HakTip 153 – Linux Terminal 201: Networking Commands You Should Know Pt 2!

Part two! Learn many networking commands you need to know to get started in Linux!

Shop: http://www.hakshop.com
Support: http://www.patreon.com/threatwire
Subscribe: http://www.youtube.com/hak5
Our Site: http://www.hak5.org
Contact Us: http://www.twitter.com/hak5
Threat Wire RSS: https://shannonmorse.podbean.com/feed/
Threat Wire iTunes: https://itunes.apple.com/us/podcast/threat-wire/id1197048999
Help us with Translations! http://www.youtube.com/timedtext_cs_panel?tab=2&c=UC3s0BtrBJpwNDaflRSoiieQ


Source: Security news

Source: Zologic

A tale of three Raspberry Jams

In today’s post, I’m going to share the tales of three Jams: how and why they got started.

Norwich Raspberry Jam

Norwich is a place where I’ve always hoped there would be a Jam. It’s a tech city in the East of England and there’s plenty going on there, but so far no one has been running a Jam. I met Archie Roques at the Jam I run at Pi Towers, and was thrilled to discover that he was planning to set one up with Claire Riseborough.

I wanted to start the Norwich Jam for a few reasons. Firstly because I really love visiting other Jams (CamJam and Pi Towers Jam) and wanted something closer to home. Also because there’s a great tech community in Norwich, so we want to use that to help encourage more young people into tech and digital making. As one of the founders of the Young Makers’ Tech Club, I’ve seen how much tech potential Norfolk’s young people have. It would be great to have a place where we can have more of them getting involved, and somewhere where those who are interested can learn more skills and show them off to others.

I had the idea brewing in my mind for a while. I visited a few Jams and Pi Parties, and started by helping out at the Pi Towers Jam to get a feel of what running a Jam involves. Then Sarah, who works in education at the Forum (a big public building in Norwich, which amongst other things houses the main library and does lots of tech stuff) got in touch, as she’d heard about the idea and wanted to have a Jam as part of their Norwich Gaming Festival. We got a few other people on board and it’s been all go from there!

Finding a venue can be tricky, but sometimes you find the  perfect place, with a vested interest in running a community interest event, especially if it’s for young people. And you never know, they might lend a hand with organising it, too.

The Forum has been really helpful in getting us a venue. They couldn’t host the Jam themselves as they’ve got other events on that week, but they booked us another venue, the fantastic OPEN Norwich.

The Forum has also helped with the organisation – they are overseeing the ticketing, and helping to promote the event (which is good, as they have 33,000 more Twitter followers than I do!). They also are helping with some of the less exciting stuff like insurance and safeguarding, and organising some events for schools and educators to go alongside the Jam, which is great. Claire Riseborough, who has founded a social enterprise with the aim of helping kids to reach their tech potential, has also been instrumental in getting people in the tech community on board and getting the word out. Lots of other people have helped in their fields of expertise, which is great!

I asked Archie how he planned the Jam’s activities, and how he decided what to put on.

We knew that we wanted to have some talks, stalls, vendors and workshops: when we’d been to events like the Pi Party, those were the bits we liked best. We did a quick social media call for volunteers and we’ve had a pretty good response (though there’s always room for one more!).  We’ve got a nice selection of talks and workshops, and we aim to have some more informal general activities for people who don’t want to do anything too formal. The most important thing for us is having as many awesome people there as possible, whether they are visitors or volunteers.

I’d really like to see the Jam continue, probably on a quarterly basis, as there are lots of other more frequent tech events in Norwich. The Norwich Science Festival is coming up in the Autumn, so it’s possible that a science-themed Jam will be on the cards for then!

The first Norwich Jam takes place on 27 May. Tickets are free from Eventbrite. Maybe I’ll see you there?

Raspberry Jam Berlin

James Mitchell is a Scotsman living in Berlin. I first met him when I gave a Raspberry Pi talk in a furniture showroom, and somehow that led him to start a local Jam.

After owning a Raspberry Pi for a few months I started to search for tips, tricks and tutorials online. I then started to notice Raspberry Jams being set up all over the UK. We didn’t have these events in Berlin, so I decided to start a Jam of my own. Thankfully I had loads of support from Jam leaders and even got the chance to meet Ben Nuttall when he visited Berlin shortly before he joined the Foundation. He was a great inspiration!

After getting started with the Jam, lots of things started to fall into place. I started to build a lot more projects, mainly using the Camera Module. I have a little obsession with photography, and I am particularly fond of time-lapse. My kids also started to get involved with the Raspberry Pi. They are still a little young yet but I love that they stay enthusiastic.

