Security updates for Thursday

Post Syndicated from jake original

Security updates have been issued by Debian (fuse), Fedora (cri-o, gdm, kernel-headers, postgresql, units, and wpa_supplicant), Mageia (iceaepe, kernel-linus, kernel-tmb, and libtomcrypt), openSUSE (aubio, libheimdal, nemo-extensions, and python-Django1), Red Hat (flash-plugin), SUSE (apache2, kernel, php7, qemu, samba, and ucode-intel), and Ubuntu (gnupg).

The Android Things flower that smiles with you

Post Syndicated from Alex Bate original

Smile, and the world smiles with you — or, in this case, a laser-cut flower running Android Things on a Raspberry Pi does.

Android Things flower Raspberry Pi Smile recognition Expression Flower

Expression Flower

The aim of the Expression Flower is to “challenge the perception of what robotics can be while exploring the possibility for a whimsical experience that is engaging, natural, and fun.”

Tl;dr: cute interactive flower. No Skynet.

Android Things

The flower is powered by Google’s IoT platform Android Things, running on a Raspberry Pi, and it has a camera mounted in the centre. It identifies facial expressions using the ML Kit machine learning package, also from Google. The software categorises expressions, and responds with a specific action: smile at the flower, and it will open up its petals with a colourful light show; wink at it, and its petals will close up bashfully.

Android Things flower Raspberry Pi Smile recognition Expression Flower

The build is made of laser-cut and 3D-printed parts, alongside off-the-shelf components. The entire build protocol, including video, parts, and code, is available on, so all makers can give Expression Flower a go.

Android Things flower Raspberry Pi Smile recognition Expression Flower

Seriously, this may be the easiest-to-follow tutorial we’ve ever seen. So many videos. So much helpful information. It’s pure perfection!

Machine learning and Android Things

For more Raspberry Pi–based machine learning projects, see:

Adrian Rosebeck deep learning pokemon pokedex
Raspberry Pi Santa/Not Santa detector

And for more Android Things projects, we highly recommend:

Demonstation of Joe Birch's BrailleBox
Android Things Candy Dispenser Raspberry Pi
Lantern Raspberry Pi powered augmented reality projector lamp

Aaaand, for getting started with all things Android on your Raspberry Pi, check out issue 71 of The MagPi!

The post The Android Things flower that smiles with you appeared first on Raspberry Pi.

Access Issues on Mobile Apps

Post Syndicated from Yev original

Some users may experience access issues on our mobile apps until around September 20, 2018. We are sorry for any trouble this may cause and recommend using our mobile website to view and restore files in the meantime.

What’s Happening:
As part of a large infrastructure project, we are working on the underlying code in our mobile apps. However, as we near the end of the project, some customers may experience access issues until late September. This infrastructure project lays the groundwork that will support continued development of our mobile apps (and we just hired more folks to help with that!).

Who’s Affected:
Most users should not experience any issues, but if you do find yourself unable to log in, this may be why. We expect the work to be completed on or around September 20, 2018.

Accessing Files via The Mobile Web:
For users wanting to access their Backblaze account on their phones, the mobile browser is still a good option. To restore a file from the mobile web, go to from your mobile browser of choice, log in, and then select the file you wish to download in the View/Restore files tab. In last year’s update we also provided the ability to download single files in just one click.

Again, we apologize for any inconvenience and will get mobile apps back up and running soon!

The post Access Issues on Mobile Apps appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

[$] The Data Transfer Project

Post Syndicated from jake original

Social networks are typically walled gardens; users of a service can
interact with other users and their content, but cannot see or interact
with data stored in competing services. Beyond that, though, these walled
gardens have generally made it difficult or impossible to decide to switch
to a competitor—all of the user’s data is locked into a particular site. Over
time, that has been changing to some extent, but a new project has the
potential to make it straightforward to switch to a new service without
losing everything. The Data
Transfer Project
(DTP) is a collaborative project between several internet
heavyweights that wants to “create an open-source, service-to-service
data portability platform

Стари вицове

Post Syndicated from Григор original

– Абе ти нали разбираш от банки? Искам да взема кредит.

– Вземи по-добре заем от мафията.

– Аз да не съм самоубиец?! Кажи ми като на приятел, към коя банка да се обърна?

– Нали това правя…


– Извинете, а вие какъв се падате на юбилярката?

– Любовник от първия брак…


Колко чиновници са нужни, за да сменят крушка?

Двама. Първият – за да се качи на стълба и да открадне крушката. Вторият – за да открадне и стълбата.

(Ако според вас махането на крушка не е смяна, трябва да си припомните, че и нулата е число.)


По производство на краве масло държим палмата на първенството.


Аз съм от поколението, когато Плутон още беше планета, а Земята – кръгла.


Електрическите змиорки са произлезли от змиорките с вътрешно горене.

