the next step is to validate the connectivity to the Amazon Redshift clusters. You can do this by first configuring SQL tools like SQL Workbench, DBeaver, or Aginity Workbench and setting the host name and endpoint to the Amazon Redshift cluster’s NLB endpoint, as shown in the following screenshot. For additional configuration information, see Connecting to an Amazon Redshift cluster using SQL client tools.

Repeat this process a few times to validate that there are connections to both clusters. Similarly, you can use the same NLB endpoint as the host name while configuring.

As a next step, we use JMeter to show how the NLB is connecting to each of the clusters. The Apache JMeter application is open-source software, a 100% pure Java application designed to load test functional behavior and measure performance. Our NLB connects to each cluster in a round-robin manner, which enables even distribution of read load on Amazon Redshift clusters.

Setting up JMeter is out of scope of this post; refer to Building high-quality benchmark tests for Amazon Redshift using Apache JMeter to learn more about setting up JMeter and performance testing on an Amazon Redshift cluster.

The following screenshot shows the HTML output of the response data from JMeter testing. It shows that requests go to both the Amazon Redshift producer and consumer clusters in a round-robin manner.

The preceding screenshot shows a sample output from running 20 SQL queries. Testing with over 1,000 SQL runs was performed with over four Amazon Redshift clusters, and the NLB was able to distribute them as evenly as possible across all of those clusters.

With this setup, you have the flexibility to add Amazon Redshift clusters to your NLB as needed and can configure data sharing to enable horizontal scaling of Amazon Redshift clusters. When demand reduces, you can either de-register some of the Amazon Redshift clusters at the NLB configuration or simply pause the Amazon Redshift cluster and the NLB automatically connects to only those clusters that are available at the time.

Conclusion

In this post, you learned about the different ways that Amazon Redshift can scale to meet your needs as they adjust over time. Use horizontal scaling to increase the number of nodes in your cluster. Use vertical scaling to increase the size of each node. Use concurrency scaling to dynamically address peak workloads. Use multiple clusters with data sharing behind an NLB to provide near-endless scalability. You can use these architectures independently or in combination with each other to build your high-performing, cost-effective data warehouse using Amazon Redshift.

To learn more about some of the foundational features used in the architecture mentioned in this post, refer to:

About the Authors

Erik Anderson is a Principal Solutions Architect at AWS. He has nearly two decades of experience guiding numerous Fortune 100 companies along their technology journeys. He is passionate about helping enterprises build scalable, performant, and cost-effective solutions in the cloud. In his spare time, he loves spending time with his family, home improvement projects, and playing sports.

Rohit Bansal is a Analytics Specialist Solutions Architect at AWS. He specializes in Amazon Redshift and works with customers to build next-generation Analytics solutions using other AWS Analytics Services.

We’re Turning 15 Today!

Post Syndicated from Backblaze original https://www.backblaze.com/blog/were-turning-15-today/

Who doesn’t like birthdays? We definitely do. And we usually celebrate ours on the Backblaze Blog because they’re fun, and we like reminiscing about the time we passed 10 petabytes of data under management and how cute exciting that was (we now have over two exabytes of data storage under management, for context).

But this past year, well, things have been busy! And the last few months have been busier still. Honestly, our 15th anniversary almost slipped right by us. But, we couldn’t let such a milestone go by without marking it somehow.

Today, we thought we’d take a brief look back on our beginnings and where we are now as a public company—a little “how it started/how it’s going” retrospective to celebrate our coming of age—not to pat ourselves on the back, but to celebrate the ways our team and business have grown, especially over the past year.

How It Started

One of the things we’re most proud of is the incredible team we’ve built. Before we founded Backblaze, the five founders and two demi-founders had worked together for 20 years. So, we knew the kind of company we wanted to create when we sat down to hash out what Backblaze would be—a company that’s equally fair and good for its customers, partners, employees, investors, and the greater community.

Five co-founders; two demi-founders; 1,200 square feet; one white board; innumerable Post-Its.

The team today is a lot bigger than it once was (270+ and counting!), but when we started Backblaze, we wanted to create a culture, both internally and externally, of people who cared about each other, cared about their work, and cared about our product. We knew building that kind of culture would lead us authentically to where we are today, and we fiercely protected it. According to a few sources, we’re still doing well on that count.

How It’s Going

So, what have we been up to recently? Thus far in 2022:

  • We launched Universal Data Migration, a new service that covers all data transfer costs, including legacy provider egress fees, and manages data migration from any legacy on-premises or cloud source.
  • We enhanced our partner program with two new offerings (in addition to Universal Data Migration, which partners can also take advantage of):
    • Backblaze B2 Reserve: A predictable, capacity pricing model to empower our Channel Partners.
    • Backblaze Partner API: A new API that empowers our Alliance Partners to easily integrate and manage B2 Cloud Storage within their products and platforms.
  • We announced new partnerships with:
    • CTERA: An enterprise file services platform that extends the capabilities of traditional NAS and file servers to the cloud.
    • Catalogic: An enterprise and Kubernetes data protection solution.
    • Kasten by Veeam: A Kubernetes backup and application mobility solution.

And just a few weeks before 2021 came to a close: We went public on Nasdaq under BLZE.

Blazing it in Times Square.

