China’s Olympics App Is Horribly Insecure

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2022/01/chinas-olympics-app-is-horribly-insecure.html

China is mandating that athletes download and use a health and travel app when they attend the Winter Olympics next month. Citizen Lab examined the app and found it riddled with security holes.

Key Findings:

  • MY2022, an app mandated for use by all attendees of the 2022 Olympic Games in Beijing, has a simple but devastating flaw where encryption protecting users’ voice audio and file transfers can be trivially sidestepped. Health customs forms which transmit passport details, demographic information, and medical and travel history are also vulnerable. Server responses can also be spoofed, allowing an attacker to display fake instructions to users.
  • MY2022 is fairly straightforward about the types of data it collects from users in its public-facing documents. However, as the app collects a range of highly sensitive medical information, it is unclear with whom or which organization(s) it shares this information.
  • MY2022 includes features that allow users to report “politically sensitive” content. The app also includes a censorship keyword list, which, while presently inactive, targets a variety of political topics including domestic issues such as Xinjiang and Tibet as well as references to Chinese government agencies.
  • While the vendor did not respond to our security disclosure, we find that the app’s security deficits may not only violate Google’s Unwanted Software Policy and Apple’s App Store guidelines but also China’s own laws and national standards pertaining to privacy protection, providing potential avenues for future redress.

News article:

It’s not clear whether the security flaws were intentional or not, but the report speculated that proper encryption might interfere with some of China’s ubiquitous online surveillance tools, especially systems that allow local authorities to snoop on phones using public wireless networks or internet cafes. Still, the researchers added that the flaws were probably unintentional, because the government will already be receiving data from the app, so there wouldn’t be a need to intercept the data as it was being transferred.

[…]

The app also included a list of 2,422 political keywords, described within the code as “illegalwords.txt,” that worked as a keyword censorship list, according to Citizen Lab. The researchers said the list appeared to be a latent function that the app’s chat and file transfer function was not actively using.

The US government has already advised athletes to leave their personal phones and laptops home and bring burners.

Fall 2021 PCI DSS report now available with 7 services added to compliance scope

Post Syndicated from Michael Oyeniya original https://aws.amazon.com/blogs/security/fall-2021-pci-dss-report-now-available-with-7-services-added-to-compliance-scope/

We’re continuing to expand the scope of our assurance programs at Amazon Web Services (AWS) and are pleased to announce that seven new services have been added to the scope of our Payment Card Industry Data Security Standard (PCI DSS) certification. These new services provide our customers with more options to process and store their payment card data and to architect their cardholder data environment (CDE) securely in AWS.

You can see the full list of services on our Services in Scope by Compliance program page. The seven new services are:

The Asia-Pacific (Jakarta) Region was newly added to scope, and assessed as PCI compliant as part of the Fall 2021 PCI assessment.

We were evaluated by Coalfire, a third-party Qualified Security Assessor (QSA). The Attestation of Compliance (AOC) that shows AWS PCI compliance status is available through AWS Artifact.

We value your feedback and questions—feel free to reach out to our team or give feedback about this post through our Contact Us page.

If you have feedback about this post, submit comments in the Comments section below.

Want more AWS Security news? Follow us on Twitter.

Author

Michael Oyeniya

Michael is a Compliance Program Manager at AWS on the Global Audits team, managing the PCI compliance program. He holds a Master’s degree in management and has over 18 years of experience in information technology security risk and control.

Introducing AWS Lambda batching controls for message broker services

Post Syndicated from Julian Wood original https://aws.amazon.com/blogs/compute/introducing-aws-lambda-batching-controls-for-message-broker-services/

This post is written by Mithun Mallick, Senior Specialist Solutions Architect.

AWS Lambda now supports configuring a maximum batch window for instance-based message broker services to fine tune when Lambda invocations occur. This feature gives you an additional control on batching behavior when processing data. It applies to Amazon Managed Streaming for Apache Kafka (Amazon MSK), self-hosted Apache Kafka, and Amazon MQ for Apache ActiveMQ and RabbitMQ.

Apache Kafka is an open source event streaming platform used to support workloads such as data pipelines and streaming analytics. It is conceptually similar to Amazon Kinesis. Amazon MSK is a fully managed, highly available service that simplifies the setup, scaling, and management of clusters running Kafka.

Amazon MQ is a managed, highly available message broker service for Apache ActiveMQ and RabbitMQ that makes it easier to set up and operate message brokers on AWS. Amazon MQ reduces your operational responsibilities by managing the provisioning, setup, and maintenance of message brokers for you.

Amazon MSK, self-hosted Apache Kafka and Amazon MQ for ActiveMQ and RabbitMQ are all available as event sources for AWS Lambda. You configure an event source mapping to use Lambda to process items from a stream or queue. This allows you to use these message broker services to store messages and asynchronously integrate them with downstream serverless workflows.

In this blog, I explain how message batching works. I show how to use the new maximum batching window control for the managed message broker services and self-managed Apache Kafka.

Understanding batching

For event source mappings, the Lambda service internally polls for new records or messages from the event source, and then synchronously invokes the target Lambda function. Lambda reads the messages in batches and provides these to your function as an event payload. Batching allows higher throughput message processing, up to 10,000 messages in a batch. The payload limit of a single invocation is 6 MB.

Previously, you could only use batch size to configure the maximum number of messages Lambda would poll for. Once a defined batch size is reached, the poller invokes the function with the entire set of messages. This feature is ideal when handling a low volume of messages or batches of data that take time to build up.

Batching window

The new Batch Window control allows you to set the maximum amount of time, in seconds, that Lambda spends gathering records before invoking the function. This brings similar batching functionality that AWS supports with Amazon SQS to Amazon MQ, Amazon MSK and self-managed Apache Kafka. The Lambda event source mapping batching functionality can be described as follows.

Batching controls with Lambda event source mapping

Batching controls with Lambda event source mapping

Using MaximumBatchingWindowInSeconds, you can set your function to wait up to 300 seconds for a batch to build before processing it. This allows you to create bigger batches if there are enough messages. You can manage the average number of records processed by the function with each invocation. This increases the efficiency of each invocation, and reduces the frequency.

Setting MaximumBatchingWindowInSeconds to 0 invokes the target Lambda function as soon as the Lambda event source receives a message from the broker.

Message broker batching behavior

For ActiveMQ, the Lambda event source mapping uses the Java Message Service (JMS) API to receive messages. For RabbitMQ, Lambda uses a RabbitMQ client library to get messages from the queue.

The Lambda event source mappings act as a consumer when polling the queue. The batching pattern for all instance-based message broker services is the same. As soon as a message is received, the batching window timer starts. If there are more messages, the consumer makes additional calls to the broker and adds them to a buffer. It keeps a count of the number of messages and the total size of the payload.

The batch is considered complete if the addition of a new message makes the batch size equal to or greater than 6 MB, or the batch window timeout is reached. If the batch size is greater than 6 MB, the last message is returned back to the broker.

Lambda then invokes the target Lambda function synchronously and passes on the batch of messages to the function. The Lambda event source continues to poll for more messages and as soon as it retrieves the next message, the batching window starts again. Polling and invocation of the target Lambda function occur in separate processes.

Kafka uses a distributed append log architecture to store messages. This works differently from ActiveMQ and RabbitMQ as messages are not removed from the broker once they have been consumed. Instead, consumers must maintain an offset to the last record or message that was consumed from the broker. Kafka provides several options in the consumer API to simplify the tracking of offsets.

Amazon MSK and Apache Kafka store data in multiple partitions to provide higher scalability. Lambda reads the messages sequentially for each partition and a batch may contain messages from different partitions.  Lambda then commits the offsets once the target Lambda function is invoked successfully.

Configuring the maximum batching window

To reduce Lambda function invocations for existing or new functions, set the MaximumBatchingWindowInSeconds value close to 300 seconds. A longer batching window can introduce additional latency. For latency-sensitive workloads set the MaximumBatchingWindowInSeconds value to an appropriate setting.

To configure Maximum Batching on a function in the AWS Management Console, navigate to the function in the Lambda console. Create a new Trigger, or edit an existing once. Along with the Batch size you can configure a Batch window. The Trigger Configuration page is similar across the broker services.

Max batching trigger window

Max batching trigger window

You can also use the AWS CLI to configure the --maximum-batching-window-in-seconds parameter.

For example, with Amazon MQ:

aws lambda create-event-source-mapping --function-name my-function \
--maximum-batching-window-in-seconds 300 --batch-size 100 --starting-position AT_TIMESTAMP \
--event-source-arn arn:aws:mq:us-east-1:123456789012:broker:ExampleMQBroker:b-24cacbb4-b295-49b7-8543-7ce7ce9dfb98

You can use AWS CloudFormation to configure the parameter. The following example configures the MaximumBatchingWindowInSeconds as part of the AWS::Lambda::EventSourceMapping resource for Amazon MQ:

  LambdaFunctionEventSourceMapping:
    Type: AWS::Lambda::EventSourceMapping
    Properties:
      BatchSize: 10
      MaximumBatchingWindowInSeconds: 300
      Enabled: true
      Queues:
        - "MyQueue"
      EventSourceArn: !GetAtt MyBroker.Arn
      FunctionName: !GetAtt LambdaFunction.Arn
      SourceAccessConfigurations:
        - Type: BASIC_AUTH
          URI: !Ref secretARNParameter

You can also use AWS Serverless Application Model (AWS SAM) to configure the parameter as part of the Lambda function event source.

