Tag Archives: reddit

Pulling shower thoughts from Reddit for a Raspberry Pi e-paper display

Post Syndicated from Alex Bate original https://www.raspberrypi.org/blog/pulling-shower-thoughts-from-reddit-for-a-raspberry-pi-e-paper-display/

The Reddit users among you may already be aware of the Shower Thoughts subreddit. For those of you who aren’t, Shower Thoughts is where people go to post the random epiphanies they’ve had about life, the universe, and everything. For example:

YouTuber ACROBOTIC is a fan of the Shower Thoughts subreddit. So much so that they decided to program their Raspberry Pi to update an e-paper HAT with the subreddit’s top posts from the last hour.

Raspberry Pi 4 Scrape JSON Data w/ Python And Display It On e-Paper | reddit /r/showerthoughts

$2 for PCB prototype (any color): https://jlcpcb.com/ ========== * Your support helps me post videos more frequently: https://www.patreon.com/acrobotic https://www.paypal.me/acrobotic https://buymeacoff.ee/acrobotic BTC: 1ZpLvgETofMuzCaKoq5XJZKSwe5UNkwLM ========== * Find me on: https://twitter.com/acrobotic https://facebook.com/acrobotic https://instagram.com/acrobotic ========== * Parts & supplies: https://acrobotic.com/shop https://amazon.com/shops/acrobotic ========== In another video we setup a Raspberry Pi to control an e-Paper/e-Ink HAT and running demo code.

For their build, they used a three-colour e-paper display, but you can use any e-paper add-on for Raspberry Pi to recreate the project. They also used Raspberry Pi 4, but again, this project will work with other models — even Raspberry Pi Zero W.

ACROBOTIC created an image to frame the Shower Thoughts posts, which they uploaded to their Raspberry Pi as a .bmp file. They altered prewritten code for using the e-paper display to display this frame image and the various posts.

Adding .json to the URL of the appropriate Shower Thoughts page allows access to the posts in JSON format. Then a request can be set up to pull the data from this URL.

ACROBOTIC goes into far more detail in their video, and it’s a great resource if you’re looking to try out working with JSON files or to learn how to pull data from Reddit.

Find more projects using e-paper displays for you to recreate in our handy guide.

The post Pulling shower thoughts from Reddit for a Raspberry Pi e-paper display appeared first on Raspberry Pi.

Playing Snake on a Raspberry Pi word clock

Post Syndicated from Alex Bate original https://www.raspberrypi.org/blog/playing-snake-on-a-raspberry-pi-word-clock/

I have a soft spot for Raspberry Pi word clocks. True, they may not be as helpful as your standard clock face if you need to tell the time super quickly, but at least they’re easier to read than this binary clock built by engineerish.

“But Alex,” I hear you cry, “word clocks are so done. We’re over them. They’re so 2018. What’s so special about a word clock that you feel it to be worthy of a blog post?”

And the answer, dear reader, is Snake, the best gosh darn game to ever grace the screen of a mobile phone, ever — sorry, Candy Crush.

If you’re looking to build a word clock using your Raspberry Pi, here’s a great tutorial from Benedikt Künzel. And, if you’re looking to upgrade said word clock to another level and introduce it to Snake, well, actually, there isn’t a tutorial for that, yet, but there’s a whole conversation going on about it on Reddit, so you should check that out.

There is, however, a tutorial for coding your own game of Snake Slug on the Raspberry Pi Sense HAT here. So give that a whirl!

Until tomorrow, fair reader, adieu.

The post Playing Snake on a Raspberry Pi word clock appeared first on Raspberry Pi.

Scammer Targets Reddit Users With Premium Account Racket

Post Syndicated from Andy original https://torrentfreak.com/scammer-targets-reddit-users-with-premium-account-racket-190722/

Reddit’s /r/piracy sub-Reddit is home to more than 402,000 subscribers hoping to hear about the latest news and developments in the world of digital piracy.

By its very nature, users are likely to be interested in getting something for free, so it’s no surprise that scammers are targeting its users offering just that.

Over the weekend, users of the sub-Reddit began commenting that they’d received unsolicited direct messages offering them a great deal. All they had to do was download a free piece of software called PremiumGet and in return, they would be given free premium accounts for use on Netflix, Spotify, Hulu, NordVPN and several other services.

The direct message: Ignore

It wasn’t initially clear why some users were getting the messages and others weren’t. However, a user one particular thread noted that immediately after posting in a discussion about ‘PremiumGet’, he received a message in his inbox advertising the scam. We had that theory tested and sure enough, the same message appeared.

The message contains a link to file-hosting platform Mediafire, where the suspiciously large 51.76MB file can be downloaded. According to the uploader, who engaged in disputes with other users elsewhere on Reddit about the tool, it doesn’t trigger alerts in anti-malware software so must be safe.

Not a virus – probably

The accompanying video, if anyone cares to view it, can be found here. Those who prefer not to inflate the view count on YouTube can see a screenshot below, which shows the screen directly after the one that prompts users to enter their Google or Facebook usernames and passwords.

We have zero intentions of download, installing, or otherwise testing the software, we’ll let the security specialists do their job there. However, there is a really simple rule for those still mulling it over, and we’ve seen a few of those this morning.

Random people on the Internet offering expensive stuff for free, requiring you to install software and then asking for your existing usernames and passwords to services that may have massive control over your entire digital life, never have your best interests at heart. Ever.

Walk away. Nothing good here.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Raspberry Pi mineral oil tank with added pizzazz

Post Syndicated from Alex Bate original https://www.raspberrypi.org/blog/raspberry-pi-mineral-oil-tank-with-added-pizzazz/

This isn’t the first mineral oil bath we’ve seen for the Raspberry Pi, but it’s definitely the first we’ve seen with added fish tank decorations.

Using the see-through casing of an old Apple PowerMac G4, Reddit user u/mjh2901 decided to build a mineral oil tank for their Raspberry Pi, and it looks fabulous. Renamed Apple Pi, this use of mineral oil is a technique used by some to manage the heat produced by tech. Oil is able to transfer heat up to five times more efficiently than air, with some mineral oil projects using a separate radiator to dissipate the heat back into the air.

So, how did they do it?

“Started with a PowerMac G4 case I previously used as a fish tank, then a candy dish. I had cut a piece of acrylic and glued it into the bottom.”


They then placed a Raspberry Pi 3 attached to a 2-line 16 character LCD into the tank, along with various decorations, and began to fill with store-bought mineral oil. Once full, the project was complete, the Raspberry Pi forever submerged.

You can find more photos here. But, one question still remains…

…who would use an old fish tank as a candy bowl?! 🤢

The post Raspberry Pi mineral oil tank with added pizzazz appeared first on Raspberry Pi.

Really awesome Raspberry Pi 4 X-ray radiographs

Post Syndicated from Alex Bate original https://www.raspberrypi.org/blog/really-awesome-raspberry-pi-4-x-ray-radiographs/

“I got my Pi in the post yesterday morning and I was desperately waiting until the end of the workday to get home and play with it! Took a few quick radiographs before I left because I had to.”

And we’re really happy that Reddit user xCP23x did. How cool are these?



“I work for a company that makes microfocus X-ray/CT systems!” xCP23x explained in their Reddit post. “Most of the images are from a 225kV system (good down to 3 microns).”

They used a Nikon XT H 225 ST: 225kV 225W X-ray source for the majority of the images. You can learn more about how the images were produced via the comments on their Reddit user page.

You can see the full Reddit post here, and more radiographs of the Raspberry Pi 4 here.

The post Really awesome Raspberry Pi 4 X-ray radiographs appeared first on Raspberry Pi.

Reddit KOs Piracy-Focused MMA Community, Ex-UFC Fighter Gets The Blame

Post Syndicated from Andy original https://torrentfreak.com/reddit-kos-piracy-focused-mma-community-ex-ufc-fighter-gets-the-blame-190524/

Diligently following top-tier Mixed Martial Arts (MMA) events has never been an inexpensive pastime.