Security updates for Wednesday

Post Syndicated from ris original

Security updates have been issued by CentOS (kernel), Debian (kernel, linux-4.9, postgresql-9.4, and ruby-zip), Fedora (cgit, firefox, knot-resolver, mingw-LibRaw, php-symfony, php-symfony3, php-symfony4, php-zendframework-zend-diactoros, php-zendframework-zend-feed, php-zendframework-zend-http, python2-django1.11, quazip, sox, and thunderbird-enigmail), openSUSE (python-Django and seamonkey), Oracle (kernel), Red Hat (kernel, kernel-rt, and redhat-virtualization-host), Scientific Linux (kernel), Slackware (openssl), SUSE (clamav, firefox, kernel, and samba), and Ubuntu (kernel, libxml2, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-hwe, linux-azure, linux-gcp, linux-lts-trusty, linux-lts-xenial, linux-aws, linux-raspi2, and samba).

Some of the best bicycle projects for #CycleToWorkDay

Post Syndicated from Alex Bate original

Avid followers of our Raspberry Pi Twitter account may be aware of just how bike-loving the residents of Pi Towers are. From the weekend cyclists to Cambridge-London-Cambridge racers, the flat land around our office calls us to jump on a bike and explore the fenlands.


In celebration of #CycleToWorkDay, we’ve brought together a collection of some of our favourite bike-themed Raspberry Pi projects, perfect for those of you who enjoy a bike ride — or a pint!

Bicycle-powered beer dispenser

The Glaswegian company Bright Signals was tasked with a tasty project: create something for Menabrea that ties in with the Giro d’Italia cycle race passing close to the beer brewery in Biella, Northern Italy.

Menabrea Beer Bike Raspberry Pi #CycleToWorkDay

The result? This pedal- and Pi-powered beer dispenser that went on a 4-week celebratory tour ending in Glasgow.

You can learn more about this project here.

A rather dandy Pi-assisted Draisine

For a minute in the 1800s, before the introduction of pedal power, the balance bike, or Draisine, was the fun new way of getting from A to B.

Draisine 200.0

Uploaded by ecomentode on 2017-06-08.

A team at Saarland University, Germany, headed by Prof. Holger Hermanns modernised the Draisine, bringing this old vehicle up to date with power assistance thanks to the Raspberry Pi.

Read more about this Draisine here.

Raspberry Pi–powered cycle helmet

Jen Fox’s Raspberry Pi safety helmet prototype uses an accelerometer and a Raspberry Pi Zero to monitor impact force, notifying the cyclist whether or not the impact of their fall deserves medical attention.

Make an Impact Force Monitor!

Check out my latest Hacker in Residence project for SparkFun Electronics: the Helmet Guardian! It’s a Pi Zero powered impact force monitor that turns on an LED if your head/body experiences a potentially dangerous impact. Install in your sports helmets, bicycle, or car to keep track of impact and inform you when it’s time to visit the doctor.

While you should always seek medical attention if you have a bike accident, the notification LED on the helmet is a great way of reminding stubborn cyclists that their accident was more than just a tumble.

Learn more about Jen’s build here!

Matt’s smart bike light

This one comes up in conversation A LOT at Pi Towers. Matt Richardson’s smart bike light project uses a Raspberry Pi and hall effect sensor to determine the speed you’re cycling at; a project displays your speed in front of the bike.

Raspberry Pi Dynamic Bike Headlight Prototype and Test

Here’s the first prototype of the Dynamic Bike Headlight. I managed to get it out onto the street to try it out, too! My previous video about it: View other videos on the vlog: Subscribe here: Visit my site:

For those who know Matt Richardson, we hope you appreciated this blast-from-the-past, beardless Matt. In fact, we know you did.

Find out more about this bike light here.

The Bicrophonic Sonic Bike

British sound artist Kaffe Matthews has created a new type of cycling experience. The cyclist divides a virtual map into zones, and the Bicrophonic Sonic Bike plays back music to the rider based on which zone they are in, courtesy of an on-board Raspberry Pi with GPS dongle and speakers.

What is Bicrophonics?

Bicrophonics is about the mobility of sound, experienced and shared within a moving space, free of headphones and free of the internet. Music made by the journey you take, played with the space that you move through. The Bicrophonic Research Institute (BRI)

As you can see from the video, the sound played can range from the calming peace of the countryside to the rather loud, disturbing buzz of the city.

Learn more about the tech behind the project here.

Hacked Kindle bike computer

David Schneider’s bike computer displays speed, distance, time and more on a Kindle he hacked with the help of a Raspberry Pi.

DIY: Build A Better Bike Computer

A Raspberry Pi and Kindle make vital information about your bicycle journey readable. Read more:

The experimental browser on the Kindle displays a web page hosted on the Raspberry Pi. And the glare-free E Ink display makes the screen easy to view regardless of light conditions — perfect for sunny weekend bike rides.

Find out more here.

Any others?

Have you hacked your cycling experience with a Raspberry Pi? Do you have a pedal-powered project in the works? Or would you simple like to boast about your bike and cycling achievements? Let’s get the cycle conversation going in the comments below. I’ll start!

The post Some of the best bicycle projects for #CycleToWorkDay appeared first on Raspberry Pi.

