Post Syndicated from Patrick Kennedy original https://www.servethehome.com/traffic-analytics-at-the-olympic-games-paris-2024-venues-intel/
At the Olympic Games Paris 2024, we got to see the live dashboard providing traffic analytics in various event venues
The post Traffic Analytics at the Olympic Games Paris 2024 Venues appeared first on ServeTheHome.
Post Syndicated from Vasil Kolev original https://vasil.ludost.net/blog/?p=3483
Отпразнувахме го подобаващо, с разни занимания, включващи пиене, свирене и бордови игри. Имаше хора, които са членове отдавна, имаше хора, които идваха за пръв път, та си беше весело.
Хубаво е, че лабът съществува толкова години. Това е едно от малкото места, на които хора могат да се съберат и да свършат нещо интересно, в почти произволна посока, без някакви особени ограничения и задължения, просто за удоволствието и знанията. През годините са организирани толкова събития, че ми е трудно да ги изброя (във времената, когато бях в управителния съвет си спомням колко дълъг ставаше отчетът за дейността, просто защото целогодишно се случват някакви неща). Без initLab щеше да е доста по-трудна организацията на OpenFest, на доброволците, които ходим на FOSDEM, study групите за Rails Girls, както и на много знайни и незнайни други проекти.
Около свиренето си припомних, че в лаба има един много забавен ефект (така де, любимо звучащия ми дисторжън на тоя свят), и в събота отидох да подрънча малко. Резултатите са (средно зле), нещо с полка ритъм и частта от нещото без distortion, която за някои хора може да е по-слушаема.
(частта без distortion е от края и е по-зле, понеже вече малко ме боляха ръцете, поотвикнал съм)
(също обмислям да проходя някакви лекции в лаба в следващите месеци, понеже имам три започнати и трите не ми харесват изобщо, и се чудя дали ако ги изговоря с някакви други хора може да се получат)
Post Syndicated from corbet original https://lwn.net/Articles/985198/
The
6.10.4,
6.6.45, and
6.1.104
stable kernel updates have been released; each contains another set of
important updates as usual.
Post Syndicated from Oglaf! -- Comics. Often dirty. original https://www.oglaf.com/chains/
Post Syndicated from Patrick Kennedy original https://www.servethehome.com/digital-twins-at-the-olympic-games-paris-2024-intel/
We take a quick look at how the Olympic Games Paris 2024 organizers created digital twins of Olympic Venues
The post Digital Twins at the Olympic Games Paris 2024 appeared first on ServeTheHome.
Post Syndicated from Techmoan original https://www.youtube.com/watch?v=3MQCkny4GJc
Post Syndicated from jake original https://lwn.net/Articles/984720/
It is something of a DebConf tradition that members of the Debian Technical
Committee (TC) take the stage to talk about the work that the committee
does—and more. DebConf24 in
Busan, South Korea was no exception, as TC chair Sean Whitton, who
will complete his term at the end of the year, and one
of its newest members, Stefano Rivera, described the constitutional
underpinnings of the TC, how it tries to make decisions when it needs to,
and the constant process of recruiting new members. After that, they took
a few questions from the audience. The session provided a nice overview of
the TC and its role in Debian, but it may well be of interest further afield.
Post Syndicated from The History Guy: History Deserves to Be Remembered original https://www.youtube.com/watch?v=9LRs8TkDY_A
Post Syndicated from Rohit Kumar original https://www.servethehome.com/yuanley-ys100-0800tp-8-port-10gbase-t-switch-with-poe-is-so-close-realtek/
In our YuanLey YS100-0800TP review, we see how this 8-port 10Gbase-T switch with PoE+ fares as one of the cheapest 10GbE PoE switches around
The post YuanLey YS100-0800TP 8-Port 10Gbase-T Switch With PoE Is So Close appeared first on ServeTheHome.
Post Syndicated from corbet original https://lwn.net/Articles/985043/
The Canonical Kernel Team has announced
a new policy regarding the version of the kernel that will ship with each
Ubuntu release; the result will generally be the shipping of newer
releases.
