Stenberg: Pre-notification dilemmas

Post Syndicated from original https://lwn.net/Articles/927667/

Curl maintainer Daniel Stenberg expresses
some frustrations with the vulnerability notification policies
maintained by the distros mailing list.

The week before we were about to ship the curl 8.0.0 release, I
emailed the distros mailing list again like I have done so many
times before and told them about the upcoming six(!)
vulnerabilities we were about to reveal to the world.

This time turned out to be different.

Because of our updated policy where the fixes were already
committed in a public git repository, the distros mailing list’s
policy says that if there is a public commit they consider the
issue to be public and thus they refuse to accept any embargo.

What they call embargo I of course call heads-up time.

The kernel project has run into similar
issues in the past.

What is a MCR DIMM or Multiplexer Combined Ranks DIMM

Post Syndicated from Patrick Kennedy original https://www.servethehome.com/what-is-a-mcr-dimm-or-multiplexer-combined-ranks-dimm-sk-hynix-micron-samsung-intel-amd-nvidia/

We go into what is a MCR DIMM or Multiplexer Combined Ranks DIMM and why it is important for increasing memory bandwidth in 2025 era servers

The post What is a MCR DIMM or Multiplexer Combined Ranks DIMM appeared first on ServeTheHome.

Killnet and AnonymousSudan DDoS attack Australian university websites, and threaten more attacks — here’s what to do about it

Post Syndicated from Patrick R. Donahue original https://blog.cloudflare.com/ddos-attacks-on-australian-universities/

Killnet and AnonymousSudan DDoS attack Australian university websites, and threaten more attacks — here’s what to do about it

Killnet and AnonymousSudan DDoS attack Australian university websites, and threaten more attacks — here’s what to do about it

Over the past 24 hours, Cloudflare has observed HTTP DDoS attacks targeting university websites in Australia. Universities were the first of several groups publicly targeted by the pro-Russian hacker group Killnet and their affiliate AnonymousSudan, as revealed in a recent Telegram post. The threat actors called for additional attacks against 8 universities, 10 airports, and 8 hospital websites in Australia beginning on Tuesday, March 28.

Killnet is a loosely formed group of individuals who collaborate via Telegram. Their Telegram channels provide a space for pro-Russian sympathizers to volunteer their expertise by participating in cyberattacks against western interests.

Killnet and AnonymousSudan DDoS attack Australian university websites, and threaten more attacks — here’s what to do about it
Figure: % of traffic constituting DDoS attacks for organizations in Australia

This is not the first time Cloudflare has reported on Killnet activity. On February 2,  2023 we noted in a blog that a pro-Russian hacktivist group — claiming to be part of Killnet — was targeting multiple healthcare organizations in the US. In October 2022, Killnet called to attack US airport websites, and attacked the US Treasury the following month.

As seen with past attacks from this group, these most recent attacks do not seem to be originating from a single botnet, and the attack methods and sources seem to vary, suggesting the involvement of multiple individual threat actors with varying degrees of skill.

DDoS (Distributed Denial of Service) attacks often make headlines due to their ability to disrupt critical services. Cloudflare recently announced that it had blocked the largest attack to date, which peaked at 71 million requests per second (rps) and was 54% higher than the previous record attack from June 2022.

DDoS attacks are designed to overwhelm networks with massive amounts of malicious traffic, and when executed correctly, can disrupt service or take networks offline. The size, sophistication, and frequency of attacks have been increasing over the past months.

What is Killnet and AnonymousSudan?

Killnet is not a traditional hacking group: it does not have membership, it does not have tools or infrastructure, and it does not operate for financial gain. Instead, Killnet is a space for pro-Russian “hacktivist” sympathizers to volunteer their expertise by participating in cyberattacks against western interests. This collaboration happens entirely in the open via Telegram, where anyone is welcome to join.

Killnet was formed shortly after (and likely in response to) the IT Army of Ukraine, and it emulates their tactics. Most days, administrators of the Killnet telegram channel will put out a call for volunteers to attack some particular target. Participants share many different tools and techniques for launching successful attacks, and inexperienced individuals are often coached on how to launch cyber attacks by those who are more experienced.

AnonymousSudan is another nontraditional hacking group similar to Killnet who is ostensibly composed of Sudanese “hacktivists”. The two groups have recently begun collaborating to attack various western interests.

Attackers, including from these groups, are becoming more audacious in  the size and scale of the organizations they are targeting. What this means for businesses, especially those with limited cyber resources, is an increasing threat level against vulnerable networks.

Organizations of all sizes need to be prepared for the eventuality of a significant DDoS attack against their networks. Detection and mitigation of attacks should ideally be automated as much as possible, because relying solely on humans to mitigate in real time puts attackers in the driver’s seat.

How should I protect my organization against DDoS?

Cloudflare customers are protected against DDoS attacks; our systems have been automatically detecting and mitigating the attack. Our team continues to monitor the situation and will deploy countermeasures as needed.

As an additional step of precaution, customers in the Education, Travel, and Healthcare industries are advised to follow the below recommendations.

  1. Ensure all other DDoS Managed Rules are set to default settings (High sensitivity level and mitigation actions).
  2. Enterprise customers with Advanced DDoS should consider enabling Adaptive DDoS Protection.
  3. Deploy firewall rules and rate-limiting rules to enforce a combined positive and negative security model. Reduce the traffic allowed to your website based on your known usage.
  4. Turn on Bot Fight Mode or the equivalent level (SBFM, Enterprise Bot Management) available to you.
  5. Ensure your origin is not exposed to the public Internet, i.e., only enable access to Cloudflare IP addresses.
  6. Enable caching as much as possible to reduce the strain on your origin servers, and when using Workers, avoid overwhelming your origin server with more subrequests than necessary
  7. Enable DDoS alerting.

As easy as it has become for the attackers to launch DDoS attacks, we want to make sure that it is even easier – and free – for defenders of organizations of all sizes to protect themselves against DDoS attacks of all types. We’ve been providing unmetered and unlimited DDoS protection for free to all of our customers since 2017. Cloudflare’s mission is to help build a better Internet. A better Internet is one that is more secure, faster, and reliable for everyone – even in the face of DDoS attacks.

If you’d like to learn more about key DDoS trends, download the Cloudflare DDoS Threat Report for quarterly insights.

The Security Vulnerabilities of Message Interoperability

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2023/03/the-security-vulnerabilities-of-message-interoperability.html

Jenny Blessing and Ross Anderson have evaluated the security of systems designed to allow the various Internet messaging platforms to interoperate with each other:

The Digital Markets Act ruled that users on different platforms should be able to exchange messages with each other. This opens up a real Pandora’s box. How will the networks manage keys, authenticate users, and moderate content? How much metadata will have to be shared, and how?

In our latest paper, One Protocol to Rule Them All? On Securing Interoperable Messaging, we explore the security tensions, the conflicts of interest, the usability traps, and the likely consequences for individual and institutional behaviour.

Interoperability will vastly increase the attack surface at every level in the stack ­ from the cryptography up through usability to commercial incentives and the opportunities for government interference.

It’s a good idea in theory, but will likely result in the overall security being the worst of each platform’s security.

Publish Amazon DevOps Guru Insights to ServiceNow for Incident Management

Post Syndicated from Abdullahi Olaoye original https://aws.amazon.com/blogs/devops/publish-amazon-devops-guru-insights-to-servicenow-for-incident-management/

Amazon DevOps Guru is a fully managed AIOps service that uses machine learning (ML) to quickly identify when applications are behaving outside of their normal operating patterns and generates insights from its findings. These insights generated by Amazon DevOps Guru can be used to alert on-call teams to react to anomalies for mission critical workloads. Various customers already utilize Incident management systems like ServiceNow to identify, analyze and resolve critical incidents which could impact business operations. ServiceNow is an IT Service Management (ITSM) platform that enables enterprise organizations to improve operational efficiencies. Among its products is Incident Management which provides a single pane view to customers and allows customers restore services and resolve issues quickly.

This blog post will show you how to integrate Amazon DevOps Guru insights with ServiceNow to automatically create and manage Incidents. We will demonstrate how an insight generated by Amazon DevOps Guru for an anomaly can automatically create a ServiceNow Incident, update the incident when there are new anomalies or recommendations from Amazon DevOps Guru, and close the ServiceNow Incident once the insight is resolved by Amazon DevOps Guru.

Overview of solution

This solution uses a combination of event driven architecture and Serverless technologies, to integrate DevOps Guru insights with ServiceNow. When an Amazon DevOps Guru insight is created, an Amazon EventBridge rule is used to capture the insight as an event and routed to an AWS Lambda Function target. The lambda function interacts with ServiceNow using a REST API to create, update and close an incident for corresponding DevOps Guru events captured by EventBridge.

The EventBridge rule can be customized to capture all DevOps Guru insights or narrowed down to specific insights. In this blog, we will be capturing all DevOps Guru insights and will be performing actions on ServiceNow for the below DevOps Guru events:

  • DevOps Guru New Insight Open
  • DevOps Guru New Anomaly Association
  • DevOps Guru Insight Severity Upgraded
  • DevOps Guru New Recommendation Created
  • DevOps Guru Insight Closed

    Serverless architecture where Amazon EventBridge receives Amazon DevOps Guru insights and using Lambda function transforms and posts to ServiceNow REST API to create, update, and resolve incidents

    Figure 1: Amazon DevOps Guru Integration with ServiceNow using Amazon EventBridge and AWS Lambda

Solution Implementation Steps

Prerequisites

Before you deploy the solution and proceed with this walkthrough, you should have the following prerequisites:

  • Gather the hostname for your ServiceNow cloud instance. If you do not have a ServiceNow instance, you can request a developer instance through the ServiceNow Developer page.
  • Gather the credentials of a ServiceNow user who has permissions to make REST API calls to ServiceNow, specifically to the Table API. If you don’t have a user provisioned, you can create one by following the steps in Getting started with the REST API in the ServiceNow documentation.
  • Create a secret in Secrets Manager to store the ServiceNow credentials created in previous step. You can choose any name for the secret but it should have two key/value pairs, one for username and other for password.
  • Enable DevOps Guru for your applications by following these steps or you can follow this blog to deploy a sample serverless application that can be used to generate DevOps Guru insights for anomalies detected in the application.
  • Install and set up SAM CLI – Install the SAM CLI
  • Download and set up Java. The version should be matching to the runtime that you defined in the SAM template.yaml Serverless function configuration – Install the Java SE Development Kit 11
  • Maven – Install Maven
  • Docker – Install Docker community edition

You have two options to deploy this solution, one options is to deploy from the AWS Serverless Repository and other from the Command Line Interface (CLI).

