Home Blog Page 3

Apple apparently wants to allow alternative app stores in the EU from 2024

0

Apple’s App Store dominance could be a thing of the past by 2024. Because the group is apparently working on opening up its devices in order to comply with EU guidelines.

Apple only had to cope with the last setback by the European Union at the end of October. Because according to the EU decision, the iPhone group has to say goodbye to its Lightning connector.

From 2024, it should also be possible to charge Apple devices via the new EU USB-C standard. But that’s not the only change that the tech group is supposed to make due to an EU decision in 2024.

Because how Bloomberg reported, the group is working on allowing external app stores on its devices from 2024. The innovation is expected to take place with the upgrade to iOS 17.

Why does Apple want to allow alternative app stores?

For years, Apple has been repeatedly confronted with complaints from consumer advocates and competition watchdogs at various levels. The reason is Apple’s App Store, which is the only one allowed on the group’s devices.

But that should change from 2024 so that Apple can comply with “the strict requirements of the European Union” from 2024, according to the report Bloomberg.

Accordingly, employees from the areas of software engineering and services are involved in the changes. These would make changes that could allow users to download third-party apps onto their iPhones or iPads in the future.

EU regulations force the group to act

Behind this development is the Digital Markets Act, which came into force at the beginning of November. Among other things, this EU regulation aims to ensure fair competitive conditions in the digital markets.

It applies to companies with a market value of at least 75 billion euros and 45 million monthly EU users. It will be mandatory for companies from 2024.

By opening up the devices, third-party providers will also be able to gain access to the hotly contested app market in the future.

Similar to the decision on chargers with a USB-C connection, consumer protection is also a priority. Because the opening of the app stores should make digital life easier for users.

Apple’s business with the App Store

The App Store is a lucrative business for the tech group. This is not least due to the high commission that the company charges there. This amounts to between 15 and 30 percent of the income.

Overall, the App Store is loud Bloomberg around six percent of total sales at Apple. According to Bloomberg analysts, Europe is likely to account for less than two percent.

In view of the high penalties that threaten non-compliance with the EU requirement, the group should be able to cope with this. Because if companies do not comply with the EU rules, fines of up to 20 percent of their worldwide annual turnover may be due. For Apple, that would be around $80 billion.

Also interesting:

Source: https://www.basicthinking.de/blog/2022/12/14/apple-externe-app-stores/

Only for research, but not in practice?

0

Researchers in the USA have apparently achieved a breakthrough in nuclear fusion. According to the US Department of Energy, the fusion of atomic nuclei was the first to produce more energy than was consumed. It’s considered a “milestone for the future of clean energy,” but it’s not a quick fix to our energy problems.

What is nuclear fusion?

Nuclear fusion is considered a potential energy source of the future. Because the fusion of atomic nuclei can release enormous amounts of energy. Compared to nuclear fission, no radioactive waste is produced, which makes the technology comparatively safe.

The fusion process also occurs in nature, inside stars and the Sun. Numerous chemical elements are in turn based on the fusion of hydrogen atomic nuclei.

Since nuclear fusion is primarily considered a clean, safe and renewable source of energy, researchers have been trying to harness fusion energy on earth for decades. Now a research team from the USA has apparently made a breakthrough.

How does nuclear fusion work?

The reactions of nuclear fusion take place in a hot gas – also called plasma. This plasma in turn consists of freely moving electrons and positive ions and has temperatures of up to several million degrees Celsius.

These temperatures allow nuclei to break through their natural electrical repulsion so that attraction from other nuclei dominates. If two atomic nuclei are in close proximity to each other, they can fuse.

USA achieve breakthrough in nuclear fusion

Meanwhile, on Earth, the two hydrogen isotopes deuterium and tritium are best suited for a fusion process. When the two atomic nuclei fuse, a helium nucleus is formed. The reactions also release enormous amounts of energy.

However, in order to carry out such a process on earth, enormous temperatures and the right pressure conditions are also required. This in turn requires a lot of energy. As reported by the US Department of Energy, a research team has now succeeded for the first time in generating more energy than it consumes in this process.

