Post Syndicated from corbet original https://lwn.net/Articles/1040197/
Despite its increasing popularity, the Rust programming language is still
supported by a single compiler, the LLVM-based rustc. At the 2025 GNU Tools
Cauldron, Pierre-Emmanuel Patry said that a lot of people are waiting
for a GCC-based Rust compiler before jumping into the language. Patry, who
is working on just that compiler (known as “gccrs”), provided an update on
the status of that project and what is coming next.
Post Syndicated from Geographics original https://www.youtube.com/watch?v=5vJGiGVPhdQ
Post Syndicated from Technology Connextras original https://www.youtube.com/watch?v=Hzz_d9Y44ZE
Post Syndicated from The Hook Up original https://www.youtube.com/watch?v=Xeugc_Y-mFY
Post Syndicated from jzb original https://lwn.net/Articles/1041078/
Sudden increases in the size of Fedora’s initramfs
files have prompted the project to fast-track a proposal to increase
the default size of the /boot partition for new installs of
Fedora 43 and later. The project has also walked back a few
changes that have contributed to larger initramfs files, but the
ever-increasing size of firmware means that the need for more room is
unavoidable. The Fedora Engineering Steering Council (FESCo) has
approved a last-minute change
just before the final freeze for Fedora 43 to increase the
default size of the /boot partition from 1GB to 2GB; this
will leave plenty of space for kernels and initramfs images if a user
is installing from scratch, but it is of no help for users upgrading
from Fedora 42.
Post Syndicated from Esra Kayabali original https://aws.amazon.com/blogs/aws/reimagine-the-way-you-work-with-ai-agents-in-amazon-quick-suite/
Today, we’re announcing Amazon Quick Suite, a new agentic teammate that quickly answers your questions at work and turns those insights into actions for you. Instead of switching between multiple applications to gather data, find important signals and trends, and complete manual tasks, Quick Suite brings AI-powered research, business intelligence, and automation capabilities into a single workspace. You can now analyze data through natural language queries, find critical information across enterprise and external sources in minutes, and automate processes from simple tasks to complex multi-department workflows.
Here’s a look into Quick Suite.
Business users often need to gather data across multiple applications—pulling customer details, checking performance metrics, reviewing internal product information, and performing competitive intelligence. This fragmented process often requires consultation with specialized teams to analyze advanced datasets, and in some cases, must be repeated regularly, reducing efficiency and leading to incomplete insights for decision-making.
Quick Suite helps you overcome these challenges by combining agentic teammates for research, business intelligence, and automation into a unified digital workspace for your day-to-day work.
Integrated capabilities that power productivity
Quick Suite includes the following integrated capabilities:
Let’s dive into some of these key capabilities.
Quick Index: Your unified knowledge foundation
Quick Index creates a secure, searchable repository that consolidates documents, files, and application data to power AI-driven insights and responses across your organization.
As a foundational component of Quick Suite, Quick Index operates in the background to bring together all your data—from databases and data warehouses to documents and email. This creates a single, intelligent knowledge base that makes AI responses more accurate and reduces time spent searching for information.
Quick Index automatically indexes and prepares any uploaded files or unstructured data you add to your Quick Suite, enabling efficient searching, sorting, and data access. For example, when you search for a specific project update, Quick Index instantly returns results from uploaded documents, meeting notes, project files, and reference materials—all from one unified search instead of checking different repositories and file systems.
To learn more, visit the Quick Index overview page.
Quick Research: From complex business challenges to expert-level insights
Quick Research is a powerful agent that conducts comprehensive research across your enterprise data and external sources to deliver contextualized, actionable insights in minutes or hours — work that previously could take longer.
Quick Research systematically breaks down complex questions into organized research plans. Starting with a simple prompt, it automatically creates detailed research frameworks that outline the approach and data sources needed for comprehensive analysis.
After Quick Research creates the plan, you can easily refine it through natural language conversations. When you are happy with the plan, it works in the background to gather information from multiple sources, using advanced reasoning to validate findings and provide thorough analysis with citations.
Quick Research integrates with your enterprise data connected to Quick Suite, the unified knowledge foundation that connects to your dashboards, documents, databases, and external sources, including Amazon S3, Snowflake, Google Drive, and Microsoft SharePoint. Quick Research grounds key insights to original sources and reveals clear reasoning paths, helping you verify accuracy, understand the logic behind recommendations, and present findings with confidence. You can trace findings back to their original sources and validate conclusions through source citations. This makes it ideal for complex topics requiring in-depth analysis.
To learn more, visit the Quick Research overview page.
Quick Sight: AI-powered business intelligence
Quick Sight provides AI-powered business intelligence capabilities that transform data into actionable insights through natural language queries and interactive visualizations.
You can create dashboards and executive summaries using conversational prompts, reducing dashboard development time while making advanced analytics accessible without specialized skills.
Quick Sight helps you ask questions about your data in natural language and receive instant visualizations, executive summaries, and insights. This generative AI integration provides you with answers from your dashboards and datasets without requiring technical expertise.
Using the scenarios capability, you can perform what-if analysis in natural language with step-by-step guidance, exploring complex business scenarios and finding answers faster than before.
Additionally, you can respond to insights with one-click actions by creating tickets, sending alerts, updating records, or triggering automated workflows directly from your dashboards without switching applications.
To learn more, visit Quick Sight overview page.
Quick Flows: Automation for everyone
With Quick Flows, any user can automate repetitive tasks by describing their workflow using natural language without requiring any technical knowledge. Quick Flows fetches information from internal and external sources, takes action in business applications, generates content, and handles process-specific requirements.
Starting with straightforward business requirements, it creates a multi-step flow including input steps for gathering information, reasoning groups for AI-powered processing, and output steps for generating and presenting results.
After the flow is configured, you can share it with a single click to your coworkers and other teams. To execute the flow, users can open it from the library or invoke it from chat, provide the necessary inputs, and then chat with the agent to refine the outputs and further customize the results.
To learn more, visit the Quick Flows overview page.
Quick Automate: Enterprise-scale process automation
Quick Automate helps technical teams build and deploy sophisticated automation for complex, multistep processes that span departments, systems, and third-party integrations. Using AI-powered natural language processing, Quick Automate transforms complex business processes into multi-agent workflows that can be created merely by describing what you want to automate or uploading process documentation.
While Quick Flows handles straightforward workflows, Quick Automate is designed for comprehensive and complex business processes like customer onboarding, procurement automations, or compliance procedures that involve multiple approval steps, system integrations, and cross-departmental coordination. Quick Automate offers advanced orchestration capabilities with extensive monitoring, debugging, versioning, and deployment features.
Quick Automate then generates a comprehensive automation plan with detailed steps and actions. You will find a UI agent that understands natural language instructions to autonomously navigate websites, complete form inputs, extract data, and produces structured outputs for downstream automation steps.
Additionally, you can define a custom agent, complete with instructions, knowledge, and tools, to complete process-specific tasks using the visual building experience – no code required.
Quick Automate includes enterprise-grade features such as user role management and human-in-the-loop capabilities that route specific tasks to users or groups for review and approval before continuing workflows. The service provides comprehensive observability with real-time monitoring, success rate tracking, and audit trails for compliance and governance.
To learn more, visit the Quick Automate overview page.
Additional foundational capabilities
Quick Suite includes other foundational capabilities that deliver seamless data organization and contextual AI interactions across your enterprise.
Spaces – Spaces provide a straightforward way for every business user to add their own context by uploading files or connecting to specific datasets and repositories specific to their work or to a particular function. For example, you might create a space for quarterly planning that includes budget spreadsheets, market research reports, and strategic planning documents. Or you could set up a product launch space that connects to your project management system and customer feedback databases. Spaces can scale from personal use to enterprise-wide deployment while maintaining access permissions and seamless integration with Quick Suite capabilities.