Option 1: Deploy sample ServiceNow Connector App from AWS Serverless Repository

The DevOps Guru ServiceNow Connector application is available in the AWS Serverless Application Repository which is a managed repository for serverless applications. The application is packaged with an AWS Serverless Application Model (SAM) template, definition of the AWS resources used and the link to the source code. Follow the steps below to quickly deploy this serverless application in your AWS account.

Follow the steps below to quickly deploy this serverless application in your AWS account:

  • Login to the AWS management console of the account to which you plan to deploy this solution.
  • Go to the DevOps Guru ServiceNow Connector application in the AWS Serverless Repository and click on “Deploy”.

    DevOps Guru ServiceNow Connector application page on the AWS Serverless Application Repository with the Deploy button to quickly deploy this solution to your AWS account.

    Figure 2: Deploy solution through AWS Serverless Repository

  • The Lambda application deployment screen will be displayed where you can enter the ServiceNow hostname (do not include the https prefix) and the Secret Name you created in the prerequisite steps. Click on the ‘Deploy’ button.

    Lambda Application Deployment page to enter the ServiceNow hostname and Secret name needed for interacting with your ServiceNow instance before deploying the solution.

    Figure 3: AWS Lambda Application Settings

  • After successful deployment the AWS Lambda Application page will display the “Create complete” status for the serverlessrepo-DevOps-Guru-ServiceNow-Connector application. The CloudFormation template creates four resources:
    1. Lambda function which has the logic to integrate to the ServiceNow
    2. Event Bridge rule for the DevOps Guru Insights
    3. Lambda permission
    4. IAM role
  • 5.     Now you can skip Option 2 and follow the steps in the “Test the Solution” section to trigger some DevOps Guru insights and validate that the incidents are created and updated in ServiceNow.

Option 2: Build and Deploy sample ServiceNow Connector App using AWS SAM Command Line Interface

As you have seen above, you can directly deploy the sample serverless application from the Serverless Repository with one click deployment. Alternatively, you can choose to clone the github source repository and deploy using the SAM CLI from your terminal.

The Serverless Application Model Command Line Interface (SAM CLI) is an extension of the AWS CLI that adds functionality for building and testing serverless applications. The CLI provides commands that enable you to verify that AWS SAM template files are written according to the specification, invoke Lambda functions locally, step-through debug Lambda functions, package and deploy serverless applications to the AWS Cloud, and so on. For details about how to use the AWS SAM CLI, including the full AWS SAM CLI Command Reference, see AWS SAM reference – AWS Serverless Application Model.

Before you proceed, make sure you have completed the Prerequisites section in the beginning which should set up the AWS SAM CLI, Maven and Java on your local terminal. You also need to install and set up Docker to run your functions in an Amazon Linux environment that matches Lambda.

Follow the steps below to build and deploy this serverless application using AWS SAM CLI in your AWS account:

  • Clone the source code from the github repo
$ git clone https://github.com/aws-samples/amazon-devops-guru-connector-servicenow.git
  • Before you build the resources defined in the SAM template, you can use the below validate command which will run cfn-lint validations on your SAM JSON/YAML template
$ sam validate –-lint --template template.yaml

3.     Build the application with SAM CLI

$ cd amazon-devops-guru-connector-servicenow
$ sam build

If everything is set up correctly, you should have a success message like shown below:

Build Succeeded

Built Artifacts : .aws-sam/build
Built Template : .aws-sam/build/template.yaml

Commands you can use next
=========================
[*] Validate SAM template: sam validate
[*] Invoke Function: sam local invoke
[*] Test Function in the Cloud: sam sync --stack-name {{stack-name}} --watch
[*] Deploy: sam deploy –guided

4.  Deploy the application with SAM CLI

$ sam deploy –-guided

This command will package and deploy your application to AWS, with a series of prompts that you should respond to as shown below:

  • Stack Name: The name of the stack to deploy to CloudFormation. This should be unique to your account and region, and a good starting point would be something matching your project name – amazon-devops-guru-connector-servicenow
  • AWS Region: The AWS region you want to deploy your application to.
  • Parameter ServiceNowHost []: The ServiceNow host name/instance URL you set up. Example: dev92031.service-now.com
  • Parameter SecretName []: The secret name that you set up for ServiceNow credentials in the Prerequisites.
  • Confirm changes before deploy: If set to yes, any change sets will be shown to you before execution for manual review. If set to no, the AWS SAM CLI will automatically deploy application changes.
  • Allow SAM CLI IAM role creation: Many AWS SAM templates, including this example, create AWS IAM roles required for the AWS Lambda function(s) included to access AWS services. By default, these are scoped down to minimum required permissions. To deploy an AWS CloudFormation stack which creates or modifies IAM roles, the CAPABILITY_IAM value for capabilities must be provided. If permission isn’t provided through this prompt, to deploy this example you must explicitly pass --capabilities CAPABILITY_IAM to the sam deploy command.
  • Disable rollback [y/N]: If set to Y, preserves the state of previously provisioned resources when an operation fails.
  • Save arguments to configuration file (samconfig.toml): If set to yes, your choices will be saved to a configuration file inside the project, so that in the future you can just re-run sam deploy without parameters to deploy changes to your application.

After you enter your parameters, you should see something like this if you have provided Y to view and confirm ChangeSets. Proceed here by providing ‘Y’ for deploying the resources.

Initiating deployment
=====================
Uploading to amazon-devops-guru-connector-servicenow/46bb4841f8f37fd41d3f40f86f31c4d7.template 1918 / 1918 (100.00%)

Waiting for changeset to be created..
CloudFormation stack changeset
-----------------------------------------------------------------------------------------------------------------------------------------------------
Operation LogicalResourceId ResourceType Replacement
-----------------------------------------------------------------------------------------------------------------------------------------------------
+ Add FunctionsDevOpsGuruPermission AWS::Lambda::Permission N/A
+ Add FunctionsDevOpsGuru AWS::Events::Rule N/A
+ Add FunctionsRole AWS::IAM::Role N/A
+ Add Functions AWS::Lambda::Function N/A
-----------------------------------------------------------------------------------------------------------------------------------------------------

Changeset created successfully. arn:aws:cloudformation:us-east-1:123456789012:changeSet/samcli-deploy1669232233/7c97b7f5-369d-400d-89cd-ebabefaa0b57

Previewing CloudFormation changeset before deployment
======================================================
Deploy this changeset? [y/N]:

Once the deployment succeeds, you should be able to see the successful creation of your resources

CloudFormation events from stack operations (refresh every 0.5 seconds)
-----------------------------------------------------------------------------------------------------------------------------------------------------
ResourceStatus ResourceType LogicalResourceId ResourceStatusReason
-----------------------------------------------------------------------------------------------------------------------------------------------------
CREATE_IN_PROGRESS AWS::CloudFormation::Stack amazon-devops-guru-connector- User Initiated
servicenow
CREATE_IN_PROGRESS AWS::IAM::Role FunctionsRole -
CREATE_IN_PROGRESS AWS::IAM::Role FunctionsRole Resource creation Initiated
CREATE_COMPLETE AWS::IAM::Role FunctionsRole -
CREATE_IN_PROGRESS AWS::Lambda::Function Functions -
CREATE_IN_PROGRESS AWS::Lambda::Function Functions Resource creation Initiated
CREATE_COMPLETE AWS::Lambda::Function Functions -
CREATE_IN_PROGRESS AWS::Events::Rule FunctionsDevOpsGuru -
CREATE_IN_PROGRESS AWS::Events::Rule FunctionsDevOpsGuru Resource creation Initiated
CREATE_COMPLETE AWS::Events::Rule FunctionsDevOpsGuru -
CREATE_IN_PROGRESS AWS::Lambda::Permission FunctionsDevOpsGuruPermission -
CREATE_IN_PROGRESS AWS::Lambda::Permission FunctionsDevOpsGuruPermission Resource creation Initiated
CREATE_COMPLETE AWS::Lambda::Permission FunctionsDevOpsGuruPermission -
CREATE_COMPLETE AWS::CloudFormation::Stack amazon-devops-guru-connector- -
servicenow
-----------------------------------------------------------------------------------------------------------------------------------------------------

Successfully created/updated stack - amazon-devops-guru-connector-servicenow in us-east-1

You can also use the below command to list the resources deployed by passing in the stack name.

$ sam list resources --stack-name amazon-devops-guru-connector-servicenow

You can also choose to test and debug your function locally with sample events using the SAM CLI local functionality. Test a single function by invoking it directly with a test event. An event is a JSON document that represents the input that the function receives from the event source. Refer the Invoking Lambda functions locally – AWS Serverless Application Model link here for more details.

Follow the below steps for testing the lambda with the SAM CLI local. You have to create an env.json file with the correct values for your ServiceNow Host and SecretManager secret name that was created in the previous step.

  • Make sure you have created the AWS Secrets Manager secret with the desired name as mentioned in the prerequisites, which should be used here for SECRET_NAME.
  • Create env.json as below, by replacing the values for SERVICE_NOW_HOST and SECRET_NAME with your real value. These will be set as the local Lambda execution environment variables.
{"Parameters": {"SERVICE_NOW_HOST": "SNOW_HOST","SECRET_NAME": "SNOW_CREDS"}}
  • Run the command below to validate locally that with a sample DevOps Guru payload, to trigger Lambda locally and invoke. Remember for this to work, you should have Docker instance running and also the Secret Name created in your AWS account.
$ sam local invoke Functions --event Functions/src/test/Events/CreateIncident.json --env-vars Functions/src/test/Events/env.json

Once you are done with the above steps, move on to “Test the Solution” section below to trigger sample DevOps Guru insights and validate that the incidents are created and updated in ServiceNow.