MQReceiverFunction:
      Type: AWS::Serverless::Function 
      Properties:
        FunctionName: MQReceiverFunction
        CodeUri: src/
        Handler: app.lambda_handler
        Runtime: python3.9
        Events:
          MQEvent:
            Type: MQ
            Properties:
              Broker: !Ref brokerARNParameter
              BatchSize: 10
              MaximumBatchingWindowInSeconds: 300
              Queues:
                - "workshop.queueC"
              SourceAccessConfigurations:
                - Type: BASIC_AUTH
                  URI: !Ref secretARNParameter

Error handling

If your function times out or returns an error for any of the messages in a batch, Lambda retries the whole batch until processing succeeds or the messages expire.

When a function encounters an unrecoverable error, the event source mapping is paused and the consumer stops processing records. Any other consumers can continue processing, provided that they do not encounter the same error.  If your Lambda event records exceed the allowed size limit of 6 MB, they can go unprocessed.

For Amazon MQ, you can redeliver messages when there’s a function error. You can configure dead-letter queues (DLQs) for both Apache ActiveMQ, and RabbitMQ. For RabbitMQ, you can set a per-message TTL to move failed messages to a DLQ.

Since the same event may be received more than once, functions should be designed to be idempotent. This means that receiving the same event multiple times does not change the result beyond the first time the event was received.

Conclusion

Lambda supports a number of event sources including message broker services like Amazon MQ and Amazon MSK. This post explains how batching works with the event sources and how messages are sent to the Lambda function.

Previously, you could only control the batch size. The new Batch Window control allows you to set the maximum amount of time, in seconds, that Lambda spends gathering records before invoking the function. This can increase the overall throughput of message processing and reduces Lambda invocations, which may improve cost.

For more serverless learning resources, visit Serverless Land.

Gain insights into your Amazon Kinesis Data Firehose delivery stream using Amazon CloudWatch

Post Syndicated from Alon Gendler original https://aws.amazon.com/blogs/big-data/gain-insights-into-your-amazon-kinesis-data-firehose-delivery-stream-using-amazon-cloudwatch/

The volume of data being generated globally is growing at an ever-increasing pace. Data is generated to support an increasing number of use cases, such as IoT, advertisement, gaming, security monitoring, machine learning (ML), and more. The growth of these use cases drives both volume and velocity of streaming data and requires companies to capture, processes, transform, analyze, and load the data into various data stores in near-real time.

Amazon Kinesis Data Firehose is the easiest way to reliably load streaming data into data lakes, data stores, and analytics services. As the volume of the data you stream into Kinesis Data Firehose grows, you should gain insights and monitor the health of your data ingestion, transformation, and delivery.

In this post, we review the capabilities of using Firehose delivery stream metrics and the Amazon CloudWatch dashboard located on your Kinesis Data Firehose console. These capabilities allow you to create alerts when, for example, if the destination you configured in Kinesis Data Firehose has missing privileges, misconfigurations, or other issues, then Firehose will be able to detect it for you and report it as a failure. Other errors that might also occur are if you configured data transformation using Lambda and your Lambda function invocation failed, or if you have reached the Kinesis Firehose quota limits associated with your AWS account. In these cases, the data delivery from Kinesis Data Firehose to its destination may delay or fail. The CloudWatch alerts described in this post should help identify such cases in a timely manner.

This post also covers the different proactive actions that you can take when alarms are being triggered, such as submitting a request to increase quota or adding exponential backoff to your data producers.

Monitoring the delivery streams and taking these actions makes sure that data is delivered to your destinations without interruptions, enabling your business to gain insights in near-real time.

Monitor data ingestion to Kinesis Data Firehose

You can deliver data from your data producers to Kinesis Data Firehose through Amazon Kinesis Data Streams (as described later in this post), using Kinesis Agent, or directly using the Kinesis Data Firehose API operations PutRecord and PutRecordBatch. When you use Kinesis Data Streams as a data source, Kinesis Data Firehose scales automatically as your Kinesis Data Stream scales. When using the API operations for direct ingestion, you need to check the quota limits associated with your AWS account to avoid API requests throttling. Depending on your data producer behavior, this throttling can cause your data producers to retry the operation, which results in a delay of the data delivery to your destination. This throttling can also result in data loss if your data producers don’t implement a retry mechanism.

To gain deeper insights into Firehose delivery stream usage, we provide additional CloudWatch metrics that help you monitor and proactively scale quota limits: ThrottledRecords, RecordsPerSecondLimit, BytesPerSecondLimit, and PutRequestsPerSecondLimit. You can use the CloudWatch metrics dashboard (on the Monitoring tab on your Kinesis Data Firehose console) to easily visualize current usage and the quota limits.

When ingesting data directly to your delivery stream using PutRecord or PutRecordBatch, you should monitor the ThrottledRecords metric. This metric represents the number of records that were actually throttled because data ingestion exceeded one of the delivery stream limits. Kinesis Data Firehose calculates the throttling rates during the ingestion at a 1-second granularity, but the data ingestion metrics we mentioned are aggregated and emitted to CloudWatch every 5 minutes. Because of that, you can get throttled within that 5-minute window even if the data ingestion metrics don’t show that you reached the limit.

To receive alerts before your data producers are actually throttled, you can use additional CloudWatch metrics to alert you when you’re about to reach one of the delivery stream limits. You can achieve this by using the CloudWatch metrics IncomingRecords, IncomingBytes, and IncomingPutRequests. To check the limits of these metrics, refer to Amazon Kinesis Data Firehose Quota.

You can use the following ingestion metrics and their corresponding limit metrics to create a CloudWatch alarm:

  • RecordsPerSecondLimit – The maximum number of records that can be ingested in a second (IncomingRecords)
  • BytesPerSecondLimit – The maximum volume of data that can be ingested in a second (IncomingBytes)
  • PutRequestsPerSecondLimit – The maximum number of successful PutRecord and PutRecordBatch API requests that can be performed in a second (IncomingPutRequests)

To set up an alarm that alerts you when your ingestion rates are close to a quota, you should look for a percentage relationship between the ingestion rate and its corresponding limit. Because Kinesis Data Firehose emits metrics to CloudWatch every 5 minutes, you need to divide your metric with the 5-minute aggregation period, expressed as seconds (300). For example, to generate an alert when the incoming records per second rate is breaching 80% of your API operations quota, your CloudWatch alarm should be defined as follows:

This gives you a way to proactively understand how close your ingestion rates are to your delivery stream limits, and the flexibility to modify the percentage levels based on your use case. To prevent a throttling bottleneck, you should separately monitor the three delivery stream ingestion rate metrics we discussed.

Define alerts using CloudWatch alarms

You can define CloudWatch alarms manually through the AWS Management Console or by using AWS CloudFormation. In this post we cover both methods, starting with the CloudFormation template.

The following template creates your CloudWatch alarms, which you can review and customize to suit your needs.

During the stack creation process, you provide the Firehose delivery stream name that you want to monitor, and the quota percentage where you want to be notified when it’s being breached, such as 80%. After the stack creation is successful, you have four CloudWatch alarms ready.

To create your CloudWatch alarms manually through the console, complete the following steps:

  1. On the Kinesis Data Firehose console, find your delivery stream.
  2. On the Monitoring tab, choose the more options icon of the metric you want to monitor (for this example, we monitor incoming records per second).
  3. On the options menu, choose View in metrics.

On the CloudWatch console, you can see a graph that represents your current API operations (blue line) and the quota limit (red line).

  1. To create an alarm, choose Math expression.
  2. Select Common and choose Percentage.
  3. For the metric name, enter Percentage of records per second quota.
  4. We use the metric expression 100*(e1/m2), which represents the formula 100*(BytesPerSecond/BytesPerSecondLimit) that was described earlier and reflects how close you are to your maximum in percentage.
  5. Change the expression of the metric e1 from METRICS("m1")/300 to m1/300.

You can also change the Y axis label.

  1. On the Graph options tab, under Left Y Axis, for Label, enter Percentage.
  2. Now that you have the expression to use for the alarm, deselect every other expression and metric on the page.

The only expression selected should be the one you just created. You should now see the desired percentage, as in the following screenshot.

Create a CloudWatch alarm

You have now created an expression on your IncomingRecords and RecordsPerSecond quota, which you can use as a base for the alarm. With this, you can configure the tolerance level that your business use case requires.

  1. Choose the alarm icon next to your expression.
  2. In the Specify metric and conditions section, choose to receive an alert when the alarms breach the 75% limit.
  3. In the Configure actions section, specify how to forward this alarm.

