Daily Archives: February 5, 2024

Orient at 45o for stronger, better looking 3D Printed Enclosures

Posted on by

When it comes to 3D printing, the orientation of your print can have a significant impact on strength, aesthetics, and functionality or ease of printing. The folks at Slant 3D have found that printing enclosures at a 45° provides an excellent balance of these properties, with some added advantages for high volume printing. The trick is to prevent the part from falling over when balance on a edge, but in the video after the break [Gabe Bentz]  demonstrate Slant 3D’s solution of minimalist custom supports.

The traditional vertical or horizontal orientations come with drawbacks like excessive post-processing and weak layer alignment. Printing at 45° reduces waste and strengthens the end product by aligning the layer lines in a way that resists splitting across common stress points. When scaling up production, this orientation comes with the added advantage of minimal bed contact area, allowing the printer to auto-eject the part by pushing it off the bed with print head.

 

To keep the part stable while printing in this orientation Slant 3D designed a fin-like support structure attached to the back of the enclosure with small sprues. This wastes significantly less time and material than auto-generated supports, and snaps away cleanly, leaving behind minimal imperfections that are easily addressed. To improve aesthetics and hide layer lines, Slant 3D also recommend adding texture to the external surfaces of enclosures. On 3D printed parts this detail costs nothing, while it would have added significant costs to injection molded parts.

We’re intrigued by this creative twist on 3D printing’s capabilities—proving once again that a simple shift in perspective (or in this case, orientation) can unlock new design potentials.

Slant 3D use FDM 3D printing for mass production [Gabe] even hosted a Hack Chat on the subject. They have come up with a number of innovative design tricks which are also useful for the hobbyist. These include improved corner brackets, robust living hinges and better alignment features for 3d printed assemblies.

Source: An Alternative Orientation For 3D Printed Enclosures | Hackaday

Criticism as Dutch domain registry plans move to Amazon cloud

Posted on by

Questions are being asked in parliament about the decision by Dutch domain registration foundation SIDN to transfer the dot nl domain and its “complete ICT services” to Amazon’s cloud services. 

SIDN says the move will make managing the technology easier but some tech entrepreneurs have doubts, and now MPs have asked the government, which supports the idea of keeping .nl on Dutch or European servers, to explain why the move has been sanctioned. 

Tech entrepreneur Bert Hubert told BNR radio he opposes the idea of shifting the domain to cloud operators in the US. “If your servers are on your own continent and under your legal surveillance, then you can also be sure that no one will mess with your data,” he said. 

The added value of keeping .nl domain names under Dutch control also means “we control it ourselves and can innovate with it ourselves… When you outsource, you always lose your knowledge,” he said. 

Simon Besteman, managing director of the Dutch Cloud Community said on social media he was shocked by SIDN’s decision. “We have been inundated with questions from the Dutch internet community and our members… who have questions about the ethical as well as compliance and moral aspects.”

SIDN says that all data will remain on European servers and that users will not notice any difference in practice. It also argues that Amazon has the extremely specialised services it needs, and that these are not available in Europe.  

It was a difficult decision to move the systems to Amazon, SIDN technology chief Loek Bakker said in a reaction to the criticism.

“Although we seek to contribute to the strategic digital autonomy of the Netherlands and Europe in numerous ways, the need to assure the permanent availability of .nl and the protection of our data was decisive in this instance. That is, after all, our primary responsibility as a registry.”

Nevertheless, he said “We will be using generic, open-source technology, so that, as soon as it becomes responsible to migrate the system to a Dutch or European cloud service provider, we can do so relatively easily.”

You can smell the nonsense here very clearly – SIDN was and should be a  highly technical company. Apparently the bean counters have taken over and kicked out all the expertise in the name of… cost cutting? Are they aware that the costs of AWS are often higher than the costs of self maintenance? But the manager gets a nice trip to the US in a private jet or something like it?

And nothing about AWS is open source – they are in fact known for taking open source projects and then forking them and then pricing them through the nose.

MPs from GroenLinks, the PvdA and D66 have now asked the government to explain why the move is being made, Hubert said.

