Security updates have been issued by Debian (kernel and openvpn), Mageia (docker, libetpan, weechat, and yodl), Oracle (mercurial), Scientific Linux (freeradius), SUSE (kernel), and Ubuntu (systemd).
Post Syndicated from Robert Graham original http://blog.erratasec.com/2017/06/a-kindly-lesson-for-you-non-techies.html
The following tweets need to be debunked:
The answer to John Schindler’s question is:
every expert in cryptography doesn’t know this
Telegram is not trustworthy because it’s partially closed-source. We can’t see how it works. We don’t know if they’ve made accidental mistakes that can be hacked. We don’t know if they’ve been bribed by the NSA or Russia to put backdoors in their program. In contrast, PGP and Signal are open-source. We can read exactly what the software does. Indeed, thousands of people have been reviewing their software looking for mistakes and backdoors. Being open-source doesn’t automatically make software better, but it does make hiding secret backdoors much harder.
Telegram is not trustworthy because we aren’t certain the crypto is done properly. Signal, and especially PGP, are done properly.
The thing about encryption is that when done properly, it works. Neither the NSA nor the Russians can break properly encrypted content. There’s no such thing as “military grade” encryption that is better than consumer grade. There’s only encryption that nobody can hack vs. encryption that your neighbor’s teenage kid can easily hack. Those scenes in TV/movies about breaking encryption is as realistic as sound in space: good for dramatic presentation, but not how things work in the real world.
In particular, end-to-end encryption works. Sure, in the past, such apps only encrypted as far as the server, so whoever ran the server could read your messages. Modern chat apps, though, are end-to-end: the servers have absolutely no ability to decrypt what’s on them, unless they can get the decryption keys from the phones. But some tasks, like encrypted messages to a group of people, can be hard to do properly.
Thus, in contrast to what John Schindler says, while we techies have doubts about Telegram, we don’t have doubts about Russia authorities having access to Signal and PGP messages.
Snowden hatred has become the anti-vax of crypto. Sure, there’s no particular reason to trust Snowden — people should really stop treating him as some sort of privacy-Jesus. But there’s no particular reason to distrust him, either. His bland statements on crypto are indistinguishable from any other crypto-enthusiast statements. If he’s a Russian pawn, then so too is the bulk of the crypto community.
With all this said, using Signal doesn’t make you perfectly safe. The person you are chatting with could be a secret agent — especially in group chat. There could be cameras/microphones in the room where you are using the app. The Russians can also hack into your phone, and likewise eavesdrop on everything you do with the phone, regardless of which app you use. And they probably have hacked specific people’s phones. On the other hand, if the NSA or Russians were widely hacking phones, we’d detect that this was happening. We haven’t.
Signal is therefore not a guarantee of safety, because nothing is, and if your life depends on it, you can’t trust any simple advice like “use Signal”. But, for the bulk of us, it’s pretty damn secure, and I trust neither the Russians nor the NSA are reading my Signal or PGP messages.
At first blush, this
So let’s talk about “every crypto expert“. It’s, of course, impossible to speak for every crypto expert. It’s like saying how the consensus among climate scientists is that mankind is warming the globe, while at the same time, ignoring the wide spread disagreement on how much warming that is.
The same is true here. You’ll get a widespread different set of responses from experts about the above tweet. Some, for example, will stress my point at the bottom that hacking the endpoint (the phone) breaks all the apps, and thus justify the above tweet from that point of view. Others will point out that all software has bugs, and it’s quite possible that Signal has some unknown bug that the Russians are exploiting.
So I’m not attempting to speak for what all experts might say here in the general case and what long lecture they can opine about. I am, though, pointing out the basics that virtually everyone agrees on, the consensus of open-source and working crypto.
Post Syndicated from Ernesto original https://torrentfreak.com/court-grants-subpoenas-to-unmask-tvaddons-and-zemtv-operators-170621/
Earlier this month we broke the news that third-party Kodi add-on ZemTV and the TVAddons library were being sued in a federal court in Texas.
In a complaint filed by American satellite and broadcast provider Dish Network, both stand accused of copyright infringement, facing up to $150,000 for each offense.
While the allegations are serious, Dish doesn’t know the full identities of the defendants.
To find out more, the company requested a broad range of subpoenas from the court, targeting Amazon, Github, Google, Twitter, Facebook, PayPal, and several hosting providers.
This week the court granted the subpoenas, which means that they can be forwarded to the companies in question. Whether that will be enough to identify the people behind ‘TVAddons’ and ‘ZemTV’ remains to be seen, but Dish has cast its net wide.
For example, the subpoena directed at Google covers any type of information that can be used to identify the account holder of [email protected], which is believed to be tied to ZemTV.
The information requested from Google includes IP address logs with session date and timestamps, but also covers “all communications,” including GChat messages from 2014 onwards.
Similarly, Twitter is required to hand over information tied to the accounts of the users “TV Addons” and “shani_08_kodi” as well as other accounts linked to tvaddons.ag and streamingboxes.com. This also applies the various tweets that were sent through the account.
The subpoena specifically mentions “all communications, including ‘tweets’, Twitter sent to or received from each Twitter Account during the time period of February 1, 2014 to present.”
Similar subpoenas were granted for the other services, tailored towards the information Dish hopes to find there. For example, the broadcast provider also requests details of each transaction from PayPal, as well as all debits and credits to the accounts.
In some parts, the subpoenas appear to be quite broad. PayPal is asked to reveal information on any account with the credit card statement “Shani,” for example. Similarly, Github is required to hand over information on accounts that are ‘associated’ with the tvaddons.ag domain, which is referenced by many people who are not directly connected to the site.
The service providers in question still have the option to challenge the subpoenas or ask the court for further clarification. A full overview of all the subpoena requests is available here (Exhibit 2 and onwards), including all the relevant details. This also includes several letters to foreign hosting providers.
While Dish still appears to be keen to find out who is behind ‘TVAddons’ and ‘ZemTV,’ not much has been heard from the defendants in question.
ZemTV developer “Shani” shut down his addon soon after the lawsuit was announced, without mentioning it specifically. TVAddons, meanwhile, has been offline for well over a week, without any notice in public about the reason for the prolonged downtime.
The court’s order granting the subpoenas and letters of request is available here (pdf).
Post Syndicated from Lennart Poettering original http://0pointer.net/blog/casync-a-tool-for-distributing-file-system-images.html
In the past months I have been working on a new project:
inspiration from the popular
synchronization tool as well as the probably even more popular
git revision control system. It combines the
idea of the
rsync algorithm with the idea of
content-addressable file systems, and creates a new system for
efficiently storing and delivering file system images, optimized for
high-frequency update cycles over the Internet. Its current focus is
on delivering IoT, container, VM, application, portable service or OS
images, but I hope to extend it later in a generic fashion to become
useful for backups and home directory synchronization as well (but
more about that later).
The basic technological building blocks
casync is built from are
neither new nor particularly innovative (at least not anymore),
however the way
casync combines them is different from existing tools,
and that’s what makes it useful for a variety of usecases that other
tools can’t cover that well.
casync after studying how today’s popular tools store and
deliver file system images. To very incomprehensively and briefly name
a few: Docker has a layered tarball approach,
OSTree serves the
individual files directly via HTTP and maintains packed deltas to
speed up updates, while other systems operate on the block layer and
squashfs images (or other archival file systems, such as
IS09660) for download on HTTP shares (in the better cases combined
Neither of these approaches appeared fully convincing to me when used
in high-frequency update cycle systems. In such systems, it is
important to optimize towards a couple of goals:
- Most importantly, make updates cheap traffic-wise (for this most tools use image deltas of some form)
- Put boundaries on disk space usage on servers (keeping deltas between all version combinations clients might want to run updates between, would suggest keeping an exponentially growing amount of deltas on servers)
- Put boundaries on disk space usage on clients
- Be friendly to Content Delivery Networks (CDNs), i.e. serve neither too many small nor too many overly large files, and only require the most basic form of HTTP. Provide the repository administrator with high-level knobs to tune the average file size delivered.
- Simplicity to use for users, repository administrators and developers
I don’t think any of the tools mentioned above are really good on more
than a small subset of these points.
Specifically: Docker’s layered tarball approach dumps the “delta”
question onto the feet of the image creators: the best way to make
your image downloads minimal is basing your work on an existing image
clients might already have, and inherit its resources, maintaing full
history. Here, revision control (a tool for the developer) is
intermingled with update management (a concept for optimizing
production delivery). As container histories grow individual deltas
are likely to stay small, but on the other hand a brand-new deployment
usually requires downloading the full history onto the deployment
system, even though there’s no use for it there, and likely requires
substantially more disk space and download sizes.
OSTree’s serving of individual files is unfriendly to CDNs (as many
small files in file trees cause an explosion of HTTP GET
requests). To counter that OSTree supports placing pre-calculated
delta images between selected revisions on the delivery servers, which
means a certain amount of revision management, that leaks into the
squashfs (or other file system) images is almost
beautifully simple, but of course means every update requires a full
download of the newest image, which is both bad for disk usage and
generated traffic. Enhancing it with
zsync makes this a much better
option, as it can reduce generated traffic substantially at very
little cost of history/metadata (no explicit deltas between a large
number of versions need to be prepared server side). On the other hand
server requirements in disk space and functionality (HTTP Range
requests) are minus points for the usecase I am interested in.
(Note: all the mentioned systems have great properties, and it’s not
my intention to badmouth them. They only point I am trying to make is
that for the use case I care about — file system image delivery with
high high frequency update-cycles — each system comes with certain
Security & Reproducability
Besides the issues pointed out above I wasn’t happy with the security
and reproducability properties of these systems. In today’s world
where security breaches involving hacking and breaking into connected
systems happen every day, an image delivery system that cannot make
strong guarantees regarding data integrity is out of
date. Specifically, the tarball format is famously undeterministic:
the very same file tree can result in any number of different
valid serializations depending on the tool used, its version and the
underlying OS and file system. Some
tar implementations attempt to
correct that by guaranteeing that each file tree maps to exactly
one valid serialization, but such a property is always only specific
to the tool used. I strongly believe that any good update system must
guarantee on every single link of the chain that there’s only one
valid representatin of the data to deliver, that can easily be
What casync Is
So much about the background why I created
casync. Now, let’s have a
casync actually is like, and what it does. Here’s the brief
Encoding: Let’s take a large linear data stream, split it into
variable-sized chunks (the size of each being a function of the
chunk’s contents), and store these chunks in individual, compressed
files in some directory, each file named after a strong hash value of
its contents, so that the hash value may be used to as key for
retrieving the full chunk data. Let’s call this directory a “chunk
store”. At the same time, generate a “chunk index” file that lists
these chunk hash values plus their respective chunk sizes in a simple
linear array. The chunking algorithm is supposed to create variable,
but similarly sized chunks from the data stream, and do so in a way
that the same data results in the same chunks even if placed at
varying offsets. For more information see this blog
Decoding: Let’s take the chunk index file, and reassemble the large
linear data stream by concatenating the uncompressed chunks retrieved
from the chunk store, keyed by the listed chunk hash values.
