Tag Archives: maker

Copyright Holders Want ISPs to Police Pirate Sites and Issue Warnings

Post Syndicated from Ernesto original https://torrentfreak.com/copyright-holders-want-isps-to-police-pirate-sites-and-issue-warnings-171124/

Online piracy is a worldwide phenomenon and increasingly it ends up on the desks of lawmakers everywhere.

Frustrated by the ever-evolving piracy landscape, copyright holders are calling on local authorities to help out.

This is also the case in South Africa at the moment, where the Government is finalizing a new Cybercrimes and Cybersecurity Bill.

Responding to a call for comments, anti-piracy group SAFACT, film producers, and local broadcaster M-Net seized the opportunity to weigh in with some suggestions. Writing to the Department of Justice and Constitutional Development, they ask for measures to make it easier to block pirate sites and warn copyright infringers.

“A balanced approach to address the massive copyright infringement on the Internet is necessary,” they say.

On the site-blocking front, the copyright holder representatives suggest an EU-style amendment that would allow for injunctions against ISPs to bar access to pirate sites.

“It is suggested that South Africa should consider adopting technology-neutral ‘no fault’ enforcement legislation that would enable intermediaries to take action against online infringements, in line with Article 8.3 of the EU Copyright Directive (2001/29/EC), which addresses copyright infringement through site blocking,” it reads.

Request and response (via Business Tech)

In addition, ISPs should also be obliged to take further measures to deter piracy. New legislation should require providers to “police” unauthorized file-sharing and streaming sites, and warn subscribers who are caught pirating.

“Obligations should be imposed on ISPs to co-operate with rights-holders and Government to police illegal filesharing or streaming websites and to issue warnings to end-users identified as engaging in illegal file-sharing and to block infringing content,” the rightsholders say.

The demands were made public by the Department recently, which also included an official response from the Government. While the suggestions are not dismissed based on their content, they don’t fit the purpose of the legislation.

“The Bill does not deal with copyright infringements. These aspects must be dealt with in terms of copyright-related legislation,” the Department writes.

SAFACT, the filmmakers, and M-Net are not without options though. The Government points out that the new Copyright Amendment Bill, which was introduced recently, would be a better fit for these asks. So it’s likely that they will try again.

This doesn’t mean that any of the proposed language will be adopted, of course. However, now that the demands are on the table, South Africans are likely to hear more blocking and warning chatter in the near future.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

HackSpace magazine #1 is out now!

Post Syndicated from Andrew Gregory original https://www.raspberrypi.org/blog/hackspace-magazine-1/

HackSpace magazine is finally here! Grab your copy of the new magazine for makers today, and try your hand at some new, exciting skills.

HackSpace magazine issue 1 cover

What is HackSpace magazine?

HackSpace magazine is the newest publication from the team behind The MagPi. Chock-full of amazing projects, tutorials, features, and maker interviews, HackSpace magazine brings together the makers of the world every month, with you — the community — providing the content.

HackSpace magazine is out now!

The new magazine for the modern maker is out now! Learn more at https://hsmag.cc HackSpace magazine is the new monthly magazine for people who love to make things and those who want to learn. Grab some duct tape, fire up a microcontroller, ready a 3D printer and hack the world around you!

Inside issue 1

Fancy smoking bacon with your very own cold smoker? How about protecting your home with a mini trebuchet for your front lawn? Or maybe you’d like to learn from awesome creator Becky Stern how to get paid for making the things you love? No matter whether it’s handheld consoles, robot prosthetics, Christmas projects, or, er, duct tape — whatever your maker passion, issue 1 is guaranteed to tick your boxes!



HackSpace magazine is packed with content from every corner of the maker world: from welding to digital making, and from woodwork to wearables. And whatever you enjoy making, we want to see it! So as you read through this first issue, imagine your favourite homemade projects on our pages, then make that a reality by emailing us the details via [email protected].

Get your copy

You can grab issue 1 of HackSpace magazine right now from WHSmith, Tesco, Sainsbury’s, and independent newsagents. If you live in the US, check out your local Barnes & Noble, Fry’s, or Micro Center next week. We’re also shipping to stores in Australia, Hong Kong, Canada, Singapore, Belgium and Brazil — ask your local newsagent whether they’ll be getting HackSpace magazine. Alternatively, you can get the new issue online from our store, or digitally via our Android or iOS apps. And don’t forget, as with all our publications, a free PDF of HackSpace magazine is available from release day.

We’re also offering money-saving subscriptions — find details on the the magazine website. And if you’re a subscriber of The MagPi, your free copy of HackSpace magazine is on its way, with details of a super 50% discount on subscriptions! Could this be the Christmas gift you didn’t know you wanted?

Share your makes and thoughts

Make sure to follow HackSpace magazine on Facebook and Twitter, or email the team at [email protected] to tell us about your projects and share your thoughts about issue 1. We’ve loved creating this new magazine for the maker community, and we hope you enjoy it as much as we do.

The post HackSpace magazine #1 is out now! appeared first on Raspberry Pi.

What do you want your button to do?

Post Syndicated from Carrie Anne Philbin original https://www.raspberrypi.org/blog/button/

Here at Raspberry Pi, we know that getting physical with computing is often a catalyst for creativity. Building a simple circuit can open up a world of making possibilities! This ethos of tinkering and invention is also being used in the classroom to inspire a whole new generation of makers too, and here is why.

The all-important question

Physical computing provides a great opportunity for creative expression: the button press! By explaining how a button works, how to build one with a breadboard attached to computer, and how to program the button to work when it’s pressed, you can give learners young and old all the conceptual skills they need to build a thing that does something. But what do they want their button to do? Have you ever asked your students or children at home? I promise it will be one of the most mindblowing experiences you’ll have if you do.

A button. A harmless, little arcade button.

Looks harmless now, but put it into the hands of a child and see what happens!

Amy will want her button to take a photo, Charlie will want his button to play a sound, Tumi will want her button to explode TNT in Minecraft, Jack will want their button to fire confetti out of a cannon, and James Robinson will want his to trigger silly noises (doesn’t he always?)! Idea generation is the inherent gift that every child has in abundance. As educators and parents, we’re always looking to deeply engage our young people in the subject matter we’re teaching, and they are never more engaged than when they have an idea and want to implement it. Way back in 2012, I wanted my button to print geeky sayings:

Geek Gurl Diaries Raspberry Pi Thermal Printer Project Sneak Peek!

A sneak peek at the finished Geek Gurl Diaries ‘Box of Geek’. I’ve been busy making this for a few weeks with some help from friends. Tutorial to make your own box coming soon, so keep checking the Geek Gurl Diaries Twitter, facebook page and channel.

What are the challenges for this approach in education?

Allowing this kind of free-form creativity and tinkering in the classroom obviously has its challenges for teachers, especially those confined to rigid lesson structures, timings, and small classrooms. The most common worry I hear from teachers is “what if they ask a question I can’t answer?” Encouraging this sort of creative thinking makes that almost an inevitability. How can you facilitate roughly 30 different projects simultaneously? The answer is by using those other computational and transferable thinking skills:

  • Problem-solving
  • Iteration
  • Collaboration
  • Evaluation

Clearly specifying a problem, surveying the tools available to solve it (including online references and external advice), and then applying them to solve the problem is a hugely important skill, and this is a great opportunity to teach it.

A girl plays a button reaction game at a Raspberry Pi event

Press ALL the buttons!

Hands-off guidance

When we train teachers at Picademy, we group attendees around themes that have come out of the idea generation session. Together they collaborate on an achievable shared goal. One will often sketch something on a whiteboard, decomposing the problem into smaller parts; then the group will divide up the tasks. Each will look online or in books for tutorials to help them with their step. I’ve seen this behaviour in student groups too, and it’s very easy to facilitate. You don’t need to be the resident expert on every project that students want to work on.

The key is knowing where to guide students to find the answers they need. Curating online videos, blogs, tutorials, and articles in advance gives you the freedom and confidence to concentrate on what matters: the learning. We have a number of physical computing projects that use buttons, linked to our curriculum for learners to combine inputs and outputs to solve a problem. The WhooPi cushion and GPIO music box are two of my favourites.

A Raspberry Pi and button attached to a computer display

Outside of formal education, events such as Raspberry Jams, CoderDojos, CAS Hubs, and hackathons are ideal venues for seeking and receiving support and advice.