SIDN is a foundation that has the right to exploit the .nl domain name, earning some €21 million a year in the process. More than six million .nl domains have been registered. 

Source: Criticism as Dutch domain registry plans move to Amazon cloud – DutchNews.nl

Cloudflare Hacked

Posted on by

cloudflare bad gateway error page

Web security company Cloudflare on Thursday revealed that a threat actor used stolen credentials to gain access to some of its internal systems.

The incident was discovered on November 23, nine days after the threat actor, believed to be state-sponsored, used credentials compromised in the October 2023 Okta hack to access Cloudflare’s internal wiki and bug database.

The stolen login information, an access token and three service account credentials, were not rotated following the Okta incident, allowing the attackers to probe and perform reconnaissance of Cloudflare systems starting November 14, the security firm explains.

According to Cloudflare, the attackers managed to access an AWS environment, as well as Atlassian Jira and Confluence, but network segmentation prevented them from accessing its Okta instance and the Cloudflare dashboard.

With access to the Atlassian suite, the threat actor started looking for information on the Cloudflare network, searching the wiki for “things like remote access, secret, client-secret, openconnect, cloudflared, and token”. In total, 36 Jira tickets and 202 wiki pages were accessed.

On November 16, the attackers created an Atlassian account to gain persistent access to the environment, and on November 20 returned to verify that they still had access.

On November 22, the threat actor installed the Sliver Adversary Emulation Framework, gaining persistent access to the Atlassian server, which was then used to move laterally. They attempted to access a non-production console server at a São Paulo, Brazil, data center that is not yet operational.

The attackers viewed 120 code repositories and downloaded 76 of them to the Atlassian server, but did not exfiltrate them.

“The 76 source code repositories were almost all related to how backups work, how the global network is configured and managed, how identity works at Cloudflare, remote access, and our use of Terraform and Kubernetes. A small number of the repositories contained encrypted secrets which were rotated immediately even though they were strongly encrypted themselves,” Cloudflare notes.

The attackers used a Smartsheet service account to access Cloudflare’s Atlassian suite, and the account was terminated on November 23, within 35 minutes after the unauthorized access was identified. The user account created by the attacker was found and deactivated 48 minutes later.

Cloudflare says it also put in place firewall rules to block the attackers’ known IP addresses and that the Sliver Adversary Emulation Framework was removed on November 24.

[…]

The goal of the attack, Cloudflare says, was to obtain information on the company’s infrastructure, likely to gain a deeper foothold. CrowdStrike performed a separate investigation into the incident, but discovered no evidence of additional compromise.

“We are confident that between our investigation and CrowdStrike’s, we fully understand the threat actor’s actions and that they were limited to the systems on which we saw their activity,” Cloudflare notes.

Source: Cloudflare Hacked by Suspected State-Sponsored Threat Actor  – SecurityWeek

EU countries give crucial nod to first-of-a-kind Artificial Intelligence law

Posted on by

The ambassadors of the 27 countries of the European Union unanimously approved the world’s first comprehensive rulebook for Artificial Intelligence, rubber-stamping the political agreement reached in December.

In December, EU policymakers reached a political agreement on the main sticking points of the AI Act, a flagship bill to regulate Artificial Intelligence based on its capacity to cause harm. The complexity of the law meant its technical refinement took more than one month.

On 24 January, the Belgian presidency of the Council of EU Ministers presented the final version of the text, leaked in an exclusive by Euractiv, at a technical meeting. Most member states maintained reservations at the time as they did not have enough time to analyse the text comprehensively.

These reservations were finally lifted with the adoption of the AI Act from the Committee of Permanent Representatives on Friday (2 February). However, the green light from EU ambassadors was not guaranteed since some European heavyweights resisted parts of the provisional deal until the very last days.

European Union squares the circle on the world’s first AI rulebook

After a 36-hour negotiating marathon, EU policymakers reached a political agreement on what is set to become the global benchmark for regulating Artificial Intelligence.

Powerful AI models

The primary opponent of the political agreement was France, which, together with Germany and Italy, asked for a lighter regulatory regime for powerful AI models, such as Open AI’s GPT-4, that support General Purpose AI systems like ChatGPT and Bard.

