Die Bluetooth Special Interest Group fand zwar erst im Februar 1998 zusammen, aber das genügt den Verfechtern offenbar, um schon mal auf der CES in Las Vegas zu feiern. Immerhin: Ein reiner Kabelbeißer ist Bluetooth längst nicht mehr.
Quelle: Heise Tech News
Die Prozessorlücken Meltdown und Spectre erschüttern die IT-Szene. So gut wie alle Prozessoren sind darüber angreifbar und Software-Patches können sich spürbar auswirken. Was dahinter steckt und wie es nun weitergeht, besprechen wir in der #heiseshow.
Quelle: Heise Tech News
Logan Paul arrives at Jingle Ball on Dec. 1, 2017.
Richard Shotwell / AP
YouTube has cut business ties with Logan Paul amid unrelenting backlash over his recent video showing the hanging body of a dead man in what's known as the “suicide forest” in Japan over the holidays.
YouTube, which is owned by Google, said in a statement on Wednesday, first reported by the Hollywood Reporter, that “we have decided to remove Logan Paul’s channels from Google Preferred,” referring to a program that allows companies to sell ads on the top 5% of the platform's most popular content creators.
YouTube added that the company will also not feature Paul in the fourth season of Foursome and his new originals “are on hold.”
The video, titled “We found a dead body in the Japanese Suicide Forest…”, was posted on Dec. 31 and showed a man's body hanging from a tree. Paul promoted the day before on Twitter, telling followers: “tomorrow’s vlog will be the craziest and most real video I’ve ever uploaded.”
Logan Paul
Paul, not YouTube, removed the video — shot in Aokigahara, a forest located at the base of Mt. Fuji — after it received more than 6 million views one day after publishing. He also followed up with two apologies before announcing that he was going to “take time to reflect.”
YouTube initially said that the video appeared to have violated its standards and that Paul's account had been issued a strike. (Getting three strikes for violating a YouTube policy within a three-month period will lead to a channel's termination.)
“Our hearts go out to the family of the person featured in the video. YouTube prohibits violent or gory content posted in a shocking, sensational or disrespectful manner. If a video is graphic, it can only remain on the site when supported by appropriate educational or documentary information and in some cases it will be age-gated,” a YouTube spokesperson said at the time. “We partner with safety groups such as the National Suicide Prevention Lifeline to provide educational resources that are incorporated in our YouTube Safety Center.”
But that didn't quell public outcry, as more people called for YouTube to ban Paul, who boasts more than 15 million subscribers.
The controversy, meanwhile, appeared to only fuel Paul's popularity. His “So Sorry” video posted on Jan. 2 got 38 million views. And even though he has not posted since then, Paul has gained more than 400,000 new subscribers.
Paul had not commented publicly on the controversy beyond his statements on YouTube and Twitter, where he acknowledged his mistake.
“I've never faced criticism like this before, because I've never made a mistake like this before,” he wrote.
Representatives for Paul did not immediately respond to a request for comment.
YouTube’s action comes as even some of the platform's vanguard started to question whether a double standard was being applied to Paul.
PewDiePie, one of the biggest YouTubers with almost 60 million subscribers, posted a video three days ago titled “Everyone Needs a Hero” pointing out other offensive videos by Paul, including ones in which he fakes his own murder in front of little kids, plugs his merchandise when his distraught friend reveals his dog had died, and makes out with his brother’s ex-girlfriend.
YouTube and Maker Studios, owned by Disney, pulled away from the popular gamer after it emerged that he had posted several videos featuring anti-Semitic imagery and comments.
“It seemed like I got in a lot more shit for a lot less,” said PewDiePie in his video, before asking YouTube to bring back his never-released YouTube Red series, which was canceled in response to the controversy. “If nothing else, bring back Scare PewDiePie Season 2. We shot the whole thing.”