Cross-curricular participation

The rise of the global maker movement, I think, is in response to abstract concepts and disciplines. Children are taught lots of concepts in isolation that aren’t always relevant to their lives or immediate environment. Digital making provides a unique and exciting way of bridging different subject areas, allowing for cross-curricular participation. I’m not suggesting that educators should throw away all their schemes of work and leave the full direction of the computing curriculum to students. However, there’s huge value in exposing learners to the possibilities for creativity in computing. Creative freedom and expression guide learning, better preparing young people for the workplace of tomorrow.

So…what do you want your button to do?

Hello World

Learn more about today’s subject, and read further articles regarding computer science in education, in Hello World magazine issue 1.

Read Hello World issue 1 for more…

UK-based educators can subscribe to Hello World to receive a hard copy delivered for free to their doorstep, while the PDF is available for free to everyone via the Hello World website.

The post What do you want your button to do? appeared first on Raspberry Pi.

How to Patch, Inspect, and Protect Microsoft Windows Workloads on AWS—Part 1

Post Syndicated from Koen van Blijderveen original https://aws.amazon.com/blogs/security/how-to-patch-inspect-and-protect-microsoft-windows-workloads-on-aws-part-1/

Most malware tries to compromise your systems by using a known vulnerability that the maker of the operating system has already patched. To help prevent malware from affecting your systems, two security best practices are to apply all operating system patches to your systems and actively monitor your systems for missing patches. In case you do need to recover from a malware attack, you should make regular backups of your data.

In today’s blog post (Part 1 of a two-part post), I show how to keep your Amazon EC2 instances that run Microsoft Windows up to date with the latest security patches by using Amazon EC2 Systems Manager. Tomorrow in Part 2, I show how to take regular snapshots of your data by using Amazon EBS Snapshot Scheduler and how to use Amazon Inspector to check if your EC2 instances running Microsoft Windows contain any common vulnerabilities and exposures (CVEs).

What you should know first

To follow along with the solution in this post, you need one or more EC2 instances. You may use existing instances or create new instances. For the blog post, I assume this is an EC2 for Microsoft Windows Server 2012 R2 instance installed from the Amazon Machine Images (AMIs). If you are not familiar with how to launch an EC2 instance, see Launching an Instance. I also assume you launched or will launch your instance in a private subnet. A private subnet is not directly accessible via the internet, and access to it requires either a VPN connection to your on-premises network or a jump host in a public subnet (a subnet with access to the internet). You must make sure that the EC2 instance can connect to the internet using a network address translation (NAT) instance or NAT gateway to communicate with Systems Manager and Amazon Inspector. The following diagram shows how you should structure your Amazon Virtual Private Cloud (VPC). You should also be familiar with Restoring an Amazon EBS Volume from a Snapshot and Attaching an Amazon EBS Volume to an Instance.

Later on, you will assign tasks to a maintenance window to patch your instances with Systems Manager. To do this, the AWS Identity and Access Management (IAM) user you are using for this post must have the iam:PassRole permission. This permission allows this IAM user to assign tasks to pass their own IAM permissions to the AWS service. In this example, when you assign a task to a maintenance window, IAM passes your credentials to Systems Manager. This safeguard ensures that the user cannot use the creation of tasks to elevate their IAM privileges because their own IAM privileges limit which tasks they can run against an EC2 instance. You should also authorize your IAM user to use EC2, Amazon Inspector, Amazon CloudWatch, and Systems Manager. You can achieve this by attaching the following AWS managed policies to the IAM user you are using for this example: AmazonInspectorFullAccess, AmazonEC2FullAccess, and AmazonSSMFullAccess.

Architectural overview

The following diagram illustrates the components of this solution’s architecture.

Diagram showing the components of this solution's architecture

For this blog post, Microsoft Windows EC2 is Amazon EC2 for Microsoft Windows Server 2012 R2 instances with attached Amazon Elastic Block Store (Amazon EBS) volumes, which are running in your VPC. These instances may be standalone Windows instances running your Windows workloads, or you may have joined them to an Active Directory domain controller. For instances joined to a domain, you can be using Active Directory running on an EC2 for Windows instance, or you can use AWS Directory Service for Microsoft Active Directory.

Amazon EC2 Systems Manager is a scalable tool for remote management of your EC2 instances. You will use the Systems Manager Run Command to install the Amazon Inspector agent. The agent enables EC2 instances to communicate with the Amazon Inspector service and run assessments, which I explain in detail later in this blog post. You also will create a Systems Manager association to keep your EC2 instances up to date with the latest security patches.

You can use the EBS Snapshot Scheduler to schedule automated snapshots at regular intervals. You will use it to set up regular snapshots of your Amazon EBS volumes. EBS Snapshot Scheduler is a prebuilt solution by AWS that you will deploy in your AWS account. With Amazon EBS snapshots, you pay only for the actual data you store. Snapshots save only the data that has changed since the previous snapshot, which minimizes your cost.

You will use Amazon Inspector to run security assessments on your EC2 for Windows Server instance. In this post, I show how to assess if your EC2 for Windows Server instance is vulnerable to any of the more than 50,000 CVEs registered with Amazon Inspector.

In today’s and tomorrow’s posts, I show you how to:

  1. Launch an EC2 instance with an IAM role, Amazon EBS volume, and tags that Systems Manager and Amazon Inspector will use.
  2. Configure Systems Manager to install the Amazon Inspector agent and patch your EC2 instances.
  3. Take EBS snapshots by using EBS Snapshot Scheduler to automate snapshots based on instance tags.
  4. Use Amazon Inspector to check if your EC2 instances running Microsoft Windows contain any common vulnerabilities and exposures (CVEs).

Step 1: Launch an EC2 instance

In this section, I show you how to launch your EC2 instances so that you can use Systems Manager with the instances and use instance tags with EBS Snapshot Scheduler to automate snapshots. This requires three things:

  • Create an IAM role for Systems Manager before launching your EC2 instance.
  • Launch your EC2 instance with Amazon EBS and the IAM role for Systems Manager.
  • Add tags to instances so that you can automate policies for which instances you take snapshots of and when.

Create an IAM role for Systems Manager

Before launching your EC2 instance, I recommend that you first create an IAM role for Systems Manager, which you will use to update the EC2 instance you will launch. AWS already provides a preconfigured policy that you can use for your new role, and it is called AmazonEC2RoleforSSM.

  1. Sign in to the IAM console and choose Roles in the navigation pane. Choose Create new role.
    Screenshot of choosing "Create role"
  2. In the role-creation workflow, choose AWS service > EC2 > EC2 to create a role for an EC2 instance.
    Screenshot of creating a role for an EC2 instance
  3. Choose the AmazonEC2RoleforSSM policy to attach it to the new role you are creating.
    Screenshot of attaching the AmazonEC2RoleforSSM policy to the new role you are creating
  4. Give the role a meaningful name (I chose EC2SSM) and description, and choose Create role.
    Screenshot of giving the role a name and description

Launch your EC2 instance

To follow along, you need an EC2 instance that is running Microsoft Windows Server 2012 R2 and that has an Amazon EBS volume attached. You can use any existing instance you may have or create a new instance.

When launching your new EC2 instance, be sure that:

  • The operating system is Microsoft Windows Server 2012 R2.
  • You attach at least one Amazon EBS volume to the EC2 instance.
  • You attach the newly created IAM role (EC2SSM).
  • The EC2 instance can connect to the internet through a network address translation (NAT) gateway or a NAT instance.
  • You create the tags shown in the following screenshot (you will use them later).

If you are using an already launched EC2 instance, you can attach the newly created role as described in Easily Replace or Attach an IAM Role to an Existing EC2 Instance by Using the EC2 Console.

Add tags

The final step of configuring your EC2 instances is to add tags. You will use these tags to configure Systems Manager in Step 2 of this blog post and to configure Amazon Inspector in Part 2. For this example, I add a tag key, Patch Group, and set the value to Windows Servers. I could have other groups of EC2 instances that I treat differently by having the same tag key but a different tag value. For example, I might have a collection of other servers with the Patch Group tag key with a value of IAS Servers.

Screenshot of adding tags

Note: You must wait a few minutes until the EC2 instance becomes available before you can proceed to the next section.

At this point, you now have at least one EC2 instance you can use to configure Systems Manager, use EBS Snapshot Scheduler, and use Amazon Inspector.

Note: If you have a large number of EC2 instances to tag, you may want to use the EC2 CreateTags API rather than manually apply tags to each instance.

Step 2: Configure Systems Manager

In this section, I show you how to use Systems Manager to apply operating system patches to your EC2 instances, and how to manage patch compliance.