A breakthrough for research, but not for application?

For their experiments and to generate the necessary temperatures, the researchers used the world’s most powerful laser system. They succeeded in fusing small amounts of the hydrogen isotopes deuterium and tritium in the plasma at a temperature of around 60 million degrees Celsius.

According to reports, they were able to generate 20 percent more energy than they used. US Senator Alex Padilla said, “This monumental scientific breakthrough is a milestone for the future of clean energy.”

Also Uwe Gradwohl, head of the science department SWR, classifies the experiments as a breakthrough and important step in nuclear fusion research. However, he also points out that there is still no technical solution for using the findings in fusion reactors.

That is also not the goal of the US researchers. Gradwohl describes the laser experiments for fusion researchers as “quite a bit annoying”.

Previous concepts for fusion reactors would not be based on laser technology, but on electromagnetic waves. Across from tagesschau24 he summarizes: “Highly interesting for research and a breakthrough – no breakthrough for the application.”

Also interesting:

Source: https://www.basicthinking.de/blog/2022/12/14/durchbruch-bei-kernfusion/

Netflix gains 7.7 million new users

0

The “Harry & Meghan” and “Wednesday” series ensured customer growth. Also: Telekom subsidiary T-Mobile US becomes the target of a cyber attack and ChatGPT dominates insider talks in Davos.

Netflix’s profit fell due to the new low-cost subscriptions.
Chesnot/Getty Images

Good morning! While you slept, work continued elsewhere in the digital scene.

The top topics:

Netflix-Co-founder Reed Hastings has announced his retirement. Co-CEO Ted Sarandos and Greg Peters will become new CEOs. Hastings moves to head of the board of directors. The streaming service gained a surprising number of new users in the fourth quarter. The series “Harry & Meghan” and “Wednesday” ensured growth. The number of users rose by 7.66 to 231 million. Analysts had expected half of that because the portal was struggling with customer dwindling in 2022. Netflix shares are up 7% in after-hours trading. The streaming pioneer’s revenue was up 2 percent at $7.85 billion, in line with expectations. [Mehr bei Handelsblatt, CNBC und Techcrunch]

On the founding scene: Was against Berlin and Munich Köln as a start-up location has so far had no chance. The recent rise of the translation service DeepL to the unicorn could now change that. Our editor Maybrit Martschin was there and listened to what business developers and founders expect from DeepL’s success for the cathedral city [Mehr bei Gründerszene]

And here are the other headlines of the night:

The Compliments App Slay has raised a €2.5 million pre-seed funding round. The round was led by Accel, with 20VC and football star Mario Götze also present. Slay was started in 2022 by three Berliners and is similar to the messaging platform Gaswhich this week from Discord was acquired. Slay aims to balance social apps by letting users send positive comments. The compliments app is currently available in Germany, Austria, Switzerland and the UK and claims to have over 250,000 registered users. [Mehr bei Techcrunch]

T-Mobile US has become the target of a cyber attack. 37 million postpaid and prepaid accounts have been affected by the data breach. On January 5, it was found that a third party had obtained data from TelekomThe group announced that the daughter tapped off without permission. T-Mobile US could not rule out that the incident could result in significant costs. The stock fell 2 percent in after-hours trading. [Mehr bei Handelsblatt und Reuters]

The insider tech talks at this year’s World Economic Forum in Davos According to Axios, they increasingly revolve around the rise of artificial intelligence, especially the text generator ChatGPT. Even tech experts are surprised at how mature the technology is, according to the medium. Hanzade Dogan, President of the Turkish e-commerce company all here, pointed to the possibility for AI to drastically reduce the cost of expensive services. Tom Siebel, CEO of C3.aimeanwhile, warned that it is important to be mindful of the technology’s biases in data. [Mehr bei Axios]

The Irish regulator DPC has Whatsapp sentenced to a fine of 5.5 million euros. The reason is another violation of data protection regulations. In addition, the authority asked the messenger service to reconsider the use of personal data for advertising. In September 2021, the DPC had already imposed a fine of 225 million euros on Whatsapp. [Mehr bei Handelsblatt]