You can forward this alarm to your monitoring systems or to an email address through an Amazon Simple Notification Service (Amazon SNS) topic. For this post, we create a new SNS topic and subscribe [email protected] to it.

Actions you can take when approaching the limits

When you’re getting close to your limits, you can take several different actions, which we describe in this section.

Request a service quota increase

One action you can take when seeing an alert is to request an increase in quota using the Amazon Kinesis Data Firehose Limits form. The three quotas scale proportionally, for example, if you increase the throughput quota in US East (N. Virginia), US West (Oregon), or Europe (Ireland) from 5 MiB/second to 10 MiB/second, the other two quotas increase from 2,000 requests/second to 4,000 requests/second and from 500,000 records/second to 1 million records/second. For more information about the service quota limits by AWS Region, see Amazon Kinesis Data Firehose Quota.

Use the PutRecordBatch API

If you use the API call PutRecord to deliver events to a Firehose data stream and you’re reaching the request/second quota limit, consider using the PutRecordBatch API operation. PutRecordBatch writes multiple data records into a delivery stream in a single call to achieve higher throughput per producer than writing single records, and reduces the amount of requests per second to your delivery stream.

Implement exponential backoff

As we mentioned before, even when you’re monitoring your delivery stream, you can still have bursts in your data stream. This could be caused by sudden spikes in usage of your system or external events like high trading activity in financial markets. To protect the producers from multiple throttled records, you should implement an exponential backoff. Exponential backoff is a commonly used algorithm that you can use to decrease the rate of submitting records to Kinesis Data Firehose when being throttled, so that the producer can slowly retry in order to successfully send the records.

The following are the Kinesis Data Firehose API responses when records are throttled:

  • If you’re using the API operation PutRecord, the returned error from the service is ServiceUnavailableException with HTTP status code 500.
  • If you’re using PutRecordBatch, you should iterate through the RequestResponses array and look for individual PutRecordBatchResponseEntry with ErrorCode 500 and ErrorMessage ServiceUnavailableException. Also make sure to check the value of FailedPutCount in the response even when the API call succeeds.

In both cases, you should use exponential backoff and retry the operation. For more information about implementing exponential backoff, see Error retries and exponential backoff in AWS.

Use Kinesis Data Streams with Kinesis Data Firehose

Kinesis Data Streams is a massively scalable and durable real-time data streaming service. Your data producers can produce data directly to Kinesis Data Streams, and you can configure Kinesis Data Firehose to consume the data from Kinesis Data Streams and deliver it to your destination. When you use Kinesis Data Streams as the source for the Firehose delivery stream, the throughput limits mentioned before don’t apply. You don’t need to worry about throughput limits because Kinesis Data Firehose scales automatically to match the number of shards your Kinesis data stream has.

If you’re attaching a Firehose delivery stream as a consumer to your Kinesis data stream, and you have multiple consumer applications that read data from your Kinesis data stream such as AWS Lambda (see Using AWS Lambda with Amazon Kinesis), make sure that the total consumer applications aren’t breaching the shard’s 2 MB total read rate. This can cause the Kinesis data stream to throttle your consumer applications’ reading throughput, including Kinesis Data Firehose.

If more read capacity is required, some application consumers such as Lambda (see AWS Lambda supports Kinesis Data Streams Enhanced Fan-Out and HTTP/2 for faster streaming) or custom consumers that were developed with the Kinesis Consumer Library can support dedicated throughput from Kinesis Data Streams using enhanced fan-out, which currently isn’t supported by Kinesis Data Firehose. This feature provides these consumer applications isolated connection to the stream with 2 MB/second outbound throughput, so they don’t impact other consumer applications that are reading from the shards.

If you need more ingest capacity, you can easily scale up the number of shards in the stream using the console or the UpdateShardCount API.

Monitor data delivery of Kinesis Data Firehose

In case of network timeouts, missing privileges, or misconfigurations of your delivery stream such as incorrect destination configuration or AWS Key Management Service (AWS KMS) key ARN, the data delivery of your data from Kinesis Data Firehose to its destination may delay or fail. Errors might also occur if you configured data transformation using Lambda and your Lambda function invocation failed.

When Kinesis Data Firehose encounters delivery or processing errors, it retries until the configured retry duration expires. If the retry duration ends and the data hasn’t delivered successfully, Kinesis Data Firehose retains the data internally up to a maximum period of 24 hours. If the issue continues beyond the 24-hour maximum retention period, then Kinesis Data Firehose discards the data, resulting in a data loss.

When such data delivery issues persist, the data freshness metric, which is the age of the oldest record in Kinesis Data Firehose that hasn’t been delivered yet, constantly increases. To be alerted in such cases, you should create a CloudWatch alarm for when the data freshness metric exceeds the threshold of 4 hours. We also recommend setting an alarm to observe the historical p90 of the data freshness metric value. For example, set a certain tolerance level (such as 50% above the observed value) as an alarm threshold to detect data freshness variations.

You should monitor the data freshness metric that is relevant to your Kinesis Data Firehose destination, such as DeliveryToS3.DataFreshness, DeliveryToAmazonOpenSearchService.DataFreshness, DeliveryToSplunk.DataFreshness, or DeliveryToHttpEndpoint.DataFreshness. For more information, see Monitoring Kinesis Data Firehose Using CloudWatch Metrics.

If this alarm is triggered, you should take action to understand the root cause of the data freshness variation. A reason for such a variation could be a change in your Lambda transformation logic or configuration change of Lambda concurrency when using Kinesis Data Firehose data transformation. It could also be a result of change in the configuration parameters, format conversion schema, or ingested record type. For more information, see Data Freshness Metric Increasing or Not Emitted or you can submit a technical support request if needed.

When data delivery fails because of data transformation or an issue at the destination, in some cases you can find detailed failure logs in CloudWatch Logs, which can help you troubleshot the problem.

We also recommend monitoring the data delivery byte rate to your destination (for example, DeliveryToS3.Byte), which must match or exceed your data ingestion byte rate (IncomingBytes) on a sustained average basis to avoid increase of the data freshness metric and possible eventual data loss. If the observed delivery data rates are lower than the ingestion rates, consider tuning bottlenecks such as Lambda concurrency levels or your Lambda transformation logic if used with Kinesis Data Firehose data transformation.

To gain additional insights on the delivery of your data to its destination, we provide CloudWatch metrics you can monitor. For example, you can monitor the number of records delivered to keep track of data ingested into your destinations from Kinesis Data Firehose. For more information and additional metrics per destination, see Monitoring Kinesis Data Firehose Using CloudWatch Metrics.

Conclusion

In this post, we discussed the capabilities of using the Firehose delivery stream metrics and the CloudWatch dashboard located on your Kinesis Data Firehose console. This allows you to gain operational insights into the data ingestion and data delivery of your Firehose deliv­­ery stream, and also create CloudWatch alerts to be notified when one of your thresholds is breached. We also covered the different actions that you can take when these alarms are triggered, such as submitting a request to increase your quota or adding exponential backoff to your data producers.

Monitor your delivery streams and take these actions to make sure that your business data is delivered to your destinations without interruptions, enabling your business to gain insights in near-real time.

About the Author

Alon Gendler is a Startup Solutions Architect Manager at Amazon Web Services. He works with AWS customers to help them solve complex problems and architect secure, resilient, scalable and high performance applications in the cloud. Alon is passionate about Data and helping customers get the most out of it.

How to Download and Back Up YouTube Videos

Post Syndicated from Barry Kaufman original https://www.backblaze.com/blog/how-to-download-and-back-up-youtube-videos/

We like to think of our YouTube videos as being eternal, that somehow once we upload this little clip of our life, it will remain there safe in its URL forever.

The fact is, nothing lasts forever online except for those embarrassing pictures someone posted of you 10 years ago and the 1996 Space Jam website. Content is deleted every day, whether because a website shutters its operations or because the content gets caught up in the vagaries of copyright law. Your YouTube videos are no different.

If you’ve got a bunch of content living on YouTube and nowhere else, it’s time to download and back up your videos so you can control your content’s digital fate. In this post, learn how to download videos from YouTube and make sure they’re backed up safely.

How to Back Up Your Digital Life

Check out our series of guides to help you protect content across many different platforms—including social media, sync services, and more. This list is always a work in progress—please comment below if you’d like to see another platform covered.

Why Back Up Your YouTube Videos?

Aside from the simple fact that having a solid data backup plan can help you avoid the fallout from all manner of tragedies like hardware loss, theft, or damage, keeping your YouTube videos backed up protects you from the ups and downs of an ever-changing YouTube ecosystem. Google’s side project has a bit of a troubled history of deleting videos without the owner’s knowledge or consent. After all, when you have terms of service that border on labyrinthine, enforced by an algorithm to strip spam, fraud, hate speech, copyright infringement, and all manner of ickiness from 30,000 hours of video uploaded every hour, there are bound to be some casualties.

So how can you protect your precious memories from being dissolved in the digital ether? How can you ensure that your skillfully edited masterpiece doesn’t become a casualty of the algorithm? What if, let’s just say for example, you went up in a biplane one time and the camera on which you filmed this adventure has long been lost to the scrap heap of your junk drawer? What if a YouTube video is the only evidence you have of that time you forgot you had a cargo topper on your minivan and almost wrecked at the Mall of America? Hypothetically speaking?

