Post Syndicated from Patrick Kennedy original https://www.servethehome.com/new-meta-ai-accelerator-mtia-2-revealed/
The new Meta MTIA 2 AI accelerator optimizes for memory capacity/ W or memory capacity/ compute unit making it a very different AI design
The post New Meta AI Accelerator MTIA 2 Revealed appeared first on ServeTheHome.
Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2024/04/backdoor-in-xz-utils-that-almost-happened.html
Last week, the Internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t happen, so it won’t get much attention—but it should. There’s an important moral to the story of the attack and its discovery: The security of the global Internet depends on countless obscure pieces of software written and maintained by even more obscure unpaid, distractible, and sometimes vulnerable volunteers. It’s an untenable situation, and one that is being exploited by malicious actors. Yet precious little is being done to remedy it.
Programmers dislike doing extra work. If they can find already-written code that does what they want, they’re going to use it rather than recreate the functionality. These code repositories, called libraries, are hosted on sites like GitHub. There are libraries for everything: displaying objects in 3D, spell-checking, performing complex mathematics, managing an e-commerce shopping cart, moving files around the Internet—everything. Libraries are essential to modern programming; they’re the building blocks of complex software. The modularity they provide makes software projects tractable. Everything you use contains dozens of these libraries: some commercial, some open source and freely available. They are essential to the functionality of the finished software. And to its security.
You’ve likely never heard of an open-source library called XZ Utils, but it’s on hundreds of millions of computers. It’s probably on yours. It’s certainly in whatever corporate or organizational network you use. It’s a freely available library that does data compression. It’s important, in the same way that hundreds of other similar obscure libraries are important.
Many open-source libraries, like XZ Utils, are maintained by volunteers. In the case of XZ Utils, it’s one person, named Lasse Collin. He has been in charge of XZ Utils since he wrote it in 2009. And, at least in 2022, he’s had some “longterm mental health issues.” (To be clear, he is not to blame in this story. This is a systems problem.)
Beginning in at least 2021, Collin was personally targeted. We don’t know by whom, but we have account names: Jia Tan, Jigar Kumar, Dennis Ens. They’re not real names. They pressured Collin to transfer control over XZ Utils. In early 2023, they succeeded. Tan spent the year slowly incorporating a backdoor into XZ Utils: disabling systems that might discover his actions, laying the groundwork, and finally adding the complete backdoor earlier this year. On March 25, Hans Jansen—another fake name—tried to push the various Unix systems to upgrade to the new version of XZ Utils.
And everyone was poised to do so. It’s a routine update. In the span of a few weeks, it would have been part of both Debian and Red Hat Linux, which run on the vast majority of servers on the Internet. But on March 29, another unpaid volunteer, Andres Freund—a real person who works for Microsoft but who was doing this in his spare time—noticed something weird about how much processing the new version of XZ Utils was doing. It’s the sort of thing that could be easily overlooked, and even more easily ignored. But for whatever reason, Freund tracked down the weirdness and discovered the backdoor.
It’s a masterful piece of work. It affects the SSH remote login protocol, basically by adding a hidden piece of functionality that requires a specific key to enable. Someone with that key can use the backdoored SSH to upload and execute an arbitrary piece of code on the target machine. SSH runs as root, so that code could have done anything. Let your imagination run wild.
This isn’t something a hacker just whips up. This backdoor is the result of a years-long engineering effort. The ways the code evades detection in source form, how it lies dormant and undetectable until activated, and its immense power and flexibility give credence to the widely held assumption that a major nation-state is behind this.
If it hadn’t been discovered, it probably would have eventually ended up on every computer and server on the Internet. Though it’s unclear whether the backdoor would have affected Windows and macOS, it would have worked on Linux. Remember in 2020, when Russia planted a backdoor into SolarWinds that affected 14,000 networks? That seemed like a lot, but this would have been orders of magnitude more damaging. And again, the catastrophe was averted only because a volunteer stumbled on it. And it was possible in the first place only because the first unpaid volunteer, someone who turned out to be a national security single point of failure, was personally targeted and exploited by a foreign actor.
This is no way to run critical national infrastructure. And yet, here we are. This was an attack on our software supply chain. This attack subverted software dependencies. The SolarWinds attack targeted the update process. Other attacks target system design, development, and deployment. Such attacks are becoming increasingly common and effective, and also are increasingly the weapon of choice of nation-states.
It’s impossible to count how many of these single points of failure are in our computer systems. And there’s no way to know how many of the unpaid and unappreciated maintainers of critical software libraries are vulnerable to pressure. (Again, don’t blame them. Blame the industry that is happy to exploit their unpaid labor.) Or how many more have accidentally created exploitable vulnerabilities. How many other coercion attempts are ongoing? A dozen? A hundred? It seems impossible that the XZ Utils operation was a unique instance.
Solutions are hard. Banning open source won’t work; it’s precisely because XZ Utils is open source that an engineer discovered the problem in time. Banning software libraries won’t work, either; modern software can’t function without them. For years, security engineers have been pushing something called a “software bill of materials”: an ingredients list of sorts so that when one of these packages is compromised, network owners at least know if they’re vulnerable. The industry hates this idea and has been fighting it for years, but perhaps the tide is turning.
The fundamental problem is that tech companies dislike spending extra money even more than programmers dislike doing extra work. If there’s free software out there, they are going to use it—and they’re not going to do much in-house security testing. Easier software development equals lower costs equals more profits. The market economy rewards this sort of insecurity.
We need some sustainable ways to fund open-source projects that become de facto critical infrastructure. Public shaming can help here. The Open Source Security Foundation (OSSF), founded in 2022 after another critical vulnerability in an open-source library—Log4j—was discovered, addresses this problem. The big tech companies pledged $30 million in funding after the critical Log4j supply chain vulnerability, but they never delivered. And they are still happy to make use of all this free labor and free resources, as a recent Microsoft anecdote indicates. The companies benefiting from these freely available libraries need to actually step up, and the government can force them to.
There’s a lot of tech that could be applied to this problem, if corporations were willing to spend the money. Liabilities will help. The Cybersecurity and Infrastructure Security Agency’s (CISA’s) “secure by design” initiative will help, and CISA is finally partnering with OSSF on this problem. Certainly the security of these libraries needs to be part of any broad government cybersecurity initiative.