As an extra twist, we introduce a well-defined, reproducible,
random-access serialization format for file trees (think: a more
tar), to permit efficient, stable storage of complete file
trees in the system, simply by serializing them and then passing them
into the encoding step explained above.
Finally, let’s put all this on the network: for each image you want to
deliver, generate a chunk index file and place it on an HTTP
server. Do the same with the chunk store, and share it between the
various index files you intend to deliver.
Why bother with all of this? Streams with similar contents will result
in mostly the same chunk files in the chunk store. This means it is
very efficient to store many related versions of a data stream in the
same chunk store, thus minimizing disk usage. Moreover, when
transferring linear data streams chunks already known on the receiving
side can be made use of, thus minimizing network traffic.
Why is this different from
rsync or OSTree, or similar tools? Well,
one major difference between
casync and those tools is that we
remove file boundaries before chunking things up. This means that
small files are lumped together with their siblings and large files
are chopped into pieces, which permits us to recognize similarities in
files and directories beyond file boundaries, and makes sure our chunk
sizes are pretty evenly distributed, without the file boundaries
The “chunking” algorithm is based on a the buzhash rolling hash
function. SHA256 is used as strong hash function to generate digests
of the chunks. xz is used to compress the individual chunks.
Here’s a diagram, hopefully explaining a bit how the encoding process
works, wasn’t it for my crappy drawing skills:
The diagram shows the encoding process from top to bottom. It starts
with a block device or a file tree, which is then serialized and
chunked up into variable sized blocks. The compressed chunks are then
placed in the chunk store, while a chunk index file is written listing
the chunk hashes in order. (The original SVG of this graphic may be
casync operates on two different layers, depending on the
usecase of the user:
You may use it on the block layer. In this case the raw block data
on disk is taken as-is, read directly from the block device, split
into chunks as described above, compressed, stored and delivered.
You may use it on the file system layer. In this case, the
file tree serialization format mentioned above comes into play:
the file tree is serialized depth-first (much like
it) and then split into chunks, compressed, stored and delivered.
The fact that it may be used on both the block and file system layer
opens it up for a variety of different usecases. In the VM and IoT
ecosystems shipping images as block-level serializations is more
common, while in the container and application world file-system-level
serializations are more typically used.
Chunk index files referring to block-layer serializations carry the
.caibx suffix, while chunk index files referring to file system
serializations carry the
.caidx suffix. Note that you may also use
casync as direct
tar replacement, i.e. without the chunking, just
generating the plain linear file tree serialization. Such files
.catar suffix. Internally
.caibx are identical to
.caidx files, the only difference is semantical:
.catar file, while
.caibx files may describe any other
blob. Finally, chunk stores are directories carrying the
Here are a couple of other features
When downloading a new image you may use
feature: each block device, file, or directory specified is processed
using the same chunking logic described above, and is used as
preferred source when putting together the downloaded image locally,
avoiding network transfer of it. This of course is useful whenever
updating an image: simply specify one or more old versions as seed and
only download the chunks that truly changed since then. Note that
using seeds requires no history relationship between seed and the new
image to download. This has major benefits: you can even use it to
speed up downloads of relatively foreign and unrelated data. For
example, when downloading a container image built using Ubuntu you can
use your Fedora host OS tree in
/usras seed, and
automatically use whatever it can from that tree, for example timezone
and locale data that tends to be identical between
casync extract. This
http://example.com/myimage.caibx --seed=/dev/sda1 /dev/sda2
will place the block-layer image described by the indicated URL in the
/dev/sda2partition, using the existing
/dev/sda1data as seeding
source. An invocation like this could be typically used by IoT systems
with an A/B partition setup. Example 2:
casync extract, is very similar but
operates on the file system layer, and uses two old container versions
to seed the new version.
When operating on the file system level, the user has fine-grained
control on the metadata included in the serialization. This is
relevant since different usecases tend to require a different set of
saved/restored metadata. For example, when shipping OS images, file
access bits/ACLs and ownership matter, while file modification times
hurt. When doing personal backups OTOH file ownership matters little
but file modification times are important. Moreover different backing
file systems support different feature sets, and storing more
information than necessary might make it impossible to validate a tree
against an image if the metadata cannot be replayed in full. Due to
casyncprovides a set of
that allow fine-grained control of the data stored in the file tree
serialization, including the granularity of modification times and
more. The precise set of selected metadata features is also always
part of the serialization, so that seeding can work correctly and
casynctries to be as accurate as possible when storing file
system metadata. This means that besides the usual baseline of file
metadata (file ownership and access bits), and more advanced features
(extended attributes, ACLs, file capabilities) a number of more exotic
data is stored as well, including Linux
chattr(1) file attributes, as
well as FAT file
(you may wonder why the latter? — EFI is FAT, and
/efiis part of
the comprehensive serialization of any host). In the future I intend
to extend this further, for example storing
information where available. Note that as described above every single
type of metadata may be turned off and on individually, hence if you
don’t need FAT file bits (and I figure it’s pretty likely you don’t),
then they won’t be stored.
The user creating
.caibxfiles may control the desired
average chunk length (before compression) freely, using the
--chunk-size=parameter. Smaller chunks increase the number of
generated files in the chunk store and increase HTTP GET load on the
server, but also ensure that sharing between similar images is
improved, as identical patterns in the images stored are more likely
to be recognized. By default
casyncwill use a 64K average chunk
size. Tweaking this can be particularly useful when adapting the
system to specific CDNs, or when delivering compressed disk images
Emphasis is placed on making all invocations reproducible,
well-defined and strictly deterministic. As mentioned above this is a
requirement to reach the intended security guarantees, but is also
useful for many other usecases. For example, the
command may be used to calculate a hash value identifying a specific
directory in all desired detail (use
the desired detail). Moreover the
casync mtreecommand may be used
to generate a BSD mtree(5) compatible manifest of a directory tree,
The file system serialization format is nicely composable. By this
I mean that the serialization of a file tree is the concatenation of
the serializations of all files and file subtrees located at the
top of the tree, with zero metadata references from any of these
serializations into the others. This property is essential to ensure
maximum reuse of chunks when similar trees are serialized.
When extracting file trees or disk image files,
will automatically create
from any specified seeds if the underlying file system supports it
ocfs, and future
xfs). After all, instead of
copying the desired data from the seed, we can just tell the file
system to link up the relevant blocks. This works both when extracting
.caibxfiles — the latter of course only when the
extracted disk image is placed in a regular raw image file on disk,
rather than directly on a plain block device, as plain block devices
do not know the concept of reflinks.
Optionally, when extracting file trees,
create traditional UNIX hardlinks for identical files in specified
--hardlink=yes). This works on all UNIX file systems, and can
save substantial amounts of disk space. However, this only works for
very specific usecases where disk images are considered read-only
after extraction, as any changes made to one tree will propagate to
all other trees sharing the same hardlinked files, as that’s the
nature of hardlinks. In this mode,
behaviour, which is built heavily around read-only hardlink trees.
casynctries to be smart when choosing what to include in file
system images. Implicitly, file systems such as procfs and sysfs are
exluded from serialization, as they expose API objects, not real
files. Moreover, the “nodump” (
chattr(1) flag is honoured by
default, permitting users to mark files to exclude from serialization.
When creating and extracting file trees
casyncmay apply am
automatic or explicit UID/GID shift. This is particularly useful when
transferring container image for use with Linux user namespacing.
In addition to local operation,
casynccurrently supports HTTP,
HTTPS, FTP and ssh natively for downloading chunk index files and
chunks (the ssh mode requires installing
casyncon the remote host,
though, but an sftp mode not requiring that should be easy to
add). When creating index files or chunks, only ssh is supported as
When operating on block-layer images, you may expose locally or
remotely stored images as local block devices. Example:
casync mkdevexposes the disk image described by
the indicated URL as local block device in
/dev, which you then may
use the usual block device tools on, such as mount or fdisk (only
read-only though). Chunks are downloaded on access with high priority,
and at low priority when idle in the background. Note that in this
casyncalso plays a role similar to “dm-verity”, as all blocks
are validated against the strong digests in the chunk index file
before passing them on to the kernel’s block layer. This feature is
implemented though Linux’ NBD kernel facility.
Similar, when operating on file-system-layer images, you may mount
locally or remotely stored images as regular file systems. Example:
casync mount http://example.com/mytree.caidx /srv/mytreemounts the
file tree image described by the indicated URL as a local directory
/srv/mytree. This feature is implemented though Linux’ FUSE kernel
facility. Note that special care is taken that the images exposed this
way can be packed up again with
casync makeand are guaranteed to
return the bit-by-bit exact same serialization again that it was
mounted from. No data is lost or changed while passing thrings through
FUSE (OK, strictly speaking this is a lie, we do lose ACLs, but that’s
hopefully just a temporary gap to be fixed soon).
In IoT A/B fixed size partition setups the file systems placed in
the two partitions are usually much shorter than the partition size,
in order to keep some room for later, larger updates.
to analyze the superblock of a number of common file systems in order
to determine the actual size of a file system stored on a block
device, so that writing a file system to such a partition and reading
it back again will result in reproducible data. Moreover this speeds
up the seeding process, as there’s little point in seeding the
whitespace after the file system within the partition.
Example Command Lines
Here’s how to use
casync, explained with a few examples:
$ casync make foobar.caidx /some/directory
This will create a chunk index file
foobar.caidx in the local
directory, and populate the chunk store directory
located next to it with the chunks of the serialization (you can
change the name for the store directory with
--store= if you
like). This command operates on the file-system level. A similar
command operating on the block level:
$ casync make foobar.caibx /dev/sda1
This command creates a chunk index file
foobar.caibx in the local
directory describing the current contents of the
device, and populates
default.castr in the same way as above. Note
that you may as well read a raw disk image from a file instead of a
$ casync make foobar.caibx myimage.raw
To reconstruct the original file tree from the
.caidx file and
the chunk store of the first command, use:
$ casync extract foobar.caidx /some/other/directory
And similar for the block-layer version:
$ casync extract foobar.caibx /dev/sdb1
or, to extract the block-layer version into a raw disk image:
$ casync extract foobar.caibx myotherimage.raw
The above are the most basic commands, operating on local data
only. Now let’s make this more interesting, and reference remote
$ casync extract http://example.com/images/foobar.caidx /some/other/directory
This extracts the specified
.caidx onto a local directory. This of
course assumes that
foobar.caidx was uploaded to the HTTP server in
the first place, along with the chunk store. You can use any command
you like to accomplish that, for example
rsync. Alternatively, you can let
casync do this directly when
generating the chunk index:
$ casync make ssh.example.com:images/foobar.caidx /some/directory
This will use ssh to connect to the
ssh.example.com server, and then
.caidx file and the chunks on it. Note that this mode of
operation is “smart”: this scheme will only upload chunks currently
missing on the server side, and not retransmit what already is
Note that you can always configure the precise path or URL of the
chunk store via the
--store= option. If you do not do that, then the
store path is automatically derived from the path or URL: the last
component of the path or URL is replaced by
Of course, when extracting
.caibx files from remote sources,
using a local seed is advisable:
$ casync extract http://example.com/images/foobar.caidx --seed=/some/exising/directory /some/other/directory
Or on the block layer:
$ casync extract http://example.com/images/foobar.caibx --seed=/dev/sda1 /dev/sdb2
When creating chunk indexes on the file system layer
casync will by
default store metadata as accurately as possible. Let’s create a chunk
index with reduced metadata:
$ casync make foobar.caidx --with=sec-time --with=symlinks --with=read-only /some/dir
This command will create a chunk index for a file tree serialization
that has three features above the absolute baseline supported: 1s
granularity timestamps, symbolic links and a single read-only bit. In
this mode, all the other metadata bits are not stored, including
nanosecond timestamps, full unix permission bits, file ownership or
even ACLs or extended attributes.