To start, I will provide some background information about Systems Manager. Then, I will cover how to:

  • Create the Systems Manager IAM role so that Systems Manager is able to perform patch operations.
  • Associate a Systems Manager patch baseline with your instance to define which patches Systems Manager should apply.
  • Define a maintenance window to make sure Systems Manager patches your instance when you tell it to.
  • Monitor patch compliance to verify the patch state of your instances.

Systems Manager is a collection of capabilities that helps you automate management tasks for AWS-hosted instances on EC2 and your on-premises servers. In this post, I use Systems Manager for two purposes: to run remote commands and apply operating system patches. To learn about the full capabilities of Systems Manager, see What Is Amazon EC2 Systems Manager?

Patch management is an important measure to prevent malware from infecting your systems. Most malware attacks look for vulnerabilities that are publicly known and in most cases are already patched by the maker of the operating system. These publicly known vulnerabilities are well documented and therefore easier for an attacker to exploit than having to discover a new vulnerability.

Patches for these new vulnerabilities are available through Systems Manager within hours after Microsoft releases them. There are two prerequisites to use Systems Manager to apply operating system patches. First, you must attach the IAM role you created in the previous section, EC2SSM, to your EC2 instance. Second, you must install the Systems Manager agent on your EC2 instance. If you have used a recent Microsoft Windows Server 2012 R2 AMI published by AWS, Amazon has already installed the Systems Manager agent on your EC2 instance. You can confirm this by logging in to an EC2 instance and looking for Amazon SSM Agent under Programs and Features in Windows. To install the Systems Manager agent on an instance that does not have the agent preinstalled or if you want to use the Systems Manager agent on your on-premises servers, see the documentation about installing the Systems Manager agent. If you forgot to attach the newly created role when launching your EC2 instance or if you want to attach the role to already running EC2 instances, see Attach an AWS IAM Role to an Existing Amazon EC2 Instance by Using the AWS CLI or use the AWS Management Console.

To make sure your EC2 instance receives operating system patches from Systems Manager, you will use the default patch baseline provided and maintained by AWS, and you will define a maintenance window so that you control when your EC2 instances should receive patches. For the maintenance window to be able to run any tasks, you also must create a new role for Systems Manager. This role is a different kind of role than the one you created earlier: Systems Manager will use this role instead of EC2. Earlier we created the EC2SSM role with the AmazonEC2RoleforSSM policy, which allowed the Systems Manager agent on our instance to communicate with the Systems Manager service. Here we need a new role with the policy AmazonSSMMaintenanceWindowRole to make sure the Systems Manager service is able to execute commands on our instance.

Create the Systems Manager IAM role

To create the new IAM role for Systems Manager, follow the same procedure as in the previous section, but in Step 3, choose the AmazonSSMMaintenanceWindowRole policy instead of the previously selected AmazonEC2RoleforSSM policy.

Screenshot of creating the new IAM role for Systems Manager

Finish the wizard and give your new role a recognizable name. For example, I named my role MaintenanceWindowRole.

Screenshot of finishing the wizard and giving your new role a recognizable name

By default, only EC2 instances can assume this new role. You must update the trust policy to enable Systems Manager to assume this role.

To update the trust policy associated with this new role:

  1. Navigate to the IAM console and choose Roles in the navigation pane.
  2. Choose MaintenanceWindowRole and choose the Trust relationships tab. Then choose Edit trust relationship.
  3. Update the policy document by copying the following policy and pasting it in the Policy Document box. As you can see, I have added the ssm.amazonaws.com service to the list of allowed Principals that can assume this role. Choose Update Trust Policy.
    {
       "Version":"2012-10-17",
       "Statement":[
          {
             "Sid":"",
             "Effect":"Allow",
             "Principal":{
                "Service":[
                   "ec2.amazonaws.com",
                   "ssm.amazonaws.com"
               ]
             },
             "Action":"sts:AssumeRole"
          }
       ]
    }

Associate a Systems Manager patch baseline with your instance

Next, you are going to associate a Systems Manager patch baseline with your EC2 instance. A patch baseline defines which patches Systems Manager should apply. You will use the default patch baseline that AWS manages and maintains. Before you can associate the patch baseline with your instance, though, you must determine if Systems Manager recognizes your EC2 instance.

Navigate to the EC2 console, scroll down to Systems Manager Shared Resources in the navigation pane, and choose Managed Instances. Your new EC2 instance should be available there. If your instance is missing from the list, verify the following:

  1. Go to the EC2 console and verify your instance is running.
  2. Select your instance and confirm you attached the Systems Manager IAM role, EC2SSM.
  3. Make sure that you deployed a NAT gateway in your public subnet to ensure your VPC reflects the diagram at the start of this post so that the Systems Manager agent can connect to the Systems Manager internet endpoint.
  4. Check the Systems Manager Agent logs for any errors.

Now that you have confirmed that Systems Manager can manage your EC2 instance, it is time to associate the AWS maintained patch baseline with your EC2 instance:

  1. Choose Patch Baselines under Systems Manager Services in the navigation pane of the EC2 console.
  2. Choose the default patch baseline as highlighted in the following screenshot, and choose Modify Patch Groups in the Actions drop-down.
    Screenshot of choosing Modify Patch Groups in the Actions drop-down
  3. In the Patch group box, enter the same value you entered under the Patch Group tag of your EC2 instance in “Step 1: Configure your EC2 instance.” In this example, the value I enter is Windows Servers. Choose the check mark icon next to the patch group and choose Close.Screenshot of modifying the patch group

Define a maintenance window

Now that you have successfully set up a role and have associated a patch baseline with your EC2 instance, you will define a maintenance window so that you can control when your EC2 instances should receive patches. By creating multiple maintenance windows and assigning them to different patch groups, you can make sure your EC2 instances do not all reboot at the same time. The Patch Group resource tag you defined earlier will determine to which patch group an instance belongs.

To define a maintenance window:

  1. Navigate to the EC2 console, scroll down to Systems Manager Shared Resources in the navigation pane, and choose Maintenance Windows. Choose Create a Maintenance Window.
    Screenshot of starting to create a maintenance window in the Systems Manager console
  2. Select the Cron schedule builder to define the schedule for the maintenance window. In the example in the following screenshot, the maintenance window will start every Saturday at 10:00 P.M. UTC.
  3. To specify when your maintenance window will end, specify the duration. In this example, the four-hour maintenance window will end on the following Sunday morning at 2:00 A.M. UTC (in other words, four hours after it started).
  4. Systems manager completes all tasks that are in process, even if the maintenance window ends. In my example, I am choosing to prevent new tasks from starting within one hour of the end of my maintenance window because I estimated my patch operations might take longer than one hour to complete. Confirm the creation of the maintenance window by choosing Create maintenance window.
    Screenshot of completing all boxes in the maintenance window creation process
  5. After creating the maintenance window, you must register the EC2 instance to the maintenance window so that Systems Manager knows which EC2 instance it should patch in this maintenance window. To do so, choose Register new targets on the Targets tab of your newly created maintenance window. You can register your targets by using the same Patch Group tag you used before to associate the EC2 instance with the AWS-provided patch baseline.
    Screenshot of registering new targets
  6. Assign a task to the maintenance window that will install the operating system patches on your EC2 instance:
    1. Open Maintenance Windows in the EC2 console, select your previously created maintenance window, choose the Tasks tab, and choose Register run command task from the Register new task drop-down.
    2. Choose the AWS-RunPatchBaseline document from the list of available documents.
    3. For Parameters:
      1. For Role, choose the role you created previously (called MaintenanceWindowRole).
      2. For Execute on, specify how many EC2 instances Systems Manager should patch at the same time. If you have a large number of EC2 instances and want to patch all EC2 instances within the defined time, make sure this number is not too low. For example, if you have 1,000 EC2 instances, a maintenance window of 4 hours, and 2 hours’ time for patching, make this number at least 500.
      3. For Stop after, specify after how many errors Systems Manager should stop.
      4. For Operation, choose Install to make sure to install the patches.
        Screenshot of stipulating maintenance window parameters

Now, you must wait for the maintenance window to run at least once according to the schedule you defined earlier. Note that if you don’t want to wait, you can adjust the schedule to run sooner by choosing Edit maintenance window on the Maintenance Windows page of Systems Manager. If your maintenance window has expired, you can check the status of any maintenance tasks Systems Manager has performed on the Maintenance Windows page of Systems Manager and select your maintenance window.

Screenshot of the maintenance window successfully created

Monitor patch compliance

You also can see the overall patch compliance of all EC2 instances that are part of defined patch groups by choosing Patch Compliance under Systems Manager Services in the navigation pane of the EC2 console. You can filter by Patch Group to see how many EC2 instances within the selected patch group are up to date, how many EC2 instances are missing updates, and how many EC2 instances are in an error state.