Test the Solution

To test the solution, we will simulate a DevOps Guru insight. You can also simulate an insight by following the steps in this blog. After an anomaly is detected in the application, DevOps Guru creates an insight as seen below.

Sample DevOps Guru insights page with anomalous behavior of DynamoDB ThrottledRequests from the application deployed with the workshop link.

Figure 4: DevOps Guru Insight created for anomalous behavior

For the DevOps Guru insight shown above, a corresponding incident is automatically created on ServiceNow as shown below. In addition to the incident creation, any new anomalies and recommendations from DevOps Guru is also associated with the incident.

ServiceNow incident detail page with the DevOps Guru insight information.

Figure 5: Corresponding ServiceNow Incident is created for the DevOps Guru Insight

When the anomalous behavior that generated the DevOps Guru insight is resolved, DevOps Guru automatically closes the insight. The corresponding ServiceNow incident that was created for the insight is also closed as seen below

ServiceNow incident Notes section showing Incident as resolved due to the insight being closed in Amazon DevOps Guru.

Figure 6: ServiceNow Incident created for DevOps Guru Insight is resolved due to insight closure

Cleaning up

To avoid incurring future charges, delete the resources.

To delete the sample application that you created, use the AWS CLI command below and pass the stack name you provided in the sam deploy step.

$ aws cloudformation delete-stack --stack-name amazon-devops-guru-connector-servicenow

You could also use the AWS CloudFormation Console to delete the stack:

AWS CloudFormation console with Delete option to clean up the deployed stack.

Figure 7: AWS Stack Console with Delete action

Conclusion

This blog post showcased how DevOps Guru continuously monitor resources in a particular region in your AWS account and automatically detects operational issues, predicts impending resource exhaustion, details likely cause, and recommends remediation actions. This post described a custom solution using serverless integration pattern with AWS Lambda and Amazon EventBridge which enabled integration of the DevOps Guru insights with customer’s most popular ITSM and Change management tool ServiceNow thus streamlining the Service Management governance and oversight over AWS services. Using this solution helps Customer’s with ServiceNow to improve their operational efficiencies, and get customized insights and real time incident alerts and management directly from DevOps Guru which provides a single pane of glass to restore services and systems quickly.

This solution was created to help customers who already use ServiceNow Incident Management, if you are already using Incident Manager from AWS Systems Manager, check out how that works with Amazon DevOps Guru here.

To learn more about Amazon DevOps Guru, join us for a free hands-on Immersion Day. Events are virtual and hosted at three global time zones. Register here: April 12th.

About the authors:

Abdullahi Olaoye

Abdullahi is a Senior Cloud Infrastructure Architect at AWS Professional Services where he works with enterprise customers to design and build cloud solutions that solve business challenges. When he’s not working, he enjoys travelling, watching documentaries and listening to history podcasts.

Sreenivas Ganesan

Sreenivas Ganesan is a Sr. DevOps Consultant at AWS experienced in architecting and delivering modernized DevOps solutions for enterprise customers in their journey to AWS Cloud, primarily focused on Infrastructure automation, Security and Compliance, Management and Governance, Provisioning and Orchestration. Outside of work, he enjoys watching new TV series, soccer and spending time with his family outdoors.

Mohan Udyavar

Mohan Udyavar is a Principal Technical Account Manager in the Enterprise Support organization of AWS advising customers in successfully migrating and operating their workloads on AWS. He is primarily focused on the Automotive industry providing prescriptive guidance to customers helping them improve the resilience and operational excellence posture of mission-critical applications. Outside of work, he loves cooking and working on tech projects with his son.

Разследване на Валя Ахчиева Търговия със смърт?

Post Syndicated from Екип на Биволъ original https://bivol.bg/targovia-sas-smart.html

вторник 28 март 2023


Един пациент с онкологично заболяване, започнал най-напред лечението си в чужбина, с лекарствения продукт Keytruda, а след това продължил терапията си в България, в една болница, забелязал през последните месеци,…

Active Exploitation of IBM Aspera Faspex CVE-2022-47986

Post Syndicated from Caitlin Condon original https://blog.rapid7.com/2023/03/28/etr-active-exploitation-of-ibm-aspera-faspex-cve-2022-47986/

Active Exploitation of IBM Aspera Faspex CVE-2022-47986

Emergent threats evolve quickly, and as we learn more about this vulnerability, this blog post will evolve, too.

On January 26, 2023, IBM published an advisory for multiple security issues affecting its Aspera Faspex software. The most critical of these was CVE-2022-47986, which is a pre-authentication YAML deserialization vulnerability in Ruby on Rails code. The vulnerability carries a CVSS score of 9.8.

Vulnerability details and working proof-of-concept code have been available since February, and there have been multiple reports of exploitation since then, including the vulnerability’s use in the IceFire ransomware campaign. Rapid7 vulnerability researchers published a full analysis of CVE-2022-47986 in AttackerKB in February 2023.

Rapid7 is aware of at least one recent incident where a customer was compromised via CVE-2022-47986. In light of active exploitation and the fact that Aspera Faspex is typically installed on the network perimeter, we strongly recommend patching on an emergency basis, without waiting for a typical patch cycle to occur.

According to IBM, affected products include Aspera Faspex 4.4.2 Patch Level 1 and below. CVE-2022-47986 is remediated in 4.4.2 Patch Level 2.

Logfiles can be found in the folder /opt/aspera/faspex/log by default. Entries related to PackageRelayController#relay_package should be considered suspicious. See AttackerKB for additional in-depth technical analysis.

Rapid7 customers

InsightVM and Nexpose customers can assess their exposure to CVE-2022-47986 with an authenticated vulnerability check available as of the February 17, 2023 content release. A remote vulnerability check was released on February 27, 2023. Accuracy improvements to both checks were released March 28, 2023.

На Западния бряг нищо ново?

Post Syndicated from Мирослав Зафиров original https://www.toest.bg/na-zapadniya-bryag-nishto-novo/

Това, което виждаме днес, е пълзяща интифада. За разлика от предишните две, тя няма изявени лидери, не е дори толкова идеологическа, колкото съпротива на младото поколение срещу статуквото и липсата на политически хоризонт през последните 30 години. Организиралите се в Наблус, Дженин и Хеброн дори нямат толкова сериозно отношение към големите военни терористични фракции. Чрез социалните медии те се организират, самоиндуцират и изправят срещу Израел.

На Западния бряг нищо ново?

Думите са на високопоставен израелски представител по време на една от многото срещи, чиято задача е да обсъди и избере стратегия за изход от влошаващата се ситуация на Западния бряг на река Йордан. 75 години след началото на конфликта между Израел и палестинците и 30 години след Споразуменията от Осло, процесът за мир е в най-ниската си точка, без особени перспективи за намиране на компромис. Такъв в момента е почти невъзможен.

Стар конфликт – ново правителство

Кризата в палестинската власт, съчетана с неотстъпчивостта на Израел по отношение на основните въпроси, свързани с конфликта, стигна своя апогей с активизирането на бойните групи в ключови градове и бежански лагери на Западния бряг, но и с встъпването в длъжност на новото правителство на Бенямин Нетаняху.

Сред членовете на новия кабинет има министри, чиято биография буди доста въпроси сред мнозина. Номинациите за министри на Безалел Смотрич и Итамар Бен Гвир, които принадлежат към крайнодесния спектър в Израел, будят най-много съображения. ЕС и дори САЩ заявиха мнението си за състава на кабинета, като според слуховете Вашингтон дори е посочил, че двамата коалиционни министри не следва да заемат определени министерски кресла. Новите политици, както ги наричат в Израел, имат свое виждане за баланса на силите в Източен Йерусалим, за статуквото на джамията „Ал Акса“, както и за съдбата на израелските селища, разположени дълбоко в палестинските територии.

Действията и изявленията на Смотрич и Бен Гвир накараха радикалните фракции, начело с „Хамас“, да предупредят за последиците от управлението на кабинета „Нетаняху“. Преди дни  Маруан Иса, вторият човек във военното крило на „Хамас“, заяви в съобщение за медиите, че политическите опити за решаване на напрежението на Западния бряг са приключили и остава пътят на войната. За последен път лидер на военното крило „Ал Кассам“ се обърна към медиите през май 2021 г., часове преди началото на последния конфликт, продължил 11 дни.

Водени от принципа „Това търсехте – това получихте“, и „Хамас“, и „Ислямски джихад“ видимо увеличават своята активност на Западния бряг, която, съчетана с твърдите мерки на израелската армия и полиция, доведе до най-големия брой загинали в конфликта от 15 години насам. От началото на 2023 г. до момента 82 израелски и палестински граждани са намерили смъртта си.

Горещи точки

Наред с вече посочените бойни групи, като например „Леговището на лъва“ в Наблус, сред центровете на напрежение е и бежанският лагер в Дженин. Той е под контрола на „Хамас“, „Ислямски джихад“ и Националния фронт за освобождение на Палестина. Оръжието, за което се знае, че се намира в лагера и околните селища, е достатъчно за продължителна съпротива. Опитът на израелската армия и граничната полиция да проведат няколко операции в Дженин и Наблус срещу въоръжените групи доведе до десетки загинали. Само в Дженин за ден загинаха 11 въоръжени палестинци и един цивилен. Размяната на удари продължи с атентата в сърцето на Тел Авив, при който загинаха двама израелци, докато инцидентите около Наблус и Дженин са вече част от ежедневната хроника. Няма основание да смятаме, че насилието ще затихне.

Ключов елемент от описвания пъзел е състоянието на Палестинската автономна власт (ПАВ). Създадена преди 30 години със Споразуменията в Осло, тя е институцията, която трябваше да изведе палестинците до независима държава. Три десетилетия по-късно властта в Рамалла, както и самата идея за два народа – две държави е в пагубно състояние.

Мнозина се питат какво следва, ако президентът Махмуд Абас слезе от политическата сцена, но малко са онези, които имат хипотеза и план. Връзка между Рамалла и голяма част от палестинското население, което в мнозинството си е под 35 години, почти не съществува. Това е и една от причините за ръста на новопоявилите се групи на Западния бряг – в условията на изтляваща легитимност палестинските сили за сигурност на практика абдикираха от задълженията си. Това доведе до решението на Израел да активизира своите операции, което пък от своя страна даде поле за изява на фракции като „Хамас“ и „Ислямски джихад“ да задействат силите си в обсъжданите горещи точки на Западния бряг.

