Category: Uncategorized
AWS WAF adds JA4 fingerprinting
TIL:
A JA4 TLS client fingerprint contains a 36-character long fingerprint of the TLS Client Hello which is used to initiate a secure connection from clients. The fingerprint can be used to build a database of known good and bad actors to apply when inspecting HTTP[S] requests. These new features enhance your ability to identify and mitigate sophisticated attacks by creating more precise rules based on client behavior patterns. By leveraging both JA4 and JA3 fingerprinting capabilities, you can implement robust protection against automated threats while maintaining legitimate traffic flow to your applications.
Tags: fingerprinting http https tls ja3 ja4 inspection networking firewalls waf web
-
I could have done with knowing about this before implementing mock APNs, Huawei, Microsoft and FCM push APIs over the last few years!
An open-source tool for API mock testing, with over 5 million downloads per month. It can help you to create stable test and development environments, isolate yourself from flakey 3rd parties and simulate APIs that don’t exist yet.
Nice features include running in-process in a JVM, standalone, or in a Docker container; GraphQL and gRPC support; and fault and latency injection. https://library.wiremock.org/ is a library of pre-built API mocks other people have previously made.
Tags: mocking testing mocks integration-testing wiremock tools coding apis
-
KIP-932 adds a long awaited capability to the Apache Kafka project: queue-like semantics, including the ability to acknowledge messages on a one-by-one basis. This positions Kafka for use cases such as job queuing, for which it hasn’t been a good fit historically. As multiple members of a share group can process the messages from a single topic partition, the partition count does not limit the degree of consumer parallelism any longer. The number of consumers in a group can quickly be increased and decreased as needed, without requiring to repartition the topic.
[….] Available as an early access feature as of the [unreleased] Kafka 4.0 release, Kafka queues are not recommended for production usage yet, and there are several limitations worth calling out: most importantly, the lack of DLQ support. More control over retry timing would be desirable, too. As such, I don’t think Kafka queues in their current form will make users of established queue solutions such as Artemis or RabbitMQ migrate to Kafka. It is a very useful addition to the Kafka feature set nevertheless, coming in handy for instance for teams already running Kafka and who look for a solution for simple queuing use cases, avoiding to stand up and operate a separate solution just for these. This story will become even more compelling if the feature gets built out and improved in future Kafka releases.
Tags: kafka queueing queues architecture
-
“Hardware Acceleration for JSON Parsing, Querying and Schema Validation” —
State-of-the-art analytics pipelines can now process data at a rate that exceeds 50 Gbps owing to recent advances in RDMA, NVM, and network technology (notably Infiniband). The peak throughput of the best-performing software solutions for parsing, querying, and validating JSON data is 20 Gbps, which is far lower than the current requirement.
We propose a novel [hardware-]based accelerator that ingests 16-bytes of JSON data at a time and processes all the 16 bytes in parallel as opposed to competing approaches that process such data byte by byte. Our novel solution comprises lookup tables, parallel sliding windows, and recursive computation. Together, they ensure that our online pipeline does not encounter any stalls while performing all the operations on JSON data. We ran experiments on several widely used JSON benchmarks/datasets and demonstrated that we can parse and query JSON data at 106 Gbps (@28 nm).
(Via Rob)
Tags: accelerators papers asics json parsing throughput performance via:rsynnott
The history behind “Assassin’s Creed: Valhalla”
History Hit, the UK historical podcast company, are recording a podcast where they dig into the extensive historical background used in the various “Assassin’s Creed” videogames. This episode digs into the history which animates “Assassin’s Creed: Valhalla”, set in Britain and Ireland around 800-900CE during the time of the Great Heathen Army’s invasion, and it’s fascinating stuff.
Tags: history podcasts ireland britain vikings assassins-creed videogames games
-
Two excellent tools in one blog post.