James felt that he was missing out on the Raspberry Pi community vibe.

It really was the lack of events in and around Berlin that got the Jam going. I wanted to attend one of the UK Jams, as it seemed full of like-minded people willing to help each other and learn new things – something we sorely lacked here.

I did later manage to attend the Raspberry Pi Birthday Party in Cambridge. While the event was considerably larger than most Jams I had heard about, it was totally amazing to meet the community. It reinforced the sense of belonging I had been looking for.

I held the first Raspberry Jam Berlin in a co-working office that offers their space at weekends for free if you don’t charge for tickets. I had some Pis set up with various add-on boards and we also gave a few talks about the Raspberry Pi.

My favourite thing about the Raspberry Jam is meeting different people and seeing those projects that are getting pushed beyond my own understanding, but also being able to help new people get interested in the Raspberry Pi. It’s very satisfying to know someone has left the Jam inspired!

I asked James what advice he would have for someone setting up a Jam in their area.

Start small, and have a clear outline of what you want from your Jam. Invite a few friends and maybe the local school’s computing teacher. Find your like-minded corner of the community, and with their help expand if you want.

Don’t be intimidated by the size of other Jams. They come in all shapes and sizes and some can be really large. Just keep in mind you are in it to have fun!

You never know how many people will show up to a Jam. Will it be too many, or too few? Here’s James’ take on the dilemma:

It can get a little stressful when you have low numbers, but the key is to ignore the numbers and just enjoy the moment. If one person shows up and they walk away inspired, it’s a job well done.

Wimbledon Raspberry Jam

Cat Lamin went to Picademy in July 2014. She got really excited about the teaching possibilities of the Raspberry Pi, but didn’t know where to start, so she reached out to the community to create local networks for teachers to share their skills. She started a Coding Evening in Twickenham, and helped organise the Wimbledon Raspberry Jam.

Albert Hickey, who organises the Egham Jam, approached me to see if I was interested in helping him run the Jam in Wimbledon. He had been offered a venue and wanted me to be involved from the start. Wimbledon is close to the school I taught in and I knew this would be an excellent opportunity to give some of the children from school the chance to help develop their passions. What I really enjoyed about the Jam was seeing all of the families there. Several parents asked if we could let their children’s schools know about the next one because they were keen to bring more families down!

I was really lucky with Wimbledon Jam, as loads of helpful people were really keen to offer up their time as volunteers. If I’m honest, I took over a little bit, but Albert seemed quite happy to let me handle the actual event while he dealt with the venue. By the end of it, I felt that we had been the perfect team. While Albert negotiated the space, I took on the role of organising the timetable of events. I had to figure out timings for workshops and who was available to run them. We were really lucky that so many people offered their help almost straight away, and it was great having Ben along as a representative from the Raspberry Pi Foundation. It added a sort of official stamp of approval to the day.

I really like having workshops, talks and show-and-tells going on, and we were really lucky that loads of people were interested in doing everything. One of my highlights from the day was watching the Mums creep over to Whack-a-Pi and sneak a go while their children were taking part in workshops – it was very funny!

Cat and Albert have run three Jams at Wimbledon library now. It’s great to see it continue on from the initial event I attended.

Why do people run Jams?

People run Jams for many reasons. I started the Manchester Jam so that I would have a group of people to learn about Raspberry Pi with, and it ended up benefiting hundreds of other people. While organising an event can be a lot of work, it is good fun. It all seems worth it in the end when you see how you can positively affect people you’d never otherwise have met. Here are some more insights from other Jam makers:

Read more in this excerpt from the Guidebook.

If you want to run a Jam, wherever you are, just remember that all these people were once where you are now. If they can do it, you can do it. Find some helpers, share ideas, make arrangements for your first event, and have fun. Be sure to check out the Raspberry Jam Guidebook for tips from other Jam makers, and lots of practical information on organising an event.

There are plenty of Jams coming up in the next month, including Oklahoma, Bogotá, Virginia and Melbourne, as well as lots in the UK, from Egham to Blackpool, Huddersfield to Belfast. Check out the Jam calendar for more.

I’ll be back next month with another Jam round-up, so if you have a Jam story to share, please get in touch! Email ben@raspberrypi.org. I really want to hear about all your experiences.

The post A tale of three Raspberry Jams appeared first on Raspberry Pi.