Screenshot of monitoring patch compliance

In this section, you have set everything up for patch management on your instance. Now you know how to patch your EC2 instance in a controlled manner and how to check if your EC2 instance is compliant with the patch baseline you have defined. Of course, I recommend that you apply these steps to all EC2 instances you manage.

Summary

In Part 1 of this blog post, I have shown how to configure EC2 instances for use with Systems Manager, EBS Snapshot Scheduler, and Amazon Inspector. I also have shown how to use Systems Manager to keep your Microsoft Windows–based EC2 instances up to date. In Part 2 of this blog post tomorrow, I will show how to take regular snapshots of your data by using EBS Snapshot Scheduler and how to use Amazon Inspector to check if your EC2 instances running Microsoft Windows contain any CVEs.

If you have comments about this post, submit them in the “Comments” section below. If you have questions about or issues implementing this solution, start a new thread on the EC2 forum or the Amazon Inspector forum, or contact AWS Support.

– Koen

Ultimate 3D printer control with OctoPrint

Post Syndicated from Alex Bate original https://www.raspberrypi.org/blog/octoprint/

Control and monitor your 3D printer remotely with a Raspberry Pi and OctoPrint.

Timelapse of OctoPrint Ornament

Printed on a bq Witbox STL file can be found here: http://www.thingiverse.com/thing:191635 OctoPrint is located here: http://www.octoprint.org

3D printing

Whether you have a 3D printer at home or use one at your school or local makerspace, it’s fair to assume you’ve had a failed print or two in your time. Filament knotting or running out, your print peeling away from the print bed — these are common issues for all 3D printing enthusiasts, and they can be costly if they’re discovered too late.

OctoPrint

OctoPrint is a free open-source software, created and maintained by Gina Häußge, that performs a multitude of useful 3D printing–related tasks, including remote control of your printer, live video, and data collection.

The OctoPrint logo

Control and monitoring

To control the print process, use OctoPrint on a Raspberry Pi connected to your 3D printer. First, ensure a safe uninterrupted run by using the software to restrict who can access the printer. Then, before starting your print, use the web app to work on your STL file. The app also allows you to reposition the print head at any time, as well as pause or stop printing if needed.

Live video streaming

Since OctoPrint can stream video of your print as it happens, you can watch out for any faults that may require you to abort and restart. Proud of your print? Record the entire process from start to finish and upload the time-lapse video to your favourite social media platform.

OctoPrint software graphic user interface screenshot

Data capture

Octoprint records real-time data, such as the temperature, giving you another way to monitor your print to ensure a smooth, uninterrupted process. Moreover, the records will help with troubleshooting if there is a problem.

OctoPrint software graphic user interface screenshot

Print the Millenium Falcon

OK, you can print anything you like. However, this design definitely caught our eye this week.

3D-Printed Fillenium Malcon (Timelapse)

This is a Timelapse of my biggest print project so far on my own designed/built printer. It’s 500x170x700(mm) and weights 3 Kilograms of Filament.

You can support the work of Gina and OctoPrint by visiting her Patreon account and following OctoPrint on Twitter, Facebook, or G+. And if you’ve set up a Raspberry Pi to run OctoPrint, or you’ve created some cool Pi-inspired 3D prints, make sure to share them with us on our own social media channels.

The post Ultimate 3D printer control with OctoPrint appeared first on Raspberry Pi.

Pip: digital creation in your pocket from Curious Chip

Post Syndicated from Alex Bate original https://www.raspberrypi.org/blog/pip-curious-chip/

Get your hands on Pip, the handheld Raspberry Pi–based device for aspiring young coders and hackers from Curious Chip.

A GIF of Pip - Curious Chip - Pip handheld device - Raspberry Pi

Pip is a handheld gaming console from Curios Chip which you can now back on Kickstarter. Using the Raspberry Pi Compute Module 3, Pip allows users to code, hack, and play wherever they are.

We created Pip so that anyone can tinker with technology. From beginners to those who know more — Pip makes it easy, simple, and fun!

For gaming

Pip’s smart design may well remind you of a certain handheld gaming console released earlier this year. With its central screen and detachable side controllers, Pip has a size and shape ideal for gaming.

A GIF of Pip - Curious Chip - Pip handheld device - Raspberry Pi

Those who have used a Raspberry Pi with the Raspbian OS might be familiar with Minecraft Pi, a variant of the popular Minecraft game created specifically for Pi users to play and hack for free. Users of Pip will be able to access Minecraft Pi from the portable device and take their block-shaped creations with them wherever they go.

And if that’s not enough, Pip’s Pi brain allows coders to create their own games using Scratch, in addition to giving access a growing library of games in Curious Chip’s online arcade.

Digital making

Pip’s GPIO pins are easily accessible, so that you can expand upon your digital making skills with physical computing projects. Grab your Pip and a handful of jumper leads, and you will be able to connect and control components such as lights, buttons, servomotors, and more!

A smiling girl with Pip and a laptop

You can also attach any of the range of HAT add-on boards available on the market, such as our own Sense HAT, or ones created by Pimoroni, Adafruit, and others. And if you’re looking to learn a new coding language, you’re in luck: Pip supports Python, HTML/CSS, JavaScript, Lua, and PHP.

Maker Pack and add-ons

Backers can also pledge their funds for additional hardware, such as the Maker Pack, an integrated camera, or a Pip Breadboard Kit.

PipHAT and Breadboard add-ons - Curious Chip - Pip handheld device - Raspberry Pi

The breadboard and the optional PipHAT are also compatible with any Raspberry Pi 2 and 3. Nice!

Curiosity from Curious Chip

Users of Pip can program their device via Curiosity, a tool designed specifically for this handheld device.

Pip’s programming tool is called Curiosity, and it’s hosted on Pip itself and accessed via WiFi from any modern web browser, so there’s no software to download and install. Curiosity allows Pip to be programmed using a number of popular programming languages, including JavaScript, Python, Lua, PHP, and HTML5. Scratch-inspired drag-and-drop block programming is also supported with our own Google Blockly–based editor, making it really easy to access all of Pip’s built-in functionality from a simple, visual programming language.

Back the project

If you’d like to back Curious Chip and bag your own Pip, you can check out their Kickstarter page here. And if you watch their promo video closely, you may see a familiar face from the Raspberry Pi community.

Are you planning on starting your own Raspberry Pi-inspired crowd-funded campaign? Then be sure to tag us on social media. We love to see what the community is creating for our little green (or sometimes blue) computer.

The post Pip: digital creation in your pocket from Curious Chip appeared first on Raspberry Pi.

New White House Announcement on the Vulnerability Equities Process

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2017/11/new_white_house_1.html

The White House has released a new version of the Vulnerabilities Equities Process (VEP). This is the inter-agency process by which the US government decides whether to inform the software vendor of a vulnerability it finds, or keep it secret and use it to eavesdrop on or attack other systems. You can read the new policy or the fact sheet, but the best place to start is Cybersecurity Coordinator Rob Joyce’s blog post.

In considering a way forward, there are some key tenets on which we can build a better process.

Improved transparency is critical. The American people should have confidence in the integrity of the process that underpins decision making about discovered vulnerabilities. Since I took my post as Cybersecurity Coordinator, improving the VEP and ensuring its transparency have been key priorities, and we have spent the last few months reviewing our existing policy in order to improve the process and make key details about the VEP available to the public. Through these efforts, we have validated much of the existing process and ensured a rigorous standard that considers many potential equities.

The interests of all stakeholders must be fairly represented. At a high level we consider four major groups of equities: defensive equities; intelligence / law enforcement / operational equities; commercial equities; and international partnership equities. Additionally, ordinary people want to know the systems they use are resilient, safe, and sound. These core considerations, which have been incorporated into the VEP Charter, help to standardize the process by which decision makers weigh the benefit to national security and the national interest when deciding whether to disclose or restrict knowledge of a vulnerability.

Accountability of the process and those who operate it is important to establish confidence in those served by it. Our public release of the unclassified portions Charter will shed light on aspects of the VEP that were previously shielded from public review, including who participates in the VEP’s governing body, known as the Equities Review Board. We make it clear that departments and agencies with protective missions participate in VEP discussions, as well as other departments and agencies that have broader equities, like the Department of State and the Department of Commerce. We also clarify what categories of vulnerabilities are submitted to the process and ensure that any decision not to disclose a vulnerability will be reevaluated regularly. There are still important reasons to keep many of the specific vulnerabilities evaluated in the process classified, but we will release an annual report that provides metrics about the process to further inform the public about the VEP and its outcomes.