FTTthe native token of the collapsed crypto exchange FTX, is up 24 percent in value in the last 24 hours. Previously, FTX CEO John J. Ray III said in an interview with The Wall Street Journal that everything is “on the table” regarding the future of FTX, even a possible restart. Ray said he ordered an investigation to look into the reopening of the crypto exchange. He wanted to consider whether this would help repay assets to customers. [Mehr bei Wall Street Journal und The Information]

Our reading tip on Gründerszene: The layoffs in the startup scene hit employees hard. Also those who were involved in the success of the companies. What happens to theirs ESOPs? [Mehr bei Gründerszene+]

Don’t want to miss anything? Then subscribe to our Gründerszene newsletter! It appears every morning at 8:30 a.m. and brings you all the important news straight to your inbox.

Happy Friday!

Your Gründerszene editors

Source: https://www.businessinsider.de/gruenderszene/business/neflix-gewinnt-77-millionen-neue-nutzer/

These are the new Apple features for your iPhone

0

Shortly before Christmas, Apple released iOS 16.2, a new feature update for the iPhone. The US company is thus adding some features that should already be included in iOS 16. In addition, the new iPhone software closes some security gaps.

iOS 16.2: Apple releases new iPhone update

Apple only releases a major feature update for the iPhone once a year. Most updates usually only contain security updates. But this year it’s different.

With iOS 16.2, Apple has now released a new software version that closes security gaps and also brings some new functions. These are features that should actually be included in iOS 16 and that the company is now delivering.

Freeform: Apple releases new creative app

If you install iOS 16.2, you will automatically receive a new app for your iPhone with the update: Freeform. The application is like a kind of whiteboard and, according to Apple, should enable and optimize “creative brainstorming and collaboration”.

When the app is opened, a white surface appears on which users can paint, write and take digital notes. The special thing about it: Freeform is primarily intended to enable collaboration with several people.

To this end, the US group has integrated the FaceTime app into the application, which users can use to exchange information. Synchronous storage in iCloud is also possible.

iPhone: Karaoke mode for Apple Music

Also on board: A karaoke mode for Apple Music. It was previously possible to display lyrics for certain songs and to let them run along. However, the Apple Music Sing function now allows vocals to be turned down so that, for example, you can almost only hear the instruments.

Numerous songs on Apple Music are also suitable as karaoke versions thanks to the new feature. Meanwhile, Apple Music Sing is available to all Apple Music subscribers. This applies to both the iPhone, the iPad and the AppleTV 4K. However, the feature is not available for Apple Music Voice.

iOS 16.2 closes more security gaps

With its new update, Apple is also bringing the “Emergency SOS via satellite” function to all iPhone 14 models. In addition to two new widgets for the lock screen, iOS 16.2 also includes security updates. For example, the new iPhone version alone is said to fix around 30 bugs.

This applies to numerous system areas such as accounts, the iTunes Store, Safari and the WebKit. In some cases, it was possible to run arbitrary code over some vulnerabilities. With iOS 16.2, that should now change. However, Apple does not provide more detailed information on the individual fixes and software gaps.

Install iOS 16.2

iOS 16.2 has been available for free download since December 13, 2022. Apple traditionally recommends timely installation. The new iPhone update is available for all models from iPhone 8 onwards. The version can be downloaded via the device settings under “General” and “Software update”.

With iPadOS 16.2, the US group has also released a new update for the iPad. The new iPad software is available for all Pro models, all iPads Air from the third generation and all iPads and iPad Minis from the fifth generation. According to Apple, the new Mac update macOS Ventura 13.1 fixes more than 30 security vulnerabilities on corresponding devices.

Also interesting:

Source: https://www.basicthinking.de/blog/2022/12/14/ios-16-2-apple-update-iphone/

Battery made from nuclear waste to provide heat and electricity on the moon

0

Researchers from the European Space Agency (ESA) have developed a battery made from nuclear waste that could provide heat and electricity to potential lunar colonies in the future. The basis for this is the element americium-241.

What will life look like in the future? Will we continue to live on earth and face the consequences of our way of life? Or will we soon be exploring other planets and pushing ahead with colonies on the Moon and Mars? Before that happens, however, there are still a few challenges to overcome.