Source: RaspberryPi – IOT Anonimo

Source: Privacy Online

Source: Zologic

TekThing 122 – Cheap Dell Gaming Monitor! Star Trek Bridge Crew VR Review, Two Factor Authentication For Windows!

Cheap Dell Gaming Monitor Packs FreeSync! Star Trek Bridge Crew VR Review, Two Factor Authentication For Windows!
02:57 3 New Dell Monitors!
We love Dell’s U3415W UltraSharp curved monitor, but it’s not cheap. We review the new 1080p Dell S Family Dell 23 and Dell 27 monitors, which pack great screens and AMD FreeSync at incredibly low prices. Want something higher resolution, that packs a ton of style? Check out Dell’s 27 Ultrathin Monitor… there’s just one thing we’d change about it!

12:11 Star Trek Bridge Crew VR
Last week Shannon played Star Trek Bridge Crew VR with the Nvidia GeForce channel team at Ubisoft’s studio in San Francisco… watch the video for a review of the game, the VR experience, and some sweet game footage!!!

22:02 HyperX Pulsefire FPS Gaming Mouse
Patrick’s been using a HyperX Alloy FPS Keyboard since it launched, so when Kingston asked if we wanted to check out the new HyperX Pulsefire FPS Gaming Mouse, we were curious. Watch the video for the full review!

24:44 Power Practical Luminoodle
The Luminoodle was built to add bias lighting to TVs and monitors… but, really, the best app for this five foot long string of USB powered LED Lights might be camping!

Dekoni Audio Earpads
The pads on your headphones wear out over time… or, say, in the case of some headphones, they kinda sucked straight from the factory. We bought Dekoni’s pads for the T50RP (they make ’em for Sony’s MDR 7506 and tons more), and discuss what they do for comfort, audio quality, and more in the video!

26:17 Two Factor Authentication For Windows
DJ writes, “You keep talking about two factor authentication. I’m looking for a two factor authentication app that functions on IOS and the PC ( w/o using Chrome on the PC ).” We’ve got two apps you can run on Windows (Authy is free, 1Password isn’t) , and discuss why that might not be the most secure option in the video!

28:21 Do Something Analog
Like James, who did an “Analog Trip to Ireland” and writes, “My wife and I went there for our 10th anniversary and it was amazing.” We’ve got some amazing photos from their trip in the video!
Thank You Patrons! Without your support via patreon.com/tekthing, we wouldn’t be able to make the show for you every week!
Amazon Associates: http://amzn.to/2gm9Egf
Subscribe: https://www.youtube.com/c/tekthing
Website: http://www.tekthing.com
RSS: http://feeds.feedburner.com/tekthing
HakShop: https://hakshop.myshopify.com/
Twitter: https://twitter.com/tekthing
Facebook: https://www.facebook.com/TekThing
Reddit: https://www.reddit.com/r/tekthingers

Source: Security news

Source: Zologic

The “Right to Be Forgotten” and National Laws Under the GDPR


United States

The EU’s new General Data Protection Regulation (GDPR) will come into effect in the spring of 2018, bringing with it a newly codified version of the “Right to Be Forgotten” (RTBF).  Depending how the new law is interpreted, this right could prove broader than the “right to be de-listed” established in 2014’s Google Spain case.  It could put even more decisions about the balance between privacy and free expression in the hands of private Internet platforms like Google. National lawmakers have an opportunity to shape the platforms’ processes, and to ensure that both privacy and expression rights get a fairer hearing.

The GDPR’s “erasure” provision says that data controllers can reject some RTBF claims if necessary to protect expression and information rights. (Art. 17.3) Individual EU Member States are responsible for fleshing out this exception, providing national laws to reconcile the GDPR with free expression and information rights. (Art. 85) They can also adopt legislation about the specific RTBF articles in order to protect both data subjects and “the rights and freedoms of others.” (Art. 23.1(i)) Any such adjustments in national law must be necessary and proportionate, in accordance with fundamental rights defined in the EU Charter and European Convention.

RTBF laws primarily affect two fundamental rights: the data subject’s right to privacy, and other people’s rights to seek and impart information. National laws define the scope of information rights, and help determine which interest should prevail for any given RTBF request. Those laws can also protect procedural fairness when RTBF claims conflict with the interests of publishers and ordinary Internet users. Without adequate procedural protections, these Internet users will almost certainly find their online expression erased or de-listed in more cases than the GDPR’s drafters or national legislators intended.

National laws addressing this and other aspects of the GDPR are being drafted now. (If you read this by May 10, 2017, you can respond to the UK’s Call for Views on its legislation.) Lawmakers should take this opportunity to protect citizens’ information and expression rights under the private notice-and-takedown process for RTBF requests.

