Abstract: Techniques to reduce the latency of data transfer notifications in a computing system are disclosed. The techniques can include receiving, at a memory, a first access request of a set of access requests associated with a data transfer. The first access request has a token and an access count indicating the number of access requests in the set of access requests. A counter is initiated to count the number of received access requests having the token. When additional access requests belonging to the set of access requests are received, the counter is incremented for each of the additional access requests being received. A notification is transmitted to an integrated circuit component in response to receiving the last access request of the set of access requests having the token to notify the integrated circuit component that the memory is ready for access.

Abstract: Various embodiments of apparatuses and methods for distributed threat sensor analysis and correlation of a malware threat intelligence system are described. In some embodiments, the system comprises a plurality of threat sensors, deployed at different network addresses and physically located in different geographic regions in a provider network, which detect interactions from sources. In some embodiments, a distributed threat sensor analysis and correlation service obtains significance scores for different sources of the interactions with the plurality of threat sensors. The service determines which of the sources are malicious actors based on the significance scores. The service receives identifiers of known actors such as compute instances in the provider network, client devices in a client network, or deployed IoT devices in a remote network, and correlates the malicious actors with the known actors to identify which known actors might be infected by malware.

Abstract: Techniques are disclosed for detecting an uncovered portion of a body of a person in a frame of video content. In an example, a first machine learning model of a computing system may output a first score for the frame based on a map that identifies a region of the frame associated with an uncovered body part type. Depending on a value of the first score, a second machine learning model that includes a neural network architecture may further analyze the frame to output a second score. The first score and second score may be merged to produce a third score for the frame. A plurality of scores may be determined, respectively, for frames of the video content, and a maximum score may be selected. The video content may be selected for presentation on a display for further evaluation based on the maximum score.

Abstract: A connection-based service impersonates request-based security for requests from clients that do not include credentials for the requests (e.g., data plane requests made via a connection-oriented security). A connection between a client and a connection-based service is established based on connection credentials that are based on security credentials from a request-based security service. The credentials are sent by a security component of the service to a local agent of the remote security service to be authenticated by the security service. An impersonation token is returned by the security service and cached by the local agent. Requests from the client to perform operations do not include credentials. For each request, the service passes an identifier for the client and the operation to a local authorization component that calls the agent for authorization of the requested operation. The agent uses the impersonation token to obtain authorization for the requested operation.

Abstract: This disclosure describes an item drop location for placing items that have been picked from an inventory location within a material handling facility but have not yet been transitioned from the materials handling facility and a return location for returning items that have been transitioned from the materials handling facility. Likewise, described is a system and method for identifying an item placed at a drop location or an item placed at a return location, processing the placed item and providing confirmation to a user that placed the item and facilitating a return of the item or a removal of the item from an item identifier list associated with the user.

Abstract: Systems and methods for providing cryptographic services. A cryptography service obtains a request to provision a computing device to perform cryptographic operations. The cryptography service generates executable code for a protected execution environment. The computing device obtains and executes the executable code. The computing device fulfills requests for cryptographic operations in the protected execution environment.

Abstract: This disclosure describes a system for determining an estimated user departure time from a materials handling facility. For example, a user may enter a materials handling facility to pick one or more items from the materials handling facility. Those items may be provided to an agent for processing, such as packing, while the user picks other items within the materials handling facility. To ensure that the items are processed in a timely manner and made available to the user when the user is ready to depart from the materials handling facility, the implementations discussed determine an anticipated user departure time and compare that time with an estimated processing time needed to process the items.

Abstract: Methods and systems for facilitating communications between shared electronic devices are described herein. In some embodiments, a group account may be assigned to a shared electronic device. The group account may include one or more user accounts, where individuals associated with those user accounts may interact with the shared electronic device, and also may form a part of the group account. When a message is sent from one shared electronic device to another personal device or shared electronic device, the message may be indicated as being sent from the group account, as if the shared electronic device corresponds to its own separate account. In some embodiments, speaker identification processing may be employed to determine a speaker of the message and, if the speaker is able to be identified, the message may be sent from the corresponding speaker's user account instead of the shared electronic device's corresponding group account.

Abstract: The reliability of an application is improved by analyzing and implementing changes to application infrastructure that is represented, in some examples, as Infrastructure as Code (“IAC”). The system performs various tests on the infrastructure to determine how the infrastructure responds to failures and whether recovery procedures and monitoring services in place are effective and functioning properly. Various examples provide a measure of infrastructure resiliency that can be used to evaluate potential changes to application infrastructure.

Abstract: Systems and methods utilize network destination identifiers, such as IP addresses, that are simultaneously advertised from multiple locations. The network destination identifiers may be announced in multiple geographic regions. Network traffic routed to devices advertising the network destination identifiers may be routed to appropriate endpoints. When a device receives such traffic, it may send the traffic to an endpoint in a network served by the device. In some instances, such as when such an endpoint is not available, the network traffic may be sent to another network that is served by another device that advertises the network destination identifiers.