Chat agents – Quick Suite includes insights agents that you can use to interact with your data and workflows through natural language. Quick Suite includes a built-in agent to answer questions across all of your data and custom chat agents that you can configure with specific expertise and business context. Custom chat agents can be tailored for particular departments or use cases—such as a sales agent connected to your product catalog data and pricing information stored in a space or a compliance agent configured with your regulatory requirements and actions to request approvals.
Additional things to know
If you’re an existing Amazon QuickSight customer – Amazon QuickSight customers will be upgraded to Quick Suite, a unified digital workspace that includes all your existing QuickSight business intelligence capabilities (now called “Quick Sight”) plus new agentic AI capabilities. This is an interface and capability change—your data connectivity, user access, content, security controls, user permissions, and privacy settings remain exactly the same. No data is moved, migrated, or changed.
Quick Suite offers per-user subscription-based pricing with consumption-based charges for the Quick Index and other optional features. You can find more detail on the Quick Suite pricing page.
Now available
Amazon Quick Suite gives you a set of agentic teammates that helps you get the answers you need using all your data and move instantly from answers to action so you can focus on high value activities that drive better business and customer outcomes.
Visit the getting started page to start using Amazon Quick Suite today.
Happy building
— Esra and Donnie
Post Syndicated from jzb original https://lwn.net/Articles/1041405/
Ubuntu
25.10, “Questing Quokka”, has been released. This release includes
Linux 6.17, GNOME 49, GCC 15, Python 3.13.7,
Rust 1.85, and more. This release also features Rust-based
implementations of sudo and coreutils; LWN covered the switch to the
Rust-based tools in March. The 25.10 version of Ubuntu flavors
Edubuntu, Kubuntu, Lubuntu, Ubuntu Budgie, Ubuntu Cinnamon, Ubuntu
Kylin, Ubuntu MATE, Ubuntu Studio, and Xubuntu have also
been released.
Post Syndicated from Julian Wood original https://aws.amazon.com/blogs/compute/serverless-icymi-q3-2025/
Welcome to the 30th edition of the AWS Serverless ICYMI (in case you missed it) quarterly recap. At the end of a quarter, we share the most recent product launches, feature enhancements, blog posts, videos, live streams, and other interesting things that you might have missed!
In case you missed our last ICYMI, check out previous ICYMI posts.
Figure 1: Serverless calendar Q3 2025
The Asia Serverless and GenAI Tour comprised 24 events across five countries. Cities included New Delhi, Bengaluru, Singapore, Manila, Bangkok, Perth, Melbourne, and Sydney. The GOTO Serverless conference in Bengaluru, India, formed the centerpiece with additional Developer Days, executive roundtables, user groups, cloud clubs, and specialized workshops. Thank you to all the developers who joined us on this incredible journey across Asia!
 |
 |
 |
AWS Lambda now offers console to IDE integration and remote debugging capabilities that streamline the developer workflow from browser to Visual Studio Code and its clones. These enhancements reduce context switching and help developers debug Lambda functions directly in their preferred IDE environment.
The console to IDE feature provides an Open in Visual Studio Code button, enabling developers to move quickly from viewing their function in the browser to editing it in their IDE. AWS automatically handles setup, including the AWS Toolkit installation. Developers can also install dependencies and make code changes, which can automatically sync back to the cloud console. Watch the video to see how it works:
Remote debugging allows you to reduce debugging time from hours to minutes while simplifying local environment setups. You can set breakpoints and debug Lambda functions running in the actual cloud environment with complete access to Amazon VPC resources and AWS Identity and Access Management (AWS IAM) execution roles. The debugging connection uses AWS IoT Secure Tunneling Service, and AWS automatically cleans up debugging configuration after completion. Watch the video to see how it works:
Lambda now integrates with LocalStack directly in the AWS Toolkit for Visual Studio Code. This simplifies local testing of serverless applications involving multiple AWS services. You can now deploy serverless applications to LocalStack using the same commands, debug Lambda functions with one-click setup, and test end-to-end event-driven workflows locally before deploying to the cloud.
Lambda response streaming now supports a maximum response payload size of 200 MB, 10 times higher than before. Response streaming helps build applications that progressively stream response payloads back to clients, improving performance for latency-sensitive workloads by reducing time to first byte (TTFB) performance.
The AWS Lambda Hackathon, challenged developers to build serverless applications solving real-world business problems using Lambda. With 3,732 participants and 331 project submissions, the competition showcased innovative serverless solutions across diverse domains.
Figure 2: AWS Lambda Hackathon
We announced winners on July 22, 2025, with $15,000 in total prizes awarded:
Amazon ECS now offers Managed Instances, a new compute option that combines EC2 flexibility with fully managed infrastructure. The functionality automatically handles instance provisioning, scaling, and maintenance while allowing you to use the full range of EC2 capabilities. Key features include:
Watch the video to learn more.
Amazon ECS now enables built-in blue/green deployments. This reduces the need for custom deployment tooling while making containerized application releases safer and more reliable. The new capability provisions the new application version (green) alongside the existing version (blue), allowing validation before routing production traffic. ECS also introduced deployment lifecycle hooks powered by Lambda functions that integrate custom validation steps multiple stages of deployment. Watch the video to learn more.
Amazon S3 Vectors is now available in preview. This is a cloud object store with native support for storing vector datasets and with sub-second query performance for AI applications. Vector buckets is a new bucket type with dedicated APIs for storing, accessing, and querying vector data without infrastructure provisioning.
Figure 3: Amazon S3 Vectors
Amazon S3 Metadata now supports metadata for all your S3 objects. This allows you to analyze and query metadata for your entire S3 storage footprint. S3 Metadata live inventory tables gives you a fully managed Apache Iceberg table, including existing objects. This provides a fully managed snapshot of all objects and metadata, refreshed within 1 hour of changes. S3 Metadata journal tables offer a near-real-time view of object-level changes.
S3 also now supports a preview in the AWS Console for S3 Tables, making it easier to understand data structure and content without writing SQL. S3 Batch Operations now supports bulk target selection for managing buckets through the console. S3 also now supports conditional deletes in S3 general purpose buckets, allowing safer deletion operations.
Amazon EventBridge now provides enhanced logging capabilities with detailed information about successes, failures, and status codes. This new observability feature provides visibility into the complete event journey, showing when events are published, matched against rules, delivered to subscribers, or encounter failures. You can send logs to Amazon CloudWatch Logs, S3, or Amazon Data Firehose.
Discover how to effectively build AI agents on AWS Serverless shows how to use Amazon Bedrock AgentCore, Lambda, and ECS to build production-ready agentic AI systems. The blog explains how to use the Strands Agents SDK, which is a framework for building AI agents. The post includes storing session state, implementing authentication using Amazon Cognito and Amazon API Gateway, integrating tools through MCP, and establishing observability using OpenTelemetry.
Figure 4: Agentic loop
A series on serverless generative AI architectural patterns (part1, part2) explores non-real-time generative AI scenarios. These include buffered asynchronous request-response using Amazon SQS queues, multimodal parallel fan-out using EventBridge or Amazon SNS, and non-interactive batch processing using AWS Step Functions or AWS Glue.
AWS introduced Kiro, an agentic AI-powered IDE now available in preview. It is built on the open-source Code OSS platform (the same foundation as VS Code) so you can use your existing extensions. Kiro brings a spec-driven approach to software development that bridges the gap between rapid prototyping and production-ready code. Kiro emphasizes structured development. It breaks down developer prompts into comprehensive requirements, system design documents, and task lists before writing any code. You can download Kiro for macOS, Windows, and Linux from the Kiro website.