I explore the GDPR’s new RTBF rules in detail in my new article, focusing on the nuts and bolts – the operational steps that private platforms like Google are supposed to carry out when “adjudicating” RTBF requests.  Like civil or criminal procedural rules in a court, these matter a lot. Must a claimant make a particular showing of fact, or provide particular information, before a platform must honor her RTBF request? Is the affected Internet user notified or consulted? Who can appeal the platform’s decision, and under what circumstances?  Procedural questions like these can determine the real-world outcome of RTBF requests when platforms, regulators, or courts balance privacy and information rights.

Research and common sense tell us that when platforms face legal trouble for failing to remove user expression, they are likely to remove too much. Claimants consistently ask platforms to remove more information than the law requires: studies say that 38% of copyright removal requests to Google Image Search raise invalid legal claims; Google and Bing both report that over 50% of RTBF requests do as well. But as the studies show, platforms often err on the side of caution, taking down lawful or lawfully processed information. Incentives to play it safe and simply comply with RTBF requests are strong under the GDPR, which permits penalties as high as 4% of annual global turnover or €20 million.  (Art. 83) National law should account for this dynamic, putting procedural checks in place to limit over-removal by private platforms. Civil society recommendations like the Manila Principles offer a menu of options for doing just this. For example, the law can penalize people (or businesses, governments, or religious organizations) if they abuse notice-and-takedown to target other people’s lawful expression. 

The GDPR does not provide meaningful procedural barriers to over-removal. In many cases, it appears to strongly tilt the playing field in favor of honoring even dubious RTBF requests – like ones Google received from priests trying to hide sexual abuse scandals, or financial professionals who wanted their fraud convictions forgotten.

Better and more balanced GDPR interpretations are possible, but realistic avenues to make those interpretations part of accepted law are rare: individuals whose rights are affected by RTBF removals will not have the opportunity to ask DPAs or courts to clarify the law, and the platforms will generally not have the incentive to do so. That makes proactive clarification by lawmakers or regulators important, to reduce platforms’ incentives to simply erase or de-list information upon request.

This post will not try to set forth specific legislative interventions under any country’s national law, but will identify key concerns arising from the GDPR’s new RTBF provisions. Each is explored in more detail in the article.

Will Facebook and Other Social Media Platforms Have to Honor RTBF Requests?

This is a key question, with no clear answer in current law or in the GDPR (though interesting litigation on point is brewing Northern Ireland). Litigating this issue is a risky choice for platforms, because if a DPA or court decides the platform is a data controller for user generated content, the platform must take on extensive — and expensive — new legal obligations, in addition to RTBF compliance. For small or risk-averse platforms, simply complying with RTBF requests is far safer and easier.

Applying RTBF to platforms like Facebook, Dailymotion, or Twitter would be a big deal for Internet users’ expression and information rights. RTBF in its current form under Google Spain only covers search engines, and only requires “de-listing” search results – meaning that users will not see certain webpage titles, snippets, and links when they search for a data subject by name. Regulators have said that the RTBF is reconcilable with information and expression rights precisely because information is only de-listed, and not removed from the source page. But if social media or other hosts had to honor RTBF requests, much of the information they erased would not merely be harder to find – it would be truly gone. For ephemeral expression like tweets or Facebook posts, that might mean the author’s only copy is erased. The same could happen to cloud computing users or bloggers like artist Dennis Cooper, who lost 14 years of creative output when Google abruptly terminated his Blogger account.

Expanding the list of private platforms that must accept and adjudicate RTBF requests would directly affect users’ expression and information rights. But it is hard to pinpoint quite which GDPR articles speak to this issue. Is it purely a question of who counts as a controller under the GDPR’s definitions (Art. 4)? Might it be, as I have argued in other contexts, a question about the scope of objection and erasure rights (Arts. 17 and 21)? Do national expression and information rights shape a platform’s “responsibilities, powers and capabilities” under the Google Spain ruling (para. 38)? These are difficult questions. The answers will, in a very real way, affect the expression and information rights that Member State legislatures are charged with protecting.

Will Ordinary Internet Users and Publishers Have Redress if Their Expression is Wrongfully Erased or De-Listed?

The Article 29 Working Party has said that search engines generally shouldn’t tell webmasters about de-listings, and the Spanish DPA recently fined Google €150,000 for doing so.  The data protection logic here is understandable. When a data subject tells a controller to stop processing her data, it seems perverse for the controller to instead process it more by communicating with other people about it.

