[$] Remote execution in the GNOME tracker

2023-10-11 jake

Post Syndicated from jake original https://lwn.net/Articles/947288/

While the vulnerability itself is pretty run-of-the-mill, the recently disclosed
GNOME vulnerability has a number of interesting facets. The problem lies
in a library that reads files in a fairly obscure format, but it turns out
that files in that format are routinely—automatically—processed by GNOME if
they are downloaded to the local system. That turns a vulnerability in a
largely unknown library into a one-click remote-code-execution flaw for
the GNOME desktop.

GitHub Availability Report: September 2023

2023-10-11 Jakub Oleksy

Post Syndicated from Jakub Oleksy original https://github.blog/2023-10-11-github-availability-report-september-2023/

In September, we experienced two incidents that resulted in degraded performance across GitHub services.

September 5 16:24 UTC (lasting 19 minutes)

On September 5, from 16:24-16:43 UTC, multiple GitHub services were down or degraded due to an outage in one of our primary databases. The primary host for a shared datastore for GitHub experienced an underlying file system write error, which affected availability for the majority of public-facing GitHub services. SAML login was affected, as was access to GitHub Actions, GitHub Issues, pull requests, GitHub Pages, GitHub API, Webhooks, GitHub Codespaces, and GitHub Packages.

The primary database suffered a partial host failure when the disk storage for the operating system became unreachable. In this case, our automatic failover was unable to detect the partial file system failure mode. We mitigated by manually failing over to a healthy host, initiated 17 minutes after our first alert and completed 2 minutes later.

With the incident mitigated, we have worked to assess more detailed impact and resilience improvements to each affected service to reduce the scope of any future incident with this shared dependency. Some of those are complete and the rest will be completed within our standard repair item SLAs. To increase the resiliency of our system, we have improved our automation that will detect and initiate a failover for this type of partial host failure. Additionally, we have identified a source of resource contention that is consistent with this type of failure and patched a fix to reduce the likelihood of recurrence.

September 19 20:36 UTC (lasting 7 hours 30 minutes)

On September 19 at 20:36 UTC, while migrating the primary datastore for GitHub Projects, an incident occurred that disrupted 95% of GitHub Projects data availability for 3.5 hours. A misconfigured index constraint on the primary GitHub Projects database table caused GitHub Projects to become fully unavailable between 20:36 UTC and 00:06 UTC. By 00:06, we restored GitHub Projects data to its state from the beginning of the incident. New project data created by users while the incident was being mitigated was fully recovered and available to users by 04:28 UTC.

In addition, a database replication interruption caused by our remediation steps created limited availability for some Git Operations, APIs, and GitHub Issues for 1.25 hours from 21:48 UTC to 23:00 UTC.

To prevent similar incidents in the future, we have improved validation of data migrations in testing and during rollout. We have evaluated and are making improvements to the constraints for any data migration to prevent the unexpected behavior that led to this data loss. To reduce the time to mitigate similar incidents, we are also in the process of rolling out improvements to reduce both the time to restore data and fix replication issues.

Please follow our status page for real-time updates on status changes. To learn more about what we’re working on, check out the GitHub Engineering Blog.

The post GitHub Availability Report: September 2023 appeared first on The GitHub Blog.

How healthcare organizations can analyze and create insights using price transparency data

2023-10-11 Gokhul Srinivasan

Post Syndicated from Gokhul Srinivasan original https://aws.amazon.com/blogs/big-data/how-healthcare-organizations-can-analyze-and-create-insights-using-price-transparency-data/

In recent years, there has been a growing emphasis on price transparency in the healthcare industry. Under the Transparency in Coverage (TCR) rule, hospitals and payors to publish their pricing data in a machine-readable format. With this move, patients can compare prices between different hospitals and make informed healthcare decisions. For more information, refer to Delivering Consumer-friendly Healthcare Transparency in Coverage On AWS.

The data in the machine-readable files can provide valuable insights to understand the true cost of healthcare services and compare prices and quality across hospitals. The availability of machine-readable files opens up new possibilities for data analytics, allowing organizations to analyze large amounts of pricing data. Using machine learning (ML) and data visualization tools, these datasets can be transformed into actionable insights that can inform decision-making.

In this post, we explain how healthcare organizations can use AWS services to ingest, analyze, and generate insights from the price transparency data created by hospitals. We use sample data from three different hospitals, analyze the data, and create comparative trends and insights from the data.

Solution overview

As part of the Centers for Medicare and Medicaid Services (CMS) mandate, all hospitals now have their machine-readable file containing the pricing data. As hospitals generate this data, they can use their organization data or ingest data from other hospitals to derive analytics and competitive comparison. This comparison can help hospitals do the following:

Derive a price baseline for all medical services and perform gap analysis
Analyze pricing trends and identify services where competitors don’t participate
Evaluate and identify the services where cost difference is above a specific threshold

The size of the machine-readable files from hospitals is smaller than those generated by the payors. This is due to the complexity of the JSON structure, contracts, and the risk evaluation process on the payor side. Due to this low complexity, the solution uses AWS serverless services to ingest the data, transform it, and make it available for analytics. The analysis of the machine-readable files from payors requires advanced computational capabilities due to the complexity and the interrelationship in the JSON file.

Prerequisites

As a prerequisite, evaluate the hospitals for which the pricing analysis will be performed and identify the machine-readable files for analysis. Amazon Simple Storage Service (Amazon S3) is an object storage service offering industry-leading scalability, data availability, security, and performance. Create separate folders for each hospital inside the S3 bucket.

Architecture overview

The architecture uses AWS serverless technology for the implementation. The serverless architecture features auto scaling, high availability, and a pay-as-you-go billing model to increase agility and optimize costs. The architecture approach is split into a data intake layer, a data analysis layer, and a data visualization layer.

The architecture contains three independent stages:

File ingestion – Hospitals negotiate their contract and pricing with the payors one time a year with periodical revisions on a quarterly or monthly basis. The data ingestion process copies the machine-readable files from the hospitals, validates the data, and keeps the validated files available for analysis.
Data analysis – In this stage, the files are transformed using AWS Glue and stored in the AWS Glue Data Catalog. AWS Glue is a serverless data integration service that makes it easier to discover, prepare, move, and integrate data from multiple sources for analytics, ML, and application development. Then you can use Amazon Athena V3 to query the tables in the Data Catalog.
Data visualization – Amazon QuickSight is a cloud-powered business analytics service that makes it straightforward to build visualizations, perform ad hoc analysis, and quickly get business insights from the pricing data. This stage uses QuickSight to visually analyze the data in the machine-readable file using Athena queries.

File ingestion

The file ingestion process works as defined in the following figure. The architecture uses AWS Lambda, a serverless, event-driven compute service that lets you run code without provisioning or managing servers.

TCR Intake Architecture

The following flow defines the process to ingest and analyze the data:

Copy the machine-readable files from the hospitals into the respective raw data S3 bucket.
The file upload to the S3 bucket triggers an S3 event, which invokes a format Lambda function.
The Lambda function triggers a notification when it identifies issues in the file.
The Lambda function ingests the file, transforms the data, and stores the clean file in a new clean data S3 bucket.

Organizations can create new Lambda functions depending on the difference in the file formats.

Data analysis

The file intake and data analysis processes are independent of each other. Whereas the file intake happens on a scheduled or periodical basis, the data analysis happens regularly based on the business operation needs. The architecture for the data analysis is shown in the following figure.

TCR Data Analysis

This stage uses an AWS Glue crawler, the AWS Glue Data Catalog, and Athena v3 to analyze the data from the machine-readable files.

An AWS Glue crawler scans the clean data in the S3 bucket and creates or updates the tables in the AWS Glue Data Catalog. The crawler can run on demand or on a schedule, and can crawl multiple machine-readable files in a single run.
The Data Catalog now contains references to the machine-readable data. The Data Catalog contains the table definition, which contains metadata about the data in the machine-readable file. The tables are written to a database, which acts as a container.
Use the Data Catalog and transform the hospital price transparency data.
When the data is available in the Data Catalog, you can develop the analytics query using Athena. Athena is a serverless, interactive analytics service that provides a simplified, flexible way to analyze petabytes of data using SQL queries.
Any failure during the process will be captured in the Amazon CloudWatch logs, which can be used for troubleshooting and analysis. The Data Catalog needs to be refreshed only when there is a change in the machine-readable file structure or a new machine-readable file is uploaded to the clean S3 bucket. When the crawler runs periodically, it automatically identifies the changes and updates the Data Catalog.

Data visualization

When the data analysis is complete and queries are developed using Athena, we can visually analyze the results and gain insights using QuickSight. As shown in the following figure, once the data ingestion and data analysis are complete, the queries are built using Athena.

TCR Visualization

In this stage, we use QuickSight to create datasets using the Athena queries, build visualizations, and deploy dashboards for visual analysis and insights.

Create a QuickSight dataset

Complete the following steps to create a QuickSight dataset:

On the QuickSight console, choose Manage data.
On the Datasets page, choose New data set.
In the Create a Data Set page, choose the connection profile icon for the existing Athena data source that you want to use.
Choose Create data set.
On the Choose your table page, choose Use custom SQL and enter the Athena query.

After the dataset is created, you can add visualizations and analyze the data from the machine-readable file. With the QuickSight dashboard, organizations can easily perform price comparisons across different hospitals, identify high-cost services, and find other price outliers. In addition, you can use ML in QuickSight to gain ML-driven insights, detect pricing anomalies, and create forecasts based on historical files.

The following figure shows an illustrative QuickSight dashboard with insights comparing the machine-readable files from three different hospitals. With these visuals, you compare the pricing data across hospitals, create price benchmarks, determine cost-effective hospitals, and identify opportunities for competitive advantage.

Performance, operational, and cost considerations

The solution recommends QuickSight Enterprise for visualization and insights. For QuickSight dashboards, the Athena query results can be stored within the SPICE database for better performance.

The approach uses Athena V3, which offers performance improvements, reliability enhancements, and newer features. Using the Athena query result reuse feature enables caching and query result reuse. When multiple identical queries are run with the query result reuse option, repeat queries run up to five times faster, giving you increased productivity for interactive data analysis. Because you don’t scan the data, you get improved performance at a lower cost.