Amazon Bedrock AgentCore is now available in preview, offering a set of services that help developers quickly and securely deploy AI agents at scale. AgentCore supports frameworks including CrewAI, LangGraph, LlamaIndex, and Strands Agents, and works with any model in or outside Amazon Bedrock.
AgentCore includes seven modular services:
Amazon Bedrock continues to expand its foundation model selection with new models now generally available. Qwen models bring four fully managed open-weight models which excel at sophisticated coding tasks, multi-tool agentic workflows, and adaptive reasoning through hybrid thinking modes. DeepSeek-V3.1 delivers performance improvements on certain benchmarks while maintaining cost efficiency through its mixture-of-experts architecture.
Amazon SNS now supports three additional message filtering operators: wildcard matching, anything-but wildcard matching, and anything-but prefix matching. SNS also now supports message group IDs in standard topics, enabling fair queue functionality for subscribed SQS standard queues.
The Serverless landing page has more information. The Lambda resources page contains case studies, webinars, whitepapers, customer stories, reference architectures, and even more Getting Started tutorials.
You can also follow the Developer Advocacy team members who work on Serverless to see the latest news, follow conversations, and interact with the team.
And finally, visit ServerlessLand for all your serverless needs.
Post Syndicated from jake original https://lwn.net/Articles/1041404/
Security updates have been issued by AlmaLinux (gnutls, kernel, kernel-rt, and open-vm-tools), Debian (chromium, python-django, and redis), Fedora (chromium, insight, mirrorlist-server, oci-seccomp-bpf-hook, rust-maxminddb, rust-prometheus, rust-prometheus_exporter, rust-protobuf, rust-protobuf-codegen, rust-protobuf-parse, rust-protobuf-support, turbo-attack, and yarnpkg), Oracle (iputils, kernel, open-vm-tools, redis, and valkey), Red Hat (perl-File-Find-Rule and perl-File-Find-Rule-Perl), SUSE (expat, ImageMagick, matrix-synapse, python-xmltodict, redis, redis7, and valkey), and Ubuntu (fort-validator and imagemagick).
Post Syndicated from Patrick Kennedy original https://www.servethehome.com/intel-fab-52-in-chandler-arizona-is-running-18a/
We got to tour Intel Fab 52 in Chandler, Arizona, and see the new Intel 18A process manufacturing in action while we were there
The post Intel Fab 52 in Chandler Arizona is Running 18A appeared first on ServeTheHome.
Post Syndicated from Chris O’Rourke original https://blog.cloudflare.com/introducing-react-why-we-built-an-elite-incident-response-team/
Cloudforce One’s mission is to help defend the Internet. In Q2’25 alone, Cloudflare stopped an average of 190 billion cyber threats every single day. But real-world customer experiences showed us that stopping attacks at the edge isn’t always enough. We saw ransomware disrupt financial operations, data breaches cripple real estate firms, and misconfigurations cause major data losses.
In each case, the real damage occurred inside networks.
These internal breaches uncovered another problem: customers had to hand off incidents to separate internal teams for investigation and remediation. Those handoffs created delays and fractured the response. The result was a gap that attackers could exploit. Critical context collected at the edge didn’t reach the teams managing cleanup, and valuable time was lost. Closing this gap has become essential, and we recognized the need to take responsibility for providing customers with a more unified defense.
Today, Cloudforce One is launching a new suite of incident response and security services to help organizations prepare for and respond to breaches.
These services are delivered by Cloudforce One REACT (Respond, Evaluate, Assess, Consult Team), a group of seasoned responders and security veterans who investigate threats, hunt adversaries, and work closely with executive leadership to guide response and decision-making.
Customers already trust Cloudforce One to provide industry-leading threat intelligence, proactively identifying and neutralizing the most sophisticated threats. REACT extends that partnership, bringing our expertise directly to customer environments to stop threats wherever they occur. In this post, we’ll introduce REACT, explain how it works, detail the top threats our team has observed, and show you how to engage our experts directly for support.
Our goal is simple: to provide an end-to-end security partnership. We want to eliminate the painful gap between defense and recovery. Now, customers can get everything from proactive preparation to decisive incident response and full recovery—all from the partner you already trust to protect your infrastructure.
It’s time to move beyond fragmented responses and into one unified, powerful defense.
REACT services consist of two main components: Security advisory services to prepare for incidents and incident response for emergency situations.
A breakdown of the Cloudforce One incident readiness and response service offerings.
Advisory services are designed to assess and improve an organization’s security posture and readiness. These include proactive threat hunting, backed by Cloudflare’s real-time global threat intelligence, to find existing compromises, tabletop exercises to test response plans against simulated attacks, and both incident readiness and maturity assessments to identify and address systemic weaknesses.
The Incident Response component is initiated during an active security crisis. The team specializes in handling a range of complex threats, including APT and nation-state activity, ransomware, insider threats, and business email compromise. The response is also informed by Cloudflare’s threat intelligence and, as a network-native service, allows responders to deploy mitigation measures directly at the Cloudflare edge for faster containment.
For organizations requiring guaranteed availability, incident response retainers are offered. These retainers provide priority response, the development of tailored playbooks, and ongoing advisory support.
Cloudflare’s REACT services are vendor-agnostic in their scope. We are making REACT available to both existing Cloudflare customers and non-customers, regardless of their current technology stack, and regardless of whether their environment is on-premise, public cloud, or hybrid.
Our new service provides significant advantages over traditional incident response, where engagement and data sharing occur over separate, out-of-band channels. The integration of the service into the platform enables a more efficient and effective response to threats.
The core differentiators of this approach are:
Unmatched threat visibility. With roughly 20% of the web sitting behind Cloudflare’s network, Cloudforce One has unique visibility into emerging attacks as they unfold globally. This lets REACT accelerate their investigations and quickly correlate incident details with emerging attack vectors and known adversary tactics.
Network-native mitigation. The service is designed for network-native response. This allows the team, with customer authorization, to deploy mitigations directly at the Cloudflare edge, such as a WAF rule or Secure Web Gateway policy. This capability reduces the time between threat identification and containment. All response actions are tracked within the dashboard for full visibility.
Service delivery by proven experts. Cloudforce One is composed of seasoned threat researchers, consultants, and incident responders. The team has a documented history of managing complex security incidents, including nation-state activity and sophisticated financial fraud.
Vendor-agnostic scope. While managed through the Cloudflare dashboard, the scope of the response is vendor-agnostic. The team is equipped to conduct investigations and coordinate remediation across diverse customer environments, including on-premise, public cloud, and hybrid infrastructures.
Analysis of security engagements by the REACT team over the last six months reveals three prevalent and high-impact trends. The data indicates that automated defenses, while critical, must be supplemented by specialized incident response capabilities to effectively counter these specific threats.
The REACT team has seen a significant number of incidents driven by insiders who use trusted access to bypass typical security controls. These threats are difficult to detect as they often combine technical actions with non-technical motivations. Recent scenarios observed are:
Disgruntled or current employees using their specialized, trusted access to execute targeted, destructive attacks.
Financially motivated insiders who are compensated by external actors to exfiltrate data or compromise internal systems.
State sponsored operatives gain trusted, privileged access via fraudulent remote work roles to exfiltrate data, conduct espionage, and steal funds for illicit regime financing.
The REACT team has observed that ransomware continues to be a primary driver of high-severity incidents, posing an existential threat to nearly every sector. Common themes observed include:
Disruption of core operations in the financial sector via hostage-taking of critical systems.
Paralysis of business functions and compromise of client data in the real estate industry, leading to significant downtime and regulatory scrutiny.
Broad impact across all industry verticals.
Stopping these attacks demands not only robust defenses but also a well-rehearsed recovery plan that cuts time-to-restoration to hours, not weeks.