But excluding the publisher or speaker from the platforms’ behind-closed-doors legal decisions puts a very heavy thumb on the scales against her. It effectively means that one private individual (the person asserting a privacy right) can object to a platform’s RTBF decision and seek review, while the other private individual or publisher (asserting an expression right) cannot.  Other procedural details of the GDPR tilt the balance further. For example, a platform can reject a RTBF request that is “manifestly unfounded,” but only if the platform itself – which likely has little knowledge about or interest in the information posted by a user – assumes the burden of proof for this decision. (Art. 12.5)

This lopsided approach may be sensible for ordinary data erasure requests, outside the RTBF context. When a data subject asks a bank or online service to cancel her account, the power imbalance between the individual and the data controller may justify giving her some procedural advantages. But RTBF requests add important new rights and interests to the equation: those of other Internet users. Procedural rules should not always favor the data subject over other private individuals.

A similar imbalance occurs in the public process for reviewing platforms’ RTBF decisions. Data subjects   can “appeal” the platforms’ decisions to government institutions – DPAs – which are charged with helping them. Internet users whose expression is de-listed or erased generally have no regulators on their side. Even in courts, data subjects have clear standing to enforce their rights, while people whose expression has been erased or de-listed likely do not.

Tilting the scales so strongly in favor of one party would be harmless if private platforms decided every RTBF request correctly. Far too many public discussions about RTBF seem to turn on the idea that they will – that “Google is doing a good job.” I used to be on the inside of Google’s RTBF de-listing process, and I believe they are trying hard. But that’s not the same as always getting it right. And since DPA review only happens when a data subject wants more de-listing, there is no public correction mechanism for cases where Google actually should de-list less. Whatever we think of Google and Bing’s work in this area, we certainly should not expect similar efforts and expenditures from smaller and less wealthy platforms, if RTBF obligations are extended to them. Absent better procedural rules, we should expect over-removal.

Will All the GDPR Provisions About Personal Data Really Apply to Publicly Shared Information?

Internet platforms and data protection law have always been an odd fit.  For example, it is not clear what basis Google as a data controller has for processing “sensitive” data, such as celebrity pregnancy gossip, from indexed websites. (The CJEU will soon hear a case on this general question.) Rules governing data controllers often seem to be designed for databases and other kinds of “back-end” processing, not for the public exchange of information. But under Google Spain and in the GDPR, databases and public expression are governed by the same rules.

Under the GDPR, one odd result comes from provisions requiring controllers to tell data subjects “from which source the personal data [about them] originate” and “any available information as to their source[.]” (Arts.  14.2(f) and 15.1(g)) Applied to Google, this would seem to mean RTBF claimants can learn whatever the company knows about the webmaster whose page is targeted by the RTBF request. That could be anything from the webmaster’s communications with the company to the contents of her Gmail account. Similarly, if Twitter were deemed a controller for tweets, it seemingly would have to freely disclose the identity of anonymous speakers. Surely this was not the intention of the GDPR’s drafters. But it is hard to find grounds for other interpretations in the GDPR.

As another example, if the “accuracy of the personal data is contested by the data subject,” then the controller must restrict public access to the data “for a period enabling the controller to verify [its] accuracy.” (Art. 18.1(a)) If Twitter were a controller, for example, it might have to delete tweets on this basis – unless the platform itself could somehow prove that users’ tweets are truthful. This would seemingly displace existing defamation law, along with the notice-and-takedown rules under laws like the eCommerce Directive or the UK’s carefully calibrated 2013 Defamation Act. Then again… maybe that’s not what the GDPR means. The “restriction” requirement has an unclear exception “for the protection of the rights of another natural or legal person,” which might excuse compliance when expression or information rights are on the line.  That’s the kind of thing that lawmakers can make clear – so users are not dependent on the platforms to adopt an interpretation that protects their rights.


The examples discussed here are just a starting point. My longer article lays out more, and suggests specific legal fixes that lawmakers could adopt. For example, they could commit up front not to assess fines against platforms that, in good faith, reject RTBF requests. This could considerably ease pressures on small platforms to comply with improper requests. Options like this should be on the table as lawmakers weigh their powers and responsibilities to protect information and expression rights under the GDPR. 

Source: Cyber Law

Source: Privacy Online

Source: Zologic

Raspberry Jam round-up: April

In case you missed it: in yesterday’s post, we released our Raspberry Jam Guidebook, a new Jam branding pack and some more resources to help people set up their own Raspberry Pi community events. Today I’m sharing some insights from Jams I’ve attended recently.