LINK: People Are Demanding YouTube Terminate Logan Paul’s Channel After The Platform’s Latest Response
LINK: The Logan Paul Suicide Video Shows YouTube Is Facing A Crucial Turning Point
Quelle: <a href="Logan Paul Loses Business Deals With YouTube Amid Outcry Over His "Suicide Forest" Video“>BuzzFeed
Nandan Nilekani
Manjunath Kiran / AFP / Getty Images
Three years after Nandan Nilekani, the high-profile tech entrepreneur who helped create India’s controversial biometric identity program called Aadhaar, publicly tweeted his own confidential Aadhaar ID, his personal information is still readily available online, BuzzFeed News has learned.
An Aadhaar ID, which is associated with personal information like your address and birthdate, and is linked to services such as your bank account, tax records, cellphone number, and insurance, is like an extreme form of a social security number in the US, which is also connected to your biometric data.
From 2009 to 2014, Nilekani served as the head of the Unique Identification Authority of India (UIDAI), the government agency responsible for administering Aadhaar. The program aims to create a digital national identity system by collecting the personal details and biometrics — all 10 fingerprints and iris scans — of 1.3 billion Indian residents into a government-owned database. Critics have slammed Aadhaar, saying it violates privacy, enables state surveillance, and exposes citizens to identity theft.
Nilekani exposed himself to identity theft by tweeting a picture of his own Aadhaar card on April 12, 2014. He blacked out the first eight digits of his 12-digit Aadhaar number, but did not obscure the QR code containing his personal demographic details that could be read by any freely available iOS or Android app used for scanning QR codes.
And as with just about anything that’s publicly tweeted, Nilekani’s private information remains online. Members of an internet forum popular with computer programmers scanned his QR code and posted his demographic details and Aadhaar number, and this data eventually ended up on at least half a dozen other web pages that BuzzFeed News reviewed. Images of Nilekani’s tweet with his Aadhaar card exist on at least one popular website.
Despite several people on Twitter pointing out a potential breach of privacy, Nilekani’s tweet remained on Twitter at least through September 2016, when he finally deleted it.
“I guess Nandan didn’t realize what he had done at first,” said Prasanto K Roy, a former technology journalist who was one of the people who alerted Nilekani. “And I don’t think he paid much attention to it even when it was flagged, probably thinking that it wasn’t a big deal since, as a well-known person and the head of the Aadhaar program, most of his demographic details were publicly available anyway. I think he must have realized the seriousness of it later — that his tweet might suggest to others that it was OK to post a picture of your Aadhaar card simply by redacting the Aadhaar number itself.”
In September 2016, India’s government passed the Aadhaar Act to govern the program, which made publishing an Aadhaar number publicly a criminal offence.
Nilekani did not respond to BuzzFeed News’ requests for comment. But a source close to him said under the condition of anonymity that they advised him to take down his tweet for almost six months — starting a few months before the Aadhaar Act was introduced — before it was finally deleted.
A screenshot of Nilekani's tweet. (BuzzFeed News redacted the identifying QR code.)
Experts said that Nilekani’s leaked Aadhaar number leaves him vulnerable to identity fraud because the Indian government requires citizens to link their Aadhaar numbers to essential services like food subsidies, utilities, bank accounts, cellphone numbers, and insurance services.
“Personal data such as full names, birthdates, and residential addresses should always be afforded a high level of protection,” cybersecurity expert Troy Hunt told BuzzFeed News. “For many people, this is information they won’t want to share beyond authorized parties because it can be used to locate them or aid in identity theft.”
BuzzFeed News, for instance, was able to find out where Nilekani does his banking by using a publicly available, UIDAI-provided service that lets anyone simply punch in an Aadhaar number on a mobile phone to see the bank accounts it is linked to.
Indeed, despite the UIDAI’s repeated denials, Aadhaar numbers leaked online have been used to commit identity theft in India. In October 2017, for instance, Indian police arrested a group that used the leaked Aadhaar numbers of nearly 300 pensioners to open bank accounts in their names and swindled over four million Indian rupees worth of pension money over two years, according to reports.
Making things murkier is the UIDAI’s conflicting messaging about whether an Aadhar ID is actually private information or not. After The Tribune published an investigation revealing how it was able to buy unauthorized access to the demographic details of nearly 1.2 billion Indians in the Aadhaar database earlier this week, the UIDAI said having someone’s Aadhaar number and demographic information was “not a security threat” without also having their biometric information. But a day later, the agency sent out a tweet cautioning the general public about the importance of keeping Aadhaar numbers confidential.
