Post Syndicated from corbet original https://lwn.net/Articles/1022054/
The seventh edition of the Power Management and Scheduling
in the Linux Kernel Summit (known as “OSPM”) took place on March 18-20,
2025. Topics discussed on the third (and final) day include proxy
execution, energy-aware scheduling, the deadline scheduler, and an
evaluation of the kernel’s EEVDF scheduler.
Post Syndicated from Spencer McIntyre original https://blog.rapid7.com/2025/05/30/metasploit-wrap-up-05-30-2025/
Metasploit has supported SOCKS proxies for years now, being able to both act as both a client (by setting the Proxies datastore option) and a server (by running the auxiliary/server/socks_proxy module). While Metasploit has supported both SOCKS versions 4a and 5, there became some ambiguity in regards to how Domain Name System (DNS) requests are made by Metasploit through these versions. Both versions 4a and 5 notably enable clients to make connections to hosts identified by hostnames leading to the DNS resolution to take place on the SOCKS server. Whether or not the SOCKS client chooses to resolve the hostname to an address itself or to use the server is an implementation detail that is inconsistent among many pieces of software.
In the case of Metasploit, the framework opted to handle the DNS resolution itself. This was to ensure consistent behavior of running a module with and without a proxy when the target hostname resolved to multiple IP addresses. Many years ago, when Metasploit shifted focus to assessing targets in bulk, we decided that if a hostname was specified as a target by a user that mapped to multiple IP addresses, the module should be run for each IP address. This behavior is mostly intended for modules targeting web servers and can be seen by running the auxiliary/scanner/http/http_version module with a target behind a CDN such as cloudfront (it’s pretty easy to guess a suitable example here).
This did however introduce a problem for users that intended to use Metasploit as a SOCKS proxy client by setting the Proxies datastore option because Metasploit was performing the DNS resolution instead of passing the hostname to the proxy server as the user might expect. To explicitly facilitate what is probably the expected behavior of using the proxy server for name resolution, Metasploit added the unofficial SOCKS5H scheme used by cURL and other clients. The convention here being that if SOCKS5H is used, that the proxy server should be used for name resolution. Now in this case, Metasploit users can leverage the resolution capabilities of the SOCKS5 server, however that may be implemented, to initiate their connection.
To use this new capability, simply specify the server in the Proxies option as socks5h://192.0.2.0:1080 where 192.0.2.0 is the target SOCKS5 server.
At this time, Metasploit does not currently have client support for the older SOCKS4a version. If this is something that would interest you, please let us know in our ticket.
Authors: Muhamad Visat and Valentin Lobstein
Type: Auxiliary
Pull request: #20185 contributed by Chocapikk
Path: gather/wp_depicter_sqli_cve_2025_2011
AttackerKB reference: CVE-2025-2011
Description: This adds a module for exploiting CVE-2025-2011 which is an unauthenticated SQL injection vulnerability in the "Slider & Popup Builder" plugin versions <= 3.6.1.
Authors: H00die Gr3y and Huntress Team
Type: Exploit
Pull request: #20096 contributed by h00die-gr3y
Path: windows/http/gladinet_viewstate_deserialization_cve_2025_30406
AttackerKB reference: CVE-2025-30406
Description: This adds an exploit module for Gladinet CentreStack/Triofox, the vulnerability, an unsafe deserialization allows execution of arbitrary commands.
method incorrectly.vmware_vcenter_vmdir_auth_bypass module and accompanying documentation to refer to the new datastore option name.You can always find more documentation on our docsite at docs.metasploit.com.
As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:
If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
commercial edition Metasploit Pro
Post Syndicated from Geographics original https://www.youtube.com/watch?v=GU7c_c4lnNM
Post Syndicated from The History Guy: History Deserves to Be Remembered original https://www.youtube.com/watch?v=8n9-4fn42AU
Post Syndicated from David Johnson original https://www.backblaze.com/blog/the-hidden-costs-of-ai-why-your-cloud-bill-is-exploding/
AI workloads don’t play by the same rules as your average enterprise app, and if you’ve looked at your cloud bill lately, you probably know that already. They have unique demands that make them especially vulnerable to hidden AI storage costs. Think: massive parallel GPU training, nonstop data shuffling, and frequent checkpointing.
The problem? Most cloud pricing models weren’t built for this kind of action. They were designed when workloads were a lot more predictable. So, when you run AI workloads on storage models built by hyperscalers, the costs add up quickly, and often invisibly.
Struggling to keep AI storage costs under control? Download our free ebook to discover how to optimize cloud storage for AI workloads—without compromising performance.
Here are five reasons your cloud bill for AI workloads could spiral out of control:
AI workloads are packed with transactions. Every ingest of raw data, training round, inference batch, or logging step triggers API calls—PUTs, GETs, LISTs, and COPYs. If you’re training a foundational model like Deepseek v3 or Llama 2, you could be making millions of small transactions a day just by uploading all the raw data you require for training.
Each transaction might cost a fraction of a cent—but they add up.
Example: Let’s assume a model needs 1 trillion pretraining tokens. Different data sources contribute varying numbers of tokens per file. For this exercise, let’s assume the following token counts:
A typical large language model (LLM) training mix might look like this:
| Source | % of tokens | Tokens contribution | Files required (approx.) |
|---|---|---|---|
| Web pages | 40% | 400B tokens | 400M files |
| Books | 20% | 200B tokens | 2M files |
| Code | 15% | 150B tokens | 300M files |
| News articles | 15% | 150B tokens | 187.5M files |
| Academic papers | 10% | 100B tokens | 20M files |
| Total | 100% | 1T tokens | ~909.5M files |
If you’re ingesting 909.5 million files to AWS S3 at $0.005 per 1,000 PUTs (pricing as of April 2025), then you’d be charged:
That’s $4,547.50 in just PUT transaction fees—for just collecting all the data you need for training. And that’s not counting GETs, LISTs, or any other operations that are necessary to support the full AI data pipeline.