Now let’s make a
.caidx file available locally as a mounted file
system, without extracting it:
$ casync mount http://example.comf/images/foobar.caidx /mnt/foobar
And similar, let’s make a
.caibx file available locally as a block device:
$ casync mkdev http://example.comf/images/foobar.caidx
This will create a block device in
/dev and print the used device
node path to STDOUT.
casync is big about reproducability. Let’s make use of
that to calculate the a digest identifying a very specific version of
a file tree:
$ casync digest .
This digest will include all metadata bits
casync and the underlying
file system know about. Usually, to make this useful you want to
configure exactly what metadata to include:
$ casync digest --with=unix .
This makes use of the
--with=unix shortcut for selecting metadata
--with-unix= selects all metadata that
traditional UNIX file systems support. It is a shortcut for writing out:
--with=16bit-uids --with=permissions --with=sec-time --with=symlinks.
--with=device-nodes --with=fifos --with=sockets
Note that when calculating digests or creating chunk indexes you may
also use the negative
--without= option to remove specific features
but start from the most precise:
$ casync digest --without=flag-immutable
This generates a digest with the most accurate metadata, but leaves
one feature out: chattr(1)‘s
+i) file flag.
To list the contents of a
.caidx file use a command like the following:
$ casync list http://example.com/images/foobar.caidx
$ casync mtree http://example.com/images/foobar.caidx
The former command will generate a brief list of files and
directories, not too different from
tar t or
ls -al in its
output. The latter command will generate a BSD
manifest. Note that
casync actually stores substantially more file
mtree files can express, though.
What casync isn’t
casyncis not an attempt to minimize serialization and downloaded
deltas to the extreme. Instead, the tool is supposed to find a good
middle ground, that is good on traffic and disk space, but not at the
price of convenience or requiring explicit revision control. If you
care about updates that are absolutely minimal, there are binary delta
systems around that might be an option for you, such as Google’s
casyncis not a replacement for
anything like that. They have very different usecases and
semantics. For example,
rsyncpermits you to directly synchronize two
file trees remotely.
casyncjust cannot do that, and it is unlikely
it every will.
casync is supposed to be a generic synchronization tool. Its primary
focus for now is delivery of OS images, but I’d like to make it useful
for a couple other usecases, too. Specifically:
Right now, if you want to deploy
casyncin real-life, you still
need to validate the downloaded
.caibxfile yourself, for
example with some
gpgsignature. It is my intention to integrate with
gpgin a minimal way so that signing and verifying chunk index files
is done automatically.
In the longer run, I’d like to build an automatic synchronizer for
$HOMEbetween systems from this. Each
$HOMEinstance would be
stored automatically in regular intervals in the cloud using casync,
and conflicts would be resolved locally.
casyncis written in a shared library style, but it is not yet
built as one. Specifically this means that almost all of
functionality is supposed to be available as C API soon, and
applications can process
casyncfiles on every level. It is my
intention to make this library useful enough so that it will be easy
to write a module for GNOME’s
gvfssubsystem in order to make remote
.caidxfiles directly available to applications (as an
casync mount). In fact the idea is to make this all
flexible enough that even the remoting backends can be replaced
easily, for example to replace
casync‘s default HTTP/HTTPS backends
built on CURL with GNOME’s own HTTP implementation, in order to share
cookies, certificates, … There’s also an alternative method to
casyncin place already: simply invoke
casyncwill inform you about a certain set of state
changes using a mechanism compatible with
future it will also propagate progress data this way and more.
I intend to a add a new seeding back-end that sources chunks from
the local network. After downloading the new
.caidxfile off the
casyncwould then search for the listed chunks on the local
network first before retrieving them from the Internet. This should
speed things up on all installations that have multiple similar
systems deployed in the same network.
Further plans are listed tersely in the
Is this a systemd project? —
casyncis hosted under the
github systemd umbrella, and the
projects share the same coding style. However, the codebases are
distinct and without interdependencies, and
casyncworks fine both
on systemd systems and systems without it.
casyncportable? — At the moment: no. I only run Linux and
that’s what I code for. That said, I am open to accepting portability
patches (unlike for systemd, which doesn’t really make sense on
non-Linux systems), as long as they don’t interfere too much with the
casyncworks. Specifically this means that I am not too
enthusiastic about merging portability patches for OSes lacking the
casyncrequire reflink-capable file systems to work, such
btrfs? No it doesn’t. The reflink magic in
employed when the file system permits it, and it’s good to have it,
but it’s not a requirement, and
casyncwill implicitly fall back to
copying when it isn’t available. Note that
casyncsupports a number
of file system features on a variety of file systems that aren’t
available everywhere, for example FAT’s system/hidden file flags or
casyncstable? — I just tagged the first, initial
release. While I have been working on it since quite some time and it
is quite featureful, this is the first time I advertise it publicly,
and it hence received very little testing outside of its own test
suite. I am also not fully ready to commit to the stability of the
current serialization or chunk index format. I don’t see any breakages
coming for it though.
casyncis pretty light on documentation right
now, and does not even have a man page. I also intend to correct that
.catarfile formats open and
casyncis Open Source, so if you want to know the
precise format, have a look at the sources for now. It’s definitely my
intention to add comprehensive docs for both formats however. Don’t
forget this is just the initial version right now.
casyncis just like
$SOMEOTHERTOOL! Why are you reinventing
the wheel (again)? — Well, because
casyncisn’t “just like” some
other tool. I am pretty sure I did my homework, and that there is no
tool just like
casyncright now. The tools coming closest are probably
restic, but they are quite different beasts
Why did you invent your own serialization format for file trees?
Why don’t you just use
tar? That’s a good question, and other
systems — most prominently
tarsnap— do that. However, as mentioned
tardoesn’t enforce reproducability. It also doesn’t really do
random access: if you want to access some specific file you need to
read every single byte stored before it in the
tararchive to find
it, which is of course very expensive. The serialization
implements places a focus on reproducability, random access, and
metadata control. Much like traditional
tarit can still be
generated and extracted in a stream fashion though.
casyncsave/restore SELinux/SMACK file labels? At the
moment not. That’s not because I wouldn’t want it to, but simply
because I am not a guru of either of these systems, and didn’t want to
implement something I do not fully grok nor can test. If you look at
the sources you’ll find that there’s already some definitions in place
that keep room for them though. I’d be delighted to accept a patch
implementing this fully.
What about delivering
squashfsimages? How well does chunking
work on compressed serializations? – That’s a very good point!
Usually, if you apply the a chunking algorithm to a compressed data
stream (let’s say a
tar.gzfile), then changing a single bit at the
front will propagate into the entire remainder of the file, so that
minimal changes will explode into major changes. Thankfully this
doesn’t apply that strictly to
squashfsimages, as it provides
random access to files and directories and thus breaks up the
compression streams in regular intervals to make seeking easy. This
fact is beneficial for systems employing chunking, such as
this means single bit changes might affect their vicinity but will not
explode in an unbounded fashion. In order achieve best results when
casyncthe block sizes of
squashfsand the chunks sizes of
casyncshould be matched up (using
--chunk-size=option). How precisely to choose both
values is left to reasearch by the user, for now.
What does the name
casyncmean? – It’s a synchronizing
tool, hence the
rsync‘s naming. It makes
use of the content-addressable concept of
Should you care? Is this a tool for you?
Well, that’s up to you really. If you are involved with projects that
need to deliver IoT, VM, container, application or OS images, then
maybe this is a great tool for you — but other options exist, some of
which are linked above.
casync is an Open Source project: if it doesn’t do exactly
what you need, prepare a patch that adds what you need, and we’ll
If you are interested in the project and would like to talk about this
in person, I’ll be presenting
casync soon at Kinvolk’s Linux
in Berlin, Germany. You are invited. I also intend to talk about it at
All Systems Go!, also in Berlin.
Post Syndicated from DevOpsCafeAdmin original http://devopscafe.org/show/2017/6/18/devops-cafe-episode-72-kelsey-hightower.html
You can’t contain(er) Kelsey.
- There are lots of great videos online of Kelsey both talking Kubernetes (here, here, here, etc.) and also about his personal journey to where he is today
- Kelsey works for Google as a developer advocate
- Damon works for SimplifyOps
- John works for Docker
Please tweet or leave comments or questions below and we’ll read them on the show!
Post Syndicated from Eevee original https://eev.ee/blog/2017/06/17/digital-painter-rundown/
You should totally write about drawing/image manipulation programs! (Inspired by https://eev.ee/blog/2015/05/31/text-editor-rundown/)
This is a little trickier than a text editor comparison — while most text editors are cross-platform, quite a few digital art programs are not. So I’m effectively unable to even try a decent chunk of the offerings. I’m also still a relatively new artist, and image editors are much harder to briefly compare than text editors…
Right, now that your expectations have been suitably lowered:
I do all of my digital art in Krita. It’s pretty alright.
Okay so Krita grew out of Calligra, which used to be KOffice, which was an office suite designed for KDE (a Linux desktop environment). I bring this up because KDE has a certain… reputation. With KDE, there are at least three completely different ways to do anything, each of those ways has ludicrous amounts of customization and settings, and somehow it still can’t do what you want.
Krita inherits this aesthetic by attempting to do literally everything. It has 17 different brush engines, more than 70 layer blending modes, seven color picker dockers, and an ungodly number of colorspaces. It’s clearly intended primarily for drawing, but it also supports animation and vector layers and a pretty decent spread of raster editing tools. I just right now discovered that it has Photoshop-like “layer styles” (e.g. drop shadow), after a year and a half of using it.
In fairness, Krita manages all of this stuff well enough, and (apparently!) it manages to stay out of your way if you’re not using it. In less fairness, they managed to break erasing with a Wacom tablet pen for three months?
I don’t want to rag on it too hard; it’s an impressive piece of work, and I enjoy using it! The emotion it evokes isn’t so much frustration as… mystified bewilderment.
I once filed a ticket suggesting the addition of a brush size palette — a panel showing a grid of fixed brush sizes that makes it easy to switch between known sizes with a tablet pen (and increases the chances that you’ll be able to get a brush back to the right size again). It’s a prominent feature of Paint Tool SAI and Clip Studio Paint, and while I’ve never used either of those myself, I’ve seen a good few artists swear by it.