From its modern roots in the early 1990s on a strictly PPV basis, MMA has become a huge draw around the globe. Dominated by the UFC, those PPVs today cost upwards of $60 in the US, albeit less in other countries where providers like BT Sport offer the events as part of much cheaper packages.

Nevertheless, there is no shortage of fans who’d prefer not to pay anything at all. That, of course, is entirely possible using various types of pirate streaming outlets, from dedicated sites to streaming torrents, from Kodi add-ons to ‘pirate’ IPTV services.

While these streams are in abundance most Saturdays, finding them isn’t always easy for the novice. However, acting as a human-powered link aggregator, that’s where Reddit’s /r/MMAStreams sub-Reddit came in handy. Visitors to the sub around event time were able to find free streams of most if not all events. Until this week, that is.

/r/mmastreams – banned by Reddit

The nuking of the 165,000 member community shouldn’t have come as a surprise. Around a month ago, moderators of the sub posted a warning indicating that everyone was on borrowed time.

“Today, we were notified that r/MMAStreams is at high risk of being banned for copyright violation,” the announcement read.

“We are seeking clarity on the issue, but we must begin to take steps to move.”

The community began switching to /r/MMAStreamz but this week that too was banned for exactly the same reasons as its predecessor.

It isn’t clear who had been filing complaints against these subs but one can be pretty confident that the UFC had a fairly big part to play. While links to live events don’t hang around for long, Reddit doesn’t contest notices on behalf of users, particular when a sub is obviously centered around infringement.

Of course, many in the link-sharing community are looking for a scapegoat. From a strictly legal perspective, the obvious choice would be the people posting the streams (no pirate links, no notices – in theory) but to MMA fans, they certainly aren’t part of the problem.

There is another candidate, however. One with a very high profile and, many streaming fans believe, a mouth that should’ve stayed closed.

Brendan Schaub is a former UFC heavyweight contender but since his departure from the promotion, he hasn’t always been polite about the way it operates. He may have also stepped somewhat dramatically over the line in advance of UFC 236, the very first UFC PPV under its brand new and exclusive ESPN+ streaming deal.

In a nutshell, Schaub – who has more than 750,000 Twitter followers and a very successful podcast – hit the platform in a sweat last month because he couldn’t get the PPV on his TV. With the clock counting down, he then made a veiled threat to stream the event illegally. He was subsequently inundated with a couple of thousand messages from fans containing links to do just that.

The ‘dark side’ calls

In a post-event podcast, Schaub revealed that what he saw in the illegal streaming world should be a serious matter for the UFC.

“I don’t think they [the UFC] realize the level of pure professionalism these dark web dudes have to these links. I’m not gonna say I did watch it illegally, i’m not gonna say I didn’t. When I clicked on that link, that thing was better quality than I had [expletive]…ever seen.

“Here’s the thing that’s scary about it,” he continued. “I must have got 2,000 DMs with different links to illegally stream this thing.”

And then, the cardinal sin. He mentioned Reddit by name.

“Just for database and research I went through 10 to 15 [of the links]. How big is Reddit? Reddit has their MMA thread where [events get posted], and you’re talking clear as day. I saw the fight. I’m anti-illegal streaming, i’m against that,” he added, to balance things up a bit.

Great fights, not all of them paid for

Whether Schaub did pirate the whole event isn’t known but in the days that followed he continued to mention the illegal streams available via Reddit and elsewhere to his considerable audience. That, some believe, is why MMAStreams suddenly felt even more heat than usual.

The reality is that we’ll probably never know for sure. It’s also likely that even without Schaub’s promotional ‘help’, MMAStreams would still find itself choked-out eventually. Previously, similar sports-focused sub-Reddit’s have closed down following complaints from other organizations.

Considering its size, there is zero chance that the UFC didn’t know about MMAStreams already and with ESPN on board, they almost certainly want to show what they’re capable of on the eyeballs front. Platforms like MMAStreams don’t help that effort and that’s probably part of the reason why they’re no longer around.

Not on Reddit, at least….

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Raspberry Pi-controlled brass bell for ultimate the wake-up call

Post Syndicated from Alex Bate original https://www.raspberrypi.org/blog/raspberry-pi-controlled-brass-bell-for-ultimate-the-wake-up-call/

Not one for rising with the sun, and getting more and more skilled at throwing their watch across the room to snooze their alarm, Reddit user ravenspired decided to hook up a physical bell to a Raspberry Pi and servo motor to create the ultimate morning wake-up call.

DIY RASPBERRY PI BELL RINGING ALARM CLOCK!

This has to be the harshest thing to wake up to EVER!

Wake up, Boo

“I have difficulty waking up in the morning” admits ravenspired, who goes by the name Darks Pi on YouTube. “My watch isn’t doing its job.”

Therefore, ravenspired attached a bell to a servo motor, and the servo motor to a Raspberry Pi. Then they wrote Python code in Raspbian’s free IDE software Thonny that rings the bell when it’s time to get up.

“A while loop searches for what time it is and checks it against my alarm time. When the alarm is active, it sends commands to the servo to move.”

Ouch!

While I’d be concerned about how securely attached the heavy brass bell above my head is, this is still a fun project, and an inventive way to address a common problem.

And it’s a lot less painful than this…

The Wake-up Machine TAKE #2

I built an alarm clock that slapped me in the face with a rubber arm to wake me up.I built an alarm clock that wakes me up in the morning by slapping me in the face with a rubber arm.

Have you created a completely over-engineered solution for a common problem? Then we want to see it!

The post Raspberry Pi-controlled brass bell for ultimate the wake-up call appeared first on Raspberry Pi.

Bind MIDI inputs to LED lights using a Raspberry Pi

Post Syndicated from Alex Bate original https://www.raspberrypi.org/blog/midi-controlled-led-lights-raspberry-pi/

Blinky lights and music created using a Raspberry Pi? Count us in! When Aaron Chambers shared his latest project, Py-Lights, on Reddit, we were quick to ask for more information. And here it is:

Controlling lights with MIDI commands

Tentatively titled Py-Lights, Aaron’s project allows users to assign light patterns to MIDI actions, creating a rather lovely blinky light display.

For his example, Aaron connected a MIDI keyboard to a strip of RGB LEDs via a Raspberry Pi that ran his custom Python code.

Aaron explains on Reddit:

The program I made lets me bind “actions” (strobe white, flash blue, disable all colors, etc.) to any input and any input type (hold, knob, trigger, etc.). And each action type has a set of parameters that I bind to the input. For example, I have a knob that changes a strobe’s intensity, and another knob that changes its speed.

The program updates each action, pulls its resulting color, and adds them together, then sends that to the LEDs. I’m using rtmidi for reading the midi device and pigpio for handling the LED output.

Aaron has updated the Py-Lights GitHub repo for the project to include a handy readme file and a more stable build.

The post Bind MIDI inputs to LED lights using a Raspberry Pi appeared first on Raspberry Pi.

Working model of the Trinity Buoy Wharf Lighthouse

Post Syndicated from Alex Bate original https://www.raspberrypi.org/blog/raspberry-pi-model-trinity-buoy-wharf-lighthouse/

When Dave shared his Raspberry Pi Zero–powered model of the Trinity Buoy Wharf Lighthouse on Reddit, we fell a little bit in love.

Lame_Dave's Raspberry Pi Trinity Buoy Wharf Lighthouse

Hello from the Trinity Buoy Wharf Lighthouse

Dave was getting married inside London’s only lighthouse, situated at Trinity Buoy Wharf across the water from the O2 Arena.

Lame_Dave's Raspberry Pi Trinity Buoy Wharf Lighthouse

The Trinity Buoy Wharf Lighthouse

The Trinity Buoy Wharf lighthouse sits at the confluence of the River Thames (the big ol’ river running through London) and Bow Creek, a tidal estuary of the River Lea (the river Adele sings about in her song River Lea*!). When the wharf was closed in 1988, the lighthouse was put out of commission.