Despite this, and perhaps because of this, the European Space Agency (ESA) is taking exactly this direction. ESA wants to develop generators that generate heat and electricity on the moon by the time of a moon mission in the 2030s.

The basis is the radioactive element Americium-241. Because nuclear power is still an essential part of the power supply on foreign planets.

Battery made from nuclear waste to bring electricity and heat into space

The reason seems simple, that energy from solar panels is not necessarily available. Until now, ESA has used plutonium-238 as the basis for its radioactive batteries, but this is changing. The reason is the previous dependence on Russia and America. With the invasion of Ukraine, the Russian side is no longer a possible partner.

So an alternative was needed. Plutonium-238 has continued to rise in price in recent years. The choice therefore fell on Americium-241. This is about a fifth as expensive and comes from the waste from nuclear power plants. So in the future, batteries made from nuclear waste could provide energy and heat on alien planets.

Further tests are necessary before productive use

A coating of several platinum layers provides the necessary security. These prevent radioactivity from escaping, but at the same time allow heat to be generated. Before the battery is ready to start, however, there are still safety tests to be carried out.

Because the battery must still be safe even when exposed to high temperatures and strong impacts. The next ten years may show whether the technology can develop its full potential.

Also interesting:

Source: https://www.basicthinking.de/blog/2022/12/15/batterie-aus-atommuell/

Occupational safety in the electrical field: The DGUV V3 test

0

Employers in Germany are obliged to ensure the safest possible working conditions. This is intended to prevent accidents at work and thus improve the health and well-being of employees. In addition, the employers themselves benefit – through less absenteeism. In addition, this measure can prevent conflicts with the workforce, which often occur with low risk prevention. One measure in this area is the DGUV V3 test.
However, many entrepreneurs do not know exactly what this is and what regulations there are in this regard. This article is intended to answer all questions about the DGUV V3 exam.

Prevent hazards when handling electrical equipment

The DGUV V3 test serves to prevent hazards when handling electrical equipment. Although electricity is an indispensable source of energy in almost all companies, its use is associated with certain risks.

If a worker comes into contact with an electrical conductor, they will receive an electric shock, which can be dangerous.

In addition, short circuits can cause fires. This also poses a significant risk to employees. These dangers are significantly higher in commercial establishments than in private households, since devices that work with very high currents and voltages are often used here. However, it is possible to reduce the risks. If the electrical equipment has good insulation and intact protective conductors, the probability of an accident is low.
However, since the corresponding protective measures can lose their effectiveness over time, regular checks are very important.

Handling electrical equipment
The DGUV V3 test serves to prevent hazards when handling electrical equipment – Image: © Wosunan #560108292 stock.adobe.com

What is the DGUV V3 exam?

The last paragraph showed the dangers that electrical equipment can pose. However, it is possible to reduce this with regular testing. In order to design a uniform procedure for this, the German Social Accident Insurance (DGUV) has drawn up a corresponding set of rules.
Regulation 3 – abbreviated as DGUV V3 – deals with the specifications for electrical safety.

For which equipment is the DGUV V3 necessary?

The DGUV V3 is required for all systems and devices that are connected to the public power grid. On the one hand, this applies to the permanently installed systems in the building. This includes sockets, light switches, cables and fuse boxes. In addition, the test is required for all permanently installed, electrically operated machines.

It is also very important to ensure that the DGUV V3 also includes small, portable devices such as drills, computers or printers.

The DGUV V3 test is even required for devices that are actually not required for the work – such as the coffee machine in the lounge.

Check systems and devices
The DGUV V3 is required for all systems and devices that are connected to the public power grid – Image: © nuttawutnuy #549806937 stock.adobe.com

Is the DGUV V3 test mandatory?

In many companies, the question arises as to whether the DGUV V3 test is required by law – after all, accident insurance is not a legislative body. Nevertheless, this electrical test is mandatory. This is derived from the Occupational Health and Safety Act. The DGUV is merely the body that sets the relevant rules. If a company does not have this test carried out, it must expect considerable fines. Deliberate non-compliance can even constitute a criminal offence.