Models trained on image slices, text tokens, or time-series data can create millions of small files. These not only trigger excessive API calls, but also suffer from the following:
This mismatch means your dataset of 100 million 10KB files could behave (and cost) like a much larger, high-churn workload.
Deep archive tiers may be cheap upfront, but they’re a poor fit for iterative AI workflows. Need to rehydrate training data to rerun a model? Get ready to wait hours and pay per retrieval. Need to delete? You could get hit with minimum retention penalties, and pay for that data as if you held onto it for 60, 90, or even 180 days.
AI workflows are iterative. You’re not archiving log files; you’re experimenting, fine-tuning, and reprocessing constantly. Cold storage is rarely compatible with that.
Egress is a silent killer. It’s the fee you pay every time you move data out of cloud storage. In AI workflows, that’s often necessary for:
These fees scale linearly with data volume, which is a problem when your AI pipeline is pulling terabytes or petabytes per day.
You might set up lifecycle rules to move infrequently accessed data to cheaper tiers—sounds smart, right?
Except:
And all of this assumes you even know your data’s “temperature” in advance—which, in AI workflows, changes day to day.
Your AI pipeline isn’t just a compute problem: It’s a data movement and storage orchestration engine. And that’s exactly where traditional cloud pricing models fall short.
If your cloud bill is blowing up, it’s probably not just because you kicked off another training run. It’s the millions of GET requests, the silent egress charges, and those archive tier retrievals you didn’t plan for.
The good news? Once you know where the hidden costs are, you can start building smarter.
The post The Hidden Costs of AI: Why Your Cloud Bill is Exploding appeared first on Backblaze Blog | Cloud Storage & Cloud Backup
Post Syndicated from Sairam Vangapally original https://aws.amazon.com/blogs/big-data/packscan-building-real-time-sort-center-analytics-with-aws-services/
Amazon manages a complex logistics network with multiple touch points, from fulfillment centers to sort centers to final customer delivery. Among these, sort centers play a crucial role in the middle mile, providing faster and more efficient package movement. Within Amazon’s Middle Mile operations, high-volume sort centers process millions of packages daily, making immediate access to operational data essential for optimizing efficiency and decision-making. Real-time visibility into key metrics—such as package movements, container statuses, and associate productivity—is critical for smooth logistics operations. To address the need for real-time operational planning, the Amazon Middle Mile team developed PackScan, a cloud-based platform designed to provide instant insights across the network. By significantly reducing data latency, PackScan enables proactive decision-making, so teams can monitor inbound package flows, optimize outbound shipments based on live data, track associate productivity, identify bottlenecks, and enhance overall operational efficiency—all in real time.
In this post, we explore how PackScan uses Amazon cloud-based services to drive real-time visibility, improve logistics efficiency, and support the seamless movement of packages across Amazon’s Middle Mile network.
This post assumes a foundational understanding of the following services and concepts:
Although hands-on experience is not required, a conceptual understanding of these services will help in understanding the architecture, design patterns, and components discussed throughout the article.
Amazon’s sort centers handle over 15 million packages daily across more than 120 facilities in North America. Given this scale, even minor delays in operational insights can lead to inefficiencies, increased costs, and escalations. Traditionally, data latencies of up to an hour have restricted the ability to make proactive decisions, directly affecting productivity, resource allocation, and responsiveness—especially during peak periods like holiday seasons and big deal days.
Without immediate visibility into package movements, container statuses, and associate performance, operational teams face challenges in identifying and resolving bottlenecks in real time. The lack of timely insights can disrupt the flow of packages, leading to shipment delays, reduced throughput, and suboptimal facility performance. Addressing these inefficiencies required a solution capable of delivering real-time, high-fidelity data to support rapid decision-making.
To bridge this gap, Amazon’s Middle Mile organization needed a scalable platform that could enhance visibility, minimize latency, and provide up-to-the-minute insights into logistics operations. PackScan was designed to meet these demands, giving teams access to the real-time data necessary to optimize workflows, mitigate bottlenecks, and improve overall efficiency.
In 2024, PackScan was deployed across 80 sort centers in the USA, enabling real-time package analytics. The solution powers Grafana dashboards, which refresh every 10 seconds by fetching live package data from OpenSearch Service. With this near real-time visibility, operations teams can monitor package movement and sorting efficiency across sort centers. The following diagram outlines how package scan data is ingested, processed, and made actionable.
Each sort center is equipped with hardware at inbound stations where packages arrive from trailers. Integrated barcode scanners automatically scan each package as it enters the sorting process. Every scan generates an SNS event, capturing key attributes such as the package ID, dimensions, the associate who performed the scan, and the timestamp and location of the scan.
After they’re generated, these SNS events are ingested into Data Firehose through a Lambda function, where the data undergoes real-time enrichment. During this process, additional attributes are appended, including the business logic rules. The enriched data is then streamed into OpenSearch Service, where events are indexed to enable fast and efficient querying. With the indexed package scan events available in OpenSearch Service, real-time analytics and monitoring become possible. The Grafana dashboards query this data every 10 seconds, providing operational insights into package inflow metrics and associate performance.
PackScan was implemented using a structured and scalable approach, using AWS cloud-based services to enable high-frequency data ingestion, real-time processing, and actionable insights. The architecture is designed to minimize latency while providing reliability, scalability, and operational efficiency. The solution is built around a serverless, event-driven architecture that dynamically scales based on data ingestion volumes. The architecture—illustrated in the following figure—enabled us to build a real-time data solution, utilizing the advantages of various AWS services to provide low-latency analytics, high scalability, and real-time operational insights across Amazon’s sort centers.