Dave is wonderful, and so are his lighthouses

On Reddit, Dave goes by the username Lame_Dave, but considering how wonderful and thoughtful his project for his lighthouse wedding is, we hereby rename him Wonderful_Thoughtful_Dave. Don’t put yourself down, Dave. You’re brilliant!

“I knew I wanted to make something involving electronics and 3D printing,” explains Wonderful_Thoughtful_Dave in an imgur post. “So I decided to make working model lighthouses as the table centrepieces.”

Designing and building ten tabletop lighthouses

Dave designed the 3D model in Autodesk 123D, with a plethora of photographs of the lighthouse as reference points. And many hours later, he began 3D printing ten lighthouse shells using his Prusa MK2.5.



With Samsung 18650 batteries and a 18650 shield for power, Dave hooked up Raspberry Pi Zeros to 6×2 LCD displays, LEDs, and stepper motors. With these components, each lighthouse to gives off a rather lovely light while also showing table number and meal status to guests. Neat!

Lame_Dave's Raspberry Pi Trinity Buoy Wharf Lighthouse

“Each lighthouse has a JSON file on the Pi that tells it what messages to display when, so each table is personalised.”

The final result is beautiful and would look at home anywhere from a model town to a toy shop, or indeed the entrance of the Trinity Buoy Wharf Lighthouse itself.

We love how Dave put different maker skills to use here, from 3D design and printing, to constructing and coding. Hopefully, we’ll see more projects from him in the future!

Remaking classic landmarks

Here in the UK, people have a thing for iconic buildings. And at Pi Towers, we adore it when you recreate historic landmarks like this with the help of our humble board.

Why not try creating your own reimagining, such as the Project Arthur ISS tracker, a papercraft and Pi build that pays homage to Arthur, the first satellite dish at the Cornish Goonhilly Earth Satellite Station?

Arthur satellite dish Trinity Buoy Wharf Lighthouse

Or come up with something completely new! We’d love to see, say, a working model of London’s Tower Bridge, or a light-up King’s College Chapel. Whatever landmark makes your day, why not build a scale model using your maker skills and electronics?

 

 

 

*Sadly, we are unable to share the song for copyright issues, so here is the Adele edition of Carpool Karaoke instead.

The post Working model of the Trinity Buoy Wharf Lighthouse appeared first on Raspberry Pi.

How to mod your Etch A Sketch, or Toy Story in real life

Post Syndicated from Alex Bate original https://www.raspberrypi.org/blog/mod-etch-a-sketch-toy-story/

We’d like to file this under ‘things we wish we’d had when we were younger’. Who else is envious of the kids of today and all the cool things they can make with our old classic toys?

Etch A Sketch Robot – Elephant

Read about how this works on my blog! http://sunnybala.com/2018/09/10/python-etch-a-sketch.html

To a wave of upvotes and comments, Sunny Balasubramanian shared their Etch A Sketch project on Reddit, including all the information and code you need to build your own. Thanks, Sunny!

Dismantling the toys of our childhoods

The physical set up of the automated Etch A Sketch is pretty simple: motors attached to couplers replace the original plastic nobs, and a connected Raspberry Pi 3 controls the motors as directed by the code.

Etch a Sketch modded with a Raspberry Pi

For stability, Sunny attached a wooden block to the plastic housing that keeps the motors in place.

Coding new life into an Etch A Sketch

Sunny explains:

There’s a few different ways to go about this portion of the project. When I started out, I googled to see if anyone had done things like this before. A few projects popped up. They seemed to approach the drawing in one of two ways. I wanted to do it in a fully automated way where the only input is a picture and the output is a cleanly drawn image.

The code Sunny ended up using first takes an image and simplifies it into a line drawing using Canny edge detection. It then turns each pixel to a node and draws a path between the nodes, connecting them one by one. So that the Etch A Sketch draws the picture, the Raspberry Pi then directs the motors to follow the connections and create uncannily precise sketches.

Raspberry Pi Etch-a-sketch
Raspberry Pi Etch-a-sketch

Head to Sunny’s website for more information about their project, and download the full code from GitHub.

Two down, more to go…

With this automated Etch A Sketch, and this talking Fisher Price Chatter Telephone, the Raspberry Pi community is well on the way to recreating the entire Toy Story cast, and we are fully on board with that!

A GIF of Toy Story characters

So what’s next? A remote-controlled Slinky? A falling with style flying Buzz Lightyear? What would you build?

The post How to mod your Etch A Sketch, or Toy Story in real life appeared first on Raspberry Pi.

The affordable Raspberry Pi night vision goggles of your dreams

Post Syndicated from Alex Bate original https://www.raspberrypi.org/blog/raspberry-pi-zero-night-vision-goggles/

I just searched online for night vision goggles, and the prices seem to vary between £600 and £27000. That’s a little bit higher than my budget of ‘as cheap as humanly possible’, but lucky for me (and you!), Redditor Mtnbikerdunn has created a set of Raspberry Pi Zero–powered night vision goggles that come in at around $100. Nice. Finally my Silence of the Lambs cosplay is complete!

Silence of the Lambs night vision GIF

Dreamspiration

“They came to be in a dream.” begins Redditor mtnbikerdunn in his r/raspberrry_pi post. “I woke up to my idea whiteboard full of notes and diagrams drawn by a half-asleep version of myself”

night vision goggles raspberry pi zero

A view through the night vision goggles

A Raspberry Pi Zero and…

mtnbikerdunn goes on to explain how the few pieces of tech required to build the goggles came in at less than $100/£78. The results are impressive!

It’s basically a first-person viewdrone headset with a Raspberry Pi Zero mounted within, some infrared LED lights, an infrared camera, and a few 18650 Lithium-ion batteries to power it all. Charges with a standard micro USB cable and doesn’t require anything to get it running except an on/off switch.

The headset in this project is the Yuneec SkyView FPV HDMI, used by drone pilots to gain a first-person view while flying. And since the headset has HDMI connectivity, mtnbikerdunn was able to hook it up directly to the Pi Zero. The camera is a third-party Raspberry Pi fisheye camera, while the rest of the tech consists of the standard gubbins any maker should have lying around, such as a micro SD card, a $5 Raspberry Pi Zero, and a button.

night vision goggles Raspberry Pi Zero

The power pack contains two 18650 Lithium-ion batteries, providing the goggles with roughly three hours of runtime. To make the charge last longer, mtnbikerdunn stripped down Raspbian Stretch Lite, removing any unnecessary programs that could run in the background and eat up juice.

night vision goggles Raspberry Pi Zero

Dream big

All that’s left is for me to sit and hope that mtnbikerdunn has a dream about how to make a working TARDIS using a Pi Zero, and then I’ll be the talk of the town at next year’s London Film and Comic Con!

The post The affordable Raspberry Pi night vision goggles of your dreams appeared first on Raspberry Pi.

Flight Sim Company Threatens Reddit Mods Over “Libelous” DRM Posts

Post Syndicated from Andy original https://torrentfreak.com/flight-sim-company-threatens-reddit-mods-over-libellous-drm-posts-180604/

Earlier this year, in an effort to deal with piracy of their products, flight simulator company FlightSimLabs took drastic action by installing malware on customers’ machines.

The story began when a Reddit user reported something unusual in his download of FlightSimLabs’ A320X module. A file – test.exe – was being flagged up as a ‘Chrome Password Dump’ tool, something which rang alarm bells among flight sim fans.

As additional information was made available, the story became even more sensational. After first dodging the issue with carefully worded statements, FlightSimLabs admitted that it had installed a password dumper onto ALL users’ machines – whether they were pirates or not – in an effort to catch a particular software cracker and launch legal action.

It was an incredible story that no doubt did damage to FlightSimLabs’ reputation. But the now the company is at the center of a new storm, again centered around anti-piracy measures and again focused on Reddit.

Just before the weekend, Reddit user /u/walkday reported finding something unusual in his A320X module, the same module that caused the earlier controversy.

“The latest installer of FSLabs’ A320X puts two cmdhost.exe files under ‘system32\’ and ‘SysWOW64\’ of my Windows directory. Despite the name, they don’t open a command-line window,” he reported.