Палестинската полиция, силите за сигурност и разузнаването все по-рядко са в състояние, а и все по-рядко са готови да се сблъскат лице в лице с палестинското население. Те са обвинявани, че обслужват интересите на Израел, като остават верни на координацията в сферата на сигурността, съществуваща между двете страни по силата на Споразуменията от Осло. В социалните медии силите за сигурност често са наричани „предатели“ и „колаборационисти“.

Процесът „Акаба“

В опит да прекъсне вълната от насилие и да възстанови усещането за диалог между Израел и палестинската власт, преди месец започна т.нар. процес „Акаба“ под егидата на Йордания, САЩ и Египет. На завършилата току-що втора среща от инициативата, провела се в египетския курорт Шарм ел Шейх, двете страни се споразумяха да заявят, че са в съгласие, но конкретните измерения на водените преговори засега остават неясни въпреки финалното комюнике от срещата. Властта в Рамалла дефинира като свой основен проблем тежката финансова криза, в която се намира. Палестинската страна, която не може да се надява на финансова подкрепа от Аман или Кайро, очаква от Израел конкретни стъпки, в резултат на които да бъдат освободени финансови средства за палестинския бюджет.

По силата на Парижкия протокол след Споразумението от Осло Израел и палестинската власт споделят отговорности за палестинския бюджет. Значителни суми към днешна дата не са изплатени. Предстои да се намери решение между страните по стария спор за плащанията, които Рамалла прави на семействата на загинали във военни операции срещу Израел или на лица, намиращи се в затвора (т.нар. pay for slay). Израел предприе особено твърди действия срещу тези плащания, смятайки ги за предназначени за терористи. В отговор на тази мярка, определяна като социална в Палестина, Израел също удържа около 100 млн. шекела (около 27 млн. долара) годишно от бюджетните плащания към ПАВ. Една от причините, поради които и САЩ не прави директни плащания на палестинската власт, е именно тази т.нар. социална програма.

Дали процесът „Акаба“ ще проработи, ще видим в следващите дни и седмици, тъй като предстои периодът на религиозните празници за мюсюлмани и евреи. Никой не е готов за повторение на сценария от май 2021 г., когато в продължение на 11 дни светът очакваше да види дали интензивната размяна на ракетни удари между Израел и „Хамас“ няма да прерасне в пълномащабна война.

„Хамас“ и „Ислямски джихад“

Независимо от войнствения си наратив, и „Хамас“, и „Ислямски джихад“ са по-скоро внимателни в действията си към момента. В поредица от срещи с представители на всяка от двете групировки се изразяват опасения от крайнодясното израелско правителство, но за момента не се призовава открито към интифада. Фракциите са изправени пред няколко важни решения, които ще определят съществуването им за години напред.

Особено за „Хамас“ военен конфликт с Израел би коствал усилия и средства, които движението не е готово да жертва в момента. Неговите лидери, намиращи се в Газа и някои градове в Близкия изток, изглежда, смятат, че стратегията на поддържане на напрежението чрез отделни операции на Западния бряг и за сметка на спонтанни случаи на насилие засега обслужва интереса на „Хамас“. След май 2021 г. движението насочи и немалко усилия в пропагандата си спрямо т.нар. израелски араби, или арабите от 1948 г. (става дума за арабското население на Израел, получило гражданство след 1948 г. – б.а.).

„Хамас“ акцентира върху статута на това население и зависимостта му от еврейското мнозинство, а с назначаването на новото правителство със Смотрич и Бен Гвир в редиците му, откровено говори за Израел като за държава, провеждаща апартейд. Единствено при много сериозна ескалация около джамията „Ал Акса“ и в случай на откровени провокации от страна на заселниците може да очакваме повторение на сценарий като този от средата на 2021 г.

„Хамас“ и „Ислямски джихад“, подобно на идеологическия си съперник – партията „Фатах“ на президента Абас, също имат вътрешни противоречия. Ако изборите за ново ръководство в „Ислямски джихад“ преминаха относително спокойно и без особени изненади, то тези в „Хамас“ предстоят и се очакват с нетърпение. Трима са основните претенденти за лидер на движението, като поне един от тях има особено силно влияние на Западния бряг и би могъл да го използва, за да разпали действия, които са отвъд революционната риторика.

Контактите на двете движения на Западния бряг и в Газа, както и в бежанските лагери в Йордания, Сирия и Ливан са добре известни, влиянието им – също, но дори при тези условия лидерите им си дават сметка за появилата се нова сила сред младото палестинско поколение. Макар да е известно, че поддържат контакти с по-големите си събратя, за момента бойните групи, подобни на „Леговището на лъва“, не желаят и не се асоциират идеологически или организационно с „Хамас“ или „Ислямски джихад“. Въпреки опитите на двете движения да намерят път към сърцето на новите групи, засега те остават по-скоро самостоятелни.

Не на последно място, и двете военни фракции внимателно наблюдават случващото се в региона. Споразумението между Иран и Саудитска Арабия за възобновяване на дипломатическите отношения е от особена важност, тъй като Техеран е основен съюзник и поддръжник на палестинските радикални движения. След затоплянето на отношенията между Израел и Турция Анкара ограничи свободата на пребиваване на лидерите на „Хамас“ на своя територия, което допълнително затруднява тяхното движение, след като и Ливан изрази своите съображения относно действията им в бежанските лагери. Опитите за сближаване между „Хамас“ и Сирия засега също не са успешни, въпреки приповдигнатия тон на някои медийни публикации.

Смяна на подхода

Сцената на конфликта между Израел и Палестина остава особено сложна и зависима от множество фактори, които определят поведението на страните и на регионалните сили, заети в търсене на решение. Посочената по-горе комбинация от нестабилност, криза на сигурността, финансова и икономическа стагнация и социално недоволство не позволява да се прогнозира възможен по-нататъшен сценарий с голяма доза сигурност. В условията на война в Украйна и задълбочаваща се поляризация в световен мащаб принципите на международните отношения и право са изложени на сериозен стрес тест.

В конкретния случай с кризата в близкоизточния мирен процес вече сме свидетели на промяна на подхода, като на мястото на установените механизми се появяват нови. Вместо блокирания „Квартет“, съществуващ с мандата на ООН, се появяват предложения за на т.нар. Мюнхенски формат (Германия, Франция, Йордания, Египет), а сега и за процеса „Акаба“. В условията на отсъстваща алтернатива, базирана на международното право и отчитаща интересите на страните в конфликта, свободата на интерпретация носи опасност от последици. Завръщането към установените принципи на диалог или тяхното преформулиране в рамките на Съвета за сигурност на ООН би съхранило традиционния подход за решаване на кризи, като остави настрани желанието за непременна импровизация. Цената на подобни импровизации в контекста на обсъждания конфликт обикновено се плаща с живота на много хора.

Заглавна снимка: Джамията „Ал Акса“. Източник: Dave Herring / Unsplash

Implement slowly changing dimensions in a data lake using AWS Glue and Delta

Post Syndicated from Nith Govindasivan original https://aws.amazon.com/blogs/big-data/implement-slowly-changing-dimensions-in-a-data-lake-using-aws-glue-and-delta/

In a data warehouse, a dimension is a structure that categorizes facts and measures in order to enable users to answer business questions. To illustrate an example, in a typical sales domain, customer, time or product are dimensions and sales transactions is a fact. Attributes within the dimension can change over time—a customer can change their address, an employee can move from a contractor position to a full-time position, or a product can have multiple revisions to it. A slowly changing dimension (SCD) is a data warehousing concept that contains relatively static data that can change slowly over a period of time. There are three major types of SCDs maintained in data warehousing: Type 1 (no history), Type 2 (full history), and Type 3 (limited history). Change data capture (CDC) is a characteristic of a database that provides an ability to identify the data that changed between two database loads, so that an action can be performed on the changed data.

As organizations across the globe are modernizing their data platforms with data lakes on Amazon Simple Storage Service (Amazon S3), handling SCDs in data lakes can be challenging. It becomes even more challenging when source systems don’t provide a mechanism to identify the changed data for processing within the data lake and makes the data processing highly complex if the data source happens to be semi-structured instead of a database. The key objective while handling Type 2 SCDs is to define the start and end dates to the dataset accurately to track the changes within the data lake, because this provides the point-in-time reporting capability for the consuming applications.

In this post, we focus on demonstrating how to identify the changed data for a semi-structured source (JSON) and capture the full historical data changes (SCD Type 2) and store them in an S3 data lake, using AWS Glue and open data lake format Delta.io. This implementation supports the following use cases:

  • Track Type 2 SCDs with start and end dates to identify the current and full historical records and a flag to identify the deleted records in the data lake (logical deletes)
  • Use consumption tools such as Amazon Athena to query historical records seamlessly

Solution overview

This post demonstrates the solution with an end-to-end use case using a sample employee dataset. The dataset represents employee details such as ID, name, address, phone number, contractor or not, and more. To demonstrate the SCD implementation, consider the following assumptions:

  • The data engineering team receives daily files that are full snapshots of records and don’t contain any mechanism to identify source record changes
  • The team is tasked with implementing SCD Type 2 functionality for identifying new, updated, and deleted records from the source, and to preserve the historical changes in the data lake
  • Because the source systems don’t provide the CDC capability, a mechanism needs to be developed to identify the new, updated, and deleted records and persist them in the data lake layer

The architecture is implemented as follows:

  • Source systems ingest files in the S3 landing bucket (this step is mimicked by generating the sample records using the provided AWS Lambda function into the landing bucket)
  • An AWS Glue job (Delta job) picks the source data file and processes the changed data from the previous file load (new inserts, updates to the existing records, and deleted records from the source) into the S3 data lake (processed layer bucket)
  • The architecture uses the open data lake format (Delta), and builds the S3 data lake as a Delta Lake, which is mutable, because the new changes can be updated, new inserts can be appended, and source deletions can be identified accurately and marked with a delete_flag value
  • An AWS Glue crawler catalogs the data, which can be queried by Athena

The following diagram illustrates our architecture.