The following are the key components and features of the solution:
The entire PackScan architecture is designed for automatic scaling, adjusting dynamically based on data ingestion volume to maintain efficiency during peak and off-peak operations. This approach provides cost-effective resource utilization while maintaining high availability and performance.
The implementation of PackScan has led to measurable improvements in operational efficiency, workforce productivity, and real-time decision-making across Amazon’s sort centers. By reducing data latency and enabling real-time insights, PackScan has transformed logistics operations in meaningful ways:
Overall, PackScan has redefined real-time logistics visibility within Amazon’s Middle Mile operations, empowering operational teams with actionable insights, enhanced workforce efficiency, and a data-driven approach to package movement and sort center performance.
The deployment and scaling of PackScan provided valuable insights into optimizing real-time logistics visibility. Several key lessons and best practices emerged from this implementation:
| AWS Service | Description | Estimated Monthly Cost |
| Amazon EC2 | Three EC2 instances of type m5.12xlarge hosting Grafana | $1,700 |
| AWS Lambda | Streams SNS events to Data Firehose | $4,000 |
| Amazon Data Firehose | Real-time data delivery with 12,000 records streaming to OpenSearch Service | $1,500 |
| Amazon OpenSearch Service | Indexing and querying package scan events | $28,000 |
By applying these best practices, PackScan has set a foundation for scalable, real-time logistics management, making sure that Amazon’s Middle Mile operations remain proactive, efficient, and highly responsive to changing business demands.
PackScan has successfully transformed real-time operational visibility within Amazon’s sort centers, addressing critical challenges in data latency, workforce productivity, and logistics efficiency. By using AWS services, particularly Data Firehose for real-time data delivery and OpenSearch Service for analytics, PackScan has enabled proactive decision-making, streamlined operations, and enhanced throughput in high-volume sort environments. Looking ahead, future enhancements will focus on further elevating operational intelligence and scalability, including:
With these advancements, PackScan will continue to drive operational excellence, cost-efficiency, and real-time decision-making capabilities, reinforcing Amazon’s commitment to innovation in logistics and supply chain management.
For those interested in implementing similar solutions, we recommend exploring AWS Serverless Architecture Patterns and the AWS Architecture Blog for additional insights and best practices in building scalable, real-time analytics solutions.
Sairam Vangapally is a Data Engineer at Amazon with extensive experience architecting real-time, large-scale data platforms that power critical logistics operations across North America. He has led the design and deployment of end-to-end data pipelines, enabling high-throughput ingestion, transformation, and analytics at scale. He is passionate about building resilient data infrastructure and driving cross-functional collaboration to deliver solutions that accelerate operational insights and business impact.
Nitin Goyal serves as a Data Engineering Manager in Amazon’s Sort Center organization, where he leads initiatives to optimize operational efficiency across North American facilities. With over nine years of tenure at Amazon spanning multiple teams, he specializes in architecting high-performance data systems, with particular emphasis on real-time streaming pipelines, artificial intelligence, and low-latency solutions. His expertise drives the development of sophisticated operational workflows that enhance sort center productivity and effectiveness.
Post Syndicated from BeardedTinker original https://www.youtube.com/watch?v=CZ9g44mIuFA
Post Syndicated from The Atlantic original https://www.youtube.com/watch?v=Rk95IlkLhjk
Post Syndicated from Ayush Kumar original https://blog.cloudflare.com/cloudflare-named-a-strong-performer-in-email-security-by-forrester/
Today, we are excited to announce that Forrester has recognized Cloudflare Email Security as a Strong Performer and among the top three providers in the ‘current offering’ category in “The Forrester Wave™: Email, Messaging, And Collaboration Security Solutions, Q2 2025” report. Get a complimentary copy of the report here. According to Forrester:
“Cloudflare is a solid choice for organizations looking to augment current email, messaging, and collaboration security tooling with deep content analysis and processing and malware detection capabilities.”
In this evaluation, Forrester analyzed 10 Email Security vendors across 27 different criteria. Cloudflare received the highest scores possible in nine key evaluation criteria, and also scored among the top three in the current offering category. We believe this recognition is due to our ability to deliver stronger security outcomes across email and collaboration tools. These highlights showcase the strength and maturity of our Email Security solution:
Cloudflare’s advanced sandboxing engine analyzes files, whether directly attached or linked via cloud storage, using both static and dynamic analysis. Our AI-powered detectors evaluate attachment structure and behavior in real time, enabling protection not only against known malware but also emerging threats.
URLs are analyzed at delivery and again at click-time using Cloudflare’s global network. Our OCR and machine learning models extract and analyze metadata and page behavior to determine the maliciousness of a URL. Customers can also isolate suspicious links in remote browser sessions preventing user compromise. We continuously monitor URLs and retroactively remediate messages if the risk changes.
With over 4.4 trillion signals ingested daily across DNS, HTTP, and email layers, Cloudflare operates one of the most comprehensive real-time threat intelligence ecosystems. Campaigns observed via our DNS or HTTP layers are used to preemptively block related email threats well before traditional feeds.
Cloudflare uses an ensemble of large language models (LLMs), natural language processing (NLP) techniques, and machine learning (ML) classifiers to analyze message tone, thread behavior, QR codes, and invoice language. These models detect indicators of fraud, business email compromise (BEC), and social engineering that legacy engines often miss.
Cloudflare’s unified Zero Trust dashboard gives SOC teams full visibility across email, web, cloud, data events. Analysts can pivot across user activity in just a few clicks and export data when needed.
Our quarantine workflow is designed to minimize disruption. Customers can choose several ways to get notifications to users about messages that have been quarantined.
Cloudflare enforces SPF, DKIM, and DMARC alignment automatically. We also offer a free DMARC reporting tool that gives customers visibility into email authentication failures and helps them take control of email brand protection.