Abstract: Systems and methods are provided to implement a fast recovery process in a partitioned replicated data store. In some embodiments, the data store is configured to store an object in a plurality of partitions and replicate data in each partition in a group of replica nodes to satisfy a durability model. In response to a replica failure, the data store performs a split operation to create a plurality of new partitions. The partition's data is split into subsets corresponding to the new partitions. The subsets are transmitted, in parallel, from the surviving replica nodes of the partition to new replica nodes in the new partitions. The new partitions then replicate respective subsets of data in their respective replication groups using a chained replication technique. The recovery process allows the data store to return into compliance with the durability model more quickly, by parallelizing the copying of data.

Abstract: Devices and techniques are generally described for anomalous computer activity detection. In various examples, first computer activity data associated with a first account may be determined. A first linear detection event that corresponds to the first computer activity data may be determined. In some examples, a set of gradient-based data associated with the first linear detection event may be determined. The set of gradient-based data may represent comparative analysis of the first computer activity data with computer activity data of other accounts. In some examples, first data representing the first linear detection event and the set of gradient-based data may be generated. In various cases, network access for the first account may be disabled based on the first data.

Abstract: Disclosed are systems and methods that detect segments of video, such as HDR video, that include content, such as edges and details in dark scenes, that cannot be presented on some displays. Output models for different display types, such as edge-lit LCD, backlit LCD, etc., may be created and used to process video with respect to those different display types to determine if segments of the video cannot be presented on the display type at the pixel brightness values indicated in the video. In some implementations, HDR video may also or alternatively be compared to SDR video to determine segments of the video that are of interest, especially in low light scenes.

Abstract: A system configured to create a flexible home theater group using a variety of different devices. To enable the home theater group to generate synchronized audio, the system performs device localization to generate map data, which represents locations of devices in a device map. The map data may include a listening position and/or television, such that the map data is centered on the listening position with the television along a vertical axis. To generate the map data, the system selects a primary device that determines calibration data indicating a sequence when each of the individual devices generates playback audio. The primary device sends the calibration data to secondary devices and each device generates playback audio at a designated time in the sequence, enabling other devices to capture the output audio and determine a relative position of the playback device (for example using angle of arrival and distance information).

Abstract: Techniques for distributed data processing application service networking in a cloud provider network are described. A first request to launch a virtual machine is received, the first request including a session network identifier to identify a network of a distributed data processing application cluster hosted by the provider network. The first virtual machine is launched. An internet protocol (IP) address of the first virtual machine is set, and the IP address of the first virtual machine is formed at least in part by combining an IP subnet assigned to the computer system with the session network identifier. A firewall controlling network traffic to and from the first virtual machine is configured to allow packets having a source or destination address that matches a portion of the IP address of the first virtual machine that includes the session network identifier.

Abstract: Techniques for an objection detection feature are described herein. Images of an object captured by a camera may be received along with information that includes a first timestamp. A presence of the object and a type of the object may be determined based on a computer vision model that uses the images. First RFID data may be received from an RFID sensor from an RFID tag associated with the object. The first RFID data may include a second timestamp and an identifier for the RFID tag. A determination that the object has entered the area may be determined based on the presence of the object within the images, the first RFID data, the first timestamp, and the second timestamp. A threshold for the object may be determined based on the first timestamp, the second timestamp, and one or more policies for the area.

Abstract: Dynamic transcoding can be used to provide supplemental content, selected to be played during breaks in a stream of primary content, that has the same format as the primary content. It can be desirable to provide supplemental content that is personalized. This may include additional content or advertising that may be of interest or relevance to a viewer. In many instances, the supplemental content will come from a different source and thus can be in a different format. Approaches in accordance with various embodiments can take advantage of dynamic transcoding of the supplemental content to provide properly formatted supplemental content through the same stream as the primary content. A custom manifest can be provided to the media player that points to the transcoded supplemental content. At an appropriate break in the playback, the media player can use the manifest to obtain the formatted supplemental content.

Abstract: Systems and techniques for updating floor plans for use by autonomous mobile devices. The techniques include accessing a first floor plan with associated spatial metadata. An updated occupancy map is received with additional geographic updates over the first floor plan. A transformation of the first floor plan is determined to match the new occupancy map. The spatial data and the first floor plan are transformed and the transformed spatial metadata is associated with the new occupancy map to form a second floor plan.

Abstract: A system for utilizing media content reference point information to perform media content encoding, and supplemental content stitching and/or insertion. Media content can be encoded and packaged based on boundaries of the media content. The boundaries can be received from a third-party and/or generated via an automated process. Target boundaries can be selected based on accuracy levels associated with the received and/or generated boundaries. Supplemental content can be stitched and/or inserted into packaged media content based on audio and video content of the packaged media content being aligned.

Abstract: Respective statistical distributions of a target variable within a proposed training data set and a proposed test data set for a machine learning model are obtained. A metric indicative of the difference between the two statistical distributions is computed. The difference metric is used to determine whether the proposed test data set is acceptable to evaluate the machine learning model.