Prerequisites

Before you get started, make sure you have the following prerequisites:

Deploy the solution

For this solution, we provide a CloudFormation template that sets up the services included in the architecture, to enable repeatable deployments. This template creates the following resources:

  • Two S3 buckets: a landing bucket for storing sample employee data and a processed layer bucket for the mutable data lake (Delta Lake)
  • A Lambda function to generate sample records
  • An AWS Glue extract, transform, and load (ETL) job to process the source data from the landing bucket to the processed bucket

To deploy the solution, complete the following steps:

  1. Choose Launch Stack to launch the CloudFormation stack:

  1. Enter a stack name.
  2. Select I acknowledge that AWS CloudFormation might create IAM resources with custom names.
  3. Choose Create stack.

After the CloudFormation stack deployment is complete, navigate to AWS CloudFormation console to note the following resources on the Outputs tab:

  • Data lake resources – The S3 buckets scd-blog-landing-xxxx and scd-blog-processed-xxxx (referred to as scd-blog-landing and scd-blog-processed in the subsequent sections in this post)
  • Sample records generator Lambda functionSampleDataGenaratorLambda-<CloudFormation Stack Name> (referred to as SampleDataGeneratorLambda)
  • AWS Glue Data Catalog databasedeltalake_xxxxxx (referred to as deltalake)
  • AWS Glue Delta job<CloudFormation-Stack-Name>-src-to-processed (referred to as src-to-processed)

Note that deploying the CloudFormation stack in your account incurs AWS usage charges.

Test SCD Type 2 implementation

With the infrastructure in place, you’re ready to test out the overall solution design and query historical records from the employee dataset. This post is designed to be implemented for a real customer use case, where you get full snapshot data on a daily basis. We test the following aspects of SCD implementation:

  • Run an AWS Glue job for the initial load
  • Simulate a scenario where there are no changes to the source
  • Simulate insert, update, and delete scenarios by adding new records, and modifying and deleting existing records
  • Simulate a scenario where the deleted record comes back as a new insert

Generate a sample employee dataset

To test the solution, and before you can start your initial data ingestion, the data source needs to be identified. To simplify that step, a Lambda function has been deployed in the CloudFormation stack you just deployed.

Open the function and configure a test event, with the default hello-world template event JSON as seen in the following screenshot. Provide an event name without any changes to the template and save the test event.

Choose Test to invoke a test event, which invokes the Lambda function to generate the sample records.

When the Lambda function completes its invocation, you will be able to see the following sample employee dataset in the landing bucket.

Run the AWS Glue job

Confirm if you see the employee dataset in the path s3://scd-blog-landing/dataset/employee/. You can download the dataset and open it in a code editor such as VS Code. The following is an example of the dataset:

{"emp_id":1,"first_name":"Melissa","last_name":"Parks","Address":"19892 Williamson Causeway Suite 737\nKarenborough, IN 11372","phone_number":"001-372-612-0684","isContractor":false}
{"emp_id":2,"first_name":"Laura","last_name":"Delgado","Address":"93922 Rachel Parkways Suite 717\nKaylaville, GA 87563","phone_number":"001-759-461-3454x80784","isContractor":false}
{"emp_id":3,"first_name":"Luis","last_name":"Barnes","Address":"32386 Rojas Springs\nDicksonchester, DE 05474","phone_number":"127-420-4928","isContractor":false}
{"emp_id":4,"first_name":"Jonathan","last_name":"Wilson","Address":"682 Pace Springs Apt. 011\nNew Wendy, GA 34212","phone_number":"761.925.0827","isContractor":true}
{"emp_id":5,"first_name":"Kelly","last_name":"Gomez","Address":"4780 Johnson Tunnel\nMichaelland, WI 22423","phone_number":"+1-303-418-4571","isContractor":false}
{"emp_id":6,"first_name":"Robert","last_name":"Smith","Address":"04171 Mitchell Springs Suite 748\nNorth Juliaview, CT 87333","phone_number":"261-155-3071x3915","isContractor":true}
{"emp_id":7,"first_name":"Glenn","last_name":"Martinez","Address":"4913 Robert Views\nWest Lisa, ND 75950","phone_number":"001-638-239-7320x4801","isContractor":false}
{"emp_id":8,"first_name":"Teresa","last_name":"Estrada","Address":"339 Scott Valley\nGonzalesfort, PA 18212","phone_number":"435-600-3162","isContractor":false}
{"emp_id":9,"first_name":"Karen","last_name":"Spencer","Address":"7284 Coleman Club Apt. 813\nAndersonville, AS 86504","phone_number":"484-909-3127","isContractor":true}
{"emp_id":10,"first_name":"Daniel","last_name":"Foley","Address":"621 Sarah Lock Apt. 537\nJessicaton, NH 95446","phone_number":"457-716-2354x4945","isContractor":true}
{"emp_id":11,"first_name":"Amy","last_name":"Stevens","Address":"94661 Young Lodge Suite 189\nCynthiamouth, PR 01996","phone_number":"241.375.7901x6915","isContractor":true}
{"emp_id":12,"first_name":"Nicholas","last_name":"Aguirre","Address":"7474 Joyce Meadows\nLake Billy, WA 40750","phone_number":"495.259.9738","isContractor":true}
{"emp_id":13,"first_name":"John","last_name":"Valdez","Address":"686 Brian Forges Suite 229\nSullivanbury, MN 25872","phone_number":"+1-488-011-0464x95255","isContractor":false}
{"emp_id":14,"first_name":"Michael","last_name":"West","Address":"293 Jones Squares Apt. 997\nNorth Amandabury, TN 03955","phone_number":"146.133.9890","isContractor":true}
{"emp_id":15,"first_name":"Perry","last_name":"Mcguire","Address":"2126 Joshua Forks Apt. 050\nPort Angela, MD 25551","phone_number":"001-862-800-3814","isContractor":true}
{"emp_id":16,"first_name":"James","last_name":"Munoz","Address":"74019 Banks Estates\nEast Nicolefort, GU 45886","phone_number":"6532485982","isContractor":false}
{"emp_id":17,"first_name":"Todd","last_name":"Barton","Address":"2795 Kelly Shoal Apt. 500\nWest Lindsaytown, TN 55404","phone_number":"079-583-6386","isContractor":true}
{"emp_id":18,"first_name":"Christopher","last_name":"Noble","Address":"Unit 7816 Box 9004\nDPO AE 29282","phone_number":"215-060-7721","isContractor":true}
{"emp_id":19,"first_name":"Sandy","last_name":"Hunter","Address":"7251 Sarah Creek\nWest Jasmine, CO 54252","phone_number":"8759007374","isContractor":false}
{"emp_id":20,"first_name":"Jennifer","last_name":"Ballard","Address":"77628 Owens Key Apt. 659\nPort Victorstad, IN 02469","phone_number":"+1-137-420-7831x43286","isContractor":true}
{"emp_id":21,"first_name":"David","last_name":"Morris","Address":"192 Leslie Groves Apt. 930\nWest Dylan, NY 04000","phone_number":"990.804.0382x305","isContractor":false}
{"emp_id":22,"first_name":"Paula","last_name":"Jones","Address":"045 Johnson Viaduct Apt. 732\nNorrisstad, AL 12416","phone_number":"+1-193-919-7527x2207","isContractor":true}
{"emp_id":23,"first_name":"Lisa","last_name":"Thompson","Address":"1295 Judy Ports Suite 049\nHowardstad, PA 11905","phone_number":"(623)577-5982x33215","isContractor":true}
{"emp_id":24,"first_name":"Vickie","last_name":"Johnson","Address":"5247 Jennifer Run Suite 297\nGlenberg, NC 88615","phone_number":"708-367-4447x9366","isContractor":false}
{"emp_id":25,"first_name":"John","last_name":"Hamilton","Address":"5899 Barnes Plain\nHarrisville, NC 43970","phone_number":"341-467-5286x20961","isContractor":false}

Download the dataset and keep it ready, because you will modify the dataset for future use cases to simulate the inserts, updates, and deletes. The sample dataset generated for you will be entirely different than what you see in the preceding example.

To run the job, complete the following steps:

  1. On the AWS Glue console, choose Jobs in the navigation pane.
  2. Choose the job src-to-processed.
  3. On the Runs tab, choose Run.

When the AWS Glue job is run for the first time, the job reads the employee dataset from the landing bucket path and ingests the data to the processed bucket as a Delta table.

When the job is complete, you can create a crawler to see the initial data load. The following screenshot shows the database available on the Databases page.

  1. Choose Crawlers in the navigation pane.
  2. Choose Create crawler.

  1. Name your crawler delta-lake-crawler, then choose Next.

  1. Select Not yet for data already mapped to AWS Glue tables.
  2. Choose Add a data source.

  1. On the Data source drop-down menu, choose Delta Lake.
  2. Enter the path to the Delta table.
  3. Select Create Native tables.
  4. Choose Add a Delta Lake data source.

  1. Choose Next.

  1. Choose the role that was created by the CloudFormation template, then choose Next.

  1. Choose the database that was created by the CloudFormation template, then choose Next.

  1. Choose Create crawler.

  1. Select your crawler and choose Run.

Query the data

After the crawler is complete, you can see the table it created.

To query the data, complete the following steps:

  1. Choose the employee table and on the Actions menu, choose View data.

You’re redirected to the Athena console. If you don’t have the latest Athena engine, create a new Athena workgroup with the latest Athena engine.

  1. Under Administration in the navigation pane, choose Workgroups.

  1. Choose Create workgroup.

  1. Provide a name for the workgroup, such as DeltaWorkgroup.
  2. Select Athena SQL as the engine, and choose Athena engine version 3 for Query engine version.

  1. Choose Create workgroup.

  1. After you create the workgroup, select the workgroup (DeltaWorkgroup) on the drop-down menu in the Athena query editor.

  1. Run the following query on the employee table:
SELECT * FROM "deltalake_2438fbd0"."employee";

Note: Update the correct database name from the CloudFormation outputs before running the above query.

You can observe that the employee table has 25 records. The following screenshot shows the total employee records with some sample records.

The Delta table is stored with an emp_key, which is unique to each and every change and is used to track the changes. The emp_key is created for every insert, update, and delete, and can be used to find all the changes pertaining to a single emp_id.