The developer response was that I could emulate the behavior by creating brush presets. But that’s flat-out wrong: getting the same effect would require creating a ton of brush presets for every brush I have, plus giving them all distinct icons so the size is obvious at a glance. Even then, it would be much more tedious to use and fill my presets with junk.
And that sort of response is what’s so mysterious to me. I’ve never even been able to use this feature myself, but a year of amateur painting with Krita has convinced me that it would be pretty useful. But a developer didn’t see the use and suggested an incredibly tedious alternative that only half-solves the problem and creates new ones. Meanwhile, of the 28 existing dockable panels, a quarter of them are different ways to choose colors.
What is Krita trying to be, then? What does Krita think it is? Who precisely is the target audience? I have no idea.
Anyway, I enjoy drawing in Krita well enough. It ships with a respectable set of brushes, and there are plenty more floating around. It has canvas rotation, canvas mirroring, perspective guide tools, and other art goodies. It doesn’t colordrop on right click by default, which is arguably a grave sin (it shows a customizable radial menu instead), but that’s easy to rebind. It understands having a background color beneath a bottom transparent layer, which is very nice. You can also toggle any brush between painting and erasing with the press of a button, and that turns out to be very useful.
It doesn’t support infinite canvases, though it does offer a one-click button to extend the canvas in a given direction. I’ve never used it (and didn’t even know what it did until just now), but would totally use an infinite canvas.
I haven’t used the animation support too much, but it’s pretty nice to have. Granted, the only other animation software I’ve used is Aseprite, so I don’t have many points of reference here. It’s a relatively new addition, too, so I assume it’ll improve over time.
The one annoyance I remember with animation was really an interaction with a larger annoyance, which is: working with selections kind of sucks. You can’t drag a selection around with the selection tool; you have to switch to the move tool. That would be fine if you could at least drag the selection ring around with the selection tool, but you can’t do that either; dragging just creates a new selection.
If you want to copy a selection, you have to explicitly copy it to the clipboard and paste it, which creates a new layer. Ctrl-drag with the move tool doesn’t work. So then you have to merge that layer down, which I think is where the problem with animation comes in: a new layer is non-animated by default, meaning it effectively appears in any frame, so simply merging it down with merge it onto every single frame of the layer below. And you won’t even notice until you switch frames or play back the animation. Not ideal.
This is another thing that makes me wonder about Krita’s sense of identity. It has a lot of fancy general-purpose raster editing features that even GIMP is still struggling to implement, like high color depth support and non-destructive filters, yet something as basic as working with selections is clumsy. (In fairness, GIMP is a bit clumsy here too, but it has a consistent notion of “floating selection” that’s easy enough to work with.)
I don’t know how well Krita would work as a general-purpose raster editor; I’ve never tried to use it that way. I can’t think of anything obvious that’s missing. The only real gotcha is that some things you might expect to be tools, like smudge or clone, are just types of brush in Krita.
Ah, GIMP — open source’s answer to Photoshop.
It’s very obviously intended for raster editing, and I’m pretty familiar with it after half a lifetime of only using Linux. I even wrote a little Scheme script for it ages ago to automate some simple edits to a couple hundred files, back before I was aware of ImageMagick. I don’t know what to say about it, specifically; it’s fairly powerful and does a wide variety of things.
In fact I’d say it’s almost frustratingly intended for raster editing. I used GIMP in my first attempts at digital painting, before I’d heard of Krita. It was okay, but so much of it felt clunky and awkward. Painting is split between a pencil tool, a paintbrush tool, and an airbrush tool; I don’t really know why. The default brushes are largely uninteresting. Instead of brush presets, there are tool presets that can be saved for any tool; it’s a neat idea, but doesn’t feel like a real substitute for brush presets.
Much of the same functionality as Krita is there, but it’s all somehow more clunky. I’m sure it’s possible to fiddle with the interface to get something friendlier for painting, but I never really figured out how.
And then there’s the surprising stuff that’s missing. There’s no canvas rotation, for example. There’s only one type of brush, and it just stamps the same pattern along a path. I don’t think it’s possible to smear or blend or pick up color while painting. The only way to change the brush size is via the very sensitive slider on the tool options panel, which I remember being a little annoying with a tablet pen. Also, you have to specifically enable tablet support? It’s not difficult or anything, but I have no idea why the default is to ignore tablet pressure and treat it like a regular mouse cursor.
As I mentioned above, there’s also no support for high color depth or non-destructive editing, which is honestly a little embarrassing. Those are the major things Serious Professionals™ have been asking for for ages, and GIMP has been trying to provide them, but it’s taking a very long time. The first signs of GEGL, a new library intended to provide these features, appeared in GIMP 2.6… in 2008. The last major release was in 2012. GIMP has been working on this new plumbing for almost as long as Krita’s entire development history. (To be fair, Krita has also raised almost €90,000 from three Kickstarters to fund its development; I don’t know that GIMP is funded at all.)
I don’t know what’s up with GIMP nowadays. It’s still under active development, but the exact status and roadmap are a little unclear. I still use it for some general-purpose editing, but I don’t see any reason to use it to draw.
I do know that canvas rotation will be in the next release, and there was some experimentation with embedding MyPaint’s brush engine (though when I tried it it was basically unusable), so maybe GIMP is interested in wooing artists? I guess we’ll see.
Ah, MyPaint. I gave it a try once. Once.
It’s a shame, really. It sounds pretty great: specifically built for drawing, has very powerful brushes, supports an infinite canvas, supports canvas rotation, has a simple UI that gets out of your way. Perfect.
Or so it seems. But in MyPaint’s eagerness to shed unnecessary raster editing tools, it forgot a few of the more useful ones. Like selections.
MyPaint has no notion of a selection, nor of copy/paste. If you want to move a head to align better to a body, for example, the sanctioned approach is to duplicate the layer, erase the head from the old layer, erase everything but the head from the new layer, then move the new layer.
I can’t find anything that resembles HSL adjustment, either. I guess the workaround for that is to create H/S/L layers and floodfill them with different colors until you get what you want.
I can’t work seriously without these basic editing tools. I could see myself doodling in MyPaint, but Krita works just as well for doodling as for serious painting, so I’ve never gone back to it.
Drawpile is the modern equivalent to OpenCanvas, I suppose? It lets multiple people draw on the same canvas simultaneously. (I would not recommend it as a general-purpose raster editor.)
It’s a little clunky in places — I sometimes have bugs where keyboard focus gets stuck in the chat, or my tablet cursor becomes invisible — but the collaborative part works surprisingly well. It’s not a brush powerhouse or anything, and I don’t think it allows textured brushes, but it supports tablet pressure and canvas rotation and locked alpha and selections and whatnot.
I’ve used it a couple times, and it’s worked well enough that… well, other people made pretty decent drawings with it? I’m not sure I’ve managed yet. And I wouldn’t use it single-player. Still, it’s fun.
Aseprite is for pixel art so it doesn’t really belong here at all. But it’s very good at that and I like it a lot.
I can’t name any other serious contender that exists for Linux.
I’m dimly aware of a thing called “Photo Shop” that’s more intended for photos but functions as a passable painter. More artists seem to swear by Paint Tool SAI and Clip Studio Paint. Also there’s Paint.NET, but I have no idea how well it’s actually suited for painting.
And that’s it! That’s all I’ve got. Krita for drawing, GIMP for editing, Drawpile for collaborative doodling.
Post Syndicated from Alex Bate original https://www.raspberrypi.org/blog/mira-robot-alonso-martinez/
The staff of Pi Towers are currently melting into puddles while making ‘Aaaawwwwwww’ noises as Mira, the adorable little Pi-controlled robot made by Pixar 3D artist Alonso Martinez, steals their hearts.
If you want to get updates on Mira’s progress, sign up for the mailing list! http://eepurl.com/bteigD Mira is a desk companion that makes your life better one smile at a time. This project explores human robot interactivity and emotional intelligence. Currently Mira uses face tracking to interact with the users and loves playing the game “peek-a-boo”.
Honestly, I can’t type words – I am but a puddle! If I could type at all, I would only produce a stream of affectionate fragments. Imagine walking into a room full of kittens. What you would sound like is what I’d type.
No! I can do this. I’m a professional. I write for a living! I can…
SHE BLINKS OHMYAAAARGH!!!
Introducing Mira (I promise I can do this)
Right. I’ve had a nap and a drink. I’ve composed myself. I am up for this challenge. As long as I don’t look directly at her, I’ll be fine!
Here I go.
As one of the many über-talented 3D artists at Pixar, Alonso Martinez knows a thing or two about bringing adorable-looking characters to life on screen. However, his work left him wondering:
In movies you see really amazing things happening but you actually can’t interact with them – what would it be like if you could interact with characters?
So with the help of his friends Aaron Nathan and Vijay Sundaram, Alonso set out to bring the concept of animation to the physical world by building a “character” that reacts to her environment. His experiments with robotics started with Gertie, a ball-like robot reminiscent of his time spent animating bouncing balls when he was learning his trade. From there, he moved on to Mira.
Mira swivels to follow a person’s face, plays games such as peekaboo, shows surprise when you finger-shoot her, and giggles when you give her a kiss.
Mira’s inner workings
To get Mira to turn her head in three dimensions, Alonso took inspiration from the Microsoft Sidewinder Pro joystick he had as a kid. He purchased one on eBay, took it apart to understand how it works, and replicated its mechanism for Mira’s Raspberry Pi-powered innards.
Mira’s axis of 3D-printed parts moves via tiny Power HD DSM44 servos, while a camera and OpenCV handle face-tracking, and a single NeoPixel provides a range of colours to indicate her emotions. As for the blinking eyes? Two OLED screens boasting acrylic domes fit within the few millimeters between all the other moving parts.
More on Mira, including her history and how she works, can be found in this wonderful video released by Tested this week.
We’re gushing with grins and delight at the sight of these adorable animated robots created by artist Alonso Martinez. Sean chats with Alonso to learn how he designed and engineered his family of robots, using processes like 3D printing, mold-making, and silicone casting. They’re amazing!
You can also sign up for Alonso’s newsletter here to stay up-to-date about this little robot. Hopefully one of these newsletters will explain how to buy or build your own Mira, as I for one am desperate to see her adorable little face on my desk every day for the rest of my life.
Post Syndicated from Alex Bate original https://www.raspberrypi.org/blog/12-months-raspberry-pi/
This weekend saw my first anniversary at Raspberry Pi, and this blog marks my 100th post written for the company. It would have been easy to let one milestone or the other slide had they not come along hand in hand, begging for some sort of acknowledgement.
So here it is!
Joining the crew
Prior to my position in the Comms team as Social Media Editor, my employment history was largely made up of retail sales roles and, before that, bit parts in theatrical backstage crews. I never thought I would work for the Raspberry Pi Foundation, despite its firm position on my Top Five Awesome Places I’d Love to Work list. How could I work for a tech company when my knowledge of tech stretched as far as dismantling my Game Boy when I was a kid to see how the insides worked, or being the one friend everyone went to when their phone didn’t do what it was meant to do? I never thought about the other side of the Foundation coin, or how I could find my place within the hidden workings that turned the cogs that brought everything together.