There is also another problem: If the employer did not have the DGUV V3 test carried out, there is no insurance cover. In the event of an accident at work, he is therefore liable.

What deadlines must be paid attention to?

In principle, the DGUV V3 test is required before the electrical installations and devices are put into operation. With many portable devices, however, this task is already taken on by the manufacturer. In this case, a new test before commissioning is not necessary – provided that the corresponding test report is available. It is also important to note that this is a recurring test.

However, how long the intervals are depends on the type of equipment and an individual risk assessment.

The inspector must therefore always note in the test log when the next inspection is required. The periods are usually between six months and two years.

Carrying out the electrical test

In order to carry out the electrical test in accordance with the rules, it is necessary to ensure that the procedure is correct. It is also important to draw up a test report and to ensure that the testers are sufficiently qualified.

Carrying out the electrical test
In order to carry out the electrical test in accordance with the rules, it is necessary to ensure that the procedure is correct – Image: © NewSaetiew #530205294 stock.adobe.com

Which standards have to be observed?

The exact specifications for carrying out the DGUV V3 test are not included in this regulation. For this purpose, it refers to various standards of the Association for Electrical, Electronic & Information Technologies (VDE). These contain detailed specifications for carrying out the test. Different VDE standards must be taken into account here – depending on the type of equipment involved and whether you are carrying out an initial test or a repeat test.

In most cases, however, a visual inspection is required first to detect obvious damage or improper use.

After that, it is important to measure various safety-related characteristics – such as the protective conductor resistance or the insulation resistance. Finally, in most cases, a functional test takes place.

The test log

After the examination, the examiner must create a protocol. It notes whether the relevant equipment passed the test and whether there are any defects.
Finally, it must state when the next test is required.

test protocol
After the examination, the examiner must create a protocol – Image: © APchanel #431105576 stock.adobe.com

Who is allowed to carry out the DGUV V3 test?

The examiners must have completed vocational training in the field of electrical engineering and have several years of professional experience. In addition, the Technical Rules for Operational Safety (TRBS) specify a number of other requirements.
It is not mandatory that it is an external auditor. However, since an external service provider also assumes liability, this is always recommended – even if there is a worker with the appropriate qualifications in your company.

Choosing a professional provider is important for the DGUV V3 exam

A strong partner for the DGUV V3 test not only guarantees legally compliant implementation.
In addition, you benefit from careful planning and fast implementation. In this way, the measure affects your production processes as little as possible.

Source: https://www.blog.de/arbeitssicherheit-im-elektrischen-bereich/

Austerity measures in the tech sector: Microsoft cuts 10,000 jobs Austerity measures in the tech sector: Microsoft cuts 10,000 jobs

0

The reason is a new initiative to reduce costs. Also, open source password manager Bitwarden is buying Passwordless and Genesis is reportedly planning to file for bankruptcy this week.

Microsoft intends to present its quarterly figures on January 24th.
GERARD JULIEN/AFP via Getty Images

Good morning! While you slept, work continued elsewhere in the digital scene.

The top topics:

Job cuts in the tech industry are entering the next round: Microsoft announced on Wednesday that it will lay off 10,000 employees, or less than five percent of the company, by the end of the third quarter. CEO Satya Nadella said in a statement that the software manufacturer is adjusting the cost structure to sales and demand. It is not known which areas are affected. Nadella stressed that the software maker will continue to make hires in key strategic areas. Microsoft shares started US trading on Wednesday with slight gains, but then fell into the red.