Cost

Hospitals create the machine-readable files on a monthly basis. This approach uses a serverless architecture that keeps the cost low and takes away the challenge of maintenance overhead. The analysis can begin with the machine-readable files for a few hospitals, and they can add new hospitals as they scale. The following example helps understand the cost for different hospital based on the data size:

A typical hospital with 100 GB storage/month, querying 20 GB data with 2 authors and 5 readers, costs around $2,500/year

AWS offers you a pay-as-you-go approach for pricing for the vast majority of our cloud services. With AWS you pay only for the individual services you need, for as long as you use them, and without requiring long-term contracts or complex licensing.

TCR Monthly cost

Conclusion

This post illustrated how to collect and analyze hospital-created price transparency data and generate insights using AWS services. This type of analysis and the visualizations provide the framework to analyze the machine-readable files. Hospitals, payors, brokers, underwriters, and other healthcare stakeholders can use this architecture to analyze and draw insights from pricing data published by hospitals of their choice. Our AWS teams can assist you to identify the correct strategy by offering thought leadership and prescriptive technical support for price transparency analysis.

Contact your AWS account team for more help on design and to explore private pricing. If you don’t have a contact with AWS yet, please reach out to be connected with an AWS representative.

About the Authors

Gokhul Srinivasan is a Senior Partner Solutions Architect leading AWS Healthcare and Life Sciences (HCLS) Global Startup Partners. Gokhul has over 19 years of Healthcare experience helping organizations with digital transformation, platform modernization, and deliver business outcomes.

Laks Sundararajan is a seasoned Enterprise Architect helping companies reset, transform and modernize their IT, digital, cloud, data and insight strategies. A proven leader with significant expertise around Generative AI, Digital, Cloud and Data/Analytics Transformation, Laks is a Sr. Solutions Architect with Healthcare and Life Sciences (HCLS).

Anil Chinnam is a Solutions Architect in the Digital Native Business Segment at Amazon Web Services(AWS). He enjoys working with customers to understand their challenges and solve them by creating innovative solutions using AWS services. Outside of work, Anil enjoys being a father, swimming and traveling.

This GoWin R86S Pro is an Everything Revolution with 25GbE and 2.5GbE

2023-10-11 Patrick Kennedy

Post Syndicated from Patrick Kennedy original https://www.servethehome.com/this-gowin-r86s-pro-is-an-everything-revolution-with-25gbe-and-2-5gbe/

This new R86S Pro with twice as many cores and twice the RAM, 3x 2.5GbE, 2x 25GbE, and WiFi will revolutionize the home lab space

The post This GoWin R86S Pro is an Everything Revolution with 25GbE and 2.5GbE appeared first on ServeTheHome.

Let’s Architect! Designing systems for batch data processing

2023-10-11 Luca Mezzalira

Post Syndicated from Luca Mezzalira original https://aws.amazon.com/blogs/architecture/lets-architect-designing-systems-for-batch-data-processing/

When adding AI into products, you need to design and implement robust data pipelines to build datasets and generate reports for your business. But, data pipelines for batch processing present common challenges: you have to guarantee data quality to make sure the downstream systems receive good data. You also need orchestrators to coordinate different big data jobs, and the architecture should be scalable to process terabytes of data.

With this edition of Let’s Architect!, we’ll cover important things to keep in mind while working in the area of data engineering. Most of these concepts come directly from the principles of system design and software engineering. We’ll show you how to extend beyond the basics to ensure you can handle datasets of any size — including for training AI models.

Bringing software engineering best practices to data

In software engineering, building robust and stable applications tends to have a direct correlation with overall organization performance. Data engineering and machine learning add extra complexity: they not only have to manage software, but they also involve datasets, data and training pipelines, as well as models.

The data community is incorporating the core concepts of engineering best practices found in software communities, but there is still space for improvement. This video covers ways to leverage software engineering practices for data engineering and demonstrates how measuring key performance metrics can help build more robust and reliable data pipelines. You will learn from the direct experience of engineering teams to understand how they built their mental models.

Take me to this video

In a data architecture like data mesh, ensuring data quality is critical because data is a key product shared with multiple teams and stakeholders.

Data quality is a fundamental requirement for data pipelines to make sure the downstream data consumers can run successfully and produce the expected output. For example, machine learning models are subject to garbage in, garbage-out effects. If we train a model on a corrupted dataset, the model learns inaccurate or incomplete data that may give incorrect predictions and impact your business.

Checking data quality is fundamental to make sure the jobs in our pipeline produce the right output. Deequ is a library built on top of Apache Spark that defines “unit tests for data” to find errors early, before the data gets fed to consuming systems or machine learning algorithms. Check it out on GitHub. To find out more, read Test data quality at scale with Deequ.

Take me to this project

Overview of Deequ components

Scaling data processing with Amazon EMR

Big data pipelines are often built on frameworks like Apache Spark for transforming and joining datasets for machine learning. This session explains Amazon EMR, a managed service to run compute jobs at scale on managed clusters, an excellent fit for running Apache Spark in production.

In this session, you’ll discover how to process over 250 billion events from broker-dealers and over 1.7 trillion events from exchanges within 4 hours. FINRA shares how they designed their system to improve the SLA for data processing and how they optimized their platform for cost and performance.

Take me to this re:Invent video

Data pipelines process data and ingest it into data catalogs for discoverability and ease of consumption.

Amazon Managed Workflow Apache Airflow – Workshop

Apache Airflow is an open-source workflow management platform for data engineering pipelines: you can define your workflows as a sequence of tasks and let the framework orchestrate their execution.

Amazon Managed Workflows for Apache Airflow (Amazon MWAA) is a managed service for Apache Airflow in the AWS cloud. This workshop is a great starting point to learn more about Apache Airflow, understand how you can take advantage of it for your data pipelines, and get hands-on experience to run it on AWS.

Take me to this workshop

The workshop shows how you can implement the machine learning workflow from data acquisition to model inference

See you next time!

Thanks for reading! Next time, we’ll talk about stream data processing. To find all the posts from this series, check the Let’s Architect! page.

Modernize a legacy real-time analytics application with Amazon Managed Service for Apache Flink

2023-10-11 Bhupesh Sharma

Post Syndicated from Bhupesh Sharma original https://aws.amazon.com/blogs/big-data/modernize-a-legacy-real-time-analytics-application-with-amazon-managed-service-for-apache-flink/

Organizations with legacy, on-premises, near-real-time analytics solutions typically rely on self-managed relational databases as their data store for analytics workloads. To reap the benefits of cloud computing, like increased agility and just-in-time provisioning of resources, organizations are migrating their legacy analytics applications to AWS. The lift and shift migration approach is limited in its ability to transform businesses because it relies on outdated, legacy technologies and architectures that limit flexibility and slow down productivity. In this post, we discuss ways to modernize your legacy, on-premises, real-time analytics architecture to build serverless data analytics solutions on AWS using Amazon Managed Service for Apache Flink.

Near-real-time streaming analytics captures the value of operational data and metrics to provide new insights to create business opportunities. In this post, we discuss challenges with relational databases when used for real-time analytics and ways to mitigate them by modernizing the architecture with serverless AWS solutions. We introduce you to Amazon Managed Service for Apache Flink Studio and get started querying streaming data interactively using Amazon Kinesis Data Streams.

Solution overview

In this post, we walk through a call center analytics solution that provides insights into the call center’s performance in near-real time through metrics that determine agent efficiency in handling calls in the queue. Key performance indicators (KPIs) of interest for a call center from a near-real-time platform could be calls waiting in the queue, highlighted in a performance dashboard within a few seconds of data ingestion from call center streams. These metrics help agents improve their call handle time and also reallocate agents across organizations to handle pending calls in the queue.

Traditionally, such a legacy call center analytics platform would be built on a relational database that stores data from streaming sources. Data transformations through stored procedures and use of materialized views to curate datasets and generate insights is a known pattern with relational databases. However, as data loses its relevance with time, transformations in a near-real-time analytics platform need only the latest data from the streams to generate insights. This may require frequent truncation in certain tables to retain only the latest stream of events. Also, the need to derive near-real-time insights within seconds requires frequent materialized view refreshes in this traditional relational database approach. Frequent materialized view refreshes on top of constantly changing base tables due to streamed data can lead to snapshot isolation errors. Also, a data model that allows table truncations at a regular frequency (for example, every 15 seconds) to store only relevant data in tables can cause locking and performance issues.

The following diagram provides the high-level architecture of a legacy call center analytics platform. In this traditional architecture, a relational database is used to store data from streaming data sources. Datasets used for generating insights are curated using materialized views inside the database and published for business intelligence (BI) reporting.

Modernizing this traditional database-driven architecture in the AWS Cloud allows you to use sophisticated streaming technologies like Amazon Managed Service for Apache Flink, which are built to transform and analyze streaming data in real time. With Amazon Managed Service for Apache Flink, you can gain actionable insights from streaming data with serverless, fully managed Apache Flink. You can use Amazon Managed Service for Apache Flink to quickly build end-to-end stream processing applications and process data continuously, getting insights in seconds or minutes. With Amazon Managed Service for Apache Flink, you can use Apache Flink code or Flink SQL to continuously generate time-series analytics over time windows and perform sophisticated joins across streams.

The following architecture diagram illustrates how a legacy call center analytics platform running on databases can be modernized to run on the AWS Cloud using Amazon Managed Service for Apache Flink. It shows a call center streaming data source that sends the latest call center feed in every 15 seconds. The second streaming data source constitutes metadata information about the call center organization and agents that gets refreshed throughout the day. You can perform sophisticated joins over these streaming datasets and create views on top of it using Amazon Managed Service for Apache Flink to generate KPIs required for the business using Amazon OpenSearch Service. You can analyze streaming data interactively using managed Apache Zeppelin notebooks with Amazon Managed Service for Apache Flink Studio in near-real time. The near-real-time insights can then be visualized as a performance dashboard using OpenSearch Dashboards.

In this post, you perform the following high-level implementation steps:

Ingest data from streaming data sources to Kinesis Data Streams.
Use managed Apache Zeppelin notebooks with Amazon Managed Service for Apache Flink Studio to transform the stream data within seconds of data ingestion.
Visualize KPIs of call center performance in near-real time through OpenSearch Dashboards.

Prerequisites

This post requires you to set up the Amazon Kinesis Data Generator (KDG) to send data to a Kinesis data stream using an AWS CloudFormation template. For the template and setup information, refer to Test Your Streaming Data Solution with the New Amazon Kinesis Data Generator.

