20.5 C
New York
Monday, March 31, 2025
Home Blog Page 4

ios – AWS Cognito Swift: Present Token Not Updating After First Login

codesanitize
-
0
ios – AWS Cognito Swift: Present Token Not Updating After First Login


I’m utilizing AWS Cognito for authentication in my iOS app with Swift. Under is the loginCognito operate I take advantage of to authenticate customers:

non-public func loginCognito(knowledge: AWSConfigData) async throws {
    let loginsKey = "cognito-idp.(knowledge.area).amazonaws.com/(knowledge.userPoolId)"
    let logins = [loginsKey: data.idToken]

    let identityProviderManager = IdentityProviderManager(loginMaps: logins)

    let credentialsProvider = AWSCognitoCredentialsProvider(
        regionType: knowledge.regionType,
        identityPoolId: knowledge.identityPoolId,
        identityProviderManager: identityProviderManager
    )

    return attempt await withCheckedThrowingContinuation { continuation in
        credentialsProvider.identityProvider.logins().continueWith { job in
            if let end result = job.end result, let token = end result[loginsKey] as? String {
                print("Login with Token:", token)

                self.awsConfigData = knowledge
                let configuration = AWSServiceConfiguration(
                    area: knowledge.regionType,
                    credentialsProvider: credentialsProvider
                )
                AWSServiceManager.default()?.defaultServiceConfiguration = configuration

                Job {
                    let currentToken = attempt await self.getLoginsToken()
                    print("Present Token:", currentToken)
                }
                return continuation.resume(returning: ())
            } else if let error = job.error {
                return continuation.resume(throwing: error)
            } else {
                let error = NSError(area: "S3Error", code: -1, userInfo: [NSLocalizedDescriptionKey: "Get login error"])
                return continuation.resume(throwing: error)
            }
        }
    }
}

/// IdentityProviderManager for AWS Cognito
non-public class IdentityProviderManager: NSObject, AWSIdentityProviderManager {
    non-public let loginMaps: [String: String]

    init(loginMaps: [String: String]) {
        self.loginMaps = loginMaps
    }

    func logins() -> AWSTask {
        return AWSTask(end result: loginMaps as NSDictionary)
    }
}

That is my getLoginsToken operate to retrieve the present token:

non-public func getLoginsToken() async throws -> String {
    guard let configuration = AWSServiceManager.default().defaultServiceConfiguration,
          let credentialsProvider = configuration.credentialsProvider as? AWSCognitoCredentialsProvider,
          let awsConfigData else {
        let error = NSError(area: "S3Error", code: -1, userInfo: [NSLocalizedDescriptionKey: "Cannot get credentialsProvider"])
        print("Token Error:", error)
        throw error
    }

    return attempt await withCheckedThrowingContinuation { continuation in
        credentialsProvider.identityProvider.logins().continueWith { job in
            let loginsKey = "cognito-idp.(awsConfigData.area).amazonaws.com/(awsConfigData.userPoolId)"

            if let end result = job.end result, let token = end result[loginsKey] as? String {
                print("Token:", token)
                return continuation.resume(returning: token)
            } else if let error = job.error {
                print("Token Error:", error)
                return continuation.resume(throwing: error)
            } else {
                let error = NSError(area: "S3Error", code: -1, userInfo: [NSLocalizedDescriptionKey: "Get login error"])
                return continuation.resume(throwing: error)
            }
        }
    }
}

Challenge:

  • On the primary login, Login with Token and Present Token are the identical.
  • Nevertheless, from the second login onwards, Login with Token is up to date, however Present Token stays the identical as the primary login.
  • I’ve tried utilizing credentialsProvider.clearCredentials(), but it surely didn’t clear up the problem.

How can I be sure that getLoginsToken() at all times retrieves the newest token from Cognito?

Any assist could be enormously appreciated! Thanks upfront! 🙏

How Meta’s newest forest credit buy will get it nearer to internet zero

codesanitize
-
0
How Meta’s newest forest credit buy will get it nearer to internet zero


The tech big Meta, proprietor of Fb and WhatsApp, has bought 676,000 carbon credit as a part of a challenge that may remodel the administration of 68,000 acres of beforehand industrial forest on Washington State’s Olympic Peninsula. The deal is the primary time EFM, the forest funding firm that acquired the land, has used credit score gross sales to assist fund a forest buy. 