Security is core to Cloudflare’s DNA. All services undergo continuous penetration testing, adhere to SOC 2 Type II and ISO 27001 standards, and operate on Cloudflare’s own infrastructure.
Cloudflare integrates natively with Splunk, Microsoft Sentinel, Palo Alto XSOAR, and ServiceNow, making it easy to bring Cloudflare Email Security into existing SOC workflows. We also partner with leading human risk and awareness platforms to give organizations a more user-centric view of risk and behavior.
These strengths reflect Cloudflare’s commitment to building a comprehensive email security platform, one that’s designed to protect email inboxes and workspaces.
We agree with Forrester’s perspective on where the email security market is headed. Across our customer base, from Fortune 100 enterprises to fast-growing startups, we’ve seen a clear evolution:
Phishing is no longer confined to the inbox.
Attackers are increasingly luring users into external apps, unaudited chat platforms, or legitimate third-party services, bypassing traditional security controls. This shift is forcing SOC teams to think beyond just email and adopt a more holistic approach to workspace security.
Cloudflare was one of the first vendors to position email security as part of a broader SASE and Zero Trust strategy, securing not just messages, but the entire user surface. Looking ahead, we’re doubling down on this integrated vision of workspace security to give SOC teams simpler investigations and faster response.
We will continue to:
Build AI-driven automation
Reduce alert fatigue and manual triage by using LLMs to summarize incidents, auto-label threats, and recommend next steps, allowing junior analysts to act with senior-level confidence.
Deepen integrations across the Cloudflare ecosystem
Continue to unify signals across email, web, cloud, and data to give security teams a single view of user behavior driving faster remediations.
Enhance real-time user coaching
Deliver contextual guidance at the moment of risk, whether via banners, isolation flows, or in-app warnings, to help users make safer and more informed decisions.
Develop best-in-class detections
Continue investing in advanced models detecting new and novel phishing campaigns by leveraging global telemetry from our network edge to stop novel threats faster.
Cloudflare has always approached email security not as a standalone point solution, but as a core pillar of unified threat protection, deeply integrated across the modern enterprise security stack.
We provide all organizations (whether a Cloudflare customer or not) with free access to our Retro Scan tool, allowing them to use our predictive AI models to scan existing inbox messages. Retro Scan will detect and highlight any threats found, enabling organizations to remediate them directly in their email accounts. With these insights, organizations can implement further controls, either using Cloudflare Email Security or their preferred solution, to prevent similar threats from reaching their inboxes in the future.
If you are interested in how Cloudflare can help secure your inboxes, sign up for a phishing risk assessment here.
Forrester does not endorse any company, product, brand, or service included in its research publications and does not advise any person to select the products or services of any company or brand based on the ratings included in such publications. Information is based on the best available resources. Opinions reflect judgment at the time and are subject to change. For more information, read about Forrester’s objectivity here .
Post Syndicated from The History Guy: History Deserves to Be Remembered original https://www.youtube.com/watch?v=PQIEikPRG3I
Post Syndicated from Conner Goldstein original https://blog.rapid7.com/2025/05/30/seeing-is-securing-how-surface-command-expands-mdr-visibility-and-impact/
Imagine hiring a professional security team to guard your home — only to discover they’re doing so by monitoring camera feeds from only the front of the house — securing the front door but blissfully unaware of the unlocked window in the back. That’s what many organizations face today when relying on Managed Detection and Response (MDR) services without full visibility across their digital environments.
Shadow IT, orphaned assets, internet-facing exposures, and unmanaged cloud services are all part of an expanding attack surface. And, according to Enterprise Strategy Group, 76% of organizations have experienced some type of cyberattack involving an unknown or unmanaged internet-facing asset(1) — the kind of risk that stems from gaps in visibility. The result? A critical mismatch between the Attack Surface (what adversaries can reach) and the Detection Surface (what MDR services are configured to see and respond to).
To maximize the effectiveness of security operations, MDR must continually evolve. Today at Rapid7, that means integrating Surface Command — not as a dashboard or tool to manage, but as a behind-the-scenes capability that strengthens the service our customers rely on.
Surface Command enhances the MDR experience by combining two critical perspectives:
Together, they offer a complete picture of what’s actually in your environment — and what’s at risk — without requiring additional effort from security teams. For the Rapid7 SOC, this means less risk for blind spots and faster, more confident investigations. For customers, it means fewer RFIs and greater trust in the response process.
Many organizations today rely on spreadsheets and manual processes to keep track of their infrastructure — and the consequences are significant. Incomplete inventories, inconsistent classifications, and missed configuration details all contribute to increased risk and slower response.
Surface Command addresses this with three key strengths:
These operational advantages translate directly into security value: better data, faster detection and investigation, and a more resilient managed defense.
Visibility is a means to an end. By enabling Surface Command, the MDR SOC has invaluable insight into every corner of your security environment, bringing efficiencies and deep insights to your managed security program:
It also supports compliance initiatives by clarifying what’s in scope and how it’s protected. For organizations pursuing NIST, CIS, or ISO alignment, that transparency can be a game changer.
Surface Command brings the power of Attack Surface Management — long seen as a capability reserved for mature, well-resourced security teams — directly into the hands of Rapid7 MDR customers. Our goal is to ensure that your internal security team and our SOC are given the most complete context possible from day one.
There are a number of ways Surface Command is available to MDR customers today. Contact your Rapid7 account team or click here to initiate a no commitment trial today.
(1) Enterprise Strategy Group
Post Syndicated from jzb original https://lwn.net/Articles/1022399/
Mozilla has decided to throw in
the towel on Pocket, a social-bookmarking
service that it acquired in 2017. This has left many users scrambling
for a replacement for Pocket before its shutdown in July. One possible
option is wallabag, a
self-hostable, MIT-licensed project for saving web content for later
reading. It can import saved data from services like Pocket, share
content on the web, export to various formats, and more. Even better,
it puts users in control of their data long-term.