Visidata “is a commandline tool to work with data in all sorts of formats, including from stdin”; in this example it’s taking lines of JSONL and producing an instant histogram of values from the stream:
Once visidata is open, use the arrow keys to move to the column on which you want to build a histogram and press Shift-F. Since it works with pipes if you leave the -e off the kafkacat argument you get a live stream of messages from the Kafka topic and the visidata will continue to update as messages arrive (although I think you need to replot the histogram if you want it to refresh).
On top of that, there’s kcat, “netcat for Kafka”, “a swiss-army knife of tools for inspecting and creating data in Kafka”, even supporting on-the-fly decode of Avro messages. https://github.com/edenhill/kcat
Answers for AWS Survey for 2025
The most-used AWS services; mainly SNS, SQS, and everyone hates Jenkins
Tags: aws sqs sns architecture cloud-computing surveys
-
An extremely fast Python linter and code formatter, written in Rust.
Ruff aims to be orders of magnitude faster than alternative tools while integrating more functionality behind a single, common interface.
Ruff can be used to replace Flake8 (plus dozens of plugins), Black, isort, pydocstyle, pyupgrade, autoflake, and more, all while executing tens or hundreds of times faster than any individual tool.
-
This is a decent write-up of what Amazon’s “Correction of Error” documents look like. CoEs are the standard format for writing up post-mortems of significant outages or customer-impacting incidents in Amazon and AWS; I’ve had the unpleasant duty of writing a couple myself — thankfully for nothing too major.
This is fairly similar to what’s being used elsewhere, but it’s good to have an authoritative bookmark to refer to. (via LWIA)
Tags: via:lwia aws amazon post-mortems coe incidents ops process
-
“We are dedicated to the American public and we’re not done yet”. legends!
For over 11 years, 18F has been proudly serving you to make government technology work better. We are non-partisan civil servants. 18F has worked on hundreds of projects, all designed to make government technology not just efficient but effective, and to save money for American taxpayers.
However, all employees at 18F – a group that the Trump Administration GSA Technology Transformation Services Director called “the gold standard” of civic tech – were terminated today at midnight ET.
Tags: policy government programming tech software politics 18f maga doge
-
Some interesting notes about smallpond, a new high-performance DuckDB-based distributed data lake query system from DeepSeek:
DeepSeek is introducing smallpond, a lightweight open-source framework, leveraging DuckDB to process terabyte-scale datasets in a distributed manner. Their benchmark states: “Sorted 110.5TiB of data in 30 minutes and 14 seconds, achieving an average throughput of 3.66TiB/min.”
The benchmark on 100TB mentioned is actually using the custom DeepSeek 3FS framework: Fire-Flyer File System is a high-performance distributed file system designed to address the challenges of AI training and inference workloads. […] compared to AWS S3, 3FS is built for speed, not just storage. While S3 is a reliable and scalable object store, it comes with higher latency and eventual consistency […] 3FS, on the other hand, is a high-performance distributed file system that leverages SSDs and RDMA networks to deliver low-latency, high-throughput storage. It supports random access to training data, efficient checkpointing, and strong consistency.
So — this is very impressive. However!
-
RDMA (remote direct memory access) networking for a large-scale storage system! That is absolutely bananas. I wonder how much that benchmark cluster cost to run… still, this is a very interesting technology for massive-scale super-low-latency storage. https://www.definite.app/blog/smallpond also notes “3FS achieves a remarkable read throughput of 6.6 TiB/s on a 180-node cluster, which is significantly higher than many traditional distributed file systems.”
-
it seems smallpond operates strictly with partition-level parallelism, so if your data isn’t partitioned in exactly the right way, you may still find your query bottlenecked:
Smallpond’s distribution leverages Ray Core at the Python level, using partitions for scalability. Partitioning can be done manually, and Smallpond supports:
- Hash partitioning (based on column values);
- Even partitioning (by files or row counts);
- Random shuffle partitioning
As I understand it, Trino has a better idea of how to scale out queries across worker nodes even without careful pre-partitioning, which is handy.
Tags: data-lakes deepseek duckdb rdma networking 3fs smallpond trino ray
-
Buying a good laptop. Not a new laptop, a good one.