It additionally represents a big uptick in credit score use by Meta, which can obtain the credit over a 10-year interval. The corporate has retired a mean 65,000 credit yearly since 2021, in response to Allied Offsets, a supplier of carbon market information. Mixed with a purchase order final September of as much as 2.9 million forest credit by means of 2038 from the forestry arm of Brazilian funding financial institution BTG Pactual, the corporate has contracts in place to permit it to retire greater than 200,000 credit yearly for the subsequent decade from these two initiatives alone.

Along with offsetting emissions as a part of its technique to achieve internet zero by 2030, Meta stated it selected the challenge due to the broader advantages it should carry to carbon markets. “EFM’s landscape-scale conservation efforts won’t solely sequester carbon to assist us obtain our internet zero goal,” stated Tracy Johns, carbon removing program lead at Meta. “It’ll additionally present lasting outcomes for the ecosystem, native financial system, and Hoh, Quileute, and different communities who depend on this wholesome and responsibly managed forestland.” The corporate declined to reveal the price of its buy.

No extra clear-cutting

EFM’s newly acquired forest is a coastal strip of land that was owned by the forest merchandise firm Rayonier for round 80 years. Consistent with standard administration of economic forests, the corporate clear-cut the land each 35 years or so and replanted with Douglas fir, western hemlock and Sitka spruce. “It could look extra like a plantation,” stated Bettina von Hagen, EFM’s CEO.

Because of the acquisition, which value EFM greater than $200 million, the land will now be managed with extra holistic targets, together with enhancing biodiversity and storing further carbon. Meaning including western purple cedar, a culturally and ecologically vital species that grows slowly and is commonly excluded from industrial forests; bigleaf maple, which gives meals for invertebrates and thus, not directly, salmon; and a number of understory species.

Harvesting will proceed, nevertheless. Von Hagen stated EFM will apply two strategies that steadiness extraction with long-term sustainability. In a thinning operation, loggers lower round 30 p.c of timber and go away what stays. Variable retention harvesting entails eradicating a a lot bigger fraction — between 70 and 90 p.c — whereas leaving sufficient timber to guard the soil and supply habitat for animals. The practices will permit the forest to proceed to assist the native timber business even because the carbon saved on the land is elevated. EFM estimates that 10 million tons of carbon dioxide is at the moment saved on the land and that the brand new administration practices will enhance that by 1 million tons. 

Traders need predictability

The deal that secured the forest was put collectively at extraordinarily quick discover: Von Hagen stated information on the forest was made obtainable simply 9 weeks earlier than binding bids had been due. “Till now, we now have not been capable of assemble the capital for big acquisitions within the quick time frames which are often offered, and haven’t been capable of compete with patrons which had been solely underwriting the timber, which is a identified commodity with predictable costs with which institutional buyers are very acquainted,” she defined. “Having a contract with an incredible counterparty like Meta allowed our buyers to underwrite the transaction with a predictable set of carbon and timber costs, and that made all of the distinction.”

Schemes initiatives that mix industrial actions with carbon storage — which fall right into a class of initiatives generally known as improved forest administration (IFM) — have beforehand are available in for criticism. To estimate the carbon saved by a challenge, builders forecast the harvesting that will have taken place within the absence of IFM practices. Researchers have warned that the methodologies governing IFM initiatives permit builders to overestimate baseline harvesting and generate unearned credit. The methodology that shall be utilized by EFM was developed by ACR, a carbon credit standard-setter previously generally known as the American Carbon Registry, and was up to date in September of final 12 months, partly to enhance the precision of baseline measurements.

CISA Warns of RESURGE Malware Exploiting Ivanti Join Safe RCE Vulnerability

codesanitize
-
0
CISA Warns of RESURGE Malware Exploiting Ivanti Join Safe RCE Vulnerability


The Cybersecurity and Infrastructure Safety Company (CISA) has issued an in depth Malware Evaluation Report (MAR-25993211-r1.v1) on the RESURGE malware, which exploits the Distant Code Execution (RCE) vulnerability CVE-2025-0282 in Ivanti Join Safe gadgets.

This vulnerability has been leveraged by risk actors to compromise crucial infrastructure programs, enabling unauthorized entry and management.