Our system of government depends on informed and vigorous dialogue to discover and make available the best ideas that our diverse society can generate. This publication of the VEP Charter will likely spark discussion and debate. This discourse is important. I also predict that articles will make breathless claims of “massive stockpiles” of exploits while describing the issue. That simply isn’t true. The annual reports and transparency of this effort will reinforce that fact.

Mozilla is pleased with the new charter. I am less so; it looks to me like the same old policy with some new transparency measures — which I’m not sure I trust. The devil is in the details, and we don’t know the details — and it has giant loopholes that pretty much anything can fall through:

The United States Government’s decision to disclose or restrict vulnerability information could be subject to restrictions by partner agreements and sensitive operations. Vulnerabilities that fall within these categories will be cataloged by the originating Department/Agency internally and reported directly to the Chair of the ERB. The details of these categories are outlined in Annex C, which is classified. Quantities of excepted vulnerabilities from each department and agency will be provided in ERB meetings to all members.

This is me from last June:

There’s a lot we don’t know about the VEP. The Washington Post says that the NSA used EternalBlue “for more than five years,” which implies that it was discovered after the 2010 process was put in place. It’s not clear if all vulnerabilities are given such consideration, or if bugs are periodically reviewed to determine if they should be disclosed. That said, any VEP that allows something as dangerous as EternalBlue — or the Cisco vulnerabilities that the Shadow Brokers leaked last August — to remain unpatched for years isn’t serving national security very well. As a former NSA employee said, the quality of intelligence that could be gathered was “unreal.” But so was the potential damage. The NSA must avoid hoarding vulnerabilities.

I stand by that, and am not sure the new policy changes anything.

More commentary.

Here’s more about the Windows vulnerabilities hoarded by the NSA and released by the Shadow Brokers.

EDITED TO ADD (11/18): More news.

EDITED TO ADD (11/22): Adam Shostack points out that the process does not cover design flaws or trade-offs, and that those need to be covered:

…we need the VEP to expand to cover those issues. I’m not going to claim that will be easy, that the current approach will translate, or that they should have waited to handle those before publishing. One obvious place it gets harder is the sources and methods tradeoff. But we need the internet to be a resilient and trustworthy infrastructure.

Center For Justice Wants Court to Unveil Copyright Trolling Secrets

Post Syndicated from Ernesto original https://torrentfreak.com/center-for-justice-wants-court-to-unveil-copyright-trolling-secrets-171116/

Mass-piracy lawsuits have been plaguing the U.S. for years, targeting hundreds of thousands of alleged downloaders.

While the numbers are massive, there are only a few so-called “copyright trolling” operations running the show.

These are copyright holders, working together with lawyers and piracy tracking firms, trying to extract cash settlements from alleged subscribers.

Getting a settlement is also what the makers of the “Elf-Man” movie tried when they targeted Ryan Lamberson of Spokane Valley, Washington. Unlike most defendants, however, Lamberson put up a fight, questioning the validity of the evidence. After the filmmaker pulled out, the accused pirate ended up winning $100,000 in attorney fees.

All this happened three years ago but it appears that there might be more trouble in store for Elf-Man and related companies.

The Washington non-profit organization Center for Justice (CFJ) recently filed a motion to intervene in the case. The group, which aims to protect “the wider community from abuse by the moneyed few,” has asked the court to unseal several documents that could reveal more about how these copyright trolls operate.

The non-profit asks the court to open up several filings to the public that may reveal how film companies, investigators, and lawyers coordinated an illegal settlement factory.

“The CFJ’s position is simple: if foreign data collectors and local lawyers are feeding on the subpoena power of federal courts to extract settlements from innocent people, then the public deserves to know.

“What makes this case so important is that, based on the unsealed exhibits and declarations, it appears that a German operation is providing the ‘investigators’ and ‘experts’ that claim to identify infringing activities, but its investigators apparently have a direct financial interest and the ‘software’ is questionable at best,” CFJ adds.

Another problem mentioned by the non-profit organization is that not all defense lawyers are familiar with these ‘trolling’ cases. They sometimes need dozens of hours to research them, which costs the defendant more than the cash settlement deal offered by the copyright holder.

As a result, paying off the trolls may seem like the most logical and safe option to the accused, even when they are innocent.

CFJ hopes that the sealed documents will help to expose the copyright trolls’ “mushrooming” enterprise, not just in this particular case, but also in many similar cases where people are pressured into settling.

“The entire lawsuit may have been a sham. Which is where CFJ comes in. Money and information remain the most significant hurdles for those being named as defendants in lawsuits like this one who receive threatening settlement letters like the one Mr. Lamberson received.

“CFJ’s goal is to level the playing field and reduce the plaintiffs’ informational advantage. The common-law right of access to judicial records is especially important where, as here, the copyright ‘trolling’ risks infecting the judicial system,” the non-profit adds.

The recent filings were spotted by SJD from Fight Copyright Trolls, who rightfully notes that we still have to see whether the documents will be made public, or not. If they are indeed unsealed, it may trigger a response from other accused pirates, perhaps even a class action suit.

—–

Center For Justice’s full motion to intervene is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Cracking Group 3DM Loses Piracy Case Against Game Maker

Post Syndicated from Ernesto original https://torrentfreak.com/cracking-group-3dm-loses-piracy-case-against-game-maker-171115/

While most cracking groups operate under a veil of secrecy, China-based 3DM is not shy to come out in public.

The group’s leader, known as Bird Sister, has commented on various gaming and piracy related issues in the past.

She also spoke out when her own group was sued by the Japanese game manufacturer Koei Tecmo last year. The company accused 3DM of pirating several of its titles, including Romance of the Three Kingdoms.

However, Bird Sister instead wondered why the company should be able to profit from a work inspired by a 3rd-century novel from China.

“…why does a Japanese company, Koei have the copyright of this game when the game is obviously a derivation from the book “Romance of the Three Kingdoms” written by Chen Shou. I think Chinese gaming companies should try taking back the copyright,” she said.

Bird Sister

birdsister

The novel in question has long since been in the public domain so there’s nothing stopping Koei Tecmo from using it, as Kotaku points out. The game, however, is a copyrighted work and 3DM’s actions were seen as clear copyright infringement by a Chinese court.

In a press release, Koei Tecmo announces that it has won its lawsuit against the cracking group.

The court ordered 3DM to stop distributing the infringing games and awarded a total of 1.62 million Yuan ($245,000) in piracy damages and legal fees.

While computer games are cracked and pirated on a daily basis, those responsible for it are rarely held accountable. This makes the case against 3DM rather unique. And it may not be the last if it’s up to the game manufacturer.

“We will continue to respond rigorously to infringements of our copyrights and trademark rights, both in domestic and overseas markets, while also developing satisfying games that many users can enjoy,” said the company, commenting on the ruling.

While the lawsuit may help to steer the cracking group away from pirating Koei Tecmo games, it can’t undo any earlier releases. Court order or not, past 3DM releases, including Romance of the Three Kingdoms titles, are still widely available through third-party sites.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Physical computing blocks at Maker Faire New York

Post Syndicated from Matt Richardson original https://www.raspberrypi.org/blog/physical-computing-blocks/

At events like Maker Faire New York, we love offering visitors the chance to try out easy, inviting, and hands-on activities, so we teamed up with maker Ben Light to create interactive physical computing blocks.

Raspberry Blocks FINAL

In response to the need for hands-on, easy and inviting activities at events such as Maker Faire New York, we teamed up with maker Ben Light to create our interactive physical computing blocks.

Getting hands-on experience at events

At the Raspberry Pi Foundation, we often have the opportunity to engage with families and young people at events such as Maker Faires and STEAM festivals. When we set up a booth, it’s really important to us that we provide an educational, fun experience for everyone who visits us. But there are a few reasons why this can be a challenge.

Girls use the physical computing blocks at Maker Faire New York

For one, you have a broad audience of people with differing levels of experience with computers. Moreover, some people want to take the time to learn a lot, others just want to try something quick and move on. And on top of that, the environment is often loud, crowded, and chaotic…in a good way!

Creating our physical computing blocks

We were up against these challenges when we set out to create a new physical computing experience for our World Maker Faire New York booth. Our goal was to give people the opportunity to try a little bit of circuit making and a little bit of coding — and they should be able to get hands-on with the activity right away.




Inspired by Exploratorium’s Tinkering Studio, we sketched out physical computing blocks which let visitors use the Raspberry Pi’s GPIO pins without needing to work with tiny components or needing to understand how a breadboard works. We turned the sketches over to our friend Ben Light in New York City, and he brought the project to life.