We got extraordinarily lucky this time, but maybe we can learn from the catastrophe that didn’t happen. Like the power grid, communications network, and transportation systems, the software supply chain is critical infrastructure, part of national security, and vulnerable to foreign attack. The US government needs to recognize this as a national security problem and start treating it as such.
This essay originally appeared in Lawfare.
Post Syndicated from Michael Kammer original https://blog.zabbix.com/what-makes-a-zabbix-conference-benelux-special/27789/
Zabbix has always seen our mission as going beyond simply delivering a product. From the start, building a strong global community has created and supported a better business model, and an important part of building our community is our practice of taking our message to the places where our users, partners, and potential clients live and work.
That’s where Zabbix Conferences enter the picture. Since 2011, they’ve grown from yearly events on our home turf in Riga to multi-day extravaganzas in locations as far-flung as Tokyo, Shanghai, and Porto Alegre. There’s something about the conferences in the Benelux countries, however, that seems to boost our reach a little further and create a little more enthusiasm every time we visit.
“Zabbix Conference Benelux is a can’t-miss event for European Zabbix enthusiasts and professionals. It attracts Zabbix experts from the retail, IT, banking, and government sectors (just to name a few), and brings everyone together with a shared sense of purpose. It’s the perfect place to network with like-minded individuals and come away with plenty of inspiration for your own projects.”
– Alexei Vladishev, Zabbix Founder and CEO
Table of Contents
The politico-economic union of Belgium, the Netherlands, and Luxembourg is a fascinating locale for any event – the three nations that make up the union each bring their own customs, history, language, and business culture to the mix, which creates an intriguing backdrop for any kind of business.
“A Zabbix Conference Benelux is a unique event because of the way the people of the region make their guests feel welcome and create an atmosphere of belonging, togetherness, and support.”
-Alexei Vladishev, Zabbix Founder and CEO
From our perspective at Zabbix, Benelux is home not only to a sizable community of existing clients and partners, but also an enormous pool of potential new ones. We’ve thought long and hard about what we can offer to that particular group when we make our (almost) annual pilgrimage to Benelux, so keep reading for some insight into what makes a Zabbix Conference Benelux not only special, but worth attending.
Attending a Zabbix Conference Benelux is first and foremost an excellent opportunity to catch up with the very latest trends and developments in the world of IT monitoring, including Zabbix proxy high-availability and load balancing as well as automating Zabbix workflows with Zabbix API and zabbix_utils.
Our conference speakers represent a broad cross-section of industries and experiences, and they pride themselves on coming up with fresh, innovative topics – in fact, many of them share their use cases and results for the first time on our stage. What’s more, the energy and dynamics of our workshops and live Q&A sessions foster open dialogue, richer conversations, and greater innovation.
“The Zabbix Conference Benelux I attended in 2023 stands out to me because of a very informative speech by (Zabbix Trainer and Consultant at Opensource ICT Solutions) Brian Van Baekel about his experience with Zabbix in an MSP environment. On top of that, the conference was organized in the beautiful center of Antwerp, the atmosphere was very friendly as usual, and we had some fascinating events after the conference as well.”
– Kaspars Mednis, Zabbix Chief Trainer
The world may be increasingly dominated by virtual interactions and digital connections, but there’s still something unique and special about face-to-face conferences. At Zabbix, our feeling has always been that in-person events are crucial to strengthening the bonds between our team members, our partners, and our users. A Zabbix Conference Benelux gives participants a chance to truly get in touch with the people behind our product, allowing for deeper understanding and stronger relationships, which are the foundation of all successful business collaborations.
“The year I attended (2023) I really enjoyed the overall spirit of the event, the atmosphere in Antwerp, and the opportunities to get to know the Zabbix community closer.”
– Aleksandrs Petrovs-Gavrilovs, Zabbix Technical Support Engineer
Attending a Zabbix Conference Benelux isn’t just about exchanging information, but also about providing attendees with opportunities for spontaneous conversations, chance encounters, and relationship-building that can lead to collaborations, partnerships, and future business opportunities for everyone involved.
Business leaders can learn about the technology and challenges of Zabbix and our partners and have a frank dialogue that helps them understand their own needs from a different perspective. And as anyone who has spent time at a Zabbix Conference Benelux can tell you, those kinds of free-flowing conversations tend to happen naturally and organically when both parties are in a friendly, welcoming environment that also happens to be just a bit outside of their home turf.
Speaking of creating a welcoming environment, it’s impossible to underestimate how important quirky yet fun event venues and incredible hospitality are to creating an ideal event for learning and networking. Zabbix Technical Support Engineer Edgars Melveris is a veteran of Zabbix Conferences in 2020 (Utrecht, the Netherlands) and 2023 (Antwerp, Belgium). He says that it’s the combination of in-depth technical information, fascinating locales, and good times that makes a Zabbix Conference Benelux special to him.
“The National Military Museum in Utrecht really impressed me, and I also enjoyed the atmosphere and sense of community at the event venues. When it comes to conference content, (Zabbix Chief Trainer) Kaspars Mednis’ workshop on ‘New and improved SNMP bulk data collection in Zabbix 6.4’ has only become more relevant with the passage of time, and (Zabbix Trainer and Consultant at Opensource ICT Solutions) Nathan Liefting’s presentation on ‘Zabbix Native HA: Lessons Learned and Tips & Tricks’ was particularly useful to me in my role.”
-Edgars Melveris, Zabbix Technical Support Engineer
Zabbix Conference Benelux 2024 will take place in Utrecht, the Netherlands, on May 24-25. To find out more information, register to attend, or sign up as a speaker, please visit the conference page. We’re looking forward to seeing you soon!
The post What Makes a Zabbix Conference Benelux Special? appeared first on Zabbix Blog.
Post Syndicated from LastWeekTonight original https://www.youtube.com/watch?v=SOn3wba8c-Y
Post Syndicated from Sophie Ashford original https://www.raspberrypi.org/blog/celebrating-the-community-arno-timo/
We love hearing from members of the community and sharing the stories of amazing young people, volunteers, and educators who are using their passion for technology to create positive change in the world around them.
In our latest story, we’re heading to Alkmaar, the Netherlands, to meet Arno and Timo, CoderDojo enthusiasts who have transitioned from club members to supportive mentors. Their journey at CoderDojo and their drive to give back and support the next generation of coders in their community has been an inspiration to those around them.
