Use Kopf to manage Elasticsearch with OpenShift Origin’s Aggregated Logging feature. Kopf, a popular web administration tool for Elasticsearch, allows administrators to view, diagnose, and modify Elasticsearch clusters.
Quelle: OpenShift
Amazon Cloud Directory now enables you to optimize your directory searches by only searching a subset of your directory, using a schema facet. For example, instead of searching across all the user objects in your directory, you can search a subset of your directory by searching only the user objects that contain an employee facet.
Quelle: aws.amazon.com
Alex Jones' wildly popular suite of Infowars supplements probably won't kill you, but extensive tests provided to BuzzFeed News have shown that they're little more than overpriced and ineffective blends of vitamins and minerals that have been sold in stores for ages.
The independent test results are the work of Labdoor, a San Francisco-based lab that tests and grades dietary supplements. Labdoor ran full tests on six popular Infowars supplements to determine the exact make-up of each supplement and screen for various dangerous and illegal chemicals. It also investigated a few of the products that “claimed incredible benefits for what seemed like could just be simple ingredients.”
“We tested samples in triplicate, and wherever possible, cross-checked those results with at least two independent analytical laboratories, so we have complete trust in our conclusions,” Brian Brandley, Labdoor's Laboratory Director told BuzzFeed News.
All of the test results were largely the same: The products are — more or less — accurately advertised. They don't contain significantly more or less of a particular ingredient than listed on the bottles, and there are no surprise ingredients. They're also reasonably safe, meaning they passed heavy metal contaminant screenings and tested free of stimulants, depressants, and other prohibited drugs.
But just because the product's ingredients matched their labels doesn't mean they lived up to Jones' claims. Survival Shield X-2, for example, “is just plain iodine, the same stuff doctor's used to pour on surfaces as a disinfectant,” Labdoor's results read.
When the company tested Anthroplex, which retails for $29.95, it found that there was so little zinc that “if you're extremely zinc deficient, the value…is not going to be significantly helpful.” The report notes that “you could actually get another zinc orotate supplement for around $5 WITH an impactful serving size,” before concluding simply that “this product is a waste of money.”
This claim — that the Infowars supplements often contained less effective serving sizes than their less expensive counterparts — was a running theme in Labdoor's results. In almost every example, Labdoor's tests and reviews describe the products as little more than heavily over-priced supplements with few health benefits, if any.
As Jones' popularity has risen, so has his supplements business, which sources have told BuzzFeed News largely funds Jones' highly controversial Infowars media empire — home to incendiary conspiracies including but not limited to: #Pizzagate, that the Sandy Hook massacre was faked, and that murdered DNC staffer Seth Rich provided Wikileaks with the DNC emails — in addition to acting as a kind of lifestyle-brand complement to Jones' particular brand of conspiracy-minded, fear-fueled programming.
“He can sell 500 supplements in an hour,” a former employee told BuzzFeed News this spring. “It's like QVC for conspiracy.” One estimate by New York magazine — which uses some back-of-the-envelope calculations based on the number of reviews of supplements on Jones' Infowars Life Store — suggests that, with an average supplement price of $30, Jones could haul in $15,000,000 in sales over a two-year period. A second, less conservative, estimate from the magazine puts the figure even higher — nearly $25,000,000 without including repeat customers (of which there are likely many).
Here's a closer look at what exactly is inside the products that keep America's favorite conspiracy theorist on the air, according to Labdoor.
Claimed ingredients for Super Male: Tribulus Terresteris (fruit), Tongkat Ali (root), Ashwaganda (root), Maca (root), Avena Sativa (leaf/stem), Suma (root), Catuaba (bark), Muira Puama (bark), Fulvic Acid
Claimed ingredients for Super Female: Organic Tribulus Terresteris (fruit), Organic Epimedium (leaf), Organic Ashwaganda (root), Organic Avena Sativa (leaf/stem), Wildcrafted Suma (root), Maca (root), Wildcrafted Tongkat Ali (root), Wildcrafted Muira Puama (bark), Wildcrafted Catuaba (bark), Shilajit
Test results: The lab found no traces of unlisted items like caffeine. Nor did it find any athletic enhancing drugs/stimulants or Viagra.
Labdoor suggests that there is no real research to show that many of Super Vitality's ingredients are effective. One ingredient — Tribulus terrestris — “seems to increase libido in rats” but only improves erectile disfunction “in one lone human study,” according to Labdoor. And the lab notes that serving size in both serums is “way too small for this combination of ingredients to be effective.”
Labdoor review snippet: “Both of these products are most likely safe, but ineffective.”
