BSI veröffentlicht Leitfaden für sicheres Android mit Samsung Knox
Administratoren können sich von der Website des BSI Empfehlungen für Samsungs Sicherheitsplattform laden. Zweck ist der Schutz von Android-Geräten.
Quelle: Heise Tech News
Watson makes building management as a service possible
Heating, ventilation, air conditioning and lighting represent the largest energy costs for businesses and are prime targets for suppliers of Smart Building systems. Vendors claim that understanding detailed energy usage patterns while being able to control and manage consumption based on that information will quickly deliver bottom line results.
Building management as a service with IBM Watson
PhotonStar, a leading British designer and manufacturer of intelligent lighting solutions, uses the cloud-based IBM Watson Internet of Things (IoT) Platform to help deliver an affordable, integrated building management system that can be retrofitted to almost any building to reduce operational costs and increase service levels for building owners and tenants.
The company’s new product, halcyon cloudBMS, is based on PhotonStar’s next-generation wireless lighting control system, halcyonPRO2. With a halcyonPRO2 platform in each building and configurable cloud-based analytics, cloudBMS delivers an extremely capable, multi-site building-management-as-a-service (BMaaS) solution. The low cost of entry and monthly subscription approach enables owners of small- to medium-sized businesses to reduce energy and operating costs and discover new insights into their operations.
Getting started with building management services
PhotoStar CEO James MacKenzie
PhotonStar CEO James McKenzie said that, historically, PhotonStar was in the LED lighting business. Around 2008, the company began adding microprocessors to its products to help with circadian lighting systems that dynamically change spectral content throughout the day to mimic the light of the sun.
The company has a patented color-mix technology called ChromaWhite that allows it to manage spectral content via multiple LED channels efficiently.
The initial push to expand beyond lighting came from customers. “They started saying, ‘It&8217;s all very well having smart lights, this is great and saves us energy, but all these other environmental factors need controlling, too,’ ” McKenzie said.
Emergency lighting in the UK, for example, must be tested once each month. PhotonStar’s lighting customers in large installations already had onsite staff, but those with many remote locations had to send out a facilities person to each location on a monthly basis just to turn a key and test the system.
If you’ve got a large building, you usually can afford to have a facilities person on-site all the time, so that doesn&8217;t really cost anything. The expensive situation is where you’ve got lots of remote sites. A typical, 350-site retail outlet would require 4,200 emergency lighting tests per year. With Halcyon, the test is conducted monthly and reported via cloud and email, ensuring safety compliance at the lowest cost.
Nobody needs to visit, and the cost savings give a payback in less than one year.
Cost savings of intelligent control
Intelligent control has been shown to deliver 50 percent energy savings in wired control buildings. But 80 percent of the building stock in the developed world already exists, and businesses can’t afford to add that wired infrastructure to existing buildings.
PhotonStar started looking at the broader challenge of facilities management in existing buildings. The company has control functions over lighting, ventilation and air-conditioning, as well as emergency lighting, which costs people money.
One good way to do this cost-effectively is to start with the halcyonPRO2. It&8217;s based on industry-standard ARM technology and wireless protocols such as WiFi and 6LowPAN because it&8217;s so cheap and flexible. So how is that expanded to help manage energy in buildings?
This all sounds quite ambitious, but IoT technology is very cost-effective. Only one’s imagination limits what can be done.
Intelligent business management with cloud
PhotonStar started down that path in 2014 and started expanding halcyon into these other areas. By 2015, it was effectively a building management system by itself, but facilities managers with multiple sites have to make all the really important decisions centrally.
For example, in retail outlets or large offices, managers must aggregate globally the control functions and dashboard them, manage them and examine them. And then, of course, ultimately businesses should intelligently manage all their buildings.
PhotonStar’s leaders realized the company needed to connect the system to the cloud if it wanted to be able to deliver an effective service across multiple locations. And that’s when the company’s cloudBMS was born, building on the Halcyon wireless control system.
PhotonStar built its cloudBMS product and service on top of the IBM Watson IoT platform.
A version of this story originally appeared on the Watson Internet of Things blog.
IBM clients are poised for success using the IBM Cloud as their foundation.
The post Watson makes building management as a service possible appeared first on #Cloud computing news.
Quelle: Thoughts on Cloud
Streaming: Youtube-App bietet Offlinemodus
Youtube Go heißt eine neue App von Youtube, die das Anschauen von Videos auch ohne Internetverbindung erlaubt. Kleiner Haken: Das ist bislang nur in Indien möglich. (Youtube, Google)
Quelle: Golem
Introducing Docker Secrets Management
Containers are changing how we view apps and infrastructure. Whether the code inside containers is big or small, container architecture introduces a change to how that code behaves with hardware – it fundamentally abstracts it from the infrastructure. #Docker believes that there are three key components to container security and together they result in inherently safer apps.
A critical element of building safer apps is having a secure way of communicating with other apps and systems, something that often requires credentials, tokens, passwords and other types of confidential information—usually referred to as application secrets. We are excited to introduce Docker Secrets, a container native solution that strengthens the Trusted Delivery component of container security by integrating secret distribution directly into the container platform.