To provide users with the absolute latest in features and hardware
support, Ubuntu will now ship the absolute latest available version
of the upstream Linux kernel at the specified Ubuntu release freeze
date, even if upstream is still in Release Candidate (RC) status.
The post goes on to acknowledge that “there are issues with this
“; there are a lot of policy details that will apply depending
approach
on just how raw the shipped kernel is.
Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2024/08/friday-squid-blogging-squid-is-a-new-computational-tool-for-analyzing-genomic-ai.html
Yet another SQUID acronym:
SQUID, short for Surrogate Quantitative Interpretability for Deepnets, is a computational tool created by Cold Spring Harbor Laboratory (CSHL) scientists. It’s designed to help interpret how AI models analyze the genome. Compared with other analysis tools, SQUID is more consistent, reduces background noise, and can lead to more accurate predictions about the effects of genetic mutations.
Post Syndicated from Zachary Goldman original https://blog.rapid7.com/2024/08/09/metasploit-weekly-wrap-up-08-09-2024/
Hopefully folks were able to catch our Rapid7 researchers @zeroSteiner & Jack Heysel show off the Metasploit 6.4’s features, focusing on combinations that allow for new, streamlined attack workflows at Black Hat. If not they will also be demoing at DEF CON tomorrow in room W304!
Authors: Amos Ng and Michael Heinzl
Type: Exploit
Pull request: #19357 contributed by h4x-x0r
Path: multi/misc/calibre_exec
AttackerKB reference: CVE-2024-6782
Description: Adds a module targeting CVE-2024-6782, an unauthenticated Python code injection vulnerability in the Content Server component of Calibre v6.9.0 – v7.14.0. Once enabled (disabled by default), it will listen in its default configuration on all network interfaces on TCP port 8080 for incoming traffic. The injected payload will get executed in the same context under which Calibre is being executed.
MeterpreterDebugBuild is enabled.You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.
As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:
If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
commercial edition Metasploit Pro
Post Syndicated from Talks at Google original https://www.youtube.com/watch?v=UA_Hl3doHzA
Post Syndicated from Valdiney Gomes original https://aws.amazon.com/blogs/big-data/migrate-amazon-redshift-from-dc2-to-ra3-to-accommodate-increasing-data-volumes-and-analytics-demands/
This is a guest post by Valdiney Gomes, Hélio Leal, Flávia Lima, and Fernando Saga from Dafiti.
As businesses strive to make informed decisions, the amount of data being generated and required for analysis is growing exponentially. This trend is no exception for Dafiti, an ecommerce company that recognizes the importance of using data to drive strategic decision-making processes. With the ever-increasing volume of data available, Dafiti faces the challenge of effectively managing and extracting valuable insights from this vast pool of information to gain a competitive edge and make data-driven decisions that align with company business objectives.
Amazon Redshift is widely used for Dafiti’s data analytics, supporting approximately 100,000 daily queries from over 400 users across three countries. These queries include both extract, transform, and load (ETL) and extract, load, and transform (ELT) processes and one-time analytics. Dafiti’s data infrastructure relies heavily on ETL and ELT processes, with approximately 2,500 unique processes run daily. These processes retrieve data from around 90 different data sources, resulting in updating roughly 2,000 tables in the data warehouse and 3,000 external tables in Parquet format, accessed through Amazon Redshift Spectrum and a data lake on Amazon Simple Storage Service (Amazon S3).
The growing need for storage space to maintain data from over 90 sources and the functionality available on the new Amazon Redshift node types, including managed storage, data sharing, and zero-ETL integrations, led us to migrate from DC2 to RA3 nodes.
In this post, we share how we handled the migration process and provide further impressions of our experience.
Amazon Redshift is a fully managed data warehouse service, and was adopted by Dafiti in 2017. Since then, we’ve had the opportunity to follow many innovations and have gone through three different node types. We started with 115 dc2.large nodes and with the launch of Redshift Spectrum and the migration of our cold data to the data lake, then we considerably improved our architecture and migrated to four dc2.8xlarge nodes. RA3 introduced many features, allowing us to scale and pay for computing and storage independently. This is what brought us to the current moment, where we have eight ra3.4xlarge nodes in the production environment and a single node ra3.xlplus cluster for development.