Arno and Timo have been friends since childhood, and embarked on their CoderDojo journey at the age of 12, eager to explore the world of coding. Under the guidance of mentors like Sanneke, Librarian and Chair of CoderDojo Netherlands, they not only honed their technical skills, but also learned about the value of collaboration, curiosity, and perseverance. As they grew older, they in turn were inspired to support young coders, and wanting to remain part of the CoderDojo community, they decided to become mentors to the next generation of club attendees.
Having been helping younger members of the club for years, the transition to official mentors and proud owners of the much-coveted mentor T-shirt was seamless.
Sanneke reflects on the impact young mentors like Timo and Arno have on the young learners at CoderDojo:
“Having young mentors who are just slightly older than our youngest… I think it helps them to see what happens when you grow up and how they can help. They can be examples for how to help others.” – Sanneke, Librarian, CoderDojo mentor, and Chair of CoderDojo Netherlands
Timo echoes this sentiment, highlighting how mentoring provides a fantastic opportunity to help people and make a positive impact in the local community:
“I think volunteering is important, because you’re doing something for the community, in a city or village, supporting them in their journey in learning coding.” – Timo
As they continue their journey, Timo and Arno remain committed to supporting and inspiring the next generation of coders. They also encourage anyone who is thinking of volunteering at a club to give it a go:
“If you want to volunteer at the CoderDojo, just go for it. You don’t really need that much experience. […] The kids can learn it, so can you.” – Arno
The CoderDojo movement in the Netherlands is celebrating a decade of impact, and champions a culture of growth and learning. Arno and Timo’s story serves as an inspiration to us all, shining a light on the power of mentorship and the impact of volunteering in building stronger, more supportive communities.
Arno and Timo’s story showcases the importance of mentorship for both individuals and communities, and the real impact you can have by donating an hour of your time a week. If you’re interested in becoming a CoderDojo volunteer, head to coderdojo.com to find out how to get started.
Help us celebrate Arno and Timo and their inspiring journey by sharing their story on X (formerly Twitter), LinkedIn, and Facebook.
The post Celebrating the community: Arno & Timo appeared first on Raspberry Pi Foundation.
Post Syndicated from daroc original https://lwn.net/Articles/968375/
The LWN.net Weekly Edition for April 11, 2024 is available.
Post Syndicated from Patrick Kennedy original https://www.servethehome.com/supermicro-x14-servers-shown-at-intel-vision-2024-including-a-big-surprise/
Supermicro X14 servers for next-gen Intel Xeon 6 were shown at Intel Vision 2024 in Phoenix this week and there were some big surprises
The post Supermicro X14 Servers Shown at Intel Vision 2024 Including a Big Surprise appeared first on ServeTheHome.
Post Syndicated from Jakub Oleksy original https://github.blog/2024-04-10-github-availability-report-march-2024/
In March, we experienced two incidents that resulted in degraded performance across GitHub services.
March 15 19:42 UTC (lasting 42 minutes)
On March 15, GitHub experienced service degradation from 19:42 to 20:24 UTC due to a regression in the permissions system. This regression caused failures in GitHub Codespaces, GitHub Actions, and GitHub Pages. The problem stemmed from a framework upgrade that introduced MySQL query syntax that is incompatible with the database proxy service used in some production clusters. GitHub responded by rolling back the deployment and fixing a misconfiguration in development and CI environments to prevent similar issues in the future.
March 11 22:45 UTC (lasting 2 hours and 3 minutes)
On March 11, GitHub experienced service degradation from 22:45 to 00:48 UTC due to an inadvertent deployment of network configuration to the wrong environment. This led to intermittent errors in various services, including API requests, GitHub Copilot, GitHub secret scanning, and 2FA using GitHub Mobile. The issue was detected within 4 minutes, and a rollback was initiated immediately. The majority of impact was mitigated by 22:54 UTC. However, the rollback failed in one data center due to system-created configuration records missing a required field, causing 0.4% of requests to continue failing. Full rollback was successful after manual intervention to correct the configuration data, enabling full service restoration by 00:48 UTC. GitHub has implemented measures for safer configuration changes, such as prevention and automatic cleanup of obsolete configuration and faster issue detection, to prevent similar issues in the future.
Please follow our status page for real-time updates on status changes and post-incident recaps. To learn more about what we’re working on, check out the GitHub Engineering Blog.
The post GitHub Availability Report: March 2024 appeared first on The GitHub Blog.
Post Syndicated from jzb original https://lwn.net/Articles/969373/
The Gentoo Linux project has announced
that it is now an Associated Project of Software in the Public Interest
(SPI), which will allow it to accept tax deductible donations in the
US and reduce its “non-technical workload
“:
The current Gentoo Foundation has bylaws restricting its behavior
to that of a non-profit, is a recognized non-profit only in New
Mexico, but a for-profit entity at the US federal level. A direct
conversion to a federally recognized non-profit would be unlikely to
succeed without significant effort and cost.[…] SPI is already now recognized at US federal level as a
full-[fledged] non-profit 501(c)(3). It also handles several projects of
similar type and size (e.g., Arch and Debian) and as such has exactly
the experience and background that Gentoo needs.
According to the announcement, the goal is to “eventually
“. How to do that is still under discussion. This will
transfer the existing assets to SPI and dissolve the Gentoo
Foundation
not affect Förderverein
Gentoo e.V., which has public-benefit status in Germany and can
accept tax deductible donations in Europe.
Post Syndicated from Светла Стоянова original https://www.toest.bg/grenlandia-v-chiniya-1/
През 2022 г. ресторант с две звезди Мишлен за първи път временно се премести в Гренландия, а аз имах страхотната възможност да работя в него. По произход от Фарьорските острови¹, ресторант KOKS направи малкото село Илиманак свой дом – на цели 300 км северно от Полярния кръг. Мястото е толкова отдалечено, че си е цяло пътешествие да се стигне дотам. За него е заснет филм, красноречиво наречен The Most Remote Restaurant In The World:
Ще отведа и вас, читателите, на това особено място, но няма да се огранича с престоя на масата, а ще започна още от полета до Гренландия.