The emp_key is created using the SHA256 hashing algorithm, as shown in the following code:

df.withColumn("emp_key", sha2(concat_ws("||", col("emp_id"), col("first_name"), col("last_name"), col("Address"),
            col("phone_number"), col("isContractor")), 256))

Perform inserts, updates, and deletes

Before making changes to the dataset, let’s run the same job one more time. Assuming that the current load from the source is the same as the initial load with no changes, the AWS Glue job shouldn’t make any changes to the dataset. After the job is complete, run the previous Select query in the Athena query editor and confirm that there are still 25 active records with the following values:

  • All 25 records with the column isCurrent=true
  • All 25 records with the column end_date=Null
  • All 25 records with the column delete_flag=false

After you confirm the previous job run with these values, let’s modify our initial dataset with the following changes:

  1. Change the isContractor flag to false (change it to true if your dataset already shows false) for emp_id=12.
  2. Delete the entire row where emp_id=8 (make sure to save the record in a text editor, because we use this record in another use case).
  3. Copy the row for emp_id=25 and insert a new row. Change the emp_id to be 26, and make sure to change the values for other columns as well.

After we make these changes, the employee source dataset looks like the following code (for readability, we have only included the changed records as described in the preceding three steps):

{"emp_id":12,"first_name":"Nicholas","last_name":"Aguirre","Address":"7474 Joyce Meadows\nLake Billy, WA 40750","phone_number":"495.259.9738","isContractor":false}
{"emp_id":26,"first_name":"John-copied","last_name":"Hamilton-copied","Address":"6000 Barnes Plain\nHarrisville-city, NC 5000","phone_number":"444-467-5286x20961","isContractor":true}
  1. Now, upload the changed fake_emp_data.json file to the same source prefix.

  1. After you upload the changed employee dataset to Amazon S3, navigate to the AWS Glue console and run the job.
  2. When the job is complete, run the following query in the Athena query editor and confirm that there are 27 records in total with the following values:
SELECT * FROM "deltalake_2438fbd0"."employee";

Note: Update the correct database name from the CloudFormation output before running the above query.

  1. Run another query in the Athena query editor and confirm that there are 4 records returned with the following values:
SELECT * FROM "AwsDataCatalog"."deltalake_2438fbd0"."employee" where emp_id in (8, 12, 26)
order by emp_id;

Note: Update the correct database name from the CloudFormation output before running the above query.

You will see two records for emp_id=12:

  • One emp_id=12 record with the following values (for the record that was ingested as part of the initial load):
    • emp_key=44cebb094ef289670e2c9325d5f3e4ca18fdd53850b7ccd98d18c7a57cb6d4b4
    • isCurrent=false
    • delete_flag=false
    • end_date=’2023-03-02’
  • A second emp_id=12 record with the following values (for the record that was ingested as part of the change to the source):
    • emp_key=b60547d769e8757c3ebf9f5a1002d472dbebebc366bfbc119227220fb3a3b108
    • isCurrent=true
    • delete_flag=false
    • end_date=Null (or empty string)

The record for emp_id=8 that was deleted in the source as part of this run will still exist but with the following changes to the values:

  • isCurrent=false
  • end_date=’2023-03-02’
  • delete_flag=true

The new employee record will be inserted with the following values:

  • emp_id=26
  • isCurrent=true
  • end_date=NULL (or empty string)
  • delete_flag=false

Note that the emp_key values in your actual table may be different than what is provided here as an example.

  1. For the deletes, we check for the emp_id from the base table along with the new source file and inner join the emp_key.
  2. If the condition evaluates to true, we then check if the employee base table emp_key equals the new updates emp_key, and get the current, undeleted record (isCurrent=true and delete_flag=false).
  3. We merge the delete changes from the new file with the base table for all the matching delete condition rows and update the following:
    1. isCurrent=false
    2. delete_flag=true
    3. end_date=current_date

See the following code:

delete_join_cond = "employee.emp_id=employeeUpdates.emp_id and employee.emp_key = employeeUpdates.emp_key"
delete_cond = "employee.emp_key == employeeUpdates.emp_key and employee.isCurrent = true and employeeUpdates.delete_flag = true"

base_tbl.alias("employee")\
        .merge(union_updates_dels.alias("employeeUpdates"), delete_join_cond)\
        .whenMatchedUpdate(condition=delete_cond, set={"isCurrent": "false",
                                                        "end_date": current_date(),
                                                        "delete_flag": "true"}).execute()
  1. For both the updates and the inserts, we check for the condition if the base table employee.emp_id is equal to the new changes.emp_id and the employee.emp_key is equal to new changes.emp_key, while only retrieving the current records.
  2. If this condition evaluates to true, we then get the current record (isCurrent=true and delete_flag=false).
  3. We merge the changes by updating the following:
    1. If the second condition evaluates to true:
      1. isCurrent=false
      2. end_date=current_date
    2. Or we insert the entire row as follows if the second condition evaluates to false:
      1. emp_id=new record’s emp_key
      2. emp_key=new record’s emp_key
      3. first_name=new record’s first_name
      4. last_name=new record’s last_name
      5. address=new record’s address
      6. phone_number=new record’s phone_number
      7. isContractor=new record’s isContractor
      8. start_date=current_date
      9. end_date=NULL (or empty string)
      10. isCurrent=true
      11. delete_flag=false

See the following code:

upsert_cond = "employee.emp_id=employeeUpdates.emp_id and employee.emp_key = employeeUpdates.emp_key and employee.isCurrent = true"
upsert_update_cond = "employee.isCurrent = true and employeeUpdates.delete_flag = false"

base_tbl.alias("employee").merge(union_updates_dels.alias("employeeUpdates"), upsert_cond)\
    .whenMatchedUpdate(condition=upsert_update_cond, set={"isCurrent": "false",
                                                            "end_date": current_date()
                                                            }) \
    .whenNotMatchedInsert(
    values={
        "isCurrent": "true",
        "emp_id": "employeeUpdates.emp_id",
        "first_name": "employeeUpdates.first_name",
        "last_name": "employeeUpdates.last_name",
        "Address": "employeeUpdates.Address",
        "phone_number": "employeeUpdates.phone_number",
        "isContractor": "employeeUpdates.isContractor",
        "emp_key": "employeeUpdates.emp_key",
        "start_date": current_date(),
        "delete_flag":  "employeeUpdates.delete_flag",
        "end_date": "null"
    })\
    .execute()

As a last step, let’s bring back the deleted record from the previous change to the source dataset and see how it is reinserted into the employee table in the data lake and observe how the complete history is maintained.

Let’s modify our changed dataset from the previous step and make the following changes.

  1. Add the deleted emp_id=8 back to the dataset.

After making these changes, my employee source dataset looks like the following code (for readability, we have only included the added record as described in the preceding step):

{"emp_id":8,"first_name":"Teresa","last_name":"Estrada","Address":"339 Scott Valley\nGonzalesfort, PA 18212","phone_number":"435-600-3162","isContractor":false}

  1. Upload the changed employee dataset file to the same source prefix.
  2. After you upload the changed fake_emp_data.json dataset to Amazon S3, navigate to the AWS Glue console and run the job again.
  3. When the job is complete, run the following query in the Athena query editor and confirm that there are 28 records in total with the following values:
SELECT * FROM "deltalake_2438fbd0"."employee";

Note: Update the correct database name from the CloudFormation output before running the above query.

  1. Run the following query and confirm there are 5 records:
SELECT * FROM "AwsDataCatalog"."deltalake_2438fbd0"."employee" where emp_id in (8, 12, 26)
order by emp_id;

Note: Update the correct database name from the CloudFormation output before running the above query.

You will see two records for emp_id=8:

  • One emp_id=8 record with the following values (the old record that was deleted):
    • emp_key=536ba1ba5961da07863c6d19b7481310e64b58b4c02a89c30c0137a535dbf94d
    • isCurrent=false
    • deleted_flag=true
    • end_date=’2023-03-02
  • Another emp_id=8 record with the following values (the new record that was inserted in the last run):
    • emp_key=536ba1ba5961da07863c6d19b7481310e64b58b4c02a89c30c0137a535dbf94d
    • isCurrent=true
    • deleted_flag=false
    • end_date=NULL (or empty string)

The emp_key values in your actual table may be different than what is provided here as an example. Also note that because this is a same deleted record that was reinserted in the subsequent load without any changes, there will be no change to the emp_key.

End-user sample queries

The following are some sample end-user queries to demonstrate how the employee change data history can be traversed for reporting:

  • Query 1 – Retrieve a list of all the employees who left the organization in the current month (for example, March 2023).
SELECT * FROM "deltalake_2438fbd0"."employee" where delete_flag=true and date_format(CAST(end_date AS date),'%Y/%m') ='2023/03'

Note: Update the correct database name from the CloudFormation output before running the above query.

The preceding query would return two employee records who left the organization.

  • Query 2 – Retrieve a list of new employees who joined the organization in the current month (for example, March 2023).
SELECT * FROM "deltalake_2438fbd0"."employee" where date_format(start_date,'%Y/%m') ='2023/03' and iscurrent=true

Note: Update the correct database name from the CloudFormation output before running the above query.

The preceding query would return 23 active employee records who joined the organization.

  • Query 3 – Find the history of any given employee in the organization (in this case employee 18).
SELECT * FROM "deltalake_2438fbd0"."employee" where emp_id=18

Note: Update the correct database name from the CloudFormation output before running the above query.

In the preceding query, we can observe that employee 18 had two changes to their employee records before they left the organization.

Note that the data results provided in this example are different than what you will see in your specific records based on the sample data generated by the Lambda function.

Clean up

When you have finished experimenting with this solution, clean up your resources, to prevent AWS charges from being incurred:

  1. Empty the S3 buckets.
  2. Delete the stack from the AWS CloudFormation console.

Conclusion

In this post, we demonstrated how to identify the changed data for a semi-structured data source and preserve the historical changes (SCD Type 2) on an S3 Delta Lake, when source systems are unable to provide the change data capture capability, with AWS Glue. You can further extend this solution to enable downstream applications to build additional customizations from CDC data captured in the data lake.