The REACT team has also seen a significant increase in incidents originating at the application layer. These threats typically manifest in two primary areas: vulnerabilities within an organization’s own custom-developed (‘vibe coded’) applications, and security failures originating from their third-party supply chain:
Vibe coding: The practice of providing natural language prompts to AI models to generate code can produce critical vulnerabilities which can be exploited by threat actors using techniques like remote code execution (RCE), memory corruption, and SQL injection.
SaaS supply chain risk: A compromise at a critical third-party vendor that exposes sensitive data, such as when attackers used a stolen Salesloft OAuth token to exfiltrate customer support cases from their clients’ Salesforce instances.
Starting today, Cloudflare Enterprise customers will find a new “Incident Response Services” tab in the Threat intelligence navigation page in the Cloudflare dashboard. This dashboard integration ensures that critical security information and the ability to engage our incident response team are always at your fingertips, streamlining the process of getting expert help when it matters most.
Screenshot of the Cloudforce One Incident Response Services page in the Cloudflare dashboard
Retainer customers will benefit from a dedicated Under Attack page, which allows customers to contact Cloudforce One team during an active incident. In the event of an active incident, a simple “Request Help” button in our “Under Attack” page will immediately page our on-call incident responders to get you the help you need without delay.
Screenshot on the Under Attack button in the Cloudflare dashboard
Screenshot of the Emergency Incident Response page in the Cloudflare dashboard
For proactive needs, you can also easily submit requests for security advisory services through the Cloudflare dashboard:
Confirmation of the successful service request submission
To learn more about REACT, existing Enterprise customers can explore the dedicated Incident Response section in the Cloudflare dashboard. For new inquiries regarding proactive partnerships and retainers, please contact Cloudflare sales.
If you are facing an active security crisis and need the REACT team on the ground, please contact us immediately.
Post Syndicated from Анахит Хачикян original https://www.toest.bg/bratovchedski-sdelki-v-evroparlamenta/
Какво правиш, когато знаеш, че братовчед ти е крадец? Гризе ли те съвестта да го разобличиш, или се опитваш да го прикриеш за доброто на семейството? Ами ако и ти си участвал в кражбите на братовчеда? Приблизително така се държат българските евродепутати в Брюксел по отношение на политическата ситуация в България. Изборът между даването на международна гласност на проблемите в страната и придържането към максимата What happens here, stays here (каквото се случва тук, си остава тук) по отношение на националната политика, е
Първият вариант се основава на очакването някой отвън да се намеси и да скръцне със зъби, макар и с риск да има наказания и ощетяващи България последствия. Вторият почива на поддържането на вътрешнополитическото статукво. Решаващ фактор е дали една партия е в правителството, или в опозиция и какво ще спечели на вътрешната сцена, ако причини буря в европейски води, но също и дали съответната политическа група в Европейския парламент (ЕП) има изгода да подкрепи и впише такива действия в общата си стратегия, или не ѝ е до това в момента.
Писмото на „Обнови Европа“ до Европейската комисия (ЕК) да спре част от плащанията за България предоставя възможност за наблюдаване на такава ситуация в лабораторни условия. На 23 септември Валери Хайер, председателка на групата на либералите в ЕП, отправи искане до европейските комисари Валдис Домбровскис (икономика), Рафаеле Фито (кохезия и реформи) и Пьотър Серафин (бюджет и борба с измамите) да замразят второто плащане за България по Плана за възстановяване и устойчивост. Сред мотивите, изложени от Хайер, са следните:
В „Обнови Европа“ членуват трима български евродепутати: Никола Минчев и Христо Петров от „Продължаваме промяната“ (ПП) и Илхан Кючук от Алианса за права и свободи (АПС). Двамата български представители от ПП бяха мобилизирали европейските си партньори още през лятото, дни след ареста на Коцев, с демонстрация в Брюксел, както и с писмо на председателката на Европейската либерална партия Свеня Хан с искане за спешна среща с еврокомисаря по правосъдие и върховенство на закона Майкъл Макграт.
Освен това либералите вече две поредни парламентарни сесии настояват безуспешно за внасяне на темата за върховенството на закона в България за обсъждане в пленарната зала, но не получават подкрепа от останалите големи политически групи.
тъй като има други важни битки в момента, а и ситуацията в България по същество не е нова. Само през последните пет години е имало една специална резолюция, посветена изцяло на правовата държава и основните права в България през 2020 г., и два подробни доклада – от мисии на Комисията по бюджетен контрол през 2022 г. и на Комисията по граждански свободи, правосъдие и вътрешни работи през 2023 г. Всичко това – без да броим ежегодните мониторингови доклади на Европейската комисия.
Констатациите се повтарят. Всяко поредно правителство получава сходни критики, свързани с върховенството на закона и съдебната реформа. И дори когато необходимите законодателни инициативи са предприети, заключението е, че прилагането им или е половинчато и няма осъдени, или е избирателно и някои са (неоснователно) преследвани, а други остават доживотно недосегаеми.
Българските евродепутати от ГЕРБ–СДС, БСП и ИТН представляват трите правителствени партии, които нямат интерес да подкрепят европейските критики срещу България. Същото поведение се наблюдаваше и по време на гласуването на резолюцията за правовата държава в България през 2020 г. Тогавашните правителствени партии ГЕРБ–СДС и ВМРО гласуваха против резолюцията, докато опозиционните БСП и ДСБ я подкрепиха, а ДПС се въздържа.
Ако проследим поведението на политическите групи в ЕП, към които тези български партии са принадлежали по време на онзи вот, ще получим усещане за дежавю: ЕНП и групата „Европейски консерватори и реформисти“, в която членуват ГЕРБ и ВМРО, бяха против, Групата на левицата подкрепи резолюцията, а „Обнови Европа“, където е ДПС, се въздържа.
Гласуването през 2020 г. Източник: MEP Watch
От една страна, защото държат на националните си партии и са солидарни с тях, от друга – ако са на власт в съответната страна, не искат да я изпускат, защото така са по-силни в европейски план – както в ЕП, така и в Европейския съвет и Съвета на ЕС, където се вземат големите решения. Това беше една от причините ЕНП дълго време да толерира Виктор Орбан и партията му „Фидес“ въпреки антиевропейските му позиции. Докато накрая чашата преля и членството на евродепутатите от „Фидес“ първо беше замразено през 2019 г., а после Орбан сам напусна ЕНП, за да избегне изключването си.
Паралелно с писмото на Хайер, Радан Кънев от „Демократична България“, член на ЕНП, предупреди своята група – най-силната в Европарламента – че ситуацията в България подкопава не само политическата система в страната, но и авторитета на ЕНП и Урсула фон дер Лайен заради липсата на реакция. Той сравни положението в България с това в Унгария и Грузия по степен на зависимост от проруски влияния и олигархични мрежи. Сънародниците му от ГЕРБ обаче, които членуват в същата група (Андрей Ковачев, Ева Майдел, Андрей Новаков, Емил Радев), както и от СДС (Илия Лазаров) явно не споделят същите позиции. В крайна сметка ЕНП запази мълчание и за ареста на варненския кмет, и за цялостната картина в България.
Изследване на Рамона Коман от 2022 г. показва, че по отношение на правовата държава политическите групи в крайната десница се въздържат от изказвания или открито се дистанцират от темата. Това се корени в суверенистките им виждания за ненамеса на Брюксел в политиката на държавите членки.
Тримата евродепутати от „Възраждане“ – Петър Волгин, Рада Лайкова и Станислав Стоянов, които членуват в „Европа на суверенните нации“ – са пример за точно такова поведение. Всъщност Стоянов и Лайкова, подкрепени от други членове на своята група, внесоха предложение за резолюция за политическите репресии и основните права в България през март 2025 г. Но тя не беше в подкрепа на необходимостта от съдебни реформи, а срещу… въвеждането на еврото.