Love this. Advice on how to pick a really solid, basic, but good second-hand laptop — tl;dr: “Buy a used business laptop. Apple or PC. Try typing on it first.”
Tags: laptops shopping secondhand hardware tips
Using dtrace on MacOS with SIP enabled
“On all current MacOS versions (Catalina 10.15.x, Big Sur 11.x) System Integrity Protection (SIP) is enabled by default and prevents most uses of dtrace and other tools and scripts based on it (i.e. dtruss).”
Wow this is really complicated. Nice work, Apple (via Tony Finch)
The Anti-Capitalist Software License
Here it is in full:
ANTI-CAPITALIST SOFTWARE LICENSE (v 1.4)
Copyright © [year] [copyright holders]
This is anti-capitalist software, released for free use by individuals and organizations that do not operate by capitalist principles.
Permission is hereby granted, free of charge, to any person or organization (the "User") obtaining a copy of this software and associated documentation files (the "Software"), to use, copy, modify, merge, distribute, and/or sell copies of the Software, subject to the following conditions:
-
The above copyright notice and this permission notice shall be included in all copies or modified versions of the Software.
-
The User is one of the following: a. An individual person, laboring for themselves b. A non-profit organization c. An educational institution d. An organization that seeks shared profit for all of its members, and allows non-members to set the cost of their labor
-
If the User is an organization with owners, then all owners are workers and all workers are owners with equal equity and/or equal vote.
-
If the User is an organization, then the User is not law enforcement or military, or working for or under either.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT EXPRESS OR IMPLIED WARRANTY OF ANY KIND, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
This is fun because it would make esr’s head explode.
Tags: licenses capitalism ethics licensing software politics anti-capitalist open-source
-
Mark Butcher on AWS sustainability claims
Sustainable IT expert lays into AWS:
3 years after shouting about Amazons total lack of transparency with sustainability reporting, here’s a list of what I think they’ve achieved:
1) They let you export a CSV for 3 lines of numbers showing your last months made up numbers that are up to 99% too low
2) Urmmm…. that’s about it
[….] I know of several very large enterprise orgs starting to proactively marginalise them (i.e. not move away 100%, but massively reducing consumption). The one’s I know about will cost them around $1 billion of spend. Is that enough to make them pay attention?
This article from Canalys in the Register says “Amazon doesn’t provide AWS-specific, location-based data, meaning: “We don’t really know how big AWS’s footprint truly is, which I think is a bit worrying.”
They follow up with “Amazon has chosen not break out data on environmental stats such as greenhouse gas emissions for AWS from the rest of the company in its sustainability reports, making it almost impossible to determine whether these emissions are growing as they have been for its cloud rivals.”
Interesting isn’t it… if they were actually as sustainable as they pretend, you’d expect them to share open and honest numbers, instead what we get are marketing puff pieces making what seem like invented PUE claims backed by zero evidence.
Elsewhere he notes “AWS customers are still unable to natively measure actual power consumption, report on actual carbon emissions, report on water usage. This’ll make life interesting for all those AI companies subject to legislation like the EU AI Act or needing to report to the EED and similar.”
(Via ClimateAction.tech)
Tags: climate-change aws sustainability pue reporting amazon cloud datacenters emissions
Europe begins to worry about US-controlled clouds
Interview with Bert Hubert about this major supply chain issue for EU governments:
The Register: In the US, the argument against China supplying network hardware [was] based on the concern that the Chinese government can just order China-based vendors to insert a backdoor. It sounds like you’re saying that, essentially, an analogous situation exists in the US now.
Hubert: Yeah, exactly. And that has been the case for a while. I mean, this is not an entirely new realization. The thing that is making it so interesting right now is that we are on the brink of [going all-in on Microsoft’s cloud].
The Dutch government is sort of just typical, so I mention it because I am Dutch, but they’re very representative of European governments right now. And they were heading to a situation where there was no email except Microsoft, which means that if one ministry wants to email the other ministry, they have to pass it by US servers.
