Mit dem Game Boy veröffentlichte der japanische Hersteller Nintendo vor 30 Jahren sein erstes Handheld und krempelte die Videospiel-Industrie damit nachhaltig um. Unseren Autor begleitet das Gerät bis heute. Eine Liebeserklärung. Von Benedikt Plass-Fleßenkämper (Game Boy, Nintendo)
Quelle: Golem
Die kostenlose Bildbearbeitungssoftware Rawtherapee ist als Version 5.6 veröffentlicht worden. Sie enthält einen Pseudo-HiDPI-Modus, der die Benutzeroberfläche unabhängig von der Bildschirmgröße und Auflösung über verschiedene Displays hinweg glatt und scharf erscheinen lässt. (Bildbearbeitung, Grafiksoftware)
Quelle: Golem
Tesla will alle neuen Fahrzeuge mit einem neuen Bordrechner für autonomes Fahren ausrüsten. Zudem hat Firmenchef Elon Musk angekündigt, dass die Autos sich bald in Robotaxis wandeln und ihrem Besitzer Geld einspielen könnten. (Autonomes Fahren, Technologie)
Quelle: Golem
We continue to expand the Azure Marketplace ecosystem. From March 1 to March 15, 2019, 68 new offers successfully met the onboarding criteria and went live. See details of the new offers below:
Virtual machines
(Basic) Apache NiFi 1.9 on Centos 7.6: This is a CentOS 7.6 virtual machine running an Apache NiFi 1.9 installation using default configurations. Once the VM is deployed and running, Apache NiFi can be accessed via a web browser.
Centos 6.8: This distribution of Linux is based on CentOS and is provided by Northbridge Secure Systems. NetConnect by Northbridge Secure Systems is an optimal solution to deliver Azure servers and applications to your device of choice.
Web applications
4insight.io: 4Subsea's digital service 4insight.io provides key decision support to personnel for oil and gas and offshore wind operations. Digital twins delivered on 4insight.io are designed to improve data quality and reduce operational costs and risk.
Additio App – Classroom management: Streamline formative assessment and engage with parents through this K-12 classroom management platform. Additio App is available in the following languages: English, Spanish, French, Portuguese, Italian, Catalan, and Galician.
Aether Engine: This distributed simulation engine will enable you to build and run dynamically scaling spatial simulations on Azure. Hadean will provide you access to a managed instance of Aether Engine and help you create a proof-of-concept simulation that runs on Azure.
Agility Metrics: Agility Metrics is a dashboard that allows you to measure deployment frequency, production failure rate, average recovery time, and other KPIs of the Azure DevOps managed development lifecycle. This application is available only in Spanish.
AlphaPoint Asset Digitization (APAD): AlphaPoint Asset Digitization enables institutions to tokenize illiquid assets and trade those assets on an exchange.
AlphaPoint Exchange (APEX): AlphaPoint Exchange is a full-stack digital asset trading platform. It delivers a ready-made UI/UX tool set; robust risk management with real-time error checking; and a secure, stable, white-label back-end solution that safeguards digital exchange data.
Auto Asystent: Leaware S.A.'s user-friendly SaaS platform, Auto Asystent, enhances the relationship between car dealers and their customers through efficient communication, appointment management, and more. This solution is available only in Polish.
buildwagon – Hololens Development Platform: Develop for the Microsoft HoloLens faster on this cloud-based platform. buildwagon allows you to write code in JavaScript and view the results on the same screen or directly on the HoloLens.
Canopy Manage – Virtual Asset Management: Canopy Manage collates business, IT, and IoT virtual and physical assets from disparate management systems and data sources into a single control portal.
Cloud Snapshot Manager: With Dell EMC's Cloud Snapshot Manager, customers can discover, orchestrate, and automate the protection of workloads across multiple clouds based on policies for seamless backup and disaster recovery.
Digital Asset Management – Managed Video Portal: This application offers a secure and centralized repository to manage videos. It offers capabilities for advanced embed, review, approval, publishing, and distribution. Deliver consistently high-quality video.