И наистина замрази част от второто плащане на България по Плана за възстановяване и устойчивост заради нереформираната Антикорупционна комисия. Екипът на Урсула фон дер Лайен се разграничи от писмото на Хайер и арестуването на Коцев и посочи неизпълнените ангажименти от българска страна като основание за замразеното плащане. Но този коментар прилича на спора за кокошката и яйцето. Не е ли задържането на кмета на Варна най-красноречивата илюстрация на проблема с въпросната Антикорупционна комисия и поредното доказателство, че докато основите гният отвътре, нито едно пребоядисване няма да спаси от рухване целия дом?
Изразеното мнение е лично и не представлява позицията на Европейския парламент.
Post Syndicated from The Atlantic original https://www.youtube.com/watch?v=DyC5bEzkY1o
Post Syndicated from Светла Енчева original https://www.toest.bg/beli-pulnomoshtni-za-cherni-dni/
Преди трийсетина години застрахователна агентка разяснявала на моя роднина ползите от застраховката „Живот“. „Ако настъпи застрахователното събитие…“, започнала агентката. Роднината ми я прекъснала насред изречението с въпроса кое е „застрахователното събитие“. „Ами ако умрете“, бил отговорът. Възмутена, роднината ми станала и си тръгнала: „Ще ми казва тя на мене, че ще умра!“
Ако и вие като тази ми роднина не искате да ви се напомня, че сте смъртни и може да ви сполети тежко увреждане на здравето, тук е мястото да престанете да четете. Защото ще става дума за смърт, тежки болести и прочее неприятни сценарии.
Ако обаче за вас е важно да знаете как да се погрижите за най-близките си хора, в случай че се споминете или излезете от строя, и как да направите така, че волята ви да бъде изпълнена, тази статия е за вас.
„Да, човекът е смъртен, но това не е най-страшното. Лошото е, че той понякога е внезапно смъртен, това е неприятното!“, казва героят от „Майстора и Маргарита“ на Михаил Булгаков. Може да се поспори дали внезапната смърт е по-неприятно нещо от продължаващите с години палиативни грижи, особено на фона на данните, че ¼ от хората вероятно ще развият деменция. Възможни са и други неочаквани сценарии.
Мой познат почина. Той беше изразил волята си как да се постъпи с тленните му останки, но не я беше оформил с необходимите юридически атрибути. Човекът, който имаше право да реши дали да се съобрази с последната му воля, беше майка му. А тя не приемаше факта, че синът ѝ е гей. Дори след смъртта му. Затова не само не изпълни желанието му какво да се направи с тялото, ами не допусна партньора и приятелите му, които го обичаха такъв, какъвто е, да се простят с него.
В подобно положение може да се окаже човек не само ако е мъртъв гей, а и ако е хетеросексуален и жив. И то не само в България. Мой скъп приятел от друга европейска страна тъкмо се беше събрал отново с дългогодишната си приятелка и ми пишеше колко е щастлив… а след няколко месеца научих, че лежи в болница в много тежко състояние, след мозъчна операция. Право на достъп до него има само майка му, която отказва всякаква информация на партньорката и на приятелите му. Така че не мога да ви кажа дали този човек, на чийто блестящ ум съм се възхищавала близо 20 години, днес изобщо знае кой е.
Идеята на тази статия не е да ви плаша, а да дам идеи как човек може да защити себе си и близките си, ако различни ситуации станат реалност. Като начало можем да се опитаме да си отговорим на следните въпроси:
В случай на смърт:
В случай на неспособност да се грижа за себе си:
В България много хора не се женят: някои – защото са в хомосексуални връзки и нямат право, но повечето просто не вярват в институцията на брака. Родителите на близо две трети (61,9%) от родените през 2024 г. деца не са женени. Ако единият партньор почине, а семейното жилище е на негово име, другият може да бъде изгонен от законните наследници на половинката си.
Ако живеете в брак, ситуацията е една идея по-лека – в общия случай поне няма да имате грижа за наследството си. Съпругът или съпругата ви има правото да получава информация за вас в болницата и да взема решения в критични ситуации. Ако не сте в брак, решенията се вземат от най-близките ви роднини. И в двата случая обаче никой не получава автоматичен достъп до финансите ви, договорите ви за телефон, ток, вода и прочее, ако сте на легло и не сте в състояние да се разпореждате с тях.
Човек може да остави например имуществото си на най-близките си хора (в случаите, когато няма автоматично да ви наследят – било изобщо, било както вие искате) по два начина – със завещание и дарение (във втория случай е желателно да си запазите т.нар. вещно право на ползване). При дарение обаче получателят плаща данък, а при завещание плаща само ако не ви е близък роднина. За разлика от дарението обаче, завещанието по-лесно може да се оспори – още повече че някои ваши роднини имат запазени части от наследството ви. Затова е добре човек да се погрижи завещанието му да е юридически изпипано, за да се сведат до минимум рисковете някой да го оспори.
Всички останали въпроси, зададени по-горе, може да се уредят с пълномощни. Може да предоставите достъп до парите си и с банкова карта, но той ще важи само докато изтече срокът на валидност на картата.
Тук не засягам сериозната тема за родителските права. Ако те са неуредени (например единият родител не фигурира в акта за раждане на детето, нито го е осиновил), проблемът може да се реши само по съдебен път. Съдът обаче може и да откаже да ги присъди. А ако родителите са еднополова двойка, понастоящем в България няма начин този, който не е биологичен родител и не е осиновител, да получи права върху детето, каквото и участие да е вземал в отглеждането му. Не е разрешено и двама души от един пол да осиновят дете.
Когато даваме пълномощно на някого да се разпорежда с парите ни или да взема съдбовни решения за живота и смъртта ни, желателно е да го познаваме достатъчно добре. Винаги има доза риск – случва се някой, на когото сме вярвали безусловно, да не оправдае доверието ни. А и връзки се разпадат, бракове се разтрогват.
Съществува вариант да оттеглим пълномощното си, но той не е безпроблемен. На първо място, упълномощеното лице трябва да разбере за оттеглянето. Ако междувременно обаче то е прехвърлило апартамента ни на свое име и е избягало с парите ни, ще е трудна задача да го намерим, за да го уведомим. Изобщо, лесно е да се ожените и може да е много трудно да се разведете. Така е и с пълномощните.
Възможно е и да направите пълномощно, което е за определен срок и/или само за конкретни неща – например някой да има право да получава информация за вас в болницата, но да няма достъп до банковите ви сметки. Или да може да сключи една имотна сделка от ваше име, но не и да придобие семейния ви дом. На теория може да предоставите пълномощно и при определени условия – примерно, тежка болест. Но после упълномощените ще трябва да доказват здравословното ви състояние, а това е трудна задача, понякога невъзможна – особено ако става въпрос за деменция.
Да допуснем, че в живота ви има човек, на когото основателно имате пълно доверие, че няма да злоупотреби, а ще се погрижи за вас и ще се съобрази с волята ви, ако например се разболеете тежко, не можете да плащате сметки и т.н. Може би и вие като мен сте чували словосъчетанието „генерално пълномощно“ и ще решите, че е добра идея да снабдите въпросния човек с него.
Да си призная, до неотдавна си представях въпросното генерално пълномощно като нещо съвсем просто и кратко: Аз, долуподписаната еди-коя си, упълномощавам лицето еди-кое си да ме представлява навсякъде и във всичко. Заверявам при нотариус – и готово.
Да, ама не. В пълномощното всичко трябва да бъде описано възможно най-подробно. Затова е добре човек да изреди всички места, където би имало нужда от пълномощно, и да уточни какво точно може да прави упълномощеното лице във всяка една ситуация. Например в болница – да получава информация, да взема решения за продължаване, прекратяване или вида на лечението ви, да има достъп до медицинската ви документация и т.н.