Amazon also began Wednesday with previously announced layoffs. This is the largest job cut in the e-retailer’s 28-year history. More than 18,000 employees are expected to lose their jobs. [Mehr bei Axios, Bloomberg, CNBC, Handelsblatt, Reuters und Wall Street Journal]

On start-up scene: What do young professionals earn in startups, what do team leads earn? which Jobs are particularly lucrative financially? We’ll tell you all that and more today with an exclusive salary analysis, which we made on the basis of discussions with investors and data from the salary platform Figures.hr. Spoiler: Six digits is possible. [Mehr bei Gründerszene+]

And here are the other headlines of the night:

Der Open Source Password-Manager Bitwarden has the Swedish startup Passwordless bought. It is the company’s first known acquisition from California. The details of the deal were not disclosed. Passwordless specializes in helping developers integrate passwordless authentication technology into their software. Only recently had the rival of 1Password and Lastpass, announced its first debt financing since its inception in 2015, raising $100 million from PSG and Battery Ventures. The details of the deal were not disclosed. [Mehr bei Techcrunch]

The cryptocurrency lender Genesis Global Capital plans to file for bankruptcy later this week. This is reported by the Bloomberg news agency, citing insiders. A bankruptcy filing has been expected for weeks. Genesis, the parent company Digital Currency Group and creditors have exchanged several proposals but have not yet come to an agreement, the Bloomberg report said. [Mehr bei Bloomberg und Reuters]

the Bitzlato-Co-founder Anatoly Legkodymow has been arrested in the US on charges of money laundering. The majority shareholder and co-founder of the crypto exchange is said to have moved hundreds of millions of dollars. According to the Russian, who lives in China, customers of the stock exchange were also “known crooks”. Legkodymov was arrested in Miami on Tuesday. The Bitzlato website was blocked on Wednesday. [Mehr bei Handelsblatt und Techcrunch]

Spotify and other technology companies have called on the EU Commission to Apples App Store practices to stop. Apple is a pity for developers and end customers because the regulators are far too hesitant to act, according to a statement. In association with other companies, including the streaming service Deezerturned Spotify now again with an open letter to the EU Competition Commissioner Margrethe Vestager and called on her to intervene quickly. [Mehr bei The Information]

investments: wallapop, a peer-to-peer marketplace based in Barcelona, ​​has raised €81 million. The money is to be invested in activities in Spain, Italy and Portugal. Wallapop described the round as an extension of its Series G round it held in February 2021. The valuation of the Spaniards should now be 771 million euros. Sequoia Capital, a long-established venture capital firm, has raised a new $195 million seed fund. The funds are to be used to support founders in the USA and Europe. [Mehr bei Techcrunch und Techcrunch]

Our reading tip on Gründerszene: Person is one of the most valuable startups in Germany. Founder Hanno Renner is now planning an IPO. [Mehr bei Gründerszene]

Don’t want to miss anything? Then subscribe to our Gründerszene newsletter! It appears every morning at 8:30 a.m. and brings you all the important news straight to your inbox.

A nice Thursday!

Your Gründerszene editors

Source: https://www.businessinsider.de/wirtschaft/sparmassnahmen-im-tech-sektor-microsoft-streicht-10000-stellen/

Zone True Wireless Earbuds von Logitech [Anzeige]

0

Bluetooth headphones have long since replaced the usual wired headphones. Because they are much more practical, whether for sports or leisure. But do the headphones also support working in the office and in the home office? We show how it works and introduce the Zone True Wireless Earbuds from Logitech.

The Zone True Wireless Earbuds are Bluetooth in-ear headphones that ensure good sound and sufficient quiet, especially in loud and hectic environments. This makes the earbuds particularly suitable for working in the home office. Even when things get hectic and noisy around you, you can concentrate on your work thanks to the integrated, certified, noise-cancelling microphone, ANC and all-round sound.

The Zone True Wireless Earbuds can be easily connected to your smartphone and your computer at the same time and controlled via the Logi Tune app.

Crystal clear voice thanks to six microphones

The special feature lies in the clear voice processing. Even though the Zone True Wireless Earbuds are small and handy, they have a total of six microphones built into them. We all know the situation in the home office: sometimes so many people take part in video conferences that individual voices and people are lost. With the Earbuds, Logitech makes sure that that doesn’t happen anymore.

By the way, this also works when you are not in the office or in the home office. The inner microphone captures your voice using bone conduction and combines with a material that cancels out wind noise to produce a professional sound. So you can theoretically take part in a video conference on the go.