Additionally, you can extend this solution as part of an orchestration using AWS Step Functions or other commonly used orchestrators your organization is familiar with. You can also extend this solution by adding partitions where appropriate. You can also maintain the delta table by compacting the small files.

About the authors

Nith Govindasivan, is a Data Lake Architect with AWS Professional Services, where he helps onboarding customers on their modern data architecture journey through implementing Big Data & Analytics solutions. Outside of work, Nith is an avid Cricket fan, watching almost any cricket during his spare time and enjoys long drives, and traveling internationally.

Vijay Velpula is a Data Architect with AWS Professional Services. He helps customers implement Big Data and Analytics Solutions. Outside of work, he enjoys spending time with family, traveling, hiking and biking.

Sriharsh Adari is a Senior Solutions Architect at Amazon Web Services (AWS), where he helps customers work backwards from business outcomes to develop innovative solutions on AWS. Over the years, he has helped multiple customers on data platform transformations across industry verticals. His core area of expertise include Technology Strategy, Data Analytics, and Data Science. In his spare time, he enjoys playing sports, binge-watching TV shows, and playing Tabla.

[$] Ubuntu stops shipping Flatpak by default

Post Syndicated from original https://lwn.net/Articles/927262/

Canonical recently announced
that it will no longer ship Flatpak as
part of its default installation for the various official Ubuntu flavors,
which is in keeping with the practices of the core Ubuntu distribution. The
Flatpak package format has gained popularity among Linux users
for its
convenience and ease of use. Canonical will focus exclusively on its own
package-management system, Snap. The
decision has caused disgruntlement
among some community members, who felt like the distribution was making
this decision
without regard for its users.

Customize marketing messages and promotions for personalized outreach

Post Syndicated from binpazho original https://aws.amazon.com/blogs/messaging-and-targeting/customize-marketing-messages-and-promotions-for-personalized-outreach/

Introduction

Amazon Pinpoint is widely used by many customers for their various user engagement use cases like marketing campaigns, scheduled communications (newsletters, reminders, etc.), and transactional messaging. By using the message template feature in Amazon Pinpoint, customers can design messages personalized to the specific end users, by using variable attributes. While Amazon Pinpoint enables customers to include up to 250 attributes for each user, often times there might be need to pick and choose from a wide range of attributes about a user, that can lead to needing more than the allowed number of attributes.

The CampaignHook feature of Amazon Pinpoint can come to rescue for a situation like this. Using the CampainHook feature, we can filter out attributes that are not applicable to a specific user, while allowing to add new attributes, right before of sending the message. In this blog, I will walk you through how I have implemented the CampaignHook feature for a similar use case.

Sample Use-Cases

When setting up your Pinpoint campaign, following are the use cases where a CampaignHook can be enabled:

  • Retrieving data and perform custom compute logic in real time from third party data stores.
  • Filter endpoints out of the send: This is useful if you need to do some type of custom logic that you can’t do in Segmentation (custom opt-out, quiet time, campaign prioritization, etc.)
  • Avoid costly and time consuming Extract, Transform & Load (ETL) processes by accessing the data sources directly and applying custom compute logic in real-time.

Solution overview

CampaignHook Demo Architecture

The diagram above shows the solution that we will setup in this blog. As you can see, the Campaign event will trigger the Amazon Pinpoint Campaign. The event can be triggered from your web or mobile app that are accessed by your end-users, and can be setup to be triggered when the user performs a certain action. You can read more about setting up Amazon Pinpoint campaign in the user guide. By having the CampaignHook enabled on your Amazon Pinpoint campaign, the Lambda function that is configured with the CampaignHook will be triggered. This function will have access to the endpoint attributes passed by the Campaign event, and perform additional logic to derive new attributes for the user. Once all the new fields are derived, the function will update the user endpoint. Amazon pinpoint will then perform the next steps in the Campaign, and substitute the variables in the message template, before the personalized message is sent to the end user.

Prerequisites

  • AWS Account with Console and Programmatic access
  • Access to AWS CloudShell
  • Email channel enabled in Amazon Pinpoint

Building the demo

Build the Amazon Pinpoint Project

From the AWS Management console, go to Amazon Pinpoint and create a new project called “PinpointCampaignHookDemo”, and choose the option to enable the email channel. For more information about creating a project see the user guide, and follow the instructions here to setup your email channel.

If your account is in the Sandbox account, you will need to verify the email address, before you can send the email. You can follow the steps here to upgrade your account to a Production status if you are ready to deploy this solution to production.

Create the segment.

A segment is a group of your users that share certain attributes. For example, a segment might contain all of your users who use version 2.0 of your app on an Android device, or all users who live in the city of Los Angeles. You can send multiple campaigns to a single segment, and you can send a single campaign to multiple segments.

For this demo, let’s create a Dynamic Segment. Let’s call it ‘CampaignHookDemoSegment’.  Follow the steps here to create your Dynamic Segment.

Create a Segment

Setup message template

Let’s create our first template and call it “CampaignHookDemoTemplate”. You can read more about Amazon Pinpoint templates in the user guide.

For this demo, I have used the HTML template shown below, and I have 3 endpoint attribute variables: 2 that are passed from the campaign event trigger, and the third one (Company) that will be generated by the CampaignHook lambda function. For the subject of the email, I used “Campaign Hook Demo Campaign“.

Create eMail Template

The email template can be found in this GitHub repository.

Create Campaign

Next, create your campaign and use the Segment and email Template that you created in the previous steps by following the instructions here.

Select the ‘when an event occurs’ option to trigger the campaign when an event occurs. (This option will trigger the campaign when a specific event occurs). Yoy may also schedule your campaign to run on a scheduled bases as available in the setup screen. I used ‘CampaignHookTrigger’ as my event name.

Create a campaign

Set your Campaign Start date, time and end date. I have left all the other settings to default and saved the campaign. Now that you have successfully created your first Campaign, you are ready for the next steps.

Set Campaign Start and End Times

Create the Lambda function

This is the function that we will configure to trigger the Amazon pinpoint campaign event . From the Lambda console page, create a new function by clicking on the ‘Create function’ button. You can then pick the following options and create the function.

Name: Campaign_event_trigger_function

Runtime: Python 3.9 or higher.

Replace the default script with the code from the GitHub repository, and then deploy your code by clicking on the “Deploy” button.

Assign permissions

In-order for the Lambda function trigger to trigger the Pinpoint Campaign, you will need to add an inline policy to the IAM role that is attached to your Lambda function, by selecting Pinpoint as the service and PutEvents from the Write options. You can select the Lambda function as the resource to which the access will be granted.

{

    "Version" :"2012-10-17",

    "Statement":[

        {

            "Sid": "VisualEditor0",

            "Effect": "Allow",

            "Action": [

                "mobiletargeting:PutEvents"

            ],

            "Resource":"ARN of your Lambda function goes here."

        }

    ]

}

Create the CampaignHook Lambda function

This is the function that we will triggered from the CampaignHook. From your Lambda console, click on “Create function” and enter the basic information as shown below to create your function.

Name: CampaignHookFunction

Runtime: Python 3.9 or higher.

Next replace your default code with the sample GitHub code, and then deploy your code by clicking on the “Deploy” button.

Assign permissions

Next add permissions for Amazon Pinpoint to invoke the Lambda function by running the command below from your Command Shell. Replace the Lambda function name and Account number with yours.

aws lambda add-permission \

--function-name [YourCampaignHookLambdaFunctionName] \

--statement-id my-hook-id1 \

--action lambda:InvokeFunction \

--principal pinpoint.us-east-1.amazonaws.com \

--source-arn 'arn:aws:mobiletargeting:us-east-1:[YourAccountNumber]:apps/*'

You can also do this from the Lambda console, by clicking on “Configuration” and then scrolling down to “Resource based Policy” and by clicking on “Add permissions“.

Update Campaign settings to add the Campaign Hook

Now that you have the Lambda function that needs to act as the hook is created, and granted Amazon Pinpoint service to invoke that function, run the command below to update the Campaign settings to add the Campaign Hook. You can also set a default CampaignHook for ALL campaigns in the project by setting the CampaignHook property on the Project Settings via this API.

Replace the application-id (project id), campaign-id, and the arn of the Campaign Hook lambda function and run the command below. (You can find the Project ID by clicking on All Projects at the top-left of the Pinpoint Console. The Campaign ID can be found by opening your Pinpoint Project and then clicking Campaigns in the Pinpoint Console.)

aws pinpoint   update-campaign --application-id /

[your-application-id-goes-here] –campaign-id /

[your-campaign-id-goes-here] --cli-input-json '{"ApplicationId": /

"","CampaignId": "","WriteCampaignRequest": {"Hook": {"LambdaFunctionName": /

"your-CampaignHook-Function-goes-here","Mode": "FILTER","WebUrl": ""}}}'

You can optionally run the command below to make sure that the campaign settings have been updated:

aws pinpoint get-campaign –application-id [your-application-id-goes-here]  –campaign-id [your-campaign-id-goes-here]

Test your Campaign.

Go back to your Lambda function that you have created to trigger the Campaign in the “Create the Lambda function” step above. I have used the test event as shown below. Update the Application id to reflect your Project id and change the email address to the email you verified earlier and click on “Test” button.

{

    "application_id": "your application id",

    "endpoint_id": "223",

    "event_type": "CampaignHookEvent",

    "nextTestDate": "12/15/2025",

    "FirstName": "Jack",

    "email": "[email protected]",

    "userid": "Jack123"

}

You should now receive an email with the variables replaced with the values that was passed from your json payload. Further you can see the Company name was added to the endpoint from the CampaignHook Lambda, which is passed to the email template. If you have not received the email, please check the following:

  • The Lambda function ran without any errors
  • The LambdaHook function has the proper rights assigned to be invoked from Pinpoint
  • The From and To email id that you have used are verified in SES.