Formiik Engine: Formiik Engine optimizes business processes by facilitating the work of managers, credit officers, and supervisors. It's omnichannel and specializes in financial products. This solution is offered only in Spanish.
Fulcrum – Enabling Smart Construction Management: Fulcrum, LeapThought’s construction management system, enables consistent, streamlined, transparent, and compliant project delivery. Fulcrum offers a 360-degree capability for all project collaboration needs.
GLASIAOUS Trial Edition: Boost your global business with GLASIAOUS, a cutting-edge accounting app that covers seven languages and multiple accounting standards.
Grace Platform: The Grace platform supports the entire data science workflow and is built both for organizations in the beginning of their AI and machine learning journey and for organizations with an established data science team.
I/O Surg: Minimize costly errors in pre-op patient scheduling. I/O Surg, a front-end two-click search engine, quickly and accurately identifies the correct billing code and patient status for Medicare procedures.
Informatica Data Quality BYOL: With the Informatica Data Quality and Governance portfolio, you can increase business value by ensuring that all key initiatives and processes are fueled with relevant, timely, trustworthy data.
Instec Billing: Instec Billing comes with the same flexibility as Instec's policy management system. Self-configuration allows you to customize the system to fit your business, and highly automated workflows reflect a low-touch approach that maximizes efficiency.
Intelligent Store – Behavior Triggers: The Intelligent Store suite provides tools for efficient communication between online retailers and customers. The Behavior Triggers tool follows customers' interests, personalizing their experience. This app is available only in Portuguese.
Intelligent Store – Personal Shop: The Personal Shop tool enables automation of personalized digital interfaces based on customer behavior and semantic elements. This app is available only in Portuguese.
Intelligent Store – Semantic Search: The Semantic Search tool combines semantics with personalization, helping online retailers better understand the context and purchase time of each potential customer. This app is available only in Portuguese.
mapul: Mapul is a web application that allows you to create visual diagrams to capture your ideas and then share and present them online. Generate, visualize, and present your ideas in new ways.
MATLAB (BYOL): MATLAB is a programming platform designed for engineers and scientists. It combines a desktop environment tuned for iterative analysis and design processes with a programming language that expresses matrix and array mathematics directly.
Mobile Coupon: Mobile Coupon encourages customer activity through coupons and push notifications. Its pre-built functions enable you to deploy your own branded application quickly and inexpensively. This application is available only in Japanese.
NiceLabel Label Cloud: Label Cloud is a cloud-based version of the NiceLabel Label Management System. It enables you to digitally transform your labeling to achieve lower costs, improved quality assurance, and a faster time-to-market.
Plastic SCM: Plastic SCM is a full version control stack that includes native GUIs, branching, and merge tools. It integrates with almost any issue tracker, code review, and continuous integration/continuous delivery tool, and it also incorporates build automation.
Precedence: The Precedence open-source ledger allows the non-blockchain specialist to easily put in place a transparent, immutable, and cryptographically verifiable transaction log that fully integrates with an existing database or file system.
Preservica: Preservica provides digital preservation for unstructured content that needs to be kept safe, secure, and readable long-term (10 years or more), or perhaps indefinitely. Preservica preserves readable and accessible versions of every file, tagging and migrating each one.
Prime: With Prime, offer a better experience for your banking customers. Issue and personalize cards within minutes. Improve efficiency by automating back-office operations and streamlining activities.
Proctorio | Learning Integrity Platform: Ensure the learning integrity of every assessment every time. Eliminate human error, bias, and much of the expense associated with remote proctoring, identity verification, and originality verification.
Product Cloud – Advanced Filters: The Product Cloud Suite provides tools to help online retailers organize their catalogs. The Advanced Filters tool extracts product characteristics, resulting in easier browsing for customers. This app is available only in Portuguese.
Product Cloud – Automatic Categorization: The Automatic Categorization tool sorts according to the category tree fixed by online retailers and provides benchmark suggestions, looking at customer patterns and market trends. This app is available only in Portuguese.