Опитът на позната дългогодишна адвокатка например я е научил, че много институции и фирми държат да видят собственото си име в пълномощното. Затова е желателно в него да изредите конкретни телекомуникационни компании, водоснабдителни, топло- и електроразпределителни дружества, общински администрации и изобщо каквото се сетите (с риска, че все може да забравите нещо). Ако междувременно някоя компания смени името си, може само да се надявате, че служителите ѝ няма да се заядат.
Юридическата помощ е важна и за оформянето на структурата на завещанието, както и за използването на определени ключови фрази, за които неспециалист трудно ще се сети сам. Добре е например в прав текст да кажете, че лекарската тайна не важи пред упълномощеното лице. Ако пък искате да ви кремират след смъртта ви, желателно е да подчертаете, че давате изричното си съгласие за това.
Ако пълномощното е безсрочно, то важи и ако си смените личната карта и/или адреса, вписани в него. Не е изключено обаче някой да се заяде, че данните не отговарят.
За да избегна непрекъснатото повтаряне на упълномощител и упълномощено лице, ви представям двама души с полово неспецифични имена – Тони упълномощава Краси. Ако Тони състави генералното пълномощно по всички правила, спомене в него банката си и го завери нотариално, по всяка вероятност банката няма автоматично да го признае. Различните банки си имат свои критерии за пълномощното, но при всички случаи е желателно да разполагат с него предварително, а не то да им се представи чак когато има нужда от това.
По-долу обобщавам личния опит на няколко души с три различни банки. Тъй като става дума за конкретни случаи, информацията за правилата на тези финансови институции може и да не е изчерпателна.
Пощенска банка изисква Тони и Краси да се явят заедно в неин клон. Тя има свои вътрешни пълномощни, които се вкарват в системата ѝ и не са нотариално заверени. Възможно е Тони да представи и нотариално пълномощно. В такъв случай плаща такса от 5 лв. за достъп до базата данни на нотариусите, а Краси трябва да носи пълномощното със себе си, ако се наложи да го използва.
Тони и Краси трябва да отидат заедно и в Обединена българска банка, която също има свои вътрешни пълномощни. Те съдържат дълъг списък, в който Тони трябва да отбележи за какво упълномощава Краси и за какво – не. Ако Тони обаче иска да даде на Краси достъп до депозитите или инвестиционните си фондове, пълномощното трябва да се завери нотариално.
Първа инвестиционна банка разполага с различни модели пълномощни, от които Тони да избере подходящото, да го попълни и да го завери нотариално. И Краси може да занесе пълномощното в банката, но ще трябва да плати такса, а ако го направи Тони, е безплатно. Не се изисква и двамата да отидат заедно в клона, но ако Краси не е клиент на банката, ще трябва да представи копие от личната си карта.
Ако Тони разполага с банков сейф обаче, пълномощното за достъп на Краси до него може да се издава по съвсем различен ред от обичайните пълномощни на съответната банка.
Защо банките си имат собствени правила и не може просто да им представите нотариално заверено генерално пълномощно, колкото и подробно да е то – не знам. И не ми се вижда редно да сте заявили волята си по юридически коректен начин, а определени частни фирми да решат, че това не е достатъчно. Но все пак банките са подобрили практиките си в сравнение с 2019 г. – поне тези, за които имам информация, не изискват ново пълномощно всяка година. А служителите им казват, че преиздаване не се налага, ако си смените личната карта.
„Ние безгрижно тичаме право към пропастта, изпречили нещо пред себе си, за да не я виждаме“, пише Блез Паскал в своите „Мисли“. Каква по-точна метафора на живота? Ако човек непрекъснато мисли, че е смъртен и какви неприятни неща очакват него и скъпите му хора, всекидневието ще се превърне в кошмар. Отказът да си дадем сметка за тези перспективи обаче може да доведе до куп проблеми.
Все пак има начини екзистенциалният ужас от смъртта, болестите и злополуките да бъде поне в известна степен опитомен. Един от тях е да се опитаме да направим каквото зависи от нас, за да се погрижим за себе си и близките си, докато е време. С ясното съзнание, че не можем всичко да предвидим. Не знаем дори дали слънцето ще изгрее утре. Но междувременно можем поуспокоени да продължим да се радваме на живота.
Post Syndicated from Vasu Srivastava original https://www.raspberrypi.org/blog/young-creators-build-a-bright-future-at-coolest-projects-india-2025/
Coolest Projects India is officially a wrap, and we are absolutely thrilled with the results! The event, held on 20 September 2025 in Hyderabad, Telangana, was a fantastic showcase of the incredible talent and passion of young creators. With over 250 participants, young creators showcased 118 projects, demonstrating the thriving digital making community across India.
The projects on display were truly inspirational, tackling important topics such as environmental sustainability and the responsible use of AI. From hardware to Scratch to AI, creators showcased an incredible variety of projects that brought their ideas to life, from simple creations to complex inventions.
Here are just a few of the standout projects from the day.
A truly magical project was The EchoCharm Spellbox, an interactive creation that used a Raspberry Pi computer and a speaker to bring the famous Harry Potter artifact to life. This project was a perfect blend of creativity and coding, showcasing how technology can be used for fun and entertainment.
We were also blown away by the Automatic Seed Sowbot, a practical invention that used a tiny camera and AI to quickly and accurately sort seeds. This clever hardware project tackles a real-world problem and has fantastic applications in agriculture and farming.
Another brilliant project that we saw was Unspoken Truths, a fun mobile app for interesting conversations to reveal hidden truths and secrets about yourself and your friends. If you’re ever looking to break the ice or deepen your connections, Unspoken Truth provides an entertaining way to start a conversation.
From first-time coders to seasoned programmers, every young person showcasing their work had the chance to celebrate their ideas and feel part of a vibrant community. The event created a unique atmosphere where participants were able to proudly share their projects with family, friends, and the wider coding community. They all received certificates to celebrate their fantastic achievements.
This year’s showcase brought together creators from different parts of the country, highlighting the incredible passion for digital making in India. It was a powerful reminder that when you put technology into the hands of young people with curiosity, there is no limit to what they can create.
A massive thank you to our organisers, volunteers, and the dedicated mentors who made the event possible. And most importantly, thank you to the young creators of India for sharing their ingenuity and creativity with us! We can’t wait to see what you’ll build next.
Thank you to our sponsors, Qube Research and Technologies, for sponsoring the hardware category.
Coolest Projects will be back online and with more in-person events in India and around the world in 2026. Sign up to the newsletter to be the first to hear about dates, deadlines, and exciting updates.
The post Young creators build a bright future at Coolest Projects India 2025 appeared first on Raspberry Pi Foundation.
Post Syndicated from corbet original https://lwn.net/Articles/1040456/
Inside this week’s LWN.net Weekly Edition:
Post Syndicated from The History Guy: History Deserves to Be Remembered original https://www.youtube.com/shorts/cG97JvGhm_4
Post Syndicated from Chris Morris original https://aws.amazon.com/blogs/security/how-to-configure-and-verify-acm-certificates-with-trust-stores/
In this post, we show how to configure customer trust stores to work with public certificates issued through AWS Certificate Manager (ACM). Organizations can encounter challenges when configuring trust stores for ACM certificates and incorrect trust store configuration can lead to SSL/TLS errors and application downtime. While most modern web browsers and operating systems trust ACM certificates by default, understanding how this trust is established and verifying proper configuration is important for IT professionals and developers. We also describe the relationship between public certificates issued through ACM and Amazon Trust Services. Whether you’re developing applications that connect to endpoints using ACM certificates or managing systems with customer trust stores that need to trust ACM certificates, this guide will provide you with insight regarding ACM certificate trust.