Claimed ingredients: Zinc Orotate, Horny Goat Weed, Tribulus terrestris, Tongkat Ali-Longjack, Fulvic Powder
Test results: Labdoor found that Anthroplex passed a heavy metal screening but noticed a discrepency in the amount of reported zinc in the capsules. According to Labdoor, there's 31% less zinc than advertised. “When we look into the zinc dosage, it's so ridiculously low that you'd basically be buying a worthless product for $40,” the report reads.
Review snippet: “This product is a waste of money. The claim that 'Anthroplex works synergistically with the powerful Super Male Vitality formula in order to help restore your masculine foundation and stimulate vitality with its own blend of unique ingredients' is fluff on multiple fronts.”
Claimed ingredients: Elemental Magnesium, Natural Citric Acid
Test Results: According to Labdoor, the product contains almost exactly the values of magnesium and citric acid that it claims. It also passed a screen for heavy metals.
While the product has the exact ingredients as advertised, Labdoor's report takes issues with Infowars' claims that the product is “ozonated.” According to the lab, “Ozone is so reactive that it wouldn't remain as ozone in the supplement itself. Additionally, if you could take ozone, you shouldn't as it's extremely toxic.”
Review snippet: “This product's claims related to “nascent oxygen” also have no real
basis in science.”
Claimed ingredients: Iodine (as nascent iodine)
Test results: According to Labdoor, the product contained just under the value of iodine that it claimed. It also passed a screen for heavy metals.
There's not much to say, here. Basically, what Infowars is selling in Survival Shield X-2 is a bottle of iodine at 3x mark-up.
Review Snippet: “We tested this product on the chance that it might be potassium iodide or sodium iodide, which it wasn't. Survival Shield is just plain iodine.”
Claimed ingredients: Chamomile flower, Jujube Seed, Hawthorn Berry, Catnip Aerial Parts, Lemon Balm Aerial Parts, Long Pepper Fruit, Licorice Root, Amia Fruit, Magnesium Taurinate, Calcium Carbonate, Gotu Kola Aerial Parts, and Essential Oils of Anise Seed, Cassia Bark, and Clove Fruit
Test Results: “This product tested to be free of stimulants and depressants listed as drugs prohibited from athletic competition in WADA's annual Prohibited List. It also passed screenings for heavy metal contamination (arsenic, cadmium, lead, mercury).”
Labdoor notes that, like the male and female vitality serums, Child Ease “has so many ingredients, they wouldn't be effective in a 1.25 mL serving size.”
The report also cautions the use of these ingredients in children, especially given the lab's suspicion that “Infowars may also be marketing this supplement as a way to treat autism or a substitute for vaccines.” The lab notes that “these recommendations are unfounded and dangerous.”
Review Snippet: “It also has ingredients that have never been studied for safety or efficacy in human research and as a consumer, you're supposed to blindly trust that it's okay for your kids.”
Review Snippet: “Almost all of the listed ingredients are not supported in research for joint health.”
Review Snippet: “They're using fancy ingredient names for what are really simple ingredients”
Review Snippet: “It's maybe like a spray liquid cough drop in your throat – temporarily effective, but not worth $50.”
Review Snippet: “There's no way to definitively test 'DNA health', so having a claim of supporting DNA and/or mitochondrial function seems far-fetched”
Review Snippet: This one is very short and to the point. “This is basically an iodine supplement with more than likely ineffective herbal ingredients.”
Review Snippet: “This product's ingredients are unsupported in research and there's very little guidance on safe dosing.”
Review Snippet: At the current serving size, however, dosing is significantly
lower than expected for most ingredients
Review Snippet: “There's nothing really “secret” about this product's main ingredient”
Review Snippet: “you couldgrab a bottle for around $10 and skip the 2X+ price markup from Infowars”
Review Snippet: “There's no proof that this works.”
Quelle: <a href="We Sent Alex Jones' Infowars Supplements To A Lab. Here's What's In Them.“>BuzzFeed
Back in April, it was a suddenly popular Internet Thing(™) that would make your face look like you were a baby, an old person, or a different gender. Neat!
The company removed the filter in response to the backlash. At the time, FaceApp told BuzzFeed News that the whitening effect wasn't intentional: “It is an unfortunate side effect of the underlying neural network caused by the training set bias, not intended behavior.” All was seemingly well.
The app introduced new filters today: “Asian, Black, Caucasian, and Indian.” It may have Milkshake Ducked itself.
FaceApp said in a statement to BuzzFeed News: “The ethnicity change filters have been designed to be equal in all aspects. They don’t have any positive or negative connotations associated with them. They are even represented by the same icon. In addition to that, the list of those filters is shuffled for every photo, so each user sees them in a different order.”
“The 'Spark' filter was quite a different case. It implied a positive transformation and therefore, it was unacceptable for an algorithm to implicitly change the ethnicity origin,” FaceApp added.
