Tag Archives: people

Building a sustainable workforce, through communities

Post Syndicated from Janet Van Huysse original https://blog.cloudflare.com/building-a-sustainable-workforce-through-communities/

Building a sustainable workforce, through communities

Building a sustainable workforce, through communities

At Cloudflare, we have our eyes set on an ambitious goal: to help build a better Internet. Today the company runs one of the world’s largest networks that powers approximately 25 million Internet properties. This is made possible by our 1,900 team members around the world. We believe the key to achieving our potential is to build diverse teams and create an environment where everyone can do their best work.

That is why we place a lot of value on the importance of diversity, equity and inclusion. Diversity, equity, and inclusion lead to better outcomes through improved decision-making, more innovative teams, stronger financial returns and simply a better place to work for everyone.

Building a sustainable workforce, through communities

To become more diverse, equitable, and inclusive, we believe it’s important to focus on communities within and around our company.

Building internal communities at Cloudflare

At Cloudflare, like most workplaces, there are built-in communities: your direct team, your cross-functional partners and (because we take onboarding very seriously) your new hire class. These communities, especially the first two, are important to help you get your job done. But we want more than that for our team at Cloudflare. We believe that community builds connection and fosters a sense of belonging.

Because of that, we have supported the growth of over 16 Employee Resource Groups (ERG’s). We use the term ERG broadly at Cloudflare. We have many ERG’s focused on traditionally under-represented groups in tech: Afroflare (Black, African diaspora), Latinflare, and Womenflare; groups that have been historically marginalized: Proudflare (LGBTQIA+), Cloudflarents (parents and caregivers); as well as interest and affinity groups like Mindflare and Soberflare. To read more about all of our ERGs, visit our diversity, equity, and inclusion webpage or read about them on our blog. In addition to creating a community of support and belonging, our ERGs also work to enhance career development of their members and contribute to the development of a more inclusive culture at Cloudflare.

Building the skills to build communities

We define an inclusive culture as one where everyone feels safe, welcome and respected with a sense of belonging. We do not leave this to chance. We make investments in training and programs to develop and deepen the skills needed to nurture and preserve inclusive communities at Cloudflare.

One of our earliest offerings was Ally Skills training. The aim of this workshop is to help build awareness of the types of behavior and language which can be harmful to inclusivity at Cloudflare, and teach simple, everyday ways to support people who are targets of systemic oppression. During the workshop, team members share strategies on how to act as allies and how to create a long-lasting, inclusive culture at Cloudflare. As the program was being rolled out, the management team did the workshop together and quickly realized these were not skills reserved for ‘allies’ but it was our expectation that this was how all of our team members treated each other. These were necessary skills to be successful at Cloudflare. As a result, we reworked some pieces of the workshop and renamed it: How We Work Together.

We have also partnered with Paradigm IQ and Included to create a three-part Unconscious Bias Education Program. These workshops are a mix of eLearning and facilitated workshops where we learn about how to help mitigate unconscious bias and make our company a more welcoming and inclusive place for everyone. tEQuitable is an additional comprehensive resource which helps us create a safe, inclusive, and equitable workplace. They provide an independent sounding board where our employees may confidentially raise a concern, access a just-in-time learning platform, and get advice from professional Ombuds. They also help us identify systemic workplace issues and provide us with actionable recommendations for how to improve our workplace culture. What we especially love about tEQuitable is that it’s all about empowering our employees with tools and resources to address issues that may be impacting them, or they may witness impacting others, so we all play an active role in maintaining and nurturing our culture.

One other program worth highlighting is our Week On: Learning and Inclusion. This program came as a response to the murder of George Floyd in the US at the end of May 2020. Our Afroflare global leaders suggested we use Juneteenth as a full-day of deep learning from external experts on topics ranging from the history of race and racism to the psychological impact of racism on people of color. In 2021, we expanded it from a one-day program to a week full of programming with topics ranging from antiracism keynotes, inclusive people management workshops and inclusive recruiting practices.

Holding ourselves accountable to an inclusive culture

Increasing awareness and skill-building is valuable, but it is not enough. We also have to hold ourselves accountable by analyzing data, setting goals and measuring progress objectively. Each year we set company-wide goals around our diversity, and for the last few years we’ve added individual goals for managers — one focused on building a more diverse team, and one focused on building an inclusive team culture.

We also place a high value on behaviors at Cloudflare. This is imperative because we believe that culture is defined by the behaviors we reward. So in order to have a healthy and inclusive culture, we must reward the behaviors that promote and preserve that. We have defined these behaviors as our Cloudflare Capabilities.

Building a sustainable workforce, through communities

We screen for these Capabilities during our interview process, and they are used in performance and promotion conversations. We hold ourselves accountable by using a very simple formula: Performance = results + behaviors. Equally weighted.

Our Recruiting Efforts

Speaking of interviewing, hiring is an important part of our diversity story. We believe that diverse teams win, and we put in a lot of effort to build diverse teams across the company. We have many team members who took unconventional paths into tech, and we believe that makes us stronger as a company. In fact, many of our job descriptions read: We realize people do not fit into neat boxes. We are looking for curious and empathetic individuals who are committed to developing themselves and learning new skills, and we are ready to help you do that. We cannot complete our mission without building a diverse and inclusive team.

In addition to an inclusive and expansive mindset around hiring, we also have interviews dedicated specifically to fit against our Capabilities, as well as leveraging technology and tools to help identify great talent who help to increase the diversity of our teams.

We have also made investments in events and partnerships that help support our diversity recruiting efforts. In August 2016, Cloudflare was one of the first companies to partner with Path Forward when it first launched its program in California. [Fun fact: that’s how I learned about Cloudflare and became interested in working here]. In Singapore, we have a similar partnership with [email protected].

We also engage with organizations and participate in events that help us reach talent from underrepresented groups. We have sponsored and spoke on stage at events like Lesbians Who Tech and Grace Hopper, where our co-founder, President and COO, Michelle Zatlyn, delivered the keynote in 2020. We regularly attend events and conferences hosted by AfroTech, Women Who Code, Girls Who Code, TAPIA, NSN, and more.

Engaging with external communities

Our ethos is to support and connect with external communities as well. Prior to the pandemic, when our offices were fully open and social and professional events were a thing, we regularly hosted external organizations to host events in our communal spaces. One example of such an organization is Wu Yee Children’s Services, a San Francisco Chinatown-based nonprofit that connects parents and caregivers to affordable childcare options, offers payment assistance to low-income families, and other family and community services. We were honored to host their orientation session. Another organization we hosted was Women Who Code SF. We regularly hosted their “ algorithm and interview prep” workshops, which helped women coders gain the skills they need to land good jobs in the tech industry. Unlike many of our tech company peers, we did not offer free lunch five days a week. It was important to us that our team members got out of the office and supported local businesses and restaurants. It is important that we do not isolate ourselves, but rather are part of a larger community.

We also believe in giving back to our local communities. Prior to COVID, Cloudflare dedicated one week every year to volunteer efforts. Coordinated across many of our large office locations, we would dedicate each day for a full week volunteering at employee-nominated, local non-profit organizations. Our participation pivoted to virtual during COVID, but we are anxious to return to in-person giving when we can.

While we are proud of these efforts, it is in using Cloudflare products and services for good that is truly special. Cloudflare’s mission to help build a better Internet means we are in a unique position to help vulnerable websites, applications and services be safer, faster and more reliable online.

A few to highlight:

Project Galileo

Organizations working in the arts, human rights, civil society, journalism, or democracy, may apply for Project Galileo to get Cloudflare’s cybersecurity protection, for free. Since 2014, we’ve been leveraging our services to support vulnerable public interest web properties including, but are not limited to: minority rights organizations, human rights organizations, independent media outlets, arts groups, and democracy and voter protection programs.

Our support of one of these organizations has blossomed over the years. We are proud to announce our partnership with The Trevor Project. Founded in 1998 by the creators of the Academy Award®-winning short film TREVOR, The Trevor Project is the leading national organization providing crisis intervention and suicide prevention services to lesbian, gay, bisexual, transgender, queer & questioning (LGBTQ) young people under 25. We support the organization through monetary donations, a partnership with our LGBTQIA+ Employee Resource Group, Proudflare, and free Cloudflare services through our Project Galileo Program.

Since 2017, we have donated about $8 million in cybersecurity tools under Project Galileo.

Athenian Project

Cloudflare launched the Athenian Project in 2017 to provide our highest level of cybersecurity services for free to state and local governments in the United States that run elections. The project is designed to protect these websites tied to elections including information related to voting and polling places, voter registration and sites that publish election results. And voter data from cyberattack, and keep them online. During the 2020 U.S. election, we worked closely with civil society and government agencies to share threat information that we saw targeted against these participants and protected more than 292 websites in 30 states, including the Missouri Secretary of State, Solano County in California and The Colorado Department of State.

In recognition that election security is a global issue, we recently announced our partnerships with the International Foundation for Electoral Systems, National Democratic Institute and International Republican Institute to extend our cybersecurity protections to election management bodies around the world, as well as organizations that support free and fair elections. We look forward to continuing our work to protect resources in the voting process and help build trust in democratic institutions around the world.

Project Fairshot

Around the world, governments, hospitals, and pharmacies are struggling to distribute the COVID-19 vaccine. Technical limitations are causing vaccine registration sites to crash under the load of registrations. At Cloudflare, we want to help. Cloudflare’s Waiting Room feature allows organizations with more demand for a resource — be it concert tickets, new edition sneakers, or vaccines — to allow individuals to queue and then allocate access. Waiting Rooms can be deployed in front of any existing registration website without requiring code changes. As we watched the world struggle to fairly and efficiently distribute the COVID-19 vaccine we wanted to lend our technologies and expertise to help. Under Project Fair Shot, Cloudflare is providing Waiting Room to any government agency, hospital, pharmacy, or other organization facilitating the distribution of the COVID-19 vaccine for free until anyone who wants to be vaccinated can be, until at least 31-December 2021.

We all need to work together to get past this incredibly difficult time worldwide and are humbled to have helped so many different organizations around the world such as the County of San Luis Obispo, Verto Health, and the Ministry of Health for the Republic of Latvia, and more!

Why we are publishing our diversity data

At Cloudflare, we believe in being principled, curious and transparent. Publishing our diversity report is aligned with these values.

We are Principled: One of the Cloudflare Capabilities is “Do the Right Thing” — that includes long-term thinking about how we build an innovative and sustainable workforce. We have a fundamental belief that fairness is the right thing. We believe that equity is the right thing.

We are Curious: Creating a more diverse and sustainable workforce is hard work. We want to draw lessons from the things we try, and we want to learn from what others are trying. Sustainable communities is not a zero-sum game, and we believe we can all benefit as an active part of the broader community.

We believe in Transparency: For many years, we have been transparent with our team about our diversity data and our goals, and we have measured our progress regularly. Now we are taking the step to share publicly because we believe in accountability and accept the responsibility to build a diverse and sustainable workforce.

You can check out our Diversity, Equity, and Inclusion webpage with our diversity report here.

While there is always more work to be done, we are grateful for the empathetic and curious team that makes Cloudflare what it is today. Together, we are optimistic we can build a better — and more inclusive — Internet.

How Employee Resource Groups (ERGs) can change an organization

Post Syndicated from Andrew Fitch original https://blog.cloudflare.com/how-employee-resource-groups-ergs-can-change-an-organization/

How Employee Resource Groups (ERGs) can change an organization

How Employee Resource Groups (ERGs) can change an organization

Employee resource groups (ERGs) are important to a company’s success. They foster community and a sense of belonging, help drive organizational change, and improve the overall quality of an organization’s culture. Most importantly, they help organizations become more diverse, equitable, and inclusive. I’d love to share the history of ERGs at Cloudflare, as well as how they function and help influence the company.