The answer? Just as you upload the video to YouTube, it’s time to back it up both locally and in the cloud. And if you have a whole library of videos on YouTube, it’s time to download them so you can back those up, too.

A Short History of Downloading YouTube Content

There was a time not too long ago when downloading YouTube videos, even your own, meant delving into some of the darker corners of the internet. Often hosted on foreign servers to avoid Digital Millennium Copyright Act enforcement, these sites still exist. But now there’s a far easier native solution for downloading your content.

While they have done their level best to obscure this option, it’s right there for anyone to use. Just follow these simple steps below.

How to Download YouTube Videos

First, open the YouTube Creator Studio. YouTube Creator Studio is a terrific tool the site offers for managing your videos, customizing your channel, viewing analytics, and even monetizing your content. It’s also pretty well hidden, for reasons that aren’t immediately obvious.

To access YouTube Creator Studio on a desktop, click the hamburger menu at the top left of your screen and select “Your Videos.”

In this screenshot, my subscriptions have been blurred so you don’t judge me.

This will bring you to the content page of YouTube, with all of your cinematic achievements laid out before you. Select the video you want, click the kebab menu (the three vertical dots), and then select download. It’s just that easy!

If you’re curious, the video below the one I’m downloading is my dog riding an invisible bicycle.

You can also select multiple videos, click more actions, and download your videos.

Downloading Your Videos on Mobile

To download your videos on mobile, use your phone’s “phone” function to call up someone who has a desktop computer because YouTube Creator on mobile doesn’t let you download videos.

Backing Up Your Videos

Now that you’ve saved all of these videos from being potentially lost forever, how do you make sure they’re stored safely? By saving them locally, you haven’t really addressed the problem that they could be easily lost. Your computer and your external hard drives are, after all, probably more susceptible to data loss than YouTube is.

Which brings us to the 3-2-1 cloud backup strategy. Make sure to have three copies of your data on two different media (read: devices) with one stored off-site (typically in the cloud). Having two backups of your newly downloaded data on-site helps you recover quickly if you ever lose those videos you spent time capturing. And storing a copy in the cloud keeps one copy of your data geographically separated from the others in case of a major disaster like hardware loss, theft, or damage. But how you plan on using these videos will have an impact on which cloud storage method you pick.

If you want to keep copies of your YouTube archive locally, Backblaze Personal Backup is your best bet. It runs silently in the background of your computer. As soon as those YouTube videos hit your hard drive, it will automatically begin backing them up to the cloud, giving you a local copy and a copy on the cloud. If you create a second local copy on an external hard drive, you’re fully backed up and following a good 3-2-1 strategy.

If space is limited locally, and you don’t necessarily need the files on your own computer, Backblaze B2 Cloud Storage gives you plenty of space in the cloud to stash them until they’re needed. Say, when you have to prove to someone that you went up in a biplane that one time. Paired with local copies elsewhere, you could also use this method to achieve a 3-2-1 strategy without taking up a huge amount of space on your machine.

Do you have any techniques on how you download your data from YouTube or other social sites? Share them in the comments section below!

The post How to Download and Back Up YouTube Videos appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

[$] The kernel radar: folios, multi-generational LRU, and Rust

Post Syndicated from original https://lwn.net/Articles/881675/rss

The kernel community is a busy place, so it is not even remotely possible
to write full-length articles about everything that is going on. Other
topics may be of interest, but not require a longer treatment. The
answer is a collection of short topics covering developments that are on
the radar; the selection this time around includes folios, the
multi-generational LRU, and Rust in the kernel.

Security updates for Thursday

Post Syndicated from original https://lwn.net/Articles/881956/rss

Security updates have been issued by Debian (drupal7), Fedora (kernel, libreswan, nodejs, and wireshark), openSUSE (busybox, firefox, kernel, and python-numpy), Oracle (gegl, gegl04, httpd, java-17-openjdk, kernel, kernel-container, and libreswan), Red Hat (kernel, kernel-rt, and libreswan), Slackware (wpa_supplicant), SUSE (busybox, firefox, htmldoc, kernel, kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container, openstack-monasca-agent, spark, spark-kit, zookeeper, and python-numpy), and Ubuntu (curl, linux, linux-aws, linux-aws-5.11, linux-aws-5.4, linux-azure, linux-azure-5.11, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.11, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-kvm, linux-oem-5.10, linux-oem-5.13, linux-oem-5.14, linux-oracle, linux-oracle-5.11, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, openvswitch, and qtsvg-opensource-src).

Is the Internet of Things the Next Ransomware Target?

Post Syndicated from Deral Heiland original https://blog.rapid7.com/2022/01/20/is-the-internet-of-things-the-next-ransomware-target/

Is the Internet of Things the Next Ransomware Target?

Ransomware attacks over the last couple years have been traumatic, impacting nearly every business sector and costing billions of dollars. The targets have mostly been our data: steal it, encrypt it, and then charge us a fee to get it back.

Over the last several years, there’s been concern across the security community about the risks related to the Internet of Things (IoT) being impacted by ransomware. For the most part, this has not occurred — although I wouldn’t be surprised if IoT has played a role as the entry point that malicious actors have used, on occasion, to gain access to plant their ransomware on critical systems. Also, we do know of examples where IoT technologies, such as those used within medical and industrial control environments, were impacted during ransomware attacks through key components of their ecosystem involving standard Windows server and desktop solutions.

IoT ransomware risk and its implications

So, what would it take for IoT to be the target of ransomware? First, the IoT being attacked would need to be a large deployment with significant importance in its functions and capabilities. The attack would also need to be disruptive enough that an organization would be willing to pay.  

Personally, I’m not confident such an environment exists, at least as it would apply to the average organization. But let’s step back and look at this from the perspective of the vendor who remotely manages, controls, and updates their products over the Internet. For example, imagine what would happen if a malicious actor successfully breached an automotive organization with smart-capable cars — could they shut down every car and lock the company and owner out of fixing them?

If we apply that train of thought across the board for all IoT deployed out there, it becomes very concerning. What if we shut down every multifunction printer by a major manufacturer, home thermostat, building HVAC, or building lighting solution? What happens if the target is a smart city and traffic lights are impacted? We could go on all day talking about the impact from smart city breaches or attacks against small deployed IoT solutions from major brands with global footprints.

Building a threat model

So, are there steps we can take to head off such an event? The answer is yes. I believe IoT vendors and solution owners could best accomplish this by identifying the potential attack vector and risk through threat modeling.

As part of building out a threat model, the first step would be to identify and map out a complete conceptual structure of the IoT system that could be potentially targeted. In the case of IoT technology, this should consist of all components of the system ecosystem that make the solution function as intended, which would include:

  • Embedded hardware system actuators, sensors, and gateways
  • Management and control applications, such as mobile and cloud services, as well as thick clients on servers, desktops, and laptops systems
  • Communication infrastructure used for data and operational controls including Ethernet, Wi-Fi, and other radio frequency (RF)

Any component or subcomponent of this ecosystem is at potential risk for being targeted. Mapping out this information gives us the ability to better understand and consider the potential points of attack that a malicious actor could use to deliver or execute a ransomware style attack against IoT.

In the second step of this threat modeling process, we need to understand the possible goals of a malicious actor who would be targeting an IoT ecosystem, who they may be, and what their end game and potential methods of attack would look like. The threat actors would likely look very similar to any malicious actor or group that carries out ransomware attacks. I think the big difference would be how they would approach attacking IoT ecosystems.

This is the phase where creative thinking plays a big role, and having the right people involved can make all the difference. This means having people on the threat modeling team who can take an attacker mindset and apply that thinking against the IoT ecosystems to map out as many potential attack vectors as possible.

Mapping out the threat and response

The third step in the threat modeling process is building a list of threats we would expect to be used against the above IoT ecosystems. One example, which is also common with typical ransomware attacks, is locking. By locking a component of the IoT solutions ecosystem, a malicious actor could prevent the IoT ecosystem from properly functioning or communicating with other key components, completely taking the technology out of service or preventing it from functioning as intended.

In the final part, we take the detailed information we’ve put together and map out specific attack scenarios with the greatest chance of success. Each scenario should define the various components of the IoT ecosystem potentially at risk, along with the perceived attacker motives, methods, and threats that can lead to the attacker being successful. Once you’ve mapped out these various scenarios in detail, you can use them to define and implement specific controls to mitigate or reduce the probability of success for those attack scenarios.

Using these threat modeling methods will help IoT solution vendors and the organizations that use their products identify and mitigate the risk and impact of ransomware attacks against IoT solutions before they happen.

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.