Hacking Police Bodycams

Post Syndicated from Bruce Schneier original

Suprising no one, the security of police bodycams is terrible.

Mitchell even realized that because he can remotely access device storage on models like the Fire Cam OnCall, an attacker could potentially plant malware on some of the cameras. Then, when the camera connects to a PC for syncing, it could deliver all sorts of malicious code: a Windows exploit that could ultimately allow an attacker to gain remote access to the police network, ransomware to spread across the network and lock everything down, a worm that infiltrates the department’s evidence servers and deletes everything, or even cryptojacking software to mine cryptocurrency using police computing resources. Even a body camera with no Wi-Fi connection, like the CeeSc, can be compromised if a hacker gets physical access. “You know not to trust thumb drives, but these things have the same ability,” Mitchell says.

BoingBoing post.

Refreshing an Amazon ECS Container Instance Cluster With a New AMI

Post Syndicated from Nathan Taber original

This post contributed by Subhrangshu Kumar Sarkar, Sr. Technical Account Manager at AWS

The Amazon ECS–optimized Amazon Machine Image (AMI) comes prepackaged with the Amazon Elastic Container Service (ECS) container agent, Docker, and the ecs-init service. When updates to these components are released, try to integrate them as quickly as possible. Doing so helps you maintain a safe, secure, and reliable environment for running your containers.

Each release of the ECS–optimized AMI includes bug fixes and feature updates. AWS recommends refreshing your container instance fleet with the latest AMI whenever possible, rather than trying to patch instances in-place. Periodical replacement of your ECS instances aligns with the immutable infrastructure paradigm, which is less prone to human error. It’s also less susceptible to configuration drift because infrastructure is managed through code.

In this post, I show you how to manually refresh the container instances in an active ECS cluster with new container instances built from a newly released AMI. You also see how to refresh the ECS instance fleet when it is part of an Auto Scaling group, and when it is not.

Solution Overview

The following flow chart shows the strategy to be used in refreshing the cluster.


  • An AWS account with enough room to accommodate “ECS cluster instance count” number of more Amazon EC2 instances, in addition to the existing EC2 instances that you already have during the refresh period. If you have a total of 10 t2.medium instances in an AWS Region where an ECS cluster with four container instances is running, you should be able to spawn four more t2.medium instances. Your instance count comes down to 10 again, after your old instances are de-registered and terminated at the end of the refresh period.
  • An existing ECS cluster (preferably with one or more container instances built with an old AMI), with or without a service running on it.
  • A Linux system with the AWS CLI and JQ installed. This allows you to try the programmatic method of refreshing the cluster. You can SSH into an EC2 virtual machine if you do not have local access to a Linux system.
  • An IAM user with permissions to view ECS resources, deregister and terminate the ECS instances, revise a task definition, and update a service.
  • A specified AWS Region. In this post, the cluster is in us-east-1 and that is the region for all AWS CLI commands mentioned.

Use the following steps to test if you have all the resources and permissions to proceed.

Using the AWS CLI

Run the following command:

# aws ecs list-clusters
Sample output:
    "clusterArns": [

Choose the cluster to refresh. In my case, the cluster name is workshop-app-cluster, with a service named “workshop-service” running on this cluster.

# aws ecs describe-clusters --clusters <cluster name>

Sample output:

    "clusters": [
        "status": "ACTIVE",
        "statistics": [],
        "clusterName": "workshop-app-cluster",
        "registeredContainerInstancesCount": 7,
        "pendingTasksCount": 0,
        "runningTasksCount": 3,
        "activeServicesCount": 1,
        "clusterArn": "arn:aws:ecs:us-east-1:012345678910:cluster/workshop-app-cluster"
    "failures": []

Using the AWS Console

  1. Open the Amazon ECS console.
  2. On the clusters page, select the cluster to refresh.

You should be able to see the details of the services, tasks, and the container instance on the respective tabs.

1. Retrieve the latest ECS–optimized AMI metadata

Previously, to make sure that you were using the latest ECS–optimized AMI, you had to either consult the ECS documentation or subscribe to the ECS AMI Amazon SNS topic.

Now, you can query the AWS Systems Manager Parameter Store API to get the latest AMI version ID or a list of available AMI IDs and their corresponding Docker runtime and ECS agent versions. You can query the Parameter Store API using the AWS CLI or any of the AWS SDKs. In fact, you can now use a Systems Manager parameter in AWS CloudFormation to launch EC2 instances with the latest ECS-optimized AMI.

Run the following command:

aws ssm get-parameters --names /aws/service/ecs/optimized-ami/amazon-linux/recommended --query "Parameters[].Value" --output text | jq .

Sample output:

    "schema_version": 1,
    "image_name": "amzn-ami-2017.09.l-amazon-ecs-optimized",
    "image_id": "ami-aff65ad2",
    "os": "Amazon Linux",
    "ecs_runtime_version": "Docker version 17.12.1-ce",
    "ecs_agent_version": "1.17.3"

The image_id is the image ID for the latest ECS–optimized AMI in the Region in which you are operating.

Note: At the time of publication, querying Parameter Store is not possible through the console.