Father and infant child clip crocodile leads to the Raspberry Pi physical computing blocks at Maker Faire New York

As you can see, the activity turned out really well, so we hope to bring it to more events in the future. Thank you, Ben Light, for collaborating with us on it!

The post Physical computing blocks at Maker Faire New York appeared first on Raspberry Pi.

MPAA Lobbies US Congress on Streaming Piracy Boxes

Post Syndicated from Ernesto original https://torrentfreak.com/mpaa-lobbies-us-congress-on-streaming-piracy-boxes-171112/

As part of its quest to reduce piracy, the MPAA continues to spend money on its lobbying activities, hoping to sway lawmakers in its direction.

While the lobbying talks take place behind closed doors, quarterly disclosure reports provide some insight into the items under discussion.

The MPAA’s most recent lobbying disclosure form features several new topics that weren’t on the agenda last year.

Among other issues, the Hollywood group lobbied the U.S. Senate and the U.S. House of Representatives on set-top boxes, preloaded streaming piracy devices, and streaming piracy in general.

The details of these discussions remain behind closed doors. The only thing we know for sure is what Hollywood is lobbying on, but it doesn’t take much imagination to take an educated guess on the ‘why’ part.

Just over a year ago streaming piracy boxes were hardly mentioned in anti-piracy circles, but today they are on the top of the enforcement list. The MPAA is reporting these concerns to lawmakers, to see whether they can be of assistance in curbing this growing threat.

Some of the lobbying topics

It’s clear that pirate streaming players are a prime concern for Hollywood. MPA boss Stan McCoy recently characterized the use of these devices as “Piracy 3.0” and a coalition of industry players sued a US-based seller of streaming boxes earlier this month.

The lobbying efforts themselves are nothing new of course. Every year the MPAA spends around $4 million to influence the decisions of lawmakers, both directly and through external lobbying firms such as Covington & Burling, Capitol Tax Partners, and Sentinel Worldwide.

While piracy streaming boxes are new on the agenda this year, they are not the only topics under discussion. Other items include trade deals such as the TPP, TTIP, and NAFTA, voluntary domain name initiatives, EU digital single market proposals, and cybersecurity.

TorrentFreak reached out to the MPAA for more information on the streaming box lobbying efforts, but we have yet to hear back.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Dallas Buyers Club Loses Piracy Lawsuit, IP-Address is Not Enough

Post Syndicated from Ernesto original https://torrentfreak.com/dallas-buyers-club-loses-piracy-lawsuit-ip-address-is-not-enough-171110/

In recent years, BitTorrent users around the world have been targeted with threats. They can either pay a significant settlement fee, or face far worse in court.

The scheme started in Germany years ago, and copyright holders later went after alleged pirates in Australia, Denmark, Finland, the UK, US, and elsewhere.

This summer, the copyright holders behind the movie Dallas Buyers Club added Spain to the mix, going after dozens of alleged pirates in Bilbao and San Sebastian. The ‘filmmakers’ are part of a tight group of so-called copyright trolls which are constantly expanding their business to other countries.

While they have had some success, mainly by sending out settlement letters, in Spain the first court case brought bad news.

The Commercial Court of Donostia dismissed the claim against an alleged file-sharer due to a lack of evidence. Dallas Buyers Club identified the infringer through an IP-address, but according to Judge Pedro José Malagón Ruiz, this is not good enough.

“The ruling says that there is no way to know whether the defendant was the P2P user or not, because an IP address only identifies the person who subscribed to the Internet connection, not the user who made use of the connection at a certain moment,” copyright lawyer David Bravo tells TorrentFreak.

“A relative or a guest could have been using the network, or even someone accessing the wifi if it was open,” he adds.

In addition, the Judge agreed with the defense that there is no evidence that the defendant actively made the movie available. This generally requires a form of intent. However, BitTorrent clients automatically share files with others, whether it’s the intention of the user or not.

“The upload of the data from the P2P programs occurs automatically by the program configuration itself. […] This occurs by default without requiring the knowledge or intention of the user,” Judge Malagón Ruiz writes in his verdict, quoted by Genbeta.

In other words, these BitTorrent transfers are not necessarily an act of public communication, therefore, they are not infringing any copyrights.

The case provides hope for other accused file-sharers who are looking to have their cases dismissed as well. Not in the last place because the defense was coordinated online, without active involvement of a lawyer.

Bravo, together with two colleague lawyers, offered self-help forms to accused file-sharers free of charge. Defendants could use these to mount a proper defense, which paid off in this case.

“This ruling sets a precedent,” Bravo tells TorrentFreak, noting that it’s a clear setback for the copyright holders who are involved in these mass file-sharing lawsuits.

While the lawyer cautions that other courts may come to a different conclusion, it appears that Dallas Buyers Club and other copyright trolls will meet some fierce ‘p2p coordinated’ resistance in Spain.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Computing in schools: the report card

Post Syndicated from Philip Colligan original https://www.raspberrypi.org/blog/after-the-reboot/

Today the Royal Society published After the Reboot, a report card on the state of computing education in UK schools. It’s a serious piece of work, published with lots of accompanying research and data, and well worth a read if you care about these issues (which, if you’re reading this blog, I guess you do).

The headline message is that, while a lot has been achieved, there’s a long way to go before we can say that young people are consistently getting the computing education they need and deserve in UK schools.

If this were a school report card, it would probably say: “good progress when he applies himself, but would benefit from more focus and effort in class” (which is eerily reminiscent of my own school reports).

A child coding in Scratch on a laptop - Royal Society After the Reboot

Good progress

After the Reboot comes five and a half years after the Royal Society’s first review of computing education, Shut down or restart, a report that was published just a few days before the Education Secretary announced in January 2012 that he was scrapping the widely discredited ICT programme of study.

There’s no doubt that a lot has been achieved since 2012, and the Royal Society has done a good job of documenting those successes in this latest report. Computing is now part of the curriculum for all schools. There’s a Computer Science GCSE that is studied by thousands of young people. Organisations like Computing At School have built a grassroots movement of educators who are leading fantastic work in schools up and down the country. Those are big wins.

The Raspberry Pi Foundation has been playing its part. With the support of partners like Google, we’ve trained over a thousand UK educators through our Picademy programme. Those educators have gone on to work with hundreds of thousands of students, and many have become leaders in the field. Many thousands more have taken our free online training courses, and through our partnership with BT, CAS and the BCS on the Barefoot programme, we’re supporting thousands of primary school teachers to deliver the computing curriculum. Earlier this year we launched a free magazine for computing educators, Hello World, which has over 14,000 subscribers after just three editions.

A group of people learning about digital making - Royal Society After the Reboot

More to do

Despite all the progress, the Royal Society study has confirmed what many of us have been saying for some time: we need to do much more to support teachers to develop the skills and confidence to deliver the computing curriculum. More than anything, we need to give them the time to invest in their own professional development. The UK led the way on putting computing in the curriculum. Now we need to follow through on that promise by investing in a huge effort to support professional development across the school system.

This isn’t a problem that any one organisation or sector can solve on its own. It will require a grand coalition of government, industry, non-profits, and educators if we are going to make change at the pace that our young people need and deserve. Over the coming weeks and months, we’ll be working with our partners to figure out how we make that happen.

A boy learning about computing from a woman - Royal Society After the Reboot

The other 75%

While the Royal Society report rightly focuses on what happens in classrooms during the school day, we need to remember that children spend only 25% of their waking hours there. What about the other 75%?

Ask any computer scientist, engineer, or maker, and they’ll tell stories about how much they learned in those precious discretionary hours.

Ask an engineer of a certain age (ahem), and they will tell you about the local computing club where they got hands-on with new technologies, picked up new ideas, and were given help by peers and mentors. They might also tell you how they would spend dozens of hours typing in hundreds of line of code from a magazine to create their own game, and dozens more debugging when it didn’t work.

One of our goals at the Raspberry Pi Foundation is to lead the revival in that culture of informal learning.

The revival of computing clubs

There are now more than 6,000 active Code Clubs in the UK, engaging over 90,000 young people each week. 41% of the kids at Code Club are girls. More than 150 UK CoderDojos take place in universities, science centres, and corporate offices, providing a safe space for over 4,000 young people to learn programming and digital making.

So far this year, there have been 164 Raspberry Jams in the UK, volunteer-led meetups attended by over 10,000 people, who come to learn from volunteers and share their digital making projects.