… when suddenly, as if out of nowhere, a new job with a dream company. #raspberrypi #positive #change #dosomething
12 Likes, 1 Comments – Alex J’rassic (@thealexjrassic) on Instagram: “… when suddenly, as if out of nowhere, a new job with a dream company. #raspberrypi #positive…”
A little luck, a well-written though humorous resumé, and a meeting with Liz and Helen later, I found myself the newest member of the growing team at Pi Towers.
Ticking items off the Bucket List
I thought it would be fun to point out some of the chances I’ve had over the last twelve months and explain how they fit within the world of Raspberry Pi. After all, we’re about more than just a $35 credit card-sized computer. We’re a charitable Foundation made up of some wonderful and exciting projects, people, and goals.
High altitude ballooning (HAB)
Skycademy offers educators in the UK the chance to come to Pi Towers Cambridge to learn how to plan a balloon launch, build a payload with onboard Raspberry Pi and Camera Module, and provide teachers with the skills needed to take their students on an adventure to near space, with photographic evidence to prove it.
All the screens you need to hunt balloons. . We have our landing point and are now rushing to Therford to find the payload in a field. . #HAB #RasppberryPi
332 Likes, 5 Comments – Raspberry Pi (@raspberrypifoundation) on Instagram: “All the screens you need to hunt balloons. . We have our landing point and are now rushing to…”
I was fortunate enough to join Sky Captain James, along with Dan Fisher, Dave Akerman, and Steve Randell on a test launch back in August last year. Testing out new kit that James had still been tinkering with that morning, we headed to a field in Elsworth, near Cambridge, and provided Facebook Live footage of the process from payload build to launch…to the moment when our balloon landed in an RAF shooting range some hours later.
Having enjoyed watching Blue Peter presenters send up a HAB when I was a child, I marked off the event on my bucket list with a bold tick, and I continue to show off the photographs from our Raspberry Pi as it reached near space.
Spend the day launching/chasing a high-altitude balloon. Look how high it went!!! #HAB #ballooning #space #wellspacekinda #ish #photography #uk #highaltitude
13 Likes, 2 Comments – Alex J’rassic (@thealexjrassic) on Instagram: “Spend the day launching/chasing a high-altitude balloon. Look how high it went!!! #HAB #ballooning…”
Dear Raspberry Pi Friends…
My desk is slowly filling with stuff: notes, mementoes, and trinkets that find their way to me from members of the community, both established and new to the life of Pi. There are thank you notes, updates, and more from people I’ve chatted to online as they explore their way around the world of Pi.
By plugging myself into social media on a daily basis, I often find hidden treasures that go unnoticed due to the high volume of tags we receive on Facebook, Twitter, Instagram, and so on. Kids jumping off chairs in delight as they complete their first Scratch project, newcomers to the Raspberry Pi shedding a tear as they make an LED blink on their kitchen table, and seasoned makers turning their hobby into something positive to aid others.
It’s wonderful to join in the excitement of people discovering a new skill and exploring the community of Raspberry Pi makers: I’ve been known to shed a tear as a result.
Meeting educators at Bett, chatting to teen makers at makerspaces, and sharing a cupcake or three at the birthday party have been incredible opportunities to get to know you all.
You’re all brilliant.
The Queens of Robots, both shoddy and otherwise
Last year we welcomed the Queen of Shoddy Robots, Simone Giertz to Pi Towers, where we chatted about making, charity, and space while wandering the colleges of Cambridge and hanging out with flat Tim Peake.
Queen of Robots @simonegiertz came to visit #PiTowers today. We hung out with cardboard @astro_timpeake and ate chelsea buns at @fitzbillies #Cambridge. . We also had a great talk about the educational projects of the #RaspberryPi team, #AstroPi and how not enough people realise we’re a #charity. . If you’d like to learn more about the Raspberry Pi Foundation and the work we do with #teachers and #education, check out our website – www.raspberrypi.org. . How was your day? Get up to anything fun?
597 Likes, 3 Comments – Raspberry Pi (@raspberrypifoundation) on Instagram: “Queen of Robots @simonegiertz came to visit #PiTowers today. We hung out with cardboard…”
And last month, the wonderful Estefannie ‘Explains it All’ de La Garza came to hang out, make things, and discuss our educational projects.
Ahhhh!!! I still can’t believe I got to hang out and make stuff at the @Raspberry_Pi towers!! Thank you thank you!!
Meeting such wonderful, exciting, and innovative YouTubers was a fantastic inspiration to work on my own projects and to try to do more to help others discover ways to connect with tech through their own interests.
Those ‘wow’ moments
Every Raspberry Pi project I see on a daily basis is awesome. The moment someone takes an idea and does something with it is, in my book, always worthy of awe and appreciation. Whether it be the aforementioned flashing LED, or sending Raspberry Pis to the International Space Station, if you have turned your idea into reality, I applaud you.
Some of my favourite projects over the last twelve months have not only made me say “Wow!”, they’ve also inspired me to want to do more with myself, my time, and my growing maker skill.
Great to meet @alexjrassic today and nerd out about @Raspberry_Pi and weather balloons and @Space_Station and all things #edtech ⛅🛰🤖
Projects such as Museum in a Box, a wonderful hands-on learning aid that brings the world to the hands of children across the globe, honestly made me tear up as I placed a miniaturised 3D-printed Virginia Woolf onto a wooden box and gasped as she started to speak to me.
Jill Ogle’s Let’s Robot project had me in awe as Twitch-controlled Pi robots tackled mazes, attempted to cut birthday cake, or swung to slap Jill in the face over webcam.
@SryAbtYourCats @tekn0rebel @Beam Lol speaking of faces… https://t.co/1tqFlMNS31
Every day I discover new, wonderful builds that both make me wish I’d thought of them first, and leave me wondering how they manage to make them work in the first place.
We have Raspberry Pis in space. SPACE. Actually space.
New post: Mission accomplished for the European @astro_pi challenge and @esa @Thom_astro is on his way home https://t.co/ycTSDR1h1Q
Twelve months later, this still blows my mind.
And let’s not forget…
- The chance to visit both the Houses of Parliment and St James’s Palace
- Going to a Doctor Who pre-screening and meeting Peter Capaldi, thanks to Clare Sutcliffe
13 Likes, 2 Comments – Alex J’rassic (@thealexjrassic) on Instagram: “There’s no need to smile when you’re #DoctorWho.”
- Going to VidCon!
We’re here. Where are you? . . . . . #raspberrypi #vidconeu #vidcon #pizero #zerow #travel #explore #adventure #youtube
1,944 Likes, 30 Comments – Raspberry Pi (@raspberrypifoundation) on Instagram: “We’re here. Where are you? . . . . . #raspberrypi #vidconeu #vidcon #pizero #zerow #travel #explore…”
- Making a GIF Cam and other builds, and sharing them with you all via the blog
Made a Gif Cam using a Raspberry Pi, Pi camera, button and a couple LEDs. . When you press the button, it takes 8 images and stitches them into a gif file. The files then appear on my MacBook. . Check out our Twitter feed (Raspberry_Pi) for examples! . Next step is to fit it inside a better camera body. . #DigitalMaking #Photography #Making #Camera #Gif #MakersGonnaMake #LED #Creating #PhotosofInstagram #RaspberryPi
19 Likes, 1 Comments – Alex J’rassic (@thealexjrassic) on Instagram: “Made a Gif Cam using a Raspberry Pi, Pi camera, button and a couple LEDs. . When you press the…”
The next twelve months
Despite Eben jokingly firing me near-weekly across Twitter, or Philip giving me the ‘Dad glare’ when I pull wires and buttons out of a box under my desk to start yet another project, I don’t plan on going anywhere. Over the next twelve months, I hope to continue discovering awesome Pi builds, expanding on my own skills, and curating some wonderful projects for you via the Raspberry Pi blog, the Raspberry Pi Weekly newsletter, my submissions to The MagPi Magazine, and the occasional video interview or two.
It’s been a pleasure. Thank you for joining me on the ride!
The post “Only a year? It’s felt like forever”: a twelve-month retrospective appeared first on Raspberry Pi.
Post Syndicated from Natalie C original https://www.backblaze.com/blog/managing-a-remote-workforce/
While Backblaze has customers all around the globe, the company itself is a pretty small enterprise with just over 50 employees. Many of those employees are actually remote. 75% of Backblaze employees work from the main Backblaze office (San Mateo), 15% are datacenter employees, and 10% working remotely full-time.
Many companies that were the pioneers with flexible work arrangements are now pulling back and asking their employees to report into an office. Why? Some part of that is due to not knowing how to manage these types of employees and belief that having an employee in the office, will improve work performance.
At Backblaze, we think that managing our diverse workforce is certainly a challenge… but, as the saying goes, the juice is worth the squeeze.
Communication is Key
When Backblaze first started, everyone worked out of the same room. Being 5’ away from someone tends to make communication easy (sometimes too easy). The first datacenter was just a few miles away, so if we needed to do something in it, we’d just hop in a car and drive over – calling co-workers from our cell-phones if we needed some help or guidance. Now, things have changed slightly and we use a lot of different tools to talk amongst ourselves.
It started with emails, then morphed into Gchat, then to Google Hangouts, and now we have a whole suite of communication tools. We use Hangouts and Slack to chat internally, Meet for video conferencing to bridge remote employees, , and good old fashioned telephones when the need arises. Tools like Trello, Redbooth, and Jira can help project manage as well – making sure that everyone stays on the same page.
For HR related needs, we use a variety of tools/perks to simplify employees lives whether they are at the office or at home enjoying time with their families. These tools include an Human Resource Information System (“HRIS”) called Namely, Expensify (expenses), Eshares (stock), Fond (perks) and Heal.
The most popular tool we use is Slack. Each department, location, product, and support group have their own Channel. We also have social channels where all the GIFs and news links live. Slack also has the added benefit of allowing us to limit what information is discussed where. For example, contract employees do not have access to channels that go beyond their scope and focus areas.
Solve for Culture, not Offsite v Onsite
One of the keys to managing a remote workforce is realizing that you’re solving for overall culture. It’s not about whether any group of employees are in office X or Y. The real question is: Are we creating an environment where we remove the friction from people performing their roles? There are follow-up questions like “do we have the right roles defined?” and “do we have people in roles where they will succeed?”. But by looking at managing our workforce from that point of view, it makes it easier to identify what tools and resources we need to be successful.
There’s no right way to manage remote employees. Every work environment is different and the culture, available technology, and financial capability affects how employees can interact. Backblaze went through a ton of iterations before we found the right tools for what we were trying to accomplish, and we’re constantly evolving and experimenting. But we have found some consistent patterns…
Nothing Beats Human Interaction
Even with all of the communication tools at our disposal, getting together in person is still the best way to get through projects and make sure everyone is on the same page. While having group meetings via Slack and Meet are great for planning, inevitably something will fall through the cracks or get lost in cyberspace due to poor connections. We combat this by having all of our remote employees come to the main office once every two months. When we hired our first remote engineers this was a once-a-month visit, but as we got more accustomed to working together and over the web, we scaled it back.