Given our scenario, where we have many data sources and a lot of new data being generated every moment, we came across a problem: the 10 TB we had available in our cluster was insufficient for our needs. Although most of our data is currently in the data lake, more storage space was needed in the data warehouse. This was solved by RA3, which scales compute and storage independently. Also, with zero-ETL, we simplified our data pipelines, ingesting tons of data in near real time from our Amazon Relational Database Service (Amazon RDS) instances, while data sharing enables a data mesh approach.
Our first step towards migration was to understand how the new cluster should be sized; for this, AWS provides a recommendation table.
Given the configuration of our cluster, consisting of four dc2.8xlarge nodes, the recommendation was to switch to ra3.4xlarge.
At this point, one concern we had was regarding reducing the amount of vCPU and memory. With DC2, our four nodes provided a total of 128 vCPUs and 976 GiB; in RA3, even with eight nodes, these values were reduced to 96 vCPUs and 768 GiB. However, the performance was improved, with processing of workloads 40% faster in general.
AWS offers Redshift Test Drive to validate whether the configuration chosen for Amazon Redshift is ideal for your workload before migrating the production environment. At Dafiti, given the particularities of our workload, which gives us some flexibility to make changes to specific windows without affecting the business, it wasn’t necessary to use Redshift Test Drive.
We carried out the migration as follows:
The following diagram illustrates the migration architecture.
During the migration, we defined some checkpoints at which a rollback would be performed if something unwanted happened. The first checkpoint was in Step 3, where the reduction in performance in user queries would lead to a rollback. The second checkpoint was in Step 4, if the ETL and ELT processes presented errors or there was a loss of performance compared to the metrics collected from the processes run in DC2. In both cases, the rollback would simply occur by changing the DNS to point to DC2 again, because it would still be possible to rebuild all processes within the defined maintenance window.
The RA3 family introduced many features, allowed scaling, and enabled us to pay for compute and storage independently, which changed the game at Dafiti. Before, we had a cluster that performed as expected, but limited us in terms of storage, requiring daily maintenance to maintain control of disk space.
The RA3 nodes performed better and workloads ran 40% faster in general. It represents a significant decrease in the delivery time of our critical data analytics processes.
This improvement became even more pronounced in the days following the migration, due to the ability in Amazon Redshift to optimize caching, statistics, and apply performance recommendations. Additionally, Amazon Redshift is able to provide recommendations for optimizing our cluster based on our workload demands through Amazon Redshift Advisor recommendations, and offers automatic table optimization, which played a key role in achieving a seamless transition.
Moreover, the storage capacity leap from 10 TB to multiple PB solved Dafiti’s primary challenge of accommodating growing data volumes. This substantial increase in storage capabilities, combined with the unexpected performance enhancements, demonstrated that the migration to RA3 nodes was a successful strategic decision that addressed Dafiti’s evolving data infrastructure requirements.
Data sharing has been used since the moment of migration, to share data between the production and development environment, but the natural evolution is to enable the data mesh at Dafiti through this resource. The limitation we had was the need to activate case sensitivity, which is a prerequisite for data sharing, and which forced us to change some broken processes. But that was nothing compared to the benefits we’re seeing from migrating to RA3.
In this post, we discussed how Dafiti handled migrating to Redshift RA3 nodes, and the benefits of this migration.
Do you want to know more about what we’re doing in the data area at Dafiti? Check out the following resources:
The content and opinions in this post are those of Dafiti’s authors and AWS is not responsible for the content or accuracy of this post.
Valdiney Gomes is Data Engineering Coordinator at Dafiti. He worked for many years in software engineering, migrated to data engineering, and currently leads an amazing team responsible for the data platform for Dafiti in Latin America.
Hélio Leal is a Data Engineering Specialist at Dafiti, responsible for maintaining and evolving the entire data platform at Dafiti using AWS solutions.
Flávia Lima is a Data Engineer at Dafiti, responsible for sustaining the data platform and providing data from many sources to internal customers.