Post Syndicated from daroc original https://lwn.net/Articles/1023259/
Security updates have been issued by AlmaLinux (.NET 8.0, .NET 9.0, firefox, ghostscript, gstreamer1-plugins-bad-free, libsoup3, mingw-freetype, perl, ruby, sqlite, thunderbird, unbound, valkey, and xz), Debian (chromium, firefox-esr, libavif, linux-6.1, modsecurity-apache, mydumper, systemd, and thunderbird), Fedora (coreutils, dnsdist, docker-buildx, maturin, mingw-python-flask, mingw-python-flit-core, ruff, rust-hashlink, rust-rusqlite, and thunderbird), Red Hat (pcs), SUSE (augeas, brltty, brotli, ca-certificates-mozilla, dnsdist, glibc, grub2, kernel, libsoup, libsoup2, libxml2, open-vm-tools, perl, postgresql13, postgresql15, postgresql16, postgresql17, python-cryptography, python-httpcore, python-h11, python311, runc, s390-tools, slurm, slurm_20_11, slurm_22_05, slurm_23_02, slurm_24_11, tomcat, and webkit2gtk3), and Ubuntu (linux-aws).
Post Syndicated from The History Guy: History Deserves to Be Remembered original https://www.youtube.com/watch?v=E5P68yj1dAo
Post Syndicated from Емилия Милчева original https://www.toest.bg/serialut-ne-e-turski/
Не гледам турски сериали.
С тази фраза лидерът на ГЕРБ Бойко Борисов отказа да коментира случващото се в ДПС и преминаването на Джевдет Чакъров в лагера на ДПС – Ново начало и на главатаря му Делян Пеевски.
Сериалът не е турски, съвсем не. В турските сапунки след сълзи, предателства и раздели семейството пак се събира на трапезата, лошите изчезват, а моралната поука е като нарисувана.
Историята, в която Чакъров – подводачът на т.нар. автентично ДПС (Big Boss, разбира се, е Ахмед Доган), напуска партията си, е от българската драматична поредица „Смъртта на ДПС“. По БНТ Юджел Атилла определи действията на Чакъров като „последния пирон“ в ковчега.
Чакъров се явява една от най-черните фигури в ДПС, който заби последния пирон в ковчега на ДПС. С това ние загубихме изцяло логото и марката. Не му прави чест, че точно той – председателят, който беше посочен от почетния ни председател Ахмед Доган, постъпи така. Ако имаше малко чест и достойнство, щеше да отиде и да си подаде оставката пред почетния председател.
Но Доган посочи за лидер и феноменалния олигарх Делян Пеевски, който превзе ДПС, „изкупувайки“ партийния му елит чрез методите на тоягата и моркова. Чакъров напусна лагера на Доган, след като Софийският градски съд наложи запор върху фирми на сина му Сами Чакъров заради досъдебно производство, водено от Комисията за противодействие на корупцията и Софийската градска прокуратура.
36-годишният Чакъров-младши е развил бизнес в различни сфери – хранителни стоки, консултантски и инвестиционни услуги до енергетика, но най-важният са соларните паркове и търговията с панели. Сред тях са „Белозем Солар Парк“, „Дупница Солар“ и „Верила Солар Парк 2“, обявен преди две години за най-големия и модерен в България, осигуряващ електроенергия за телекома Yettel. Инвестицията във „Верила“ е за около 200 млн. лв., с инсталирани мощности от 123 MW на над 1300 дка. Соларният парк на Чакъров ще получи и 41,2 млн. лв., тъй като е сред одобрените за еврофинансиране от Министерството на енергетиката 112 проекта за изграждане на съоръжения за съхранение на електроенергия.
Резултат от прехвърлянето на Джевдет Чакъров е и прекратяването от Върховния касационен съд на делото за изключването на Делян Пеевски от ДПС, заведено в края на 2024 г. Решението за прекратяване е по искане, внесено от Чакъров, който се е отказал от всички претенции по делото. Той вече е и независим депутат, след като бе изключен от парламентарната група на ДПС–ДПС, наброяваща вече 17 души, и на негово председателско място бе избран Хайри Садъков. Още една депутатка от ДПС–ДПС се присъедини към парламентарната група на ДПС – Ново начало – Ваня Василева. Очаква се да я последват и други.
От формацията определиха решението на Чакъров като „жалка персонална капитулация пред Пеевски“. Самият Пеевски каза, че Чакъров е напуснал „файтона на тези номади и всичко приключи“.
Какви ще са последиците?
Нова партия ще се роди от ДПС, с ново име, без да повтаря стария модел, увери Юджел Атилла. Ако новата партия продължи да носи старите зависимости, задкулисие и икономическо обсебване, ще е просто ребрандирана фасада на същата политическа схема.
Но дали това ще е спасението за дълбоката криза на идентичността, в която е изпаднало ДПС – последната системна партия от Прехода, загинала пред очите ни. БСП се разпадаше бавно и постепенно поради неспособността да се превърне в модерна лява партия, а соцносталгиците и русофилите се разпръснаха по други политически атракциони. СДС агонизира по-кратко, но за сметка на това по-шумно заради очакванията за промяна, с които влезе в политиката. Вътрешни предателства, компромиси и злоупотреби с власт превърнаха „синьото лъвче“ в политически призрак, пришит към ГЕРБ.
След 35 години история ДПС умира по различен начин, загубвайки най-важното – своя мит и своя разказ. Само за десетина месеца събитията, които се развиха, детронираха Ахмед Доган, който вече не е Сокола, а сянка на легендата. Безсмисленото нахлуване в обитаваната от него резиденция – т.нар. Боянски сараи, показа обезсилен политик, който трудно артикулира, далеч от някогашния ореол на стратег и балансьор, обграден от страх и почит.