With containers, applications are now dynamic and portable across multiple environments. This made existing secrets distribution solutions inadequate because they were largely designed for static environments. Unfortunately, this led to an increase in mismanagement of application secrets, making it common to find insecure, home-grown solutions, such as embedding secrets into version control systems like GitHub, or other equally bad—bolted on point solutions as an afterthought.
Introducing Docker Secrets Management
We fundamentally believe that apps are safer if there is a standardized interface for accessing secrets. Any good solution will also have to follow security best practices, such as encrypting secrets while in transit; encrypting secrets at rest; preventing secrets from unintentionally leaking when consumed by the final application; and strictly adhere to the principle of least-privilege, where an application only has access to the secrets that it needs—no more, no less.
By integrating secrets into Docker orchestration, we are able to deliver a solution for the secrets management problem that follows these exact principles.
The following diagram provides a high-level view of how the Docker swarm mode architecture is applied to securely deliver a new type of object to our containers: a secret object.
In Docker, a secret is any blob of data, such as a password, SSH private key, TLS Certificate, or any other piece of data that is sensitive in nature. When you add a secret to the swarm (by running docker secret create), Docker sends the secret over to the swarm manager over a mutually authenticated TLS connection, making use of the built-in Certificate Authority that gets automatically created when bootstrapping a new swarm.
$ echo “This is a secret” | docker secret create my_secret_data –
Once the secret reaches a manager node, it gets saved to the internal Raft store, which uses NACL’s Salsa20Poly1305 with a 256-bit key to ensure no data is ever written to disk unencrypted. Writing to the internal store gives secrets the same high availability guarantees that the the rest of the swarm management data gets.
When a swarm manager starts up, the encrypted Raft logs containing the secrets is decrypted using a data encryption key that is unique per-node. This key, and the node’s TLS credentials used to communicate with the rest of the cluster, can be encrypted with a cluster-wide key encryption key, called the unlock key, which is also propagated using Raft and will be required on manager start.
When you grant a newly-created or running service access to a secret, one of the manager nodes (only managers have access to all the stored secrets stored) will send it over the already established TLS connection exclusively to the nodes that will be running that specific service. This means that nodes cannot request the secrets themselves, and will only gain access to the secrets when provided to them by a manager &8211; strictly for the services that require them.
$ docker service create –name=”redis” –secret=”my_secret_data” redis:alpine
The unencrypted secret is mounted into the container in an in-memory filesystem at /run/secrets/<secret_name>.
$ docker exec $(docker ps –filter name=redis -q) ls -l /run/secrets
total 4
-r–r–r– 1 root root 17 Dec 13 22:48 my_secret_data
If a service gets deleted, or rescheduled somewhere else, the manager will immediately notify all the nodes that no longer require access to that secret to erase it from memory, and the node will no longer have any access to that application secret.
$ docker service update –secret-rm=”my_secret_data” redis
$ docker exec -it $(docker ps –filter name=redis -q) cat /run/secrets/my_secret_data
cat: can’t open ‘/run/secrets/my_secret_data': No such file or directory
Check out the Docker secrets docs for more information and examples on how to create and manage your secrets. And a special shout out to Laurens Van Houtven (https://lvh.io) in collaboration with the Docker security and core engineering team to help make this feature a reality.
Get safer apps for dev and ops w/new Docker secrets management Click To Tweet
Safer Apps with Docker
Docker secrets is designed to be easily usable by developers and IT ops teams to build and run safer apps. Docker secrets is a container first architecture designed to keep secrets safe and used only when needed by the exact container that needs that secret to operate. From defining apps and secrets with Docker Compose through an IT admin deploying that Compose file directly in Docker Datacenter, the services, secrets, networks and volumes will travel securely, safely with the application.
Resources to learn more:
Download Docker and get started today
Try secrets in Docker Datacenter
Read the Documentation
Attend an upcoming webinar
The post Introducing Docker Secrets Management appeared first on Docker Blog.
Quelle: https://blog.docker.com/feed/
Introducing Docker Datacenter on 1.13 with Secrets, Security Scanning, Content Cache and more
It’s another exciting day with a new release of Docker Datacenter (DDC) on 1.13. This release includes loads of new features around app services, security, image distribution and usability.
Check out the upcoming webinar on Feb 16th for a demo of all the latest features.
Let’s dig into some of the new features:
Integrated Secrets Management
This release of Docker Datacenter includes integrated support for secrets management from development all the way to production.
This feature allows users to store confidential data (e.g. passwords, certificates) securely on the cluster and inject these secrets to a service. Developers can reference the secrets needed by different services in the familiar Compose file format and handoff to IT for deployment in production. Check out the blog post on Docker secrets management for more details on implementation. DDC integrates secrets and adds several enterprise-grade enhancements, including lifecycle management and deployment of secrets in the UI, label-based granular access control for enhanced security, and auditing users’ access to secrets via syslog.