The history of ERGs at Cloudflare

When I joined Cloudflare in 2017, one of the first things I did was search “LGBTQ” in our company chat. A chat room of a dozen or so employees titled “LGBT at Cloudflare” popped up. There was evidence of some historic chatter in the room, and it was clear some employees had gathered for drinks after work before. I immediately introduced myself to the group, and asked if they would be okay with me setting up a meet & greet event. We booked a conference room, ordered lunch, found an article to discuss, introduced ourselves, and collectively decided we wanted to continue hosting such events. In our second meeting, we decided we should make things official by deciding on a name. This was the birth of Proudflare, our employee resource group (ERG) for LGBTQIA+ employees and our allies, and the first official Cloudflare ERG. I was honored to serve as Proudflare’s first global leader.

Cloudflare employees have founded and advanced fifteen other ERGs since 2017. Afroflare, our ERG for people of the African Diaspora, was the next ERG to form, later in 2017. The most recent is Flarability, our accessibility ERG. All of our groups are focused on fostering community, celebrating diversity, supporting career development, and educating those around us, but serve different communities. We decided early on that if each ERG focuses on education, celebration, and inclusion, we’ll be successful in supporting our underrepresented communities and stimulating positive change at our company. We have come a long way and still have a lot of change to make, but I can safely say that we have definitely helped make Cloudflare more diverse, inclusive, and equitable.

Scroll down to read the mission statements of each of Cloudflare’s ERGs. You may also read more about our ERGs through blog posts they’ve published at Cloudflare.

What is an ERG?

Our definition: At Cloudflare, ERGs are employee-led and company-supported groups of underrepresented and/or marginalized employees or groups of employees who are focused on key Corporate Social Responsibility initiatives. These employees join together in the workplace based on shared characteristics, life experiences, or initiatives. ERGs are generally based on creating a community of support and belonging, enhancing career development of their members, and contributing to the development of a more inclusive culture at Cloudflare.

ERGs are led by passionate volunteer employees who serve in roles as global leaders, regional leads, initiative leads, communications leads, and executive advocates. We ERG leaders agreed early on to support each other in our work, so we formed an Inclusion Council. This council is made up of all ERG leaders as well as Cloudflare’s inclusion workshop facilitators and serves as a steering committee in order to surface and incite feedback on diversity, equity, and inclusion (DEI) topics. We meet monthly, in rotating time zones so we may include leaders from all regions. Some of our most successful ERG partnership initiatives were forged in our Inclusion Council meetings between Womenflare and Afroflare, Asianflare and Desiflare, Mindflare and Proudflare, Latinflare and Afroflare, and more.

Most ERGs leverage executive advocates to help gain support from our senior executives and help those executives become more involved in DEI initiatives. Advocates meet regularly with ERG leaders, review company-wide or external-facing ERG communications, amplify the voices and visibility of ERGs through written communications and participation in events, and advocate for the ERG at the executive level. An example of a successful partnership between an Executive Advocate and an ERG is our CTO, John Graham-Cumming and Womenflare. John has held several meetings with Womenflare members to listen to their needs and experiences, share company decisions, and find ways to better advocate for the women of Cloudflare. He also meets with Womenflare’s leaders biweekly to help with major initiatives and any roadblocks to progress.

How Employee Resource Groups (ERGs) can change an organization

How do ERGs impact organizations?

The most important function of an ERG is to create a sense of belonging and community amongst their members and allies through chat room conversations and regular connection opportunities. ERGs typically also produce initiatives around global education and celebration opportunities such as Women’s Empowerment Month, Black History Month, Hispanic Heritage Month, etc. These initiatives include DEI discussion events, company-wide presentations, company-wide emails, blog posts, social media campaigns, Cloudflare TV segments, publication of antiracism resources, spotlighting of underrepresented and marginalized employees, advising Cloudflare teams on decisions such as inclusive benefits package selection and accessible office space construction, and helping to promote inclusion education programs.

Through these connection opportunities and initiatives, ERGs influence the overall organization. They attract more allies and encourage them to take DEI actions, help educate employees on systemic barriers to DEI, and help make the workplace more inclusive and enjoyable for everyone. I see ERGs as impactful grass-roots movements within a company and I’ve witnessed their positive impact firsthand.

Thank you for reading about Cloudflare’s ERGs. Sixteen ERGs is a good number, but I’m really looking forward to supporting the foundation and growth of even more, and helping our existing ERGs flourish. If you are interested in starting an ERG at your company or learning more about ERG best practices, I encourage you to check out the Human Rights Campaign’s article, Establishing an Employee Resource Group.

Cloudflare ERG mission statements:


How Employee Resource Groups (ERGs) can change an organization

Our mission is to help build a better Global Afro-community at Cloudflare and beyond. We support each other’s growth, share our community’s stories, and help to make Cloudflare a more diverse and inclusive company.


How Employee Resource Groups (ERGs) can change an organization

We provide a supportive environment for all employees of Asian and Pacific Islander heritage, work to create more awareness of the struggles our community has faced and continues to face today, and celebrate our rich shared cultures.


How Employee Resource Groups (ERGs) can change an organization

We provide community and resources for parents and families, and welcome allies, people who are interested in becoming a parent, or who are family-oriented.


How Employee Resource Groups (ERGs) can change an organization

We foster networking and build a sense of community amongst Cloudflare employees using the rich South Asian culture as a platform to bring people together.


How Employee Resource Groups (ERGs) can change an organization

We curate and share resources about disabilities, provide a community space for those with disabilities and our allies to find support and thrive, and encourage and guide Cloudflare’s accessibility programs.

Greencloud: Sustainability Group

How Employee Resource Groups (ERGs) can change an organization

Greencloud is a sustainability-focused working group made up of Cloudflare employees who are passionate about the environment and addressing the climate crisis.


How Employee Resource Groups (ERGs) can change an organization

We provide a forum for the Jewish people of Cloudflare where we support each other and celebrate our shared heritage.


How Employee Resource Groups (ERGs) can change an organization

The mission of Latinflare is to help create a more diverse workplace, create a sense of community + belonging for Latinx employees, and connect with the communities where we work.


How Employee Resource Groups (ERGs) can change an organization

We provide the Cloudflare community resources around mental health, as well as increase awareness and destigmatize mental health more broadly throughout our communities.


How Employee Resource Groups (ERGs) can change an organization

With a shared goal of education, we recognize the heritage and cultural presence of Native American employees at Cloudflare and illuminate the historical impact of policies and racism that continue to fuel prejudice and injustice, even to this day.


How Employee Resource Groups (ERGs) can change an organization

Our mission is to Educate and Celebrate, Globally! We find ways to support and provide resources for the LGBTQIA+ community and make sure that the Cloudflare community is a welcoming, inclusive place for all.


How Employee Resource Groups (ERGs) can change an organization

Ensure the Cloudflare community is welcoming and inclusive to those abstaining from alcohol and/or drug use by increasing awareness and destigmatizing the decision to choose sobriety.


How Employee Resource Groups (ERGs) can change an organization

We encourage the recruitment and retention of veterans of military service from any military around the world. We also provide a supportive environment and community space for those who have served to network.

Women in Engineering

How Employee Resource Groups (ERGs) can change an organization

Our mission is supporting women’s professional development and success within Cloudflare.

Women in Sales

How Employee Resource Groups (ERGs) can change an organization

Our mission is to provide community experience and resources to help women in our sales organization to grow professionally and support each other collectively.


How Employee Resource Groups (ERGs) can change an organization

Womenflare’s mission is to create a community where all who identify as women feel supported and represented at Cloudflare.

Cinco de Mayo – What are we celebrating anyway?

Post Syndicated from Hady Mendez original https://blog.cloudflare.com/cinco-de-mayo-what-are-we-celebrating-anyway/

Cinco de Mayo - What are we celebrating anyway?

Greetings from Latinflare, Cloudflare’s LatinX Employee Resource Group, with members all over the US, the UK, and Portugal. Today is Cinco de Mayo! Americans everywhere will be drinking margaritas and eating chips and salsa. But what is this Mexican holiday really about and what exactly are we celebrating?

About Cinco de Mayo

Cinco de Mayo, Spanish for “Fifth of May”, is an annual celebration held in Mexico on May 5th. The date is observed to commemorate the Mexican Army‘s victory over the French Empire at the Battle of Puebla, on May 5, 1862, under the leadership of General Ignacio Zaragoza. The victory of the smaller Mexican force against a larger French force was a boost to morale for the Mexicans. Zaragoza died months after the battle due to illness. A year after the battle, a larger French force defeated the Mexican army at the Second Battle of Puebla, and Mexico City soon fell to the invaders.

Cinco de Mayo - What are we celebrating anyway?
Source: (https://www.milenio.com/cultura/la-batalla-de-puebla-minuto-a-minuto)

In the United States, Cinco de Mayo has taken on a significance beyond that in Mexico. More popularly celebrated in the United States than Mexico, the date has become associated with the celebration of Mexican-American culture. These celebrations began in California, where they have been observed annually since 1863. The day gained nationwide popularity in the 1980s thanks especially to advertising campaigns by beer and wine companies. Today, Cinco de Mayo generates beer sales on par with the Super Bowl. WOW!

In Mexico, the commemoration of the battle continues to be mostly ceremonial, such as through military parades or battle reenactments. Cinco de Mayo is sometimes mistaken for Mexico’s Independence Day—the most important national holiday in Mexico—which is celebrated on September 16th.

Source: https://en.wikipedia.org/wiki/Cinco_de_Mayo

Cinco de Mayo - What are we celebrating anyway?
Photo credit: Gail Williams via Flickr.com (license information)

What Cinco de Mayo means to me? Stories and perspectives from Latinflare members.

Before COVID-19, Latinflare members across the US were planning to host “dip contests” and “make-your-own-margarita happy hours” to recognize Cinco de Mayo. In our new “work from home” world, we decided to still celebrate the holiday, but in a new way. I asked members of Latinflare to share what the holiday means to them and their families. Here’s what they shared. Please feel free to share your own personal stories in the comments section if you’d like!

What Cinco de Mayo means to me by Alonso – Cloudflare London

Having grown up in Mexico, my experience of Cinco de Mayo was quite different from many of my US-based friends and colleagues.

Originally, Cinco de Mayo commemorated the Battle of Puebla, which took place on 5 May 1862. In that battle, the Mexican Army defeated the French Army, which later overran Mexican forces and conquered Mexico City. My experience of Cinco de Mayo was mostly as a bank holiday where you get to stay home from school or work. Other holidays like Día de la Independencia (Mexico’s equivalent to 4th of July) get more headlines, fireworks, and celebrations. For the longest time, I didn’t quite get when US-based friends would text me to wish me a “Happy Cinco.”

One of the fascinating things about Latinflare, and other Employee Resource Groups at Cloudflare, is that you get to learn from colleagues and their collective experiences. Hearing stories -like the ones shared in this blog- about the significance of Cinco de Mayo to employees across the U.S. is fascinating. The Hispanic community in the US has augmented this day, which now celebrates the rich heritage of immigrant families from across Latin America. So from all our friends at Latinflare, I wish you a very happy Cinco!