Fernando Saga is a data engineer at Dafiti, responsible for maintaining Dafiti’s data platform using AWS solutions.
Post Syndicated from corbet original https://lwn.net/Articles/984635/
Sometimes, the smallest changes create the longest discussions. As a case
in point, a proposal to make a one-line change in an informational text
file on systems running the Debian unstable distribution has blown up into
an interminable and sometimes unfriendly debate. At its core, though, this
discussion comes down to a seemingly simple question: should a program be
able to determine whether it is running on a Debian testing or unstable
system?
Post Syndicated from daroc original https://lwn.net/Articles/984984/
Researchers from Graz University of Technology have
published details of a new attack
on the Linux kernel called SLUBstick. The attack uses timing information to turn an ability to trigger use-after-free or double-free bugs into the ability to overwrite page tables, and thence into the ability to read and write arbitrary areas of memory. The good news is that this attack does require an existing bug to be usable; the bad news is that the kernel regularly sees bugs of this kind.
We assume that an unprivileged user has code execution.
Additionally, we consider the presence of a heap vulnerability
in the Linux kernel. We assume that the Linux kernel
incorporates all defense mechanisms available in version 6.4, the
most recent Linux kernel version when we started our work.
These mechanisms include features such as WˆX, KASLR,
SMAP, and kCFI. We do not assume any microarchitectural
vulnerabilities, e.g., transient execution, fault
injection, or hardware side channels.
Post Syndicated from Jehu Gray original https://aws.amazon.com/blogs/devops/code-clarity-enhancing-code-understanding-and-efficiency-with-amazon-q-developer/
“All code will become legacy”. This saying, widely recognized amongst software developers, highlights the reality of their day-to-day activities. While writing new code is an integral part of a developer’s role, a significant portion of their time is dedicated to refactoring and maintaining existing codebases.
Developers typically encounter numerous challenges when attempting to understand and work with existing codebases. One of the primary obstacles is the lack of proper code documentation. As projects evolve and developers come and go, the rationale behind design decisions and implementation details can become obscured, making it challenging for new team members to understand the intricacies of the codebase.
Another hurdle is the need to work with unfamiliar or legacy programming languages and frameworks. The rapid pace of technology advancements means that developers must constantly adapt to new tools and libraries, while also maintaining an understanding of older technologies that may still be in use.
Compounding these challenges is the inherent difficulty of understanding code written by others. Even with comprehensive documentation and adherence to best coding practices, the nuances of another developer’s thought process and design decisions can be challenging to decipher. This lack of familiarity can lead to increased risk of introducing bugs or breaking existing functionality during code modifications.
In a bid to address these challenges, organizations must explore innovative solutions that enhance code understanding and improve developer efficiency. By empowering developers with tools that streamline code maintenance and refactoring processes, organizations can unlock their potential for innovation and accelerate their ability to deliver high-quality software products to the market.
In this blog post, we explore how developers in organizations can leverage Amazon Q Developer to simplify the process of understanding and explaining code in order to boost productivity and efficiency.
The following prerequisites are required to make use of Amazon Q Developer in your IDE:
Amazon Q Developer is a generative AI-powered service that helps developers and IT professionals with all of their tasks across the software development lifecycle—from coding, testing, and upgrading, to troubleshooting, performing security scanning and fixes, optimizing AWS resources, and creating data engineering pipelines. Amazon Q Developer aims to simplify code comprehension for developers, making it easier to understand and navigate complex codebases. It leverages advanced machine learning and natural language processing techniques to provide intelligent code analysis and exploration capabilities.
Developers can ask questions about their codebase in natural language and receive concise, relevant answers. Amazon Q Developer can explain the purpose and functionality of code elements, identify dependencies, and provide insights into code structure and architecture. This can significantly reduce the time and effort required to onboard new team members, maintain legacy systems, or refactor existing code. This result in not just better code quality and consistency across teams and projects; Amazon Q Developer also helps developers unlock a new level of productivity and efficiency by allowing them to focus more on innovation.
