Hacktivists claim ISIS terrorists linked to Paris attacks had bitcoin funding

During Dateline coverage after the terrorist attacks on Paris, Lestor Holt asked, “Does this change the game in terms of intelligence?”Andrea Mitchell replied, “It does,” before discussing how intelligence missed any type of communication regarding the coordinated attacks. She added, “There’s such good surveillance on cell phones and there’s such good communications ability by the intelligence gathering in Europe, especially in France, especially in Great Britain and in the United States. So they may have been communicating via social media or through codes. And that’s the kind of thing that is very concerning to U.S. intelligence.”To read this article in full or to leave a comment, please click here

Welcome!

This is Under Construction Personal blog, travel stories, opinions and more craptology!

[[ Summary content only, you can read everything now, just visit the site for full story ]]

How Facebook’s Safety Check Works

I noticed on Facebook during this horrible tragedy in Paris that there was some worry because not everyone had checked in using Safety Check. So I thought people might want to know a little more about how Safety Check works.

If a friend or family member hasn't checked-in yet it doesn't mean anything bad has happened to them. Please keep that in mind. Safety Check is a good system, but not a perfect system, so keep your hopes up.

This is a really short version, there's a longer article if you are interested.

  • How it works:

    • If you are in an area impacted by a disaster Facebook will send you a push notification asking if you are OK. 

    • Tapping the “I’m Safe” button marks that your are safe.

    • All your friends are notified that you are safe.

    • Friends can also see a list of all the people impacted by the disaster and how they are doing.

  • How do you build the pool of people impacted by a disaster in a certain area? Building a geoindex is the obvious solution, but it has weaknesses.

    • People are constantly moving so the index will be stale.

    • A geoindex of 1.5 billion Continue reading

k8s + opencontrail on AWS

For anyone interested in running a testbed with Kubernetes and OpenContrail on AWS i managed to boil down the install steps to the minimum:

  • Use AWS IAM to create a user and download a file “credentials.csv”
  • Checkout the scripts via `git clone https://github.com/pedro-r-marques/examples.git`
  • Change to the “ec2-k8s-cluster” directory (e.g. /Users/roque/src/examples/ec2-k8s-cluster)
  • Edit “credentials.sh” with the location of you csv file and user name and then “eval” this script.
  • Run ./setup.sh

The setup script will:

  • Create 5 VMs in a VPC on AWS;
  • Run the ansible provisioning script that installs the cluster;
  • Run a minimal sanity check on the cluster;
  • Launch an example;
  • Fetch the status page of the example app in order to check whether it is running successfully.

Please let me know if you run into any glitch… the “setup.sh” script can be rerun multiple times (the ansible provisioning is designed to be idempotent).

Next, I need to wrap this up with a Jenkins CI pipeline. And build permutations for:

  • kubernetes vs openshift;
  • single vs multiple network interfaces;
  • direct internet access vs http-proxy;
  • software gateway or a vSRX (for hybrid cloud interconnect);

The fun never stops !


A Handy GUI Tool for Working with APIs

In this post I’m going to share with you an OS X graphical application I found that makes it easier to work with RESTful APIs. The topic of RESTful APIs has come up here before (see this post on using cURL to interact with RESTful APIs), and RESTful APIs have been a key part of a number of other posts (like my recent post on using jq to work with JSON). Unlike these previous posts—which were kind of geeky and focused on the command line—this time around I’m going to show you an application called Paw, which provides a graphic interface for working with APIs.

Before I start talking about Paw, allow me to first explain why I’m talking about working with APIs using this application. I firmly believe that the future of “infrastructure engineers”—that is, folks who today are focused on managing servers, hypervisors, VM, storage, networks, and firewalls—lies in becoming the “full-stack engineer,” someone who has knowledge and skills across multiple areas, including automation/orchestration. In order to gain those skills in automation/orchestration, it’s pretty likely that you’re going to end up having to work with APIs. Hence, why I’m talking about this stuff, and why Continue reading