Verify email identity

Clean up resources

Once you are satisfied with your setup and testing, you can now clean up the resources by following the steps below:

  • Delete your Amazon Pinpoint Project, Campaign and Segment.
    • aws pinpoint delete-campaign –application-id [your appl id] –campaign-id [your campaign id]
    • aws pinpoint delete-segment –application-id [your app id]  –segment-id [your segment id]
    • aws pinpoint delete-app –application-id [your app id]
  • Delete you Lambda functions
    • aws lambda delete-function –function-name CampaignHookFunction
    • aws lambda delete-function –function-name Campaign_event_Trigger_Function

Conclusion

By dynamically generating the attributes in real-time, customers can now add greater levels of personalization within a single user message template. By invoking a Lambda function, you can perform custom compute logic, calculate new attribute values, and access external data stores, to modify the campaign’s segment, right before Amazon Pinpoint sends the message. Campaign Hook feature makes this possible as explained in this blog by running few basic CLI commands to enable the feature on your Amazon Pinpoint Campaign. You can read more about Amazon Pinpoint Campaign from the user guide documentation”.

Building Your (Digital) Go Bag

Post Syndicated from Stephanie Doyle original https://www.backblaze.com/blog/building-your-digital-go-bag/

A decorative image of several icons that represent photos, documents, identification cards, and money flowing into a backpack.

Quick! You have 10 minutes to get your most important documents out of your house. What do you need?

Here’s another scenario: you’re away from home and you find out there was a fire. Are you confident that you have all your important information somewhere you can access?

It’s never fun to imagine disaster scenarios, but that doesn’t mean you should avoid the necessary preparation. Building a good emergency kit checklist—and digitizing the things you can—is one of the easiest things you can do to give yourself peace of mind. Today, I’m covering all the things that can and should go into your digital go bag.

Editor’s Note

We’ve had this article on our calendar for a while now, and it’s part of our campaign to celebrate World Backup Day. But, we never want to be the ones shifting the focus from the victims of natural disasters. With the devastating storms that rolled through the U.S. South and beyond this weekend, we wanted to take a moment to say that our thoughts are with everyone affected, and if you have the ability to donate, this is a great boots-on-the-ground charity helping folks out right now.

Disaster Prep: Better Known as Recovery Planning

It may seem far-fetched that you’ll be in the position to get the essentials in only 10 minutes, but speaking from personal experience, that’s exactly what happened to me when the 2003 Cedar Fire struck in San Diego—there’s nothing like seeing your friends’ homes on the national news, let me tell you. And, having spent much of my adult life in hurricane-prone New Orleans, disaster readiness is just a way of life. It’s common to discuss the incoming storms with the old-timers in your neighborhood bar over a $2 afternoon High Life, and they are almost always right in predicting if a hurricane is going to turn and hit Florida.

A photo of Jim Cantore in a storm pointing ahead.
And you always know it’s a serious weather event when Jim Cantore comes to town. Source.

One of the things these experiences have taught me is that disasters and recovery happen in stages. There’s the inciting event—a house fire, a hurricane, etc.—and then there’s the displacement and recovery. You’re trying to call an insurance company when the lines are all tied up, and when you finally get through, you need to give them information that they need when you’re far from home and in crisis. You may have renter’s insurance, but when you’re trying to re-buy your book collection, really, which ones did you have? And, there are some things that can’t be replaced—photos are a great example. Finding a way to organize and digitize these things means that you don’t have to worry about stuff when you should be worrying about people.

All that to say, the more you can do to be prepared ahead of time, the better. That means not only having your documents in a place you can access, but also knowing what documents you need in the first place. While this type of file organization started out in response to natural disasters, it’s actually helped in many other ways—I always know where my files are to give to my tax guy, and I’ve implemented a good 3-2-1 backup strategy, which means I’m confident my data is protected and accessible.

As it happens, there’s a name for this type of intentional preparation when you’re building an emergency kit: folks call those kits go bags. It makes sense right? You have a bag that holds the things you need to go. These days, though, many of the things that you’d traditionally include in that physical bag can also be digitized. So, with all that in mind, let’s talk about how to build your (digital) go bag.

What Documents Do I Need in My Emergency Kit?

A little caveat here: just because you can digitize something, doesn’t mean that should be your only copy. There are some things that you just flat-out need to have in person, like your driver’s license, though some states have experimented with digital wallets that contain official, legal copies of those things. Nevertheless, having a digital backup of your important physical documents means that you’ll have the information to replace them should you need to.

After that, you can break your go bag checklist into a few different categories.

  • Household Identification
  • Financial and Legal Information
  • Medical Information
  • Emergency Contact Information
  • Valuables and Priceless Personal Items

We’ve shamelessly borrowed this information from a Federal Emergency Management Agency (FEMA) list of essentials, and we’ve added a few notes as well. Let’s break down each category.

Household Identification

These are all the things you need to prove you are who you say you are, and to prove that your kids, pets, and spouse are, in fact, your kids, pets, and spouse. It may seem like this isn’t important, but there were whole organizations dedicated to reuniting pets with their rightful owners after Hurricane Katrina—and it wasn’t easy. And, imagine if you’ve divorced and don’t have custody papers in an emergency. Sure, courts have records of those agreements, but sometimes those papers take weeks or months to get copies of.

The List

  • Vital Records: Birth certificates, marriage agreements, divorce decrees, adoption or custody papers.
  • Identity Records: Passports, driver’s license, i.d. card, Social Security card, green card, visa, military service i.d.
  • Pet Records: Pet ownership papers, identification tags, microchip information.
A photo of a woman kissing her very cute dog in front of a window.
Your dog, blissfully unaware that your legal relationship to each other is documented.

Financial and Legal Information

If your home or income is affected during a disaster, you’ll need documentation to request assistance from your insurance company or government disaster assistance programs. Remember that even after you get assistance, all that comes with tax implications down the road (for better or worse). Both of those processes take time, so in addition to having your information organized and ready to go, try to keep some emergency cash on hand during high-risk time periods.

The List

  • Housing Documents: Lease or rental agreements, mortgage agreement, home equity line of credit, house or property deed, lists of/receipts for repairs.
  • Bills: Utility bills, student loans, alimony, child support, elder care, gym memberships, streaming services.
  • Vehicle Documents: Loan documents, VIN number, registration, title.
  • Financial Accounts: Checking, savings, debit cards, credit cards, retirement accounts, investment accounts.
  • Insurance Policies: Homeowners, renters, auto, life, flood, fire.
    • Note: Don’t forget to document your property! Make a list of items covered by insurance with their estimated values, and take pictures of all that stuff.
  • Sources of Income: Pay stubs, government benefits, alimony, child support, rent payments, 1099 income.
  • Tax Statements: Federal/state income tax returns, property tax, vehicle tax.
  • Estates Planning: Wills, trusts, powers of attorney.

Medical Information

Even more so than the other sections on this list, it’s important to make sure you have thorough documentation for each member of your household. Remember that there are some items on this list that you’ll need sooner rather than later—think prescription refills. And, make sure that allergy information is front and center, especially life-threatening allergies (like to seafood or nuts).

The List

  • Insurance Information: Health and dental insurance, Medicare, Medicaid, Veterans Administration (VA) health benefits.
  • Medical Records: List of medications, illnesses/disabilities, immunizations, allergies, prescriptions, medical equipment and devices, pharmacy information.
  • Legal Documents: Living will, medical powers of attorney, Do Not Resuscitate (DNR) documents, caregiver agency contracts, disabilities documentations, Social Security (SSI) benefits information.
  • Contact Information: A list of doctors, specialists, dentists, pediatricians.

(Emergency) Contact Info

Finally, you’ll want all of the contact information you may need in one place—it’ll save you time and headaches when you’re trying to make calls, plus you may be able to delegate some phone calls to others. The exercise itself is useful to help you remember any miscellaneous items you may have forgotten in your other documents. Bonus: you can keep a list of extensions or direct phone lines and skip the automated phone tree.

A photo of a man wearing a phone headset and sitting at a computer, smiling at the viewer of the photo.
Press one for more options.

The List

  • Employers
  • Schools
  • Houses of worship
  • Homeowners’ associations
  • Home repair services
  • Relatives/emergency contacts
  • Utility companies
  • Insurance companies
  • Lawyers
  • Local non-emergency services
  • Government agencies

Valuables and Priceless Personal Items

Most of the things that fit in this section aren’t able to be digitized—your wedding dress, heirlooms, jewelry, and the like. Still, don’t forget that those things may have a paper trail you want to keep in your records, especially if you have additional insurance on things like the jewelry.

And, you can never forget to mention photos in this section. While most of us are now in the habit of using our smartphones as cameras, so most of our new photos are already stored in the cloud, don’t forget to digitize all of your photos, including the ones passed down by relatives, taken by professionals, and so on. And, even though it seems like our phones are safer than other formats, you’ll want to back up your mobile devices as well.

Go Bag: Go for Backups

Here’s the short answer to the question of what to digitize: anything you can. Even if the digital copies aren’t legally acceptable, like in our i.d. example above, you’ll at least have the information to fill out online forms or re-order the documents as necessary.

Once you have digital copies of all of these documents, it’s also easy to backup your information. We recommend that you follow a 3-2-1 backup strategy: having three copies of your files in two separate locations with one of those locations off-site. That way, you can grab your documents and go if you’re at home, or if the worst happens and you can’t access that on-site information, you can access all that information in the cloud.

A decorative image of a lightbulb with 3-2-1 in a halo surrounding it. Also, a title that says "3-2-1 Backup Strategy"
The 3-2-1 backup strategy: always a great idea.

Is My Go Bag Safe Online?

Good question. This is the most important information in your life, and we’re asking you to store it all online, the playground of cybercriminals. There’s a lot you can do to protect yourself, though. You’ve already achieved one of those things: setting up a backup strategy. You should also store your data in a secure location. Watch out for clever phishing attempts. And, make sure you follow password best practices, including setting up multi-factor authentication (MFA).

Make It a Holiday to Update Your Information Regularly

Remember that a lot of the information on this list will change over time. Maybe you’re the type of person who remembers to update their files continuously or when something big changes, but it’s a good idea to set one day per year (Around tax day? Maybe going into hurricane season? Groundhog’s Day?) that you intentionally set as Update Important Information Day. (We’re big fans of holidays that combine the whimsical and the practical here at Backblaze.) Feel free to workshop the holiday title and celebrate judiciously. Then, use a backup service like Backblaze Personal Backup that continuously and automatically backs up your data, and you’ll be pretty well prepared for whatever life throws at you.

The post Building Your (Digital) Go Bag appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

The collective thoughts of the interwebz