No annoying noises thanks to hybrid ANC

But it’s not just your conversation partners who hear you perfectly thanks to the Zone True Wireless Earbuds. You also have the option to fully immerse yourself in your work and turn off all distracting noises. On the one hand, the integrated hybrid ANC blocks annoying noises so that you can fully concentrate on your work.

At the same time, the transparency mode is useful if you want to participate in conversations or hear traffic noise without taking out the earbuds on the go. Operating the earbuds is child’s play: simply use the Logi Tune app to switch them on and off, or tap the earbud quickly and easily.

Logitech

Modern design and good fit

The Zone True Wireless Earbuds have a modern and simple design, which means that they are not as noticeable as other Bluetooth headphones when worn. They are available in a beautiful dusky pink or plain grey-black.

Since in-ear headphones have to fit exactly to be comfortable in everyday life and at work, the Zone True Wireless Earbuds come with three different interchangeable gel cushions in different sizes. This allows Logitech to ensure that the noise result is as good as possible.

Suitable for work and leisure

Logitech headphones work with the most common telephony applications on almost all platforms and operating systems. These include Microsoft Teams, Google Meet, Google Voice and Zoom. Additionally, the earbuds are also compatible with other popular calling apps like Cisco Webex, BlueJeans, and GoToMeeting.

In addition to work, Logitech earbuds are also suitable for leisure and sports. So if you are looking for earbuds that are suitable for work and leisure, that are simple and modern and enable optimal sound, you should take a closer look at the Zone True Wireless Bluetooth Earbuds from Logitech at a price of up to 349 euros.

Find out more here

Source: https://www.basicthinking.de/blog/2022/12/15/zone-true-wireless-earbuds-logitech/

Secure your API with authorization and usage plans in AWS API Gateway

0

If you haven’t read our first article about severless computing with Amazon API Gateway, you can read it here.

AWS API Gateway is a fully managed service that allows developers to create, publish, maintain, monitor, and secure APIs (Application Programming Interface) for their applications at any scale.

While initial setup of an API is quick and easy with Amazon API Gateway, it is important to protect and secure access to the services and data provided, so that no unauthorized access is possible.

One of the key features of API Gateways is the ability to protect your API with authorization and usage plans to ensure only authorized users can access your API and it is not overloaded with excessive traffic. This article explains the different authorization and usage plan options in Amazon API Gateway and how to configure them.

Authorization is an optional feature of API Gateways. You can choose to skip authorization entirely in your API or handle it in your integration backend.

If you decide to use authorization, there are good reasons (good reasons) to integrate it with API Gateway:

If authorization is desired in your API, integrating it with API Gateway can be a good choice for several reasons:

  • It consolidates your authentication logic into a single place
  • It protects your downstream integration from unauthorized requests, saving you costs and/or freeing up your resources
  • It can be cached, reducing the number of times your authentication service is accessed

Within this authorization step there are two options – authorization check and check against API key.

Authorization with custom authorizers, Cognito or IAM

The most common form of authorization is an actual authorization check. The request information can be examined to identify the caller of an API – either based on an HTTP header or a query string – and either allow or deny the request, depending on whether the caller has permission to call the API. There are three main ways to configure an authorization check in API Gateway:

Using IAM permissions over signed HTTP requests:

This method allows you to use AWS IAM policies to authorize API requests. This requires you to sign the HTTP requests with your AWS access key and secret key. This can be done using the AWS Signature Version 4 signing process.

Using tokens from a Cognito user pool:

If you use Cognito user pools for your authentication needs, you can use tokens from the user pool to authorize API requests. This method requires you to configure the required scopes needed for a specific API endpoint.

Creating your own custom logic in a custom Lambda authorizer:

If you need fine-grained authorization, you can write your own custom logic in a Lambda function and use that as custom authorization for your API gateway. Custom approvers give you complete control over the authorization process and can run any logic you need to authenticate and authorize the user. You can also include additional context in the request based on the user’s identity.

For a user-side API, the last two options are the most commonly used.

If you’re already using Cognito User Pools for your authentication needs, integrating with API Gateway can be an easy and convenient option. You can configure the required scopes for a specific API endpoint without writing your own logic.