“They’re a part of the authentication because, if you remove them, the A320X won’t get loaded. Does someone here know more about cmdhost.exe? Why does FSLabs give them such a deceptive name and put them in the system folders? I hate them for polluting my system folder unless, of course, it is a dll used by different applications.”

Needless to say, the news that FSLabs were putting files into system folders named to make them look like system files was not well received.

“Hiding something named to resemble Window’s “Console Window Host” process in system folders is a huge red flag,” one user wrote.

“It’s a malware tactic used to deceive users into thinking the executable is a part of the OS, thus being trusted and not deleted. Really dodgy tactic, don’t trust it and don’t trust them,” opined another.

With a disenchanted Reddit userbase simmering away in the background, FSLabs took to Facebook with a statement to quieten down the masses.

“Over the past few hours we have become aware of rumors circulating on social media about the cmdhost file installed by the A320-X and wanted to clear up any confusion or misunderstanding,” the company wrote.

“cmdhost is part of our eSellerate infrastructure – which communicates between the eSellerate server and our product activation interface. It was designed to reduce the number of product activation issues people were having after the FSX release – which have since been resolved.”

The company noted that the file had been checked by all major anti-virus companies and everything had come back clean, which does indeed appear to be the case. Nevertheless, the critical Reddit thread remained, bemoaning the actions of a company which probably should have known better than to irritate fans after February’s debacle. In response, however, FSLabs did just that once again.

In private messages to the moderators of the /r/flightsim sub-Reddit, FSLabs’ Marketing and PR Manager Simon Kelsey suggested that the mods should do something about the thread in question or face possible legal action.

“Just a gentle reminder of Reddit’s obligations as a publisher in order to ensure that any libelous content is taken down as soon as you become aware of it,” Kelsey wrote.

Noting that FSLabs welcomes “robust fair comment and opinion”, Kelsey gave the following advice.

“The ‘cmdhost.exe’ file in question is an entirely above board part of our anti-piracy protection and has been submitted to numerous anti-virus providers in order to verify that it poses no threat. Therefore, ANY suggestion that current or future products pose any threat to users is absolutely false and libelous,” he wrote, adding:

“As we have already outlined in the past, ANY suggestion that any user’s data was compromised during the events of February is entirely false and therefore libelous.”

Noting that FSLabs would “hate for lawyers to have to get involved in this”, Kelsey advised the /r/flightsim mods to ensure that no such claims were allowed to remain on the sub-Reddit.

But after not receiving the response he would’ve liked, Kelsey wrote once again to the mods. He noted that “a number of unsubstantiated and highly defamatory comments” remained online and warned that if something wasn’t done to clean them up, he would have “no option” than to pass the matter to FSLabs’ legal team.

Like the first message, this second effort also failed to have the desired effect. In fact, the moderators’ response was to post an open letter to Kelsey and FSLabs instead.

“We sincerely disagree that you ‘welcome robust fair comment and opinion’, demonstrated by the censorship on your forums and the attempted censorship on our subreddit,” the mods wrote.

“While what you do on your forum is certainly your prerogative, your rules do not extend to Reddit nor the r/flightsim subreddit. Removing content you disagree with is simply not within our purview.”

The letter, which is worth reading in full, refutes Kelsey’s claims and also suggests that critics of FSLabs may have been subjected to Reddit vote manipulation and coordinated efforts to discredit them.

What will happen next is unclear but the matter has now been placed in the hands of Reddit’s administrators who have agreed to deal with Kelsey and FSLabs’ personally.

It’s a little early to say for sure but it seems unlikely that this will end in a net positive for FSLabs, no matter what decision Reddit’s admins take.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Reddit Repeat Infringer Policy Shuts Down Megalinks Piracy Sub

Post Syndicated from Andy original https://torrentfreak.com/reddit-repeat-infringer-policy-shuts-down-megalinks-piracy-sub-180430/

Without doubt, Reddit is one of the most popular sites on the entire Internet. At the time of writing it’s the fourth most visited site in the US with 330 million users per month generating 14 billion screenviews.

The core of the site’s success is its communities. Known as ‘sub-Reddits’ or just ‘subs’, there are currently 138,000 of them dedicated to every single subject you can think of and tens of thousands you’d never considered.

Even though they’re technically forbidden, a small but significant number are dedicated to piracy, offering links to copyright-infringing content hosted elsewhere. One of the most popular is /r/megalinks, which is dedicated to listing infringing content (mainly movies and TV shows) uploaded to file-hosting site Mega.

Considering its activities, Megalinks has managed to stay online longer than most people imagined but following an intervention from Reddit, the content indexing sub has stopped accepting new submissions, which will effectively shut it down.

In an announcement Sunday, the sub’s moderators explained that following a direct warning from Reddit’s administrators, the decision had been taken to move on.

“As most of you know by now, we’ve had to deal with a lot of DMCA takedowns over the last 6 months. Everyone knew this day would come, eventually, and its finally here,” they wrote.

“We received a formal warning from Reddit’s administration 2 days ago, and have decided to restrict new submissions for the safety of the subreddit.”

The message from Reddit’s operators makes it absolutely clear that Reddit isn’t the platform to host what amounts to a piracy links forum.

“This is an official warning from Reddit that we are receiving too many copyright infringement notices about material posted to your community. We will be required to ban this community if you can’t adequately address the problem,” the warning reads.

Noting that Redditors aren’t allowed to post content that infringes copyrights, the administrators say they are required by law to handle DMCA notices and that in cases where infringement happens on multiple occasions, that needs to be handled in a more aggressive manner.

“The law also requires us to issue bans in cases of repeat infringement. Sometimes a repeat infringement problem is limited to just one user and we ban just that person. Other times the problem pervades a whole community and we ban the community,” the admins continue.

“This is our formal warning about repeat infringement in this community. Over the past three months we’ve had to remove material from the community in response to copyright notices 60 times. That’s an unusually high number taking into account the community’s size.

The warning suggests ways to keep infringing content down but in a sub dedicated to piracy, they’re all completely irrelevant. It also suggests removing old posts to ensure that Reddit doesn’t keep getting notices, but that would mean deleting pretty much everything. Backups exist but a simple file is a poor substitute for a community.

So, with Reddit warning that without change the sub will be banned, the moderators of /r/megalinks have decided to move on to a new home. Reportedly hosted ‘offshore’, their new forum already has more than 9,800 members and is likely to grow quickly as the word spreads.

A month ago, the /r/megaporn sub-Reddit suffered a similar fate following a warning from Reddit’s admins. It successfully launched a new external forum which is why the Megalinks crew decided on the same model.

“[A]fter seeing how /r/megaporn approached the same situation, we had started working on an offshore forum a week ago in anticipation of the ban. This allows us to work however we want, without having to deal with Reddit’s policies and administration,” the team explain.

Ever since the BMG v Cox case went bad ways for the ISP in 2015, repeat infringer policies have become a very hot topic in the US. That Reddit is now drawing a line in the sand over a relatively small number of complaints (at least compared to other similar platforms) is clear notice that Reddit and blatant piracy won’t be allowed to walk hand in hand.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

How Many Piracy Warnings Would Get You to Stop?

Post Syndicated from Andy original https://torrentfreak.com/how-many-piracy-warnings-would-get-you-to-stop-180422/

For the past several years, copyright holders in the US and Europe have been trying to reach out to file-sharers in an effort to change their habits.

Whether via high-profile publicity lawsuits or a simple email, it’s hoped that by letting people know they aren’t anonymous, they’ll stop pirating and buy more content instead.

Traditionally, most ISPs haven’t been that keen on passing infringement notices on. However, the BMG v Cox lawsuit seems to have made a big difference, with a growing number of ISPs now visibly warning their users that they operate a repeat infringer policy.

But perhaps the big question is how seriously users take these warnings because – let’s face it – that’s the entire point of their existence.

There can be little doubt that a few recipients will be scurrying away at the slightest hint of trouble, intimidated by the mere suggestion that they’re being watched.