Europe’s three largest economies asked for limiting the rules in this area to codes of conduct, as they did not want to clip the wings to promising European start-ups like Mistral AI and Aleph Alpha that might challenge American companies in this space.

Read: France, Germany and Italy were deeply in the pocket of AI firm lobbyists and created a lot of time wasting opposition to good laws, allowing the big boys to gain further grounds over the little guys whilst they were themselves signing letters asking for moratoriums on dangerous world destroying AI research.

However, the European Parliament was united in asking for hard rules for these models, considering that it was unacceptable to carve out the most potent types of Artificial Intelligence from the regulation while leaving all the regulatory burden on smaller actors.

The compromise was based on a tiered approach, with horizontal transparency rules for all models and additional obligations for compelling models deemed to entail a systemic risk.

[…]

The Belgian presidency put the member states before a ‘take-it-or-leave-it’ scenario and, despite attempts from France to delay the ambassadors’ vote, kept a tight timeline -partially to allow enough time for the legal polishing of the text and partially to limit last-minute lobbying.

French back-room manoeuvring aimed at gathering sufficient opposition to obtain concessions in the text or even reject the provisional agreement.

However, the balance titled decisively against Paris as Berlin decided to support the text earlier this week. The German Digital Minister, the liberal Volker Wissing, found himself isolated in its opposition to the AI rulebook from the coalition partners and had to drop his reservations.

Italy, always the most defiladed country of the sceptical trio as it does not have a leading AI start-up to defend, also decided not to oppose the AI Act. Despite discontent with the agreement, Rome opted to avoid drama as it holds the rotating presidency of the G7, where AI is a crucial topic.

[…]

EU countries still have room to influence how the AI law will be implemented, as the Commission will have to issue around 20 acts of secondary legislation. The AI Office, which will oversee AI models, is also set to be significantly staffed with seconded national experts.

Next steps

The European Parliament’s Internal Market and Civil Liberties Committees will adopt the AI rulebook on 13 February, followed by a plenary vote provisionally scheduled for 10-11 April. The formal adoption will then be complete with endorsement at the ministerial level.

The AI Act will enter into force 20 days after publication in the official journal. The bans on the prohibited practices will start applying after six months, whereas the obligations on AI models will start after one year.

All the rest of the rules will kick in after two years, except for the classification of AI systems that have to undergo third-party conformity assessment under other EU rules as high-risk, which was delayed by one additional year.

Source: EU countries give crucial nod to first-of-a-kind Artificial Intelligence law – Euractiv

Google Search’s cache links are unfortunately being retired

Posted on by

Google has removed links to page caches from its search results page, the company’s search liaison Danny Sullivan has confirmed. “It was meant for helping people access pages when way back, you often couldn’t depend on a page loading,” Sullivan wrote on X. “These days, things have greatly improved. So, it was decided to retire it.”

The cache feature historically let you view a webpage as Google sees it, which is useful for a variety of different reasons beyond just being able to see a page that’s struggling to load. SEO professionals could use it to debug their sites or even keep tabs on competitors, and it can also be an enormously helpful news gathering tool, giving reporters the ability to see exactly what information a company has added (or removed) from a website, and a way to see details that people or companies might be trying to scrub from the web. Or, if a site is blocked in your region, Google’s cache can work as a great alternative to a VPN.

A page’s cache has typically been accessible via a couple of different routes. There was a “Cached” button that would appear at the bottom of the “About this result” panel accessible from the three button menu next to a search result. And, for those in the know, you could also append the prefix “cache:” to a URL before searching for it to hop instantly into Google’s cached version.

[…]

It doesn’t sound like Google has any immediate plans to replace the feature, but Sullivan says he hopes that Google could add links to the Internet Archive that could instead be used to show how a webpage has changed over time. “No promises,” he cautions. “We have to talk to them, see how it all might go — involves people well beyond me. But I think it would be nice all around.”

Source: Google Search’s cache links are officially being retired – The Verge

Read: this useful feature wasn’t making Google any money, so they decided to go cost cutting.