Ако летите от Европа, самолетът преодолява цялото протежение на острова, за да кацне на западния му бряг. След 3–4 часа летене над океана, изведнъж от люка съзирате безкрайната ледена пустиня, тук-таме с яркосини езера от разтопен лед. Когато брегът се появи на хоризонта, картинката става негатив: вместо доскорошната гледка от сини петна на снежен фон, върху тъмносиния океан започват да проблясват бели айсберги, безразборно пръснати недалеч от крайбрежието. С приближаването те нарастват, докато започнат да се открояват ръбатите им триизмерни форми.
Иззад малките хълмчета на хоризонта една по една изникват типичните шарени къщи, като че без ред накацали по крайбрежните скали. Гледка се открива и към пристанището – тесен залив, препълнен с малки лодки, една от които е вашата. Първо тя се носи покрай скалите и този път от морска гледна точка наблюдавате червените, зелените и сините къщи и оставените по скалите каяци, а малко след това пейзажът рязко се сменя с ледените грамади, върху които стъпва само птичи крак.
Пътуването продължава около час, а наоколо са само водата, айсбергите и ако сте късметлии – гърбът на кит или муцуната на любопитен тюлен. Лодката пори водата и движението ѝ едва поклаща по-малките ледени късове. Тихо е и студът щипе бузите, но оставате стоически навън вместо в затвореното купе и вдишвате студения лъх на вековния лед. Всичко това отваря апетита и вече нямате търпение да пристигнете в ресторанта. Айсбергите оредяват и наново се вижда земя – едно малко селце със същите ярки, но по-скромни къщи.
На кея ви посрещам аз и ви водя до една голяма черна къща досами скалите. Още през 1741 г. тя е сглобена в Дания, разглобена и докарана на трупи с кораби, за да бъде построена за дом и служба на мисионера Ханс Егеде. Двуетажна и изцяло дървена, сградата е изкусно реставрирана след десетилетия разруха и наскоро става част от културното наследство на ЮНЕСКО.
Стигаме до терасата с чисто бели маси, а мой колега донася по чаша шампанско. Разказвам какво предстои: 20-степенно меню, вдъхновено от гренландските традиции и местните продукти, съпроводено от специално подбрани и идеално съчетани с храната вина и други напитки. След малко, когато тишината на гледката изпълни душата, отварям старата дървена порта и предупреждавам за ниския таван, облицован в бледосини платна, за които се смята, че са от стари корабни платна, неотдавна открити под гредите на къщата. Мой колега поема връхните дрехи, а аз ви отвеждам до предварително определената маса до прозореца. На нея има ръчно изработена керамична чиния в земни цветове, старателно сгъната кърпа, крехка водна чаша, запалена свещ и украса от свеж зелен мъх и ситни жълти цветя.
вероятно единствен носител на витамин С преди появата на вносните плодове. В продължение на векове инуитите са разчитали основно на улова на китове и тюлени, а тяхната мас е служила както за силна и засищаща храна, така и за свещи през дългите зимни нощи. В Гренландия се срещат няколко вида китове: гърбат кит, гренландски кит, нарвал, финвал и малък ивичест кит. В миналото множество датски и нидерландски кораби товарели големия улов на китове, за да използват маста за осветление в големите европейски градове, а от балените² често правели корсети, чадъри, бастуни и др. В днешно време уловът им е силно ограничен. Кубчето от кит във версията на готвачите представлява няколко изящно вплетени филийки кожа и мас във формата на мъничък подарък, гарниран с букетче от хрупкави „зелении“ за свеж послевкус.
Поднасянето и отнасянето на чиниите става с по двама или трима сервитьори едновременно. При маса от шестима души обикаляме, спираме се на позиции 1, 3 и 5, сервираме тихо, с умерен жест, след това преминаваме към позиция 2, 4 и 6 и пак така поставяме чиниите и на останалите гости. След това първият сервитьор разказва увлекателно за ястието, докато другите двама незабелязано се изнизват.
По този начин едно по едно пристигат деликатеси с местни морски дарове, като пресни скариди, различни видове миди, раци, хайвер, водорасли. Разбира се, има и риба, като златистия морски костур или типичната за региона атлантическа камбала, едра плоска риба, която може да достигне 3 м дължина и тегло от 200 кг, но в днешно време такива екземпляри почти не се срещат заради свръхулова на този вид. В миналото инуитите я ловели с дълго въже с множество кукички, което пускали на стотина-двеста метра дълбочина и след едно денонощие изтегляли обратно на брега, за да разфасоват рибата с типичните си обли ножове уло.
В ресторанта скаридите се поднасят на две части: в първата има три сурови скариди, деликатно залети с бистър сос от комбуча и няколко капки олио от кориандър – изключително нежно и ароматно ястие, а във втората – шокираща пържена скаридена глава, пълнена с пушен крем от раци, която гостът да схруска на една хапка, без да се плаши от стърчащите крачка и мустаци.
След поредицата от морски специалитети сервираме ароматен бульон с арктическа мащерка, в последната глътка от който изненадващо се пукват три зрънца касис. Така се пренасяме от морето на сушата и се зареждат ястията от гренландски животни, като северен елен, овцебик, арктически див заек и др. Чинията, обираща овациите, е посветена на тундровата яребица³, чието чисто бяло крило представлява шиш, на който са нанизани късчета месо на грил заедно с тънки резени еленска сланина и гъби. Всичко това е залято със сос от боровинки, които готвачите собственоръчно са извадили от воденичките на птиците, така че плодчетата са ферментирали по естествен път и са придобили леко кисел вкус.
Следващото ястие е тартар от северен елен, елегантно поставен между две зелени листа като своеобразен сандвич, поръсен с настъргано пушено еленско сърце и положен върху килим от яркозелен мъх. Северните елени в Гренландия са диви и обикновено се движат на стада. Лятото прекарват близо до бреговете, където растителността е в изобилие, а през зимата се изтеглят в по-вътрешната част на острова, където валежите от сняг са оскъдни и намирането на лишеи е по-лесно. Елените са вероятно най-разпространеният и най-обичан улов от инуитите. Традиционно те използват всяка част от животното, включително рогата и костите за направа на инструменти, козината – за топли дрехи, а вътрешностите сушат и опушват за зимнина.