We use two datasets in this post. The first dataset is fact data, which contains call center organization data. The KDG generates a fact data feed in every 15 seconds that contains the following information:

AgentId – Agents work in a call center setting surrounded by other call center employees answering customers’ questions and referring them to the necessary resources to solve their problems.
OrgId – A call center contains different organizations and departments, such as Care Hub, IT Hub, Allied Hub, Prem Hub, Help Hub, and more.
QueueId – Call queues provide an effective way to route calls using simple or sophisticated patterns to ensure that all calls are getting into the correct hands quickly.
WorkMode – An agent work mode determines your current state and availability to receive incoming calls from the Automatic Call Distribution (ACD) and Direct Agent Call (DAC) queues. Call Center Elite does not route ACD and DAC calls to your phone when you are in an Aux mode or ACW mode.
WorkSkill – Working as a call center agent requires several soft skills to see the best results, like problem-solving, bilingualism, channel experience, aptitude with data, and more.
HandleTime – This customer service metric measures the length of a customer’s call.
ServiceLevel – The call center service level is defined as the percentage of calls answered within a predefined amount of time—the target time threshold. It can be measured over any period of time (such as 30 minutes, 1 hour, 1 day, or 1 week) and for each agent, team, department, or the company as a whole.
WorkStates – This specifies what state an agent is in. For example, an agent in an available state is available to handle calls from an ACD queue. An agent can have several states with respect to different ACD devices, or they can use a single state to describe their relationship to all ACD devices. Agent states are reported in agent-state events.
WaitingTime – This is the average time an inbound call spends waiting in the queue or waiting for a callback if that feature is active in your IVR system.
EventTime – This is the time when the call center stream is sent (via the KDG in this post).

The following fact payload is used in the KDG to generate sample fact data:

{
"AgentId" : {{random.number(
{
"min":2001,
"max":2005
}
)}},
"OrgID" : {{random.number(
{
"min":101,
"max":105
}
)}},
"QueueId" : {{random.number(
{
"min":1,
"max":5
}
)}},
"WorkMode" : "{{random.arrayElement(
["TACW","ACW","AUX"]
)}}",
"WorkSkill": "{{random.arrayElement(
["Problem Solving","Bilingualism","Channel experience","Aptitude with data"]
)}}",
"HandleTime": {{random.number(
{
"min":1,
"max":150
}
)}},
"ServiceLevel":"{{random.arrayElement(
["Sev1","Sev2","Sev3"]
)}}",
"WorkSates": "{{random.arrayElement(
["Unavailable","Available","On a call"]
)}}",
"WaitingTime": {{random.number(
{
"min":10,
"max":150
}
)}},
"EventTime":"{{date.utc("YYYY-MM-DDTHH:mm:ss")}}"
}

The following screenshot shows the output of the sample fact data in an Amazon Managed Service for Apache Flink notebook.

The second dataset is dimension data. This data contains metadata information like organization names for their respective organization IDs, agent names, and more. The frequency of the dimension dataset is twice a day, whereas the fact dataset gets loaded in every 15 seconds. In this post, we use Amazon Simple Storage Service (Amazon S3) as a data storage layer to store metadata information (Amazon DynamoDB can be used to store metadata information as well). We use AWS Lambda to load metadata from Amazon S3 to another Kinesis data stream that stores metadata information. The following JSON file stored in Amazon S3 has metadata mappings to be loaded into the Kinesis data stream:

[{"OrgID": 101,"OrgName" : "Care Hub","Region" : "APAC"},
{"OrgID" : 102,"OrgName" : "Prem Hub","Region" : "AMER"},
{"OrgID" : 103,"OrgName" : "IT Hub","Region" : "EMEA"},
{"OrgID" : 104,"OrgName" : "Help Hub","Region" : "EMEA"},
{"OrgID" : 105,"OrgName" : "Allied Hub","Region" : "LATAM"}]

Ingest data from streaming data sources to Kinesis Data Streams

To start ingesting your data, complete the following steps:

Create two Kinesis data streams for the fact and dimension datasets, as shown in the following screenshot. For instructions, refer to Creating a Stream via the AWS Management Console.

Create a Lambda function on the Lambda console to load metadata files from Amazon S3 to Kinesis Data Streams. Use the following code:

import boto3
import json

# Create S3 object
s3_client = boto3.client("s3")
S3_BUCKET = '<S3 Bucket Name>'
kinesis_client = boto3.client("kinesis")
stream_name = '<Kinesis Stream Name>'
    
def lambda_handler(event, context):
  
  # Read Metadata file on Amazon S3
  object_key = "<S3 File Name.json>"  
  file_content = s3_client.get_object(
      Bucket=S3_BUCKET, Key=object_key)["Body"].read()
  
  #Decode the S3 object to json
  decoded_data = file_content.decode("utf-8").replace("'", '"')
  json_data = json.dumps(decoded_data)
  
  #Upload json data to Kinesis data stream
  partition_key = 'OrgID'
  for record in json_data:
    response = kinesis_client.put_record(
      StreamName=stream_name,
      Data=json.dumps(record),
      PartitionKey=partition_key)

Use managed Apache Zeppelin notebooks with Amazon Managed Service for Apache Flink Studio to transform the streaming data

The next step is to create tables in Amazon Managed Service for Apache Flink Studio for further transformations (joins, aggregations, and so on). To set up and query Kinesis Data Streams using Amazon Managed Service for Apache Flink Studio, refer to Query your data streams interactively using Amazon Managed Service for Apache Flink Studio and Python and create an Amazon Managed Service for Apache Flink notebook. Then complete the following steps:

In the Amazon Managed Service for Apache Flink Studio notebook, create a fact table from the facts data stream you created earlier, using the following query.

The event time attribute is defined using a WATERMARK statement in the CREATE table DDL. A WATERMARK statement defines a watermark generation expression on an existing event time field, which marks the event time field as the event time attribute.

The event time refers to the processing of streaming data based on timestamps that are attached to each row. The timestamps can encode when an event happened. Processing time (PROCTime) refers to the machine’s system time that is running the respective operation.

%flink.ssql
CREATE TABLE <Fact Table Name> (
AgentId INT,
OrgID INT,
QueueId BIGINT,
WorkMode VARCHAR,
WorkSkill VARCHAR,
HandleTime INT,
ServiceLevel VARCHAR,
WorkSates VARCHAR,
WaitingTime INT,
EventTime TIMESTAMP(3),
WATERMARK FOR EventTime AS EventTime - INTERVAL '4' SECOND
)
WITH (
'connector' = 'kinesis',
'stream' = '<fact stream name>',
'aws.region' = '<AWS region ex. us-east-1>',
'scan.stream.initpos' = 'LATEST',
'format' = 'json',
'json.timestamp-format.standard' = 'ISO-8601'
);

Create a dimension table in the Amazon Managed Service for Apache Flink Studio notebook that uses the metadata Kinesis data stream:

%flink.ssql
CREATE TABLE <Metadata Table Name> (
AgentId INT,
AgentName VARCHAR,
OrgID INT,
OrgName VARCHAR,
update_time as CURRENT_TIMESTAMP,
WATERMARK FOR update_time AS update_time
)
WITH (
'connector' = 'kinesis',
'stream' = '<Metadata Stream Name>',
'aws.region' = '<AWS region ex. us-east-1> ',
'scan.stream.initpos' = 'LATEST',
'format' = 'json',
'json.timestamp-format.standard' = 'ISO-8601'
);

Create a versioned view to extract the latest version of metadata table values to be joined with the facts table:

%flink.ssql(type=update)
CREATE VIEW versioned_metadata AS 
SELECT OrgID,OrgName
  FROM (
      SELECT *,
      ROW_NUMBER() OVER (PARTITION BY OrgID
         ORDER BY update_time DESC) AS rownum 
      FROM <Metadata Table>)
WHERE rownum = 1;

Join the facts and versioned metadata table on orgID and create a view that provides the total calls in the queue in each organization in a span of every 5 seconds, for further reporting. Additionally, create a tumble window of 5 seconds to receive the final output in every 5 seconds. See the following code:

%flink.ssql(type=update)

CREATE VIEW joined_view AS
SELECT streamtable.window_start, streamtable.window_end,metadata.OrgName,streamtable.CallsInQueue
FROM
(SELECT window_start, window_end, OrgID, count(QueueId) as CallsInQueue
  FROM TABLE(
    TUMBLE( TABLE <Fact Table Name>, DESCRIPTOR(EventTime), INTERVAL '5' SECOND))
  GROUP BY window_start, window_end, OrgID) as streamtable
JOIN
    <Metadata table name> metadata
    ON metadata.OrgID = streamtable.OrgID

Now you can run the following query from the view you created and see the results in the notebook:

%flink.ssql(type=update)

SELECT jv.window_end, jv.CallsInQueue, jv.window_start, jv.OrgName
FROM joined_view jv where jv.OrgName = ‘Prem Hub’ ;

Visualize KPIs of call center performance in near-real time through OpenSearch Dashboards

You can publish the metrics generated within Amazon Managed Service for Apache Flink Studio to OpenSearch Service and visualize metrics in near-real time by creating a call center performance dashboard, as shown in the following example. Refer to Stream the data and validate output to configure OpenSearch Dashboards with Amazon Managed Service for Apache Flink. After you configure the connector, you can run the following command from the notebook to create an index in an OpenSearch Service cluster.

%flink.ssql(type=update)

drop table if exists active_call_queue;
CREATE TABLE active_call_queue (
window_start TIMESTAMP,
window_end TIMESTAMP,
OrgID int,
OrgName varchar,
CallsInQueue BIGINT,
Agent_cnt bigint,
max_handle_time bigint,
min_handle_time bigint,
max_wait_time bigint,
min_wait_time bigint
) WITH (
‘connector’ = ‘elasticsearch-7’,
‘hosts’ = ‘<Amazon OpenSearch host name>’,
‘index’ = ‘active_call_queue’,
‘username’ = ‘<username>’,
‘password’ = ‘<password>’
);

The active_call_queue index is created in OpenSearch Service. The following screenshot shows an index pattern from OpenSearch Dashboards.

Now you can create visualizations in OpenSearch Dashboards. The following screenshot shows an example.

Conclusion

In this post, we discussed ways to modernize a legacy, on-premises, real-time analytics architecture and build a serverless data analytics solution on AWS using Amazon Managed Service for Apache Flink. We also discussed challenges with relational databases when used for real-time analytics and ways to mitigate them by modernizing the architecture with serverless AWS solutions.

If you have any questions or suggestions, please leave us a comment.

About the Authors

Bhupesh Sharma is a Senior Data Engineer with AWS. His role is helping customers architect highly-available, high-performance, and cost-effective data analytics solutions to empower customers with data-driven decision-making. In his free time, he enjoys playing musical instruments, road biking, and swimming.