R3S _Process Manager: R3S Process Manager enables you to publish run archive files to a security-enhanced web server. You can use R3S Worker or a third-party grid computing system to perform the execution.
Retina – AI based Retail Analytics Suite: Retina is an AI-led analytics product that provides a single view of all customer transactions for retailers to drive actionable insights. Retina supplies the customer with personalized products, promotions, and services.
Seymour: Through automated processing and publishing of Excel and CSV data, Seymour produces great-looking charts and tables on your website. The charts and tables will update automatically in real time, and Seymour is fully responsive for mobile and other devices.
SIOS Billing Management Solution for EA-Azure: Facilitate the management of Azure usage charges at universities and government agencies in cooperation with the Microsoft Azure Enterprise Agreement portal. This solution is available only in Japanese.
Spinbackup for Office 365: Spinbackup provides you with an enterprise-ready backup and recovery solution for Office 365. It offers migration, reports, top-level encryption, automated daily backups, diversity in data storage locations, and more.
Sustainability Suite (Cloud Version): Cogneum's Sustainability Suite improves governance and mitigates financial and reputational risks associated with sustainability.
Switch Automation: Switch Automation's comprehensive smart building platform integrates with traditional building systems as well as Internet of Things (IoT) technologies to analyze, automate, and control assets in real time.
UpSafe Office 365 Backup: UpSafe Office 365 Backup helps you secure the critical data from your Software-as-a-Service application. Set it up and start your Office 365 backup in just a few clicks. When necessary, restore the files you need through granular or full recovery.
Vexor: Vexor's continuous integration service can run an unlimited number of parallel builds because it works in the cloud. Tests are executed in parallel in each build to make your testing faster. Vexor uses a pay-per-minute billing model.
Virtual Vaults Dataroom: Virtual Vaults delivers a professional virtual data room platform to support transactional projects within capital markets such as mergers and acquisitions and real estate.
Container solutions
Joomla! Helm Chart: Joomla! is an award-winning open-source CMS platform for building websites and applications. Deploying Bitnami applications as Helm charts is the easiest way to get started with our applications on Kubernetes.
Kubewatch Helm Chart: Kubewatch is a Kubernetes watcher that currently publishes notification to Slack. Run it in your Kubernetes cluster and you will get event notifications in a Slack channel.
MediaWiki Helm Chart: MediaWiki is the free and open-source wiki software that powers Wikipedia. Used by thousands of organizations, it is extremely powerful, scalable software and a feature-rich wiki implementation.
Memcached Helm Chart: Memcached is a high-performance distributed memory object caching system. It's generic in nature but intended for use in speeding up dynamic web applications by alleviating database load.
minideb Container Image: This is a minimalist Debian-based image built specifically to be used as a base image for containers.
Moodle Helm Chart: Moodle is an open-source online learning management system (LMS) widely used at universities, schools, and corporations worldwide. It’s modular and highly adaptable to any type of online learning.
NGINX Ingress Controller Helm Chart: NGINX Ingress Controller is an ingress controller that manages external access to HTTP services in a Kubernetes cluster using NGINX.
NGINX Open Source Helm Chart: NGINX Open Source is a popular web server that can also be used as a reverse proxy, load balancer, and http cache.
phpMyAdmin Helm Chart: phpMyAdmin is a free software tool written in PHP and intended to handle the administration of MySQL over the web. phpMyAdmin supports a wide range of operations on MySQL and MariaDB.
PrestaShop Helm Chart: PrestaShop is a powerful open-source e-commerce platform used by more than 250,000 online storefronts worldwide. It’s easily customizable, responsive, and includes powerful tools to drive online sales.
WildFly Helm Chart: Wildfly is a lightweight open-source application server, formerly known as JBoss, that implements the latest enterprise Java standards.
Consulting services
Authentication and Secure Data: 1-day Workshop: After completing this workshop by Dynamics Edge, students will understand how to implement authentication in applications, implement secure data (SSL and TLS), and manage cryptographic keys in Azure Key Vault.