Последното месно ястие е от овцебик, наричан още мускусен бик. Това е едър тревопасен бозайник от арктическия ареал, който може да се срещне в Гренландия, Канада и Норвегия. Животното е далечен братовчед на овцата и вълната, която инуитите изчепкват от гъстата му и груба козина, е една от най-топлите и най-меки в света. Производството ѝ е изключително скъпо, защото, както сподели един гренландец, отделянето на късите и деликатни влакънца само от 1 кв.м козина отнема цял ден. Месото от овцебик е с наситен вкус и при продължително печене се топи в устата.
Сладката част на менюто включва три десерта, като всеки следващ покачва нивото на сладостта – от свежо парфе от девесил, през кремообразен десерт от водорасли и корен от целина, до карамел от черен чесън и лук като за капак. Но истински гренландската съставка се нарича Rhododendron groenlandicum и представлява ниско растение със ситни бели цветове, което ухае наситено като парфюм дори ако само минеш покрай него. Ядливо е и от него местните често приготвят чай с ободрително действие, но в твърде големи количества то може да бъде токсично. С последните малки сладки предлагаме подбрани сортове кафе и ликьор и ви оставяме да си починете след тази безкрайна върволица от чудати вкусове.
Десерт от карамелизиран лук и черен чесън; петифура от червени боровинки, направена с помощта на грамофон © Никол Кмецова
Благодаря, че бяхте гости в нашия ресторант на края на света. А за обиколка зад кулисите очаквайте следващата ни среща!
(Следва продължение)
2 Балени се наричат горните и долните рогови пластини, служещи за зъби, или по-точно за цедка, която задържа уловените в устата на кита крил, ракообразни и планктони. Затоплени и влажни, те придобиват известна пластичност, което ги прави удобни за нарязване и моделиране. Корсетите със структура от подобен материал постепенно застават по формата на тялото на жената, която ги носи.
3 Тундровата яребица обитава арктическия ареал и високопланинските райони в Европа, Азия и Северна Америка. През лятото е със сребристо-кафяво оперение, а през зимата е чисто бяла.
Post Syndicated from Geographics original https://www.youtube.com/watch?v=fqDgHRUcNkc
Post Syndicated from Raks Khare original https://aws.amazon.com/blogs/big-data/achieve-near-real-time-operational-analytics-using-amazon-aurora-postgresql-zero-etl-integration-with-amazon-redshift/
“Data is at the center of every application, process, and business decision. When data is used to improve customer experiences and drive innovation, it can lead to business growth,”
– Swami Sivasubramanian, VP of Database, Analytics, and Machine Learning at AWS in With a zero-ETL approach, AWS is helping builders realize near-real-time analytics.
Customers across industries are becoming more data driven and looking to increase revenue, reduce cost, and optimize their business operations by implementing near real time analytics on transactional data, thereby enhancing agility. Based on customer needs and their feedback, AWS is investing and steadily progressing towards bringing our zero-ETL vision to life so that builders can focus more on creating value from data, instead of preparing data for analysis.
Our zero-ETL integration with Amazon Redshift facilitates point-to-point data movement to get it ready for analytics, artificial intelligence (AI) and machine learning (ML) using Amazon Redshift on petabytes of data. Within seconds of transactional data being written into supported AWS databases, zero-ETL seamlessly makes the data available in Amazon Redshift, removing the need to build and maintain complex data pipelines that perform extract, transform, and load (ETL) operations.
To help you focus on creating value from data instead of investing undifferentiated time and resources in building and managing ETL pipelines between transactional databases and data warehouses, we announced four AWS database zero-ETL integrations with Amazon Redshift at AWS re:Invent 2023:
In this post, we provide step-by-step guidance on how to get started with near real time operational analytics using the Amazon Aurora PostgreSQL zero-ETL integration with Amazon Redshift.
To create a zero-ETL integration, you specify an Amazon Aurora PostgreSQL-Compatible Edition cluster (compatible with PostgreSQL 15.4 and zero-ETL support) as the source, and a Redshift data warehouse as the target. The integration replicates data from the source database into the target data warehouse.
You must create Aurora PostgreSQL DB provisioned clusters within the Amazon RDS Database Preview Environment and a Redshift provisioned preview cluster or serverless preview workgroup, in the US East (Ohio) AWS Region. For Amazon Redshift, make sure that you choose the preview_2023 track in order to use zero-ETL integrations.
The following diagram illustrates the architecture implemented in this post.
The following are the steps needed to set up the zero-ETL integration for this solution. For complete getting started guides, refer to Working with Aurora zero-ETL integrations with Amazon Redshift and Working with zero-ETL integrations.
After Step1, you can also skip Steps 2–4 and directly start creating your zero-ETL integration from Step 5, in which case Amazon RDS will show a message about missing configurations and you can choose Fix it for me to let Amazon RDS automatically configure the steps.
For Aurora PostgreSQL DB clusters, you must create the custom parameter group within the Amazon RDS Database Preview Environment, in the US East (Ohio) Region. You can directly access the Amazon RDS Preview Environment.
To create an Aurora PostgreSQL database, complete the following steps:
aurora-postgresql15.DB Cluster Parameter Group.zero-etl-custom-pg-postgres).
Aurora PostgreSQL zero-ETL integrations with Amazon Redshift require specific values for the Aurora DB cluster parameters, which requires enhanced logical replication (aurora.enhanced_logical_replication).
rds.logical_replication=1aurora.enhanced_logical_replication=1aurora.logical_replication_backup=0aurora.logical_replication_globaldb=0Enabling enhanced logical replication (aurora.enhanced_logical_replication) automatically sets the REPLICA IDENTITY parameter to FULL, which means that all column values are written to the write ahead log (WAL).
zero-etl-source-pg.
db.r5.2xlarge).
zero-etl-custom-pg-postgres).
In a few minutes, this should spin up an Aurora PostgreSQL cluster, with one writer and one reader instance, with the status changing from Creating to Available. The newly created Aurora PostgreSQL cluster will be the source for the zero-ETL integration.
The next step is to create a named database in Amazon Aurora PostgreSQL for the zero-ETL integration.
The PostgreSQL resource model allows you to create multiple databases within a cluster. Therefore, during the zero-ETL integration creation step, you need to specify which database you want to use as the source for your integration.