2. Find all outdated container instances

Use the following steps to find all container instances not built with the latest ECS–optimized AMI, which should be refreshed.

Using the AWS CLI

Run the following command on your ECS cluster with the image_id value that you got from the ssm get-parameters command:

aws ecs list-container-instances --cluster <cluster name> --filter "attribute:ecs.ami-id != <image_id>"

Sample output:

    "containerInstanceArns": [

Now, find the corresponding EC2 instance IDs for these container instances. The IDs are then used to find the corresponding Auto Scaling group from which to detach the instances.

aws ecs list-container-instances --cluster <cluster name> --filter "attribute:ecs.ami-id != <image_id>"| \
jq -c '.containerInstanceArns[]' | \
xargs aws ecs describe-container-instances --cluster <cluster name> --container-instances | \
jq '[.containerInstances[]|{(.containerInstanceArn) : .ec2InstanceId}]'

Sample output:

        "arn:aws:ecs:us-east-1:012345678910:container-instance/2db66342-5f69-4782-89a3-f9b707f979ab": "i-08e8cfc073db135a9"
        "arn:aws:ecs:us-east-1:012345678910:container-instance/4649d3ab-7f44-40a2-affb-670637c86aad": "i-02dd87a0b28e8575b"

An ECS container instance is an EC2 instance that is running the ECS container agent and has been registered into a cluster. In the above sample output:

  • 2db66342-5f69-4782-89a3-f9b707f979ab is the container instance ID
  • i-08e8cfc073db135a9 is an EC2 instance ID

Using the AWS Console

  1. In the ECS console, choose Clusters, select the cluster, and choose ECS Instances.
  2. Select Filter by attributes and choose ecs:ami-id as the attribute on which to filter.
  3. Select an AMI ID that is not same as the latest AMI ID, in this case ami-aff65ad2.

For all resulting ECS instances, the container instance ID and the EC2 instance IDs are both visible.

3. List the instances that are part of an Auto Scaling group

If your cluster was created with the console first-run experience after November 24, 2015, then the Auto Scaling group associated with the AWS CloudFormation stack created for your cluster can be scaled up or down to add or remove container instances. You can perform this scaling operation from within the ECS console.

Use the following steps to list the outdated ECS instances that are part of an Auto Scaling group.

Using the AWS CLI

Run the following command:

aws autoscaling describe-auto-scaling-instances --instance-ids <instance id #1> <instance id #2>

Sample output:

    "AutoScalingInstances": [
        "ProtectedFromScaleIn": false,
        "AvailabilityZone": "us-east-1b",
        "InstanceId": "i-02dd87a0b28e8575b",
        "AutoScalingGroupName": "EC2ContainerService-workshop-app-cluster-EcsInstanceAsg-1IVVUK4CR81X1",
        "HealthStatus": "HEALTHY",
        "LifecycleState": "InService"
        "ProtectedFromScaleIn": false,
        "AvailabilityZone": "us-east-1a",
        "InstanceId": "i-08e8cfc073db135a9",
        "AutoScalingGroupName": "EC2ContainerService-workshop-app-cluster-EcsInstanceAsg-1IVVUK4CR81X1",
        "HealthStatus": "HEALTHY",
        "LifecycleState": "InService"

The response shows that the instances are part of the EC2ContainerService-workshop-app-cluster-EcsInstanceAsg-1IVVUK4CR81X1 Auto Scaling group.

Using the AWS Console

If the ECS cluster was created from the console, you likely have an associated CloudFormation stack. By default, the stack name is EC2ContainerService-cluster_name.

  1. In the CloudFormation console, select the cluster, choose Outputs, and note the corresponding stack for your cluster.
  2. In the EC2 console, choose Auto Scaling groups.
  3. Select the group and check that the EC2 instance IDs for the ECS instance are registered.

4. Create a new Auto Scaling group

If the container instances are not part of any Auto Scaling group, create a new group from one of the existing container instances and then add all other container instances to it. A launch configuration is automatically created for the new Auto Scaling group.

Using the AWS CLI

Run the following command to create an Auto Scaling group using the EC2 instance ID for an existing container instance:

aws autoscaling create-auto-scaling-group --auto-scaling-group-name <auto-scaling-group-name> --instance-id <instance-id> --min-size 0 --max-size 3

Keep the min-size parameter to 0 and max-size to greater than the number of instances that you are going to add to this Auto Scaling group.

At this point, your Auto Scaling group does not contain any instances. Neither does it have any of the subnets or Availability Zones of any of the old instances, other than the instance from which you made the Auto Scaling group. To add all old instances (including the one from which the Auto Scaling group was created) to this Auto Scaling group, find the subnets and Availability Zones to which they are attached.