Which leads to the odd situation that if the Dutch Ministry of Finance wants to send a secret to the Dutch National Bank, they’d have to send someone over with a typewriter to make it happen because [the communications channel has been outsourced].
There’s nothing left that we do not share with the US.
Tags: supply-chains clouds eu us politics geopolitics backdoors infosec security europe
-
Subtrace is “Wireshark for your Docker containers. It lets developers see all incoming and outgoing requests in their backend server so that they can resolve production issues faster.”
- Works out-of-the-box
- No code changes needed
- Supports all languages (Python + Node + Go + everything else)
- See full payload, headers, status code, and latency
- Less than 100µs performance overhead
- Built on Clickhouse
- Open source
Looks like it outputs to the Chrome Dev Console’s Network tab, or a facsimile of it; “Open the subt.link URL in your browser to watch a live stream of your backend server’s network logs”.
It may be interesting to try this out. (via LWIA)
Tags: subtrace tracing wireshark debugging docker containers ops clickhouse open-source tools tcpdump
-
Hollow is a java library and toolset for disseminating in-memory datasets from a single producer to many consumers for high performance read-only access.
Hollow focuses narrowly on its prescribed problem set: keeping an entire, read-only dataset in-memory on consumers. It circumvents the consequences of updating and evicting data from a partial cache.
Due to its performance characteristics, Hollow shifts the scale in terms of appropriate dataset sizes for an in-memory solution. Datasets for which such liberation may never previously have been considered can be candidates for Hollow. For example, Hollow may be entirely appropriate for datasets which, if represented with json or XML, might require in excess of 100GB.
Interesting approach, though possibly a bit scary in terms of circumventing the “keep things simple and boring” rule… still, a useful tool to have.
Tags: cache caching netflix java jvm memory hollow read-only architecture systems
Yahoo Mail hallucinates subject lines
OMG, this is hilarious. What a disaster from Yahoo Mail:
A quick Google search revealed that a few months ago Yahoo jumped on the AI craze with the launch of ”AI-generated, one-line email summaries”. At this point, the penny dropped. Just like Apple AI generating fake news summaries, Yahoo AI was hallucinating the fake winner messages, presumably as a result of training their model on our old emails. Worse, they were putting an untrustworthy AI summary in the exact place that users expect to see an email subject, with no mention of it being AI-generated ?
write hedging in Amazon DynamoDB
“Write hedging” is a nice technique to address p99 tail latencies, by increasing the volume of writes (or in the case of read hedging, reads):
Imagine you want a very low p99 read latency. One way to lower tail latencies is to hedge requests. You make a read request and then, if the response doesn’t come back quickly enough, make a second equivalent hedging request and let the two race. First response wins. If the first request suffered a dropped network packet, the second request will probably win. If things are just temporarily slow somewhere, the first request will probably win. Either way, hedging helps improve the p99 metrics, at the cost of some extra read requests.
Write hedging has a little more complexity involved, since you want to avoid accidental overwrites during races; this blog post goes into some detail on a technique to do this in DynamoDB, using timestamps. Good stuff.
(via Last Week In AWS)
Tags: via:lwia aws dynamodb write-hedging read-hedging p99 latencies tail-latencies optimization performance algorithms
-
I’m pretty happy with my current setup for the home network, but this is one I’ll keep in the back pocket for future possible use:
[Tailscale Docker Proxy] simplifies the process of securely exposing services and Docker containers to your Tailscale network by automatically creating Tailscale machines for each tagged container. This allows services to be accessible via unique, secure URLs without the need for complex configurations or additional Tailscale containers.
Tags: docker tailscale containers home networking
3DBenchy Enters the Public Domain
“3DBenchy, a 3D model [of an adorable little boat] designed specifically for testing and benchmarking 3D printers, is now in the public domain.”
Originally released on April 9, 2015, by Creative Tools, the model has become a beloved icon of the 3D printing community. […] NTI has decided to release 3DBenchy to the world by making it public domain, marking its 10th anniversary with this significant gesture.
Mark your calendars for April 9, 2025, as 3DBenchy celebrates its 10th anniversary! A special surprise is planned for the 3DBenchy community to commemorate this milestone.