When setting up PostgreSQL, you get three standard databases out of the box: template0, template1, and postgres. Whenever you create a new database in PostgreSQL, you are actually basing it off one of these three databases in your cluster. The database created during Aurora PostgreSQL cluster creation is based on template0. The CREATE DATABASE command works by copying an existing database, and if not explicitly specified, by default, it copies the standard system database template1. For the named database for zero-ETL integration, the database is required to be created using template1 and not template0. Therefore, if an initial database name is added under Additional configuration, that would be created using template0 and cannot be used for zero-ETL integration.
CREATE DATABASE within the new Aurora PostgreSQL cluster zero-etl-source-pg, first get the endpoint of the writer instance of the PostgreSQL cluster.
zeroetl_db:
Adding template template1 is optional, because by default, if not mentioned, CREATE DATABASE will use template1.
You can also connect via a client and create the database. Refer to Connect to an Aurora PostgreSQL DB cluster for the options to connect to the PostgreSQL cluster.
After you create your Aurora PostgreSQL source database cluster, you configure a Redshift target data warehouse. The data warehouse must comply with the following requirements:
For this post, we create and configure a Redshift Serverless workgroup and namespace as the target data warehouse, following these steps:
Because the zero-ETL integration for Amazon Aurora PostgreSQL to Amazon Redshift has been launched in preview (not for production purposes), you need to create the target data warehouse in a preview environment.
The first step is to configure the Redshift Serverless workgroup.
zero-etl-target-rs-wg).
8 RPUs.
Next, you need to configure the namespace of the data warehouse.
zero-etl-target-rs-ns).
An authorized principal identifies the user or role that can create zero-ETL integrations into the data warehouse.
After the Authorized principal is configured, you need to allow the source database to update your Redshift data warehouse. Therefore, you must add the source database as an authorized integration source to the namespace.
You can obtain the ARN of the Aurora PostgreSQL cluster on the Amazon RDS console, the Configuration tab under Amazon Resource Name.
Amazon Aurora PostgreSQL is case sensitive by default, and case sensitivity is disabled on all provisioned clusters and Redshift Serverless workgroups. For the integration to be successful, the case sensitivity parameter enable_case_sensitive_identifier must be enabled for the data warehouse.
In order to modify the enable_case_sensitive_identifier parameter in a Redshift Serverless workgroup, you need to use the AWS Command Line Interface (AWS CLI), because the Amazon Redshift console doesn’t currently support modifying Redshift Serverless parameter values. Run the following command to update the parameter:
A simple way to connect to the AWS CLI is to use CloudShell, which is a browser-based shell that provides command line access to the AWS resources and tools directly from a browser. The following screenshot illustrates how to run the command in the CloudShell.
To create a zero-ETL integration, your user or role must have an attached identity-based policy with the appropriate AWS Identity and Access Management (IAM) permissions. An AWS account owner can configure required permissions for user or roles who may create zero-ETL integrations. The sample policy allows the associated principal to perform following actions:
arn:aws:redshift:{region}:{account-id}:namespace:namespace-uuidarn:aws:redshift-serverless:{region}:{account-id}:namespace/namespace-uuidThis permission is not required if the same account owns the Redshift data warehouse and this account is an authorized principal for that data warehouse.
Complete the following steps to configure the permissions:
rds-preview. For example, rds-preview:CreateIntegration.To create the zero-ETL integration, complete the following steps:
zero-etl-demo.
zero-etl-source-pg and choose Choose.zeroetl-db).
We discuss the Specify a different account option later in this section.
zero-etl-target-rs-ns), and choose Choose.
You can choose the integration on the Amazon RDS console to view the details and monitor its progress. It takes about 30 minutes to change the status from Creating to Active, depending on size of the dataset already available in the source.
To specify a target Redshift data warehouse that’s in another AWS account, you must create a role that allows users in the current account to access resources in the target account. For more information, refer to Providing access to an IAM user in another AWS account that you own.
Create a role in the target account with the following permissions:
The role must have the following trust policy, which specifies the target account ID. You can do this by creating a role with a trusted entity as an AWS account ID in another account.
The following screenshot illustrates creating this on the IAM console.
Then, while creating the zero-ETL integration, for Specify a different account, choose the destination account ID and the name of the role you created.
To create your database, complete the following steps:
zero-etl-target-rs-ns namespace.
integration_id from the svv_integration system table:
integration_id from the previous step to create a new database from the integration. You must also include a reference to the named database within the cluster that you specified when you created the integration.CREATE DATABASE aurora_pg_zetl FROM INTEGRATION '<result from above>' DATABASE zeroetl_db;
The integration is now complete, and an entire snapshot of the source will reflect as is in the destination. Ongoing changes will be synced in near real time.
Now you can start analyzing the near real time data from the Amazon Aurora PostgreSQL source to the Amazon Redshift target:
This sample data should now be replicated in Amazon Redshift.
On the Redshift Serverless dashboard, open query editor v2 and connect to the database aurora_pg_zetl you created earlier.
Run the following query to validate the successful replication of the source data into Amazon Redshift:
You can also use the following query to validate the initial snapshot or ongoing change data capture (CDC) activity:
There are several options to obtain metrics on the performance and status of the Aurora PostgreSQL zero-ETL integration with Amazon Redshift.
If you navigate to the Amazon Redshift console, you can choose Zero-ETL integrations in the navigation pane. You can choose the zero-ETL integration you want and display Amazon CloudWatch metrics related to the integration. These metrics are also directly available in CloudWatch.
For each integration, there are two tabs with information available:
In addition to the CloudWatch metrics, you can query the following system views, which provide information about the integrations:
When you delete a zero-ETL integration, your transactional data isn’t deleted from Aurora or Amazon Redshift, but Aurora doesn’t send new data to Amazon Redshift.
To delete a zero-ETL integration, complete the following steps:
In this post, we explained how you can set up the zero-ETL integration from Amazon Aurora PostgreSQL to Amazon Redshift, a feature that reduces the effort of maintaining data pipelines and enables near real time analytics on transactional and operational data.
To learn more about zero-ETL integration, refer to Working with Aurora zero-ETL integrations with Amazon Redshift and Limitations.
Raks Khare is an Analytics Specialist Solutions Architect at AWS based out of Pennsylvania. He helps customers architect data analytics solutions at scale on the AWS platform.