Run the following commands:

aws ec2 describe-instances --instance-id <instance-id> --query "Reservations[].Instances[].NetworkInterfaces[].SubnetId" --output text

aws ec2 describe-instances --instance-id <instance-id> --query "Reservations[].Instances[].Placement.AvailabilityZone" --output text

After you have all the Availability Zones and subnets to be added to the Auto Scaling group, run the following command to update the Auto Scaling group:

aws autoscaling update-auto-scaling-group --vpc-zone-identifier <subnet-1>,<subnet-2> --auto-scaling-group-name <auto-scaling-group-name> --availability-zones <availability-zone1> <availability-zone2>

You are now ready to add all the old instances to this Auto Scaling group. Run the following command:

aws autoscaling attach-instances --instance-ids <instance-id 1> <instance-id 2> --auto-scaling-group-name <auto-scaling-group-name>

Now, all existing container instances are part of an Auto Scaling group, which is attached to a launch configuration capable of launching instances with the old AMI.

When you attach instances, Auto Scaling increases the desired capacity of the group by the number of instances being attached.

Using the AWS Console

To create an Auto Scaling group from an existing container instance, do the following steps:

  1. In the ECS console, on the EC2 Instances tab, open the EC2 instance ID for the container instance.
  2. Select the instance and choose Actions, Instance Settings, and Attach to Auto Scaling Group.
  3. On the Attach to Auto Scaling Group page, select a new Auto Scaling group, enter a name for the group, and then choose Attach.

The new Auto Scaling group is created using a new launch configuration with the same name that you specified for the Auto Scaling group. The launch configuration gets its settings (for example, security group and IAM role) from the instance that you attached. The Auto Scaling group also gets settings (for example, Availability Zone and subnet) from the instance that you attached, and has a desired capacity and maximum size of 1.

Now that you have an Auto Scaling group and launch configuration ready, add the max value for the Auto Scaling group to the total number of exiting container instances in the ECS cluster.

To add other container instances of the ECS cluster to this Auto Scaling group:

  1. On the navigation pane, under Auto Scaling, choose Auto Scaling Groups, select the new Auto Scaling group, and choose Edit.
  2. Add subnets for other instances to the Subnet(s) section and save the configuration.
  3. For each of the other container instances of the cluster, open the EC2 instance ID, select the instance, and then choose Actions, Instance Settings, and Attach to Auto Scaling Group.
  4. On the Attach to Auto Scaling Group page, select an existing Auto Scaling group, select the Auto Scaling group that you just created, and then choose Attach.
  5. If the instance doesn’t meet the criteria (for example, if it’s not in the same Availability Zone as the Auto Scaling group), you get an error message with the details. Choose Close and try again with an instance that meets the criteria.

5. Create a new launch configuration

Create a new launch configuration for the Auto Scaling group. This launch configuration should be able to launch instances with the new ECS–optimized AMI. It should also put the user data in the instances to allow them to join the ECS cluster when they are created.

Using the AWS CLI

First, run the following command to get the launch configuration for the Auto Scaling group:

aws autoscaling describe-auto-scaling-groups --auto-scaling-group-names <Auto Scaling group name> --query AutoScalingGroups[].LaunchConfigurationName --output text

Sample output:


Now, create a new launch configuration with the new image ID from this existing launch configuration. Create a launch configuration called New-AMI-launch. Substitute the existing launch configuration name for launch-configuration-name and the image ID corresponding to the new AMI for image_id.
aws autoscaling describe-launch-configurations --launch-configuration-name \
<launch-configuration-name> --query "LaunchConfigurations[0]" | \
jq 'del(.LaunchConfigurationARN)' | jq 'del(.CreatedTime)' | \
jq 'del(.KernelId)' | jq 'del(.RamdiskId)' | \
jq '. += {"LaunchConfigurationName": "New-AMI-launch"}' | \
jq '. += {"ImageId": "<image_id>"}' > new-launch-config.json

aws autoscaling create-launch-configuration --cli-input-json file://new-launch-config.json

At this point, the New-AMI-launch launch configuration is ready. Update the Auto Scaling group with the new launch configuration:

aws autoscaling update-auto-scaling-group --auto-scaling-group-name <auto-scaling-group-name> --launch-configuration-name New-AMI-launch

To add block devices to the launch configuration, you can always override the block device mapping for the new launch configuration.

Using the AWS Console

  1. On the Auto Scaling groups page, choose Details in the bottom pane and note the launch configuration for your Auto Scaling group.
  2. On the Launch configurations page, select the launch configuration and choose Copy launch configuration.
  3. On the AMI details page, choose Edit AMI.
  4. In the search box, enter the latest AMI image ID (in this case, ami-aff65ad2) and choose Select.
  5. On the Configure details page, enter a new name for the launch configuration.
  6. Keep everything else the same and choose Create.
  7. On the Auto Scaling groups page, choose Edit.
  8. Select the newly created launch configuration and choose Save.

6. Detach the old ECS instances from the Auto Scaling group

Now that you have a new launch configuration with the Auto Scaling group, detach the old instances from the group.

For every old instance detached, add a new instance through the new launch configuration. This keeps the desired count for the Auto Scaling group unchanged.