Raspberry Jam round-up April 2017

Preston Raspberry Jam

The Preston Jam is one of the most long-established Jams, and it recently ran its 58th event. It has achieved this by running like clockwork: on the first Monday evening of every month, without fail, the Jam takes place. A few months ago I decided to drop in to surprise the organiser, Alan O’Donohoe. The Jam is held at the Media Innovation Studio at the University of Central Lancashire. The format is quite informal, and it’s very welcoming to newcomers. The first half of the event allows people to mingle, and beginners can get support from more seasoned makers. I noticed a number of parents who’d brought their children along to find out more about the Pi and what can be done with it. It’s a great way to find out for real what people use their Pis for, and to get pointers on how to set up and where to start.

About half way through the evening, the organisers gather everyone round to watch a few short presentations. At the Jam I attended, most of these talks were from children, which was fantastic to see: Josh gave a demo in which he connected his Raspberry Pi to an Amazon Echo using the Alexa API, Cerys talked about her Jam in Staffordshire, and Elise told everyone about the workshops she ran at MozFest. All their talks were really well presented. The Preston Jam has done very well to keep going for so long and so consistently, and to provide such great opportunities and support for young people like Josh, Cerys and Elise to develop their digital making abilities (and presentation skills). Their next event is on Monday 1 May.

Manchester Raspberry Jam and CoderDojo

I set up the Manchester Jam back in 2012, around the same time that the Preston one started. Back then, you could only buy one Pi at a time, and only a handful of people in the area owned one. We ran a fairly small event at the local tech community space, MadLab, adopting the format of similar events I’d been to, which was very hands-on and project-based – people brought along their Pis and worked on their own builds. I ran the Jam for a year before moving to Cambridge to work for the Foundation, and I asked one of the regular attendees, Jack, if he’d run it in future. I hadn’t been back until last month, when Clare and I decided to visit.

The Jam is now held at The Shed, a digital innovation space at Manchester Metropolitan University, thanks to Darren Dancey, a computer science lecturer who claims he taught me everything I know (this claim is yet to be peer-reviewed). Jack, Darren, and Raspberry Pi Foundation co-founder and Trustee Pete Lomas put on an excellent event. They have a room for workshops, and a space for people to work on their own projects. It was wonderful to see some of the attendees from the early days still going along every month, as well as lots of new faces. Some of Darren’s students ran a Minecraft Pi workshop for beginners, and I ran one using traffic lights with GPIO Zero and guizero.

The next day, we went along to Manchester CoderDojo, a monthly event for young people learning to code and make things. The Dojo is held at The Sharp Project, and thanks to the broad range of skills of the volunteers, they provide a range of different activities: Raspberry Pi, Minecraft, LittleBits, Code Club Scratch projects, video editing, game making and lots more.

Raspberry Jam round-up April 2017

Manchester CoderDojo’s next event is on Sunday 14 May. Be sure to keep an eye on mcrraspjam.org.uk for the next Jam date!

CamJam and Pi Wars

The Cambridge Raspberry Jam is a big event that runs two or three times a year, with quite a different format to the smaller monthly Jams. They have a lecture theatre for talks, a space for workshops, lots of show-and-tell, and even a collection of retailers selling Pis and accessories. It’s a very social event, and always great fun to attend.

The organisers, Mike and Tim, who wrote the foreword for the Guidebook, also run Pi Wars: the annual Raspberry Pi robotics competition. Clare and I went along to this year’s event, where we got to see teams from all over the country (and even one from New Mexico, brought by one of our Certified Educators from Picademy USA, Kerry Bruce) take part in a whole host of robotic challenges. A few of the teams I spoke to have been working on their robots at their local Jams throughout the year. If you’re interested in taking part next year, you can get a team together now and start to make a plan for your 2018 robot! Keep an eye on camjam.me and piwars.org for announcements.

PiBorg on Twitter

Ely Cathedral has surprisingly good straight line speed for a cathedral. Great job Ely Makers! #PiWars

Raspberry Jam @ Pi Towers

As well as working on supporting other Jams, I’ve also been running my own for the last few months. Held at our own offices in Cambridge, Raspberry Jam @ Pi Towers is a monthly event for people of all ages. We run workshops, show-and-tell and other practical activities. If you’re in the area, our next event is on Saturday 13 May.