A perspective from Salvador – Cloudflare Austin

About 7 years ago when I was still living in Guadalajara, Mexico, Cinco de Mayo was a regular workday (full of meetings) and I remember American co-workers asking me how I was going to celebrate!  I was like: “Why do you ask?”, “That’s not a Mexican holiday!”, “We just had a holiday (May Day)”.  I had to Google it so that I could explain to Americans what this holiday was about: Cinco de Mayo celebrates the Mexican victory over France on that day back in 1862. It is also known as “Battle of Puebla”, referring to the state in central Mexico where the battle took place. That’s the only Mexican region where Cinco de Mayo is a major holiday.

I am still surprised how this minor holiday is more celebrated in the US than in Mexico, but celebrations are never a bad thing so, keep celebrating this date!! Viva Mexico!! Now that I live in the US, this is a great date to hang out with friends and share Mexican food (tacos, guacamole, nachos, etc.) so they can taste authentic Mexican food.

Weighing in from Texas is Ricardo – Cloudflare Austin

Unfortunately, in my experience, there are some misconceptions about this day: mainly that Cinco de Mayo is Mexico’s Independence day (which it is not). Growing up in Mexico, Cinco de Mayo meant that I didn’t have to go to school and got to stay home. In the US, however, it is a day to celebrate Hispanic heritage!

Mostly a holiday in Puebla says Alex – Cloudflare Austin

I don’t really believe that Mexican families outside of Puebla are very aware of Cinco de Mayo. Even though I didn’t grow up in Puebla, I learned a bit more about the holiday due to the fact that my middle school in Ojocaliente, Zacatecas was named “Gral. Ignacio Zaragoza” after the general that defeated the French army in that battle in Puebla in 1862. This only made me try to be extra friendly to any French person that I’ve met. So even though we are not celebrating Mexican Independence Day,  I don’t have the heart to ruin the party for everyone.

Resources for Celebrating Cinco de Mayo during Quarantine

Whatever your thoughts or experiences on the holiday, if you choose to celebrate it, we found some cool resources for celebrating the holiday at home. Here are just a few:

Wherever you are, we are wishing you a happy and healthy Cinco de Mayo!

Cinco de Mayo - What are we celebrating anyway?
Photo Credit: S Pakhrin via Wikipedia Commons (license information)

About Latinflare

To learn more about Latinflare and how we got started, read our first blog post “Bienvenidos a Latinflare”.

Cinco de Mayo - What are we celebrating anyway?

We are Hiring!

Does Cloudflare sound like the type of place you’d like to work? We are hiring! Check out our careers page for more information on full time positions and internship roles at our locations across the globe.

Слово за Мистър Фантастика

Post Syndicated from Григор original http://www.gatchev.info/blog/?p=2157

Днес ми гостува един от най-известните български писатели на фантастика – Александър Карапанчев. Текстът му – публикуван за пръв път в брой 1 на списанието „Тера фантастика“ за 2004 г. – този път не е произведение, а поводът е колкото радостен, толкова и тъжен. 75-годишнината от рождението на Ивайло Рунев – може би най-изключителният фен в България. Уви, вече от десетилетия напуснал ни.


Между Ивайло Рунев и Нейно величество Фантастиката имаше една голяма, всепоглъщаща, изключителна любов…

Все още чувствам – и с кожата, и в душата си – онзи леденостуден февруарски ден на 1994 година, когато го изпращахме на Малашевските гробища. Първа съпругата му Ангелина хвърли буца пръст върху ковчега, изплаквайки лаконично: „Сбогом, Вале!“, а подир нея пристъпиха другите близки и приятели, брулени от сухия зъл вятър. Провождахме в последния му път човека, който отдавна се бе превърнал в символ на супержанра у нас – фен № 1 и Мистър Фантастика на България. В последния му път ли казах?

О, не, защото Ивайло беше (и продължава да бъде!) сред редките наши SF дейци, които са направили толкова много на нивата фантастична, че делото им не помръква с времето… Виждам го като жив пред очите си: елегантна, средна на ръст фигура; леко иронична, ала не студена усмивка на интелектуалец от висококаратна проба; и оня горещ блясък, просветващ ярко зад очилата му, щом някой заговори за тъй любимия му жанр. Ивайло Рунев приказваше тихо, винаги концентриран, пестелив откъм жестове, всякога готов за работа на ползу роду и за мечти…

Този човек обичаше фанатично книгите!

В малкия му апартамент срещу стадион „Герена“ имаше бивш килер, превърнат в библиотека за фантастика – гъсто изпълнени полици, прикривани от крилата на завески. Достатъчно бе гостът да спомене някакво заглавие, Рунев скачаше и след миг го донасяше от книжовното си светилище. Бе акуратен, по научному дисциплиниран, с почти компютърна памет. Казвал ми е, че узнае ли за някоя фантастична книга, е готов да стори всичко, за да я притежава. Той само веднъж не дойде на определена с мен среща – чакал на опашка, когато от библиотека „Галактика“ пуснали „Зелените хълмове на Земята“ от Хайнлайн.

Разбира се, и за Ивайло важи с пълна сила формулата: „Трудно е да се говори за него, понеже беше твърде разностранен“. Затова, като надниквам в кладенеца на спомените, все повече ми се избистря идеята, че трябва да огранича своята задача до наистина по-реални параметри. И тъй, нека моето слово бъде посветено предимно на Ивайло Рунев и Книгата. Тя беше негова сърцевина, верую, пътеводна звезда, колекционерско въжделение и онова семе, от което могат да израснат чудесни плодове.

Така добре владеещ се, тоя джентълмен изведнъж се оживяваше необичайно, щом се зададеше книжовен аукцион. Обичах да му помагам в подобни случаи, да прихващам от майстора. И ето че пак се озоваваме в заличката на онзи бургаски хотел, където през няколко септемврийски дни (лазурно море плюс слънчево злато) пулсираше международният Орфкон ’90. При нас идваха шепа българи и най-вече руснаци, носейки своите предложения за събитието. С благородно пламнало лице и енергични пръсти колегата Рунев разглеждаше и записваше заглавията. Той отбелязваше и цените, искани от собствениците – бяха такива времена, че потомците на Толстой и Стругацки даваха дори най-редки издания срещу равностойността на две-три мускатови ракии. Макар да имаше огромна библиотека, Ивайло още при предварителната отсявка придоби купчинка книги, а после – с впечатляваща компетентност и неподражаемо чувство за хумор – ръководи в по-голяма зала самия аукцион.

Беше весело, шарено като палитра, беше същински интелектуален спектакъл. Доколкото си спомням, рекорда тогава отнесе срещу 30 лева сборникът на Боб Шоу „Звездный венок“. Тук му е мястото да добавя: поклон пред великолепната московска поредица „Зарубежная фантастика“, чиито томчета десетилетия наред ни отваряха невероятен прозорец към човешкото въображение!…

Но хайде да предоставим думата и на този български принц на супержанра. Ще го „чуем“ посредством едно интервю, което взех от него през 1986 година. Рунев го прегледа преди отпечатването му и то (леко съкратено – вечните броени вестникарски редове!) излезе в хубавия седмичник „АБВ“. През оня период там – с много вещина и вкус – бе поддържана специализирана страница за фантастика, за която апостолски се грижеше приятелят ни Велко Милоев. Надявам се, че това интервю все още не е остаряло, ами напротив: продължава да излъчва нещо от характерния аромат на бог Хронос и също така да… Впрочем защо не поорежем излишните отклонения, с които обикновено обрастват спомените, и да тръгнем от заглавието

Библиотеки във времето и пространството

Навсякъде в уютния апартамент пъстреят книги от разнообразни жанрове. И ни хрумва: колко хубаво би било, ако книгите можеха да се разполагат не само в пространството, а и… във времето! Тогава 3000-те заглавия тук спокойно биха се побрали в една скромна хроносекция. Набираш върху мониторчето ѝ необходимата комбинация и сякаш от рога на изобилието се посипват томовете на може би най-богатата у нас библиотека от фантастична литература. Ала нека нейният собственик Ивайло РУНЕВ представи сам и себе си, и някои от „тайните“ на уникалната си колекция:

– Работя като инженер в Централния институт по химическа промишленост. Вече десет години съм председател на Интегралния клуб по фантастика, евристика и прогностика „Иван Ефремов“ – София, и на Координационния съвет на сродните му клубове в страната. Любимия жанр събирам от 1963 година. Колекцията ми е рекордна по отношение на българските заглавия – приблизително 300 (от общо 700 появили се заедно с преизданията, като се почне от „80 дни около света“ на Жул Верн, отпечатано от Христо Г. Данов преди повече от век), и на съветските заглавия – над 600. Още стотина фантастични тома имам на сръбски, немски, английски и други езици.

Освен с фантастиката, пръсната из многожанрови сборници, библиотеката ми се допълва от ксероксни и фотокопия на съвсем редки книги: „Атлантида“ на Пиер Беноа, „С ракетна граната към месеца“ от Бруно Бюргел или „Планетоида 2100“ от Юзефа Бурдецка – първия полски НФ роман, издаден в България… Притежавам също албуми на Соколов и Леонов, на Чюрльонис, твърде обширна сбирка от периодика: вестници, списания и фензини, както и кореспонденция с десетки почитатели на жанра от четири континента.

– С кои „перли“ от цялото това съкровище се гордеете най-много? И възможно ли е с помощта на вашата библиотека да се напише историята на българската фантастична книга?

– Ще продължа моя списък на редки екземпляри с двойката книги „Поглед назад“ от Едуард Белами и побългарената ѝ преработка „Настоящето, разгледано от потомството ни, и надничане в напредъка на бъдещето“ от Илия Йовчев (по същество първи наш опит за фантастичен роман), с „Ерминия“, роман в подлистници от австралиеца Ерл Кокс, посветен на темата предишни цивилизации върху Земята, с първото издание на „О-Корс“ от първопроходеца Георги Илиев. Да не забравяме и книгите с аввтографи от братя Стругацки, Олга Ларионова, Дмитрий Биленкин, Ерик Симон, от всички съвременни български автори.

По втория въпрос: не, няма да може, защото в колекцията ми има празнини, особено от старата ни литература. Ползвайки и фондовете на народните библиотеки в София и Пловдив, аз написах една непубликувана засега „История на българската фантастика“. Изградена е на хронологичния принцип и започва от разказа на Иван Вазов „Последният ден на ХХ век“ (1899). Нека подчертая, че през периода 1935-1945 година този жанр у нас е на доста високо равнище (да речем, десето място в света), като удачно се застъпват основните му направления… Да, ние слабо познаваме по-старите си фантасти и липсата на критически изследвания в подобна насока е сериозен пропуск.

– А може ли фантастиката да каже нещо ново на научния работник, например на химика Ивайло Рунев?

– Някои научнофантастични творби са ми давали подтик, но като правило смятам, че те рядко успяват да предложат нов тип идея. Тъй наречената фантастика на близкия прицел, илюстрираща лабораторния живот на откритията, понякога подхвърля идейни чернови, ала страда от недостиг на художествени характери. По-важно е да изтъкнем, че любимият ни жанр създава атмосфера на търсене на прогрес в науката и техниката, че разпалва въображението и поражда свеж духовен глад, поддържайки у човека непрекъснат стремеж към творчески промени.

Фантастиката показва с ярки бои, че светът не е изчерпан и че битието не може да бъде скучно. Забележете, това не е измислената екзотика на приключенията и сладникавата филмова любов, ами вселена, в която бихме могли да участваме. Фантастичното изкуство дарява ориентир и значително разширява хоризонта на всеки свой почитател.

– Да се обърнем към прогностиката: как си представяте библиотеките на бъдещето – лични и обществени?

