Posted by msmash from Slashdot
From the oops department: Maciej Pocwierz, a senior software engineer Semantive, writing on Medium: A few weeks ago, I began working on the PoC of a document indexing system for my client. I created a single S3 bucket in the eu-west-1 region and uploaded some files there for testing. Two days later, I checked my AWS billing page, primarily to make sure that what I was doing was well within the free-tier limits. Apparently, it wasn't. My bill was over $1,300, with the billing console showing nearly 100,000,000 S3 PUT requests executed within just one day! By default, AWS doesn't log requests executed against your S3 buckets. However, such logs can be enabled using AWS CloudTrail or S3 Server Access Logging. After enabling CloudTrail logs, I immediately observed thousands of write requests originating from multiple accounts or entirely outside of AWS.
Was it some kind of DDoS-like attack against my account? Against AWS? As it turns out, one of the popular open-source tools had a default configuration to store their backups in S3. And, as a placeholder for a bucket name, they used... the same name that I used for my bucket. This meant that every deployment of this tool with default configuration values attempted to store its backups in my S3 bucket! So, a horde of misconfigured systems is attempting to store their data in my private S3 bucket. But why should I be the one paying for this mistake? Here's why: S3 charges you for unauthorized incoming requests. This was confirmed in my exchange with AWS support. As they wrote: "Yes, S3 charges for unauthorized requests (4xx) as well[1]. That's expected behavior." So, if I were to open my terminal now and type: aws s3 cp ./file.txt s3://your-bucket-name/random_key. I would receive an AccessDenied error, but you would be the one to pay for that request. And I don't even need an AWS account to do so.
< This article continues on their website >
Posted by msmash from Slashdot
From the how-about-that department: The Biden administration on Tuesday released rules designed to speed up permits for clean energy while requiring federal agencies to more heavily weigh damaging effects on the climate and on low-income communities before approving projects like highways and oil wells. From a report: As part of a deal to raise the country's debt limit last year, Congress required changes to the National Environmental Policy Act, a 54-year-old bedrock law that requires the government to consider environmental effects and to seek public input before approving any project that necessitates federal permits. That bipartisan debt ceiling legislation included reforms to the environmental law designed to streamline the approval process for major construction projects, such as oil pipelines, highways and power lines for wind- and solar-generated electricity. The rules released Tuesday, by the White House Council on Environmental Quality, are intended to guide federal agencies in putting the reforms in place.
But they also lay out additional requirements created to prioritize projects with strong environmental benefits, while adding layers of review for projects that could harm the climate or their surrounding communities. "These reforms will deliver smarter decisions, quicker permitting, and projects that are built better and faster," said Brenda Mallory, chair of the council. "As we accelerate our clean energy future, we are also protecting communities from pollution and environmental harms that can result from poor planning and decision making while making sure we build projects in the right places."
Posted by from MMO Champion
Developer Thoughts - Plunderstorm Game Mode and Feedback
Lead Software Engineer
Orlando Salvatore has shared his thoughts on the Plunderstorm Battle Royale Game Mode and community feedback.
Originally Posted by Orlando Salvatore
Thank you for playing Plunderstorm. Feedback was heard, Plunderlords have risen, fire whirls were nerfed, tournaments were conducted, W’s were shared. We tried something new with this, and it’s been a hell of a ride.
Working on and releasing Plunderstorm has been a dream come true. Starting from an early prototype, to not knowing exactly how a BR would work, to changing how healing worked in the mode about a million times before it launched, a lot of challenges that we needed to overcome.
The energy that our peers brought to Plunderstorm while it was in development was next level. We got so many great ideas and things changed around because of our internal playtests. Every discipline brought in their passion, from QA, to the design, to the music, to the engineering, to the art, to marketing, to many more involved. There was no shortage of good ideas thrown around.
The team working on Plunderstorm day to day was relentless, driven, and clearly cared about delivering a fun, quality experience. We had many discussions about what else we could do to juice up the game mode.
Plunderstorm’s point of entry was an important one for us. Though some may have been disappointed they couldn’t use their main characters, the low amount of clicks needed, no previous content clearing required and Dragonflight not being required was an important goal of ours. We wanted anyone, no matter who you are or what experience you have, to be able to load into a Plunderstorm match. No leveling needed, nothing. Just jump straight in and start playing.
< This article continues on their website >
Posted by msmash from Slashdot
From the justice-served department: One of Europe's most wanted cyber criminals has been jailed for attempting to blackmail 33,000 people whose confidential therapy notes he stole. From a report: Julius Kivimaki obtained them after breaking into the databases of Finland's largest psychotherapy company, Vastaamo. After his attempt to extort the company failed, he emailed patients directly, threatening to reveal what they had told their therapists. At least one suicide has been linked to the case, which has shocked the country.
Kivimaki has been sentenced to six years and three months in prison. In terms of the number of victims, his trial was the biggest criminal case in Finnish history. One of them gave their reaction to the BBC. "The main thing is that this absolutely empathy-lacking, ruthless criminal gets a prison sentence," said Tiina Parrika. "After this there rise thoughts about how short the conviction is, when reflected against the number of victims," she added. "But, that's the Finnish law and I must accept that."
Posted by msmash from Slashdot
From the how-about-that department: theodp writes: Reports of the death of Bill Gates' influence at Microsoft have been greatly exaggerated: "Publicly, [Bill] Gates has been almost entirely out of the picture at Microsoft since 2021, following allegations that he had behaved inappropriately toward female employees. In fact, Business Insider has learned, Gates has been quietly orchestrating much of Microsoft's AI revolution from behind the scenes. Current and former executives say Gates remains intimately involved in the company's operations -- advising on strategy, reviewing products, recruiting high-level executives, and nurturing Microsoft's crucial relationship with Sam Altman, the cofounder and CEO of OpenAI.
In early 2023, when Microsoft debuted a version of its search engine Bing turbocharged by the same technology as ChatGPT, throwing down the gauntlet against competitors like Google, Gates, executives said, was pivotal in setting the plan in motion. While Nadella might be the public face of the company's AI success [...] Gates has been the man behind the curtain."[...] "Today, Gates remains close with Altman, who visits his home a few times a year, and OpenAI seeks his counsel on developments. There's a 'tight coupling' between Gates and OpenAI, a person familiar with the relationship said. 'Sam and Bill are good friends. OpenAI takes his opinion and consult overall seriously.' OpenAI spokesperson Kayla Wood confirmed OpenAI continues to meet with Gates."
Posted by Tony_Bacala from TFW2005
The Prime reissues continue with a new run of Transformers Masterpiece MPM-12 Optimus Prime. The MP version of the Bumblebee Movie design is now available again at select retailers. Retail is $120 USD with a ship date in August 2024. Read on for pics and details, hit our sponsors to snag yours! Transformers Movie Masterpiece Series MPM-12 Optimus Prime
TFSource,
Entertainment Earth,
Big Bad Toy Store,
Robot Kingdom,
The Chosen Prime,
Ages Three and Up Check the previous PRIME Reissues here:
» Continue Reading. The post
Hot Pre-Order Alert – Optimus Prime Masterpiece MPM-12 Bumblebee Movie appeared first on
Transformer World 2005 - TFW2005.COM.