San Francisco Police Illegally Spying on Protesters

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2022/01/san-francisco-police-illegally-spying-on-protesters.html

Last summer, the San Francisco police illegally used surveillance cameras at the George Floyd protests. The EFF is suing the police:

This surveillance invaded the privacy of protesters, targeted people of color, and chills and deters participation and organizing for future protests. The SFPD also violated San Francisco’s new Surveillance Technology Ordinance. It prohibits city agencies like the SFPD from acquiring, borrowing, or using surveillance technology, without prior approval from the city’s Board of Supervisors, following an open process that includes public participation. Here, the SFPD went through no such process before spying on protesters with this network of surveillance cameras.

It’s feels like a pretty easy case. There’s a law, and the SF police didn’t follow it.

Tech billionaire Chris Larsen is on the side of the police. He thinks that the surveillance is a good thing, and wrote an op-ed defending it.

I wouldn’t be writing about this at all except that Chris is a board member of EPIC, and used his EPIC affiliation in the op-ed to bolster his own credentials. (Bizarrely, he linked to an EPIC page that directly contradicts his position.) In his op-ed, he mischaracterized the EFF’s actions and the facts of the lawsuit. It’s a mess.

The plaintiffs in the lawsuit wrote a good rebuttal to Larsen’s piece. And this week, EPIC published what is effectively its own rebuttal:

One of the fundamental principles that underlies EPIC’s work (and the work of many other groups) on surveillance oversight is that individuals should have the power to decide whether surveillance tools are used in their communities and to impose limits on their use. We have fought for years to shed light on the development, procurement, and deployment of such technologies and have worked to ensure that they are subject to independent oversight through hearings, legal challenges, petitions, and other public forums. The CCOPS model, which was developed by ACLU affiliates and other coalition partners in California and implemented through the San Francisco ordinance, is a powerful mechanism to enable public oversight of dangerous surveillance tools. The access, retention, and use policies put in place by the neighborhood business associations operating these networks provide necessary, but not sufficient, protections against abuse. Strict oversight is essential to promote both privacy and community safety, which includes freedom from arbitrary police action and the freedom to assemble.

So far, EPIC has not done anything about Larsen still being on its board. (Others have criticized them for keeping him on.) I don’t know if I have an opinion on this. Larsen has done good work on financial privacy regulations, which is a good thing. But he seems to be funding all these surveillance cameras in San Francisco, which is really bad.

The AI4K12 project: Big ideas for AI education

Post Syndicated from Sue Sentance original https://www.raspberrypi.org/blog/ai-education-ai4k12-big-ideas-ai-thinking/

What is AI thinking? What concepts should we introduce to young people related to AI, including machine learning (ML), and data science? Should we teach with a glass-box or an opaque-box approach? These are the questions we’ve been grappling with since we started our online research seminar series on AI education at the Raspberry Pi Foundation, co-hosted with The Alan Turing Institute.

  • Dave Touretzky.
    Dave Touretzky
  • Fred Martin.
    Fred G. Martin

Over the past few months, we’d already heard from researchers from the UK, Germany, and Finland. This month we virtually travelled to the USA, to hear from Prof. Dave Touretzky (Carnegie Mellon University) and Prof. Fred G. Martin (University of Massachusetts Lowell), who have pioneered the influential AI4K12 project together with their colleagues Deborah Seehorn and Christina Gardner-McLure.

The AI4K12 project

The AI4K12 project focuses on teaching AI in K-12 in the US. The AI4K12 team have aligned their vision for AI education to the CSTA standards for computer science education. These Standards, published in 2017, describe what should be taught in US schools across the discipline of computer science, but they say very little about AI. This was the stimulus for starting the AI4K12 initiative in 2018. A number of members of the AI4K12 working group are practitioners in the classroom who’ve made a huge contribution in taking this project from ideas into the classroom.

Dave Touretzky presents the five big ideas of the AI4K12 project at our online research seminar.
Dave gave us an overview of the AI4K12 project (click to enlarge)

The project has a number of goals. One is to develop a curated resource directory for K-12 teachers, and another to create a community of K-12 resource developers. On the AI4K12.org website, you can find links to many resources and sign up for their mailing list. I’ve been subscribed to this list for a while now, and fascinating discussions and resources have been shared. 

Five Big Ideas of AI4K12

If you’ve heard of AI4K12 before, it’s probably because of the Five Big Ideas the team has set out to encompass the AI field from the perspective of school-aged children. These ideas are: 

  1. Perception — the idea that computers perceive the world through sensing
  2. Representation and reasoning — the idea that agents maintain representations of the world and use them for reasoning
  3. Learning — the idea that computers can learn from data
  4. Natural interaction — the idea that intelligent agents require many types of knowledge to interact naturally with humans
  5. Societal impact — the idea that artificial intelligence can impact society in both positive and negative ways

Sometimes we hear concerns that resources being developed to teach AI concepts to young people are narrowly focused on machine learning, particularly supervised learning for classification. It’s clear from the AI4K12 Five Big Ideas that the team’s definition of the AI field encompasses much more than one area of ML. Despite being developed for a US audience, I believe the description laid out in these five ideas is immensely useful to all educators, researchers, and policymakers around the world who are interested in AI education.

Fred Martin presents one of the five big ideas of the AI4K12 project at our online research seminar.
Fred explained how ‘representation and reasoning’ is a big idea in the AI field (click to enlarge)

During the seminar, Dave and Fred shared some great practical examples. Fred explained how the big ideas translate into learning outcomes at each of the four age groups (ages 5–8, 9–11, 12–14, 15–18). You can find out more about their examples in their presentation slides or the seminar recording (see below). 

I was struck by how much the AI4K12 team has thought about progression — what you learn when, and in which sequence — which we do really need to understand well before we can start to teach AI in any formal way. For example, looking at how we might teach visual perception to young people, children might start when very young by using a tool such as Teachable Machine to understand that they can teach a computer to recognise what they want it to see, then move on to building an application using Scratch plugins or Calypso, and then to learning the different levels of visual structure and understanding the abstraction pipeline — the hierarchy of increasingly abstract things. Talking about visual perception, Fred used the example of self-driving cars and how they represent images.

A diagram of the levels of visual structure.
Fred used this slide to describe how young people might learn abstracted elements of visual structure

AI education with an age-appropriate, glass-box approach

Dave and Fred support teaching AI to children using a glass-box approach. By ‘glass-box approach’ we mean that we should give students information about how AI systems work, and show the inner workings, so to speak. The opposite would be a ‘opaque-box approach’, by which we mean showing students an AI system’s inputs and the outputs only to demonstrate what AI is capable of, without trying to teach any technical detail.

AI4K12 advice for educators supporting K-12 students: 1. Use transparent AI demonstrations. 2. Help students build mental models. 3. Encourage students to build AI applications.
AI4K12 teacher guidelines for AI education

Our speakers are keen for learners to understand, at an age-appropriate level, what is going on “inside” an AI system, not just what the system can do. They believe it’s important for young people to build mental models of how AI systems work, and that when the young people get older, they should be able to use their increasing knowledge and skills to develop their own AI applications. This aligns with the views of some of our previous seminar speakers, including Finnish researchers Matti Tedre and Henriikka Vartiainen, who presented at our seminar series in November

What is AI thinking?

Dave addressed the question of what AI thinking looks like in school. His approach was to start with computational thinking (he used the example of the Barefoot project’s description of computational thinking as a starting point) and describe AI thinking as an extension that includes the following skills:

  • Perception 
  • Reasoning
  • Representation
  • Machine learning
  • Language understanding
  • Autonomous robots

Dave described AI thinking as furthering the ideas of abstraction and algorithmic thinking commonly associated with computational thinking, stating that in the case of AI, computation actually is thinking. My own view is that to fully define AI thinking, we need to dig a bit deeper into, for example, what is involved in developing an understanding of perception and representation.

An image demonstrating that AI systems for object recognition may not distinguish between a real banana on a desk and the photo of a banana on a laptop screen.
Image: Max Gruber / Better Images of AI / Ceci n’est pas une banane / CC-BY 4.0

Thinking back to Matti Tedre and Henriikka Vartainen’s description of CT 2.0, which focuses only on the ‘Learning’ aspect of the AI4K12 Five Big Ideas, and on the distinct ways of thinking underlying data-driven programming and traditional programming, we can see some differences between how the two groups of researchers describe the thinking skills young people need in order to understand and develop AI systems. Tedre and Vartainen are working on a more finely granular description of ML thinking, which has the potential to impact the way we teach ML in school.

There is also another description of AI thinking. Back in 2020, Juan David Rodríguez García presented his system LearningML at one of our seminars. Juan David drew on a paper by Brummelen, Shen, and Patton, who extended Brennan and Resnick’s CT framework of concepts, practices, and perspectives, to include concepts such as classification, prediction, and generation, together with practices such as training, validating, and testing.

What I take from this is that there is much still to research and discuss in this area! It’s a real privilege to be able to hear from experts in the field and compare and contrast different standpoints and views.

Resources for AI education

The AI4K12 project has already made a massive contribution to the field of AI education, and we were delighted to hear that Dave, Fred, and their colleagues have just been awarded the AAAI/EAAI Outstanding Educator Award for 2022 for AI4K12.org. An amazing achievement! Particularly useful about this website is that it links to many resources, and that the Five Big Ideas give a framework for these resources.