Ben Nuttall on Twitter

rjam @ Pi Towers

Raspberry Jamboree

In 2013 and 2014, Alan O’Donohoe organised the Raspberry Jamboree, which took place in Manchester to mark the first and second Raspberry Pi birthdays – and it’s coming back next month, this time organised by Claire Dodd Wicher and Les Pounder. It’s primarily an unconference, so the talks are given by the attendees and arranged on the day, which is a great way to allow anyone to participate. There will also be workshops and practical sessions, so don’t miss out! Unless, like me, you’re going to the new Norwich Jam instead…

Start a Jam near you

If there’s no Jam where you live, you can start your own! Download a copy of the brand new Raspberry Jam Guidebook for tips on how to get started. It’s not as hard as you’d think! And we’re on hand if you need any help.

Raspberry Jam round-up April 2017

Visiting Jams and hearing from Jam organisers are great ways for us to find out how we can best support our wonderful community. If you run a Jam and you’d like to tell us about what you do, or share your success stories, please don’t hesitate to get in touch. Email me at ben@raspberrypi.org, and we’ll try to feature your stories on the blog in future.

The post Raspberry Jam round-up: April appeared first on Raspberry Pi.

Source: RaspberryPi – IOT Anonimo

Source: Privacy Online

Source: Zologic

The key to a secured cloud for businesses: the Practice project

Cloud storage may have been available for a while, but successful attacks on major providers have made companies wary of the consequences of entrusting it with their most sensitive data. Thanks to a secure framework developed under the EU-funded PRACTICE project, these companies won’t have to rely on cloud providers anymore to keep their data whole and confidential.
Source: Cybersecurity and digital privacy newsletter

Source: Privacy Online

Source: Zologic

Data Privacy in a World of Outsourced Artificial Intelligence

Artificial intelligence(AI) and deep learning can lead to powerful business insights.  Many executives are ready to harness the power of this technology but one main challenge holds them back.  Hiring technical talent for cybersecurity is hard enough in itself; hiring technical talent for AI is a much bigger challenge.

This problem was recently faced by the UK’s National Health Service(NHS).  Tremendous results have been demonstrated recently using computer vision techniques to identify specific types of illness in medical patients by looking at scans of the patient’s body.  Artificial Intelligence has a strong track record of effectively predicting medical conditions such as Cancer, Heart attacks and many other image-based diagnoses.

Medical information is particularly sensitive to medical organizations like the NHS, but it is also among the most lucrative types of PII to cybercriminals.  Many freely available AI/machine learning software packages exist such libraries as theano, torch, cntk, and tensorflow.  Despite the availability of these tools, many organizations like the NHS do not have sufficient access to experts able to run powerful machine learning tools.  Without this type of collaboration many illnesses may go unidentified and people could die.  So the NHS* decided to partner with DeepMind, a company acquired by Alphabet/Google.  The University of Cambridge and the Economist wrote an article detailing many aspects of the contract.

As a result, DeepMind gets access to 1.6 million medical records and a neat application of its technology, in addition to undisclosed funding. This data includes blood tests, medical diagnostics and historical patient records but also even more sensitive data such as HIV diagnosis and prior drug use. In the sub-discipline of machine learning called Deep Learning, the algorithms are particularly dependent on having a large data corpus.

When an organization is faced with the choice of outsourcing sensitive information to experts, what are the choices?  Any organization outsourcing information should redact all personally identifiable information such as name and personal identifiers.  This instead can be represented by a pseudonym – a unique mapping such as a hash function – where the unique identifier and the PII are held only by the trusted entity (NHS  in this case).  Furthermore, semi-sensitive information that would have value to the ML model should be abstracted.  For example, geographical location may be a powerful indicator of an illness, but the raw data could be used to reverse-engineer PII of a given patient.  In this case binning the information so a little fidelity is lost is an effective trade-off between empowering the AI’s prediction power and protecting patient confidentiality.  For example, grouping specific addresses into zip codes or counties may be a nice trade-off in this space.

The tradeoff of security and predictive power will likely be a challenging problem for data owners. AI is able to combine many weak signals and often make surprising conclusions.  In one study by CMU researchers found social security numbers were surprisingly predictable, and the AI algorithms could usually reconstruct a SSN from information such as birthdate and gender.  So being able to guarantee that AI can’t reconstruct your PII is an unsolved problem, and likely very dependent on the data.   However, best-effort strategies like those outlined above can help mitigate against most concerns.