Indeed, a father in the UK – who received a warning last year as part of the Get it Right From a Genuine Site campaign – confidently and forcefully assured TF that there would be no more illegal file-sharing taking place on his ten-year-old son’s computer again – ever.

In France, where the HADOPI anti-piracy scheme received much publicity, people receiving an initial notice are most unlikely to receive additional ones in future. A December 2017 report indicated that of nine million first warning notices sent to alleged pirates since 2012, ‘just’ 800,000 received a follow-up warning on top.

The suggestion is that people either stop their piracy after getting a notice or two, or choose to “go dark” instead, using streaming sites for example or perhaps torrenting behind a decent VPN.

But for some people, the message simply doesn’t sink in early on.

A post on Reddit this week by a TWC Spectrum customer revealed that despite a wealth of readily available information (including masses in the specialist subreddit where the post was made), even several warnings fail to have an effect.

“Was just hit with my 5th copyright violation. They halted my internet and all,” the self-confessed pirate wrote.

There are at least three important things to note from this opening sentence.

Firstly, the first four warnings did nothing to change the user’s piracy habits. Secondly, Spectrum presumably had enough at five warnings and kicked in a repeat-infringer suspension, presumably to avoid the same fate as Cox in the BMG case. Third, the account suspension seems to have changed the game.

Notably, rather than some huge blockbuster movie, that fifth warning came due to something rather less prominent.

“Thought I could sneak in a random episode of Rosanne. The new one that aired LOL. That fast. Under 24 hours I got shut off. Which makes me feel like [ISPs] do monitor your traffic and its not just the people sending them notices,” the post read.

Again, some interesting points here.

Any content can be monitored by rightsholders but if it’s popular in the US then a warning delivered via an ISP seems to be more likely than elsewhere. However, the misconception that the monitoring is done by ISPs persists, despite that not being the case.

ISPs do not monitor users’ file-sharing activity, anti-piracy companies do. They can grab an IP address the second someone enters a torrent swarm, or even connects to a tracker. It happens in an instant, at a time of their choosing. Quickly jumping in and out of a torrent is no guarantee and the fallacy of not getting caught due to a failure to seed is just that – a fallacy.

But perhaps the most important thing is that after five warnings and a disconnection, the Reddit user decided to take action. Sadly for the people behind Rosanne, it’s not exactly the reaction they’d have hoped for.

“I do not want to push it but I am curious to what happens 6th time, and if I would even be safe behind a VPN,” he wrote.

“Just want to learn how to use a VPN and Sonarr and have a guilt free stress free torrent watching.”

Of course, there was no shortage of advice.

“If you have gotten 5 notices, you really should of learnt [sic] how to use a VPN before now,” one poster noted, perhaps inevitably.

But curiously, or perhaps obviously given the number of previous warnings, the fifth warning didn’t come as a surprise to the user.

“I knew they were going to hit me for it. I just didn’t think a 195mb file would do it. They were getting me for Disney movies in the past,” he added.

So how do you grab the attention of a persistent infringer like this? Five warnings and a suspension apparently. But clearly, not even that is a guarantee of success. Perhaps this is why most ‘strike’ schemes tend to give up on people who can’t be rehabilitated.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

The answers to your questions for Eben Upton

Post Syndicated from Alex Bate original https://www.raspberrypi.org/blog/eben-q-a-1/

Before Easter, we asked you to tell us your questions for a live Q & A with Raspberry Pi Trading CEO and Raspberry Pi creator Eben Upton. The variety of questions and comments you sent was wonderful, and while we couldn’t get to them all, we picked a handful of the most common to grill him on.

You can watch the video below — though due to this being the first pancake of our live Q&A videos, the sound is a bit iffy — or read Eben’s answers to the first five questions today. We’ll follow up with the rest in the next few weeks!

Live Q&A with Eben Upton, creator of the Raspberry Pi

Get your questions to us now using #AskRaspberryPi on Twitter

Any plans for 64-bit Raspbian?

Raspbian is effectively 32-bit Debian built for the ARMv6 instruction-set architecture supported by the ARM11 processor in the first-generation Raspberry Pi. So maybe the question should be: “Would we release a version of our operating environment that was built on top of 64-bit ARM Debian?”

And the answer is: “Not yet.”

When we released the Raspberry Pi 3 Model B+, we released an operating system image on the same day; the wonderful thing about that image is that it runs on every Raspberry Pi ever made. It even runs on the alpha boards from way back in 2011.

That deep backwards compatibility is really important for us, in large part because we don’t want to orphan our customers. If someone spent $35 on an older-model Raspberry Pi five or six years ago, they still spent $35, so it would be wrong for us to throw them under the bus.

So, if we were going to do a 64-bit version, we’d want to keep doing the 32-bit version, and then that would mean our efforts would be split across the two versions; and remember, we’re still a very small engineering team. Never say never, but it would be a big step for us.

For people wanting a 64-bit operating system, there are plenty of good third-party images out there, including SUSE Linux Enterprise Server.

Given that the 3B+ includes 5GHz wireless and Power over Ethernet (PoE) support, why would manufacturers continue to use the Compute Module?

It’s a form-factor thing.

Very large numbers of people are using the bigger product in an industrial context, and it’s well engineered for that: it has module certification, wireless on board, and now PoE support. But there are use cases that can’t accommodate this form factor. For example, NEC displays: we’ve had this great relationship with NEC for a couple of years now where a lot of their displays have a socket in the back that you can put a Compute Module into. That wouldn’t work with the 3B+ form factor.

Back of an NEC display with a Raspberry Pi Compute Module slotted in.

An NEC display with a Raspberry Pi Compute Module

What are some industrial uses/products Raspberry is used with?

The NEC displays are a good example of the broader trend of using Raspberry Pi in digital signage.

A Raspberry Pi running the wait time signage at The Wizarding World of Harry Potter, Universal Studios.
Image c/o thelonelyredditor1

If you see a monitor at a station, or an airport, or a recording studio, and you look behind it, it’s amazing how often you’ll find a Raspberry Pi sitting there. The original Raspberry Pi was particularly strong for multimedia use cases, so we saw uptake in signage very early on.

An array of many Raspberry Pis

Los Alamos Raspberry Pi supercomputer

Another great example is the Los Alamos National Laboratory building supercomputers out of Raspberry Pis. Many high-end supercomputers now are built using white-box hardware — just regular PCs connected together using some networking fabric — and a collection of Raspberry Pi units can serve as a scale model of that. The Raspberry Pi has less processing power, less memory, and less networking bandwidth than the PC, but it has a balanced amount of each. So if you don’t want to let your apprentice supercomputer engineers loose on your expensive supercomputer, a cluster of Raspberry Pis is a good alternative.

Why is there no power button on the Raspberry Pi?

“Once you start, where do you stop?” is a question we ask ourselves a lot.

There are a whole bunch of useful things that we haven’t included in the Raspberry Pi by default. We don’t have a power button, we don’t have a real-time clock, and we don’t have an analogue-to-digital converter — those are probably the three most common requests. And the issue with them is that they each cost a bit of money, they’re each only useful to a minority of users, and even that minority often can’t agree on exactly what they want. Some people would like a power button that is literally a physical analogue switch between the 5V input and the rest of the board, while others would like something a bit more like a PC power button, which is partway between a physical switch and a ‘shutdown’ button. There’s no consensus about what sort of power button we should add.

So the answer is: accessories. By leaving a feature off the board, we’re not taxing the majority of people who don’t want the feature. And of course, we create an opportunity for other companies in the ecosystem to create and sell accessories to those people who do want them.

Adafruit Push-button Power Switch Breakout Raspberry Pi

The Adafruit Push-button Power Switch Breakout is one of many accessories that fill in the gaps for makers.

We have this neat way of figuring out what features to include by default: we divide through the fraction of people who want it. If you have a 20 cent component that’s going to be used by a fifth of people, we treat that as if it’s a $1 component. And it has to fight its way against the $1 components that will be used by almost everybody.