“Their claim about demographic information being useless without biometrics is simply not true,” said Pranesh Prakash, policy director at the Centre for Internet and Society, a Bangalore-based think tank. “Having this kind of information available publicly allows anyone to gain enough knowledge about you to impersonate you, because there are certain details like your date of birth, for instance, that are often used today by places like banks to make sure you are who you say you are.”
More importantly, the Aadhaar Act itself allows for three types of authentication to verify a person’s identity: matching an Aadhaar number with a linked fingerprint or iris, with a one-time code sent to a linked mobile number, or with a linked piece of demographic information like a residential address.
“The third type of authentication assumes that a person’s Aadhaar number is private,” said Prakash. “Having an Aadhaar number available on the public internet makes this kind of authentication unviable.”
In addition to this week’s breach, Aadhaar numbers have been made public at various times in the past. In November 2017, for instance, more than 200 government websites accidentally exposed thousands of people’s Aadhaar numbers. In May, 2017, researchers estimated that leaky government websites have exposed the data of 130 million people. And in March 2017, a government agency accidentally included the Aadhaar details of M. S. Dhoni, the captain of the Indian cricket team, in a tweet that was pulled down only when Dhoni’s wife tweeted angrily at India’s information and technology minister.
Nilekani’s critics say that he should have exercised more caution before tweeting a picture of his Aadhaar card. “He was no doubt aware that this was sensitive information that he was putting out, and it was bad precedent for him to be doing this as the most visible evangelist for Aadhaar,” said Kiran Jonnalagadda, a member of the volunteer-led Internet Freedom Foundation, which works on privacy, freedom of expression, and net neutrality issues in India.
Nikhil Pahwa, another member of the Foundation and a staunch Aadhaar critic, said that Nilekani’s “mistake shows that sometimes, even apparently tech savvy people make mistakes.” Pahwa thinks that the Aadhaar program needs a way to revoke or change an Aadhaar number — something that’s currently impossible. “While Mr. Nilekani may not personally face issues because of this foolishness,” he said, “spare a thought for common people whose Aadhaar details have been leaked.”
Quelle: <a href="The Guy Who Helped Create India’s Controversial National ID Program Leaked His Own Data, And It’s Still Online“>BuzzFeed
People look through Samsung Gear VR virtual reality goggles during CES International on Jan. 9, 2018.
John Locher / AP
The Consumer Electronics Show (CES) in Las Vegas is one of the largest annual technology conferences in the world. But on Wednesday, the power went out in the main hall of the Las Vegas Convention Center. And when a lot of tech needs to be powered, that is…a bad thing.
According to the convention center, 3,900 companies are exhibiting this year and will launch some 20,000 new products. CES' website says that 180,000 people attended the convention in 2017. Companies also pay thousands of dollars to exhibit, and the lowest ticket price for admittance is $300.
The company is facing scrutiny after cybersecurity researchers discovered two vulnerabilities, nicknamed Meltdown and Spectre, in the company's chips that may affect all personal computers manufactured since 1995.
CES did not immediately respond to request for comment. But the Las Vegas Convention Center said in a statement that a preliminary assessment indicated that condensation from heavy rainfall caused a “flashover” on one of the facility’s transformers.
Quelle: <a href="The Power Went Out At The Massive CES Tech Conference And Everyone Had Jokes“>BuzzFeed
The annual Consumer Electronics Show (CES) can be a showcase of invention. Each year, giant corporations from around the world flock to Las Vegas to breathlessly debut their latest technologies: a huggable robot, a passenger drone, an Internet-connected toilet.
The exhibition can also be one of reinvention, where a company taking its final breaths makes a last ditch attempt to save its business by hitching itself to the latest tech trend.
On Tuesday, the Eastman Kodak Company, established in 1888, did just that, unveiling a series of partnerships to associate its venerable brand with the wild new world of cryptocurrency. Kodak announced that it would be launching its own digital money, Kodak Coin, while one of its licensees was showing off a bitcoin mining device called the Kodak KashMiner, a specialized computer that’s used to earn bitcoin.