– Като библиофил изпитвам удоволствие, когато галя кориците на моите книги. Обаче никоя лична сбирка не е в състояние да покрие океана от желания на любителя. Така че няма друго спасение освен държавните фондове, макар днешните библиотеки до голяма степен да ми приличат на гробници, където е твърде трудно да получиш търсеното заглавие… Спомням си, че на въпроса „Възможно ли е върху една пръчка да се запише цялото съдържание на Британската енциклопедия?“ професор Мартин Гарднър отговаря, че това е чисто технически проблем, който ще реши ХХI век – но нали тогава ще живеем и ние?

Вярвам, че внуците ми ще ползват информация, съхранявана на молекулно ниво. И понеже диалектиката ни учи, че микросветът е безкраен, вероятно е в по-далечното бъдеще да се появят записи на субатомно равнище. Питате ме дали в такъв случай може да се правят неутронни и мезонни „книги“? Защо не, стига под т.нар. книга да разбираме комплекс от символи, даващи завършена информация. Тук много ще ни помогнат новите поколения компютри, които ще се различават от съвременните както фараонската лодка от космическия кораб.

– Как гледате на идеята да се създаде специализирана обществена библиотека, посветена изцяло на фантастиката? И съществува ли днес подобна потребност?

– Въпросът ме изненадва и зарадва едновременно. Веднага си представям 100, 200 хиляди, 1 милион НФ заглавия, издадени по широкия свят. И аз обикалям между тях! Навярно тъй и ще си умра от глад и жажда, защото ще забравя за тези си физиологични „подробности“. Ала да се откъснем от мечтите. Такава библиотека (при съответните пропорции, разбира се) има – тя принадлежи на нашия интегрален клуб „Иван Ефремов“ и не е за пренебрегване, особено ако се приеме, че е обединена с моята и на още двама-трима души от клуба сбирки.

Сигурен съм – завършва събеседникът срещу нас, – че щом вестник „АБВ“ пусне съобщение за една новосъздадена библиотека, посветена само на фантастиката, пред входа ѝ ще се събере опашка от хиляди желаещи. Мисля, че в тая засега въображаема съкровищница трябва да бъдат почетени трите „кита“ на фантастичното: литературата, филмите, компютърната фантастика и моделиращите устройства. Да, наред с отрупаните с книги стелажи, тук ще ни посреща кинозала, ще ни очароват с щедрите си пъстри екрани видеотерминали…

* * *

Това бе едно от моите интервюта с Ивайло Рунев, което исках да включа в словото си. Инак в медийното пространство ние сме разговаряли за какво ли не – за магията на фендъма, за Хърбърт Уелс и кометите (беше по времето на Халеевата яркоглава пришълка), за тънкостите при воденето на аукциони.

В своя живот съм имал моменти, когато гледах Ивайло отдолу нагоре, учейки се от него на любов към жанра и на енциклопедизъм (не че днес ми е късно да науча още). Дори направихме няколко опита за разменени семейни гостувания, умерено подкрепяни от водка или домашно княжевско винце. Помня, веднъж запитах жена му дали се интересува от фантастика. „А-а, не – кимна тогава Ангелина, – нямам никакъв допир с фантастиката, освен че спя под общ юрган с фантаст…“ И досега си мисля, че туй бе по-скоро шега, лукава и изящна. Просто не мога да си представя, че такъв мощен пропагандатор като съпруга ѝ не е пръснал „зараза“ и под къщовния покрив. Я вижте сина им Веселин Рунев, който – къде с мъчителни усилия, къде с бащината си оптимистична усмивка – вече десетина години поддържа библиотека „Орфия“…

Ивайло притежаваше твърде развито чувство за историчност: нещо, което липсва на мнозина от нас.

Тъкмо бяхме приготвили за печат стартовия брой на списание „ФЕП“ (март 1988) и една вечер в клуба аз предложих на Рунев надраскани коректури от този наистина исторически двоен брой. Човекът се поколеба (дали не си правя глума с него?), но сетне ги взе с интерес и явно ги е присъединил към своя достоен за музей архив… Ами колко сърцато, направо професионално умееше да организира БГ фестивалите на супержанра! Също така много обичаше да ходи на конвенти не само из нашенско, а и в чужбина, откъдето винаги донасяше богата книжовна и друга интелектуална жътва. Тъй от Еврокона в Краков се завърна с чудесни спомени за Пол Андерсън – даже при някой от среднощните контакти бе успял да издейства от маестрото олекотени авторски права за първата му книга в България „Операция „Хаос“.

Да вметна, че пак той с присъщия си широк, ала не всеяден хоризонт стана първопроходец и на фентъзито у нас. Въз основа на негови материали на руски и чешки език беше съставено първото наше томче за супермъжагата Конан Варварина.

Как ли би изглеждала една по-разгърната визитка на тоя отечествен деец, питам се днес?

Представям си я не като обичайното в такива случаи картонче – та то няма да побере дори 1/10 част от лицата на Ивайло! Визитката му би могла да напомня например международен паспорт, върху чиито пъстроцветни странички да се чете: член на World SF и други задгранични организации; съосновател на пионерските в супержанра издателства „Ролис“ и „Орфия“, както и на остросюжетния алманах „SF трилър“… Библиограф с главно Б; журналист и историк, популяризиращ далеч не само задокеанското; мотор, обединител и летописец на родния фендъм… Има още: преводач & съставител; един от стълбовете на списание „ФЕП“, на което осигуряваше топла връзка с феновете; автор на книга-игра (издаде я под псевдоним, но не англоезичен); зачинател на първата у нас енциклопедия на световната фантастика… Да, дълъг списък!

Когато смъртта надвеси над него страшния си лик, Ивайло не се размекна от ужас и себесъжаление, ами продължи да бъде чудесен боец на своя любим фронт. Съумя да свърши доста неща за кратко време и веднъж, вече към края си, сподели с мен, че напоследък е научил какво ли не. „Само – въздъхна – дето не можах да стана редактор, някак не ми идва отръки…“ До последно многото му и толкоз разнообразни лица бяха живи, пулсираха, озарени от енергия, растящ енциклопедизъм и мечти.

Бяха живи ли казах?

О, не, тези негови ипостаси, неговият труд на нивата ни фантастична, стремежът му да прави добро в името на Нейно величество Фантастиката не престават да дишат и туптят. Те са живи! Разбира се, аз не искам да изкарвам Ивайло Рунев като някакъв свръхнадарен ангел с белоснежни крила (кажете – кой от нас е такъв?), но си мисля, че за днешните съвременници е твърде важно да бъдем духом с нашия фен № 1 и Мистър Фантастика, за да сме малко от малко достойни за неговата тъй светлоносна памет…

Storing Encrypted Credentials In Git

Post Syndicated from Bozho original https://techblog.bozho.net/storing-encrypted-credentials-in-git/

We all know that we should not commit any passwords or keys to the repo with our code (no matter if public or private). Yet, thousands of production passwords can be found on GitHub (and probably thousands more in internal company repositories). Some have tried to fix that by removing the passwords (once they learned it’s not a good idea to store them publicly), but passwords have remained in the git history.

Knowing what not to do is the first and very important step. But how do we store production credentials. Database credentials, system secrets (e.g. for HMACs), access keys for 3rd party services like payment providers or social networks. There doesn’t seem to be an agreed upon solution.

I’ve previously argued with the 12-factor app recommendation to use environment variables – if you have a few that might be okay, but when the number of variables grow (as in any real application), it becomes impractical. And you can set environment variables via a bash script, but you’d have to store it somewhere. And in fact, even separate environment variables should be stored somewhere.

This somewhere could be a local directory (risky), a shared storage, e.g. FTP or S3 bucket with limited access, or a separate git repository. I think I prefer the git repository as it allows versioning (Note: S3 also does, but is provider-specific). So you can store all your environment-specific properties files with all their credentials and environment-specific configurations in a git repo with limited access (only Ops people). And that’s not bad, as long as it’s not the same repo as the source code.

Such a repo would look like this:

└─── production
|   |   application.properites
|   |   keystore.jks
└─── staging
|   |   application.properites
|   |   keystore.jks
└─── on-premise-client1
|   |   application.properites
|   |   keystore.jks
└─── on-premise-client2
|   |   application.properites
|   |   keystore.jks

Since many companies are using GitHub or BitBucket for their repositories, storing production credentials on a public provider may still be risky. That’s why it’s a good idea to encrypt the files in the repository. A good way to do it is via git-crypt. It is “transparent” encryption because it supports diff and encryption and decryption on the fly. Once you set it up, you continue working with the repo as if it’s not encrypted. There’s even a fork that works on Windows.

You simply run git-crypt init (after you’ve put the git-crypt binary on your OS Path), which generates a key. Then you specify your .gitattributes, e.g. like that:

secretfile filter=git-crypt diff=git-crypt
*.key filter=git-crypt diff=git-crypt
*.properties filter=git-crypt diff=git-crypt
*.jks filter=git-crypt diff=git-crypt

And you’re done. Well, almost. If this is a fresh repo, everything is good. If it is an existing repo, you’d have to clean up your history which contains the unencrypted files. Following these steps will get you there, with one addition – before calling git commit, you should call git-crypt status -f so that the existing files are actually encrypted.

You’re almost done. We should somehow share and backup the keys. For the sharing part, it’s not a big issue to have a team of 2-3 Ops people share the same key, but you could also use the GPG option of git-crypt (as documented in the README). What’s left is to backup your secret key (that’s generated in the .git/git-crypt directory). You can store it (password-protected) in some other storage, be it a company shared folder, Dropbox/Google Drive, or even your email. Just make sure your computer is not the only place where it’s present and that it’s protected. I don’t think key rotation is necessary, but you can devise some rotation procedure.

git-crypt authors claim to shine when it comes to encrypting just a few files in an otherwise public repo. And recommend looking at git-remote-gcrypt. But as often there are non-sensitive parts of environment-specific configurations, you may not want to encrypt everything. And I think it’s perfectly fine to use git-crypt even in a separate repo scenario. And even though encryption is an okay approach to protect credentials in your source code repo, it’s still not necessarily a good idea to have the environment configurations in the same repo. Especially given that different people/teams manage these credentials. Even in small companies, maybe not all members have production access.

The outstanding questions in this case is – how do you sync the properties with code changes. Sometimes the code adds new properties that should be reflected in the environment configurations. There are two scenarios here – first, properties that could vary across environments, but can have default values (e.g. scheduled job periods), and second, properties that require explicit configuration (e.g. database credentials). The former can have the default values bundled in the code repo and therefore in the release artifact, allowing external files to override them. The latter should be announced to the people who do the deployment so that they can set the proper values.

The whole process of having versioned environment-speific configurations is actually quite simple and logical, even with the encryption added to the picture. And I think it’s a good security practice we should try to follow.

The post Storing Encrypted Credentials In Git appeared first on Bozho's tech blog.

Some quick thoughts on the public discussion regarding facial recognition and Amazon Rekognition this past week

Post Syndicated from Dr. Matt Wood original https://aws.amazon.com/blogs/aws/some-quick-thoughts-on-the-public-discussion-regarding-facial-recognition-and-amazon-rekognition-this-past-week/

We have seen a lot of discussion this past week about the role of Amazon Rekognition in facial recognition, surveillance, and civil liberties, and we wanted to share some thoughts.