One of the most powerful uses of Amazon Q Developer is getting natural language explanations of code directly within your integrated development environment (IDE). This can be an invaluable tool when trying to understand legacy code, review code you haven’t touched in a while, or learn how certain programming patterns or algorithms work. Rather than spending so much time reviewing code line-by-line or searching for tutorials, you can leverage Amazon Q Developer to provide insightful explanations.
The process is simple – highlight the section of code you need explained in your IDE, then right-click and select “Explain” from the Amazon Q Developer menu. Amazon Q Developer’s advanced language model will analyze the highlighted code and generate a plain English explanation breaking down what the code is doing line-by-line.
Figure 1 – Selecting the relevant code by highlighting or right-clicking on it.
Figure 2 – Selecting “Explain” to get natural language explanation from Amazon Q Developer
Let’s take a look at an example. If you highlight a few lines of code that creates a reference to an S3 bucket, Amazon Q Developer generates a natural language explanation such as:
Figure 3 – Amazon Q Developer analyzes the selected code and provides an explanation of what the code does in natural language.
Amazon Q Developer continues providing clear explanations of how the code implementation works. This natural language explanation can provide much-needed context and clarity, especially for complex coding patterns. This allows you to quickly catch up on code you haven’t looked at in a while. It can also be an excellent learning tool when researching how certain algorithms or coding techniques work under the hood.
If any part of the explanation is unclear, you can ask Amazon Q Developer follow-up questions using natural language in the chat interface. Amazon Q Developer will use the conversation context and the code to provide clarifying responses to follow-up questions. You can continue the back-and-forth conversation until you fully comprehend the code functionality. Optionally, you can provide feedback to Amazon Q Developer on the quality of its code explanations to help improve the service.
The “Explain” functionality is just one of the ways Amazon Q Developer augments your coding workflow by providing generative AI-powered insights into your code on-demand, right within your familiar IDE environment.
Now let’s dive into more examples.
In this example, let’s assume a developer is working on a coding project that involves path-finding, network optimization and latency. We will use Amazon Q Developer to review code that should find the shortest path tree from a single source node, by building a set of nodes that have minimum distance from the source. This is the popular Djikstra’s algorithm and can be complex for developers that are new to graph theory and its implementation.
The developer can use Amazon Q Developer to understand what the block of code is doing in simple terms.
Here’s the code implementing the algorithm:
Figure 4 – Python code in IDE implementing Djikstra’s Algorithm for path-finding.
Figure 5 – With Amazon Q Developer, you can Explain, Refactor, Fix or Optimize your code.
You can Right-click the highlighted code to open a context window. Choose Send to Amazon Q, then select Explain. Selecting the “Explain” option will prompt Amazon Q Developer to analyze the code and provide a natural language explanation of what the code does.
Figure 6 – Amazon Q Developer will analyze the selected code and provide an explanation of what the code does in natural language.
Amazon Q Developer opens a chat panel on the right within the IDE, where you see the result of choosing the “Explain” option. Amazon Q Developer has analyzed the highlighted code and provided a detailed, step-by-step explanation in the chat panel. This explanation breaks down the complex algorithm in plain, easy-to-understand language, helping the developer better comprehend the purpose and functionality of the code. You can follow-up by asking clarifying questions within the chat panel.
You can also Refactor your code with Amazon Q Developer in order to improve code readability or efficiency, among other improvements.
Here’s how:
Figure 7 – Using Amazon Q Developer to Refactor code.
Highlight the code in the IDE and Refactor the code by first right clicking and selecting “send to Amazon Q”. This allows Amazon Q Developer to analyze the code and suggest ways to improve its readability, efficiency, or other aspects of the implementation. The chat panel provides the developer with the recommended refactoring steps.
Figure 8 – Amazon Q Developer analyzes the selected code and provides an explanation of steps you can take to refactor your code in the chat panel.
In the image above, Amazon Q Developer has carefully reviewed the code and provided a step-by-step plan for the developer to follow in order to refactor the code, making it more concise, maintainable, and aligned with best practices. This collaborative approach between the developer and Amazon Q Developer enables the efficient creation of high-quality, optimized code.