(Via Alan Butler)
Tags: 3dbenchy 3d-printing via:alan-butler ip public-domain creative-commons
-
These are very cool — drawings of the vèvè, the symbology used in Haitian Vodou.
“Vodou, a [Haitian] spiritual and cultural practice that has long intrigued people from around the world, is a fascinating blend of African, Native American, and European beliefs and traditions. It’s a rich tapestry woven from the beliefs and experiences of enslaved peoples brought to the Caribbean and the Americas, and it has been shaped and evolved over centuries to become what it is today.”
(via Minor Mobius, https://bsky.app/profile/minormobius.bsky.social/post/3lhzvuovycs2a )
Tags: via:minormobius sigils veve haiti caribbean religion art graphics signs symbology
-
This is great — Monzo built “Monzo Stand-in”, a full “backup” of the main stack, since uptime is critical to them:
We take reliability seriously at Monzo so we built a completely separate backup banking infrastructure called Monzo Stand-in to add another layer of defence so customers can continue to use important services provided by us. We consider Monzo Stand-in to be a backup of last resort, not our primary mechanism of providing a reliable service to our customers, by providing us with an extra line of defence.
Monzo Stand-in is an independent set of systems that run on Google Cloud Platform (GCP) and is able to take over from our Primary Platform, which runs in Amazon Web Services (AWS), in the event of a major incident. It supports the most important features of Monzo like spending on cards, withdrawing cash, sending and receiving bank transfers, checking account balances and transactions, and freezing or unfreezing cards.
Flashback to the old Pimms setup in AWS Network Monitoring; we had an entire duplicate stack in AWS — every single piece duplicated and running independently.
Tags: architecture uptime monzo banking reliability ops via:itc
-
Very cool trick from Tony Finch; using the PCG random number generator, AVX or NEON vector instructions on modern CPUs allow generation of multiple RNG states at once, in parallel
Tags: rngs avx neon vector-instructions cpu parallelism pcg random randomness hacks
Language Models Do Addition Using Helices
wtf:
Mathematical reasoning is an increasingly important indicator of large language model (LLM) capabilities, yet we lack understanding of how LLMs process even simple mathematical tasks. To address this, we reverse engineer how three mid-sized LLMs compute addition. We first discover that numbers are represented in these LLMs as a generalized helix, which is strongly causally implicated for the tasks of addition and subtraction, and is also causally relevant for integer division, multiplication, and modular arithmetic. We then propose that LLMs compute addition by manipulating this generalized helix using the “Clock” algorithm: to solve a+b, the helices for a and b are manipulated to produce the a+b answer helix which is then read out to model logits. We model influential MLP outputs, attention head outputs, and even individual neuron preactivations with these helices and verify our understanding with causal interventions. By demonstrating that LLMs represent numbers on a helix and manipulate this helix to perform addition, we present the first representation-level explanation of an LLM’s mathematical capability.
Tags: llms helices trigonometry magic weird ai papers arithmetic addition subtraction
Critical Ignoring as a Core Competence for Digital Citizens
“Critical ignoring” as a strategy to control and immunize one’s information environment (Kozyreva et al., 2023):
Low-quality and misleading information online can hijack people’s attention, often by evoking curiosity, outrage, or anger. Resisting certain types of information and actors online requires people to adopt new mental habits that help them avoid being tempted by attention-grabbing and potentially harmful content.
We argue that digital information literacy must include the competence of critical ignoring—choosing what to ignore and where to invest one’s limited attentional capacities. We review three types of cognitive strategies for implementing critical ignoring:
- self-nudging, in which one ignores temptations by removing them from one’s digital environments;
- lateral reading, in which one vets information by leaving the source and verifying its credibility elsewhere online;
- and the do-not-feed-the-trolls heuristic, which advises one to not reward malicious actors with attention.
We argue that these strategies implementing critical ignoring should be part of school curricula on digital information literacy.