Using the AWS CLI

Run the following command:

aws autoscaling detach-instances --instance-ids <instance id #1> <instance id #2> --auto-scaling-group-name <auto-scaling-group-name> --no-should-decrement-desired-capacity

When this is done, the following command should show a blank result:

aws autoscaling describe-auto-scaling-instances --instance-ids <instance id #1> <instance id #2>

The following command should show the new ECS instances, for every old instance detached from the Auto Scaling group:

aws ecs list-container-instances --cluster <cluster name>

The old container instances have been detached from the Auto Scaling group but they are still registered in the ECS cluster.

Using the AWS Console

  1. On the Auto Scaling groups page, select the group.
  2. On the instance tab, select the old container instances.
  3. In the bottom pane, choose Actions, Detach.
  4. In the Detach Instances dialog box, select the check box for Add new instances to the Auto Scaling group to balance the load and choose Detach instances.

7. Revise the task definition and update the service

Now revise the task definition in use to impose a constraint. Subsequent tasks spawned from this task definition are hosted only on ECS instances built with the new AMI.

Using the AWS CLI

Run the following command to get the task definition for the service running on the cluster:

aws ecs describe-services --cluster <cluster name> \
--services <service arn> \
--query "services[].deployments[].["taskDefinition"]" --output text

Sample output


Here, workshop-task is the family and 9 is the revision. Now, update the task definition with the constraint. Use the built-in attribute, ecs.ami-id, to impose the constraint. Replace the image_id value in the following command with the value found by querying Parameter Store.
aws ecs describe-task-definition --task-definition <task definition family:revision> --query taskDefinition | \
jq '. + {placementConstraints: [{"expression": "attribute:ecs.ami-id == <image_id>", "type": "memberOf"}]}' | \
jq 'del(.status)'| jq 'del(.revision)' | jq 'del(.requiresAttributes)' | \
jq '. + {containerDefinitions:[.containerDefinitions[] + {"memory":256, "memoryReservation": 128}]}'| \
jq 'del(.compatibilities)' | jq 'del(.taskDefinitionArn)' > new-task-def.json

Even if your original container definition doesn’t have a memory or memoryReservation key, you must provide one of those values while updating the task definition. For this post, I have used the task-level memory allocation value (256) and an arbitrary value (128) for those keys, respectively.

aws ecs register-task-definition --cli-input-json file://new-task-def.json

You should now have a new revised version of the task definition. In this example, it’s workshop-task:10.

8. Update the service with the revised task definition

Use the following steps to add the revised task definition to the service.

Using the AWS CLI

Run the following command to update the service with the revised task definition:

aws ecs update-service --cluster <cluster name> --service <service name> --task-definition <task definition family:revised version>

After the service is updated with the revised task definition, the new tasks constituting the service should come up on the new ECS instances, thanks to the constraint in the new task definition.

Use the command on the old container instances until there are no task ARNs in the output:

aws ecs list-tasks --cluster <cluster name> --container-instance <container-instance id #1> --container-instance <container-instance id #2>

Using the AWS Console

  1. In the ECS console, on the Task definitions page, select your task definition and choose Create new revision.
  2. On the Create new revision of task definition page, choose Add constraint.
  3. For Expression, add attribute:ecs.ami-id == <AMI ID for new ECS optimized AMI> and choose Create. You see a new revision of the task definition being created. In this case, workshop-task:10 got created.
  4. To update the service, on the Clusters page, select the service corresponding to the revised task definition.
  5. On the Configure service page, for Task definition, select the appropriate task definition version and choose Next step.
  6. Keep the remaining default values. On the Review page, choose Update service.

On the service page, on the Event tab, you see events corresponding to the old tasks getting stopped new tasks getting started on the new ECS instances.

Wait until no tasks are running on the old ECS instances and you see all tasks starting on the new ECS instances.

9. Deregister and terminate the old ECS instances

Using the AWS CLI

For each of the old container instances, run the following command:

aws ecs deregister-container-instance --cluster <cluster name> --container-instance <container instance id> --query containerInstance.ec2InstanceId

Sample output:


Record the EC2 instance ID and then terminate the instance:

aws ec2 terminate-instances --instance-ids <instance-id>

Using the AWS Console

  1. In the ECS console, choose Clusters, ECS instances.
  2. Keep the EC2 instance ID displayed on the EC2 Instance column and keep the instance detail page open.
  3. Open the container instance ID for the ECS instance to deregister.
  4. On the container instance page, choose Deregister.

After the container instance is deregistered, terminate the instance detail page.

At this point, your ECS cluster has been refreshed with the EC2 instances built with the new ECS–optimized AMI.


In this post, I demonstrated how to refresh the container instances in an active ECS cluster with instances built from a newly released ECS–optimized AMI. You can either use the AWS Management Console or programmatically refresh your ECS cluster in some quick steps.

AWS Fargate is a service that’s designed to remove the need to do these types of operations by running and managing all the EC2 infrastructure necessary to support your containers for you. With Fargate, your containers are always started with the latest ECS agent and Docker version.

I welcome your comments and questions below.