For a company that emerged from bankruptcy in 2013 and had a market capitalization of around $135 million on Monday, it was a last gasp at being relevant — and it worked. Kodak’s stock price has nearly tripled since those announcements.
Critics, however, are already calling it a scam, taking advantage of a period when investor FOMO clouds the cryptocurrency industry. It’s a time when an iced tea company can add “blockchain” to its name and more than double its market valuation, or an online file storage startup can raise $257 million by issuing its own virtual tokens.
“It’s an economy of easy money and people with fancy buzzword salads can more or less find a way to earn that money,” said Saifedean Ammous a economics professor and author of The Bitcoin Standard. “There is a massive speculation bubble.”
Ammous and others took specific issue with the Kodak-branded bitcoin miner that suggests potential investors could obtain a certain rate of return if bitcoin’s price remained steady. CES brochures of the Kodak KashMiner said that customers who paid $3,400 upfront to rent the devices, would receive a payout of about $375 per month for the next two years if bitcoin averaged a price of $14,000 in that time frame. The brochure noted that the licensing company would take in 50% of the cryptocurrency mined, while paying for insurance, maintenance, and electricity (bitcoin mining is extremely power hungry) while they are reportedly stored at Kodak’s Rochester, New York headquarters.
“Kodak has multiple plans in the blockchain industry,” said Halston Mikail, an executive at Spotlite America, whose company licensed Kodak’s name for the bitcoin mining device. “We have a team that’s well experienced,” he added, before noting that Spotlite does not make the device and buys them from an unnamed Chinese manufacturer.
“It’s mind-bogglingly stupid.”
Ammous disputed that experience, saying that the project “would be laughed out the door by anyone who is serious in bitcoin” and that it “betrayed a serious lack of knowledge about bitcoin.”
The problem, he noted, was that the KashMiner proposal doesn’t take into account basic principles of the cryptocurrency. The bitcoin protocol will only release a fixed amount of cryptocurrency per day. As more miners — computer programs that run complex calculations to earn bitcoin — are added and compete with each other, these computations become harder and require more power. To expect computing speeds, known in the cryptocurrency world as “hash rates,” to remain steady “is ridiculous,” said Nicholas Weaver, a lecturer at the University of California, Berkeley.
“Over the last 6 months as more people have started to mine bitcoin, the hash rate has more than doubled, meaning you receive half as many bitcoins for the same amount of computing power,” Weaver said.
Nicholas Rangel, a Kodak spokesperson, refused to answer questions about the calculations that went into the marketing brochure, which featured an all-caps tagline “IN MATH WE TRUST.” He said that the company would make an official announcement about the program in two to three weeks and also declined to say what company actually made the machines.
Ammous pointed to very similar looking bitcoin mining machines, like the Chinese-made Antminer S9, that can be bought on Amazon for around $6,000, and then physically hosted at special mining facilities that charge for space and electricity. (Given the noise and energy consumed by the devices, it’s typically impractical to store them at home.) He said the notion that the company was keeping 50% of mining proceeds “absurd” given current industry rates, and calculated that bitcoin would have to maintain an average price of $28,000 to offset the expected increase in computing difficulty and deliver the brochure’s suggested returns of $375 a month or $9000 over two years.
“Kodak as a company is a shell that has nothing to do with what it used to be,” said Weaver, noting that the company had moved away from the photography products that had made it an iconic American brand through most of the 20th century. In licensing its brand, for example, Kodak’s name can now be found on Spotlite America-sold solar panels, energy systems, and inverters.
It’s also on a new cryptocurency, Kodak Coin, which will be the basis of payment on a new image rights management platform called KodakOne. According to its announcement, KodakOne, which is being developed in a partnership with WENN Digital, will use blockchain technology to “create an encrypted, digital ledger of rights ownership for photographers to register both new and archive work that they can then license.”
“It’s mind-bogglingly stupid,” said Weaver. “Why would you need a dedicated cryptocurrency to pay for stock photos? I’m pretty sure most photographers want actual cold, hard money.”