These visits allow our engineers to be in the office, be part of meetings that they’d otherwise miss, and meet any new employees we’ve hired. We think it’s important for people to know who they’re working with, and we love that everyone at Backblaze knows (or at least recognizes) each other. We also plan our company outings around these visits, and this brings about a great company culture since we get a chance to be out of the office together and interact socially – which is a lot more fun than interacting professionally.
Don’t Fear HR
When you have a small workforce, duties can sometimes be divided amongst a variety of people – even if those duties don’t pertain to their ‘day job’. Having a full-time HR person allowed folks to jettison some of their duties, and allowed them to get back to their primary job functions. It also allowed HR to handle delicate matters, many of which were amongst the most dreaded for folks who were covering some of the responsibilities.
What we’ve found in creating the full-time HR role for our remote workforce was that we finally had an expert on all HR-related things. This meant that we had someone who knew the laws of the land inside and out and could figure out how the different healthcare systems worked in the states where our employees reside (no small feat).
But Why Bother?
There is a principle question that we haven’t yet addressed: Why do we even have remote employees? This gets back to the idea of looking at the culture and environment first. At Backblaze, we look to hire the right person. There are costs to having remote employees, but if they are the right person for the role (when accounting for the “costs”), then that’s the right thing to do. Backblaze is performance driven, not based off of attendance and how long you stay at the office. I believe the you need a balance of both office work as well as remote to allow the employee to be most productive. But every company and setting is different; so experiments need to take place to figure out what would be the perfect blend for your team atmosphere.
Post Syndicated from Andy original https://torrentfreak.com/was-the-disney-movie-hacking-ransom-a-giant-hoax-170524/
The hackers allegedly said they’d keep the leak private if Disney paid them a ransom. In response, Disney indicated that it had no intention of paying. Setting dangerous precedents in this area is unwise, the company no doubt figured.
After Hollywood Reporter broke the news, Deadline followed up with a report which further named the movie as ‘Pirates of the Caribbean: Dead Men Tell No Tales’, a fitting movie to parallel an emerging real-life swashbuckling plot, no doubt.
What the Deadline article didn’t do was offer any proof that Pirates 5 was the movie in question. Out of the blue, however, it did mention that a purported earlier leak of The Last Jedi had been revealed by “online chatter” to be a fake. Disney refused to comment.
Armed with this information, TF decided to have a dig around. Was Pirates 5 being discussed within release groups as being available, perhaps? Initially, our inquiries drew a complete blank but then out of the blue we found ourselves in conversation with the person claiming to be the Disney ‘hacker’.
“I can provide the original emails sent to Disney as well as some other unknown details,” he told us via encrypted mail.
We immediately asked several questions. Was the movie ‘Pirates 5’? How did he obtain the movie? How much did he try to extort from Disney? ‘EMH,’ as we’ll call him, quickly replied.
“It’s The Last Jedi. Bob Iger never made public the title of the film, Deadline was just going off and naming the next film on their release slate,” we were told. “We demanded 2BTC per month until September.”
TF was then given copies of correspondence that EMH had been having with numerous parties about the alleged leak. They included discussions with various release groups, a cyber-security expert, and Disney.
As seen in the screenshot, the email was purportedly sent to Disney on May 1. The Hollywood Reporter article, published two weeks later, noted the following;
“The Disney chief said the hackers demanded that a huge sum be paid in Bitcoin. They said they would release five minutes of the film at first, and then in 20-minute chunks until their financial demands are met,” HWR wrote.
While the email to Disney looked real enough, the proof of any leaked pudding is in the eating. We asked EMH how he had demonstrated to Disney that he actually has the movie in his possession. Had screenshots or clips been sent to the company? We were initially told they had not (plot twists were revealed instead) so this immediately raised suspicions.
Nevertheless, EMH then went on to suggest that release groups had shown interest in the copy and he proved that by forwarding his emails with them to TF.
“Make sure they know there is still work to be done on the CGI characters. There are little dots on their faces that are visible. And the colour grading on some scenes looks a little off,” EMH told one group, who said they understood.
“They all understand its not a completed workprint.. that is why they are sought after by buyers.. exclusive stuff nobody else has or can get,” they wrote back.
“That why they pay big $$$ for it.. a completed WP could b worth $25,000,” the group’s unedited response reads.
But despite all the emails and discussion, we were still struggling to see how EMH had shown to anyone that he really had The Last Jedi. We then learned, however, that screenshots had been sent to blogger Sam Braidley, a Cyber Security MSc and Computer Science BSc Graduate.
Since the information sent to us by EMH confirmed discussion had taken place with Braidley concerning the workprint, we contacted him directly to find out what he knew about the supposed Pirates 5 and/or The Last Jedi leak. He was very forthcoming.
“A user going by the username of ‘Darkness’ commented on my blog about having a leaked copy of The Last Jedi from a contact he knew from within Lucas Films. Of course, this garnered a lot of interest, although most were cynical of its authenticity,” Braidley explained.
The claim that ‘Darkness’ had obtained the copy from a contact within Lucas was certainly of interest ,since up to now the press narrative had been that Disney or one of its affiliates had been ‘hacked.’
After confirming that ‘Darkness’ used the same email as our “EMH,” we asked EMH again. Where had the movie been obtained from?
“Wasn’t hacked. Was given to me by a friend who works at a post production company owned by [Lucasfilm],” EMH said. After further prompting he reiterated: “As I told you, we obtained it from an employee.”
If they weren’t ringing loudly enough already, alarm bells were now well and truly clanging. Who would reveal where they’d obtained a super-hot leaked movie from when the ‘friend’ is only one step removed from the person attempting the extortion? Who would take such a massive risk?
Braidley wasn’t buying it either.
“I had my doubts following the recent [Orange is the New Black] leak from ‘The Dark Overlord,’ it seemed like someone trying to live off the back of its press success,” he said.
Braidley told TF that Darkness/EMH seemed keen for him to validate the release, as a member of a well-known release group didn’t believe that it was real, something TF confirmed with the member. A screenshot was duly sent over to Braidley for his seal of approval.
“The quality was very low and the scene couldn’t really show that it was in fact Star Wars, let alone The Last Jedi,” Braidley recalls, noting that other screenshots were considered not to be from the movie in question either.
Nevertheless, Darkness/EMH later told Braidley that another big release group had only declined to release the movie due to the possiblity of security watermarks being present in the workprint.
Since no groups had heard of a credible Pirates 5 leak, the claims that release groups were in discussion over the leaking of The Last Jedi intrigued us. So, through trusted sources and direct discussion with members, we tried to learn more.
While all groups admitted being involved or at least being aware of discussions taking place, none appeared to believe that a movie had been obtained from Disney, was being held for ransom, or would ever be leaked.
“Bullshit!” one told us. “Fake news,” said another.
With not even well-known release groups believing that leaks of The Last Jedi or Pirates 5 are anywhere on the horizon, that brought us full circle to the original statement by Disney chief Bob Iger claiming that a movie had been stolen.
What we do know for sure is that everything reported initially by Hollywood Reporter about a ransom demand matches up with statements made by Darkness/EMH to TorrentFreak, Braidley, and several release groups. We also know from copy emails obtained by TF that the discussions with the release groups took place well before HWR broke the story.
With Disney not commenting on the record to either HWR or Deadline (publications known to be Hollywood-friendly) it seemed unlikely that TF would succeed where they had failed.
So, without comprimising any of our sources, we gave a basic outline of our findings to a previously receptive Disney contact, in an effort to tie Darkness/EMH with the email address that he told us Disney already knew. Predictably, perhaps, we received no response.
At this point one has to wonder. If no credible evidence of a leak has been made available and the threats to leak the movie haven’t been followed through on, what was the point of the whole affair?
Money appears to have been the motive, but it seems likely that none will be changing hands. But would someone really bluff the leaking of a movie to a company like Disney in order to get a ‘ransom’ payment or scam a release group out of a few dollars? Perhaps.
Braidley informs TF that Darkness/EMH recently claimed that he’d had the copy of The Last Jedi since March but never had any intention of leaking it. He did, however, need money for a personal matter involving a family relative.
With this in mind, we asked Darkness/EMH why he’d failed to carry through with his threats to leak the movie, bit by bit, as his email to Disney claimed. He said there was never any intention of leaking the movie “until we are sure it wont be traced back” but “if the right group comes forward and meets our strict standards then the leak could come as soon as 2-3 weeks.”
With that now seeming increasingly unlikely (but hey, you never know), this might be the final chapter in what turns out to be the famous hacking of Disney that never was. Or, just maybe, undisclosed aces remain up sleeves.
“Just got another comment on my blog from [Darkness],” Braidley told TF this week. “He now claims that the Emoji movie has been leaked and is being held to ransom.”
Simultaneously he was telling TF the same thing. ‘Hacking’ announcement from Sony coming soon? Stay tuned…..
Fancy yourself as James Bond? In honour of English treasure Roger Moore, we think it’s high time we all became a little more MI5 and a little less MIDoneYet?
It’s been a while and M is worried you’re a little…rusty. Best head back to training: go see Q. He has everything you need to get back in shape, both physically and mentally, for the challenges ahead!
Q here, good to have you back.
First thing’s first: we need to work on your skills and get you ready for your next assignment. Let’s start with your reaction times. This skill is critical in getting you prepared for stealthy situations and averting detection.
Head into my office and grab a Raspberry Pi, LED, and a button to build your own Python Quick Reaction Game. Not only will it help you brush up on your quick thinking, it’ll also teach you how to wire a circuit, use variables, and gather information. This could be key in getting you out of some sticky situations further down the line if you find yourself without one of my gadgets.
Though speaking of…have you seen our See Like a Bat echolocation device? I’m rather proud of it, even if I do say so myself. Now, even in the darkest of times, you can find your way through any building or maze.
We’ll need you to gather some important information for us. But what can you do to make sure no one steals your secret intel? We need you to build a Secret Agent Chat Generator to encrypt information. Once you have completed it, send the information to M via this Morse Code Visual Radio.
Do do this, you’ll need a Morse Code Key. You can find them online or at your local war museum, though they may not care for your taking theirs. But we’re spies. And spies are experts in taking forbidden artefacts. After all, this is what your Laser Tripwire training was for. Oh, you haven’t completed it yet?
Well, get to it. Time’s a-wasting!
Locks and Detection
You’re done? Good. Back to the intel.
Until you can find a Morse Code Key, why not hide the information in this Sense HAT Puzzle Box. It’s a wonderful tool to help you learn how to create loops and use conditional statements and functions to create ‘locks’.
You’ll also need to…wait…did you hear that? Someone is listening in, I’m sure of it. Check the Parent Detector to see who is trying to spy on us.