Do you think that Raspberry Pi is the future of the Internet of Things?

Absolutely, Raspberry Pi is the future of the Internet of Things!

In practice, most of the viable early IoT use cases are in the commercial and industrial spaces rather than the consumer space. Maybe in ten years’ time, IoT will be about putting 10-cent chips into light switches, but right now there’s so much money to be saved by putting automation into factories that you don’t need 10-cent components to address the market. Last year, roughly 2 million $35 Raspberry Pi units went into commercial and industrial applications, and many of those are what you’d call IoT applications.

So I think we’re the future of a particular slice of IoT. And we have ten years to get our price point down to 10 cents 🙂

The post The answers to your questions for Eben Upton appeared first on Raspberry Pi.

AWS Quest- a puzzling situation

Post Syndicated from Ana Visneski original https://aws.amazon.com/blogs/aws/aws-quest-a-puzzling-situation/

Ain't nobody here but us chickens. No clues hidden here this time!Starting on March 8th you might have seen AWS Quest popping up in different places. Now that we are a bit over halfway through the game, we thought it would be a great time give everyone a peek behind the curtain.

The whole idea started about a year ago during an casual conversation with Jeff when I first joined AWS. While we’re usually pretty good at staying focused in our meetings, he brought up that he had just finished a book he really enjoyed and asked me if I had read it. (A book that has since been made into a movie.) I don’t think there was a way for him to even imagine that as a huge fan of games, both table top and video games, how stoked I would be about the idea of bringing a game to our readers.

We got to talking about how great it would be to attempt a game that would involve the entire suite of AWS products and our various platforms. This idea might appear to be easy, but it has kept us busy with Lone Shark for about a year and we haven’t even scratched the surface of what we would like to do. Being able to finally share this first game with our customers has been an absolute delight.

From March 8-27th, each day we have been and will be releasing a new puzzle. The clues for the puzzles are hidden somewhere all over AWS, and once customers have found the clues they can figure out the puzzle which results in a word. That word is the name of a component to rebuild Ozz, Jeff’s robot buddy.

We wanted to try make sure that anyone could play and we tried to surround each puzzle with interesting Easter eggs. So far, it seems to be working and we are seeing some really cool collaborative effort between customers to solve the puzzles. From tech talks to women who code, posts both recent and well in the past, and to Twitter and podcasts, we wanted to hide the puzzles in places our customers might not have had a chance to really explore before. Given how much Jeff enjoyed doing a live Twitch stream so much I won’t be surprised when he tells me he wants to do a TV show next.

So far players have solved 8 of 13 puzzles!

09 Mar10 Mar11 Mar12 Mar13 Mar14 Mar15 Mar16 Mar17 Mar18 Mar19 Mar20 Mar

The learnings we have already gathered as we are just a little past halfway in the quest are mind boggling. We have learned that there will be a guy who figures out how to build a chicken coop in 3D to solve a puzzle, or build a script to crawl a site looking for any reply to a blog post that might be a clue. There were puzzles we completely expected people to get stuck on that they have solved in a snap. They have really kept us on our toes, which isn’t a bad thing. It really doesn’t hurt that the players are incredibly adept at thinking outside the box, and we can’t wait to tell you how the puzzles were solved at the end.

We still have a little under a week of puzzles to go, before you can all join Jeff and special guests on a live Twitch stream to reassemble Ozz 2.0! And you don’t have to hold off for the next time we play, as there are still many puzzles to be solved and every player matters! Just keep an eye out for new puzzles to appear everyday until March 27th, join the Reddit, come to the AMA, or take a peek into the chat and get solving!

Time to wipe off your brow, and get back into solving the last of the puzzles! I am going to try to go explain to my mother and father what exactly I am doing with those two masters degrees and how much fun it really is…

 

Using JWT For Sessions

Post Syndicated from Bozho original https://techblog.bozho.net/using-jwt-sessions/

The topic has been discussed many times, on hacker news, reddit, blogs. And the consensus is – DON’T USE JWT (for user sessions).

And I largely agree with the criticism of typical arguments for the JWT, the typical “but I can make it work…” explanations and the flaws of the JWT standard..

I won’t repeat everything here, so please go and read those articles. You can really shoot yourself in the foot with JWT, it’s complex to get to know it well and it has little benefits for most of the usecases. I guess for API calls it makes sense, especially if you reuse the same API in a single-page application and for your RESTful clients, but I’ll focus on the user session usecase.

Having all this criticism, I’ve gone against what the articles above recommend, and use JWT, navigating through their arguments and claiming I’m in a sweet spot. I can very well be wrong.

I store the user ID in a JWT token stored as a cookie. Not local storage, as that’s problematic. Not the whole state, as I don’t need that may lead to problems (pointed out in the linked articles). In fact, I don’t have any session state apart from the user data, which I think is a good practice.

What I want to avoid in my setup is sharing sessions across nodes. And this is a very compelling reason to not use the session mechanism of your web server/framework. No, you don’t need to have millions of users in order to need your application to run on more than one node. In fact, it should almost always run on (at least) two nodes, because nodes die and you don’t want downtime. Sticky sessions at the load balancer are a solution to that problem but you are just outsourcing the centralized session storage to the load balancer (and some load balancers might not support it). Shared session cache (e.g. memcached, elasticache, hazelcast) is also an option, and many web servers (at least in Java) support pluggable session replication mechanisms, but that introduces another component to the archtecture, another part of the stack to be supported and that can possibly break. It is not necessarily bad, but if there’s a simple way to avoid it, I’d go for it.

In order to avoid shared session storage, you need either the whole session state to be passed in the request/response cycle (as cookie, request parameter, header), or to receive a userId and load the user from the database or a cache. As we’ve learned, the former might be a bad choice. Despite that fact that frameworks like ASP.NET and JSF dump the whole state in the HTML of the page, it doesn’t intuitively sound good.

As for the latter – you may say “ok, if you are going to load the user from the database on every request this is going to be slow and if you use a cache, then why not use the cache for the sessions themselves?”. Well, the cache can be local. Remember we have just a few application nodes. Each node can have a local, in-memory cache for the currently active users. The fact that all nodes will have the same user loaded (after a few requests are routed to them by the load balancer in a round-robin fashion) is not important, as that cache is small. But you won’t have to take any care for replicating it across nodes, taking care of new nodes coming and going from the cluster, dealing with network issues between the nodes, etc. Each application node will be an island not caring about any other application node.

So here goes my first objection to the linked articles – just storing the user identifier in a JWT token is not pointless, as it saves you from session replication.

What about the criticism for the JWT standard and the security implications of its cryptography? Entirely correct, it’s easy to shoot yourself in the foot. That’s why I’m using JWT only with MAC, and only with a particular algorithm that I verify upon receiving the token, thus (allegedly) avoiding all the pitfalls. In all fairness, I’m willing to use the alternative proposed in one of the articles – PASETO – but it doesn’t have a Java library and it will take some time implementing one (might do in the future). To summarize – if there was another easy to use way for authenticated encryption of cookies, I’d use it.

So I’m basically using JWT in “PASETO-mode”, with only one operation and only one algorithm. And that should be fine as a general approach – the article doesn’t criticize the idea of having a user identifier in a token (and a stateless application node), it criticizes the complexity and vulnerabilities of the standard. This is sort of my second objection – “Don’t use JWT” is widely understood to mean “Don’t use tokens”, where that is not the case.

Have I introduced some vulnerability in my strive for architectural simplicity and lack of shared state? I hope not.

The post Using JWT For Sessions appeared first on Bozho's tech blog.

Early Challenges: Making Critical Hires

Post Syndicated from Gleb Budman original https://www.backblaze.com/blog/early-challenges-making-critical-hires/

row of potential employee hires sitting waiting for an interview

In 2009, Google disclosed that they had 400 recruiters on staff working to hire nearly 10,000 people. Someday, that might be your challenge, but most companies in their early days are looking to hire a handful of people — the right people — each year. Assuming you are closer to startup stage than Google stage, let’s look at who you need to hire, when to hire them, where to find them (and how to help them find you), and how to get them to join your company.