Image Security Scanning and Vulnerability Monitoring
Another element of delivering safer apps is around the ability to ensure trusted delivery of the code that makes up that app. In addition to Docker Content Trust (already available in DDC), we are excited to add Docker Security Scanning to enable binary level scanning of images and their layers. Docker Security Scanning creates a bill of materials (BOM) of your image and checks packages and versions against a number of CVE databases. The BOM is stored and checked regularly against the CVE databases, so if a new vulnerability is reported against an existing package, any user can be notified of the new vulnerability. Additionally, system admins can integrate their CI and build systems with the scanning service using the new registry webhooks.
The latest #DockerDatacenter features secrets, security scanning, caching and moreClick To Tweet
HTTP Routing Mesh (HRM)
Previously available as an experimental feature, the HTTP (Hostname) based routing mesh is available for production in this release. HRM extends the existing swarm-mode networking routing mesh by enabling you to route HTTP-based hostnames to your services.
New features in this release include ability to manage HRM for a service via the UI, HTTPS pass-through support via SNI protocol, using multiple HRM networks for application isolation, and sticky sessions integration. See the screenshot below for how HRM can be easily configured within the DDC admin UI.
Compose for Services
This release of DDC has increased support for managing complex distributed applications in the form of stacks–groups of services, networks, and volumes. DDC allows users to create stacks via Compose files (version 3.1 yml) and deploy through both the UI and CLI. Developer can specify the stack via the familiar Compose file format; for a seamless handoff, IT can cut and paste that the Compose file and deploy services into production.
Once deployed, DDC users are able to manage stacks directly through the UI and click into individual services, tasks, networks, and volumes to manage their lifecycle operations.
Content Cache
For companies with app teams that are distributed across a number of locations and want to maintain centralized control of images, developer performance is top of mind. Having developers connect to repositories thousands of miles away make not always make sense when considering latency and bandwidth. New for this release is the ability to set up satellite registry caches for faster pulls of Docker images. Caches can be assigned to individual users or configured by each user based on their current location. The registry caches can be deployed in a variety of scenarios including; high availability and in complex cache-chaining scenarios for the most stringent datacenter environments.
Registry Webhooks
To better integrate with external systems, DDC now includes webhooks to notify external systems of registry events. These events range from push or pull events in individual repositories, security scanning events, create or deletion of repositories, and system events like garbage collection. With this full set of integration points, you can fully automate your continuous integration environment and docker image build process.
Usability Improvements
As always, we have added a number of features to refine and continuously improve the system usability for both developers and IT admins.
Cluster and node level metrics on CPU, memory, and disk usage. Sort nodes by usage in order to quickly troubleshoot issues, and the metrics are also rolled up into the dashboard for a bird’s eye view of resource usage in the cluster.
Smoother application update process with support for rollback during rolling updates, and status notifications for service updates.
Easier installation and configuration with the ability to copy a Docker Trusted Registry install command directly from the Universal Control Plane UI
Additional LDAP/AD configuration options in the Universal Control Plane UI
Cloud templates on AWS and Azure to deploy DDC in a few clicks
These new features and more are featured in a Docker Datacenter demo video series
Get started with Docker Datacenter
These are just the latest set of features to join the Docker Datacenter
Learn More about Docker Secrets Management
Get the FREE 30 day trial
Register for an upcoming webinar
The post Introducing Docker Datacenter on 1.13 with Secrets, Security Scanning, Content Cache and more appeared first on Docker Blog.
Quelle: https://blog.docker.com/feed/
Chemnitzer Linux-Tage sollen Barrieren einreißen
Unter dem Motto "Barrieren einreißen" finden am 11. und 12. März 2017 die Chemnitzer Linux-Tage statt. Jetzt steht das Programm aus Vorträgen und Workshops der zweitägigen Konferenz fest, das sich an Einsteiger, Profis, Bastler und Jugendliche richtet.
Quelle: Heise Tech News
Trotz Trump: Twitter macht mehr Verlust und gewinnt weniger neue Nutzer
Mit Donald Trump ist der mächtigste Mann der Welt ein überzeugter Twitter-Nutzer, dessen Tweets immer wieder für Aufsehen sorgen. Der Plattform hat das aber nichts genutzt. Die Geschäftszahlen bleiben schlecht und das Nutzerwachstum stagniert.
Quelle: Heise Tech News
iCloud schlampt offenbar beim Löschen des Browser-Verlaufs
Aus dem Verlauf von Apples Browser Safari gelöschte Webseiten-Besuche verschwinden zwar von den synchronisierten Geräten, lassen sich aber noch rund ein Jahr später aus iCloud rekonstruieren, warnt der Hersteller eines Forensik-Tools.
Quelle: Heise Tech News
Brand in Akkufabrik von Samsung SDI
In einer chinesischen Akkufabrik von Samsung SDI, in der hauptsächlich Smartphone-Akkus gefertigt werden, ist ein Feuer ausgebrochen.
Quelle: Heise Tech News
Deutschland und Frankreich testen autonomes Fahren gemeinsam
Bundesverkehrsminister Alexander Dobrindt und sein französischer Amtskollege Alain Vidalies haben sich darauf verständigt, das automatisierte und vernetzte Fahren im grenzüberschreitenden Realverkehr zu erproben.
Quelle: Heise Tech News