Good to give names to these practices, since we’re all having to do them nowadays anyway…
(Via Stan Carey)
Tags: psychology trolls media kids internet literacy attention critical-ignoring ignoring papers via:stancarey
-
“Carbon-aware infrastructure to optimize your CI/CD workflows” — “A multi-cloud CI/CD Github Actions Runner that shifts your workflows to the lowest CO2 regions. 90% Greener. 25% Cheaper. 1 line of code. Zero Effort. ?”
(Via Dryden Williams)
Tags: green sustainability carbon github ci cd workflows development via:climateactiontech
-
It’s Linux, running inside a PDF file.
“The humble PDF file format supports JavaScript – with a limited standard library, mind you. By leveraging this, [vk6] managed to compile a RISC-V emulator (TinyEMU) into JavaScript using an old version of Emscripten targeting asm.js instead of WebAssembly. The emulator, embedded within the PDF, interfaces with virtual input through a keyboard and text box.”
(via Fuzzix)
Tags: via:fuzzix linux pdf hacks emulation javascript emscripten tinyemu
Undergraduate Upends a 40-Year-Old Data Science Conjecture
This is a great story; bonus that it’s a notable improvement for the humble hash-table data structure:
Krapivin was not held back by the conventional wisdom for the simple reason that he was unaware of it. “I did this without knowing about Yao’s conjecture,” he said. His explorations with tiny pointers led to a new kind of hash table — one that did not rely on uniform probing. And for this new hash table, the time required for worst-case queries and insertions is proportional to (log x)^2 — far faster than x. This result directly contradicted Yao’s conjecture. Farach-Colton and Kuszmaul helped Krapivin show that (log x)^2 is the optimal, unbeatable bound for the popular class of hash tables Yao had written about.
Paper here — https://arxiv.org/abs/2501.02305 .
Tags: data-structures hash-tables cs programming coding papers optimization open-addressing
-
This is great to see:
Common Corpus is the largest open and permissible licensed text dataset, comprising 2 trillion tokens (1,998,647,168,282 tokens). It is a diverse dataset, consisting of books, newspapers, scientific articles, government and legal documents, code, and more. Common Corpus has been created by Pleias in association with several partners and contributed in-kind to Current AI initiative.
The dataset in its entirety meets the requirements of the Code of Conduct of the AI Act and goes further than the current requirements for data transparency. It aims to set a new standard of openness in AI, showing that detailed provenance at a granular document level is a realistic objective, even at the scale of 2 trillion tokens.
Tags: ai llms open-data open-source pleias common-corpus corpora training ai-act
Government agency removes spoon emoji from work platform amid protests
lol. “On Wednesday, employees at the Technology Transformation Services division of the [U.S. government’s General Services Administration] reportedly unleashed a torrent of spoon emojis in the chat that accompanied an organization-wide, 600-person video conference with new leader Thomas Shedd, a former Tesla engineer.” … Workers embraced the digital cutlery to protest the Trump administration’s “Fork in the Road” resignation offer.”
-
This is very interesting, on the applicability and usefulness of generative AI, given their inherent error rate and probabilistic operation:
Asking if an LLM can do very specific and precise information retrieval might be like asking if an Apple II can match the uptime of a mainframe, or asking if you can build Photoshop inside Netscape. No, they can’t really do that, but that’s not the point and doesn’t mean they’re useless. They do something else, and that ‘something else’ matters more and pulls in all of the investment, innovation and company creation. Maybe, 20 years later, they can do the old thing too – maybe you can run a bank on PCs and build graphics software in a browser, eventually – but that’s not what matters at the beginning. They unlock something else.
What is that ‘something else’ for generative AI, though? How do you think conceptually about places where that error rate is a feature, not a bug?