Devika Singh is a Senior Data Engineer at Amazon, with deep understanding of AWS services, architecture, and cloud-based best practices. With her expertise in data analytics and AWS cloud migrations, she provides technical guidance to the community, on architecting and building a cost-effective, secure and scalable solution, that is driven by business needs. Beyond her professional pursuits, she is passionate about classical music and travel.

ITS adopts microservices architecture for improved air travel search engine

2023-10-11 Sushmithe Sekuboyina

Post Syndicated from Sushmithe Sekuboyina original https://aws.amazon.com/blogs/architecture/its-adopts-microservices-architecture-for-improved-air-travel-search-engine/

Internet Travel Solutions, LLC (ITS) is a travel management company that develops and maintains smart products and services for the corporate, commercial, and cargo sectors. ITS streamlines travel bookings for companies of any size around the world. It provides an intuitive consumer site with an integrated view of your travel and expenses.

ITS had been using monolithic architectures to host travel applications for years. As demand grew, applications became more complex, difficult to scale, and challenging to update over time. This slowed down deployment cycles.

In this blog post, we will explore how ITS improved speed to market, business agility, and performance, by modernizing their air travel search engine. We’ll show how they refactored their monolith application into microservices, using services such as Amazon Elastic Container Service (ECS), Amazon ElastiCache for Redis, and AWS Systems Manager.

Building a microservices-based air travel search engine

Typically, when a customer accesses the search widget on the consumer site, they select their origin, destination, and travel dates. Then, flights matching these search criteria are displayed. Data is retrieved from the backend database, and multiple calls are made to the Global Distribution System and external partner’s APIs, which typically takes 10-15 seconds. ITS then uses proprietary logic combined with business policies to curate the best results for the user. The existing monolith system worked well for normal workloads. However, when the number of concurrent user requests increased, overall performance of the application degraded.

In order to enhance the user experience, significantly accelerate search speed, and advance ITS’ modernization initiative, ITS chose to restructure their air travel application into microservices. The key goals in rearchitecting the application are:

To break down search components into logical units
To reduce database load by serving transient requests through memory-based storage
To decrease application logic processing on ITS’ side to under 3 seconds

Overview of the solution

To begin, we decompose our air travel search engine into microservices (for example, search, list, PriceGraph, and more). Next, we containerize the application to simplify and optimize system utilization by running these microservices using AWS Fargate, a serverless compute option on Amazon ECS.

Every search call processes about 30-60 MB of data in varying formats from different data stores. We use a new JSON-based data format to streamline varying data formats and store this data in Amazon ElastiCache for Redis, an in-memory data store that provides sub-millisecond latency and data structure flexibility. Additionally, some of the static data used by our air travel search application was moved to Amazon DynamoDB for faster retrieval speeds.

Figure 1. ITS’ microservice architecture, using AWS

ITS’ modernized architecture has several benefits beyond reducing operational expenses (OpEx). Some of these advantages include:

Agility. This architecture streamlines development, testing, and deploying changes on individual components, leading to faster iterations and shorter time-to-market (TTM).
Scalability. The managed scaling feature of AWS Fargate eliminates the need to worry about cluster autoscaling when setting up capacity providers. Amazon ECS actively oversees the task lifecycle and health status, responding to unexpected occurrences like crashes or freezes by initiating tasks as necessary to fulfill our service demands. This capability enhances resource utilization, ensures business continuity, and lowers overall total cost of ownership (TCO), letting the application owner focus on business needs.
Improved performance. Integrating Amazon ElastiCache for Redis with Amazon ECS on AWS Fargate to cache frequently accessed data significantly improves search response times and lowers load on backend services.
Centralized configuration management. Decoupling configuration parameters like database connection, strings, and environment variables from application code by integrating AWS Systems Manager Parameter Store, also provides consistency across tasks.

Results and metrics

ITS designed this architecture, tested, and implemented it in their production environment. ITS benchmarked this solution against their monolith application under varying factors for four months and noticed a significant improvement in air travel search speeds and overall performance. Here are the results:

Single User	Non-cloud airlist page round trip (RT)		Cloud airlist page RT
Single User	Leg 1	Leg 2	Leg 1	Leg 2
Test 1	29 secs	17 secs	11 secs	2 secs
Test 2	24 secs	11 secs	11.8 secs	1 sec
Test 3	24 secs	12 secs	14 secs	1 sec

Table 1. Monolithic versus modernized architecture response times

Searching round trip (RT) flights in the old system resulted in an average runtime of 27 seconds for the first leg, and 12 seconds for the return leg. With the new system, the average time is 12 seconds for the first leg and 1.3 seconds for the return leg. This is a combined improvement of 72%

Note that this time includes the trip time for our calls to reach an external vendor and receive inventory back. This usually ranges from 6 to 17 seconds, depending on the third-party system performance. Leg 2 performance for our new system is significantly faster (between 1-2 seconds). This is because search results are served directly from the Amazon ElastiCache for Redis in-memory datastore, rather than querying backend databases. This decreases load on the database, enabling it to handle more complex and resource-intensive operations efficiently.

Table 2 shows the results of endurance tests:

Endurance Test	Cloud airlist page RT
Endurance Test	Leg 1	Leg 2
50 Users in 10 minutes	14.01 secs	4.48 secs
100 Users in 15 minutes	14.47 secs	13.31 secs

Table 2. Endurance test

Table 3 shows the results of spike tests:

Spike Test	Cloud airlist page RT
Spike Test	Leg 1	Leg 2
10 Users	12.34 secs	9.41 secs
20 Users	11.97 secs	10.55 secs
30 Users	15 secs	7.75 secs

Table 3. Spike test

Conclusion

In this blog post, we explored how Internet Travel Solutions, LLC (ITS) is using Amazon ECS on AWS Fargate, Amazon ElastiCache for Redis, and other services to containerize microservices, reduce costs, and increase application performance. This results in a vastly improved search results speed. ITS overcame many technical complexities and design considerations to modernize its air travel search engine.

To learn more about refactoring monolith application into microservices, visit Decomposing monoliths into microservices. If you are interested in learning more about Amazon ECS on AWS Fargate, visit Getting started with AWS Fargate.

Testing a $5,000 Portrait lens 😲

2023-10-11 Matt Granger

Post Syndicated from Matt Granger original https://www.youtube.com/watch?v=M48XLvcVRCA

The Risks of Exposing DICOM Data to the Internet

2023-10-11 Christiaan Beek

Post Syndicated from Christiaan Beek original https://blog.rapid7.com/2023/10/11/the-risks-of-exposing-dicom-data-to-the-internet/

Introduction

The Risks of Exposing DICOM Data to the Internet

Digital Imaging and Communications in Medicine (DICOM) is the international standard for the transmission, storage, retrieval, print, and display of medical images and related information. While DICOM has revolutionized the medical imaging industry, allowing for enhanced patient care through the easy exchange of imaging data, it also presents potential vulnerabilities when exposed to the open internet.

About five years ago, I was in the hospital while an ultrasound was taken of my pregnant wife. While the doctor made the images, a small message on the screen got my attention: “writing image to disk – transfer DICOM.” Digging into the DICOM standard at the time resulted in being able to discover exposed systems over the internet, retrieve medical images, use demo software, and 3D-print a pelvis. An example of that research is still available online here. It’s now five years later, so I was curious to see if things had changed (and no worries—I will not 3D-print another body part 😉).

This article delves into the risks associated with the unintended exposure of DICOM data and the importance of safeguarding this data.

Understanding DICOM

DICOM is more than just an image format; it encompasses a suite of protocols that allow different medical imaging devices and systems, such as MRI machines, X-ray devices, and computer workstations, to communicate with each other. A typical DICOM file not only contains the image but also the associated metadata, which may have patient demographic information, clinical data, and sometimes even the patient’s full name, date of birth, and other personal identifiers.

What Are the Exposure Risks?

Breach of Patient Confidentiality: The most pressing concern is the breach of patient confidentiality. If DICOM data is exposed online, there’s a high risk of unauthorized access to sensitive patient information. Such breaches have the potential to result in legal consequences, financial penalties, and damage to the reputations of medical institutions.
Data Manipulation: An unprotected system might allow malicious entities not only to view but also to alter medical data. Such manipulations have the potential to lead to mis-diagnoses, inappropriate treatments, or other medical errors.
Ransomware Attacks: In recent years, healthcare institutions have become prime targets for ransomware attacks. Exposing DICOM data could potentially provide a gateway for cybercriminals to encrypt vital medical information and demand a ransom for its release.
Data Loss: Without proper security measures, data could be accidentally or maliciously deleted, leading to loss of crucial medical records.
Service Interruptions: Unprotected DICOM servers could be vulnerable to denial-of-service (DoS) attacks, disrupting medical services and interfering with patient care.

Research

While previously I focused on the imaging part of the protocol, this time I looked into the possibility of retrieving PII data* from openly exposed DICOM servers.

Using Sonar, Rapid7’s proprietary internet scan engine, a study was conducted to scan for the DICOM port exposed to the internet. Using the output of the scan, a simple Python script was created that used the IP addresses discovered as input, whereby a basic set of DICOM descriptors from the “PATIENT” root-level were queried. The standard itself is very extensive and contains many fields that can be retrieved, such as PII related data including name, date of birth, comments on the treatment, and many more.

Unfortunately, we were able to quickly retrieve sensitive patient information. No need for authentication; we received the information simply by requesting it. The following screenshot is an example of what we retrieved, with the PII altered for privacy purposes.

The Risks of Exposing DICOM Data to the Internet

In some cases, we were able to get more details on the study and status of the patient:

Importantly, our results not only discovered hospitals, but also private practice and veterinary clinics.

When scanning for systems connected to the internet, we focused on the two main TCP ports: TCP port 104 and TCP port 11112. We ignored the TCP port 4242 since that is mostly used to send images. In total we discovered more than 3600 results that replied to these two ports.

Although it might be interesting to geolocate where these systems are, we believe that it is better to investigate which systems are really possible candidates that we can retrieve data from and geolocate those.

TCP port 104 stats

After retrieving the list of IP addresses that responded to the open port and matched a DICOM reply, we scanned the list by using a custom script that would query if a connection could be established or not. The following diagram shows the results of this scan.

In 45% of cases, the remote server was accepting a connection that could be used for retrieving information.

TCP port 11112 stats

Next, we used the list of IP addresses that responded to a DICOM ping reply on TCP port 1112. Again we used our script to query if a connection could be established or not. The diagram below shows the results of this particular scan.