Are they gone? Good. Phew, that was a close one. We can’t be so careless in the future. Let’s set up a Raspberry Pi Zero Time-Lapse Camera for constant surveillance of the training camp. You could also attach the camera to your glasses. No one will notice, and you’ll be able to record images of your missions – vital for debriefing.
James Bond seal of approval
Right. That’s all from me. Report back to M for your mission. And remember, this blog post will self-destruct in five…wait, wrong franchise.
Other Raspberry Pi/James Bond puns include:
- Live and Let Pi
- GoldenPi – Starring Pi-s Brosnan
- You Only Live Pi-ce
- Tomorrow Never Pis
- Pi Another Day
- Pi-monds Are Forever
- For Your Pis Only
Several times each month, I speak to AWS customers at our Executive Briefing Center in Seattle. I describe our innovation process and talk about how the roadmap for each AWS offering is driven by customer requests and feedback.
A good example of this is our work to make AWS a great home for SAP’s portfolio of business solutions. Over the years our customers have told us that they run large-scale SAP applications in production on AWS and we’ve worked hard to provide them with EC2 instances that are designed to accommodate their workloads. Because SAP installations are unfailingly mission-critical, SAP certifies their products for use on certain EC2 instance types and sizes. We work directly with SAP in order to achieve certification and to make AWS a robust & reliable host for their products.
Here’s a quick recap of some of our most important announcements in this area:
June 2012 – We expanded the range of SAP-certified solutions that are available on AWS.
October 2012 – We announced that the SAP HANA in-memory database is now available for production use on AWS.
March 2014 – We announced that SAP HANA can now run in production form on cr1.8xlarge instances with up to 244 GB of memory, with the ability to create test clusters that are even larger.
October 2015 – We announced the x1.32xlarge instances with 2 TB of memory, designed to run SAP HANA, Microsoft SQL Server, Apache Spark, and Presto.
August 2016 – We announced that clusters of X1 instances can now be used to create production SAP HANA clusters with up to 7 nodes, or 14 TB of memory.
October 2016 – We announced the x1.16xlarge instance with 1 TB of memory.
January 2017 – SAP HANA was certified for use on r4.16xlarge instances.
Today, customers from a broad collection of industries run their SAP applications in production form on AWS (the SAP and Amazon Web Services page has a long list of customer success stories).
My colleague Bas Kamphuis recently wrote about Navigating the Digital Journey with SAP and the Cloud (registration required). He discusses the role of SAP in digital transformation and examines the key characteristics of the cloud infrastructure that support it, while pointing out many of the advantages that the cloud offers in comparison to other hosting options. Here’s how he illustrates these advantages in his article:
- Bigger SAP HANA Clusters – You can now build scale-out SAP HANA clusters with up to 17 nodes (34 TB of memory).
- 4 TB Instances – The upcoming x1e.32xlarge instances will offer 4 TB of memory.
- 8 – 16 TB Instances – Instances with up to 16 TB of memory are in the works.
Let’s dive in!
Building Bigger SAP HANA Clusters
I’m happy to announce that we have been working with SAP to certify the x1.32large instances for use in scale-out clusters with up to 17 nodes (34 TB of memory). This is the largest scale-out deployment available from any cloud provider today, and allows our customers to deploy very large SAP workloads on AWS (visit the SAP HANA Hardware directory certification for the x1.32xlarge instance to learn more). To learn how to architect and deploy your own scale-out cluster, consult the SAP HANA on AWS Quick Start.
Extending the Memory-Intensive X1 Family
We will continue to invest in this and other instance families in order to address your needs and to give you a solid growth path.
Later this year we plan to make the x1e.32xlarge instances available in several AWS regions, in both On-Demand and Reserved Instance form. These instances will offer 4 TB of DDR4 memory (twice as much as the x1.32xlarge), 128 vCPUs (four 2.3 GHz Intel® Xeon® E7 8880 v3 processors), high memory bandwidth, and large L3 caches. The instances will be VPC-only, and will deliver up to 20 Gbps of network banwidth using the Elastic Network Adapter while minimizing latency and jitter. They’ll be EBS-optimized by default, with up to 14 Gbps of dedicated EBS throughput.
Here are some screen shots from the shell. First,
dmesg shows the boot-time kernel message:
lscpu shows the vCPU & socket count, along with many other interesting facts:
top shows nearly 900 processes:
Here’s the view from within HANA Studio:
This new instance, along with the certification for larger clusters, broadens the set of scale-out and scale-up options that you have for running SAP on EC2, as you can see from this diagram:
The Long-Term Memory-Intensive Roadmap
Because we know that planning large-scale SAP installations can take a considerable amount of time, I would also like to share part of our roadmap with you.
Today, customers are able to run larger SAP HANA certified servers in third party colo data centers and connect them to their AWS infrastructure via AWS Direct Connect, but customers have told us that they really want a cloud native solution like they currently get with X1 instances.
In order to meet this need, we are working on instances with even more memory! Throughout 2017 and 2018, we plan to launch EC2 instances with between 8 TB and 16 TB of memory. These upcoming instances, along with the x1e.32xlarge, will allow you to create larger single-node SAP installations and multi-node SAP HANA clusters, and to run other memory-intensive applications and services. It will also provide you with some scale-up headroom that will become helpful when you start to reach the limits of the smaller instances.
I’ll share more information on our plans as soon as possible.
Say Hello at SAPPHIRE
The AWS team will be in booth 539 at SAPPHIRE with a rolling set of sessions from our team, our customers, and our partners in the in-booth theater. We’ll also be participating in many sessions throughout the event. Here’s a sampling (see SAP SAPPHIRE NOW 2017 for a full list):
SAP Solutions on AWS for Big Businesses and Big Workloads – Wednesday, May 17th at Noon. Bas Kamphuis (General Manager, SAP, AWS) & Ed Alford (VP of Business Application Services, BP).
Break Through the Speed Barrier When You Move to SAP HANA on AWS – Wednesday, May 17th at 12:30 PM – Paul Young (VP, SAP) and Saul Dave (Senior Director, Enterprise Systems, Zappos).
AWS Fireside Chat with Zappos (Rapid SAP HANA Migration: Real Results) – Thursday, May 18th at 11:00 AM – Saul Dave (Senior Director, Enterprise Systems, Zappos) and Steve Jones (Senior Manager, SAP Solutions Architecture, AWS).
Post Syndicated from Tara Walker original https://aws.amazon.com/blogs/aws/aws-is-streaming-live-on-twitch/
Twitch is one of the leading community streaming video platforms today for developers, gamers, and the artists. Each day, millions visit Twitch to watch and discuss their passions by joining live sessions with other passionate online streamers. Amazon Web Services has joined the fun by adding the AWS Twitch Channel this past November to bring the latest AWS technologies to the Twitch audience. The AWS Twitch Channel hosts weekly live interactive coding and maker sessions targeted toward all levels of cloud enthusiasts. For more information on upcoming episodes, past broadcasts, or to meet the team, visit https://aws.amazon.com/twitch/.
The AWS Twitch channel will have multiple shows throughout the year, each with various themes, broadcasters, and topics. Currently, there are two shows available for you to tune into; Live Coding with AWS and AWS Maker Studio show.
The Live Coding with AWS show features fellow technical evangelists; Randall Hunt, Julio Faerman, and Abby Fuller building apps and solutions covering practically every AWS service from the perspective of the developer. What’s great about being part of the Twitch audience for the show is that you drive the direction of the broadcast. Additionally, guests from Amazon, AWS, and the community will join our Twitch hosts to talk about cool new projects and implementations built on the AWS platform.
The AWS Maker Studio show premieres on May 17th and will cover projects and solutions especially for the Maker in all of us. The hosts; Todd Varland, Trevor Hykes, and Anupam Mishra will be building a cloud-connected robot over the course of the first season. Watch the first episode to see the first steps, and consider following along and building your own robot.
This May, there are several exciting Twitch sessions that we invite you to join, build, code, and make with us. This month’s schedule is as follows:
Live Coding with AWS
Wednesday, May 10
Presenter: Randall Hunt
2:00 PM PT – Building Chatbots with Lex
Thursday, May 11
Presenter: Julio Faerman
8:00 AM PT – Machine Learning
Friday, May 19
Presenter: Julio Faerman
8:00 AM PT – Cloud Concepts Review
AWS Maker Studio
Wednesday, May 17
4:30 PM PT – Build your First Cloud Connected Robot
Wednesday, May 24
4:30 PM PT – Sensing the Environment for your First Robot
Wednesday, May 31
4:30 PM PT – Connecting Your Robot to the Cloud
If you are interested the latest in AWS technologies or interested in connecting with other developers in the community, tune in each week on https://twitch.tv/aws for interactive live coding with AWS experts. Also, don’t worry if you happen to miss a session, several episodes are available on demand.
We would love for you all to join the Twitch community by tuning into Twitch and the AWS Twitch Channel to stream, view, and interact with other developers, gamers, and makers while building in the cloud with us!
Hope to see you on the stream!
Post Syndicated from Tara Walker original https://aws.amazon.com/blogs/aws/aws-online-tech-talks-may-2017/
Spring has officially sprung. As you enjoy the blossoming of May flowers, it may be worthy to also note some of the great tech talks blossoming online during the month of May. This month’s AWS Online Tech Talks features sessions on topics like AI, DevOps, Data, and Serverless just to name a few.
May 2017 – Schedule
Below is the upcoming schedule for the live, online technical sessions scheduled for the month of May. Make sure to register ahead of time so you won’t miss out on these free talks conducted by AWS subject matter experts. All schedule times for the online tech talks are shown in the Pacific Time (PDT) time zone.
Webinars featured this month are:
Monday, May 15
9:00 AM – 10:00 AM: Integrate Your Amazon Lex Chatbot with Any Messaging Service
Tuesday, May 16
10:30 AM – 11:30 AM: Deep Dive on Amazon EC2 F1 Instance
12:00 Noon – 1:00 PM: How to Connect Your Own Creations with AWS IoT
Wednesday, May 17
9:00 AM – 10:00 AM: OpsWorks for Chef Automate – Automation Made Easy!