CISA’s evaluation revealed that RESURGE is a classy backdoor malware with functionalities just like SPAWNCHIMERA.

It establishes Safe Shell (SSH) tunnels for command-and-control (C2) operations, modifies system recordsdata, bypasses integrity checks, and deploys net shells on compromised gadgets.

Moreover, RESURGE creates a persistent foothold by copying malicious elements to the Ivanti boot disk.

A variant of SPAWNSLOTH malware was additionally recognized throughout the RESURGE pattern, additional complicating system restoration efforts.

SPAWNSLOTH is designed to tamper with gadget logs, erasing traces of malicious exercise.

One other file analyzed by CISA, named “dsmain,” accommodates an embedded shell script and applets from the open-source BusyBox toolset.

These elements enable risk actors to extract uncompressed kernel photos (vmlinux), analyze vulnerabilities, and execute malicious payloads.

The attackers utilized superior encryption methods to govern coreboot RAM disks, guaranteeing stealthy operations.

Malware Performance Breakdown

RESURGE employs a sequence of instructions to ascertain distant command execution capabilities.

It inserts itself into crucial system recordsdata like ld.so.preload, modifies Python scripts to disable mismatch monitoring, and generates cryptographic signatures to disguise altered recordsdata as reliable.

Instructions executed by the malware embrace creating safe sockets for SSH entry, manipulating boot processes, and deploying further payloads.

SPAWNSLOTH, in the meantime, makes use of function-hooking methods to intercept system calls and manipulate shared reminiscence linked to logging processes.

This ensures that log entries associated to malicious actions are erased or altered.

Suggestions for Mitigation

CISA urges organizations utilizing Ivanti Join Safe gadgets to implement sturdy cybersecurity measures instantly:

  • Apply patches for CVE-2025-0282 and guarantee programs are up to date.
  • Preserve sturdy password insurance policies and prohibit administrative privileges.
  • Monitor system logs for anomalies and scan for unauthorized modifications.
  • Deploy antivirus options with up to date signatures to detect malware variants like RESURGE and SPAWNSLOTH.

Organizations are suggested to train warning when dealing with exterior media or downloading software program from unverified sources.

Common audits of community visitors and system integrity are crucial in figuring out potential compromises.

CISA emphasizes the significance of reporting suspicious exercise promptly. Malware samples may be submitted for evaluation through official channels listed on CISA’s web site.

For additional help or detailed steering on securing programs towards rising threats, organizations can contact CISA instantly.

This advisory highlights the rising sophistication of cyber threats concentrating on crucial infrastructure.

Vigilance and proactive protection methods are important in mitigating dangers posed by superior malware like RESURGE.

Discover this Information Attention-grabbing! Observe us on Google InformationLinkedIn, and X to Get On the spot Updates!

Why E-Bike Crackdowns Will Lead To Extra Mid-Drives

codesanitize
-
0
Why E-Bike Crackdowns Will Lead To Extra Mid-Drives



Join day by day information updates from CleanTechnica on electronic mail. Or comply with us on Google Information!

The Crackdown on E-Bike Rule-Bending Begins in California

Not too long ago, California determined to do what it usually does: strictly regulate nearly all the things. Automotive know-how, firearms, the little tags on mattresses — you possibly can depend on California to cleared the path to exerting most management. It’s what the legislature does, and has performed for many years going again at the least to the governorship of Ronald Reagan. There are some upsides to this, in fact, however not everyone seems to be all the time proud of the heavy-handed method.

Sadly, this time it’s the e-bike’s flip to get regulated onerous. (Article continues after video.)

With a few small however vital variations, this isn’t actually completely different from present legislation. As has been the case for years, California subscribes to the usual three courses of e-bikes. These are:

  • Class 1 — pedal help solely, as much as 20 MPH, 750 watts max motor
  • Class 2 — pedal help or throttle, as much as 20 MPH, 750 watts max motor
  • Class 3 — pedal help solely as much as 28 MPH, 750 watts max motor

However, as typical, state lawmakers aren’t specialists and typically make silly errors. For e-bikes, the largest problem is that the brand new legislation doesn’t enable for bikes that mix the properties of Class 2 and Class 3 e-bikes. Many e-bikes have offered for years with throttle working till 20 MPH after which solely pedal help till 28 MPH. Now, all of those bikes are technically unlawful to experience in California until the throttle is eliminated.