Of the total number of 1921 discovered systems responding to our DICOM connection verification script, 43% of these systems were accepting a connection that could be used for retrieving data.

Since we now know how many systems are connected, accepting connections to retrieve the information, let’s map those out on a global map, where each orange colored country is a country where systems were discovered:

Not much seems to have changed since my initial research in 2018; even searching for medical images using a fairly simple Google query results in the ability to download images from DICOM systems, including complete MRI sets. The image below showcases an innocent example from a veterinary clinic where an X-ray of an unfortunate pet was made.

Conclusion

While DICOM has proven invaluable in the world of medical imaging, its exposure to the internet poses significant risks. Healthcare institutions are the prime targets of threat actors; therefore, these risks have detrimental implications on patients’ healthcare services and consumer trust, and they cause legal and financial damage to healthcare providers.

It’s essential for healthcare institutions to recognize these risks and implement robust measures to protect both patient data and their reputations. As the cyber landscape continues to evolve, so too must the defenses that guard against potential threats. Healthcare organizations should make it a part of their business strategy to regularly scan their exposure to the internet and institute robust protections against potential risks.

*Note: Where possible, Rapid7 used their connections with National CERTS to inform them of our findings. All data that was discovered has been securely removed from the researcher’s system.

New whitepaper available: Charting a path to stronger security with Zero Trust

2023-10-11 Quint Van Deman

Post Syndicated from Quint Van Deman original https://aws.amazon.com/blogs/security/new-whitepaper-available-charting-a-path-to-stronger-security-with-zero-trust/

Security is a top priority for organizations looking to keep pace with a changing threat landscape and build customer trust. However, the traditional approach of defined security perimeters that separate trusted from untrusted network zones has proven to be inadequate as hybrid work models accelerate digital transformation.

Today’s distributed enterprise requires a new approach to ensuring the right levels of security and accessibility for systems and data. Security experts increasingly recommend Zero Trust as the solution, but security teams can get confused when Zero Trust is presented as a product, rather than as a security model. We’re excited to share a whitepaper we recently authored with SANS Institute called Zero Trust: Charting a Path To Stronger Security, which addresses common misconceptions and explores Zero Trust opportunities.

Gartner predicts that by 2025, over 60% of organizations will embrace Zero Trust as a starting place for security.

The whitepaper includes context and analysis that can help you move past Zero Trust marketing hype and learn about these key considerations for implementing a successful Zero Trust strategy:

Zero Trust definition and guiding principles
Six foundational capabilities to establish
Four fallacies to avoid
Six Zero Trust use cases
Metrics for measuring Zero Trust ROI

The journey to Zero Trust is an iterative process that is different for every organization. We encourage you to download the whitepaper, and gain insight into how you can chart a path to a multi-layered security strategy that adapts to the modern environment and meaningfully improves your technical and business outcomes. We look forward to your feedback and to continuing the journey together.

If you have feedback about this post, submit comments in the Comments section below.

Want more AWS Security news? Follow us on Twitter.

See why this is THE ULTIMATE Smart TRV – Sonoff TRVZB

2023-10-11 BeardedTinker

Post Syndicated from BeardedTinker original https://www.youtube.com/watch?v=SVrutdQoQ7s

Camera Testing in a Hurricane 📷 🌪

2023-10-11 Matt Granger

Post Syndicated from Matt Granger original https://www.youtube.com/watch?v=fz0Rnbpda40

Приспивен двубой. Липсващите теми в дебата между Васил Терзиев и Антон Хекимян

2023-10-11 Светла Енчева

Post Syndicated from Светла Енчева original https://www.toest.bg/prispiven-dvuboy-lipsvashtite-temi-v-debata-mezhdu-vasil-terziev-i-anton-hekimyan/

Приспивен двубой. Липсващите теми в дебата между Васил Терзиев и Антон Хекимян

През последните години все по-рядко се състоят дебати между основните кандидати за дадена изборна длъжност. Това се случва поради нежеланието на някои от претендентите да влизат в директен словесен сблъсък с опонентите си. Преди година неочакваната поява на съпредседателя на „Продължаваме промяната“ на предизборна дискусия в студиото на bTV дори предизвика скандал. Затова дебатът по „Дарик радио“ между кандидатите с най-голям шанс да станат кмет на София – Васил Терзиев и Антон Хекимян – сам по себе си е добра новина.

Въпреки това и въпреки че беше замислен със структурата на боксов мач в 15 рунда по три минути (от които се състояха 14), дебатът можеше по-скоро да приспи слушателя или зрителя, отколкото да го накара да се чувства като на спортно състезание. И не произведе водещи новини. Но тъй като по всяка вероятност един от участниците в него ще бъде „лицето“ на столицата през следващите най-малко четири години, струва си да обърнем внимание какво казаха Терзиев и Хекимян. И най-вече – какво не казаха.

Пешеходно движение и достъпна среда

Достъпната среда изцяло липсваше от дебата. За тротоари ставаше дума само във връзка с качеството на ремонтите. Ако някое извънземно слушаше дискусията, можеше да остане с впечатлението, че в София хората се придвижват с коли, обществен транспорт, велосипеди или тротинетки, но никой не ходи пеша, никой не бута бебешка количка и няма хора с увреждания.

Васил Терзиев спомена недостъпността на подлезите единствено в контекста на това, че с децата си се придвижват с тротинетки. Но ако той може да слезе от тротинетката си и да я повдигне, макар да се оплаква, че возилото тежи 25 кг, работещият в САЩ преподавател по журналистика Христофор Караджов няма как да слезе от количката си нито за да преодолее подлез, нито за да влезе в голяма част от магазините, заведенията, институциите, хотелите, домовете – и изобщо в сградите, които имат всевъзможни прагове и стълби, но нямат рампи. Достъпността отсъстваше и от темата за обществения транспорт.

Презастрояване

Презастрояването е един от основните проблеми в София. То е концентрирано предимно в южните и източните квартали и постоянно става повод за протести. Тази тема обаче напълно отсъстваше от дебата. Стана дума само за небостъргачите, които и според Терзиев, и според Хекимян трябва да се изграждат в определени райони.

Една от основните градоустройствени идеи за спиране на презастрояването на юг и изток е да се инвестира в застрояването на северните квартали. Но в дебата северните квартали присъстваха най-вече с необходимостта от транспортното им свързване. И според двамата кандидати Кремиковци трябва да стане комбинация между жилищна и индустриална зона, но не обвързаха тази тема с презастрояването.

Корупция

Корупцията също е един от основните проблеми на София, а и на дългогодишното управление на ГЕРБ. Разбираемо беше, че Антон Хекимян избягваше тази тема. Но и Васил Терзиев прояви голяма деликатност в това отношение. На непрекъснатите твърдения на опонента си, че за едно или друго има нужда от повече пари, той не постави ребром въпроса къде изчезват парите, а се изразяваше доста по-меко – говореше за течове на средства, необходимост от контрол, преструктуриране, черни списъци на фирми.

Хекимян от своя страна прехвърляше проблемите или върху централната власт, или върху най-ниското равнище – работниците, които трошат павета. И го удряше на чувства – „с възмущение съм гледал как се чупи паве“. На което Терзиев отговори: „А аз с възмущение седя и слушам как не се поема никаква отговорност за това, което се случва толкова години.“

Социални услуги

В дебата често ставаше дума за училища и детски градини, една от темите беше здравеопазването. Хекимян спомена, че е необходимо да се изградят хосписи за възрастни хора. Като изключим това, според двамата кандидати за кмет на София, изглежда, няма бездомни, жертви на домашно насилие, хора със зависимости, деца в риск и изобщо всякакви групи, които се нуждаят от подкрепа и на които местната власт би могла да помогне.

Общото впечатление беше, че в София живеят комай само деца и… работещи мъже плюс споменатите от Хекимян възрастни хора, за които не се предвиждат други възможни форми на подпомагана от Общината грижа, освен да бъдат пратени в хоспис. Той спомена един път и „уязвимите групи“, без да конкретизира. За жени стана дума само веднъж, и то в качеството им на майки – доскорошният директор на новините на bTV каза, че училищата и детските градини са важни, за да „се върнат майките по-скоро на работа, ако имат такова желание“.

Сегрегация

От дебата човек не би могъл да научи, че в София има компактни гета. Един от въпросите на водещия Константин Вълков беше какво мислят двамата кандидати за премахването на незаконно построените къщи. От отговора на Хекимян се видя, че той дори не схваща за какво става дума – според него, ако въпросната постройка става за нещо, тя може да се ползва за… общински дейности. Според Терзиев разрушаването на незаконните къщи трябва да се прави „много внимателно“, като преди това обитателите им се настанят другаде, защото „това са човешки съдби“.

Но наличието на обширни райони в столицата, в които публичната власт на практика не присъства, освен когато събаря единствените жилища на хората, не изглеждаше да се забелязва от кандидатите. В програмата на „Спаси София“ – част от коалицията, издигнала Терзиев – темата е детайлно разработена. Има дори раздел за необходимостта да се предоставят служебни адреси на хората без лични документи (огромната част от които живее точно в гетата), за да може да им се издадат такива документи. В това отношение той, изглежда, не си беше научил урока.

„София прайд“, „Луковмарш“, футболни агитки

И двамата опоненти избягваха да влизат в разделящи обществото теми, а и водещият Константин Вълков не им задаваше въпроси в тази посока. Такива теми са например „София прайд“, „Луковмарш“, както и отношението към футболните агитки, когато проявяват агресия и нарушават обществения ред.

По първите две теми Васил Терзиев беше отговорил още през юли на среща с граждани в район „Витоша“. Според него „имаме нужда от „София прайд“ – мирно събитие, на което се събират много хора с деца“, „Луковмарш“ по-скоро не трябва да се провежда“. Позицията на Хекимян по тези теми не е известна. По време на дебата обаче той каза, че по спорни теми трябва „да се допитаме до хората“. По тази логика излиза, че мнозинството трябва да решава дали едно дискриминирано малцинство да излезе на шествие за равни права.

И според двамата Националният стадион трябва да се премести извън центъра, за да се избегне струпването на твърде много хора в централната част на града, когато има мач. Не проблематизират обаче футболното хулиганство. Вместо това Терзиев предпочита да се бори с графитите.