As much as we’d like to reflect* on more of the great things that happened in our past, we’re more interested in keeping our heads down, working away at what’s next. Stay tuned for the next 15 years.

*If you ARE interested in celebrating some past milestones with us, we put together this nifty chart of some other key milestones that happened between our founding date, 4/20/2007 (yes yes, we were founded on 4/20 with a CEO whose name is Budman, we’ve heard it all before) and when we went public. We thought we’d share it here (obviously we can’t help ourselves, we really do love reminiscing).

Click to enlarge.

The post We’re Turning 15 Today! appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

2022 Cloud Misconfigurations Report: A Quick Look at the Latest Cloud Security Breaches and Attack Trends

Post Syndicated from Jacob Roundy original https://blog.rapid7.com/2022/04/20/2022-cloud-misconfigurations-report-a-quick-look-at-the-latest-cloud-security-breaches-and-attack-trends/

2022 Cloud Misconfigurations Report: A Quick Look at the Latest Cloud Security Breaches and Attack Trends

Every year, Rapid7’s team of cloud security experts and researchers put together a report to review data from publicly disclosed breaches that occurred over the prior year. The goal of this report is to unearth patterns and trends in cloud-related breaches and persistent exposures, so organizations around the world can better protect against threats and address cloud misconfigurations in their own environments.

In the 2022 Cloud Misconfigurations Report, we reviewed 68 accounts of breaches from 2021. Let’s take a brief look at some of the findings from this report, including what industries are being targeted, what the bad guys are looking to gain, and what you can do to shore up your cloud security.

For more information, read Rapid7’s full 2022 Cloud Misconfigurations Report.

What industries are being targeted?

In the subset of breaches we studied, there was a broad distribution of affected industries. Our sample had the following industries represented:

  • Information
  • Healthcare
  • Public administration
  • Retail
  • Professional services
  • Arts and entertainment
  • Manufacturing
  • Finance
  • Educational services
  • Transportation
  • Real estate
  • Accommodation and food services
  • Utilities

This is a notable swath of industries, especially considering the sample size. Among the organizations affected by breaches, some were prominent brands and even staples of the Fortune 500, not just startups operating on shoestring budgets. These organizations have the resources and expertise to establish the gold standard of cloud security best practices, so it just goes to show that anyone is susceptible to breaches due to cloud misconfigurations.

While we found that breaches can hit any organization, no matter their size and prestige, organizations in high-risk industries — like information, healthcare, and public administration — should be especially cautious. The information industry, in particular, was represented at the top of our list, with a considerable lead of nearly double the amount of breaches than reported by the healthcare industry (the second-most affected industry).

What are the bad guys looking for?

So we know that a variety of industries are being targeted, with a particular focus on organizations that store highly sensitive information. Next, let’s take a look at what exactly bad actors are trying to gain by exploiting cloud misconfigurations.

For starters, we found that details on physical location (such as addresses or latitude/longitude details), names, and email were the most commonly lost resources. Other highly sought after data included:

  • Identifier information
  • Passwords
  • Health details
  • Social data
  • Financial information
  • Phone numbers

That’s not all: We also saw that personal, legal, and technical information was stolen, as well as authentication and even media data.

Depending on your industry, you may not store all these data types, but the overall set of details lost represents a gold mine for bad actors who want to carry out social engineering attacks. In the hands of a skilled social engineer, this data can be leveraged to craft incredibly convincing phishing attempts. Passwords, identifiers, and authentication data could also be used by a bad actor to infiltrate a network and extract even more valuable information.

All in all, the data compromised isn’t always the expected high-value nuggets, like credit card information or Social Security numbers. Simple data on names, locations, and email addresses can be powerful weapons, so it’s critical to keep these seemingly less important tidbits of information safe.

What can you do to stay secure?

Better cloud security doesn’t have to be hard. Many of the breaches we reviewed tended to be caused by avoidable circumstances, such as using unsecured resources or users relaxing security permissions. As a result, you can take a few easy steps to better defend your environment and even discover misconfigurations faster.

Rapid7 maintains a globally distributed honeypot network called Project Heisenberg. These honeypot instances are set up on various cloud vendors, waiting for inbound connections, which helps in identifying a misconfiguration or some type of malicious activity. Bad actors will often scan the internet looking for exposed resources to exploit, so this is one way we get a view into what they’re trying to take advantage of.

Thanks to this data, we know that far too many breaches happen as a result of users manually relaxing security settings on cloud resources or making simple mistakes, like typing in the wrong IP address when connecting to a network resource. As such, keeping cloud resources safe can sometimes be as easy as leaving the default security settings intact. (Also, seriously, stop deploying unencrypted instances on the cloud.)

Misconfigurations and lapses in security can also be addressed by:

  • Providing better user training
  • Implementing systems and controls to discourage the relaxing of security mechanisms
  • Conducting reviews of identified resources for appropriate configurations

Breaches are out there — and they’re pervasive — but that doesn’t mean you have to be a target, and keeping your organization safe may be simpler than you think, so long as you know how to keep an eye out for misconfigurations and follow industry-standard best practices for cloud security.

Curious to learn more about the cloud misconfigurations and breaches that happened last year? Check out the full 2022 Cloud Misconfigurations Report.

Additional reading:

The collective thoughts of the interwebz