“Companies in the real world don’t issue their own currencies for a reason,” said Ammous. “If you want to sell a good, you use real money. Imagine if you had a separate currency for Kodak, Microsoft, Apple and your super market.”
The concept may not even be a new one. On Wednesday, Ars Technica found documents that suggest the KodakOne platform and associated digital money is just a rebranding of a failed earlier project from WENN that licensed paparazzi photos.
Kodak’s shareholders did not seem to care. Following a monster rally on Tuesday, the company’s stock ended trading on Wednesday up more than 56% to $10.65 per share. In addition, shares in a Canadian company known as Global Blockchain Technologies Corp. experienced a similar jump of 51% on Wednesday, after it said it would invest $2 million into KodakCoin.
When asked if he thinks real people would invest in the Kodak-branded mining scheme of its initial coin offering, Weaver seemed resigned to the notion.
“I think they might find some suckers,” he said. “It’s just a global investor delusion right now and a lot of people are going to get really hurt.”
Quelle: <a href="This Is Why Experts Are Calling Kodak's New Bitcoin Scheme A Scam“>BuzzFeed
Sechs neue Edge-Standorte erweitern das globale Netzwerk von Amazon CloudFront. Die sechs neuen Standorte befinden sich in den folgenden Städten:
Perth, Australien; Chennai, Indien; Rio de Janeiro, Brasilien; Los Angeles, Kalifornien, USA; sowie zwei weitere Edge-Standorte in Tokio, Japan.
Quelle: aws.amazon.com
Ab sofort können Sie auf Amazon RDS MariaDB 10.2-Instanzen starten. Bestehende Amazon RDS for MariaDB-Datenbankinstanzen können von Version 10.1 auf Version 10.2.11 aktualisiert werden.
Quelle: aws.amazon.com
Learn how to use OpenFaaS, an open source framework and tool that allows you to use the Function-as-a-Service (FaaS) paradigm in a containerized setup, on OpenShift.
Quelle: OpenShift
One of the things that makes Docker really cool, particularly compared to using virtual machines, is how easy it is to move around Docker images. If you’ve already been using Docker, you’ve almost certainly pulled images from Docker Hub. Docker Hub is Docker’s cloud-based registry service and has tens of thousands of Docker images to choose from. If you’re developing your own software and creating your own Docker images though, you’ll want your own private Docker registry. This is particularly true if you have images with proprietary licenses, or if you have a complex continuous integration (CI) process for your build system.
Docker Enterprise Edition includes Docker Trusted Registry (DTR), a highly available registry with secure image management capabilities which was built to run either inside of your own data center or on your own cloud-based infrastructure. In the next few weeks, we’ll go over how DTR is a critical component of delivering a secure, repeatable and consistent software supply chain. You can get started with it today through our free hosted demo or by downloading and installing the free 30-day trial. The steps to get started with your own installation are below.
Setting Up Docker Enterprise Edition
Docker Trusted Registry runs on top of Universal Control Plane (UCP), so to begin let’s install a single-node cluster. If you’ve already got your own UCP cluster, you can skip this step. On your docker host, run the command:
# Pull and install UCP
docker run -it –rm -v /var/run/docker.sock:/var/run/docker.sock –name ucp docker/ucp:latest install
Once UCP is up and running, there are a few more things you should do before you install DTR. Open up your browser against the UCP instance you just installed. There should be a link to it at the end of your log output. If you have already have a Docker Enterprise Edition license, go ahead and upload it through the UI. If you don’t, visit the Docker Store and pick up a free, 30-day trial.
Once you’ve got licensing squared away, you’re probably going to want to change the port which UCP is running on. Since this is a single node cluster, DTR and UCP are going to want to use the same TCP ports for running their web services. If you’ve got a UCP swarm with more than one node, this probably isn’t a problem because DTR will look for a node which has the required free ports. Inside of UCP, click on Admin Settings -> Cluster Configuration and change the Controller Port to something like 5443.