Through our seminars series, we are developing our own list of AI education resources shared by seminar speakers or attendees, or developed by us. Please do take a look.

Join our next seminar

Through these seminars, we’re learning a lot about AI education and what it might look like in school, and we’re having great discussions during the Q&A section.

On Tues 1 February at 17:00–18:30 GMT, we’ll hear from Tara Chklovski, who will talk about AI education in the context of the Sustainable Development Goals. To participate, click the button below to sign up, and we will send you information about joining. I really hope you’ll be there for this seminar!

I want to join the next seminar

The schedule of our upcoming seminars is online. You can also (re)visit past seminars and recordings on the blog.

The post The AI4K12 project: Big ideas for AI education appeared first on Raspberry Pi.

Въстаник в първия мандат, властник – във втория

Post Syndicated from Емилия Милчева original https://toest.bg/vustanik-v-purviya-mandat-vlastnik-vuv-vtoriya/

Президентът Румен Радев официално встъпи във втория си мандат – във времена на „каскада от кризи“, но и на доминантната роля, която той си извоюва в политиката и управлението от близо година насам.

Какво да очакваме?

Съдейки по речта му пред депутатите от 47-мия парламент, основна задача ще бъде конституционната реформа. Но обещаният президентски проект за такава реформа все още е строго секретен и не напуска пределите на „Дондуков“ 2, независимо от ноемврийските уверения на Радев, че наближава времето да го внесе. Време е – говори за него още от края на 2019 г. при управлението на третото правителство на ГЕРБ и Бойко Борисов…

Ще има ли проектът на президента съгласуване (непублично и неофициално) с намеренията на настоящото управляващо мнозинство за съдебна реформа, която не се изчерпва само с реформа на прокуратурата? Моментът е удачен – създателите на „Продължаваме промяната“, стожера в четворната коалиция, дължат нему втурването си в политиката, а три от политическите сили в тази коалиция публично го подкрепиха за втори мандат. Така че не би имало спънки с помощта на управляващите Радев да се опита да реализира конституционни промени и така да довърши започнатото през лятото на 2020 г. – демафиотизация на властта.

В речта си Румен Радев не спомена за своя проект, но от нея се разбра, че държи на възможността за индивидуална конституционна жалба, предвидена в него. За такава бе постигнато съгласие и на преговорите за коалиционно споразумение между четирите политически сили „Продължаваме промяната“, „Демократична България“, „Има такъв народ“ и БСП. За възможността гражданите да могат да сезират Конституционния съд се говори и спори от години – дали да се предвиди само за закон, който нарушава правата, или и за всеки публичен акт; в кои случаи да е допустима – когато са изчерпани или не са изчерпани предвидените съдебни производства за защита, и др. ДБ я предложи по време на преговорите в сектор „Правосъдие“.

В речта си пред парламента Радев говори и за друга промяна, за която също е повдигал от по-рано въпрос – конституционно гарантиране на финансовата децентрализация на общините. От години Националното сдружение на общините в България настоява за такава възможност. Това няма да се приеме еднозначно от политическите сили, които не постигнаха съгласие по темата и на преговорите за коалиционно споразумение. Тогава от ДБ предложиха 2% от настоящите 10% данък върху доходите на физическите лица да отиват в съответната община, а на следващ етап да се превърнат в местен данък, който всяка община сама да определя. Останалите обаче се възпротивиха, макар по принцип да се съгласиха с идеята за по-голяма финансова самостоятелност на местните власти.

Изглежда сякаш екипът на Радев е заложил по-големи президентски правомощия, за които и президентът сам е повдигал темата. Но вчера премиерът Кирил Петков отхвърли подобни спекулации с изявлението си, че „Конституцията ще бъде голяма тема в следващите месеци, но не и за това да станем президентска република, а в частта за главния прокурор“.

Големият въпрос, който неизменно се задава в такива случаи, е как ще се събере конституционно мнозинство от 160 гласа, след като настоящата власт разполага със 134 народни представители. Но това е тема в развитие.

Та, президент или управляващи ще стартират конституционните промени?

Или преди това ще се случат други процеси? Докато се чака отговорът на загадката, правосъдната министърка Надежда Йорданова, излъчена от „Демократична България“, вече се е нагърбила с първата фаза – трансформацията на КПКОНПИ. За ДБ съдебната реформа е знаме и кауза много преди президентът да я прегърне.

А може би държавният глава просто не иска да рискува, като внесе проект, който няма да успее, и така да си причини репутационни щети. Във втория си мандат той особено ще внимава за това. След последната година на политически победи ще му е трудно да остане в този така симпатичен образ на поборник при настоящото управление, с което са единомишленици и съратници. Ако иска да критикува, не може да вдига юмрук, а само да помаха с пръст – или може би просто да повдигне вежда…

Управляващите, както е известно, рядко се ползват с всенародна любов. Така че въпросът не е дали, а кога най-рейтинговият политик Румен Радев и правителството, ръководено от също така рейтингов и харизматичен политик като Кирил Петков, ще охладнеят един към друг. При други обстоятелства би могло и да е догодина, но при толкова кризи вероятно ще е още тази. А кризите са свързани с едни други теми от речта на президента –

за сигурността и за Северна Македония.

„Гласът на България трябва да отеква силно в дебата за бъдещето на Европа, за нейната стратегическа автономност и сигурност.“ На пръв поглед в това изречение на Радев няма нищо забележително – открай време политиците се упражняват по темата за активността на България. Но в коя област президентът разглежда стратегическата автономност на ЕС – в икономиката или в сигурността и отбраната? Изглежда, че е втората. Европейската отбранителна автономия е в проект, а от 30-те страни в НАТО повече от половината са членове на ЕС. Известно е, че без одобрението на САЩ, а и без изясняване на неговата корелация по отношение на НАТО, един такъв проект не би бил осъществим.

Какво означава Европейска стратегическа автономия? В публикация за Politico бившата външна министърка на Испания Аранча Гонсалес я обяснява така: „Европа да има повече способност да прави сама изборите си, съответстващи на интересите и ценностите ѝ, независимо какво правят останалите.“ Включително и за да намали уязвимостта си от външни шокове. В интервю от септември м.г. пред същото издание председателят на Европейския съвет Шарл Мишел отбелязва, че трагичната ситуация в Афганистан „трябва да подтикне нас, европейците, да се погледнем в огледалото и да се запитаме как можем да имаме по-голямо влияние в геополитическата сфера в бъдеще, отколкото днес“.

Но дали Европа може сама да се погрижи за отбраната си и дали фискалните правила на общността ще се променят – това са предизвикателства пред идеята за автономия, за която не е ясно какво мисли българският президент. Като че ли позитивно. Какво смята управляващата коалиция? Отворен въпрос.

За разлика от тази, по друга тема няма двусмислие или неяснота в позицията на Радев – става въпрос за Северна Македония и бе даден знак към кабинета и премиера:

Предложеният от правителството многопистов подход в отношенията с нашите съседи има потенциал да динамизира диалога, да укрепи доверието, и трябва да бъде подкрепен. Той обаче не бива да оставя на заден план проблемите, свързани с правата на нашите сънародници и общото историческо и културно минало.

Ще потвърдя своята позиция като президент на всички българи, че равноправието на македонските българи, много от които са и български граждани, трябва да бъде гарантирано чрез вписването им в Конституцията на страната наравно с другите части от народи. Този акт, редом с приемането на надеждни механизми за изкореняване езика на омразата и опазване на българското културно-историческо наследство, следва да бъде предварително условие за нашето съгласие за начало на преговорите за членство.

И тук следва една критика към правителството, свързана най-вероятно с направените тази седмица заявки за въздушна линия София–Скопие по време на визитата на делегацията, водена от премиера Кирил Петков в Северна Македония, както и относно коридор №8 като цяло:

Убеден съм, че икономизацията на външната политика, за която работих активно, може да даде много по-добри резултати, ако постигнем по-ефективна координация между институциите и преодолеем липсата на проектна готовност във важни инвестиционни направления.

Няма съмнение, че президентът е ядосан от подхода на Петков и от визитата му в Скопие тази седмица. Северна Македония може да ги раздалечи, а може да стане и по-сериозно препятствие в отношенията между институциите, разделени само от площад „Независимост“. Дистанцирането би било полезно и за двете страни – правителството веднъж завинаги ще се отърве от чувството на синовен дълг и признателност към президента, а президентът ще може отново да е „надпартиен“.

В речта на президента се открива и един начален флирт с Българската православна църква (и традиционните вероизповедания), на които Радев обещава подкрепа и в бъдеще. Досега това беше патент на Бойко Борисов, който обикаляше църкви и манастири, целуваше ръце и кръстове и се кълнеше в Началника Бог. Патриарх Неофит за втори път лично отслужи молебен и благослови Радев за успешен втори мандат като държавен глава. А днес президентът дори участва в тържествената церемония за първа копка на новостроящия се православен храм „Св. Патриарх Евтимий Търновски“ в столичния квартал Люлин.

Останалото е захарен памук. 