Но ДПС изгуби нещо много по-ценно от лицето си, каквото бе Доган. Изгуби своята историческа легитимност и емоционалната връзка с избирателите. Изгуби моралното право да съществува, след като беше създадена след насилствената смяна на имената на българските мюсюлмани и беше носител на идеите за правата на малцинствата, а част от нейния елит и целият ѝ електорат изстрадаха тази битка. ДПС беше част от най-новата история на България, но днес вече е изгубила връзката с разказа за себе си.
Доган управляваше еднолично ДПС, както прави и „наследникът“ му Пеевски, без да притежава неговото харизматично въздействие върху избирателите. Но санкцонираният за корупция от САЩ и Великобритания олигарх притежава друго – ключови лостове в изпълнителната и съдебната власт, за да налага волята си без нужда от обаяние или морален авторитет.
Председателят на ДПС – Ново начало демаскира партията – обърна гръб на либералите от АЛДЕ и я придърпа към консерваторите евроскептици. Тази седмица евродепутати и депутати от ДПС – Ново начало с Пеевски участваха във форума за консервативни лидери и идеи CPAC Hungary 2025*. На откриването са били премиерите на Унгария, Словакия и Грузия – Виктор Орбан, Роберт Фицо, Иракли Кобаидзе, както и бившият министър-председател на Чехия Андрей Бабиш. Американският президент Доналд Тръмп благодарил на „дългогодишните си приятели“, които са били с него в най-трудните му моменти.
Посоката на ДПС вече е променена – вместо да защитава малцинствените права и европейската интеграция, се обръща към реторика за „традиционни ценности“, национален суверенитет и антиевропейски уклони. Консерваторският уклон взема връх в българската политика, а преориентацията на ДПС – Ново начало се дължи на нескритото желание на Пеевски да се освободи от санкциите по „Магнитски“, които така и не успяха да намерят своето българско приложение.
По bTV бившият лидер на младежкото ДПС Корман Исмаилов, един от напусналите партията през 2011 г., коментира, че „чакъровците“ отиват в „Ново начало“, защото има „нов разпределител на порциите“. Исмаилов предрече по-кратко лидерство на Пеевски, за разлика от „аналоговия Доган“.
Борисов ми прилича на един стар, болен, уморен политик, силно притеснен, защото не може да излезе достойно от политиката заради зависимостта си от Пеевски. За него единственият изход е да стане президент, а Пеевски – премиер. Но царуването на Пеевски ще бъде по-кратко от това на Доган.
Изходът от политиката обикновено завършва с падение, казва още Исмаилов. Не и ако е навреме, но моментът обикновено се изпуска заради алчност.
В турските сериали поне хепиендът е гарантиран. Обаче сериалът не е турски.
Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2025/05/why-take9-wont-improve-cybersecurity.html
There’s a new cybersecurity awareness campaign: Take9. The idea is that people—you, me, everyone—should just pause for nine seconds and think more about the link they are planning to click on, the file they are planning to download, or whatever it is they are planning to share.
There’s a website—of course—and a video, well-produced and scary. But the campaign won’t do much to improve cybersecurity. The advice isn’t reasonable, it won’t make either individuals or nations appreciably safer, and it deflects blame from the real causes of our cyberspace insecurities.
First, the advice is not realistic. A nine-second pause is an eternity in something as routine as using your computer or phone. Try it; use a timer. Then think about how many links you click on and how many things you forward or reply to. Are we pausing for nine seconds after every text message? Every Slack ping? Does the clock reset if someone replies midpause? What about browsing—do we pause before clicking each link, or after every page loads? The logistics quickly become impossible. I doubt they tested the idea on actual users.
Second, it largely won’t help. The industry should know because we tried it a decade ago. “Stop. Think. Connect.” was an awareness campaign from 2016, by the Department of Homeland Security—this was before CISA—and the National Cybersecurity Alliance. The message was basically the same: Stop and think before doing anything online. It didn’t work then, either.
Take9’s website says, “Science says: In stressful situations, wait 10 seconds before responding.” The problem with that is that clicking on a link is not a stressful situation. It’s normal, one that happens hundreds of times a day. Maybe you can train a person to count to 10 before punching someone in a bar but not before opening an attachment.
And there is no basis in science for it. It’s a folk belief, all over the Internet but with no actual research behind it—like the five-second rule when you drop food on the floor. In emotionally charged contexts, most people are already overwhelmed, cognitively taxed, and not functioning in a space where rational interruption works as neatly as this advice suggests.
Pauses help us break habits. If we are clicking, sharing, linking, downloading, and connecting out of habit, a pause to break that habit works. But the problem here isn’t habit alone. The problem is that people aren’t able to differentiate between something legitimate and an attack.
The Take9 website says that nine seconds is “time enough to make a better decision,” but there’s no use telling people to stop and think if they don’t know what to think about after they’ve stopped. Pause for nine seconds and… do what? Take9 offers no guidance. It presumes people have the cognitive tools to understand the myriad potential attacks and figure out which one of the thousands of Internet actions they take is harmful. If people don’t have the right knowledge, pausing for longer—even a minute—will do nothing to add knowledge.
The three-part suspicion, cognition, and automaticity model (SCAM) is one way to think about this. The first is lack of knowledge—not knowing what’s risky and what isn’t. The second is habits: people doing what they always do. And third, using flawed mental shortcuts, like believing PDFs to be safer than Microsoft Word documents, or that mobile devices are safer than computers for opening suspicious emails.