In the future this issue may change significantly.  Recent developments in federated learning may allow for increased flexibility where keeping data on premise may become more available.  A related technology of homomorphic encryption has been in the works for far longer.  In homomorphic encryption the computations occur on encrypted data without ever having to decrypt the data, which would significantly reduce the security concern.  We are still years out of technology solving this problem directly. In the interim the promise of the AI benefits are too great for most organizations to wait.

At Anomali, we deal with sensitive information regularly, as we help many organizations around the world winnow down data from across the enterprise and focus on the applicable security threats.  We address privacy issues with on-premise deployments such as Anomali Enterprise; or by very tight access controls and data isolation like our Trusted Circles feature for sharing threat intelligence in our Threat Intelligence Platform, ThreatStream.

*The agreement was signed by the Royal Free NHS Trust, a small subordinate component of the much larger NHS. The Royal Free Trust is comprised of three hospitals in London.

Source: Honeypot Tech

Mozilla April Speaker Series: American Spies: Modern Surveillance and What We Can Do Speaker: Jennifer Granick


United States

Intelligence agencies in the U.S. (aka the American Spies) are exceedingly aggressive, pushing and sometimes bursting through the technological, legal and political boundaries of lawful surveillance.
Because surveillance law has fallen behind surveillance technology, the U.S. government has unprecedented new powers. At our April Speaker Series, Jennifer Granick will address how Cold War programs led by J. Edgar Hoover and initiatives sparked by the September 11, 2001 tragedy have led us to today’s fusion centers and mosque infiltrators. She will also show how our current state of mass surveillance is fundamentally incompatible with a healthy democracy.
A teacher, practitioner and expert in surveillance and security law, Granick will share how the reality of modern surveillance in the U.S. differs from popular understanding, and what U.S. – and global – citizens can do to minimize its negative impact both for Americans and non-Americans around the world.
Focus Area: 

Source: Cyber Law

Source: Privacy Online

Source: Zologic

Hak5 2207 – Attacked by Children – Hack Across the Planet

Attacked by children during water festival (Songkran) in Bangkok, Thailand and some Hak5 announcements. http://HackAcrossThePlanet.com

Shop: http://www.hakshop.com
Support: http://www.patreon.com/threatwire
Subscribe: http://www.youtube.com/hak5
Our Site: http://www.hak5.org
Contact Us: http://www.twitter.com/hak5
Threat Wire RSS: https://shannonmorse.podbean.com/feed/
Threat Wire iTunes: https://itunes.apple.com/us/podcast/threat-wire/id1197048999
Help us with Translations! http://www.youtube.com/timedtext_cs_panel?tab=2&c=UC3s0BtrBJpwNDaflRSoiieQ

Source: Security news

Source: Zologic

The Definitive Guide to Sharing Threat Intelligence

Threat Intelligence sharing is becoming more mainstream as ISACs and other industry sharing collectives gain popularity. As intelligence sharing becomes more popular, there are some things to consider to get the most out of it. Anomali’s new whitepaper, The Definitive Guide to Threat Intelligence Sharing explores this topic in-depth.

Like many other things, the more you put into sharing threat intelligence, the more you can potentially get out of it. It starts with choosing who to share with. Understanding what is good to share is another import aspect to consider. Most of all, collaborating with those you share with is key to improving the value for everyone involved. Adding context to what is shared, or including extra details observed from your own analysis is an important element of sharing threat intelligence.

Sharing with others in our own industry is the best place to start with sharing intelligence.  This is essentially “home” for sharing intelligence and interacting with peers around threats and defenses.  For most organizations, this is the full extent of who they share intelligence with and there is nothing wrong with that.  There are other considerations for adding additional sharing partners, however.  For one, not all attacks come over the Internet; some require a physical presence such as attacks against WIFI infrastructure.  Finding local sharing partners, potentially not in your own industry, can be important for localized intelligence sharing.  Also important is finding partners to share with outside the echo chamber of your industry or vertical.  Sharing within your industry is certainly the best place to start, but looking for organizations to share with beyond your industry as a next step is a good idea.

In addition to sharing intelligence, other considerations might be sharing defensive measures such as YARA rules, snort rules, scripts, system or application configuration tweaks, security tool configurations, and so on. The idea is to collaborate closely with other sharing partners to:

  • Improve visibility for better intelligence analysis
  • Deliver stronger defenses that are optimized against observed and perceived threats
  • Provide a useful vehicle for coordinating intelligence collection and analysis

Further thoughts on these topics as well as additional insights on threat intelligence sharing can be found in The Definitive Guide to Threat Intelligence Sharing.

The Definitive Guide to Sharing Threat Intelligence

Read It Now

Source: Honeypot Tech