Azure PaaS: 3-Day Proof of Concept: This three-day engagement will allow your team to work with Tallan to educate your organization on what is possible in Microsoft Azure and to build out a proof of concept utilizing Azure Platform-as-a-Service.
Azure Readiness Assessment: 2 Weeks: With cloud migration assessment tools from Oakwood Systems Group Inc., you’ll have a complete inventory of servers with metadata for each, allowing you to build a cloud migration plan for your organization.
Blue Chip Migrator for Azure Adoption: Blue Chip Consulting can help you efficiently and strategically adopt Microsoft Azure and eliminate the guesswork associated with complex cloud migrations and modernization projects.
Creating and Deploying Apps-1 day Workshop: This workshop by Dynamics Edge will teach IT professionals how to build logic app solutions that integrate apps, data, systems, and services by automating tasks and business processes as workflows.
Deploy/Configure Infrastructure: 1-day Workshop: This workshop by Dynamics Edge will teach IT professionals how to manage Azure resources, including deployment and configuration of virtual machines, virtual networks, storage accounts, and Azure Active Directory.
Develop Azure Platform as Service: 1-day Workshop: Dynamics Edge's trainer-led workshop will help you create an Azure Container Service (ACS/AKS) cluster using Azure CLI and Azure Portal.
Develop for Azure Storage: 1-day Workshop: This workshop by Dynamics Edge will cover developing solutions using Azure Storage options: Azure Cosmos DB, Azure Storage tables, file storage, Blob storage, relational databases, and caching and content delivery network.
Developing for the Cloud: 1-day Workshop: Learn how to configure a message-based integration architecture, develop for asynchronous processing, create apps for auto scaling, and better understand Azure Cognitive Services solutions.
Implement Security in Azure Devt: 1-day Workshop: This trainer-led workshop by Dynamics Edge is part of a series of four courses to help you prepare for Microsoft’s Azure developer certification exam AZ-200: Develop Core Microsoft Azure Cloud Solutions.
QuickBooks Desktop on Azure: 5hr Assessment: Noobeh’s experienced consultants will perform an assessment of the requirements for your QuickBooks delivery on the Microsoft Azure platform, then develop a deployment plan.
Secure Identities: 1-day Workshop: This workshop by Dynamics Edge will teach IT professionals about keeping modern IT environments secure, focusing on role-based access control, multi-factor authentication, and privileged identity management.
Select Appropriate Azure Devt: 1-day Workshop: This is for developers who know how to code in at least one of the Azure-supported languages. It will cover Azure architecture, design and connectivity patterns, and choosing the right storage solution for your development
Quelle: Azure
Extracting insights from multiple data sources is a new goal for manufacturers. Industrial IoT (IIoT) data is the starting point for new solutions, with the potential for giving manufacturers a competitive edge. But tracking data is often relegated to more than one solution—and each solution is created to solve a different problem. Therefore, most manufacturers use three or more separate solutions to track KPIs connected with production, including: monitoring, maintenance, quality management, and energy monitoring systems. This means higher costs and lower efficiencies. And, given the disconnected states of these apps, there is no way to see the entire picture of operations. Altizon is working to solve this problem with a suite of three offerings. Altizon is helping manufacturers integrate all data in their systems and enable them to make data-driven decisions.
Disconnected data
These systems contain vast and vital kinds of information, but they run in silos. This data is rarely correlated and exchanged. How did this situation arise, and what are the consequences?
Operational technology (OT) and IT systems are developed with different goals in mind and for different users within the organization. Therefore, most organizational data stays in silos.
Data is often entered into these systems by hand. This means the data is prone to error. And with a manual process, it’s impossible to get real-time insights from the data.
When data is trapped in silos, management can’t track critical KPIs. How can you make a data-driven decision without all the data?
The lack of historical and contextual data—and the inability to process data in a timely fashion—makes it difficult to predict machine behavior or quality.
Connect the dots, and see the real picture
With this problem in mind, Altizon has created the Datonis Suite. This is a complete industrial IoT solution for manufacturers to leverage their existing data sources.