ACM is a managed service that you can use to provision, manage, and deploy public and private SSL/TLS certificates. When you visit a website over HTTPS that has an ACM certificate, most modern web browsers will show a Connection is secure message in the address bar. This indicates that the web browser trusted the certificate. ACM certificates are trusted by popular browsers such as Chrome, Firefox, and Safari because they are issued by Amazon Trust Services, a public certificate authority (CA) managed by Amazon, whose root CA certificates are included by default in most web browsers’ and operating systems’ trust stores.
Web browsers, devices, and applications trust a collection of certificates known as CA certificates. These collections of CA certificates are called trust stores. Most often, the CA certificates in a trust store are root CA certificates. Root CA certificates are CA certificates that act as the foundation of trust. It’s best practice that root CAs issue intermediate CA certificates, which then issue end-entity certificates to minimize interaction with the root CA. When navigating to a website protected with HTTPS using a web browser, the website will present the end-entity certificate and the certificate chain. The certificate chain is a series of certificates, each issued by the next, leading back to a root CA certificate. The web browser will then check the end-entity certificate. It will make sure it’s derived from a root certificate that is in its trust store. It is important to note that trust store configurations can vary depending on the web browser, device or application.
Amazon Trust Services is a publicly trusted CA that is managed by Amazon. Amazon Trust Services root CA certificates are included in the trust stores of most web browsers and operating systems. As shown in Figure 1, when you request a public ACM certificate through DNS, Email, or HTTP validation, it will be issued by one of the multiple intermediate CAs that Amazon manages. These intermediate CAs are issued by one of the five Amazon Trust Services root CAs. Therefore, by trusting the Amazon Trust Services root CAs, you will be trusting ACM certificates. It’s important to note that ACM uses a dynamic intermediate CA model. This means you cannot predict which specific intermediate CA will issue an ACM certificate. The issuing intermediate CA is selected dynamically from a group of intermediate CAs at the time of certificate issuance. This means that the intermediate CA that issues ACM certificates is non-deterministic. In summary, we recommend customer trust stores include the five Amazon Trust Services root CA certificates. This includes Amazon Root CA 1, Amazon Root CA 2, Amazon Root CA 3, Amazon Root CA 4 and Starfield Services Root Certificate Authority – G2.
Figure 1 – ACM certificate chain
To help establish reliable HTTPS connections to endpoints using ACM certificates, we recommend that your trust stores include the five Amazon root CAs.
| Distinguished name of Amazon root CA | SHA-256 hash of subject public key information | URL to root CA certificate in DER or PEM format |
| CN=Amazon Root CA 1,O=Amazon,C=US |
fbe3018031f9586bcbf41727e417b7d1c45c2f47f93be372a17b96b50757d5a2 | DER, PEM |
| CN=Amazon Root CA 2,O=Amazon,C=US |
7f4296fc5b6a4e3b35d3c369623e364ab1af381d8fa7121533c9d6c633ea2461 | DER, PEM |
| CN=Amazon Root CA 3,O=Amazon,C=US |
36abc32656acfc645c61b71613c4bf21c787f5cabbee48348d58597803d7abc9 | DER, PEM |
| CN=Amazon Root CA 4,O=Amazon,C=US |
f7ecded5c66047d28ed6466b543c40e0743abe81d109254dcf845d4c2c7853c5 | DER, PEM |
| CN=Starfield Services Root Certificate Authority – G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US | 2b071c59a0a0ae76b0eadb2bad23bad4580b69c3601b630c2eaf0613afa83f92 | DER, PEM |
Adding the five Amazon root CAs provide maximum compatibility for trusting ACM certificates. If you must use certificate pinning in your application, we recommend that you pin to the public key of the mentioned root CAs.
While addressing the best practices, it is important to review how trust stores should not be configured.
Don’t limit your trust stores to only the intermediate CA certificates that issue ACM certificates. Examples of such intermediate CAs include Amazon RSA 2048 M01, Amazon RSA 2048 M02, Amazon RSA 2048 M03. Adding only these intermediate CA certificates to your trust store will introduce risk to your application. This is because of the dynamic intermediate CA (ICA) model. When an ACM certificate is issued or when it’s renewed, it will be from one of the many intermediate CAs. Furthermore, they are non-deterministic. If an ACM certificate was first issued by Amazon RSA 2048 M01, there is no guarantee that it will renew from that same intermediate CA.
In summary, here are the best practices for trusting ACM certificates.
As mentioned in the previous section, most modern web browsers and operating systems already include the five Amazon root CAs in their respective trust stores by default. It’s still recommended to verify that the Amazon root CAs are installed correctly. It’s important to note that many applications have different trust store locations. For example, an application might use the Windows trust store location—Trusted Root Certification Authorities—as its trust store or it might use a PEM trust store in a custom directory. This is why we recommend that you review your application’s trust store documentation.
To verify, check your system’s trust store for existing Amazon root CA certificates. If they are not present, you can proceed with adding the five Amazon root CA certificates.
Figure 2: Windows certificate store: Trusted Root Certification Authorities
Check for the Amazon root CAs in Windows operating systems (CLI)
You can use Powershell to check for the Amazon root CAs. Use the certutil command.
certutil commands. These will search for the five Amazon root CAs.Add Amazon root CAs to the default trust store using the UI
Download each Amazon Trust Services root CA. You can select the DER or PEM versions.
Add Amazon root CAs to the default trust store using the CLI
AuthRoot using certutil.> certutil -addstore AuthRoot AmazonRootCA1.cer> certutil -store AuthRoot | findstr /i "Amazon"The following is the default location for the system trust store in Amazon Linux 2023:
/etc/pki/tls/certs/ca-bundle.crt
1. Using OpenSSL, search for Amazon root CA certificates in the ca-bundle.crt bundle:
To add the Amazon root CAs to the default trust store
1. Navigate to the following directory for adding CA certificates
$ cd /etc/pki/ca-trust/source/anchors/
2. Using cURL, download each Amazon Trust Services root CA in the preceding folder. Do this for each of the Amazon root CAs replacing the name of the PEM file as needed.
$ sudo curl -O
https://www.amazontrust.com/repository/AmazonRootCA1.pem
3. Add the root CAs by updating the system trust store.
$ sudo update-ca-trust extract
4. Verify that the bundle has been updated with OpenSSL.
$ openssl crl2pkcs7 -nocrl -certfile /etc/pki/tls/certs/ca-bundle.crt | openssl pkcs7 -print_certs -noout | grep -i "Amazon\|Starfield Services"
Many custom Java applications use Java Keystore (JKS) as a trust store. You can use the keytool CLI tool to verify if the Amazon root CAs exist in your JKS trust store.
The output should show the Amazon root CAs listed as “trustedCertEntry” with those exact certificate fingerprints.
To add the Amazon root CAs to a Java trust store (Java Keytool)
1. Download each Amazon Trust Services root CA in PEM or DER format. Use the PowerShell command Invoke-WebRequest if you’re using Windows, or use cURL if you’re using a Linux-based operating system or MacOS.
> Invoke-WebRequest -Uri "https://www.amazontrust.com/repository/AmazonRootCA1.pem" -OutFile "AmazonRootCA1.pem"
$ curl -O https://www.amazontrust.com/repository/AmazonRootCA1.pem
2. Import the Amazon root CAs to the trust store—custom_truststore.jks. Replace changeit with your JKS password. Do this command for each of the Amazon root CAs, replacing the name of the root CA as needed.
$ keytool -importcert -alias "AmazonRootCA1" -file "AmazonRootCA1.pem" -keystore custom_truststore.jks -storepass changeit -trustcacerts -noprompt
After you have set up your trust store with the five Amazon root CA certificates, you can perform tests to confirm that the installed root CAs are correctly providing trust. Remember that your custom application might be sourcing its trust from a store other than the stores mentioned in this article. For custom applications, we recommend checking your testing documentation.