Туристи и чужденци

Един от „рундовете“ в дебата беше озаглавен „Екология, туризъм и възможности пред София и Витоша“. Темата за туризма обаче беше сведена на практика изцяло до Витоша. Никой от кандидатите не открои като нещо важно, че в столицата идват и туристи. Не само централният бюджет, на който Хекимян непрекъснато се позоваваше, а и туристите са източник на приходи за града. Само веднъж Терзиев спомена „имайки предвид как се развива София като туристическа дестинация“ във връзка с това, че е за връщането на Uber. Но не стана ясно нито какво е имал предвид, нито как се развива София в тази посока.

Освен че идват като туристи, в София и живеят чужди граждани. Някои работят, други учат, трети са бежанци или търсят убежище, четвърти идват по семейни или любовни причини… От дебата не пролича основните кандидати за кмет на столицата да си задават въпроса какъв град е или би трябвало да бъде София за чужденците. Като започнем от ориентацията по улиците и обществения транспорт, минем през (не)разбираемостта на публичните услуги и стигнем до гостоприемността и ксенофобските нагласи.

Образование

И Терзиев, и Хекимян откроиха като свой основен приоритет образованието. Но парадоксално, аудиторията така и не разбра какво е образованието за тях и защо го смятат за важно. Говоренето им по темата се ограничи върху изграждането на детски градини и подобряването на материалната база (най-вече спортната) в училищата и училищните дворове. Не стана ясно и какво друго може да направи местната власт за образованието, освен да осигурява материална база.

Общи впечатления от представянето на Хекимян и Терзиев

От двамата кандидати Васил Терзиев демонстрира по-голяма подготвеност. Това не е учудващо, защото той се готви за поста от месеци, а и разполага с експертността на „Спаси София“ и „Екипът на София“. Той например с точност отговори на въпроса на опонента си колко струва един общински полицай. Знаеше колко километра велоалеи са изградени, и коригира Хекимян, че липсващите места в детските градини не са 2000, а пет пъти повече.

По-добрата подготвеност обаче не е гаранция за успех, защото Антон Хекимян има по-сериозен опит в говоренето и отправя послания, подходящи за повече групи хора. Дежурният отговор, който даваше на почти всички критики на опонента си, може да се обобщи като „кой ще ни даде пари“. Въпреки рекордния бюджет на София според кандидата на ГЕРБ всеки проблем може да се реши с повече пари. А ако парите липсват, виновни са от ПП. В един случай вината според него е в реституцията, но никога – на дългогодишните управляващи от ГЕРБ.

Хекимян „съобщи“ и невярната информация, че миналата година от ПП са искали да се разреди градският транспорт на София и да се повиши цената на билетите. Терзиев реагира с учуден поглед и не намери отговор. След кратка проверка на фактите може да се установи, че всъщност става дума за интерпретация на Йорданка Фандъкова. В началото на 2022 г., когато на власт беше кабинетът на Кирил Петков, тя поиска от централния бюджет допълнителни средства заради повишените цени на горивата и предупреди, че ако те не бъдат отпуснати, ще се стигне до това, което спомена Хекимян.

И двамата кандидати за кмет на София неизбежно правят връзка с основните си професионални роли. ИТ предприемачът Васил Терзиев се позовава на опита си в управлението на големи бюджети и екипи, привличането на инвестиции, включително и за София. За Хекимян е важно, че като журналист той е бил „близо до хората“. Интересен детайл е, че за него част от журналистическата му работа е просто да представя информация – той поне три пъти казва как е решавал „проблемите на хората“. А това трудно се връзва с претенцията му за обективност, защото, за да решиш кой е достоен за помощ, трябва да си взел страна.

Дефицит на визионерство

През 2007 г. Мартин Заимов беше първият кандидат-кмет на София, който имаше цялостна и съвременна визия за развитието на града като модерна европейска столица. От него много избиратели (включително и авторката на този текст) научиха какво е компостер. Както и че не само автомобилното движение е от значение. Но визионерството не му донесе успех – той получи близо 18% от гласовете, а Бойко Борисов, който тогава беше на върха на популярността си, спечели още на първи тур.

Дванайсет години по-късно, през 2019 г. Борис Бонев излезе не само с цялостна и съвременна визия за развитието на София, а и с програма, разработена в някои отношения до най-дребните детайли. Но и той не постигна успех, а взе по-малко от 11% от гласовете, не на последно място защото не беше подкрепен от политически субект.

Днес, четири години по-късно, изглежда, не е време за смело визионерство, колкото и Васил Терзиев да повтаряше в дебата, че обича да мечтае. Както каза една млада архитектка, „който и да стане кмет, няма да разбира нищо от градоустройство“. Зад Терзиев поне стои експертността на „Спаси София“ и „Екипът на София“, които имат, общо взето, сходни виждания за развитието на града. А зад Хекимян има само още от същото.

Eben Moglen & SFLC — abusive employer & LGBTQIA+ unfriendly

2023-10-11 Bradley M. Kuhn

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2023/10/11/moglen-sflc.html

[ The below is a personal statement that I make on my own behalf. While
my statement’s release coincides with a release of an unrelated statement
on similar topics made
by my
employer, Software Freedom Conservancy, and
the Free
Software Foundation Europe, please keep in mind that this statement is
my own, personal opinion — written exclusively by me — and not
necessarily the opinion of either of those organizations. I did not consult
nor coordinate with either organization on this statement. ]

With great trepidation, I have decided to make this public statement
regarding the psychological abuse, including menacing, that I suffered,
perpetrated by Eben Moglen, both while I was employed at his Software
Freedom Law Center (SFLC) from 2005-2010, and in the years after he fired
me. No one revels in having psychological injuries and mistreatment
they’ve suffered paraded to the public. I’ll be frank that if it were not
for Moglen’s use of the USA Trademark Trial and Appeal Board (TTAB) as a
method to perpetrate further abusive behavior, I wouldn’t have written this
post. Furthermore, sadly, Moglen has threatened in recent TTAB filings his
intention to use the proceeding to release personal details about my life
to the public (using the litigation itself as a lever). I have decided to
preemptively make public the facts herein first myself — so that I
can at least control the timing and framing of the information.

This post is long; the issues discussed in it are complicated, nuanced,
and cannot be summed up easily. Nevertheless, I’m realistic that most
people will stop reading soon, so I’ll summarize now as best I can in a few
sentences: I worked initially with, and then for, Eben Moglen for
nearly a decade — during which time he was psychologically abusive and
gaslighted me (under the guise of training and mentoring me). I thought
for many years that he was one of my best friends (— in retrospect, I
believe that he tricked me into believing that he was). As such, I shared
extremely personal details about myself to him — which he has used
both contemporaneously and in years hence to attempt to discredit me with
my colleagues and peers. Recently, Moglen declared his plans to use
current TTAB proceedings to force me to answer questions about my mental
health in
deposition⁰. Long
ago, I disclosed key personal information to Moglen, I therefore have a
pretty good idea of what his next move will be during that deposition
questioning. Specifically, I believe Moglen was hoping to out me as
omni/bisexual¹ as part of my deposition
in this proceeding. As such, I’m outing myself here first (primarily) to
disarm his ability to use what he knows about my sexual orientation against
me. Since that last sentence makes me already out, Moglen will be unable
to use the biggest “secret” that Moglen “has on me”
in his future psychological and legal attacks.

I suspect some folks will stop reading here, but I really urge that you
keep reading this post, and also to read the unrelated statement made by
Conservancy
and FSFE.
The details are important and matter. I am admittedly embarrassed to talk
publicly about how Moglen exacerbated, expanded, and caused new symptoms of
my Post-Traumatic Stress Disorder (PTSD) — which I already suffered
from when I met him. But, I feel it is important to talk about these
issues publicly for many reasons — including that Moglen seeks to
expose these personal facts about me as an attempt to stigmatize what is
actually a positive thing: I seek ongoing treatment for my PTSD (which
Moglen himself, in part, caused) and to simultaneously process and reduce
my (painful and stubborn) internalized shame about my LGBTQIA+
status. (Like many proud LGBTQIA+ folks, I struggle with this because
living in a society unfriendly to LGBTQIA+ folks can lead to difficult
shame issues — this is a well-documented phenomena that LGBTQIA+
folks like myself suffer from.)

The primary recent catalyst for this situation is as follows: Moglen has
insisted that, as part of the
ongoing trademark
cancellation petition that SFLC filed against my employer, Software Freedom
Conservancy in
the TTAB,
that Moglen both personally be allowed to be present at, and to
actually take the depositions³ of me and
my colleague, Karen Sandler.

This kind of behavior is typical of how abusers use litigation to
perpetuate their abuse. The USA legal system is designed to give everyone
“their day in Court”. Frankly, many of the rules established
for Court proceedings did not contemplate that the process could be
manipulated by abusers, and it remains an open problem on how to repair the
rules that both preserve the egalitarian nature of our legal system, but
also does not make it easy for abusers to misuse those same rules.
Depositions, in particular, are a key tool in abusers’ arsenals.
Depositions allow Plaintiffs (in the TTAB, BTW, the Plaintiff is called
“the Petitioner”) to gather evidence. Generally speaking, most
Courts have no good default rules to prevent abusers from using these
depositions to get themselves in the room with their victims and harass
those victims further with off-topic haranguing. The only method (which is
quite clunky as a legal tool) to curtail the harassment somewhat is called
a protective order. However, Moglen has been smart enough to use
the very process of the protective order application to further perpetuate
abusive behavior.

To understand all this in context, I ask that you first
read Conservancy’s
public response to the initial filing of the trademark cancellation
proceeding (six years ago). In short, SFLC is seeking to
“cancel” the trademark on the name “Software Freedom
Conservancy”. Ostensibly, that’s all this case is (or, rather should
be) about.

The problem is that, upon reading
the docket in
detail, it’s easily seen that at nearly every step, Moglen has
attempted to use the proceeding as a method to harass and attack me and my
colleague, Karen Sandler — regarding issues wholly unrelated to the
trademarks. The recent arguments have been about our depositions⁴ —
mine and Karen’s².

After some complex legal back-and-forth,
Judge Elgin
ordered that I was legally required to sit for a deposition with and by
Moglen. This is the point where a catch-22 began for me.

Option 0: Sit in a room for 8+ hours with a person who had spent
years verbally abusing me and let him ask me any question he
wants⁵ —
under penalty of perjury and contempt of Court if I refuse.
Option
1: Give Conservancy’s lawyers permission to talk openly, in public
documents, about the details of the abuse I suffered from Moglen and the
psychological harm that it caused me (which is the necessary backup
document for a protective order motion).

IOW, the only way to
get a protective order that would prevent me from being legally required to
suffer further psychological abuse from Moglen was to publicly talk about
the past abuse 😩. I reluctantly chose Option 1. I encourage you to read
in
full
my first sworn testimony on the issue. That document explains many of the
psychological abusive examples I suffered from Moglen — both as an
employee at SFLC and since.