Who Should Be Your First Hires

In later stage companies, the roles in the company have been well fleshed out, don’t change often, and each role can be segmented to focus on a specific area. A large company may have an entire department focused on just cubicle layout; at a smaller company you may not have a single person whose actual job encompasses all of facilities. At Backblaze, our CTO has a passion and knack for facilities and mostly led that charge. Also, the needs of a smaller company are quick to change. One of our first hires was a QA person, Sean, who ended up being 100% focused on data center infrastructure. In the early stage, things can shift quite a bit and you need people that are broadly capable, flexible, and most of all willing to pitch in where needed.

That said, there are times you may need an expert. At a previous company we hired Jon, a PhD in Bayesian statistics, because we needed algorithmic analysis for spam fighting. However, even that person was not only able and willing to do the math, but also code, and to not only focus on Bayesian statistics but explore a plethora of spam fighting options.

When To Hire

If you’ve raised a lot of cash and are willing to burn it with mistakes, you can guess at all the roles you might need and start hiring for them. No judgement: that’s a reasonable strategy if you’re cash-rich and time-poor.

If your cash is limited, try to see what you and your team are already doing and then hire people to take those jobs. It may sound counterintuitive, but if you’re already doing it presumably it needs to be done, you have a good sense of the type of skills required to do it, and you can bring someone on-board and get them up to speed quickly. That then frees you up to focus on tasks that can’t be done by someone else. At Backblaze, I ran marketing internally for years before hiring a VP of Marketing, making it easier for me to know what we needed. Once I was hiring, my primary goal was to find someone I could trust to take that role completely off of me so I could focus solely on my CEO duties

Where To Find the Right People

Finding great people is always difficult, particularly when the skillsets you’re looking for are highly in-demand by larger companies with lots of cash and cachet. You, however, have one massive advantage: you need to hire 5 people, not 5,000.

People You Worked With

The absolutely best people to hire are ones you’ve worked with before that you already know are good in a work situation. Consider your last job, the one before, and the one before that. A significant number of the people we recruited at Backblaze came from our previous startup MailFrontier. We knew what they could do and how they would fit into the culture, and they knew us and thus could quickly meld into the environment. If you didn’t have a previous job, consider people you went to school with or perhaps individuals with whom you’ve done projects previously.

People You Know

Hiring friends, family, and others can be risky, but should be considered. Sometimes a friend can be a “great buddy,” but is not able to do the job or isn’t a good fit for the organization. Having to let go of someone who is a friend or family member can be rough. Have the conversation up front with them about that possibility, so you have the ability to stay friends if the position doesn’t work out. Having said that, if you get along with someone as a friend, that’s one critical component of succeeding together at work. At Backblaze we’ve hired a number of people successfully that were friends of someone in the organization.

Friends Of People You Know

Your network is likely larger than you imagine. Your employees, investors, advisors, spouses, friends, and other folks all know people who might be a great fit for you. Make sure they know the roles you’re hiring for and ask them if they know anyone that would fit. Search LinkedIn for the titles you’re looking for and see who comes up; if they’re a 2nd degree connection, ask your connection for an introduction.

People You Know About

Sometimes the person you want isn’t someone anyone knows, but you may have read something they wrote, used a product they’ve built, or seen a video of a presentation they gave. Reach out. You may get a great hire: worst case, you’ll let them know they were appreciated, and make them aware of your organization.

Other Places to Find People

There are a million other places to find people, including job sites, community groups, Facebook/Twitter, GitHub, and more. Consider where the people you’re looking for are likely to congregate online and in person.

A Comment on Diversity

Hiring “People You Know” can often result in “Hiring People Like You” with the same workplace experiences, culture, background, and perceptions. Some studies have shown [1, 2, 3, 4] that homogeneous groups deliver faster, while heterogeneous groups are more creative. Also, “Hiring People Like You” often propagates the lack of women and minorities in tech and leadership positions in general. When looking for people you know, keep an eye to not discount people you know who don’t have the same cultural background as you.

Helping People To Find You

Reaching out proactively to people is the most direct way to find someone, but you want potential hires coming to you as well. To do this, they have to a) be aware of you, b) know you have a role they’re interested in, and c) think they would want to work there. Let’s tackle a) and b) first below.

Your Blog

I started writing our blog before we launched the product and talked about anything I found interesting related to our space. For several years now our team has owned the content on the blog and in 2017 over 1.5 million people read it. Each time we have a position open it’s published to the blog. If someone finds reading about backup and storage interesting, perhaps they’d want to dig in deeper from the inside. Many of the people we’ve recruited have mentioned reading the blog as either how they found us or as a factor in why they wanted to work here.
[BTW, this is Gleb’s 200th post on Backblaze’s blog. The first was in 2008. — Editor]

Your Email List

In addition to the emails our blog subscribers receive, we send regular emails to our customers, partners, and prospects. These are largely focused on content we think is directly useful or interesting for them. However, once every few months we include a small mention that we’re hiring, and the positions we’re looking for. Often a small blurb is all you need to capture people’s imaginations whether they might find the jobs interesting or can think of someone that might fit the bill.

Your Social Involvement

Whether it’s Twitter or Facebook, Hacker News or Slashdot, your potential hires are engaging in various communities. Being socially involved helps make people aware of you, reminds them of you when they’re considering a job, and paints a picture of what working with you and your company would be like. Adam was in a Reddit thread where we were discussing our Storage Pods, and that interaction was ultimately part of the reason he left Apple to come to Backblaze.

Convincing People To Join

Once you’ve found someone or they’ve found you, how do you convince them to join? They may be currently employed, have other offers, or have to relocate. Again, while the biggest companies have a number of advantages, you might have more unique advantages than you realize.

Why Should They Join You

Here are a set of items that you may be able to offer which larger organizations might not:

Role: Consider the strengths of the role. Perhaps it will have broader scope? More visibility at the executive level? No micromanagement? Ability to take risks? Option to create their own role?

Compensation: In addition to salary, will their options potentially be worth more since they’re getting in early? Can they trade-off salary for more options? Do they get option refreshes?

Benefits: In addition to healthcare, food, and 401(k) plans, are there unique benefits of your company? One company I knew took the entire team for a one-month working retreat abroad each year.

Location: Most people prefer to work close to home. If you’re located outside of the San Francisco Bay Area, you might be at a disadvantage for not being in the heart of tech. But if you find employees close to you you’ve got a huge advantage. Sometimes it’s micro; even in the Bay Area the difference of 5 miles can save 20 minutes each way every day. We located the Backblaze headquarters in San Mateo, a middle-ground that made it accessible to those coming from San Jose and San Francisco. We also chose a downtown location near a train, restaurants, and cafes: all to make it easier and more pleasant. Also, are you flexible in letting your employees work remotely? Our systems administrator Elliott is about to embark on a long-term cross-country journey working from an RV.

Environment: Open office, cubicle, cafe, work-from-home? Loud/quiet? Social or focused? 24×7 or work-life balance? Different environments appeal to different people.

Team: Who will they be working with? A company with 100,000 people might have 100 brilliant ones you’d want to work with, but ultimately we work with our core team. Who will your prospective hires be working with?

Market: Some people are passionate about gaming, others biotech, still others food. The market you’re targeting will get different people excited.

Product: Have an amazing product people love? Highlight that. If you’re lucky, your potential hire is already a fan.

Mission: Curing cancer, making people happy, and other company missions inspire people to strive to be part of the journey. Our mission is to make storing data astonishingly easy and low-cost. If you care about data, information, knowledge, and progress, our mission helps drive all of them.

Culture: I left this for last, but believe it’s the most important. What is the culture of your company? Finding people who want to work in the culture of your organization is critical. If they like the culture, they’ll fit and continue it. We’ve worked hard to build a culture that’s collaborative, friendly, supportive, and open; one in which people like coming to work. For example, the five founders started with (and still have) the same compensation and equity. That started a culture of “we’re all in this together.” Build a culture that will attract the people you want, and convey what the culture is.