With some skepticism.
Clockwise from top right, my choices were Caucasian (looks most like my Caucasian self, but with icier blue eyes), Asian, black, and Indian.
Clockwise from top right: Asian, black, caucasian, no filter.
Clockwise from top right: black, Asian, Indian, no filter.
“I got this notification and I'm SHOOK. That is me; I'm a half-black/white 16-year-old girl from NY and I'm infuriated. This should not be normal,” she told BuzzFeed News.
“Top left is normal; top right is 'Black' — notice the enlarged lips 🙄 — lower left is 'Asian' and lower right is 'Indian,' which correct me if I'm wrong, but the last time I checked, India was in Asia,” she said.
Quelle: <a href="FaceApp Is At It Again With Racial Selfie Filters“>BuzzFeed
Azure Media Redactor is a powerful cloud video processing service which is capable of automatically detecting and blurring faces in your videos, for use in cases such as public safety and news media. Based on artificial intelligence technology developed in house, Redactor can be used in both automated and semi-manual ways to improve the efficiency of workflows that involve labor intensive manual video editing.
In our previous blog post we discussed the preview release of Azure Media Redactor and the various ways you can use it. This release includes a couple of changes based on your feedback during the preview process, and updates the feature to include full SLA support. You can view updated pricing for this feature here.
Updates in this release include the following:
Greatly improved processing speed
Better face detection and tracking
Stickier face ID association
Multiple blur modes
View our full documentation page for details on using all these features.
See our pricing page on updated GA pricing for Azure Media Redactor.
Improved performance
Speed of processing varies quite a bit depending on video size, framerate, and number of faces in the video. Expect a 720p 30fps video to take between 1x and 2x real time to complete processing.
Another large improvement is in face grouping, where the same that that appears in the video at multiple points will be given the same ID. Previously, the same face could easily be assigned multiple ID’s as they appears throughout a video, which made selectively blurring individual faces much easier.
Accuracy of face detection has also been slightly improved from the previous version.
Blurring changes
We now offer 5 blurring modes you can choose from via the JSON configuration preset. By default ‘Med’ is used.
Example JSON:
{'version':'1.0', 'options': {'Mode':'Combined', 'BlurType':'High'}}
Low:
Med:
High:
Debug:
Black:
Quelle: Azure
Der US-amerikanische Prozessorhersteller hat nun Mobileye übernommen. Mit Hilfe dessen Technik sollen Fahrzeuge verschiedener Modelle zu autonomen Autos umgerüstet und getestet werden.
Quelle: Heise Tech News
Eine neue Form von Cloud wird für 5G gebraucht. Plattformen dieser Art existierten bisher nicht. Mit NGPaaS will ein Konsortium etwas ganz Neues schaffen. (5G, Nokia)
Quelle: Golem
By Jianing Guo, Product Manager
Containerized workloads have gained in popularity over the past few years for enterprises and startups alike. Containers can significantly improve development speed, lower costs by improving resource utilization, and improve production consistency; however, their unique security implications in comparison to traditional VM-based applications are often not well understood. At Google, we’ve been running container-based production infrastructure for more than a decade and want to share our perspective on how container security compares to traditional applications.
Containerized workloads differ from traditional applications in several major ways. They also provide a number of advantages:
Modularized applications (monolithic applications vs. microservices)
Lower release overhead (convenient packaging format and well defined CI/CD practices)
Shorter lifetimes, less risk to have outdated packages (months to years vs. days to hours)
Less drift from original state during runtime (less direct access for maintenance, since workload is short-lived and can easily be rebuilt and re-pushed)
Now let’s examine how these differences can affect various aspects of security.
Understanding the container security boundary
The most common misconception about container security is that containers should act as security boundaries just like VMs, and as they are not able to provide such guarantee, they are a less secure deployment option. However, containers should be viewed as a convenient packaging and delivering mechanism for applications, rather than as mini VMs.
In the same way that traditional applications are not perfectly isolated from one another within a VM, an attacker or rogue program could break out of a running container and gain control of other containers running on the same VM. However, with a properly secured cluster, a container breakout would require an unpatched vulnerability in the kernel, in the common container infrastructure (e.g., docker), or in other services exposed to the workload from the VM. To help reduce the risk of these attacks Google Container Engine provides fully managed nodes and actively monitors for vulnerabilities and outdated packages in the VM — including third party add-ons — and performs auto update and auto repair when necessary. This helps minimize the attack window for a container breakout when a new vulnerability is discovered.