The Datonis Suite provides a set of ready-to-go business value applications, enterprise integrations, and “Data services for operational intelligence”—all of which drive better outcomes. The suite includes:
Datonis IIoT Platform accelerates IT/OT integrations by connecting diverse industrial assets and launching new applications over a hybrid infrastructure. The infrastructure is created with edge computing, advanced in-stream analytics, an application development framework, and deep learning capabilities.
Datonis Manufacturing Intelligence (MInt) provides a set of business value applications. These showcase an integrated plant view (of productivity, quality, maintenance, traceability, health, and safety).
Datonis Edge includes built-in support for connectivity protocols, edge computing, rules, notifications, machine learning, and custom plugins.
Benefits
The connections between disparate data brings many benefits, including:
A 360-degree view of all plant and floor data—informed by data science and machine learning
Correlation between benchmark reporting to business intelligence and sharing of this data/intelligence into enterprise systems
Visibility into real-time plant and floor operations to make data-driven decisions
Easy deployment to deliver a fast return on investment
Ready-to-scale architecture
Azure services used by the Datonis Suite
The solutions in the Datonis Suite are hosted on Azure, and employ:
Azure compute resources (scalable on-demand, and for normal operations)
Azure Storage
Azure Load Balancer
Azure Availability Sets to ensure high availability for all services
Recommended next steps
Learn more about Datonis Manufacturing Intelligence.
Learn more about the Datonis Industrial IoT Platform.
Also, you can go to the Azure marketplace listings for the solutions in the Datonis Suite and click Contact me.
Quelle: Azure
Samsung steht vor einem Foldgate: Der südkoreanische Hersteller hat den Marktstart des faltbaren Smartphones Galaxy Fold vorerst abgesagt. Nachdem die Testgeräte einiger Journalisten auch ohne ihr Zutun kaputt gegangen sind, soll das Gerät noch einmal gründlich untersucht werden. (Samsung, Smartphone)
Quelle: Golem
Amazon Managed Streaming for Kafka (Amazon MSK) is now available in open preview in seven AWS regions: US East (N. Virginia and Ohio), US West (Oregon), EU (Ireland), and AP (Singapore, Sydney, and Tokyo).
Quelle: aws.amazon.com
Amazon Kinesis Data Streams is a massively scalable and durable real-time data streaming service.
Quelle: aws.amazon.com
We’re excited to share more ways to optimize your Azure costs. Today we are releasing the general availability of Azure SQL Data Warehouse reserved capacity and software plans for RedHat Enterprise Linux and SUSE.
Quelle: Azure
More and more services are moving to the cloud and bringing their security challenges with them. In this blog post, we will focus on the security concerns of container environments.
In a previous blog post Azure Security Center announced new features for containers security, including Docker recommendations and compliance based on the CIS benchmark for containers. We’ll go over several security concerns in containerized environments, from the Docker level to the Kubernetes cluster level, and we will show how Azure Security Center can help you detect and mitigate threats in the environment as they’re occurring in real time.
Docker analytics
When it comes to Docker a common access vector for attackers is a misconfigured daemon. By default the Docker engine is accessible only via a UNIX socket. This setting guarantees that the Docker engine won’t be accessible remotely. However, in many cases, remote management is required. Therefore, Docker support also TCP sockets. Docker supports an encrypted and authenticated remote communication. However running the daemon with a TCP socket, without explicitly specifying the “tlsverify” flag in the daemon execution, will enable anyone with a network access to the Docker host to send unauthenticated API requests to the Docker engine.
Fig. 1 – Exposed Docker Daemon that is accessible over the network
A host that runs an exposed Docker daemon would be compromised very quickly. In Microsoft Threat Intelligence Center’s honeypots, scanners that are searching for exposed Docker daemon are seen frequently. Azure Security Center can detect and alert on such behavior.
Fig 2. – Exposed Docker alert
Another security concern could be running your containers with higher privileges than they really need. A container with high privileges can access the host’s resources. Thus, a compromised privileged container may lead to a compromised host. Azure Security Center detects and alerts when a privileged container runs.