Fortunately, that aforementioned sworn testimony was sufficient to
convince Judge Elgin to at least entertain reconsidering her decision that
I have to sit⁸ for a deposition with Moglen. However, submitting the
official motion then required that I give even more
information about why the deposition with Moglen will be psychologically
harmful. In particular, I had little choice but to add a letter from my
(highly qualified) mental health provider speaking to the psychological
dangers that I would face if deposed by Moglen personally and/or in his
presence. I reluctantly asked my therapist
to provide
such a letter. It was really tough for me to publicly identify who my
therapist is, but it was, again, my best option out of that catch-22. I
admittedly didn’t anticipate that Moglen might use this knowledge as a
method to further his abuse against me publicly in his response filing.

As can be seen in Moglen’s response
filing, Moglen
directly attacks my therapist’s credentials — claiming she is not
credible nor qualified. Moglen’s argument is that because my therapist
is a licensed, AASECT-certified sex therapist, she is not qualified to
diagnose PTSD. Of course, Moglen’s argument is without merit: my
therapist’s sex therapy credentials are in addition to her many other
credentials and certifications — all of which is explained on her
website that Moglen admits in his filing he has reviewed.

As I mentioned, at one time, I foolishly and erroneously considered Moglen
a good friend. As such, I told Moglen a lot about my personal life,
including that I was omni/bisexual, and that I was (at the time) closeted. So,
Moglen already knows full well the reason that I would select a therapist
who held among her credentials a certification to give therapy relating to
sexuality. Moglen’s filing is, in my view, a veiled threat to me that he’s
going to disclose publicly what he knows about my sexuality as part of this
proceeding. So, I’ve decided — after much thought — that I
should simply disarm him on this and say it first: I have identified as
bisexual/omnisexual⁶ since 1993, but I have
never been “out” in my professional community — until
now. Moglen knows full well (because I told him on more than one occasion)
that I struggled with whether or not to come out for decades. Thus, I
chose a therapist who was both qualified to give treatment for PTSD as
well as for sexual orientation challenges because I’ve lived much of
my life with internalized shame about my sexual orientation. (I was (and
still am, a bit) afraid that it would hurt my career opportunities in the
FOSS community and technology generally if I came out; more on that below.)
I was still working through these issues with my therapist when all these
recent events occurred.

Despite the serious psychological abuse I’ve suffered from Moglen, until
this recent filing, I wouldn’t have imagined that Moglen would attempt to
use the secrecy about my LGBTQIA+ status as a way to further terrorize me.
All I can think to say to Moglen in response is to quote
what Joe Welch
said to Senator Joe McCarthy on 1954-06-09: “Have you no sense of
decency, sir — at long last? Have you left no sense of
decency?”.

It’s hard to express coherently the difficult realization of the stark
political reality of our world. There are people you might meet (and/or
work for) who, if they have a policy disagreement⁸ with you later, will use
every single fact about you to their advantage to prevail in that
disagreement. There is truly no reason that Moglen needed to draw
attention to the fact that I see a therapist who specializes (in part) in
issues with sexuality. The fact that he
goes
on to further claim that the mere fact that she has such certification
makes her unqualified to treat my other mental health illness —
some of which Moglen himself (in part) personally caused — is
unconscionable. I expect that even most of my worst political rivals who
work for proprietary software companies and violate copyleft licenses on a
daily basis would not stoop as low to what Moglen has in this
situation.

At this point, I really have no choice but to come out as
omnisexual⁷ — even though I
wasn’t really ready to do so. Moglen has insisted now that my therapy has
been brought up in the proceeding,
that he
has a legal right to force me to be evaluated by a therapist of his
choosing (as if I were a criminal
defendant). Moglen
has also indicated that, during my deposition, he will interrogate me about
my therapy and my reasons for choosing this particular therapist (see, for
example, footnote 2 on page 11 (PDF-Page 27) of Moglen’s declaration in support of the
motion). Now, even if the judge grants Conservancy’s motion
to exclude Moglen from my deposition, Moglen will instruct his attorneys to
ask me those questions about my therapy and my sexual orientation —
with the obvious goal of seeking to embarrass me by forcing me to reveal
such things publicly. Like those folks who sat before McCarthy in those
HUAC
hearings, I know
that none of my
secrets will survive Moglen’s deposition. By outing myself here first,
I am, at least, disarming Moglen from attempting to use my shame about my
sexual orientation against me.

Regarding LGBTQIA+ Acceptance and FOSS

I would like to leave Moglen and his abusive behavior there, and spend the
rest of this post talking about related issues of much greater importance.
First, I want to explain why it was so difficult for me to come out in my
professional community. Being somewhat older than most folks in FOSS
today, I really need to paint the picture of the USA when my career in
technology and FOSS got started. I was in my sophomore year of my Computer
Science undergraduate program when Clinton implemented
the Don’t
ask, Don’t tell (DADT) policy for military in the USA. Now, as a
pacifist, I had no desire to join the military, but the DADT approach was
widely accepted in all areas of life.
The whole sarcastic “Not that there’s anything wrong with that
…” attitude (made famous contemporaneously to DADT on an
episode of the TV
show, Seinfeld) made it clear in culture that the world,
including those who ostensibly supported LGBTQIA+ rights, wanted queer
folks to remain, at best, “quiet and proud”, not “loud
and proud”. As a clincher, note that three years after DADT
was put in effect, overwhelming bipartisan support came forward for the
so-called
“Defense
of Marriage Act (DOMA)”. An overwhelming majority of
everyone in Congress and the Presidency (regardless of party affiliation)
was in 1996 anti-LGBTQIA+. Folks who supported and voted yes for DOMA
include: Earl Blumenauer (still a senator from my current
state), Joe Biden (now POTUS (!)), Barbara Mikulski (a
senator until 2017 from my home state), and Chuck Schumer (still Senate
majority leader today). DADT didn’t end until 2011, and
while SCOTUS
ruled parts of DOMA unconstitutional in 2015,
Congress didn’t
actually repeal DOMA until last year! Hopefully, that gives a
clear sense of what the climate for LGBTQIA+ folks was like in the 1990s,
and why I felt was terrified to be outed — even as the 1990s became
the 2000s.

I also admit that my own shame about my sexual orientation grew as I got
older and began my professional career. I “pass” as straight
— particularly in our heteronormative culture that auto-casts
everyone as cishet until proven otherwise. It was just easier to not bring
it up. Why bother, I thought? It was off-topic (so I felt), and there
were plenty of people around the tech world in the 1990s and early 2000s
who were not particularly LGBTQIA+-friendly, or who feigned that they were
but were still “weird” about it.

I do think tech in general and FOSS in particular are much more
LGBTQIA+-friendly than they once were. However, there has been a huge
anti-LGBTQIA+ backlash in certain areas of the USA in recent years, so even
as I became more comfortable with the idea of being “out”, I
also felt (and do feel) that the world has recently gotten a lot more
dangerous for LGBTQIA+ folks. Folks like Moglen who wage “total
war” against their political opponents know this, and it is precisely
why they try to cast phrases like bisexual, gay, queer, and “sex
therapist” as salacious.

Also, PTSD has this way of making you believe you’re vulnerable in every
situation. When you’re suffering from the worst of PTSD’s symptoms, you
believe that you can never be safe anywhere — ever again. But,
logically I know that I’m safe being a queer person (at least in the small
FOSS world) — for two big reasons. First, the FOSS community of
today is (in most cases) very welcoming to LGBTQIA+ folks and most of the
cishet folks in FOSS identify as LGBTQIA+ allies. Second, I sheepishly
admit that as I’ve reached my 0x32’nd year of life this year, I have a 20+
year credentialed career that has left me in a position of authority and
privilege as a FOSS leader. I gain inherent safety from my position of
power in the community to just be who I am.

While this is absolutely not the manner and time in which I wanted to come
out, I’ll try to make some proverbial lemonade out of the lemons. By now
being out as LGBTQIA+ and already being a FOSS leader, I’d like to
offer to anyone who is new to FOSS and faces fear and worry about LGBTQIA+
issues in FOSS to contact me if they think I can help. I can’t promise to
write back to everyone, but I will do my very best to try to either help or
route you to someone else in FOSS who might be able to.

Also, I want to state something in direct contrast to Moglen’s claims that
the mere fact that a therapist who is qualified for treating people with
issues related to sexual orientation is ipso facto unqualified to treat any
other mental condition. I want to share publicly how valuable it has been
for me in finding a therapist who “gets it” with regard to
living queer in the world while also suffering from other conditions (such as PTSD).
So many LGBTQIA+ youth are bullied due to their orientation, and sustained
bullying commonly causes PTSD. I think we should all be so lucky to have a
mental health provider, as I do,
that
is extensively qualified to treat the whole person and not just a
single condition or issue. We should stand against people like Moglen who,
upon seeing that someone’s therapist specializes in helping people with
their sexual orientation, would use that fact as a way to shame both the
individual and the therapist. Doing that is wrong, and people who do that
are failing to create safe spaces for the LGBTQIA+ community.

I am aghast that Moglen is trying to shame me for seeking help from a
mental health provider who could help me overcome my internalized shame
regarding my sexual orientation. I also want people to know that I did not
feel safe as a queer person when I worked for Eben Moglen at SFLC. But I
also know Moglen doesn’t represent what our FOSS community and software
freedom is about. I felt I needed to make this post not only to disarm the
power Moglen held to “out me” before I was ready, but also to
warn others that, in my opinion, Software Freedom Law Center (SFLC) as an
organization that is not a safe space for LGBTQIA+ folks.
Finally, I do know that Moglen is also a tenured professor at Columbia Law
School. I have so often worried about his students — who may, as I
did, erroneously believe they can trust Moglen with private information as
important as their LGBTQIA+ status. I simply felt I couldn’t stay silent
about my experiences in good conscience any longer.

^{0, 4}

A deposition is a form of testimony done during litigation before trial
begins. Each party in a legal dispute can subpoena witnesses. Rules vary
from venue to venue, but typically, a deposition is taken for eight hours,
and opposing attorneys can ask as many questions as they want —
including leading questions.

⁵In most
depositions, there is a time limit, but the scope of what questions
can be asked are not bounded. Somewhat strangely, one’s own lawyer
is not usually permitted to object on grounds of relevancy to the
case, so the questions can be as off-topic as the opposing counsel
wants.