10:30 AM – 11:30 AM: Serverless Orchestration with AWS Step Functions
Enterprise & Hybrid
12:00 Noon – 1:00 PM: Moving to the AWS Cloud: An Overview of the AWS Cloud Adoption Framework
Thursday, May 18
9:00 AM – 10:00 AM: Scaling Up Tenfold with Amazon EC2 Spot Instances
10:30 AM – 11:30 AM: Building Analytics Pipelines for Games on AWS
12:00 Noon – 1:00 PM: Serverless Big Data Analytics using Amazon Athena and Amazon QuickSight
Monday, May 22
9:00 AM – 10:00 AM: What’s New with Amazon Rekognition
10:30 AM – 11:30 AM: Building Serverless Web Applications
Tuesday, May 23
8:30 – 10:00 AM: Hands On Lab: Windows Workloads on AWS
10:30 AM – 11:30 AM: Streaming ETL for Data Lakes using Amazon Kinesis Firehose
12:00 Noon – 1:00 PM: Deep Dive: Continuous Delivery for AI Applications with ECS
Wednesday, May 24
9:00 – 10:00 AM: Moving Data into the Cloud with AWS Transfer Services
12:00 Noon – 1:00 PM: Building a CICD Pipeline for Container Deployment to Amazon ECS
Thursday, May 25
9:00 – 10:00 AM: Test Your Android App with Espresso and AWS Device Farm
Security & Identity
Tuesday, May 30
10:30 AM – 11:30 AM: Deep Dive on Amazon EC2 Elastic GPUs
Security & Identity
12:00 Noon – 1:00 PM: Securing Your AWS Infrastructure with Edge Services
Wednesday, May 31
8:30 – 10:00 AM: Hands On Lab: Introduction to Microsoft SQL Server in AWS
Enterprise & Hybrid
10:30 AM – 11:30 AM: Best Practices in Planning a Large-Scale Migration to AWS
12:00 Noon – 1:00 PM: Convert and Migrate Your NoSQL Database or Data Warehouse to AWS
The AWS Online Tech Talks series covers a broad range of topics at varying technical levels. These sessions feature live demonstrations & customer examples led by AWS engineers and Solution Architects. Check out the AWS YouTube channel for more on-demand webinars on AWS technologies.
Security updates have been issued by CentOS (bind, java-1.7.0-openjdk, qemu-kvm, and thunderbird), Debian (git, libtirpc, lxterminal, radicale, rpcbind, and xen), Fedora (batik, java-1.8.0-openjdk-aarch32, kernel, pcre, and weechat), Gentoo (ffmpeg, firefox, libav, and thunderbird), Red Hat (flash-plugin, jasper, java-1.6.0-ibm, java-1.7.1-ibm, java-1.8.0-ibm, and qemu-kvm), Scientific Linux (jasper and qemu-kvm), and Ubuntu (apache2, batik, fop, freetype, and rtmpdump).
Post Syndicated from Olympia Brown original https://www.raspberrypi.org/blog/pioneers-gives-you-squad-goals/
We’re two weeks into the second cycle of Pioneers, our programme to give teenagers a taste of digital making. Teenagers make amazing, ridiculous, awesome things when they are challenged to unleash their creativity using technology. In the first cycle, we had everything from a disco pen to a crotch-soaking water trap. Families and friends can take part, as well as clubs and schools: we call these informal Pioneers teams squads, and we’re hoping that lots will join this second round of the competition.
The creativity on display comes from allowing teenagers to approach a problem from whatever angle they choose. Pioneers has been designed so that it’s flexible and people can take part however they like. As well as making sure the challenge we set is as open as possible, we’re also pretty chilled about how teams participate: when and where the making gets done.
We’re delighted to see that lots of teenagers have been getting together with their mates, hanging out, and working out how they can best freak out their mum.
Make them laugh…
Some of the groups told us that they met at a regular time, and while there was a lot of chat, they’d also find some time to make some cool stuff. Others had some intense sessions over a couple of weekends (certain team members may or may not have been involved with extra bits of tinkering between sessions).
Getting involved in Pioneers
If you’ve got some teenagers lying about the house, why not see if they’d like to challenge themselves to make something linked to the outdoors? We’ve got some starter projects to give them a bit of inspiration, but they can respond to the challenge however they like, as long as they are using tech.
If you’re mentoring one of these informal Pioneers squads, you are probably mostly there to remind that they might want to meet up, and to prompt them to make their video in time for the deadline. You don’t need to be a tech expert in order to be a mentor, but if you’d like a confidence-booster, you could watch some of our videos to level up your skills. And if you do get stuck on something technical, you can ask for help on the Raspberry Pi forums.
For more information about working as a squad, or about mentoring one, check out our Pioneers page. We can’t wait to see what you come up with!
Post Syndicated from Jeff Barr original https://aws.amazon.com/blogs/aws/amazon-chime-update-use-your-existing-active-directory-claim-your-domain/
Since the launch, Amazon Chime has quickly become the communication tool of choice within the AWS team. I participate in multiple person-to-person and group chats throughout the day, and frequently “Chime In” to Amazon Chime-powered conferences to discuss upcoming launches and speaking opportunities.
Today we are adding two new features to Amazon Chime: the ability to claim a domain as your own and support for your existing Active Directory.
Claiming a Domain
Claiming a domain gives you the authority to manage Amazon Chime usage for all of the users in the domain. You can make sure that new employees sign up for Amazon Chime in an official fashion and you can suspend accounts for employees that leave the organization.
To claim a domain, you assert that you own a particular domain name and then back up the assertion by entering a TXT record to your domain’s DNS entry. You must do this for each domain and subdomain that your organization uses for email addresses.
Here’s how I would claim one of my own domains:
After I click on Verify this domain, Amazon Chime provides me with the record for my DNS:
After I do this, the domain’s status will change to Pending Verification. Once Amazon Chime has confirmed that the new record exists as expected, the status will change to Verified and the team account will become an enterprise account.
Active Directory Support
This feature allows your users to sign in to Amazon Chime using their existing Active Directory identity and credentials. After you have set it up, you can enable and take advantage of advanced AD security features such as password rotation, password complexity rules, and multi-factor authentication. You can also control the allocation of Amazon Chime’s Plus and Pro licenses on a group-by-group basis (check out Plans and Pricing to learn more about each type of license).
In order to use this feature, you must be using an Amazon Chime enterprise account. If you are using a team account, follow the directions at Create an Enterprise Account before proceeding.
Then you will need to set up a directory with the AWS Directory Service. You have two options at this point:
- Use the AWS Directory Service AD Connector to connect to your existing on-premises Active Directory instance.
- Use Microsoft Active Directory, configured for standalone use. Read How to Create a Microsoft AD Directory for more information on this option.
After you have set up your directory, you can connect to it from within the Amazon Chime console by clicking on Settings and Active directory and choosing your directory from the drop-down:
After you have done this you can select individual groups within the directory and assign the appropriate subscriptions (Plus or Pro) on a group-by-group basis.
With everything set up as desired, your users can log in to Amazon Chime using their existing directory credentials.
These new features are available now and you can start using them today!
If you would like to learn more about Amazon Chime, you can watch the recent AWS Tech Talk: Modernize Meetings with Amazon Chime:
Post Syndicated from Rob Zwetsloot original https://www.raspberrypi.org/blog/aiy-voice-projects-kit-magpi-57-aftermath/
Hi folks, Rob here. It’s been a crazy day or so here over at The MagPi and Raspberry Pi as we try to answer all your questions and look at all the cool stuff you’re doing with the new AIY Voice Projects Kit that we bundled with issue 57. While it has been busy, it’s also been a lot of fun.
Got a question?
We know lots of you have got your hands on issue 57, but a lot more of you will have questions to ask. Here’s a quick FAQ before we go over the fun stuff you’ve been doing:
Which stores stock The MagPi in [insert country]?
The original edition of The MagPi is only currently stocked in bricks-and-mortar stores in the UK, Ireland, and the US:
- In the UK, you can find copies at WHSmith, Asda, Tesco, and Sainsbury’s
- In the US, you can find them at Barnes and Noble and at Micro Center
- In Ireland, we’re in Tesco and Easons
Unfortunately, this means you will find very little (if any) stock of issue 57 in stores in other countries. Even Canada (we’ve been asked this a lot!)…
The map below shows the locations to which stock has been shipped (please note, though, that this doesn’t indicate live stock):
My Barnes and Noble still only has issue 55!
Issue 57 should have been in Barnes & Noble stores yesterday, but stock sometimes takes a few days to spread and get onto shelves. Keep trying over the next few days. We’re skipping issue 56 in the US so you can get 57 at the same time (you’ll be getting the issues at the same time from now on).
If I start a new subscription, will I get issue 57?
Yes. We have limited copies for new subscribers. It’s available on all new print subscriptions. You need to specify that you want issue 57 when you subscribe.
Will you be restocking online?
We’re looking into it. If we manage to, keep an eye on our social media channels and the blog for more details.
Is there any way to get the AIY Voice Projects Kit on its own?
Not yet, but you can sign up to Google’s mailing list to be notified when they become available.
Rob asked us to do no evil with our Raspberry Pi: how legally binding is that?
Highest galactic law. Here is a picture of me pointing at you to remind you of this.
OK, with that out of the way, here’s the cool stuff!
AIY Voice Projects Kit builds
A lot of you built the kit very quickly, including Raspberry Pi Certified Educator Lorraine Underwood, who managed it before lunch.
Ha, cool. I made it! Top notch instructions and pics @TheMagP1 Not going to finish the whole thing before youngest is out of nursery. Gah!!
We love Andy Grimley’s shot as the HAT seems to be floating. We had no idea it could levitate!
This is awesome @TheMagP1 #AIYProjects
A few people reached out to tell us they were building it with children for their weekend project. These messages really are one of the best parts of our job.
What have people been making with it? Domhnall O’Hanlon made the basic assistant setup, and photographed it in the stunning surroundings of the National Botanic Gardens of Ireland:
Took my @Raspberry_Pi #AIYProjects on a field trip to the National Botanic Gardens. Thanks @TheMagP1! #edchatie #edtech https://t.co/f5dR9JBDEx
Friend of The MagPi David Pride has a cool idea:
@Raspberry_Pi @TheMagP1 Can feel a weekend mashup happening with the new #AIYProjects kit & my latest car boot find (the bird, not the cat!)
Check out Bastiaan Slee’s hack of an old IoT device:
@TheMagP1 I’ve given my Nabaztag a second life with #AIYProjects https://t.co/udtWaAMz2x
Hacking time with the Nabaztag and #AIYProjects ! https://t.co/udtWaAMz2x
Finally, Sandy Macdonald is doing a giveaway of the issue. Go and enter: a simple retweet could win you a great prize!
I’m giving away this copy of @TheMagP1 with the @Raspberry_Pi #AIYProjects free, inc. p&p worldwide. RT to enter. Closes 9am BST tomorrow.
If you have got your hands on the AIY Voice Projects Kit, do show us what you’ve made with it! Remember to use the #AIYProjects hashtag on Twitter to show off your project as well.
There’s also a dedicated forum for discussing the AIY Voice Projects Kit which you can find on the main Raspberry Pi forum. Check it out if you have something to share or if you’re having any problems.
Yesterday I promised a double-dose of Picard gifs. So, what’s twice as good as a Picard gif? A Sisko gif, of course! See you next time…
The post A day with AIY Voice Projects Kit – The MagPi 57 aftermath appeared first on Raspberry Pi.
learning is a technique that has taken the computing world by storm
over the last few years. As Luis Villa discussed in his
Software Legal and Licensing Workshop (LLW) talk, there are legal
implications that need to be considered, especially with regard to the data
sets that are used by machine-learning systems. The talk, which was
not under the
Rule default for the workshop, also provided a simplified
introduction to machine learning geared toward a legal audience.
Security updates have been issued by Debian (libxstream-java, mysql-connector-java, tomcat7, and tomcat8), Fedora (log4j), Mageia (texlive), openSUSE (weechat), SUSE (ghostscript-library, graphite2, and xen), and Ubuntu (icu and libreoffice).