Fig. 3 – privileged container alert
There are additional suspicious behaviors that Azure Security Center can detect including running an SSH server in the container and running malicious images.
Cluster level security
Usually running a single instance of Docker is not enough and a container cluster is needed. Most people use Kubernetes for their container orchestration. A major concern in managing clusters is the possibility of privilege escalation and lateral movements inside the cluster. We will demonstrate several scenarios and will show how Azure Security Center can help identify those malicious activities.
For the first demonstration, we’ll use a cluster without RBAC enabled.
In such a scenario (Fig. 4), the service account that is mounted by default to the pods has high cluster privileges. If one of the containers is compromised, an attacker can access the service account that is mounted to that container and use it for communicating with the API server.
Fig. 4 – Vulnerable web application container accesses the API Server
In our case, one of the containers in the cluster is running a web application that is vulnerable with a remote code execution vulnerability and exposed to the Internet. There are many examples of vulnerabilities in web applications that allow remote code execution, including CVE-2018-7600.
We will use this RCE vulnerability to send a request to the API sever from the compromised application that is running in the cluster. Since the service account has high privileges, we can perform any action in the cluster. In the following example, we retrieve the secrets from the cluster and save the output on the filesystem of the web application so we can access it later:
Fig. 5 – The payload send request to the API server
In fig. 5., we send a request to the API server (in the IP 10.0.0.1) that lists all the secrets in the default namespace. We do this by using the service account token that is located at /var/run/secretes/kubernetes.io/serviceaccount/token on the compromised container.
Now we can access the file secrets.txt that stores the secrets:
Fig. 6 – dump of the cluster’s secrets
We can also list, delete, and create new containers and change other cluster resources.
Azure Security Center can identify and alert on suspicious requests to the API server from Kubernetes nodes (auditd on the cluster’s nodes required):
Fig. 7 – Suspicious API request alert
One mitigation for this attack is to manage permissions in the cluster with RBAC. RBAC enables the user to grant different permissions to different accounts. By default, service accounts have no permissions to perform actions in the cluster.
However, many times even if RBAC is enabled attackers can still use such vulnerable containers for malicious purposes. A very convenient way to monitor and manage the cluster is through the Kubernetes Dashboard. The Dashboard, a container by itself, gets the default RBAC permissions that also does not enable any significant action. In order to use the dashboard many users grant permissions to the kubernetes-dashboard service account. In such cases attackers can perform actions in the cluster by using the dashboard container as a proxy instead of using the API server directly. The following payload retrieves the overview page of the default namespaces from the Kubernetes dashboard which contains information about main resources in the namespace:
Fig. 8 – request to the dashboard
In Fig. 8, a request is sent from the compromised container to the dashboard’s cluster IP (10.0.182.140 in this case). Fig. 9 describes the attack vector when the dashboard is used.
Fig. 9 – Vulnerable container accesses the Kubernetes Dashboard
Azure Security Center can also identify and alert on suspicious requests to the dashboard container from Kubernetes nodes (auditd on the cluster’s nodes required).
Fig. 10 – Suspicious request to the dashboard alert
Even if specific permissions were not given to any container, attackers with access to a vulnerable container can still gain valuable information about the cluster. Every Kubernetes node runs the Kubernetes agent named Kubelet which manages the containers that run on the specific node. Kubelet exposes a read-only API that does not require any authentication in port 10255. Anyone with network access to the node can query this API and get useful information about the node. Specifically querying http://[NODE IP]:10255/pods/ will retrieve all the running pods on the node.
http://[NODE IP]:10255/spec/ will retrieve information about the node itself such as CPU and memory consumption. Attackers can use this information for better understanding the environment of the compromised container.
Lateral movement and privilege escalation are among the top security concerns in container clusters. Detecting abnormal behavior in the cluster can help you detect and mitigate those threats.
Get started with Azure Security Center
Learn more about Azure Security Center alerts and protection for containers. Start using the Standard tier of Azure Security Center to protect your containers for free today.
Quelle: Azure