Amazon Rekognition is a service we announced in 2016. It makes use of new technologies – such as deep learning – and puts them in the hands of developers in an easy-to-use, low-cost way. Since then, we have seen customers use the image and video analysis capabilities of Amazon Rekognition in ways that materially benefit both society (e.g. preventing human trafficking, inhibiting child exploitation, reuniting missing children with their families, and building educational apps for children), and organizations (enhancing security through multi-factor authentication, finding images more easily, or preventing package theft). Amazon Web Services (AWS) is not the only provider of services like these, and we remain excited about how image and video analysis can be a driver for good in the world, including in the public sector and law enforcement.

There have always been and will always be risks with new technology capabilities. Each organization choosing to employ technology must act responsibly or risk legal penalties and public condemnation. AWS takes its responsibilities seriously. But we believe it is the wrong approach to impose a ban on promising new technologies because they might be used by bad actors for nefarious purposes in the future. The world would be a very different place if we had restricted people from buying computers because it was possible to use that computer to do harm. The same can be said of thousands of technologies upon which we all rely each day. Through responsible use, the benefits have far outweighed the risks.

Customers are off to a great start with Amazon Rekognition; the evidence of the positive impact this new technology can provide is strong (and growing by the week), and we’re excited to continue to support our customers in its responsible use.

-Dr. Matt Wood, general manager of artificial intelligence at AWS

Hiring a Director of Sales

Post Syndicated from Yev original https://www.backblaze.com/blog/hiring-a-director-of-sales/

Backblaze is hiring a Director of Sales. This is a critical role for Backblaze as we continue to grow the team. We need a strong leader who has experience in scaling a sales team and who has an excellent track record for exceeding goals by selling Software as a Service (SaaS) solutions. In addition, this leader will need to be highly motivated, as well as able to create and develop a highly-motivated, success oriented sales team that has fun and enjoys what they do.

The History of Backblaze from our CEO
In 2007, after a friend’s computer crash caused her some suffering, we realized that with every photo, video, song, and document going digital, everyone would eventually lose all of their information. Five of us quit our jobs to start a company with the goal of making it easy for people to back up their data.

Like many startups, for a while we worked out of a co-founder’s one-bedroom apartment. Unlike most startups, we made an explicit agreement not to raise funding during the first year. We would then touch base every six months and decide whether to raise or not. We wanted to focus on building the company and the product, not on pitching and slide decks. And critically, we wanted to build a culture that understood money comes from customers, not the magical VC giving tree. Over the course of 5 years we built a profitable, multi-million dollar revenue business — and only then did we raise a VC round.

Fast forward 10 years later and our world looks quite different. You’ll have some fantastic assets to work with:

  • A brand millions recognize for openness, ease-of-use, and affordability.
  • A computer backup service that stores over 500 petabytes of data, has recovered over 30 billion files for hundreds of thousands of paying customers — most of whom self-identify as being the people that find and recommend technology products to their friends.
  • Our B2 service that provides the lowest cost cloud storage on the planet at 1/4th the price Amazon, Google or Microsoft charges. While being a newer product on the market, it already has over 100,000 IT and developers signed up as well as an ecosystem building up around it.
  • A growing, profitable and cash-flow positive company.
  • And last, but most definitely not least: a great sales team.

You might be saying, “sounds like you’ve got this under control — why do you need me?” Don’t be misled. We need you. Here’s why:

  • We have a great team, but we are in the process of expanding and we need to develop a structure that will easily scale and provide the most success to drive revenue.
  • We just launched our outbound sales efforts and we need someone to help develop that into a fully successful program that’s building a strong pipeline and closing business.
  • We need someone to work with the marketing department and figure out how to generate more inbound opportunities that the sales team can follow up on and close.
  • We need someone who will work closely in developing the skills of our current sales team and build a path for career growth and advancement.
  • We want someone to manage our Customer Success program.

So that’s a bit about us. What are we looking for in you?

Experience: As a sales leader, you will strategically build and drive the territory’s sales pipeline by assembling and leading a skilled team of sales professionals. This leader should be familiar with generating, developing and closing software subscription (SaaS) opportunities. We are looking for a self-starter who can manage a team and make an immediate impact of selling our Backup and Cloud Storage solutions. In this role, the sales leader will work closely with the VP of Sales, marketing staff, and service staff to develop and implement specific strategic plans to achieve and exceed revenue targets, including new business acquisition as well as build out our customer success program.

Leadership: We have an experienced team who’s brought us to where we are today. You need to have the people and management skills to get them excited about working with you. You need to be a strong leader and compassionate about developing and supporting your team.

Data driven and creative: The data has to show something makes sense before we scale it up. However, without creativity, it’s easy to say “the data shows it’s impossible” or to find a local maximum. Whether it’s deciding how to scale the team, figuring out what our outbound sales efforts should look like or putting a plan in place to develop the team for career growth, we’ve seen a bit of creativity get us places a few extra dollars couldn’t.

Jive with our culture: Strong leaders affect culture and the person we hire for this role may well shape, not only fit into, ours. But to shape the culture you have to be accepted by the organism, which means a certain set of shared values. We default to openness with our team, our customers, and everyone if possible. We love initiative — without arrogance or dictatorship. We work to create a place people enjoy showing up to work. That doesn’t mean ping pong tables and foosball (though we do try to have perks & fun), but it means people are friendly, non-political, working to build a good service but also a good place to work.

Do the work: Ideas and strategy are critical, but good execution makes them happen. We’re looking for someone who can help the team execute both from the perspective of being capable of guiding and organizing, but also someone who is hands-on themselves.

Additional Responsibilities needed for this role:

  • Recruit, coach, mentor, manage and lead a team of sales professionals to achieve yearly sales targets. This includes closing new business and expanding upon existing clientele.
  • Expand the customer success program to provide the best customer experience possible resulting in upsell opportunities and a high retention rate.
  • Develop effective sales strategies and deliver compelling product demonstrations and sales pitches.
  • Acquire and develop the appropriate sales tools to make the team efficient in their daily work flow.
  • Apply a thorough understanding of the marketplace, industry trends, funding developments, and products to all management activities and strategic sales decisions.
  • Ensure that sales department operations function smoothly, with the goal of facilitating sales and/or closings; operational responsibilities include accurate pipeline reporting and sales forecasts.
  • This position will report directly to the VP of Sales and will be staffed in our headquarters in San Mateo, CA.


  • 7 – 10+ years of successful sales leadership experience as measured by sales performance against goals.
    Experience in developing skill sets and providing career growth and opportunities through advancement of team members.
  • Background in selling SaaS technologies with a strong track record of success.
  • Strong presentation and communication skills.
  • Must be able to travel occasionally nationwide.
  • BA/BS degree required

Think you want to join us on this adventure?
Send an email to jobscontact@backblaze.com with the subject “Director of Sales.” (Recruiters and agencies, please don’t email us.) Include a resume and answer these two questions:

  1. How would you approach evaluating the current sales team and what is your process for developing a growth strategy to scale the team?
  2. What are the goals you would set for yourself in the 3 month and 1-year timeframes?

Thank you for taking the time to read this and I hope that this sounds like the opportunity for which you’ve been waiting.

Backblaze is an Equal Opportunity Employer.

The post Hiring a Director of Sales appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

Kidnapping Fraud

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2018/05/kidnapping_frau.html

Fake kidnapping fraud:

“Most commonly we have unsolicited calls to potential victims in Australia, purporting to represent the people in authority in China and suggesting to intending victims here they have been involved in some sort of offence in China or elsewhere, for which they’re being held responsible,” Commander McLean said.

The scammers threaten the students with deportation from Australia or some kind of criminal punishment.

The victims are then coerced into providing their identification details or money to get out of the supposed trouble they’re in.

Commander McLean said there are also cases where the student is told they have to hide in a hotel room, provide compromising photos of themselves and cut off all contact.

This simulates a kidnapping.

“So having tricked the victims in Australia into providing the photographs, and money and documents and other things, they then present the information back to the unknowing families in China to suggest that their children who are abroad are in trouble,” Commander McLean said.

“So quite circular in a sense…very skilled, very cunning.”

Security and Human Behavior (SHB 2018)

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2018/05/security_and_hu_7.html

I’m at Carnegie Mellon University, at the eleventh Workshop on Security and Human Behavior.

SHB is a small invitational gathering of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself. The 50 or so people in the room include psychologists, economists, computer security researchers, sociologists, political scientists, neuroscientists, designers, lawyers, philosophers, anthropologists, business school professors, and a smattering of others. It’s not just an interdisciplinary event; most of the people here are individually interdisciplinary.

The goal is to maximize discussion and interaction. We do that by putting everyone on panels, and limiting talks to 7-10 minutes. The rest of the time is left to open discussion. Four hour-and-a-half panels per day over two days equals eight panels; six people per panel means that 48 people get to speak. We also have lunches, dinners, and receptions — all designed so people from different disciplines talk to each other.

I invariably find this to be the most intellectually stimulating conference of my year. It influences my thinking in many different, and sometimes surprising, ways.

This year’s program is here. This page lists the participants and includes links to some of their work. As he does every year, Ross Anderson is liveblogging the talks. (Ross also maintains a good webpage of psychology and security resources.)

Here are my posts on the first, second, third, fourth, fifth, sixth, seventh, eighth, ninth, and tenth SHB workshops. Follow those links to find summaries, papers, and occasionally audio recordings of the various workshops.

Next year, I’ll be hosting the event at Harvard.

Replacing macOS Server with Synology NAS

Post Syndicated from Roderick Bauer original https://www.backblaze.com/blog/replacing-macos-server-with-synology-nas/

Synology NAS boxes backed up to the cloud

Businesses and organizations that rely on macOS server for essential office and data services are facing some decisions about the future of their IT services.

Apple recently announced that it is deprecating a significant portion of essential network services in macOS Server, as they described in a support statement posted on April 24, 2018, “Prepare for changes to macOS Server.” Apple’s note includes:

macOS Server is changing to focus more on management of computers, devices, and storage on your network. As a result, some changes are coming in how Server works. A number of services will be deprecated, and will be hidden on new installations of an update to macOS Server coming in spring 2018.

The note lists the services that will be removed in a future release of macOS Server, including calendar and contact support, Dynamic Host Configuration Protocol (DHCP), Domain Name Services (DNS), mail, instant messages, virtual private networking (VPN), NetInstall, Web server, and the Wiki.

Apple assures users who have already configured any of the listed services that they will be able to use them in the spring 2018 macOS Server update, but the statement ends with links to a number of alternative services, including hosted services, that macOS Server users should consider as viable replacements to the features it is removing. These alternative services are all FOSS (Free and Open-Source Software).

As difficult as this could be for organizations that use macOS server, this is not unexpected. Apple left the server hardware space back in 2010, when Steve Jobs announced the company was ending its line of Xserve rackmount servers, which were introduced in May, 2002. Since then, macOS Server has hardly been a prominent part of Apple’s product lineup. It’s not just the product itself that has lost some luster, but the entire category of SMB office and business servers, which has been undergoing a gradual change in recent years.

Some might wonder how important the news about macOS Server is, given that macOS Server represents a pretty small share of the server market. macOS Server has been important to design shops, agencies, education users, and small businesses that likely have been on Macs for ages, but it’s not a significant part of the IT infrastructure of larger organizations and businesses.

What Comes After macOS Server?

Lovers of macOS Server don’t have to fear having their Mac minis pried from their cold, dead hands quite yet. Installed services will continue to be available. In the fall of 2018, new installations and upgrades of macOS Server will require users to migrate most services to other software. Since many of the services of macOS Server were already open-source, this means that a change in software might not be required. It does mean more configuration and management required from those who continue with macOS Server, however.

Users can continue with macOS Server if they wish, but many will see the writing on the wall and look for a suitable substitute.