Writing The Job Description

Most job descriptions focus on the all the requirements the candidate must meet. While important to communicate, the job description should first sell the job. Why would the appropriate candidate want the job? Then share some of the requirements you think are critical. Remember that people read not just what you say but how you say it. Try to write in a way that conveys what it is like to actually be at the company. Ahin, our VP of Marketing, said the job description itself was one of the things that attracted him to the company.

Orchestrating Interviews

Much can be said about interviewing well. I’m just going to say this: make sure that everyone who is interviewing knows that their job is not only to evaluate the candidate, but give them a sense of the culture, and sell them on the company. At Backblaze, we often have one person interview core prospects solely for company/culture fit.

Onboarding

Hiring success shouldn’t be defined by finding and hiring the right person, but instead by the right person being successful and happy within the organization. Ensure someone (usually their manager) provides them guidance on what they should be concentrating on doing during their first day, first week, and thereafter. Giving new employees opportunities and guidance so that they can achieve early wins and feel socially integrated into the company does wonders for bringing people on board smoothly

In Closing

Our Director of Production Systems, Chris, said to me the other day that he looks for companies where he can work on “interesting problems with nice people.” I’m hoping you’ll find your own version of that and find this post useful in looking for your early and critical hires.

Of course, I’d be remiss if I didn’t say, if you know of anyone looking for a place with “interesting problems with nice people,” Backblaze is hiring. 😉

The post Early Challenges: Making Critical Hires appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

When You Have A Blockchain, Everything Looks Like a Nail

Post Syndicated from Bozho original https://techblog.bozho.net/blockchain-everything-looks-like-nail/

Blockchain, AI, big data, NoSQL, microservices, single page applications, cloud, SOA. What do these have in common? They have been or are hyped. At some point they were “the big thing” du jour. Everyone was investigating the possibility of using them, everyone was talking about them, there were meetups, conferences, articles on Hacker news and reddit. There are more examples, of course (which is the javascript framework this month?) but I’ll focus my examples on those above.

Another thing they have in common is that they are useful. All of them have some pretty good applications that are definitely worth the time and investment.

Yet another thing they have in common is that they are far from universally applicable. I’ve argued that monoliths are often still the better approach and that microservices introduce too much complexity for the average project. Big Data is something very few organizations actually have; AI/machine learning can help a wide variety of problems, but it is just a tool in a toolbox, not the solution to all problems. Single page applications are great for, yeah, applications, but most websites are still websites, not feature-rich frontends – you don’t need an SPA for every type of website. NoSQL has solved niche issues, and issues of scale that few companies have had, but nothing beats a good old relational database for the typical project out there. “The cloud” is not always where you want your software to be; and SOA just means everything (ESBs, direct integrations, even microservices, according to some). And the blockchain – it seems to be having limited success beyond cryptocurrencies.

And finally, another trait many of them share is that the hype has settled down. Only yesterday I read an article about the “death of the microservices madness”. I don’t see nearly as many new NoSQL databases as a few years ago, some of the projects that have been popular have faded. SOA and “the cloud” are already “boring”, and we’ve realized we don’t actually have big data if it fits in an Excel spreadsheet. SPAs and AI are still high in popularity, but we are getting a good understanding as a community why and when they are useful.

But it seems that nuanced reality has never stopped us from hyping a particular technology or approach. And maybe that’s okay in order to get a promising, though niche, technology, the spotlight and let it shine in the particular usecases where it fits.

But countless projects have and will suffer from our collective inability to filter through these hypes. I’d bet millions of developer hours have been wasted in trying to use the above technologies where they just didn’t fit. It’s like that scene from Idiocracy where a guy tries to fit a rectangular figure into a circular hole.

And the new one is not “the blockchain”. I won’t repeat my rant, but in summary – it doesn’t solve many of the problems companies are trying to solve with it right now just because it’s cool. Or at least it doesn’t solve them better than existing solutions. Many pilots will be carried out, many hours will be wasted in figuring out why that thing doesn’t work. A few of those projects will be a good fit and will actually bring value.

Do you need to reach multi-party consensus for the data you store? Can all stakeholder support the infrastructure to run their node(s)? Do they have the staff to administer the node(s)? Do you need to execute distributed application code on the data? Won’t it be easier to just deploy RESTful APIs and integrate the parties through that? Do you need to store all the data, or just parts of it, to guarantee data integrity?

“If you have is a hammer, everything looks like a nail” as the famous saying goes. In the software industry we repeatedly find new and cool hammers and then try to hit as many nails as we can. But only few of them are actual nails. The rest remain ugly, hard to support, “who was the idiot that wrote this” and “I wasn’t here when the decisions were made” types of projects.

I don’t have the illusion that we will calm down and skip the next hypes. Especially if adding the hyped word to your company raises your stock price. But if there’s one thing I’d like people to ask themselves when choosing a technology stack, it is “do we really need that to solve our problems?”.

If the answer is really “yes”, then great, go ahead and deploy the multi-organization permissioned blockchain, or fork Ethereum, or whatever. If not, you can still do a project a home that you can safely abandon. And if you need some pilot project to figure out whether the new piece of technology would be beneficial – go ahead and try it. But have a baseline – the fact that it somehow worked doesn’t mean it’s better than old, tested models of doing the same thing.

The post When You Have A Blockchain, Everything Looks Like a Nail appeared first on Bozho's tech blog.

Fraud Detection in Pokémon Go

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2017/11/fraud_detection.html

I play Pokémon Go. (There, I’ve admitted it.) One of the interesting aspects of the game I’ve been watching is how the game’s publisher, Niantec, deals with cheaters.

There are three basic types of cheating in Pokémon Go. The first is botting, where a computer plays the game instead of a person. The second is spoofing, which is faking GPS to convince the game that you’re somewhere you’re not. These two cheats are often used together — and you see the results in the many high-level accounts for sale on the Internet. The third type of cheating is the use of third-party apps like trackers to get extra information about the game.

None of this would matter if everyone played independently. The only reason any player cares about whether other players are cheating is that there is a group aspect of the game: gym battling. Everyone’s enjoyment of that part of the game is affected by cheaters who can pretend to be where they’re not, especially if they have lots of powerful Pokémon that they collected effortlessly.

Niantec has been trying to deal with this problem since the game debuted, mostly by banning accounts when it detects cheating. Its initial strategy was basic — algorithmically detecting impossibly fast travel between physical locations or super-human amounts of playing, and then banning those accounts — with limited success. The limiting factor in all of this is false positives. While Niantec wants to stop cheating, it doesn’t want to block or limit any legitimate players. This makes it a very difficult problem, and contributes to the balance in the attacker/defender arms race.

Recently, Niantic implemented two new anti-cheating measures. The first is machine learning to detect cheaters. About this, we know little. The second is to limit the functionality of cheating accounts rather than ban them outright, making it harder for cheaters to know when they’ve been discovered.

“This is may very well be the beginning of Niantic’s machine learning approach to active bot countering,” user Dronpes writes on The Silph Road subreddit. “If the parameters for a shadowban are constantly adjusted server-side, as they can now easily be, then Niantic’s machine learning engineers can train their detection (classification) algorithms in ever-improving, ever more aggressive ways, and botters will constantly be forced to re-evaluate what factors may be triggering the detection.”

One of the expected future features in the game is trading. Creating a market for rare or powerful Pokémon would add a huge additional financial incentive to cheat. Unless Niantec can effectively prevent botting and spoofing, it’s unlikely to implement that feature.

Cheating detection in virtual reality games is going to be a constant problem as these games become more popular, especially if there are ways to monetize the results of cheating. This means that cheater detection will continue to be a critical component of these games’ success. Anything Niantec learns in Pokémon Go will be useful in whatever games come next.

Mystic, level 39 — if you must know.

And, yes, I know the game tracks works by tracking your location. I’m all right with that. As I repeatedly say, Internet privacy is all about trade-offs.