[$] CVE-2018-5390 and “embargoes”

Post Syndicated from jake original

A kernel bug that allows a remote denial of service via crafted packets was
fixed recently and the resulting patch
was merged on July 23. But an announcement of the flaw
(which is CVE-2018-5390)
was not released until August 6—a two-week window where users
were left in the dark. It was not just the patch that might have alerted
attackers; the flaw was publicized in other ways, as well,
before the announcement, which has led to some discussion of embargo
policies on the oss-security mailing list. Within free-software circles,
embargoes are generally seen as a necessary evil, but delaying the
disclosure of an already-public bug does not sit well.

[$] Meltdown strikes back: the L1 terminal fault vulnerability

Post Syndicated from corbet original

The Meltdown CPU vulnerability, first disclosed in early January, was frightening
because it allowed unprivileged attackers to easily read arbitrary memory
in the system. Spectre, disclosed at the same time, was harder to exploit
but made it possible for guests running in virtual machines to attack the
host system and other guests. Both vulnerabilities have been mitigated to
some extent
(though it will take a long time to even find
all of the Spectre
, much less protect against them). But now the newly
“L1 terminal fault” (L1TF) vulnerability
(also going by the name Foreshadow) brings back both
threats: relatively
easy attacks against host memory from inside a guest. Mitigations are
available (and have been merged
into the mainline kernel
), but they will be expensive for some users.

Minio as an S3 Gateway for Backblaze B2 Cloud Storage

Post Syndicated from Roderick Bauer original

Minio + B2

While there are many choices when it comes to object storage, the largest provider and the most recognized is usually Amazon’s S3. Amazon’s set of APIs to interact with their cloud storage, often just called “S3,” is frequently the first integration point for an application or service needing to send data to the cloud.

One of the more frequent questions we get is “how do I jump from S3 to B2 Cloud Storage?” We’ve previously highlighted many of the direct integrations that developers have built on B2: here’s a full list.

Another way to work with B2 is to use what is called a “cloud storage gateway.” A gateway is a service that acts as a translation layer between two services. In the case of Minio, it enables customers to take something that was integrated with the S3 API and immediately use it with B2.

Before going further, you might ask “why didn’t Backblaze just create an S3 compatible service?” We covered that topic in a recent blog post, Design Thinking: B2 APIs (& The Hidden Costs of S3 Compatibility). The short answer is that our architecture enables some useful differentiators for B2. Perhaps most importantly, it enables us to sustainably offer cloud storage at a ¼ of the price of S3, which you will really appreciate as your application or service grows.

However, there are situations when a customer is already using the S3 APIs in their infrastructure and want to understand all the options for switching to B2. For those customers, gateways like Minio can provide an elegant solution.

What is Minio?

Minio is an open source, multi-cloud object storage server and gateway with an Amazon S3 compatible API. Having an S3-compatible API means once configured, Minio acts as a gateway to B2 and will automatically and transparently put or get data into a Backblaze B2 account.

Backup, archive or other software that supports the S3 protocol can be configured to point at Minio. Minio internally translates all the incoming S3 API calls into equivalent B2 storage API calls, which means that all Minio buckets and objects are stored as native B2 buckets and objects. The S3 object layer is transparent to the applications that use the S3 API. This enables the simultaneous use of both Amazon S3 and B2 APIs without compromising any features.

Minio has become a popular solution, with over 113.7M+ Docker pulls. Minio implements the Amazon S3 v2/v4 API in the Minio client, AWS SDK, and in the AWS CLI.

Minio and B2

To try it out, we configured a MacBook Pro with a Docker container for the latest version of Minio. It was a straightforward matter to install the community version of Docker on our Mac and then install the container for Minio.

You can follow the instructions on GitHub for configuring Minio on your system.

In addition to using Minio with S3-compatible applications and creating new integrations using their SDK, one can use Minio’s Command-line Interface (CLI) and the Minio Browser to access storage resources.

Command-line Access to B2

We installed the Minio client (mc), which provides a modern CLI alternative to UNIX coreutils such as ls, cat, cp, mirror, diff, etc. It supports filesystems and Amazon S3 compatible cloud storage services. The Minio client is supported on Linux, Mac, and Windows platforms.

We used the command below to add the alias “myb2” to our host to make it easy to access our data.

mc config host add myb2 \
 http://localhost:9000 b2_account_id b2_application_key

Minio client commands

Once configured, you can use mc subcommands like ls, cp, mirror to manage your data.

Here’s the Minio client command to list our B2 buckets:

mc ls myb2

And the result:

Minio client

Browsing Your B2 Buckets

Minio Gateway comes with an embedded web based object browser that makes it easy to access your buckets and files on B2.

Minio browser

Minio is a Great Way to Try Out B2

Minio is designed to be straightforward to deploy and use. If you’re using an S3-compatible integration, or just want to try out Backblaze B2 using your existing knowledge of S3 APIs and commands, then Minio can be a quick solution to getting up and running with Backblaze B2 and taking advantage of the lower cost of B2 cloud storage.

The post Minio as an S3 Gateway for Backblaze B2 Cloud Storage appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

Getting started with your Raspberry Pi

Post Syndicated from Alex Bate original

Here on the Raspberry Pi blog, we often share impressive builds made by community members who have advanced making and coding skills. But what about those of you who are just getting started?