The opposite downside is that many e-bikes may be simply modified to do issues not allowed by the three-class system. For instance, if you happen to change a setting within the laptop, many e-bikes can go sooner beneath throttle energy or go sooner than 28 MPH with pedal help. Some bikes are solely electronically restricted to 750 watts, however can present way more energy if you happen to change the settings or minimize a wire. Underneath the brand new legislation, bikes supposed by the producer to interrupt the principles are additionally not thought-about e-bikes, even when riders preserve the authorized settings/configuration.

One additional downside that the video doesn’t get into is that e-bikes usually label the motors with the nominal, steady energy ranking. Whereas this implies 750 watts or beneath beneath steady using, many bikes can produce extra energy (typically way more) for brief bursts to do issues like experience hills.

If California does the standard factor and strictly enforces this, most e-bikes can be unlawful. Many individuals must purchase new ones or work with the producer to provide you with a compliant laptop that isn’t simple to vary (assuming that’s even doable).

However, we’ve to do not forget that the typical cop actually doesn’t know the legislation all that nicely. This might result in a number of unlawful enforcement selections as a result of police received’t know all the complexities of e-bike legal guidelines. Folks with bikes which can be completely compliant may face harassment, arrest, and impound after which need to struggle in courtroom to get their bikes again and fees dropped.

The complexity of the legislation may additionally end up higher if police resolve to prioritize enforcement in opposition to bikes which can be blatantly not e-bikes. In case your bike appears like a motorbike, they’ll in all probability go away you alone. However in case you are using one thing that appears like a motorbike and doesn’t have pedals, they’ll hammer you.

Sadly, we’ll see some mixture of all this all around the state and in different states that comply with California down this street. In some locations, everybody using an e-bike will endure beneath poor enforcement and police ignoring issues just like the Fourth Modification and due course of. In others, police can be smarter and solely go after apparent public security issues.

E-Bikes All Over The US Will Change As a result of Of This

Whereas it should proceed to be both authorized or tolerated to experience Class 2/3 bikes and different non-compliant e-bikes in different states, we’ve to understand that the sheer dimension of the California e-bike market signifies that this can have an effect on what’s offered to everybody. This may result in a brief “malaise period” of types for bikes as Chinese language producers change programming to place in strict limits with out altering the {hardware}.

Hub motor bikes would be the largest downside. When restricted to 750 watts most, hill-climbing skill can be fairly sub-par. A scarcity of throttle or a most help restrict of 20 MPH with a throttle will make life more durable for e-bike riders and take some selections away. Worse, using in site visitors can be much less protected as a result of there can be a bigger distinction in velocity between e-bikes and vehicles.

This can be even worse for electrical mountain bikes with hub motors, because the bikes can be very restricted in hill climbing efficiency when restricted to 750 watts with just one comparatively excessive gear ratio.

The Manner Out: Mid-Drive E-Bikes

Not like hub motors, e-bikes with a mid-drive motor feed the facility via the multi-speed drivetrain that your pedal energy goes via. Having the ability to choose completely different gears can be good for electrical motors in precisely the identical approach it’s good for pedaling together with your toes. Torque multiplication in decrease gears means higher hill-climbing skill, whereas going into “overdrive” within the prime gear means it’s simpler to take care of velocity at 20 or 28 MPH with much less motor energy.

A 750-watt hub motor struggles to climb steep hills, whereas a 750-watt mid-drive within the lowest gear can climb most hills with ease. Even a 250-watt or 500-watt mid-drive motor can usually outperform a 750-watt most hub motor when the correct gear is chosen for the duty at hand. For European limits (250 watts), that is notably vital.

There are disadvantages to mid-drive bikes, in fact. The price of constructing them is increased (in all probability the rationale low-cost bikes are likely to have hub motors), the throttle response will differ relying on gear, and riders need to suppose just a little extra about gear choice than they do with a hub bike. On many fashions, riders have to recollect to not swap gears beneath load to forestall damaging the chain and gears.

However, all in all, that is in all probability the place the price range finish of the e-bike business goes. With out having the ability to bend/break the principles and play numbers video games, producers must give individuals the type of efficiency they need inside the letter of the legislation.

Featured picture by Jennifer Sensiba, displaying an e-bike hub motor.

Whether or not you could have solar energy or not, please full our newest solar energy survey.