Juan Luis Polo Garzon is an Associate Specialist Solutions Architect at AWS, specialized in analytics workloads. He has experience helping customers design, build and modernize their cloud-based analytics solutions. Outside of work, he enjoys travelling, outdoors and hiking, and attending to live music events.
Sushmita Barthakur is a Senior Solutions Architect at Amazon Web Services, supporting Enterprise customers architect their workloads on AWS. With a strong background in Data Analytics and Data Management, she has extensive experience helping customers architect and build Business Intelligence and Analytics Solutions, both on-premises and the cloud. Sushmita is based out of Tampa, FL and enjoys traveling, reading and playing tennis.
Post Syndicated from Cliff Robinson original https://www.servethehome.com/google-axion-for-arm-cloud-compute/
Google Axion is the company’s new Arm Neoverse V2 based processor for cloud native compute built as an in-house design
The post Google Axion for Arm Cloud Compute appeared first on ServeTheHome.
Post Syndicated from jzb original https://lwn.net/Articles/969352/
Greg Kroah-Hartman has announced another round of stable kernel
updates: 6.8.5, 6.6.26, 6.1.85, and 5.15.154 have all been released; each
contains another set of important fixes, including the mitigations for the
recently disclosed branch history injection
hardware vulnerability.
Post Syndicated from jake original https://lwn.net/Articles/966684/
A recent book by LWN guest
author Lee Phillips provides a nice introduction to the Julia programming language.
Practical Julia
does more than that, however. As its subtitle (“A Hands-On Introduction
for Scientific Minds”) implies, the book focuses on bringing Julia to
scientists, rather than programmers, which gives it something of a
different feel from most other books of this sort.
Post Syndicated from daroc original https://lwn.net/Articles/968600/
On April 3 security researcher Bartek Nowotarski
published the details of a new denial-of-service (DoS)
attack, called a “continuation flood”, against many
HTTP/2-capable web
servers. While the attack is not terribly complex, it affects many independent
implementations of the HTTP/2 protocol, even though multiple
similar vulnerabilities over the years have given implementers plenty of warning.
Post Syndicated from Tom Elkins original https://blog.rapid7.com/2024/04/10/stories-from-the-soc-part-2-msix-installer-utilizes-telegram-bot-to-execute-idat-loader/
Rapid7’s Managed Detection and Response (MDR) team continuously monitors our customers’ environments, identifying emerging threats and developing new detections.
In August 2023, Rapid7 identified a new malware loader named the IDAT Loader. Malware loaders are a type of malicious software designed to deliver and execute additional malware onto a victim’s system. What made the IDAT Loader unique was the way in which it retrieved data from PNG files, searching for offsets beginning with 49 44 41 54 (IDAT).
In part one of our blog series, we discussed how a Rust based application was used to download and execute the IDAT Loader. In part two of this series, we will be providing analysis of how an MSIX installer led to the download and execution of the IDAT Loader.
While utilization of MSIX packages by threat actors to distribute malicious code is not new, what distinguished this incident was the attack flow of the compromise. Based on the recent tactics, techniques and procedures observed (TTPs), we believe the activity is associated with financially motivated threat groups.
In January of 2024, Red Canary released an article attributing different threat actors to various deployments of malicious MSIX installers. The MSIX installers employed a variety of techniques to deliver initial payloads onto compromised systems.
All the infections began with users navigating to typo squatted URLs after using search engines to find specific software package downloads. Typo squatting aka URL hijacking is a specific technique in which threat actors register domain names that closely resemble legitimate domain names in order to deceive users. Threat actors mimic the layout of the legitimate websites in order to lure the users into downloading their initial payloads.
Additionally, threat actors utilize a technique known as SEO poisoning, enabling the threat actors to ensure their malicious sites appear near the top of search results for users.
In our most recent incident involving the IDAT Loader, Rapid7 observed a user downloading an installer for an application named ‘Room Planner’ from a website posing as the legitimate site. The user was searching Google for the application ‘Room Planner’ and clicked on the URL hxxps://roomplannerapp.cn[.]com. Upon user interaction, the users browser was directed to download an MSIX package, Room_Planner-x86.msix (SHA256: 6f350e64d4efbe8e2953b39bfee1040c8b041f6f212e794214e1836561a30c23).
During execution of the MSIX file, a PowerShell script, 1.ps1 , was dropped into the folder path C:\Program Files\WindowsApps\RoomPlanner.RoomPlanner_7.2.0.0_x86__s3garmmmnyfa0\ and executed. Rapid7 determined that it does the following:
In a controlled environment, Rapid7 visited the Telegram bot hosting the next stage PowerShell script and determined that it did the following:
After analysis of the AMSI (Anti Malware Scan Interface) bypass tool, we observed that it was a custom tool giving credit to a website, hxxps://rastamosue[.]memory-patching-amsi-bypass, which discusses how to create a program that can bypass AMSI scanning.
AMSI is a scanning tool that is designed to scan scripts for potentially malicious code after a scripting engine attempts to run the script. If the content is deemed malicious, AMSI will tell the scripting engine (in this case PowerShell) to not run the code.
Contained within the RAR file were the following files:
| Files | Description |
|---|---|
| Dharna.7z | File contains the encrypted IDAT Loader config |
| Guar.xslx | File contains random bytes, not used during infection |
| Run.exe | Renamed WebEx executable file, used to sideload DLL WbxTrace.dll |
| Msvcp140.dll | Benign DLL read by Run.exe |
| PtMgr.dll | Benign DLL read by Run.exe |
| Ptusredt.dll | Benign DLL read by Run.exe |
| Vcruntime140.dll | Benign DLL read by Run.exe |
| Wbxtrace.dll | Corrupted WebEx DLL containing IDAT Loader |
| WCLDll.dll | Benign WebEx DLL read by Run.exe |
After analysis of the folder contents, Rapid7 determined that one of the DLLs, wbxtrace.dll, had a corrupted signature, indicating that its original code was tampered with. After analyzing the modified WebEx DLL, wbxtrace.dll, Rapid7 determined the DLL contained suspicious functions similar to the IDAT Loader.
Upon extracting the contents of the RAR file to the directory path C:\ProgramData\cr, the PowerShell script executes the run.exe executable.