It’s a movement, and it’s growing fast. One of the most striking facts is that whenever a new Code Club, CoderDojo, or Raspberry Jam is set up, it is immediately oversubscribed.

So while we work on fixing the education system, there’s a tangible way that we can all make a huge difference right now. You can help set up a Code Club, get involved with CoderDojo, or join the Raspberry Jam movement.

The post Computing in schools: the report card appeared first on Raspberry Pi.

Russia Plans Instant Movie Pirate Site Blockades, Without Court Order

Post Syndicated from Ernesto original https://torrentfreak.com/russia-plans-instant-movie-pirate-site-blockades-without-court-order-171108/

A decade ago online pirates had more or less free rein in Russia, but much has changed in recent years.

With the introduction of several new laws, the country has been very aggressive in its anti-piracy approach, outpacing the United States and other western countries in several key areas.

At the center of many of these efforts is Rozcomnadzor. The controversial Russian Government body is responsible for managing web-blockades against pirate portals and other disruptive sites, which are censored on a broad scale.

In addition to regular pirate sites, Rozcomnadzor also has the power to block their proxies and mirrors, and even VPN services which can be used to circumvent these measures. However, according to a recent proposal from the Russian government, this is not enough.

A new amendment that that was published by the Ministry of Culture proposes to allow for near-instant pirate site blockades to protect the local movie industry, Vedomosti reports.

Russian officials state that people often skip a visit to the movie theater when a pirated copy is available, depriving the makers of a crucial source of income. While filmmakers and other copyright holders can already report infringing sites, it’s a relatively slow process.

At the moment, website owners are given three days to remove infringing content before any action is taken. Under the new proposal, site blockades would be implemented less than 24 hours after Rozcomnadzor is alerted. Website owners will not get the chance to remove the infringing content and a court order isn’t required either.

Vladimir Medinsky, Russia’s Minister of Culture, has been a proponent of such pre-judicial blockades for a while, but his previous proposals didn’t receive support in the State Duma.

The new blocking plans go further than any of the previous legislation, but they will only apply to movies that have “a national film certificate” from Russian authorities, as HWR points out. This doesn’t cover any Hollywood movies, which typically top the local box office.

Hollywood’s industry group MPAA is not going to appreciate being left out, but its critique isn’t new. Despite all the new anti-piracy laws, the group is generally critical of Russia’s copyright enforcement policies.

“Russia needs to increase its enforcement activity well beyond current levels to provide adequate and effective enforcement of IPR violations, including the imposition of criminal deterrent penalties,” the MPAA wrote in its recent trade barriers report.

That said, the group was positive about the new law that allows rightsholders to have proxy sites and mirrors banned.

“The recently-enacted amendment to the Anti-Piracy law should constrain the ability of wrongdoers to simply modify their internet sites and continue to operate in violation of the law,” the MPAA added.

From a Hollywood perspective, it certainly beats blocking no sites at all, which is largely the case in the US at the moment.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

MPAA Warns Australia Not to ‘Mess’ With Fair Use and Geo-Blocking

Post Syndicated from Ernesto original https://torrentfreak.com/mpaa-warns-australia-not-mess-with-fair-use-and-geo-blocking-171107/

Last year, the Australian Government’s Productivity Commission published a Draft Report on Intellectual Property Arrangements, recommending various amendments to local copyright law.

The Commission suggested allowing the use of VPNs and similar technologies to enable consumers to bypass restrictive geo-blocking. It also tabled proposals to introduce fair use exceptions and to expand safe harbors for online services.

Two months ago the Government responded to these proposals. It promised to expand the safe harbor protections and announced a consultation on fair use, describing the current fair dealing exceptions as restrictive. The Government also noted that circumvention of geo-blocks may be warranted, in some cases.

While the copyright reform plans have been welcomed with wide support from the public and companies such as Google and Wikipedia, there’s also plenty of opposition. From Hollywood, for example, which fears that the changes will set back Australia’s progress to combat piracy.

A few days ago, the MPAA submitted its 2018 list of foreign trade barriers to the U.S. Government. The document in question highlights key copyright challenges in the most crucial markets, Australia included. According to the movie industry group, the tabled proposals are problematic.

“If the Commission’s recommendations were adopted, they could result in legislative changes that undermine the current balance of protection in Australia. These changes could create significant market uncertainty and effectively weaken Australia’s infrastructure for intellectual property protection,” the MPAA writes.

“Of concern is a proposal to introduce a vague and undefined ‘fair use’ exception unmoored from decades of precedent in the United States. Another proposal would expand Australia’s safe harbor regime in piecemeal fashion,” the group adds.

The fair use opposition is noteworthy since the Australian proposal is largely modeled after US law. The MPAA’s comment suggests, however, that this can’t be easily applied to another country, as that would lack the legal finetuning that’s been established in dozens of court cases.

That the MPAA isn’t happy with the expansion of safe harbor protections for online service providers is no surprise. In recent years, copyright holders have often complained that these protections hinder progress on the anti-piracy front, as companies such as Google and Facebook have no incentive to proactively police copyright infringement.

Moving on, the movie industry group highlights that circumvention of geo-blocking for copyrighted content and other protection measures are also controversial topics for Hollywood.

“Still another would allow circumvention of geo-blocking and other technological protection measures. Australia has one of the most vibrant creative economies in the world and its current legal regime has helped the country become the site of major production investments.

“Local policymakers should take care to ensure that Australia’s vibrant market is not inadvertently impaired and that any proposed relaxation of copyright and related rights protection does not violate Australia’s international obligations,” the MPAA adds.

Finally, while it was not included in the commission’s recommendations, the MPAA stresses once again that Australia’s anti-camcording laws are not up to par.

Although several camming pirates have been caught in recent years, the punishments don’t meet Hollywood’s standards. For example, in 2012 a man connected to a notorious release group was convicted for illicitly recording 14 audio captures, for which he received an AUS$2,000 fine.

“Australia should adopt anticamcording legislation. While illegal copying is a violation of the Copyright Act, more meaningful deterrent penalties are required,” the MPAA writes. “Such low penalties fail to reflect the devastating impact that this crime has on the film industry.”

The last suggestion has been in the MPAA’s recommendations for several years already, but the group is persistent.

In closing, the MPAA asks the US Government to keep these and other issues in focus during future trade negotiations and policy discussions with Australia and other countries, while thanking it for the critical assistance Hollywood has received over the years.

MPAA’s full submission, which includes many of the recommendations that were made in previous years, is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Using taxies to monitor air quality in Peru

Post Syndicated from Alex Bate original https://www.raspberrypi.org/blog/air-quality-peru/

When James Puderer moved to Lima, Peru, his roadside runs left a rather nasty taste in his mouth. Hit by the pollution from old diesel cars in the area, he decided to monitor the air quality in his new city using Raspberry Pis and the abundant taxies as his tech carriers.

Taxi Datalogger – Assembly

How to assemble the enclosure for my Taxi Datalogger project: https://www.hackster.io/james-puderer/distributed-air-quality-monitoring-using-taxis-69647e

Sensing air quality in Lima

Luckily for James, almost all taxies in Lima are equipped with the standard hollow vinyl roof sign seen in the video above, which makes them ideal for hacking.

Using a Raspberry Pi alongside various Adafuit tech including the BME280 Temperature/Humidity/Pressure Sensor and GPS Antenna, James created a battery-powered retrofit setup that fits snugly into the vinyl sign.

The schematic of the air quality monitor tech inside the taxi sign

With the onboard tech, the device collects data on longitude, latitude, humidity, temperature, pressure, and airborne particle count, feeding it back to an Android Things datalogger. This data is then pushed to Google IoT Core, where it can be remotely accessed.

Next, the data is processed by Google Dataflow and turned into a BigQuery table. Users can then visualize the collected measurements. And while James uses Google Maps to analyse his data, there are many tools online that will allow you to organise and study your figures depending on what final result you’re hoping to achieve.

A heat map of James' local area showing air quality

James hopped in a taxi and took his monitor on the road, collecting results throughout the journey

James has provided the complete build process, including all tech ingredients and code, on his Hackster.io project page, and urges makers to create their own air quality monitor for their local area. He also plans on building upon the existing design by adding a 12V power hookup for connecting to the taxi, functioning lights within the sign, and companion apps for drivers.

Sensing the world around you

We’ve seen a wide variety of Raspberry Pi projects using sensors to track the world around us, such as Kasia Molga’s Human Sensor costume series, which reacts to air pollution by lighting up, and Clodagh O’Mahony’s Social Interaction Dress, which she created to judge how conversation and physical human interaction can be scored and studied.