Например:

Мой дълг като държавен глава е да връщам дневния ред към дългосрочните цели на нацията, далеч отвъд хоризонта на политическите мандати: овладяването на демографската криза; справянето с бедността и неравенствата; повишаването на стандарта и качеството на живот; духовното развитие; гарантирането на суверенитета и сигурността; отстояването на националните интереси и достойнство; утвърждаването на позитивния образ на страната ни навън.

Нищо от това не се е случило през изминалите години, а описаното като „дългосрочни цели на нацията“ всъщност е работа на политиците и функция от техните решения. Дали Радев може да отговори как вижда „духовното развитие“ като цел? Отделно някой трябва да забрани на президентите да използват веднъж завинаги „овладяването на демографската криза“. Освен ако не бъдат изобретени инкубатори за българи.

Заглавна снимка: Президентът Румен Радев изнася реч пред Народното събрание при тържественото полагане на клетва за втория си мандат. Стопкадър от видеозапис на БТА

Източник

Кой е българският национален интерес?

Post Syndicated from Светла Енчева original https://toest.bg/koy-e-bulgarskiyat-natsionalen-interes/

На 18 януари премиерът Кирил Петков отиде на официално посещение в Северна Македония. Така той стана един от първите чуждестранни лидери, установили контакт с новия премиер на страната Димитър Ковачевски. И макар опитът му за стопяване на ледовете между България и югозападната ѝ съседка да бяха „попарени“ от Консултативния съвет за национална сигурност начело с президента Румен Радев, Петков всячески се старае да демонстрира промяна на тона на България.

Без експлицитна връзка с визитата на Петков в Македония, само ден преди нея БНБ пусна монета с лика на Гоце Делчев – личност, която и България, и Македония смятат за „своя“, а за македонците статутът на Гоце Делчев е подобен на този на Васил Левски у нас. Поводът е 150 години от рождението му, което впрочем е на 4 февруари (23 януари по стар стил). Пред БНБ се изви дълга опашка от хора, желаещи да се сдобият с монетата, издадена в 3000 броя.

Когато става дума за отношенията между България и Македония, неизбежно си припомням една история.

„И какво сега? Вашият университет се казва „Климент Охридски“, а нашият – „Кирил и Методий“, иронично отбелязва македонски професор по социология. Годината е 2005-та, а ние сме в Загреб, по чиито улици се виждат възпоменателни табла за жертвите на войната с Югославия. Постепенно разговорът ни навлиза в академична плоскост. Всеки говори на своя език – нали уж ни е общ. Когато стигаме до философията на Имануел Кант, в един момент преставам да разбирам какво казва македонският професор. Разрешаваме проблема, като продължаваме дискусията на английски. На този чужд и за двама ни език се разбираме безпроблемно. След тази случка никой не е в състояние да ме убеди, че няма македонски език.

Петнайсет години по-късно България вече е част от Европейския съюз и в това си качество е наложила вето върху членството на Северна Македония в него.

Причините страната ни да не желае югозападната ни съседка да стане част от ЕС са многообразни, а акцентите в тях – променливи.

Широко разпространено в България например е схващането, че македонският език е изкуствено създаден и е просто диалектна разновидност на българския с внесени в нея сръбски елементи. Затова и телевизиите рядко превеждат от македонски, оставяйки зрителите да се мъчат да схванат смисъла на казаното. В меморандума от 2020 г. страната ни дори поставя условие езикът да се нарича не македонски, а „официален език на Република Северна Македония“.

Същото се твърди и за самата македонска нация – че македонците всъщност са българи, коварно поставени под сръбско влияние с помощта на Съветския съюз. България иска Северна Македония да приеме, че историята на двете страни до 1944 г. е обща. И не приема компромисния вариант, предложен от съседите, че историята не е точно обща, но е споделена. А за каква идентичност може да става дума, ако нямате право на история?

Напоследък обаче страната ни не приема обвинението на съседите, че поставяме под въпрос езика и идентичността им. А реториката на премиера Кирил Петков внушава, че такъв проблем изобщо няма. Междувременно „опорните“ точки у нас вече са станали други – против „езика на омразата“ в Северна Македония, защита на правата на българското малцинство там и вписването му в македонската Конституция.

Нека разгледаме тези „опорни точки“.

Още в първия абзац на основния закон на Северна Македония се признава съществуването на „албанците, турците, власите, ромите и другите националности, които живеят в Република Македония“. Българите не са включени в това изброяване, но пък и то не е изчерпателно.

Колко всъщност са българите в Северна Македония, е въпрос, на който е трудно да се отговори. Според официалните данни от преброяването през далечната 2002 година като българи са се самоопределили едва 1417 души. След влизането на страната ни в ЕС десетки хиляди македонци кандидатстват за българско гражданство, защото по този начин могат по-лесно да пътуват и работят на Запад. Според евродепутата от ГЕРБ Андрей Ковачев към февруари 2021 г. македонците с български паспорти са над 140 000 души.

Етнически българи ли са тези хора? Формално – да, защото, за да получат българско гражданство, те са декларирали български етнически произход. Въпреки че за някои от тях тази процедура е била унизителна, никой не ги е карал насила. Така някой би могъл да си помисли, че като не допуска Северна Македония в ЕС, България си „отглежда“ свое малцинство там.

Как стои въпросът с македонците в България?

За разлика от Конституцията на Северна Македония, българската определя страната ни като единна в национално отношение държава. В нея не се допускат не само различни националности, но и етнически малцинства. Макар да е добре известно, че в България има компактни етнически малцинства.

Впрочем има определена историческа логика конституциите и на двете страни да се различават в отношението си към малцинствата. На фона на кървавия разпад на Югославия Македония има потребност да се предпази от сепаратистки тенденции. Затова е склонна да предостави множество права на малцинствата на територията си, особено на етническите албанци.

В България в началото на 90-те са още пресни спомените от т.нар. Възродителен процес и от насажданите внушения, че българските турци могат да поискат населяваните от тях райони да преминат към Турция. Три десетилетия по-късно следва да е ясно, че нито някой иска да „къса парчета“ от българската територия, нито малцинствата престават да съществуват, ако са официално непризнати. Конституцията ни обаче си остава същата.

А колко са македонците у нас, не знаем, защото отказваме не само да ги признаем, а дори да ги броим.

Според преброяването от 2001 г. самоопределящите се като македонци са 5071 души. Преди преброяването през 2011 г. обаче ВМРО инспирира скандал, който доведе до оставка на тогавашната директорка на НСИ Мариана Коцева и до промяна на анкетната карта на преброяването. Повод за възмущението на националистите беше, че въпросникът за преброяване дава свобода човек да се определи като българомохамеданин, македонец, гагауз, влах или африканец. И въпреки че у нас действително има представители на всички изброени общности, останаха само следните опции за етническа група – „българска“, „турска“, „ромска“, „друга“ (тук може да се уточни конкретният етнос, но това не влиза в общата статистика) и „не се самоопределям“.

Резултатът от отнемането на възможността за самоопределение може да се окачестви като провал на преброяването. Ако през 2001 г. по-малко от 25 000 души не са отговорили на въпроса за етническата си принадлежност, през 2011 г. броят им нараства до 683 590, или 9,28% от населението на страната. Само в област Смолян (където през 2001 г. впрочем няма нито един македонец) делът на неотговорилите е близо 22%. След като излязат резултатите от последното преброяване, пак няма да знаем колко са македонците в България, защото отново няма да сме ги преброили.

В какво се състои „езикът на омразата“ в Северна Македония по отношение на България?

За разлика от вторачването в историята, борбата с езика на омразата изглежда европейски и е адекватна на съвременността. България говори на институциите на ЕС на техния език защо е против членството на Северна Македония. Какво обаче се разбира под „език на омразата“ в случая?

Не може да се отрече, че в съседката ни има прояви на национализъм, враждебно отношение към България, посегателства върху паметници, свързани със страната ни, макар тези прояви да не са израз на официалната политика на страната. „Болката“ по отношение на „словото на омразата“ обаче е най-вече спрямо наричането на България „фашистки окупатор“. Това е във връзка с периода 1941–1944 г., когато страната ни, в качеството си на съюзник на Хитлерова Германия, окупира и анексира територията на Вардарска Македония, Пирот и Беломорието. Спасявайки „нашите си“ евреи, българските власти пращат в лагерите на смъртта 11 343 евреи от новоприсъединените територии, 7132 от които са от Вардарска Македония, освен това отнемат жилищата и цялото им имущество.

Този факт, разбира се, не е основание 80 години по-късно българите да продължават да бъдат наричани фашисти – по същия начин, както съвременните германци не могат да бъдат наричани националсоциалисти заради престъпленията на Хитлеровия режим. За разлика от Германия обаче, България не е поела историческата си отговорност. Германия не възразява периодът на националсоциализма да се изучава в училищата на всяка страна, дори напротив. А България изисква от Северна Македония да промени представянето на този период в учебниците си по история.

Независимо с какви аргументи се прави, недопускането на Северна Македония в ЕС се представя като „защита на българския национален интерес“.