These pathways don’t always occur in isolation; sometimes they happen together or sequentially. They can influence each other or cancel each other out. For example, a lack of knowledge can lead someone to rely on flawed mental shortcuts, while those same shortcuts can reinforce that lack of knowledge. That’s why meaningful behavioral change requires more than just a pause; it needs cognitive scaffolding and system designs that account for these dynamic interactions.
A successful awareness campaign would do more than tell people to pause. It would guide them through a two-step process. First trigger suspicion, motivating them to look more closely. Then, direct their attention by telling them what to look at and how to evaluate it. When both happen, the person is far more likely to make a better decision.
This means that pauses need to be context specific. Think about email readers that embed warnings like “EXTERNAL: This email is from an address outside your organization” or “You have not received an email from this person before.” Those are specifics, and useful. We could imagine an AI plug-in that warns: “This isn’t how Bruce normally writes.” But of course, there’s an arms race in play; the bad guys will use these systems to figure out how to bypass them.
This is all hard. The old cues aren’t there anymore. Current phishing attacks have evolved from those older Nigerian scams filled with grammar mistakes and typos. Text message, voice, or video scams are even harder to detect. There isn’t enough context in a text message for the system to flag. In voice or video, it’s much harder to trigger suspicion without disrupting the ongoing conversation. And all the false positives, when the system flags a legitimate conversation as a potential scam, work against people’s own intuition. People will just start ignoring their own suspicions, just as most people ignore all sorts of warnings that their computer puts in their way.
Even if we do this all well and correctly, we can’t make people immune to social engineering. Recently, both cyberspace activist Cory Doctorow and security researcher Troy Hunt—two people who you’d expect to be excellent scam detectors—got phished. In both cases, it was just the right message at just the right time.
It’s even worse if you’re a large organization. Security isn’t based on the average employee’s ability to detect a malicious email; it’s based on the worst person’s inability—the weakest link. Even if awareness raises the average, it won’t help enough.
Finally, all of this is bad public policy. The Take9 campaign tells people that they can stop cyberattacks by taking a pause and making a better decision. What’s not said, but certainly implied, is that if they don’t take that pause and don’t make those better decisions, then they’re to blame when the attack occurs.
That’s simply not true, and its blame-the-user message is one of the worst mistakes our industry makes. Stop trying to fix the user. It’s not the user’s fault if they click on a link and it infects their system. It’s not their fault if they plug in a strange USB drive or ignore a warning message that they can’t understand. It’s not even their fault if they get fooled by a look-alike bank website and lose their money. The problem is that we’ve designed these systems to be so insecure that regular, nontechnical people can’t use them with confidence. We’re using security awareness campaigns to cover up bad system design. Or, as security researcher Angela Sasse first said in 1999: “Users are not the enemy.”
We wouldn’t accept that in other parts of our lives. Imagine Take9 in other contexts. Food service: “Before sitting down at a restaurant, take nine seconds: Look in the kitchen, maybe check the temperature of the cooler, or if the cooks’ hands are clean.” Aviation: “Before boarding a plane, take nine seconds: Look at the engine and cockpit, glance at the plane’s maintenance log, ask the pilots if they feel rested.” This is obviously ridiculous advice. The average person doesn’t have the training or expertise to evaluate restaurant or aircraft safety—and we don’t expect them to. We have laws and regulations in place that allow people to eat at a restaurant or board a plane without worry.
But—we get it—the government isn’t going to step in and regulate the Internet. These insecure systems are what we have. Security awareness training, and the blame-the-user mentality that comes with it, are all we have. So if we want meaningful behavioral change, it needs a lot more than just a pause. It needs cognitive scaffolding and system designs that account for all the dynamic interactions that go into a decision to click, download, or share. And that takes real work—more work than just an ad campaign and a slick video.
This essay was written with Arun Vishwanath, and originally appeared in Dark Reading.
Post Syndicated from original https://www.toest.bg/trunliviyat-put-do-uspeshnata-transplantatsia-na-traheya/
Трахеята е част от дихателната система. Има тръбеста форма, провежда атмосферния въздух от ларинкса до двата главни бронха и е разположена пред хранопровода. Може да се засегне от инфекции, възпаления, травми и туморни образувания. Пациентите със стеснение на трахеята (стеноза), което не може да се оперира, биха могли да подобрят качеството си на живот чрез трансплантация на органа.
Основната функция на трахеята е да транспортира въздух от и към белите дробове. Този орган също така възпрепятства навлизането на микроорганизми, прах и прекалено студен или топъл въздух. Трахеята е с тръбоподобна структура, започва от ларинкса и стига до бронхите, които я свързват с белите дробове. Средната дължина на трахеята е около 11,8 см, като тя е обвита от мукозна лигавица, подобна на тази в носната кухина. Клетките, изграждащи мукозата, са бариерата срещу микроорганизмите и праха, спираща ги да навлязат към долните дихателни пътища. Трахеята е изградена и от други клетки – реснички. Ресничките спомагат за придвижването на замърсения мукус извън органа. Трахеята в по-голямата си част е изградена от меки тъкани, а хрущялът служи като допълнителна опора. Тъй като ларинксът и трахеята са близко разположени, малка част хрущял от ларинкса покрива отвора на трахеята с цел предпазване от навлизането на храна и вода.
Редица заболявания могат да засегнат този орган. В най-спешните случаи състоянието възпрепятства дишането на пациента и изисква незабавни медицински грижи. При трахеомалацията е увреден хрущялът на трахеята, което води до слабост на органа и съответно до затруднено дишане. При трахеалната стеноза може да се стигне до изтъняване, което би породило сериозни дихателни проблеми. В такива случаи може да се наложи и поставянето на трахеална тръба.