Chip in a number of {dollars} a month to assist help impartial cleantech protection that helps to speed up the cleantech revolution!

Have a tip for CleanTechnica? Wish to promote? Wish to counsel a visitor for our CleanTech Discuss podcast? Contact us right here.

Join our day by day publication for 15 new cleantech tales a day. Or join our weekly one if day by day is simply too frequent.

Commercial



 

CleanTechnica makes use of affiliate hyperlinks. See our coverage right here.

CleanTechnica’s Remark Coverage



U.S. DOJ Seizes $8.2 Million from Hackers Linked to Pig Butchering Rip-off

codesanitize
-
0
U.S. DOJ Seizes .2 Million from Hackers Linked to Pig Butchering Rip-off


The U.S. Division of Justice has efficiently seized over $8.2 million in cryptocurrency tied to an elaborate “pig butchering” fraud operation that victimized dozens of People.

On February 27, 2025, the U.S. Lawyer’s Workplace for the Northern District of Ohio filed a civil forfeiture grievance towards these funds, which had been recognized by way of refined blockchain tracing methods deployed by federal investigators.

The Scheme and Its Victims

The grievance particulars how fraudsters employed a posh social engineering tactic often called “pig butchering.”

On this scheme, scammers spend weeks or months constructing belief with victims earlier than convincing them to spend money on fraudulent platforms.

Utilizing nameless telephone numbers and messaging apps, perpetrators created illusions of private or romantic relationships with their targets, slowly manipulating them into making cryptocurrency investments on what seemed to be respectable platforms.

Among the many victims was a Cleveland-area resident who was persuaded to liquidate her whole retirement financial savings, in the end transferring greater than $650,000 in cryptocurrency to the scammers.

She represents simply one in all no less than 31 recognized victims throughout america who fell prey to this operation.

Complaint shows a TRM Graph Visualizer snapshot of the FBI’s tracing of victim funds to addresses controlled by scammersComplaint shows a TRM Graph Visualizer snapshot of the FBI’s tracing of victim funds to addresses controlled by scammers
Grievance exhibits a TRM Graph Visualizer snapshot of the FBI’s tracing of sufferer funds to addresses managed by scammers

“These scammers prey on susceptible people, cultivating relationships over prolonged durations particularly to achieve belief earlier than executing their monetary fraud,” the grievance states.

Subtle Cash Laundering Operations

Federal investigators uncovered an intricate money-laundering operation designed to obscure the origin of stolen funds.

In response to the grievance, sufferer funds had been methodically routed by way of a posh community of decentralized finance (DeFi) platforms, cross-chain swaps, and unhosted wallets, finally consolidating in three TRON blockchain addresses.

Regardless of these advanced obfuscation methods, FBI brokers leveraged blockchain intelligence to hint the motion of funds throughout a number of cryptocurrency networks and platforms.

In response to the TRM Labs report, the investigation revealed telling patterns and pockets reuse, in the end permitting authorities to attach the dots and determine the vacation spot of victims’ cash.

On this case, the DOJ employed a twin authorized principle that allowed for complete asset seizure.

Funds immediately traceable to fraud had been forfeited beneath wire fraud statutes, whereas remaining funds – believed to be linked to extra unidentified victims – had been seized beneath cash laundering provisions.

This strategic strategy enabled the seizure of the complete $8.2 million, stopping fraudsters from retaining any portion of their illicit features whereas preserving funds for potential restitution to victims because the investigation continues.

Pig butchering scams symbolize one of many fastest-growing and most damaging types of cryptocurrency fraud.

Legislation enforcement officers notice that these operations are sometimes linked to human trafficking networks in Southeast Asia, the place victims are compelled to work in rip-off compounds.

The FBI’s Cleveland Discipline Workplace continues to “hint backwards” from the seized addresses to determine extra victims who could also be entitled to restitution from the recovered funds.

Discover this Information Fascinating! Comply with us on Google InformationLinkedIn, and X to Get Instantaneous Updates!

1...345...3,927Page 4 of 3,927

ABOUT US

Welcome to CodeSanitize, your number one source for all things coding and technology. We’re dedicated to providing you the very best of software development tutorials, tips, and resources, with a focus on clarity, practical examples, and up-to-date content.

© Copyright 2024 - codesanitize.com. All rights reserved