On the other hand, if you are not using Cognito user pools or require more granular authorization controls, you can use custom Lambda authorizers. With custom authorizers, you have full flexibility to implement any authentication and authorization logic you want. You can also add additional context to the request based on the identity of the caller.

Source: Sample architecture diagram for adding authentication (AWS Cognito) and authorization (AWS Lambda Custom Authorizer) services to AWS API Gateway. For a detailed example of setting up an API Gateway authorizer, see this article from AWS: Building fine-grained authorization using Amazon Cognito, API Gateway, and IAM.

API Keys and Usage Plans

API key verification is part of the authorization process in API Gateways. You can configure the service to require API keys to be passed with each request. These keys are stored in x-api-key-Header passed, and requests without them will be rejected. Although API keys are often involved in the authorization process, they should not be considered the primary authorization method. They are not a precise method of identifying and authorizing users.

API keys are most commonly used for rate limiting and throttling users. AWS offers usage plans that allow you to associate API keys with specific limits. These plans can be configured with throttling limits (the number of requests allowed per second) and quota limits (the maximum number of requests over a given period of time).

Throttling limits can prevent a caller from overloading your downstream resources, while quota limits can be used to enforce limits on paid APIs or specific clients. Quota limits allow you to set a maximum number of requests over a certain period of time, e.g. B. set a day, a week or a month. This allows you to enforce restrictions for a specific customer. This is especially handy if you offer a paid API where a user gets a certain number of calls per month.

By default, usage plans are capped at 300 per account per region, but you can request an increase if needed.

summary

Overall, API gateways offer a range of options to protect your API with authorization and usage plans. While it’s not necessary to tie authorization into your API, implementing authorization in API Gateway can provide protection and save money and resources for your downstream integrations. There are three options for authorizing requests: Cognito User Pools, AWS IAM, or a custom Lambda authorizer. API keys can also be used to throttle requests from specific users. The authorization check is performed before the API key check. You have the option to use one, both, or neither of these checks in your API.

Source: https://www.protos-technologie.de/2023/01/17/sichern-sie-ihre-api-mit-autorisierung-und-nutzungsplaenen-in-aws-api-gateway/

Deceptively real phishing emails in circulation

0

The PayPal payment service is currently dealing with a wave of phishing emails. The problem with this: The e-mails from the fraudsters look deceptively real and come from the official e-mail address.

In the third quarter, the online payment service PayPal had 432 million active accounts worldwide. Around 5.64 billion transactions were made. For comparison: In the previous year, the number of users was 416 million, an increase of around four percent.

No wonder, then, that scammers are also particularly interested in the payment service. Phishing emails that look deceptively real are currently in circulation, such as Welt first reported.

Why do phishing emails look so real?

Users can often unmask fraudulent emails in one simple step. Because these usually come from dubious e-mail addresses, which you can see at first glance that they cannot be real.

But this is not the case with the phishing wave currently circulating at the popular online payment service. Because the e-mails come directly from the address [email protected], via which users normally also receive notifications.

Sea Welt the e-mails also come directly from the Paypal servers. It is therefore almost impossible to expose them as fake.

The scam behind the PayPal scam

The e-mails, which supposedly come from the online payment service, fool users into believing that they have sent a payment. In an example from Welt “A $479 payment was sent to Coinbase Corporation.”

As the email progresses, customers are then prompted to call the PayPal helpdesk number if they have not initiated that payment.

If this number is actually called, the scammers ask for the password and the security code sent via SMS. This gives them access to the account where they can withdraw money as they please.

How can you still recognize the fake?

A spokesman for the company explained opposite Welt following features to expose the e-mails as fake despite all attempts by the scammers.

The text also contains spelling mistakes, a foreign currency, an apparent urgency and an impersonal (general) form of address.

German Paypal customers can also prick up their ears at another point. So far, the mails have only been written in English.

PayPal has also been using the paypal.de domain for its email traffic in Germany since 2018. So far, however, the mails have all come exclusively from the domain paypal.com.

Also interesting:

Source: https://www.basicthinking.de/blog/2022/12/15/paypal-phishing-mails/

Latest

Popular