³, ⁸ The
opposing attorney who asks the question is said to be “taking
the deposition”. The witness is said to be “sitting for
a deposition”. (IIUC, these are terms of art in
litigation).

^{1,

6,

7}From 1993-2018, I identified as “bisexual”. That term,
unfortunately, is, in my opinion, not friendly to non-binary people,
since the “bi” part (at least to me, I know others
disagree) assumes binary gender. The more common term used today is
“pansexual”, but, personally I prefer the term
“omnisexual” to “pansexual” for reasons that
are beyond the scope of this particular post. I am, however, not
offended if you use any of the three terms to refer to my sexual
orientation.

²Note, BTW: when
you read the docket, Judge Elgin (about 75% of the time) calls Karen
by the name “Ms. Bradley” (using my first name as if it
were Karen’s surname). It’s a bit confusing, so watch for it while
you’re reading so you don’t get confused.

⁸
Footnote added 2023-10-12, 19:00 US/Eastern: Since I
posted this about 30 hours ago, I’ve gotten so many statements of
support emailed to me that I can’t possibly respond to them all, but
I’ll try. Meanwhile, a few people have hinted at and/or outright
asked what policy disagreements Moglen actually has with me. I was
reluctant to answer because the point I’m making in this post is
that even if Moglen thought every last thing I’ve ever done
in my career was harmful policy-wise, it still would not
justify these abusive behaviors. Nevertheless, I admit that
if this post were made by someone else, I’d be curious about what the
policy disagreements were, so I decided to answer the question. I
think that my overarching policy disagreement with Eben Moglen is
with regard to how and when to engage in enforcement of the GPL and
other copyleft licenses through litigation. I think Moglen explains
this policy disagreement best
in his
talk that the Linux Foundation contemporaneously promoted (and
continues to regularly reference)
entitled “Whither (Not Wither) Copyleft”. In this
talk, Moglen states that I (among others) are “on a jihad for
free software” (his words, direct quote) because we continued
to pursue GPL enforcement through litigation. While I agree that
litigation
should still remain the last resort, I do think it remains a
necessary step often. Moglen argues that even though litigation was
needed in the past, it should never be used again for copyleft and
GPL enforcement. As Moglen outlines in his talk, he supports the
concept of “spontaneous compliance” — a system
whereby there is no regulatory regime and firms simply chose to
follow the rules of copyleft because it’s so obviously in their own
best interest. I’ve not seen this approach work in practice, which is
why I think we must still sometimes file GPL (and LGPL) lawsuits
— even today.
Moglen and I have plenty of other smaller policy disagreements: from
appropriate copyright assignment structures for FOSS, to finer points
of how GPLv3 should have been drafted, to tactics and strategy with
regard to copyleft advocacy, to how non-profits and charities should
be structured for the betterment of FOSS. However, I suspect all
these smaller policy disagreements stem from our fundamental policy
disagreement about GPL enforcement. However, I conclude by (a)
saying again no policy disagreement with anyone justifies
abusive behavior toward that person — not ever, and
(b) please do note the irony that, in that 2016-11-02 speech,
Moglen took the position that lawsuits should no longer be used to
settle disputes in FOSS, and yet — less than 10 months later
— Moglen
sued Conservancy (his former client) in the TTAB.

Eben Moglen & SFLC — abusive employer & LGBTQIA+ unfriendly

2023-10-11 Bradley M. Kuhn

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2023/10/11/moglen-sflc.html

After some complex legal back-and-forth,
Judge Elgin
ordered that I was legally required to sit for a deposition with and by
Moglen. This is the point where a catch-22 began for me.

Option 0: Sit in a room for 8+ hours with a person who had spent
years verbally abusing me and let him ask me any question he
wants⁵ —
under penalty of perjury and contempt of Court if I refuse.
Option
1: Give Conservancy’s lawyers permission to talk openly, in public
documents, about the details of the abuse I suffered from Moglen and the
psychological harm that it caused me (which is the necessary backup
document for a protective order motion).

Regarding LGBTQIA+ Acceptance and FOSS

^{0, 4}

³, ⁸ The
opposing attorney who asks the question is said to be “taking
the deposition”. The witness is said to be “sitting for
a deposition”. (IIUC, these are terms of art in
litigation).

Eben Moglen & SFLC — abusive employer & LGBTQIA+ unfriendly

2023-10-11 Bradley M. Kuhn

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2023/10/11/moglen-sflc.html

After some complex legal back-and-forth,
Judge Elgin
ordered that I was legally required to sit for a deposition with and by
Moglen. This is the point where a catch-22 began for me.

Option 0: Sit in a room for 8+ hours with a person who had spent
years verbally abusing me and let him ask me any question he
wants⁵ —
under penalty of perjury and contempt of Court if I refuse.
Option
1: Give Conservancy’s lawyers permission to talk openly, in public
documents, about the details of the abuse I suffered from Moglen and the
psychological harm that it caused me (which is the necessary backup
document for a protective order motion).

Regarding LGBTQIA+ Acceptance and FOSS

^{0, 4}

³, ⁸ The
opposing attorney who asks the question is said to be “taking
the deposition”. The witness is said to be “sitting for
a deposition”. (IIUC, these are terms of art in
litigation).

Eben Moglen & SFLC — abusive employer & LGBTQIA+ unfriendly

2023-10-11 Bradley M. Kuhn

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2023/10/11/moglen-sflc.html

After some complex legal back-and-forth,
Judge Elgin
ordered that I was legally required to sit for a deposition with and by
Moglen. This is the point where a catch-22 began for me.

Option 0: Sit in a room for 8+ hours with a person who had spent
years verbally abusing me and let him ask me any question he
wants⁵ —
under penalty of perjury and contempt of Court if I refuse.
Option
1: Give Conservancy’s lawyers permission to talk openly, in public
documents, about the details of the abuse I suffered from Moglen and the
psychological harm that it caused me (which is the necessary backup
document for a protective order motion).

Regarding LGBTQIA+ Acceptance and FOSS

^{0, 4}

³, ⁸ The
opposing attorney who asks the question is said to be “taking
the deposition”. The witness is said to be “sitting for
a deposition”. (IIUC, these are terms of art in
litigation).

Eben Moglen & SFLC — abusive employer & LGBTQIA+ unfriendly

2023-10-11 Bradley M. Kuhn

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2023/10/11/moglen-sflc.html

After some complex legal back-and-forth,
Judge Elgin
ordered that I was legally required to sit for a deposition with and by
Moglen. This is the point where a catch-22 began for me.

Option 0: Sit in a room for 8+ hours with a person who had spent
years verbally abusing me and let him ask me any question he
wants⁵ —
under penalty of perjury and contempt of Court if I refuse.
Option
1: Give Conservancy’s lawyers permission to talk openly, in public
documents, about the details of the abuse I suffered from Moglen and the
psychological harm that it caused me (which is the necessary backup
document for a protective order motion).

Regarding LGBTQIA+ Acceptance and FOSS

^{0, 4}

³, ⁸ The
opposing attorney who asks the question is said to be “taking
the deposition”. The witness is said to be “sitting for
a deposition”. (IIUC, these are terms of art in
litigation).

Eben Moglen & SFLC — abusive employer & LGBTQIA+ unfriendly

2023-10-11 Bradley M. Kuhn

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2023/10/11/moglen-sflc.html

After some complex legal back-and-forth,
Judge Elgin
ordered that I was legally required to sit for a deposition with and by
Moglen. This is the point where a catch-22 began for me.

Option 0: Sit in a room for 8+ hours with a person who had spent
years verbally abusing me and let him ask me any question he
wants⁵ —
under penalty of perjury and contempt of Court if I refuse.
Option
1: Give Conservancy’s lawyers permission to talk openly, in public
documents, about the details of the abuse I suffered from Moglen and the
psychological harm that it caused me (which is the necessary backup
document for a protective order motion).

Regarding LGBTQIA+ Acceptance and FOSS

^{0, 4}

³, ⁸ The
opposing attorney who asks the question is said to be “taking
the deposition”. The witness is said to be “sitting for
a deposition”. (IIUC, these are terms of art in
litigation).

Eben Moglen & SFLC — abusive employer & LGBTQIA+ unfriendly

2023-10-11 Bradley M. Kuhn

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2023/10/11/moglen-sflc.html

After some complex legal back-and-forth,
Judge Elgin
ordered that I was legally required to sit for a deposition with and by
Moglen. This is the point where a catch-22 began for me.

Option 0: Sit in a room for 8+ hours with a person who had spent
years verbally abusing me and let him ask me any question he
wants⁵ —
under penalty of perjury and contempt of Court if I refuse.
Option
1: Give Conservancy’s lawyers permission to talk openly, in public
documents, about the details of the abuse I suffered from Moglen and the
psychological harm that it caused me (which is the necessary backup
document for a protective order motion).

Regarding LGBTQIA+ Acceptance and FOSS

^{0, 4}

³, ⁸ The
opposing attorney who asks the question is said to be “taking
the deposition”. The witness is said to be “sitting for
a deposition”. (IIUC, these are terms of art in
litigation).

Solution overview

Prerequisites

Architecture overview

File ingestion

Data analysis

Data visualization

Create a QuickSight dataset

Performance, operational, and cost considerations

Cost

Conclusion

About the Authors

See you next time!

Solution overview

Prerequisites

Ingest data from streaming data sources to Kinesis Data Streams

Use managed Apache Zeppelin notebooks with Amazon Managed Service for Apache Flink Studio to transform the streaming data

Visualize KPIs of call center performance in near-real time through OpenSearch Dashboards

Conclusion

About the Authors

Building a microservices-based air travel search engine

Overview of the solution

Results and metrics

Conclusion

Introduction

Understanding DICOM

What Are the Exposure Risks?

Research

TCP port 104 stats

TCP port 11112 stats

Conclusion

Пешеходно движение и достъпна среда

Презастрояване

Корупция

Социални услуги

Сегрегация

„София прайд“, „Луковмарш“, футболни агитки

Туристи и чужденци

Образование

Общи впечатления от представянето на Хекимян и Терзиев

Дефицит на визионерство

Regarding LGBTQIA+ Acceptance and FOSS

Regarding LGBTQIA+ Acceptance and FOSS

Regarding LGBTQIA+ Acceptance and FOSS

Regarding LGBTQIA+ Acceptance and FOSS

Regarding LGBTQIA+ Acceptance and FOSS

Regarding LGBTQIA+ Acceptance and FOSS

Regarding LGBTQIA+ Acceptance and FOSS

The collective thoughts of the interwebz