Getting started with Raspberry Pi

For you, we’ve been working hard to update and polish our Getting started resources, including a brand-new video to help you get to grips with your new Pi.

Getting started with Raspberry Pi

Whether you’re new to electronics and the Raspberry Pi, or a seasoned pro looking to share your knowledge and skills with others, sit back and watch us walk you through the basics of setting up our powerful little computer.

How to set up your Raspberry Pi || Getting started with #RaspberryPi

Learn how to set up your Raspberry Pi for the first time, from plugging in peripherals to loading Raspbian.

We’ve tried to make this video as easy to follow as possible, with only the essential explanations and steps.

getting started with raspberry pi

As with everything we produce, we want this video to be accessible to the entire world, so if you can translate its text into another language, please follow this link to submit your translation directly through YouTube. You can also add translations to our other YouTube videos here! As a thank you, we’ll display your username in the video descriptions to acknowledge your contributions.

New setup guides and resources

Alongside our shiny new homepage, we’ve also updated our Help section to reflect our newest tech and demonstrate the easiest way for beginners to start their Raspberry Pi journey. We’re now providing a first-time setup guide, and also a walk-through for using your Raspberry Pi that shows you all sort of things you can do with it. And with guides to our official add-on devices and a troubleshooting section, our updated Help page is your one-stop shop for getting the most out of your Pi.

getting started with raspberry pi

For parents and teachers, we offer guides on introducing Raspberry Pi and digital making to your children and students. And for those of you who are visual learners, we’ve curated a collection of our videos to help you get making.

As with our videos, we’re looking for people whose first language isn’t English to help us translate our resources. If you’re able to donate some of your time to support this cause, please sign up here.

The forums

We’re very proud of our forum community. Since the birth of the Raspberry Pi, our forums have been the place to go for additional support, conversation, and project bragging.

Raspberry Pi forums

If your question isn’t answered on our Help page, there’s no better place to go than the forums. Nine times out of ten, your question will already have been asked and answered there! And if not, then our friendly forum community will be happy to share their wealth of knowledge and help you out.

Events and clubs

Raspberry Pi and digital making enthusiasts come together across the world at various events and clubs, including Raspberry Jams, Code Club and CoderDojo, and Coolest Projects. These events are perfect for learning more about how people use Raspberry Pi and other technologies for digital making — as a hobby and as a tool for education.

getting started with raspberry pi

Keep up to date

To keep track of all the goings-on of the Raspberry Pi Foundation, be sure to follow us on Twitter, Facebook, and Instagram, and sign up to our Raspberry Pi Weekly newsletter and the monthly Raspberry Pi LEARN education newsletter.

The post Getting started with your Raspberry Pi appeared first on Raspberry Pi.

Google Tracks its Users Even if They Opt-Out of Tracking

Post Syndicated from Bruce Schneier original

Google is tracking you, even if you turn off tracking:

Google says that will prevent the company from remembering where you’ve been. Google’s support page on the subject states: “You can turn off Location History at any time. With Location History off, the places you go are no longer stored.”

That isn’t true. Even with Location History paused, some Google apps automatically store time-stamped location data without asking.

For example, Google stores a snapshot of where you are when you merely open its Maps app. Automatic daily weather updates on Android phones pinpoint roughly where you are. And some searches that have nothing to do with location, like “chocolate chip cookies,” or “kids science kits,” pinpoint your precise latitude and longitude ­- accurate to the square foot -­ and save it to your Google account.

On the one hand, this isn’t surprising to technologists. Lots of applications use location data. On the other hand, it’s very surprising — and counterintuitive — to everyone else. And that’s why this is a problem.

I don’t think we should pick on Google too much, though. Google is a symptom of the bigger problem: surveillance capitalism in general. As long as surveillance is the business model of the Internet, things like this are inevitable.

BoingBoing story.

Good commentary.

[$] The importance of being noisy

Post Syndicated from corbet original

Hundreds (at least) of kernel bugs are fixed every month. Given the
kernel’s privileged position within the system, a relatively large portion
of those bugs have security implications. Many bugs are relatively easily
noticed once they are triggered; that leads to them being fixed. Some
bugs, though, can be hard to detect, a result that can be worsened by the
design of in-kernel APIs. A proposed change to how user-space accessors
work will, hopefully, help to shine a light on one class of stealthy bugs.

Identifying Programmers by their Coding Style

Post Syndicated from Bruce Schneier original

Fascinating research de-anonymizing code — from either source code or compiled code:

Rachel Greenstadt, an associate professor of computer science at Drexel University, and Aylin Caliskan, Greenstadt’s former PhD student and now an assistant professor at George Washington University, have found that code, like other forms of stylistic expression, are not anonymous. At the DefCon hacking conference Friday, the pair will present a number of studies they’ve conducted using machine learning techniques to de-anonymize the authors of code samples. Their work could be useful in a plagiarism dispute, for instance, but it also has privacy implications, especially for the thousands of developers who contribute open source code to the world.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.