Human Sensor

Kasia Molga’s Human Sensor — a collection of hi-tech costumes that react to air pollution within the wearer’s environment.

Many people also build their own Pi-powered weather stations, or use the Raspberry Pi Oracle Weather Station, to measure and record conditions in their towns and cities from the roofs of schools, offices, and homes.

Have you incorporated sensors into your Raspberry Pi projects? Share your builds in the comments below or via social media by tagging us.

The post Using taxies to monitor air quality in Peru appeared first on Raspberry Pi.

HackSpace: a new magazine for makers

Post Syndicated from Andrew Gregory original https://www.raspberrypi.org/blog/hackspace/

HackSpace is the new monthly magazine for people who love to make things and those who want to learn. Grab some duct tape, fire up a microcontroller, ready a 3D printer and hack the world around you!

This is HackSpace magazine!

HackSpace is the new monthly magazine for the modern maker. Learn more at http://hsmag.cc. Launching on the 23rd November the magazine will be packed with projects for fixers and tinkerers of all abilities. We’ll teach you new techniques and give you refreshers on familiar ones, from 3D printing, laser cutting, and woodworking to electronics and Internet of Things.

HackSpace magazine

Each month, HackSpace will feature tutorials and projects to help you build and learn. Whether you’re into 3D printing, woodworking, or weird and wonderful IoT projects, HackSpace will help you get more out of hardware hacking by giving you the ideas and skills to take your builds to the next level.

HackSpace is a community magazine written by makers for makers, and we want your input. So if there’s something you want to see in the magazine, tell us about it. And if you have a great project that you believe deserves a place within a future issue, then show it to us.

The front cover of HackSpace magazine issue 1

Get your free copy

Eager to get your hands on HackSpace? Sign up for a free copy of issue 1 by visiting the website! You have until 17 November to do so. Moreover, if you’re the manager of a hack- and makerspace, you can also sign up for a whole box of free copies for your members to enjoy by filling in the details of your venue here.

We want HackSpace magazine to be available to as many people as possible, so we’ll be releasing a free PDF of every monthly issue alongside the print version. You won’t have to wait for us to release articles online — everything will be available free of charge from day one!

The front cover of HackSpace magazine issue 1

Get your monthly copy

For those who’d rather have the hard copy of HackSpace for their home library, garden shed, or coffee table, subscriptions start at just £4.00 a month for a rolling subscription, and even less than that if you’re already a subscriber to The MagPi magazine.

You will also be able to purchase this new magazine from selected newsagents in the UK from 23 November onward, and in the USA and Australia a few weeks later.

The post HackSpace: a new magazine for makers appeared first on Raspberry Pi.

BitBarista: a fully autonomous corporation

Post Syndicated from Alex Bate original https://www.raspberrypi.org/blog/bitbarista/

To some people, the idea of a fully autonomous corporation might seem like the beginning of the end. However, while the BitBarista coffee machine prototype can indeed run itself without any human interference, it also teaches a lesson about ethical responsibility and the value of quality.

BitBarista

Bitcoin coffee machine that engages coffee drinkers in the value chain

Autonomous corporations

If you’ve played Paperclips, you get it. And in case you haven’t played Paperclips, I will only say this: give a robot one job and full control to complete the task, and things may turn in a very unexpected direction. Or, in the case of Rick and Morty, they end in emotional breakdown.

BitBarista

While the fully autonomous BitBarista resides primarily on the drawing board, the team at the University of Edinburgh’s Center for Design Informatics have built a proof-of-concept using a Raspberry Pi and a Delonghi coffee maker.

BitBarista fully autonomous coffee machine using Raspberry Pi

Recently described by the BBC as ‘a coffee machine with a life of its own, dispensing coffee to punters with an ethical preference’, BitBarista works in conjunction with customers to source coffee and complete maintenance tasks in exchange for BitCoin payments. Customers pay for their coffee in BitCoin, and when BitBarista needs maintenance such as cleaning, water replenishment, or restocking, it can pay the same customers for completing those tasks.

BitBarista fully autonomous coffee machine using Raspberry Pi

Moreover, customers choose which coffee beans the machine purchases based on quality, price, environmental impact, and social responsibility. BitBarista also collects and displays data on the most common bean choices.

BitBarista fully autonomous coffee machine using Raspberry Pi

So not only is BitBarista a study into the concept of full autonomy, it’s also a means of data collection about the societal preference of cost compared to social and environmental responsibility.

For more information on BitBarista, visit the Design Informatics and PETRAS websites.

Home-made autonomy

Many people already have store-bought autonomous technology within their homes, such as the Roomba vacuum cleaner or the Nest Smart Thermostat. And within the maker community, many more still have created such devices using sensors, mobile apps, and microprocessors such as the Raspberry Pi. We see examples using the Raspberry Pi on a daily basis, from simple motion-controlled lights and security cameras to advanced devices using temperature sensors and WiFi technology to detect the presence of specific people.

How to Make a Smart Security Camera with a Raspberry Pi Zero

In this video, we use a Raspberry Pi Zero W and a Raspberry Pi camera to make a smart security camera! The camera uses object detection (with OpenCV) to send you an email whenever it sees an intruder. It also runs a webcam so you can view live video from the camera when you are away.

To get started building your own autonomous technology, you could have a look at our resources Laser tripwire and Getting started with picamera. These will help you build a visitor register of everyone who crosses the threshold a specific room.

Or build your own Raspberry Pi Zero W Butter Robot for the lolz.

The post BitBarista: a fully autonomous corporation appeared first on Raspberry Pi.

Hacker House’s gesture-controlled holographic visualiser

Post Syndicated from Alex Bate original https://www.raspberrypi.org/blog/hacker-house-holographic-visualiser/

YouTube makers Hacker House are back with a beautiful Flick-controlled holographic music visualiser that we’d really like to have at Pi Towers, please and thank you.

Make a Holographic Audio Visualizer with Gesture Control

Find all the code and materials on: https://www.hackster.io/hackerhouse/holographic-audio-visualizer-with-motion-control-e72fee A 3D holographic audio visualizer with gesture control can definitely spice up your party and impress your friends. This display projects an image from a monitor down onto an acrylic pyramid, or “frustum”, which then creates a 3D effect.

Homemade holographic visualiser

You may have seen a similar trick for creating holograms in this tutorial by American Hacker:

How To Make 3D Hologram Projector – No Glasses

Who will know that from plastic cd case we can make mini 3d hologram generator and you can watch 3d videos without glasses.

The illusion works due to the way in which images reflect off a flat-topped pyramid or frustum, to use its proper name. In the wonderful way they always do, the residents of Hacker House have now taken this trick one step further.

The Hacker House upgrade

Using an LCD monitor, 3D-printed parts, a Raspberry Pi, and a Flick board, the Hacker House team has produced a music visualiser truly worthy of being on display.

Hacker House Raspberry Pi holographic visualiser

The Pi Supply Flick is a 3D-tracking and gesture board for your Raspberry Pi, enabling you to channel your inner Jedi and control devices with a mere swish of your hand. As the Hacker House makers explain, in this music player project, there are various ways in which you could control the playlist, visualisation, and volume. However, using the Flick adds a wow-factor that we highly approve of.

The music and visualisations are supplied by a Mac running node.js. As the Raspberry Pi is running on the same network as the Mac, it can communicate with the it via HTTP requests.

Sketch of network for Hacker House Raspberry Pi holographic visualiser

The Pi processes incoming commands from the Flick board, and in response send requests to the Mac. Swipe upward above the Flick board, for example, and the Raspberry Pi will request a change of visualisation. Swipe right, and the song will change.

Hacker House Raspberry Pi holographic visualiser

As for the hologram itself, it is formed on an acrylic pyramid sitting below an LCD screen. Images on the screen reflect off the three sides of the pyramid, creating the illusion of a three-dimensional image within. Standard hocus pocus trickery.

Full details on the holographic visualiser, including the scripts, can be found on the hackster.io project page. And if you make your own, we’d love to see it.

Your turn

Using ideas from this Hacker House build and the American Hacker tutorial, our maker community is bound to create amazing things with the Raspberry Pi, holograms, and tricks of the eye. We’re intrigued to see what you come up with!

For inspiration, another example of a Raspberry Pi optical illusion project is Brian Corteil’s Digital Zoetrope:

Brian Corteil's Digital Zoetrope - Hacker House Raspberry Pi holographic visualiser

Are you up for the challenge of incorporating optical illusions into your Raspberry Pi builds? Share your project ideas and creations in the comments below!

The post Hacker House’s gesture-controlled holographic visualiser appeared first on Raspberry Pi.