Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
bolha.us is one of the many independent Mastodon servers you can use to participate in the fediverse.
We're a Brazilian IT Community. We love IT/DevOps/Cloud, but we also love to talk about life, the universe, and more. | Nós somos uma comunidade de TI Brasileira, gostamos de Dev/DevOps/Cloud e mais!

Administered by:

Server stats:

252
active users

bolha.us: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.6

#Cloud

65 posts53 participants5 posts today
Public
BuySellRam.com

Five Big Questions for HPC-AI in 2025

hpcwire.com/2025/01/28/five-bi

How big can the AI market get?
Will Hyperscale Completely Take Over Enterprise Computing?
What Effect Will the New U.S. Administration Have on HPC-AI?
Can Anyone Challenge Nvidia?
What About Good Old HPC?
The article highlights the evolving dynamics between High-Performance Computing (HPC) and AI. While AI is increasingly integrated into HPC tasks, such as ...

#HPC#Nvidia#Cloud
Public
Paco Hope #resist

Some of my colleagues at #AWS have created an open-source serverless #AI assisted #threatmodel solution. You upload architecture diagrams to it, and it uses Claude Sonnet via Amazon Bedrock to analyze it.

I'm not too impressed with the threats it comes up with. But I am very impressed with the amount of typing it saves. Given nothing more than a picture and about 2 minutes of computation, it spits out a very good list of what is depicted in the diagram and the flows between them. To the extent that the diagram is accurate/well-labeled, this solution seems to do a very good job writing out what is depicted.

I deployed this "Threat Designer" app. Then I took the architecture image from this blog post and dropped that picture into it. The image analysis produced some of the list of things you see attached.

This is a specialized, context-aware kind of OCR. I was impressed at boundaries, flows, and assets pulled from a graphic. Could save a lot of typing time. I was not impressed with the threats it identifies. Having said that, it did identify a handful of things I hadn't thought of before, like EventBridge event injection. But the majority of the threats are low value.

I suspect this app is not cheap to run. So caveat deployor.
#cloud #cloudsecurity #appsec #threatmodeling

A typical AWS serverless architecture from the blog that I linked to. It shows a very large box representing an AWS account, and bunch of smaller boxes containing icons, with each box representing a capability (like file upload, users and authentication, etc). Inside each of those boxes are some icons representing services, like Lambda, IAM, Cognito, S3, etc.
An screen capture of a list of things in a web browser. The table header is labeled "Flows" and it lists flows like the following: End users authenticate through web browsers or mobile devices via Amplify and CloudFront to Cognito User Pools, potentially using External Identity Provider integration. Source: End Users, Target: Cognito User Pools Authenticated users make API requests through CloudFront and API Gateway to access backend services. Source: End Users. Target: API Gateway API Gateway routes authenticated requests to appropriate Lambda functions for processing. Source: API Gateway. Target: Lambda Functions
An screen capture of a list of things in a web browser. The table header is labeled "Assets" and it lists things like the following: End Users: Users that access the application through web browsers or mobile devices, interacting with the frontend interfaces External Identity Provider: Third-party authentication service integrated with Cognito for user authentication and authorization API Gateway: Manages all API requests, acts as the primary entry point for backend services, controls access to Lambda functions and business logic
A screenshot of a table in a web page. The header is labeled "Trust Boundary" and it contains items like: Public-to-private network boundary separating internet users from AWS cloud resources. Source: End Users. Target: CloudFront Distribution Authentication boundary validating user identity before allowing access to backend resources. Source: End Users. Target: Cognito User Pools External authentication service integration boundary. Source: Cognito User Pools. Target: External Identity Provider
#ai#threatmodel
Public
Helma

"De ambitie om van #Microsoft af te komen mag wel wat concreter worden gemaakt. Waar blijft het meerjarige stappenplan om een vervanger te implementeren en de contracten op te kunnen zeggen?" aldus Hans de Zwart, voormalig directeur van @bitsoffreedom, nu met lang haar 🤨

Hear hear! We hebben een exitstrategie (en een noodscenario) nodig.
#Cloud #Security #Privacy #DigitaleSoevereiniteit

parool.nl/columns-opinie/opini

Het Parool · Opinie: ‘Goed dat Amsterdam uit de Microsoftcloud wil stappen – maar dóé het dan ook’Dat wethouder Scholtes pleit voor digitale onafhankelijkheid van Amerikaanse techbedrijven, juicht Hans de Zwart toe. Maar de noodzaak hiervan is eigenlijk al jaren bekend, benadrukt hij. Nu moet Amsterdam ook echt actie ondernemen.
Public
IT News

Microsoft Announces 'Hyperlight Wasm': Speedy VM-Based Security at Scale with a WebAssembly Runtime - Cloud providers like the security of running things in virtual machines "at scale"... - developers.slashdot.org/story/ #cloud

developers.slashdot.orgMicrosoft Announces 'Hyperlight Wasm': Speedy VM-Based Security at Scale with a WebAssembly Runtime - SlashdotCloud providers like the security of running things in virtual machines "at scale" — even though VMs "are not known for having fast cold starts or a small footprint..." noted Microsoft's Open Source blog last November. So Microsoft's Azure Core Upstream team built an open source Rust library c...
Public *
Horst Thieme

Max Schrems in der Süddeutsche Zeitung stabil: „Wir haben in Europa passendes Recht, aber wir haben fast null Durchsetzung. US-Unternehmen sind drauf spezialisiert, aggressiv das Recht nicht einzuhalten, solange es keine Konsequenzen gibt.“

Sein Tipp: mehr Selbstbewusstsein und @european_alternatives (und es sollte auch @switchingsoftware genannt werden).

sueddeutsche.de/kultur/max-sch
#DigitaleSouveränität #Cloud

Süddeutsche Zeitung · Europas Abhängigkeit von US-Clouds – Interview mit Datenschützer Max SchremsBy Andrian Kreye
ExploreLive feeds
About