BitLocker encryption can be defeated with trivial Windows authentication bypass

Companies relying on Microsoft BitLocker to encrypt the drives of their employees' computers should install the latest Windows patches immediately. A researcher disclosed a trivial Windows authentication bypass, fixed earlier this week, that puts data on BitLocker-encrypted drives at risk.Ian Haken, a researcher with software security testing firm Synopsys, demonstrated the attack Friday at the Black Hat Europe security conference in Amsterdam. The issue affects Windows computers that are part of a domain, a common configuration on enterprise networks.When domain-based authentication is used on Windows, the user's password is checked against a computer that serves as domain controller. However, in situations when, for example, a laptop is taken outside of the network and the domain controller cannot be reached, authentication relies on a local credentials cache on the machine.To read this article in full or to leave a comment, please click here

The secret to a successful identity provider deployment: federate your identity data with a hub

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

Companies are securing more users who are accessing more applications from more places through more devices than ever before, and all this diversity is stretching the current landscape of identity and access management (IAM) into places it was never designed to reach. At the same time, security has never been more paramount—or difficult to ensure, given today’s outdated and overly complex legacy identity systems. I call this the “n-squared problem,” where we’re trying to make too many hard-coded connections to too many sources, each with its own protocols and requirements.

To read this article in full or to leave a comment, please click here

How to solve today’s top three virtual environment challenges

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

Virtualization is a mature technology but if you don’t have a virtualization wizard on staff managing the environment can be a challenge. Benefits such as flexibility, scalability and cost savings can quickly give way to security risks, resource waste and infrastructure performance degradation, so it is as important to understand common virtual environment problems and how to solve them.

The issues tend to fall into three main areas: virtual machine (VM) sprawl, capacity planning and change management. Here’s a deeper look at the problems and what you can do to address them:

To read this article in full or to leave a comment, please click here

Stupidity rules: Almost 24 aircraft hit with lasers in one night

Maybe it was a full moon or maybe all the dolts just came out at once, but the Federal Aviation Administration reported that lasers hit nearly two dozen aircraft across the US last night. Sadly the average number of laser strikes on aircraft is about 16 per day. FBI The FAA said three laser strikes were reported in the New York City/Newark, N.J early in the evening, followed by three incidents in Texas, where jets were struck while preparing to land at Dallas Love Field. By late evening, pilots reported laser incidents in cities from Dallas to Los Angeles and San Juan.To read this article in full or to leave a comment, please click here

Cops pull over Google driverless car — but not for speeding

Google's self-driving car had a run-in with the law this week.A Mountain View, Calif. motorcycle police officer pulled over a Google autonomous car for driving too slowly, and a photo of the roadside stop posted to Facebook by Zandr Milewski has gone viral. [ Get the latest tech news with Computerworld's daily newsletters. ] Google responded to the hubbub yesterday on its Self-Driving Car Project page on Google+.To read this article in full or to leave a comment, please click here

SC15 live real-time weathermap

Connect to http://inmon.sc15.org/sflow-rt/app/sc15-weather/html/ between now and November 19th to see a real-time heat map of the The International Conference for High Performance Computing, Networking, Storage and Analysis (SC15) network.

From the SCinet web page, "SCinet brings to life a very high-capacity network that supports the revolutionary applications and experiments that are a hallmark of the SC conference. SCinet will link the convention center to research and commercial networks around the world. In doing so, SCinet serves as the platform for exhibitors to demonstrate the advanced computing resources of their home institutions and elsewhere by supporting a wide variety of bandwidth-driven applications including supercomputing and cloud computing."

The real-time weathermap leverages industry standard sFlow instrumentation built into network switch and router hardware to provide scaleable monitoring of the over 6 Terrabit/s aggregate link capacity comprising the SCinet network. Link colors are updated every second to reflect operational status and utilization of each link.

Clicking on a link in the map pops up a 1 second resolution strip chart showing the protocol mix carried by the link.

The SCinet real-time weathermap was constructed using open source components running on the sFlow-RT real-time analytics engine. Download sFlow-RT and see what Continue reading

CISO bets on cloud security services to protect data

In what could be considered an unusual move at a time when most companies choose to keep their cybersecurity tools on-premises, John Graham, CISO for Jabil Circuit, says the manufacturing services company is adopting more cloud security services. Graham says that moving to the cloud lets the company focus on its core business of making high-precision molds, mechanical tools and medical devices. More specifically, it allows his tech staff to focus on threat analytics. Graham expects Jabil’s cloud migration strategy to become the rule rather than the exception. John Graham, CISO for Jabil Circuit.To read this article in full or to leave a comment, please click here

1 3,179 3,180 3,181 3,182 3,183 3,773