Ала какъв е той? Говорещите за „български национален интерес“ обикновено представят България като държава, която трябва с гордост да отстоява собственото си достойнство срещу по-силните – ЕС, НАТО, САЩ, международни институции. Такава представа за национален интерес обаче е в интерес най-вече на… Русия, която се опитва да отслаби ЕС и да попречи на разширяването му, за да запази собственото си влияние сред страните от бившия Източен блок.

Едва ли е в интерес на българската национална сигурност македонски граждани да се сдобиват с български паспорти единствено с цел да могат да пътуват свободно. Това са хора, които нямат връзка със страната ни, но ако някой от тях извърши престъпление в чужбина, то ще се „пише“ на нашата „сметка“. В интерес на българите е да могат да пътуват във възможно повече от съседните страни, без да плащат роуминг, да поръчват стоки от тях, които не се облагат със скъпи мита, да няма политическо напрежение със съседите.

След визитата на Кирил Петков в Северна Македония

двете страни са поели ангажимент за самолетна линия между София и Скопие, която да тръгне до два месеца. Това не е особен дипломатически пробив (и няма как да бъде, понеже след Консултативния съвет Петков не разполага с особена свобода), но е добро символно начало. По-сериозен дипломатически пробив е решението България да приеме Северна Македония да се нарича само така, без „Република“ отпред, с което отпада още едно от многобройните условия на страната ни.

Още преди срещата Кирил Петков беше обявил идеята си за тематични междуправителствени работни групи. Тази идея може да изглежда куха, но да не забравяме, че посредством работни групи Петков успя да се справи с почти невъзможната задача за сформиране на коалиционно правителство между четири политически субекта в – меко казано – сложни отношения помежду си. Така че не е изключено и този път да има полза от групите. Особено ако в тази по историческите въпроси влязат експерти като Стефан Дечев и Румен Аврамов, а не агенти на ДС като Георги Марков (историка), които биха предпочели и България, и Македония да са под влиянието на Русия.

И двете страни си имат „трески за дялане“.

България е първата страна, признала независимостта на Северна Македония. Иронично, тя е и последната, която стои на пътя ѝ към членство в ЕС.

Ако търсим вината единствено у другия, това може да продължава вечно. Да, югозападната ни съседка, особено преди години, се характеризираше с мегаломански изблици, типични впрочем за една новосъздадена държава. (И все пак паметникът на Александър Македонски беше демонтиран от летището в Скопие преди три години, а този на Орфей на софийското летище си стои.)

В стремежа да утвърдят националната си идентичност македонците имат нужда от герои и врагове. Както впрочем и ние. България реагира на тези прояви на Северна Македония като тийнейджър, който приема твърде на сериозно детинщините на по-малкото си братче или сестриче. И иска на всяка цена то „да си получи заслуженото“. Нека си припомним какво казват родителите в такива случаи: по-умният отстъпва първи.

Заглавна снимка: © Правителството на РСМ / Flickr

Източник

Biometric authentication – Why do we need it?

Post Syndicated from Grab Tech original https://engineering.grab.com/biometrics-authentication

In recent years, Identity and Access Management has gained importance within technology industries as attackers continue to target large corporations in order to gain access to private data and services. To address this issue, the Grab Identity team has been using a 6-digit PIN to authenticate a user during a sensitive transaction such as accessing a GrabPay Wallet. We also use SMS one-time passwords (OTPs) to log a user into the application.

We look at existing mechanisms that Grab uses to authenticate its users and how biometric authentication helps strengthen application security and save costs. We also look at the various technical decisions taken to ensure the robustness of this feature as well as some key learnings.

Introduction

The mechanisms we use to authenticate our users have evolved as the Grab Identity team consistently refines our approach. Over the years, we have observed several things:

  • OTP and Personal Identification Number (PIN) are susceptible to hacking and social engineering.
  • These methods have high user friction (e.g. delay or failure to receive SMS, need to launch Facebook/Google).
  • Shared/rented driver accounts cause safety concerns for passengers and increases potential for fraud.
  • High OTP costs at $0.03/SMS.

Social engineering efforts have gotten more advanced – attackers could pretend to be your friends and ask for your OTP or even post phishing advertisements that prompt for your personal information.

Search data flow Search data flow
Search data flow

With more sophisticated social engineering attacks on the rise, we need solutions that can continue to protect our users and Grab in the long run.

Background

When we looked into developing solutions for these problems, which was mainly about cost and security, we went back to basics and looked at what a secure system meant.

  • Knowledge Factor: Something that you know (password, PIN, some other data)
  • Possession Factor: Something physical that you have (device, keycards)
  • Inherent Factor: Something that you are (face ID, fingerprint, voice)

We then compared the various authentication mechanisms that the Grab app currently uses, as shown in the following table:

Authentication factor 1. Something that you know 2. Something physical that you have 3. Something that you are
OTP ✔️ ✔️
Social ✔️
PIN ✔️
Biometrics ✔️ ✔️

With methods based on the knowledge and possession factors, it is still possible for attackers to get users to reveal sensitive account information. On the other hand, biometrics are something you are born with and that makes it more complex to mimic. Hence, we have added biometrics as an additional layer to enhance Grab’s existing authentication methods and build a more secure platform for our users.

Solution

Biometric authentication powered by device biometrics provides a robust platform to enhance trust. This is because modern phones provide a few key features that allow client server trust to be established:

  1. Biometric sensor (fingerprint or face ID).
  2. Advent of devices with secure enclaves.

A secure enclave, being a part of the device, is separate from the main operating system (OS) at the kernel level. The enclave is used to store private keys that can be unlocked only by the biometrics on the device.

Any changes to device security such as changing a PIN or adding another fingerprint will invalidate all prior access to this secure enclave. This means that when we enroll a user in biometrics this way, we can be sure that any payload from said device that matches the public part of said private key is authorised by the user that created it.

Search data flow
Search data flow

Architecture details

The important part of the approach lies in the enrollment flow. The process is quite simple and can be described in the following steps:

  1. Create an elevated public/private key pair that requires users authentication.
  2. Ask users to authenticate in order to prove they are the device holders.
  3. Sign payload with confirmed unlocked private key and send public key to finish enrolling.
  4. Store returned reference id in the encrypted shared preferences/keychain.
Search data flow

Implementation

The key implementation details is as follows:

  1. Grab’s HellfireSDK confirms if the device is not rooted.
  2. Uses SHA512withECDSA for hashing algorithm.
  3. Encrypted shared preferences/keychain to store data.
  4. Secure enclave to store private keys.

These key technologies allow us to create trust between devices and services. The raw biometric data stays within the device and instead sends an encrypted signature of biometry data to Grab for verification purposes.

Impact

Biometric login aims to resolve the many problems highlighted earlier in this article such as reducing user friction and saving SMS OTP costs.

We are still experimenting with this feature so we do not have insights on business impact yet. However, from early experiment runs, we estimate over 90% adoption rate and a success rate of nearly 90% for biometric logins.

Learnings/Conclusion

As methods of executing identity theft or social engineering get more creative, simply using passwords and PINs is not enough. Grab, and many other organisations, are realising that it’s important to augment existing security measures with methods that are inherent and unique to users.

By using biometrics as an added layer of security in a multi-factor authentication strategy, we can keep our users safe and decrease the probability of successful attacks. Not only do we ensure that the user is a legitimate entity, we also ensure that we protect their privacy by ensuring that the biometric data remains on the user’s device.

What’s next?

  • IdentitySDK – this feature will be moved into an SDK so other teams integrate it via plug and play.
  • Standalone biometrics – biometric authentication is currently tightly coupled with PIN i.e. biometric authentication happens in place of PIN if biometric authentication is set up. Therefore, users would never see both PIN and biometric in the same session, which limits our robustness in terms of multi-factor authentication.
  • Integration with DAX and beyond – We plan to enable this feature for all teams who need to use biometric authentication.

Join us

Grab is a leading superapp in Southeast Asia, providing everyday services that matter to consumers. More than just a ride-hailing and food delivery app, Grab offers a wide range of on-demand services in the region, including mobility, food, package and grocery delivery services, mobile payments, and financial services across over 400 cities in eight countries.

Powered by technology and driven by heart, our mission is to drive Southeast Asia forward by creating economic empowerment for everyone. If this mission speaks to you, join our team today!

[$] Resurrecting fbdev

Post Syndicated from original https://lwn.net/Articles/881827/rss

The Linux framebuffer device (fbdev) subsystem has long languished in
something of a purgatory; it was listed as “orphaned” in the
MAINTAINERS file and saw fairly minimal maintenance, mostly driven
by developers working elsewhere in the kernel graphics stack. That all
changed, in an eye-opening way, on January 17, when Linus Torvalds
merged a change
to make Helge Deller the new maintainer of the subsystem. But it turns out
that the problems in fbdev run deep, at least according to much of the rest
of the kernel graphics community. By seeming to take on the maintainer role in order to
revert the removal of some buggy features from fbdev, Deller has created
something of a controversy.

The collective thoughts of the interwebz