For operating systems or applications that use PEM certificate bundles, such as Amazon Linux 2023, you can use OpenSSL or cURL to test. For additional test URLs, see the Amazon Trust Services website. Replace CAbundle.pem with your certificate bundle.
$ openssl s_client -connect valid.rootca1.demo.amazontrust.com:443 -CAfile CAbundle.pem
$ curl -iv --cacert CAbundle.pem https://valid.rootca1.demo.amazontrust.com
Because Windows doesn’t use PEM certificate bundles, but a trust store in certmgr called Trusted Root Certification Authorities, you can use PowerShell to test.
1. Copy the following PowerShell script and save it in a file named ssl-connect.ps1.
2. Run the PowerShell script with the following command:
> .\ssl-connect.ps1You can test with the other test URLs by passing them in -url:
> .\ssl-connect.ps1 -url https://s3.amazonaws.com3. After running the command, you should see the subject and issuer of the end-entity certificate and the full trust chain, including the intermediate CA and root CA. If the command returns Certificate is valid and trusted, the certificate is trusted. If it returns an error with Certificate error, the error should tell you what went wrong.
To test your Java applications that use JKS as a trust store, you can make HTTPS connections to endpoints that use Amazon Trust Services certificates.
1. Copy the Java code and name the file SSLTester.java.
urls variable with additional URLs to test HTTPS. See the Amazon Trust Services website for additional test URLs.your_keystore.jks and your password with your JKS file path and password.2. After you save the file, compile it and run.
javac SSLTester.java
java SSLTester.java
3. Check the output after it’s finished running.
Connection successful:Connection successful for https://valid.rootca1.demo.amazontrust.com/
Certificate has been revoked:failed: java.security.cert.CertPathValidatorException: Certificate has been revoked, reason: UNSPECIFIED
Validity check failed:Failed for https://expired.rootca1.demo.amazontrust.com/: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
When your web browser, device, or application performs HTTPS connections, it validates the certificate presented by the server using its trust store. A trust store is a collection of trusted CA certificates, primarily consisting of root CA certificates. When trusting endpoints using public certificates issued through ACM, best practice recommends installing the five Amazon Trust Services root CA certificates into your trust store. Be aware that trusting only the Amazon Trust Services intermediate CA certificates, such as Amazon RSA 2048 M01 and Amazon RSA 2048 M02, increases your application’s risk for outages. This is because of the non-deterministic nature of the dynamic intermediate CA (ICA) model. It’s worth noting that trust store configurations can vary across different applications. Furthermore, applications can also source their trust store from different locations. For example, you can have a Java application hosted on a Windows-based operating system that sources its trust store from a Java Keystore (JKS) file rather than the default Windows trust store location Trusted Root Certification Authorities. This means that you should thoroughly test your application after installing the Amazon Trust Services root CA certificates in your trust store. This will help to sustain reliable HTTPS connections to endpoints using ACM certificates.
If you have feedback about this post, submit comments in the Comments section below. If you have questions about this post, contact AWS Support.
Post Syndicated from Rohit Kumar original https://www.servethehome.com/amd-solarflare-x4-nics-launched-for-low-latency-trading/
The new AMD Solarflare X4 NICs are out for low-latency trading applications with the newest generation of Solarflare IP
The post AMD Solarflare X4 NICs Launched for Low Latency Trading appeared first on ServeTheHome.
Post Syndicated from Betty Zheng (郑予彬) original https://aws.amazon.com/blogs/aws/new-general-purpose-amazon-ec2-m8a-instances-are-now-available/
Today, we’re announcing the availability of Amazon Elastic Compute Cloud (Amazon EC2) M8a instances, the latest addition to the general-purpose M instance family. These instances are powered by the 5th Generation AMD EPYC (codename Turin) processors with a maximum frequency of 4.5GHz. Customers can expect up to 30% higher performance and up to 19% better price performance compared to M7a instances. They also provide higher memory bandwidth, improved networking and storage throughput, and flexible configuration options for a broad set of general-purpose workloads.
Improvements in M8a
M8a instances deliver up to 30% better performance per vCPU compared to M7a instances, making them ideal for applications that require benefit from high performance and high throughput such as financial applications, gaming, rendering, application servers, simulation modeling, midsize data stores, application development environments, and caching fleets.
They provide 45% more memory bandwidth compared to M7a instances, accelerating in-memory databases, distributed caches, and real-time analytics.
For workloads with high I/O requirements, M8a instances provide up to 75 Gbps of networking bandwidth and 60 Gbps of Amazon Elastic Block Store (Amazon EBS) bandwidth, a 50% improvement over the previous generation. These enhancements support modern applications that rely on rapid data transfer and low-latency network communication.
Each vCPU on an M8a instance corresponds to a physical CPU core, meaning there is no simultaneous multithreading (SMT). In application benchmarks, M8a instances delivered up to 60% faster performance for GroovyJVM and up to 39% faster performance for Cassandra compared to M7a instances.
M8a instances support instance bandwidth configuration (IBC), which provides flexibility to allocate resources between networking and EBS bandwidth. This gives customers the flexibility to scale network or EBS bandwidth by up to 25% and improve database performance, query processing, and logging speeds.
M8a is available in ten virtualized sizes and two bare metal options (metal-24xl and metal-48xl), providing deployment choices that scale from small applications to large enterprise workloads. All of these improvements are built on the AWS Nitro System, which delivers low virtualization overhead, consistent performance, and advanced security across all instance sizes. These instances are built using the latest sixth generation AWS Nitro Cards, which offload and accelerate I/O for functions, increasing overall system performance.
M8a instances feature sizes of up to 192 vCPU with 768GiB RAM. Here are the detailed specs:
| M8a | vCPUs | Memory (GiB) | Network bandwidth (Gbps) | EBS bandwidth (Gbps) |
| medium | 1 | 4 | Up to 12.5 | Up to 10 |
| large | 2 | 8 | Up to 12.5 | Up to 10 |
| xlarge | 4 | 16 | Up to 12.5 | Up to 10 |
| 2xlarge | 8 | 32 | Up to 15 | Up to 10 |
| 4xlarge | 16 | 64 | Up to 15 | Up to 10 |
| 8xlarge | 32 | 128 | 15 | 10 |
| 12xlarge | 48 | 192 | 22.5 | 15 |
| 16xlarge | 64 | 256 | 30 | 20 |
| 24xlarge | 96 | 384 | 40 | 30 |
| 48xlarge | 192 | 768 | 75 | 60 |
| metal-24xl | 96 | 384 | 40 | 30 |
| metal-48xl | 192 | 768 | 75 | 60 |
For a complete list of instance sizes and specifications, refer to the Amazon EC2 M8a instances page.
When to use M8a instances
M8a is a strong fit for general-purpose applications that need a balance of compute, memory, and networking. M8a instances are ideal for web and application hosting, microservices architectures, and databases where predictable performance and efficient scaling are important.
These instances are SAP certified and also well suited for enterprise workloads such as financial applications and enterprise resource planning (ERP) systems. They’re equally effective for in-memory caching and customer relationship management (CRM), in addition to development and test environments that require cost efficiency and flexibility. With this versatility, M8a supports a wide spectrum of workloads while helping customers improve price performance.
Now available
Amazon EC2 M8a instances are available today in US East (Ohio) US West (Oregon) and Europe (Spain) AWS Regions. M8a instances can be purchased as On-Demand, Savings Plans, and Spot Instances. M8a instances are also available on Dedicated Hosts. To learn more, visit the Amazon EC2 Pricing page.
To learn more, visit the Amazon EC2 M8a instances page and send feedback to AWS re:Post for EC2 or through your usual AWS support contacts.
— Betty