The Times They Are A-Changin’

For many people working in organizations, what is significant about this announcement is how it reflects the move away from the once ubiquitous server-based IT infrastructure. Services that used to be centrally managed and office-based, such as storage, file sharing, communications, and computing, have moved to the cloud.

In selecting the next office IT platforms, there’s an opportunity to move to solutions that reflect and support how people are working and the applications they are using both in the office and remotely. For many, this means including cloud-based services in office automation, backup, and business continuity/disaster recovery planning. This includes Software as a Service, Platform as a Service, and Infrastructure as a Service (Saas, PaaS, IaaS) options.

IT solutions that integrate well with the cloud are worth strong consideration for what comes after a macOS Server-based environment.

Synology NAS as a macOS Server Alternative

One solution that is becoming popular is to replace macOS Server with a device that has the ability to provide important office services, but also bridges the office and cloud environments. Using Network-Attached Storage (NAS) to take up the server slack makes a lot of sense. Many customers are already using NAS for file sharing, local data backup, automatic cloud backup, and other uses. In the case of Synology, their operating system, Synology DiskStation Manager (DSM), is Linux based, and integrates the basic functions of file sharing, centralized backup, RAID storage, multimedia streaming, virtual storage, and other common functions.

Synology NAS box

Synology NAS

Since DSM is based on Linux, there are numerous server applications available, including many of the same ones that are available for macOS Server, which shares conceptual roots with Linux as it comes from BSD Unix.

Synology DiskStation Manager Package Center screenshot

Synology DiskStation Manager Package Center

According to Ed Lukacs, COO at 2FIFTEEN Systems Management in Salt Lake City, their customers have found the move from macOS Server to Synology NAS not only painless, but positive. DSM works seamlessly with macOS and has been faster for their customers, as well. Many of their customers are running Adobe Creative Suite and Google G Suite applications, so a workflow that combines local storage, remote access, and the cloud, is already well known to them. Remote users are supported by Synology’s QuickConnect or VPN.

Business continuity and backup are simplified by the flexible storage capacity of the NAS. Synology has built-in backup to Backblaze B2 Cloud Storage with Synology’s Cloud Sync, as well as a choice of a number of other B2-compatible applications, such as Cloudberry, Comet, and Arq.

Customers have been able to get up and running quickly, with only initial data transfers requiring some time to complete. After that, management of the NAS can be handled in-house or with the support of a Managed Service Provider (MSP).

Are You Sticking with macOS Server or Moving to Another Platform?

If you’re affected by this change in macOS Server, please let us know in the comments how you’re planning to cope. Are you using Synology NAS for server services? Please tell us how that’s working for you.

The post Replacing macOS Server with Synology NAS appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

[$] Easier container security with entitlements

Post Syndicated from corbet original https://lwn.net/Articles/755238/rss

During KubeCon
+ CloudNativeCon Europe 2018
, Justin Cormack and Nassim Eddequiouaq presented
a proposal to simplify the setting of security parameters for containerized
Containers depend on a large set of intricate security primitives that can
have weird interactions. Because they are so hard to use, people often just
turn the whole thing off. The goal of the proposal is to make those
controls easier to understand and use; it is partly inspired by mobile apps
on iOS and Android platforms, an idea that trickled back into Microsoft and
Apple desktops. The time seems ripe to improve the field of
container security, which is in desperate need of simpler controls.

HackSpace magazine 7: Internet of Everything

Post Syndicated from Andrew Gregory original https://www.raspberrypi.org/blog/hackspace-magazine-7-internet-of-everything/

We’re usually averse to buzzwords at HackSpace magazine, but not this month: in issue 7, we’re taking a deep dive into the Internet of Things.HackSpace magazine issue 7 cover

Internet of Things (IoT)

To many people, IoT is a shady term used by companies to sell you something you already own, but this time with WiFi; to us, it’s a way to make our builds smarter, more useful, and more connected. In HackSpace magazine #7, you can join us on a tour of the boards that power IoT projects, marvel at the ways in which other makers are using IoT, and get started with your first IoT project!

Awesome projects

DIY retro computing: this issue, we’re taking our collective hat off to Spencer Owen. He stuck his home-brew computer on Tindie thinking he might make a bit of beer money — now he’s paying the mortgage with his making skills and inviting others to build modules for his machine. And if that tickles your fancy, why not take a crack at our Z80 tutorial? Get out your breadboard, assemble your jumper wires, and prepare to build a real-life computer!

Inside HackSpace magazine issue 7

Shameless patriotism: combine Lego, Arduino, and the car of choice for 1960 gold bullion thieves, and you’ve got yourself a groovy weekend project. We proudly present to you one man’s epic quest to add LED lights (controllable via a smartphone!) to his daughter’s LEGO Mini Cooper.


Patriotism intensifies: for the last 200-odd years, the Black Country has been a hotbed of making. Urban Hax, based in Walsall, is the latest makerspace to show off its riches in the coveted Space of the Month pages. Every space has its own way of doing things, but not every space has a portrait of Rob Halford on the wall. All hail!

Inside HackSpace magazine issue 7

Diversity: advice on diversity often boils down to ‘Be nice to people’, which might feel more vague than actionable. This is where we come in to help: it is truly worth making the effort to give people of all backgrounds access to your makerspace, so we take a look at why it’s nice to be nice, and at the ways in which one makerspace has put niceness into practice — with great results.

And there’s more!

We also show you how to easily calculate the size and radius of laser-cut gears, use a bank of LEDs to etch PCBs in your own mini factory, and use chemistry to mess with your lunch menu.

Inside HackSpace magazine issue 7
Helen Steer inside HackSpace magazine issue 7
Inside HackSpace magazine issue 7

All this plus much, much more waits for you in HackSpace magazine issue 7!

Get your copy of HackSpace magazine

If you like the sound of that, you can find HackSpace magazine in WHSmith, Tesco, Sainsbury’s, and independent newsagents in the UK. If you live in the US, check out your local Barnes & Noble, Fry’s, or Micro Center next week. We’re also shipping to stores in Australia, Hong Kong, Canada, Singapore, Belgium, and Brazil, so be sure to ask your local newsagent whether they’ll be getting HackSpace magazine.

And if you can’t get to the shops, fear not: you can subscribe from £4 an issue from our online shop. And if you’d rather try before you buy, you can always download the free PDF. Happy reading, and happy making!

The post HackSpace magazine 7: Internet of Everything appeared first on Raspberry Pi.

The devil wears Pravda

Post Syndicated from Robert Graham original https://blog.erratasec.com/2018/05/the-devil-wears-pravda.html

Classic Bond villain, Elon Musk, has a new plan to create a website dedicated to measuring the credibility and adherence to “core truth” of journalists. He is, without any sense of irony, going to call this “Pravda”. This is not simply wrong but evil.

Musk has a point. Journalists do suck, and many suck consistently. I see this in my own industry, cybersecurity, and I frequently criticize them for their suckage.

But what he’s doing here is not correcting them when they make mistakes (or what Musk sees as mistakes), but questioning their legitimacy. This legitimacy isn’t measured by whether they follow established journalism ethics, but whether their “core truths” agree with Musk’s “core truths”.

An example of the problem is how the press fixates on Tesla car crashes due to its “autopilot” feature. Pretty much every autopilot crash makes national headlines, while the press ignores the other 40,000 car crashes that happen in the United States each year. Musk spies on Tesla drivers (hello, classic Bond villain everyone) so he can see the dip in autopilot usage every time such a news story breaks. He’s got good reason to be concerned about this.

He argues that autopilot is safer than humans driving, and he’s got the statistics and government studies to back this up. Therefore, the press’s fixation on Tesla crashes is illegitimate “fake news”, titillating the audience with distorted truth.

But here’s the thing: that’s still only Musk’s version of the truth. Yes, on a mile-per-mile basis, autopilot is safer, but there’s nuance here. Autopilot is used primarily on freeways, which already have a low mile-per-mile accident rate. People choose autopilot only when conditions are incredibly safe and drivers are unlikely to have an accident anyway. Musk is therefore being intentionally deceptive comparing apples to oranges. Autopilot may still be safer, it’s just that the numbers Musk uses don’t demonstrate this.

And then there is the truth calling it “autopilot” to begin with, because it isn’t. The public is overrating the capabilities of the feature. It’s little different than “lane keeping” and “adaptive cruise control” you can now find in other cars. In many ways, the technology is behind — my Tesla doesn’t beep at me when a pedestrian walks behind my car while backing up, but virtually every new car on the market does.

Yes, the press unduly covers Tesla autopilot crashes, but Musk has only himself to blame by unduly exaggerating his car’s capabilities by calling it “autopilot”.

What’s “core truth” is thus rather difficult to obtain. What the press satisfies itself with instead is smaller truths, what they can document. The facts are in such cases that the accident happened, and they try to get Tesla or Musk to comment on it.

What you can criticize a journalist for is therefore not “core truth” but whether they did journalism correctly. When such stories criticize “autopilot”, but don’t do their diligence in getting Tesla’s side of the story, then that’s a violation of journalistic practice. When I criticize journalists for their poor handling of stories in my industry, I try to focus on which journalistic principles they get wrong. For example, the NYTimes reporters do a lot of stories quoting anonymous government sources in clear violation of journalistic principles.

If “credibility” is the concern, then it’s the classic Bond villain here that’s the problem: Musk himself. His track record on business statements is abysmal. For example, when he announced the Model 3 he claimed production targets that every Wall Street analyst claimed were absurd. He didn’t make those targets, he didn’t come close. Model 3 production is still lagging behind Musk’s twice adjusted targets.


So who has a credibility gap here, the press, or Musk himself?

Not only is Musk’s credibility problem ironic, so is the name he chose, “Pravada”, the Russian word for truth that was the name of the Soviet Union Communist Party’s official newspaper. This is so absurd this has to be a joke, yet Musk claims to be serious about all this.

Yes, the press has a lot of problems, and if Musk were some journalism professor concerned about journalists meeting the objective standards of their industry (e.g. abusing anonymous sources), then this would be a fine thing. But it’s not. It’s Musk who is upset the press’s version of “core truth” does not agree with his version — a version that he’s proven time and time again differs from “real truth”.

Just in case Musk is serious, I’ve already registered “www.antipravda.com” to start measuring the credibility of statements by billionaire playboy CEOs. Let’s see who blinks first.

I stole the title, with permission, from this tweet:

C is to low level

Post Syndicated from Robert Graham original https://blog.erratasec.com/2018/05/c-is-too-low-level.html

I’m in danger of contradicting myself, after previously pointing out that x86 machine code is a high-level language, but this article claiming C is a not a low level language is bunk. C certainly has some problems, but it’s still the closest language to assembly. This is obvious by the fact it’s still the fastest compiled language. What we see is a typical academic out of touch with the real world.

The author makes the (wrong) observation that we’ve been stuck emulating the PDP-11 for the past 40 years. C was written for the PDP-11, and since then CPUs have been designed to make C run faster. The author imagines a different world, such as where CPU designers instead target something like LISP as their preferred language, or Erlang. This misunderstands the state of the market. CPUs do indeed supports lots of different abstractions, and C has evolved to accommodate this.

The author criticizes things like “out-of-order” execution which has lead to the Spectre sidechannel vulnerabilities. Out-of-order execution is necessary to make C run faster. The author claims instead that those resources should be spent on having more slower CPUs, with more threads. This sacrifices single-threaded performance in exchange for a lot more threads executing in parallel. The author cites Sparc Tx CPUs as his ideal processor.