(Via James Tindall)
Tags: errors probabilistic computing ai genai llms via:james-tindall
-
The UK’s new Online Safety Act law is extremely vague, extremely punitive, and has Fediverse operators Woof.group very worried —
Ofcom carefully avoided answering almost all of our questions. They declined to say whether ~185 users was a “significant number”. Several other participants in Ofcom’s livestreams also asked what a significant number meant. Every time, Ofcom responded obliquely: there are no numeric thresholds, a significant number could be “small”, Ofcom could target “a one-man band”, and providers are expected to have a robust justification for deciding they do not have a significant number of UK users. It is unclear how anyone could make a robust justification given this nebulous guidance. In their letter, Ofcom also declined to say whether non-commercial services have target markets, or whether pornography poses a “material risk of significant harm”. In short, we have no answer as to whether Woof.group or other Fediverse instances are likely to fall in scope of the OSA.
Do we block pre-emptively, or if and when Ofcom asks? This is the ethical question Woof.group’s team, like other community forums, have been wrestling with. Ofcom would certainly like sites to take action immediately. As Hoskings warned:
“Don’t wait until it’s too late. That’s the message. Once you do get the breach letter, that is when it is too late. The time doesn’t start ticking from then. The time is ticking from—for part five services, from January, part three from July.”
Tags: woof.group fediverse mastodon social-media uk osa laws ofcom porn blocking
Building Materials Price Tracker
Graphs tracking the cost of building materials in Ireland; turns out these are a prime driver of construction costs here, so this is good info to have when planning construction work…
Tags: building-materials construction costs ireland prices building
Apple Ordered by UK to Create Global iCloud Encryption Backdoor
The British government has secretly demanded that Apple give it blanket access to all encrypted user content uploaded to the cloud, reports The Washington Post.
The spying order came by way of a “technical capability notice,” a document sent to Apple by the Home Secretary, ordering it to provide access under the sweeping UK Investigatory Powers Act (IPA) of 2016. Critics have labeled the legislation the “Snooper’s Charter,” as it authorizes law enforcement to compel assistance from companies when needed to collect evidence.
Apple is likely to stop offering encrypted storage in the UK, rather than break the security promises it made to its users, people familiar with the matter told the publication. However, that would not affect the UK order for backdoor access to the service in other countries, including the United States. Apple has previously said it would consider pulling services such as FaceTime and iMessage from the UK rather than compromise future security.
(via gwire)
Tags: via:gwire apple encryption backups cloud ipa surveillance icloud backdoors security infosec
Within Bounds: Limiting AI’s environmental impact
A joint statement issued by the Green Screen Coalition, the Green Web Foundation, Beyond Fossil Fuels, Aspiration, and the critical infrastructure lab, regarding AI’s impact on climate change:
To meet the challenge of climate change, environmental degradation, pollution and biodiversity loss, and its attendant injustices, we urge policymakers, industry leaders and all stakeholders to acknowledge the true environmental costs of AI, to phase out fossil fuels throughout the technology supply chain, to reject false solutions, and to dedicate all necessary means to bring AI systems in line with planetary boundaries. Meeting these demands is an essential step to ensure that AI is not driving further planetary degradation and could instead support a sustainable and equitable transition.
Their demands are:
- I. PHASE OUT FOSSIL FUELS
- II. COMPUTING WITHIN LIMITS
- III. RESPONSIBLE SUPPLY CHAINS
- IV. EQUITABLE PARTICIPATION
- V. TRANSPARENCY
Tags: via:climateaction climate climate-change ai fossil-fuels sustainability
-
“Live Search / ELK on the Lake”:
Same ELK tools, but the scalability, cost effectiveness & durability of the lake, powered by ChaosSearch.
Recommended for log search by Corey Quinn, pricing looks reasonable too.
Tags: search elk kibana chaossearch logs data-lake ops via:cquinn
-
via Ben Schaechter: “a new microsite we’ve launched for the AWS community that helps with understanding billing codes present in either Cost Explorer or the CUR. We profiled the number of distinct billing codes across our customer base and have about ~60k unique billing codes. We hear all the time that FinOps practitioners and engineers are confused about the billing codes present in Cost Explorer or the Cost and Usage Report. Think of these as being things like “Requests-Tier1” for S3 or “CW:GMWI-Metrics” for CloudWatch. There is usually really limited resources for determining what these billing codes are even when you Google around for them.”