Amazon Q Developer is a game-changer for developers looking to streamline their understanding of complex code segments. By offering natural language explanations within the IDE, Amazon Q Developer eliminates the need for time-consuming manual research or reliance on outdated documentation. Amazon Q Developer’s ability to break down intricate algorithms and unfamiliar syntax, as shown in the preceding examples, empowers developers to tackle even the most challenging codebases with confidence.
Whether you’re a seasoned developer or just starting, Amazon Q Developer is an invaluable tool that simplifies the coding process and makes the coding environment more accessible and easier to navigate. With its seamless integration and user-friendly interface, Amazon Q Developer is poised to become an essential companion for developers worldwide, enabling them to write better code, learn more efficiently, and ultimately, deliver superior software solutions.
Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2024/08/people-search-site-removal-services-largely-ineffective.html
Consumer Reports has a new study of people-search site removal services, concluding that they don’t really work:
As a whole, people-search removal services are largely ineffective. Private information about each participant on the people-search sites decreased after using the people-search removal services. And, not surprisingly, the removal services did save time compared with manually opting out. But, without exception, information about each participant still appeared on some of the 13 people-search sites at the one-week, one-month, and four-month intervals. We initially found 332 instances of information about the 28 participants who would later be signed up for removal services (that does not include the four participants who were opted out manually). Of those 332 instances, only 117, or 35%, were removed within four months.
Post Syndicated from daroc original https://lwn.net/Articles/984966/
Security updates have been issued by AlmaLinux (httpd, kernel, kernel-rt, and libtiff), Debian (postgresql-13, postgresql-15, and thunderbird), Fedora (frr, thunderbird, vim, and xrdp), Gentoo (Librsvg, Nautilus, ncurses, Percona XtraBackup, QEMU, and re2c), Red Hat (httpd, kernel, kernel-rt, openssl, and python-setuptools), SUSE (bind, ffmpeg-4, kubernetes1.23, kubernetes1.24, python-Django, and python3-Twisted), and Ubuntu (linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-raspi, linux-xilinx-zynqmp, linux, linux-aws, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux, linux-aws, linux-gcp, linux-gke, linux-ibm, linux-nvidia, linux-nvidia-6.8, linux-oem-6.8, linux-nvidia-lowlatency, linux-oracle, linux-oracle, linux-oracle-5.4, and salt).
Post Syndicated from Emma Burdett original https://blog.rapid7.com/2024/08/09/key-takeaways-from-the-take-command-summit-unlocking-security-success/
As cybersecurity threats continue to evolve, so must our defenses. The recent Rapid7 Take Command Summit provided invaluable insights into preparing for, responding to, and recovering from ransomware attacks. Here are three essential takeaways from the session, “Before, During, & After Ransomware Attacks,” that every cybersecurity professional should consider.
1. Proactive Defense is Crucial: Fortify your defenses before an attack happens.. According to the panel, comprehensive security measures such as regular patching, network segmentation, and user training are vital. Implementing endpoint detection and response solutions can significantly reduce vulnerabilities. Eddie Bobritsky said, “prevention is always coming before detection and response. Investing in proactive measures is crucial.”
2. Swift Decision-Making During an Attack: During an attack, immediate and decisive action is paramount. Establishing clear protocols and communication channels can mitigate damage effectively. The panel highlighted the importance of isolating infected systems and restricting network access to contain the threat. Robert Knapp said, “swift decision-making is key to minimizing impact and ensuring a successful investigation.”
3. Building Resilience After an Attack: Recovery is a multifaceted effort. Conducting thorough forensic analysis to identify the root causes of the attack and implementing robust data backup and recovery processes are essential steps. Lonnie Best said, “building resilience against the recurrence of ransomware attacks requires proactive security measures and regular security assessments.”
No matter how much you invest in the before stage, it will always be cheaper than dealing with it afterwards.” – Eddy Bobritsky, Senior Director, Product Management, Rapid7
Ransomware attacks are a significant threat, but with the right strategies and proactive measures, organizations can enhance their defenses and build resilience. To dive deeper into these strategies and hear more from the experts, watch the full video from the Rapid7 Take Command Summit.