Трансплантацията би могла да бъде единствената възможност за подобряване на качеството на живот при пациенти със стеноза на голяма част от трахеята. Въпреки това подобни интервенции не са разпространена практика. Описани са хирургични техники, при които се прави трансплантация на трахея от трупен донор и обвиване на донорския орган с кръвоснабдена (васкуларизирана) тъкан от реципиента. Тези трансплантации са неуспешни, тъй като са последвани от усложнения, например рецидив на стенозата или дори смърт. Основните пречки при трансплантацията на трахея при човека са свързани с трудното осигуряване на кръвен поток към органа.
Гръдният хирург д-р Паоло Макиарини, който някога е смятан за пионер в приложението на стволови клетки в медицината, е обвинен и осъден след смъртта на трима от пациентите му, месеци след проведената трансплантация на биосинтетична трахея. През 2023 г. Апелативният съд в Стокхолм осъжда Макиарини на 2 години и 6 месеца затвор.
Историята на Макиарини започва през 2008 г. Оттогава до 2014 г. той провежда експериментални операции на трима пациенти, докато работи в Каролинския институт в Швеция. Имплантира им синтетични трахеи от полимерен материал, „посети“ със стволови клетки, които са извлечени от костния мозък на пациентите. Идеята му е била, че клетките ще се размножат и ще „облекат“ синтетичния имплант, а той ще се превърне в идеалния заместител, защото тялото на пациента няма да реагира с отхвърляне на присадката – такъв риск е налице при трансплантации на органи от донори.
За съжаление обаче, всички пациенти умират, тъй като имплантираният орган не може да се кръвоснабди правилно. Единият пациент умира, след като имплантът причинява обилно кървене само 4 месеца след операцията. Другите двама оцеляват между 2 и 5 години, но страдат от болезнени усложнения през цялото време.
Макиарини е провеждал операциите за присаждане на изкуствена трахея на хора, без преди това да са били направени тестове върху моделни животни, и не е проследявал следоперативното състояние на пациентите си.
Той е съавтор на три научни публикации, свързани с трансплантациите на биосинтетични трахеи. В една от статиите е описано състоянието на пациент в продължение на 12 месеца, но се оказва, че реално такива данни не са събирани, а самият Макиарини не е посещавал пациента след операцията. В друга научна статия се описва здравословното състояние на пациент, проследяван в продължение на 5 месеца, но отново впоследствие се доказва, че такива данни не са налични. И трите статии са изтеглени от медицинското научно списание The Lancet, съответно през 2016, 2019 и 2023 г.
През 2021 г. екип хирурзи от болница Mount Sinai в Ню Йорк осъществяват първата в света успешна трансплантация на трахея от трупен донор. Тази процедура с историческо значение е резултат от 30 години проучвания на кръвоснабдяването на трахеята. Операцията е с продължителност 18 часа, ръководи се от д-р Ерик Дженден и в нея участва екип от 50 специалисти. Протоколът за трансплантацията и реваскуларизацията е технически ясен и възпроизводим.
Трансплантацията на трахея е направена на 56-годишна жена със сериозно увреждане на трахеята поради неколкократни интубирания след претърпени астматични пристъпи. Проведени са и няколко неуспешни опита за реконструкция на трахеята ѝ, които водят до още повече усложнения. Преди успешната трансплантация тя е дишала чрез трахеостома – хирургично направен отвор в областта на врата ѝ, и е била с висок риск от задушаване поради колапс на трахеята. След трансплантацията пациентката няма усложнения и симптоми на отхвърляне на присадения орган.
След тази успешна трансплантация надеждите за присадки от собствени тъкани нарастват, особено след като предклинични изследвания показват успешно имплантиране и неоваскуларизация. За съжаление, все още се търси най-подходящата тъкан от собственото тяло на човек, която може да служи като заместител на трахеята. Техниките с използването на изкуствени материали все още не бележат особен успех поради усложнения, като хронични инфекции, отхвърляне и малация (размекване на тъканите). Въпреки всичко иновациите в технологиите на регенеративната медицина дават повод да виждаме обещаващо бъдеще за възстановяване на дълги сегменти с дефекти на трахеята.
Учените разглеждат и потенциалното приложение на частично децелуларизираните присадки на трахея в популации, където заболяванията на дихателната система са с по-висока честота. Децелуларизирането е ензимно или химично отстраняване на клетъчни компоненти от органа, за да се премахне имуногенният фактор и така да се намали рискът от отхвърляне. Усилията са насочени към изясняването на въпроса как предходни операции на дихателните пътища са засегнали стволовите клетки и регенерационните способности на тъканите. Например екипът на д-р Сюзън Рейнолдс от една от най-големите педиатрични болници в САЩ изследва стволовите клетки, които изграждат епитела на органите на дихателната система. Изследователите от Raynolds Lab установяват, че заболяванията на белите дробове водят до биологично остаряване на популацията от стволови клетки в дихателните пътища. Учените се надяват, че тази информация ще спомогне за подбора на пациенти, чието състояние ще се подобри значително след трансплантирането на частично децелуларизирана присадка на трахея.
Въпреки провала на Макиарини с биосинтетичните трахеи, изследванията в областта на органните трансплантации продължават да се развиват, а възможностите за лечение на пациенти с увреждане на трахеята ще стават все повече.
Post Syndicated from Explosm.net original https://explosm.net/comics/mystery-solved
New Cyanide and Happiness Comic
Post Syndicated from Cliff Robinson original https://www.servethehome.com/asrock-rack-amponemd12dno-for-ampereone-m-arm-servers-shown-at-computex-2025/
At Computex 2025, we saw the ASRock Rack AMPONEMD12DNO which is a 12-channel memory AmpereOne M Arm server platform
The post ASRock Rack AMPONEMD12DNO for AmpereOne M Arm Servers Shown at Computex 2025 appeared first on ServeTheHome.
Post Syndicated from The History Guy: History Deserves to Be Remembered original https://www.youtube.com/watch?v=QJVZxnM5Tjw