But here’s the thing, the Sparc Tx was a failure. To be fair, it’s mostly a failure because most of the time, people wanted to run old C code instead of new Erlang code. But it was still a failure at running Erlang.

Time after time, engineers keep finding that “out-of-order”, single-threaded performance is still the winner. A good example is ARM processors for both mobile phones and servers. All the theory points to in-order CPUs as being better, but all the products are out-of-order, because this theory is wrong. The custom ARM cores from Apple and Qualcomm used in most high-end phones are so deeply out-of-order they give Intel CPUs competition. The same is true on the server front with the latest Qualcomm Centriq and Cavium ThunderX2 processors, deeply out of order supporting more than 100 instructions in flight.

The Cavium is especially telling. Its ThunderX CPU had 48 simple cores which was replaced with the ThunderX2 having 32 complex, deeply out-of-order cores. The performance increase was massive, even on multithread-friendly workloads. Every competitor to Intel’s dominance in the server space has learned the lesson from Sparc Tx: many wimpy cores is a failure, you need fewer beefy cores. Yes, they don’t need to be as beefy as Intel’s processors, but they need to be close.

Even Intel’s “Xeon Phi” custom chip learned this lesson. This is their GPU-like chip, running 60 cores with 512-bit wide “vector” (sic) instructions, designed for supercomputer applications. Its first version was purely in-order. Its current version is slightly out-of-order. It supports four threads and focuses on basic number crunching, so in-order cores seems to be the right approach, but Intel found in this case that out-of-order processing still provided a benefit. Practice is different than theory.

As an academic, the author of the above article focuses on abstractions. The criticism of C is that it has the wrong abstractions which are hard to optimize, and that if we instead expressed things in the right abstractions, it would be easier to optimize.

This is an intellectually compelling argument, but so far bunk.

The reason is that while the theoretical base language has issues, everyone programs using extensions to the language, like “intrinsics” (C ‘functions’ that map to assembly instructions). Programmers write libraries using these intrinsics, which then the rest of the normal programmers use. In other words, if your criticism is that C is not itself low level enough, it still provides the best access to low level capabilities.

Given that C can access new functionality in CPUs, CPU designers add new paradigms, from SIMD to transaction processing. In other words, while in the 1980s CPUs were designed to optimize C (stacks, scaled pointers), these days CPUs are designed to optimize tasks regardless of language.

The author of that article criticizes the memory/cache hierarchy, claiming it has problems. Yes, it has problems, but only compared to how well it normally works. The author praises the many simple cores/threads idea as hiding memory latency with little caching, but misses the point that caches also dramatically increase memory bandwidth. Intel processors are optimized to read a whopping 256 bits every clock cycle from L1 cache. Main memory bandwidth is orders of magnitude slower.

The author goes onto criticize cache coherency as a problem. C uses it, but other languages like Erlang don’t need it. But that’s largely due to the problems each languages solves. Erlang solves the problem where a large number of threads work on largely independent tasks, needing to send only small messages to each other across threads. The problems C solves is when you need many threads working on a huge, common set of data.

For example, consider the “intrusion prevention system”. Any thread can process any incoming packet that corresponds to any region of memory. There’s no practical way of solving this problem without a huge coherent cache. It doesn’t matter which language or abstractions you use, it’s the fundamental constraint of the problem being solved. RDMA is an important concept that’s moved from supercomputer applications to the data center, such as with memcached. Again, we have the problem of huge quantities (terabytes worth) shared among threads rather than small quantities (kilobytes).

The fundamental issue the author of the the paper is ignoring is decreasing marginal returns. Moore’s Law has gifted us more transistors than we can usefully use. We can’t apply those additional registers to just one thing, because the useful returns we get diminish.

For example, Intel CPUs have two hardware threads per core. That’s because there are good returns by adding a single additional thread. However, the usefulness of adding a third or fourth thread decreases. That’s why many CPUs have only two threads, or sometimes four threads, but no CPU has 16 threads per core.

You can apply the same discussion to any aspect of the CPU, from register count, to SIMD width, to cache size, to out-of-order depth, and so on. Rather than focusing on one of these things and increasing it to the extreme, CPU designers make each a bit larger every process tick that adds more transistors to the chip.

The same applies to cores. It’s why the “more simpler cores” strategy fails, because more cores have their own decreasing marginal returns. Instead of adding cores tied to limited memory bandwidth, it’s better to add more cache. Such cache already increases the size of the cores, so at some point it’s more effective to add a few out-of-order features to each core rather than more cores. And so on.

The question isn’t whether we can change this paradigm and radically redesign CPUs to match some academic’s view of the perfect abstraction. Instead, the goal is to find new uses for those additional transistors. For example, “message passing” is a useful abstraction in languages like Go and Erlang that’s often more useful than sharing memory. It’s implemented with shared memory and atomic instructions, but I can’t help but think it couldn’t better be done with direct hardware support.

Of course, as soon as they do that, it’ll become an intrinsic in C, then added to languages like Go and Erlang.


Academics live in an ideal world of abstractions, the rest of us live in practical reality. The reality is that vast majority of programmers work with the C family of languages (JavaScript, Go, etc.), whereas academics love the epiphanies they learned using other languages, especially function languages. CPUs are only superficially designed to run C and “PDP-11 compatibility”. Instead, they keep adding features to support other abstractions, abstractions available to C. They are driven by decreasing marginal returns — they would love to add new abstractions to the hardware because it’s a cheap way to make use of additional transitions. Academics are wrong believing that the entire system needs to be redesigned from scratch. Instead, they just need to come up with new abstractions CPU designers can add.

Join us at the Education Summit at PyCon UK 2018

Post Syndicated from Ben Nuttall original https://www.raspberrypi.org/blog/pycon-uk-2018/

PyCon UK 2018 will take place on Saturday 15 September to Wednesday 19 September in the splendid Cardiff City Hall, just a few miles from the Sony Technology Centre where the vast majority of Raspberry Pis is made. We’re pleased to announce that we’re curating this year’s Education Summit at the conference, where we’ll offer opportunities for young people to learn programming skills, and for educators to undertake professional development!

PyCon UK Education Summit logo

PyCon UK 2018 is your chance to be welcomed into the wonderful Python community. At the Education Summit, we’ll put on a young coders’ day on the Saturday, and an educators’ day on the Sunday.

Saturday — young coders’ day

On Saturday we’ll be running a CoderDojo full of workshops on Raspberry Pi and micro:bits for young people aged 7 to 17. If they wish, participants will get to make a project and present it to the conference on the main stage, and everyone will be given a free micro:bit to take home!

Kids’ tickets at just £6 will be available here soon.

Kids on a stage at PyCon UK

Kids presenting their projects to the conference

Sunday — educators’ day

PyCon UK has been bringing developers and educators together ever since it first started its education track in 2011. This year’s Sunday will be a day of professional development: we’ll give teachers, educators, parents, and coding club leaders the chance to learn from us and from each other to build their programming, computing, and digital making skills.

Educator workshop at PyCon UK

Professional development for educators

Educators get a special entrance rate for the conference, starting at £48 — get your tickets now. Financial assistance is also available.

Call for proposals

We invite you to send in your proposal for a talk and workshop at the Education Summit! We’re looking for:

  • 25-minute talks for the educators’ day
  • 50-minute workshops for either the young coders’ or the educators’ day

If you have something you’d like to share, such as a professional development session for educators, advice on best practice for teaching programming, a workshop for up-skilling in Python, or a fun physical computing activity for the CoderDojo, then we’d love to hear about it! Please submit your proposal by 15 June.

After the Education Summit, the conference will continue for two days of talks and a final day of development sprints. Feel free to submit your education-related talk to the main conference too if you want to share it with a wider audience! Check out the PyCon UK 2018 website for more information.

We’re looking forward to seeing you in September!

The post Join us at the Education Summit at PyCon UK 2018 appeared first on Raspberry Pi.

The Benefits of Side Projects

Post Syndicated from Bozho original https://techblog.bozho.net/the-benefits-of-side-projects/

Side projects are the things you do at home, after work, for your own “entertainment”, or to satisfy your desire to learn new stuff, in case your workplace doesn’t give you that opportunity (or at least not enough of it). Side projects are also a way to build stuff that you think is valuable but not necessarily “commercialisable”. Many side projects are open-sourced sooner or later and some of them contribute to the pool of tools at other people’s disposal.

I’ve outlined one recommendation about side projects before – do them with technologies that are new to you, so that you learn important things that will keep you better positioned in the software world.

But there are more benefits than that – serendipitous benefits, for example. And I’d like to tell some personal stories about that. I’ll focus on a few examples from my list of side projects to show how, through a sort-of butterfly effect, they helped shape my career.

The computoser project, no matter how cool algorithmic music composition, didn’t manage to have much of a long term impact. But it did teach me something apart from niche musical theory – how to read a bulk of scientific papers (mostly computer science) and understand them without being formally trained in the particular field. We’ll see how that was useful later.

Then there was the “State alerts” project – a website that scraped content from public institutions in my country (legislation, legislation proposals, decisions by regulators, new tenders, etc.), made them searchable, and “subscribable” – so that you get notified when a keyword of interest is mentioned in newly proposed legislation, for example. (I obviously subscribed for “information technologies” and “electronic”).

And that project turned out to have a significant impact on the following years. First, I chose a new technology to write it with – Scala. Which turned out to be of great use when I started working at TomTom, and on the 3rd day I was transferred to a Scala project, which was way cooler and much more complex than the original one I was hired for. It was a bit ironic, as my colleagues had just read that “I don’t like Scala” a few weeks earlier, but nevertheless, that was one of the most interesting projects I’ve worked on, and it went on for two years. Had I not known Scala, I’d probably be gone from TomTom much earlier (as the other project was restructured a few times), and I would not have learned many of the scalability, architecture and AWS lessons that I did learn there.

But the very same project had an even more important follow-up. Because if its “civic hacking” flavour, I was invited to join an informal group of developers (later officiated as an NGO) who create tools that are useful for society (something like MySociety.org). That group gathered regularly, discussed both tools and policies, and at some point we put up a list of policy priorities that we wanted to lobby policy makers. One of them was open source for the government, the other one was open data. As a result of our interaction with an interim government, we donated the official open data portal of my country, functioning to this day.

As a result of that, a few months later we got a proposal from the deputy prime minister’s office to “elect” one of the group for an advisor to the cabinet. And we decided that could be me. So I went for it and became advisor to the deputy prime minister. The job has nothing to do with anything one could imagine, and it was challenging and fascinating. We managed to pass legislation, including one that requires open source for custom projects, eID and open data. And all of that would not have been possible without my little side project.

As for my latest side project, LogSentinel – it became my current startup company. And not without help from the previous two mentioned above – the computer science paper reading was of great use when I was navigating the crypto papers landscape, and from the government job I not only gained invaluable legal knowledge, but I also “got” a co-founder.

Some other side projects died without much fanfare, and that’s fine. But the ones above shaped my “story” in a way that would not have been possible otherwise.

And I agree that such serendipitous chain of events could have happened without side projects – I could’ve gotten these opportunities by meeting someone at a bar (unlikely, but who knows). But we, as software engineers, are capable of tilting chance towards us by utilizing our skills. Side projects are our “extracurricular activities”, and they often lead to unpredictable, but rather positive chains of events. They would rarely be the only factor, but they are certainly great at unlocking potential.

The post The Benefits of Side Projects appeared first on Bozho's tech blog.