Installing DTR
We’re going to install a simple, single-node instance of Docker Trusted Registry. If you were setting up your DTR for production use, you would likely set things up in High Availability (HA) mode which would require a different type of storage such as a cloud-based object store, or NFS. Since this is a single-node instance, we’re going to stick with the default local storage.
First we need to pull the DTR bootstrap image. The bootstrap image is a tiny, self-contained installer which connects to UCP and sets up all of the containers, volumes, and logical networks required to get DTR up and running.
Use the command:
# Pull and run the DTR bootstrapper
docker run -it –rm docker/dtr:latest install –ucp-insecure-tls
NOTE: Both UCP and DTR by default come with their own certs which won’t be recognized by your system. If you’ve set up UCP with TLS certs which are trusted by your system, you can omit the `–ucp-insecure-tls` option. Alternatively, you can use the `–ucp-ca` option which will let you specify the UCP CA certificate directly.
The DTR bootstrap image should then ask you for a couple of settings, such as the URL of your UCP installation and your UCP admin username and password. It should only take a minute or two to pull all of the DTR images and set everything up.
Keeping Everything Secure
Once everything is up and running, you’re ready to push and pull images to and from
the registry. Before we do that step though, let’s set up our TLS certificates so that we can securely talk to DTR.
On Linux, we can use these commands (just make certain you change DTR_HOSTNAME to reflect the DTR we just set up):
# Pull the CA certificate from DTR (you can use wget if curl is unavailable)
DTR_HOSTNAME=<Your DTR hostname>
curl -k https://$(DTR_HOSTNAME)/ca > $(DTR_HOSTNAME).crt
sudo mkdir /etc/docker/certs.d/$(DTR_HOSTNAME)
sudo cp $(DTR_HOSTNAME) /etc/docker/certs.d/$(DTR_HOSTNAME)
# Restart the docker daemon (use `sudo service docker restart` on Ubuntu 14.04)
sudo systemctl restart docker
On Docker for Mac and Windows, we’ll set up our client a little bit differently. Go in to Settings -> Daemon and in the Insecure Registries section, enter in your DTR hostname. Click Apply, and your docker daemon should restart and you should be good to go.
Pushing and Pulling Images
We now need to set up a repository to hold an image. This is a little bit different than Docker Hub which automatically creates a repository if one doesn’t exist when you do a
docker push. To create the repository, point your browser to https://<Your DTR hostname> and
then sign-in with your admin credentials when prompted. If you added a license to UCP, that
license will automatically have been picked up by DTR. If not, make certain you upload
your license now.
Once you’re in, click on the ‘New Repository` button and create a new repository.
We’ll create a repo to hold Alpine linux, so type `alpine` in the name field, and click
`Save` (it’s labelled `Create` in DTR 2.5 and newer).
Now let’s go back to our shell and type the commands:
# Pull the latest version of Alpine Linux
docker pull alpine:latest
# Sign in to your new DTR instance
docker login <Your DTR hostname>
# Tag Alpine to be able to push it to your DTR
docker tag alpine:latest <Your DTR hostname>/admin/alpine:latest
# Push the image to DTR
docker push <Your DTR hostname>/admin/alpine:latest
And that’s it! We just pulled a copy of the latest Alpine Linux, re-tagged it so that we could store it inside of DTR, and then pushed it to our private registry. If you want to pull that image to a different Docker engine, set up your DTR certs as shown above, and issue the command:
# Pull the image from DTR
docker pull <Your DTR hostname>/admin/alpine:latest
DTR has a lot of great image management features built right in such as image caching, mirroring, scanning, signing, and even automated supply chain policies. We’ll leave these to future blog posts which we can explore in more detail.
Step-by-step instructions on how to setup and use your own private registry with #Docker Enterprise…Click To Tweet
To learn more about Docker Enterprise Edition:
Visit the website and view pricing
Read more about Docker EE customers and the benefits they’re seeing
Don’t have time to install and configure Docker EE? Register for the free hosted trial to test drive Docker EE in just a few minutes
The post Using Your Own Private Registry with Docker Enterprise Edition appeared first on Docker Blog.
Quelle: https://blog.docker.com/feed/