A properly secured and updated VM provides process level isolation that applies to both regular applications as well as container workloads, and customers can use Linux security modules to further restrict a container’s attack surface. For example, Kubernetes, an open source production-grade container orchestration system, supports native integration with AppArmor, Seccomp and SELinux to impose restrictions on syscalls that are exposed to containers. Kubernetes also provides additional tooling to further support container isolation. PodSecurityPolicy allows customers to impose restriction on what a workload can do or access at the Node level. For particularly sensitive workloads that require VM level isolation, customers can use taint and toleration to help ensure only workloads that trust each other are scheduled on the same VM.
Ultimately, in the case of applications running in both VMs and containers, the VM provides the final security barrier. Just like you wouldn’t run programs with mixed security levels on the same VM, you shouldn’t run pods with mixed security levels on the same node due to the lack of guaranteed security boundaries between pods.
Minimizing outdated packages
One of the most common attack vectors for applications running in a VM is vulnerabilities in outdated packages. In fact, 99.9% of exploited vulnerabilities are compromised more than a year after the CVE was published (Verizon Data Breach Investigation Report, 2015). With monolithic applications, application maintainers often patch OSes and applications manually and VM-based workloads often run for an extended period of time before they’re refreshed.
In the container world, microservices and well defined CI/CD pipelines make it easier to release more frequently. Workloads are typically short-lived (days or even hours), drastically reducing the attack surface for outdated application packages. Container Engine’s host OS is hardened and updated automatically. Further, for customers who adopt fully managed nodes, the guest OS and system containers are also patched and updated automatically, which helps to further reduce the risk from known vulnerabilities.
In short, containers go hand in hand with CI/CD pipelines that allow for very regular releases and update the containers with the latest patches as frequently as possible.
Towards centralized governance
One of the downsides of running traditional applications on VMs is that it’s nearly impossible to understand exactly what software is running in your production environment, let alone control exactly what software is being deployed. This is a result of three primary root causes:
The VM is an opaque application packaging format, and it’s hard to establish a streamlined workflow to examine and catalog its content prior to deployment
VM image management is not standardized or widely adopted, and it’s often hard to track down every image that has ever been deployed to a project
Due to VM workloads’ long lifespans, administrators must frequently manipulate running workloads to update and maintain both the applications and the OS, which can cause significant drift from the application’s original state when it was deployed
And because it’s hard to determine the accurate states of traditional applications at scale, the typical security controls will approximate by focusing on anomaly detection in application and OS behaviors and settings.
In contrast, containers provide a more transparent, easy-to-inspect and immutable format for packaging applications, making it easy to establish a workflow to inspect and catalog container content prior to deployment. Containers also come with a standardized image management mechanism (a centralized image repository that keeps track of all versions of a given container). And because containers are typically short-lived and can easily be rebuilt and re-pushed, there’s typically less drift of a running container from its deploy-time state.
These properties help turn container dev and deploy workflows into key security controls. By making sure that only the right containers built by the right process with the right content are deployed, organizations can gain control and knowledge of exactly what’s running in their production environment.
Shared security ownership
In some ways, traditional VM-based applications offer a simpler security model than containerized apps. Their runtime environment is typically created and maintained by a single owner, and IT maintains total control over the code they deploy to production. Infrequent and drawn-out releases also mean that centralized security teams can examine every production push in detail.
Containers, meanwhile, enable agile release practices that allow faster and more frequent pushes to production, leaving less time for centralized security reviews, and shifting the responsibility for security back to developers.
To mitigate the risks introduced by faster development and decentralized security ownership, organizations adopting containers should also adopt best practices highlighted in the previous section such as having a private registry to centrally control external dependencies in a production deployment (e.g., open-source base images); image scanning as part of CI/CD process to identify vulnerabilities and problematic dependencies; and deploy-time controls to help ensure only known good software gets deployed to production.
Overall, an automated and streamlined secure software supply chain that ensures software quality and provenance can provide significant security advantages and can still incorporate periodic manual review.
Summary
While many of the security limitations of VM-based applications hold true for containers (for now), using containers for application packaging and deployment creates opportunities for more accurate and streamlined security controls.
Watch this space for future posts that dig deep on containers, security and effective software development teams.
Visit our webpage to learn more about the Google Cloud Platform (GCP) security model.
Quelle: Google Cloud Platform
Rund 2700 Bewerber aus 104 Ländern hatten ihre Fotos eingereicht – jetzt hat eine Jury die Gewinner des Leica Oskar Barnack Award 2017 ausgewählt. Der Gesamtsieg geht an Terje Abusdal, dessen Serie sich den norwegischen Waldfinnen widmet.
Quelle: Heise Tech News
Nvidia ruft die Netzteile zurück, die einzeln, mit dem Shield TV und dem Shield Tablet verkauft wurden. Ein Bauteil kann brechen, wodurch die Gefahr von Stromschlägen besteht.
Quelle: Heise Tech News