The Practical Effects of GDPR at Backblaze

Post Syndicated from Andy Klein original https://www.backblaze.com/blog/the-practical-effects-of-gdpr-at-backblaze/

GDPR day, May 25, 2018, is nearly here. On that day, will your inbox explode with update notices, opt-in agreements, and offers from lawyers searching for GDPR violators? Perhaps all the companies on earth that are not GDPR ready will just dissolve into dust. More likely, there will be some changes, but business as usual will continue and we’ll all be more aware of data privacy. Let’s go with the last one.

What’s Different With GDPR at Backblaze

The biggest difference you’ll notice is a completely updated Privacy Policy. Last week we sent out a service email announcing the new Privacy Policy. Some people asked what was different. Basically everything. About 95% of the agreement was rewritten. In the agreement, we added in the appropriate provisions required by GDPR, and hopefully did a better job specifying the data we collect from you, why we collect it, and what we are going to do with it.

As a reminder, at Backblaze your data falls into two catagories. The first type of data is the data you store with us — stored data. These are the files and objects you upload and store, and as needed, restore. We do not share this data. We do not process this data, except as requested by you to store and restore the data. We do not analyze this data looking for keywords, tags, images, etc. No one outside of Backblaze has access to this data unless you explicitly shared the data by providing that person access to one or more files.

The second type of data is your account data. Some of your account data is considered personal data. This is the information we collect from you to provide our Personal Backup, Business Backup and B2 Cloud Storage services. Examples include your email address to provide access to your account, or the name of your computer so we can organize your files like they are arranged on your computer to make restoration easier. We have written a number of Help Articles covering the different ways this information is collected and processed. In addition, these help articles outline the various “rights” granted via GDPR. We will continue to add help articles over the coming weeks to assist in making it easy to work with us to understand and exercise your rights.

What’s New With GDPR at Backblaze

The most obvious addition is the Data Processing Addendum (DPA). This covers how we protect the data you store with us, i.e. stored data. As noted above, we don’t do anything with your data, except store it and keep it safe until you need it. Now we have a separate document saying that.

It is important to note the new Data Processing Addendum is now incorporated by reference into our Terms of Service, which everyone agrees to when they sign up for any of our services. Now all of our customers have a shiny new Data Processing Agreement to go along with the updated Privacy Policy. We promise they are not long or complicated, and we encourage you to read them. If you have any questions, stop by our GDPR help section on our website.

Patience, Please

Every company we have dealt with over the last few months is working hard to comply with GDPR. It has been a tough road whether you tried to do it yourself or like Backblaze, hired an EU-based law firm for advice. Over the coming weeks and months as you reach out to discover and assert your rights, please have a little patience. We are all going through a steep learning curve as GDPR gets put into practice. Along the way there are certain to be some growing pains — give us a chance, we all want to get it right.

Regardless, at Backblaze we’ve been diligently protecting our customers’ data for over 11 years and nothing that will happen on May 25th will change that.

The post The Practical Effects of GDPR at Backblaze appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

Working with the Scout Association on digital skills for life

Post Syndicated from Philip Colligan original https://www.raspberrypi.org/blog/working-with-scout-association-digital-skills-for-life/

Today we’re launching a new partnership between the Scouts and the Raspberry Pi Foundation that will help tens of thousands of young people learn crucial digital skills for life. In this blog post, I want to explain what we’ve got planned, why it matters, and how you can get involved.

This is personal

First, let me tell you why this partnership matters to me. As a child growing up in North Wales in the 1980s, Scouting changed my life. My time with 2nd Rhyl provided me with countless opportunities to grow and develop new skills. It taught me about teamwork and community in ways that continue to shape my decisions today.

As my own kids (now seven and ten) have joined Scouting, I’ve seen the same opportunities opening up for them, and like so many parents, I’ve come back to the movement as a volunteer to support their local section. So this is deeply personal for me, and the same is true for many of my colleagues at the Raspberry Pi Foundation who in different ways have been part of the Scouting movement.

That shouldn’t come as a surprise. Scouting and Raspberry Pi share many of the same values. We are both community-led movements that aim to help young people develop the skills they need for life. We are both powered by an amazing army of volunteers who give their time to support that mission. We both care about inclusiveness, and pride ourselves on combining fun with learning by doing.

Raspberry Pi

Raspberry Pi started life in 2008 as a response to the problem that too many young people were growing up without the skills to create with technology. Our goal is that everyone should be able to harness the power of computing and digital technologies, for work, to solve problems that matter to them, and to express themselves creatively.

In 2012 we launched our first product, the world’s first $35 computer. Just six years on, we have sold over 20 million Raspberry Pi computers and helped kickstart a global movement for digital skills.

The Raspberry Pi Foundation now runs the world’s largest network of volunteer-led computing clubs (Code Clubs and CoderDojos), and creates free educational resources that are used by millions of young people all over the world to learn how to create with digital technologies. And lots of what we are able to achieve is because of partnerships with fantastic organisations that share our goals. For example, through our partnership with the European Space Agency, thousands of young people have written code that has run on two Raspberry Pi computers that Tim Peake took to the International Space Station as part of his Mission Principia.

Digital makers

Today we’re launching the new Digital Maker Staged Activity Badge to help tens of thousands of young people learn how to create with technology through Scouting. Over the past few months, we’ve been working with the Scouts all over the UK to develop and test the new badge requirements, along with guidance, project ideas, and resources that really make them work for Scouting. We know that we need to get two things right: relevance and accessibility.

Relevance is all about making sure that the activities and resources we provide are a really good fit for Scouting and Scouting’s mission to equip young people with skills for life. From the digital compass to nature cameras and the reinvented wide game, we’ve had a lot of fun thinking about ways we can bring to life the crucial role that digital technologies can play in the outdoors and adventure.

Compass Coding with Raspberry Pi

We are beyond excited to be launching a new partnership with the Raspberry Pi Foundation, which will help tens of thousands of young people learn digital skills for life.

We also know that there are great opportunities for Scouts to use digital technologies to solve social problems in their communities, reflecting the movement’s commitment to social action. Today we’re launching the first set of project ideas and resources, with many more to follow over the coming weeks and months.

Accessibility is about providing every Scout leader with the confidence, support, and kit to enable them to offer the Digital Maker Staged Activity Badge to their young people. A lot of work and care has gone into designing activities that require very little equipment: for example, activities at Stages 1 and 2 can be completed with a laptop without access to the internet. For the activities that do require kit, we will be working with Scout Stores and districts to make low-cost kit available to buy or loan.

We’re producing accessible instructions, worksheets, and videos to help leaders run sessions with confidence, and we’ll also be planning training for leaders. We will work with our network of Code Clubs and CoderDojos to connect them with local sections to organise joint activities, bringing both kit and expertise along with them.

Get involved

Today’s launch is just the start. We’ll be developing our partnership over the next few years, and we can’t wait for you to join us in getting more young people making things with technology.

Take a look at the brand-new Raspberry Pi resources designed especially for Scouts, to get young people making and creating right away.

The post Working with the Scout Association on digital skills for life appeared first on Raspberry Pi.

Parrot 4.0 is out

Post Syndicated from ris original https://lwn.net/Articles/755095/rss

Parrot 4.0 has been released. Parrot
is a security-oriented distribution aimed at penetration tests and digital
forensics analysis, with additional tools to preserve privacy. “On
Parrot 4.0 we decided to provide netinstall images too as we would like
people to use Parrot not only as a pentest distribution, but also as a
framework to build their very own working environment with ease.

Docker templates are also available.

Raspberry Jam Cameroon #PiParty

Post Syndicated from Ben Nuttall original https://www.raspberrypi.org/blog/raspberry-jam-cameroon-piparty/

Earlier this year on 3 and 4 March, communities around the world held Raspberry Jam events to celebrate Raspberry Pi’s sixth birthday. We sent out special birthday kits to participating Jams — it was amazing to know the kits would end up in the hands of people in parts of the world very far from Raspberry Pi HQ in Cambridge, UK.

The Raspberry Jam Camer team: Damien Doumer, Eyong Etta, Loïc Dessap and Lionel Sichom, aka Lionel Tellem

Preparing for the #PiParty

One birthday kit went to Yaoundé, the capital of Cameroon. There, a team of four students in their twenties — Lionel Sichom (aka Lionel Tellem), Eyong Etta, Loïc Dessap, and Damien Doumer — were organising Yaoundé’s first Jam, called Raspberry Jam Camer, as part of the Raspberry Jam Big Birthday Weekend. The team knew one another through their shared interests and skills in electronics, robotics, and programming. Damien explains in his blog post about the Jam that they planned ahead for several activities for the Jam based on their own projects, so they could be confident of having a few things that would definitely be successful for attendees to do and see.

Show-and-tell at Raspberry Jam Cameroon

Loïc presented a Raspberry Pi–based, Android app–controlled robot arm that he had built, and Lionel coded a small video game using Scratch on Raspberry Pi while the audience watched. Damien demonstrated the possibilities of Windows 10 IoT Core on Raspberry Pi, showing how to install it, how to use it remotely, and what you can do with it, including building a simple application.

Loïc Dessap, wearing a Raspberry Jam Big Birthday Weekend T-shirt, sits at a table with a robot arm, a laptop with a Pi sticker and other components. He is making an adjustment to his set-up.

Loïc showcases the prototype robot arm he built

There was lots more too, with others discussing their own Pi projects and talking about the possibilities Raspberry Pi offers, including a Pi-controlled drone and car. Cake was a prevailing theme of the Raspberry Jam Big Birthday Weekend around the world, and Raspberry Jam Camer made sure they didn’t miss out.

A round pink-iced cake decorated with the words "Happy Birthday RBP" and six candles, on a table beside Raspberry Pi stickers, Raspberry Jam stickers and Raspberry Jam fliers

Yay, birthday cake!!

A big success

Most visitors to the Jam were secondary school students, while others were university students and graduates. The majority were unfamiliar with Raspberry Pi, but all wanted to learn about Raspberry Pi and what they could do with it. Damien comments that the fact most people were new to Raspberry Pi made the event more interactive rather than creating any challenges, because the visitors were all interested in finding out about the little computer. The Jam was an all-round success, and the team was pleased with how it went:

What I liked the most was that we sensitized several people about the Raspberry Pi and what one can be capable of with such a small but powerful device. — Damien Doumer

The Jam team rounded off the event by announcing that this was the start of a Raspberry Pi community in Yaoundé. They hope that they and others will be able to organise more Jams and similar events in the area to spread the word about what people can do with Raspberry Pi, and to help them realise their ideas.

The Raspberry Jam Camer team, wearing Raspberry Jam Big Birthday Weekend T-shirts, pose with young Jam attendees outside their venue

Raspberry Jam Camer gets the thumbs-up

The Raspberry Pi community in Cameroon

In a French-language interview about their Jam, the team behind Raspberry Jam Camer said they’d like programming to become the third official language of Cameroon, after French and English; their aim is to to popularise programming and digital making across Cameroonian society. Neither of these fields is very familiar to most people in Cameroon, but both are very well aligned with the country’s ambitions for development. The team is conscious of the difficulties around the emergence of information and communication technologies in the Cameroonian context; in response, they are seizing the opportunities Raspberry Pi offers to give children and young people access to modern and constantly evolving technology at low cost.

Thanks to Lionel, Eyong, Damien, and Loïc, and to everyone who helped put on a Jam for the Big Birthday Weekend! Remember, anyone can start a Jam at any time — and we provide plenty of resources to get you started. Check out the Guidebook, the Jam branding pack, our specially-made Jam activities online (in multiple languages), printable worksheets, and more.

The post Raspberry Jam Cameroon #PiParty appeared first on Raspberry Pi.