During execution of run.exe (a legitimate renamed WebEx executable), the executable sideloads the tampered WebEx DLL, wbxtrace.dll. Once the DLL wbxtrace.dll is loaded, the DLL executes a section of new code containing the IDAT Loader, which proceeds to read in contents from within dharna.7z.
After reading in the contents from dharna.7z, the IDAT Loader searches for the offset 49 44 41 54 (IDAT) followed by C6 A5 79 EA. After locating this offset, the loader reads in the following 4 bytes, E1 4E 91 99, which are used as the decryption key for decrypting the rest of the contents. Contained within the decrypted contents are additional code, specific DLL and Executable file paths as well as the final encrypted payload that is decrypted with a 200 byte XOR key.
The IDAT loader employs advanced techniques such as Process Doppelgänging and the Heaven’s Gate technique in order to initiate new processes and inject additional code. This strategy enables the loader to evade antivirus detections and successfully load the final stage, SecTop RAT into the newly created process, msbuild.exe.
We recently developed a configuration extractor capable of decrypting the final payload concealed within the encrypted files containing the IDAT (49 44 41 54) sections. The configuration extractor can be found on our Rapid7 Labs github page.
After using the configuration extractor, we analyzed the SecTop RAT and determined that it communicates with the IP address 91.215.85[.]66.
InsightIDR and Managed Detection and Response customers have existing detection coverage through Rapid7’s expansive library of detection rules. Rapid7 recommends installing the Insight Agent on all applicable hosts to ensure visibility into suspicious processes and proper detection coverage. Below is a non-exhaustive list of detections deployed and alerting on activity described:
| Tactics | Techniques | Details |
|---|---|---|
| Execution | Command and Scripting Interpreter: PowerShell (T1059.001) | 1.ps1 is used to fingerprint compromised machine and execute additional PowerShell scripts |
| Execution | Native API (T1106) | The IDAT injector and IDAT loader are using Heaven’s Gate technique to evade detection |
| Execution | User Execution: Malicious File (T1204.002) | User executes the binary Room_Planner-x86.msix |
| Defense Evasion | Masquerading: Match Legitimate Name or Location (T1036.005) | Malicious MSIX masquerades as legitimate Room Planner installer |
| Defense Evasion | Deobfuscate/Decode Files or Information (T1140) | gpg.exe used to decrypt cr.tar.gpg |
| Defense Evasion | Hijack Execution Flow: DLL Search Order Hijacking (T1574.001) | run.exe loads a malicious wbxtrace.dll |
| Defense Evasion | Reflective Code Loading (T1620) | PowerShell script loads a binary hosted at kalpanastickerbindi[.]com/1.jpg |
| Defense Evasion | Process Injection (T1055) | IDAT injector implements NtCreateSection + NtMapViewOfSection Code Injection technique to inject into cmd.exe process |
| Defense Evasion | Process Injection: Process Doppelgänging (T1055.013) | IDAT loader implements Process Doppelgänging technique to load the SecTop RAT |
| Defense Evasion | Virtualization/Sandbox Evasion: Time Based Evasion (T1497.003) | Execution delays are performed by several stages throughout the attack flow |
| IOC | Sha256 | Notes |
|---|---|---|
| Room_Planner-x86.msix | 6f350e64d4efbe8e2953b39bfee1040c8b041f6f212e794214e1836561a30c23 | Initial installer containing PowerShell scripts |
| 1.ps1 | 928bd805b924ebe43169ad6d670acb2dfe45722e17d461ff0394852b82862d23 | Dropped and executed by the Room_Planner-x86.msix |
| wbxtrace.dll | 1D0DAF989CF28852342B1C0DFEE05374860E1300106FF7788BBA26D84549B845 | Malicious DLL executed by run.exe, the renamed Cisco Webex binary |
| Dharna.7z | B7469153DC92BF5DE9BF2521D9550DF21BC4574D0D0CFC919FF26D1071C000B2 | Encrypted payload decrypted by wbxtrace.dll |
| read-holy-quran[.]group/ld/cr.tar.gpg | Hosts GPG file containing RAR file | |
| kalpanastickerbindi[.]com/1.jpg | Hosts .NET executable downloaded from API Bot PowerShell script | |
| 91.215.85[.]66 | SecTop RAT domain |
| Article | URL |
|---|---|
| MSIX installer malware delivery on the rise across multiple campaigns | https://redcanary.com/blog/msix-installers/ |
| Process Doppelgänging | https://malware.news/t/uncovering-the-serpent/76253 |
| Analysis of “Heaven’s Gate” part 1 | https://sachiel-archangel.medium.com/analysis-of-heavens-gate-part-1-62cca0ace6f0 |
| Fake Update Utilizes New IDAT Loader To Execute StealC and Lumma Infostealers | https://www.rapid7.com/blog/post/2023/08/31/fake-update-utilizes-new-idat-loader-to-execute-stealc-and-lumma-infostealers/ |
| Stories from the SOC Part 1: IDAT Loader to BruteRatel | https://www.rapid7.com/blog/post/2024/03/28/stories-from-the-soc-part-1-idat-loader-to-bruteratel/ |
Post Syndicated from jzb original https://lwn.net/Articles/969314/
Security updates have been issued by Debian (gtkwave), Fedora (dotnet7.0, dotnet8.0, and python-pillow), Mageia (apache, gstreamer1.0, libreoffice, perl-Data-UUID, and xen), Oracle (kernel, kernel-container, and varnish), Red Hat (edk2, kernel, rear, and unbound), SUSE (apache2-mod_jk, gnutls, less, and xfig), and Ubuntu (bind9, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4,
linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4,
linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4,
linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-azure, linux-azure-6.5, linux-gcp, linux-gcp-6.5,
linux-hwe-6.5, linux-laptop, linux-lowlatency, linux-lowlatency-hwe-6.5,
linux-oem-6.5, linux-oracle, linux-oracle-6.5, linux-starfive,
linux-starfive-6.5, linux, linux-azure, linux-azure-5.15, linux-azure-fde,
linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop,
linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15,
linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency,
linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15,
linux-raspi, linux-azure, and xorg-server, xwayland).
Post Syndicated from The History Guy: History Deserves to Be Remembered original https://www.youtube.com/watch?v=9myZ5ZI2aUc
Post Syndicated from The History Guy: History Deserves to Be Remembered original https://www.youtube.com/watch?v=4kp-jMpHasI