This document discusses IBM's Global Security Kit (GSKit), which provides cryptographic functionality for IBM middleware applications. GSKit implements SSL/TLS for secure communication and uses standardized algorithms and key formats that are FIPS certified. It supports a variety of IBM products running on different platforms and operating systems. The document describes GSKit components, commands, application programming interfaces, certificate formats, and key store formats like CMS, PKCS#12, and PKCS#11.
There are many Galera Cluster distributions and sometimes differences are well worth noting. We get a lot of queries about which Galera Cluster to use, or why one should use one distribution over the other.
Learn about Galera Cluster with MySQL 5.7 from Codership, and we’ll compare it with Galera Cluster 4 with MariaDB 10.4, and Percona XtraDB Cluster 5.7 with Galera 3. This is also the webinar where we preview Galera Cluster 4 with MySQL 8.0 as well as compare it with the preview release of Percona XtraDB Cluster 8.0.
Overall, learn why distributions exists, and how you can get the most out of your Galera Cluster experience.
SSL Implementation - IBM MQ - Secure Communications nishchal29
Presenting the basics of SSL/TLS , usage of SSL protocol to secure the IBM MQ channels. Secure Communications between two Queue Managers and various test cases , between an application and Queue Manager , Errors , Certificate Renewal ..
DNS High-Availability Tools - Open-Source Load Balancing SolutionsMen and Mice
The DNS protocol has built-in high availability for authoritative DNS servers (this will be better explained in the webinar!), but client machines can see a degraded DNS service if a DNS resolver (caching DNS server) is failing.
In this webinar, we will look into how the DNS clients in popular operating systems (Windows, Linux, macOS/iOS) choose the DNS resolver among a list of available servers, and how a DNS resolver service can be made failure-tolerant with open-source solutions such as “dnsdist” from PowerDNS and “relayd” from OpenBSD.
Taming the PDB: Resource Management and Lockdown ProfilesMarkus Flechtner
Managing a large multitenant database with many pluggable database can be a difficult task. Many PDBs fight for the server resources like I/O, CPU and memory. It can be difficult to keep the SLAs agreed with your customers. Oracle Database 12c Release 2 offers improvments in resource management for PDBs and a new feature called „Lockdown Profiles“ which helps you to limit the available features on PDB level. The talk shows the various areas of these two features in a CDB environment and shows how they will help you managing a multitenant environment. And both features can help even with a single-tenant database.
Delivered at the FISL13 conference in Brazil: http://www.youtube.com/watch?v=K9w2cipqfvc
This talk introduces the USE Method: a simple strategy for performing a complete check of system performance health, identifying common bottlenecks and errors. This methodology can be used early in a performance investigation to quickly identify the most severe system performance issues, and is a methodology the speaker has used successfully for years in both enterprise and cloud computing environments. Checklists have been developed to show how the USE Method can be applied to Solaris/illumos-based and Linux-based systems.
Many hardware and software resource types have been commonly overlooked, including memory and I/O busses, CPU interconnects, and kernel locks. Any of these can become a system bottleneck. The USE Method provides a way to find and identify these.
This approach focuses on the questions to ask of the system, before reaching for the tools. Tools that are ultimately used include all the standard performance tools (vmstat, iostat, top), and more advanced tools, including dynamic tracing (DTrace), and hardware performance counters.
Other performance methodologies are included for comparison: the Problem Statement Method, Workload Characterization Method, and Drill-Down Analysis Method.
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault Outlyer
A review of AWS security concepts, leaks at Beamly, an Introduction to Hashicorp Vault and how we use use Vault at Beamly.
Watch YouTube video here: http://bit.ly/25ytNAD
Join DevOps Exchange London Meetup: http://bit.ly/22y4Var
Follow DOXLON on Twitter: http://bit.ly/1ZdugEJ
Presentation done at the November meeting of the Sudoers Barcelona group (https://www.meetup.com/sudoersbcn/).
HashiCorp Vault (https://www.vaultproject.io/)
"Vault és una eina per emmagatzemar i gestionar secrets. Veurem què ofereix, com instal·lar-la, utilitzar-la i operar-la, i la nostra experiència."
There are many Galera Cluster distributions and sometimes differences are well worth noting. We get a lot of queries about which Galera Cluster to use, or why one should use one distribution over the other.
Learn about Galera Cluster with MySQL 5.7 from Codership, and we’ll compare it with Galera Cluster 4 with MariaDB 10.4, and Percona XtraDB Cluster 5.7 with Galera 3. This is also the webinar where we preview Galera Cluster 4 with MySQL 8.0 as well as compare it with the preview release of Percona XtraDB Cluster 8.0.
Overall, learn why distributions exists, and how you can get the most out of your Galera Cluster experience.
SSL Implementation - IBM MQ - Secure Communications nishchal29
Presenting the basics of SSL/TLS , usage of SSL protocol to secure the IBM MQ channels. Secure Communications between two Queue Managers and various test cases , between an application and Queue Manager , Errors , Certificate Renewal ..
DNS High-Availability Tools - Open-Source Load Balancing SolutionsMen and Mice
The DNS protocol has built-in high availability for authoritative DNS servers (this will be better explained in the webinar!), but client machines can see a degraded DNS service if a DNS resolver (caching DNS server) is failing.
In this webinar, we will look into how the DNS clients in popular operating systems (Windows, Linux, macOS/iOS) choose the DNS resolver among a list of available servers, and how a DNS resolver service can be made failure-tolerant with open-source solutions such as “dnsdist” from PowerDNS and “relayd” from OpenBSD.
Taming the PDB: Resource Management and Lockdown ProfilesMarkus Flechtner
Managing a large multitenant database with many pluggable database can be a difficult task. Many PDBs fight for the server resources like I/O, CPU and memory. It can be difficult to keep the SLAs agreed with your customers. Oracle Database 12c Release 2 offers improvments in resource management for PDBs and a new feature called „Lockdown Profiles“ which helps you to limit the available features on PDB level. The talk shows the various areas of these two features in a CDB environment and shows how they will help you managing a multitenant environment. And both features can help even with a single-tenant database.
Delivered at the FISL13 conference in Brazil: http://www.youtube.com/watch?v=K9w2cipqfvc
This talk introduces the USE Method: a simple strategy for performing a complete check of system performance health, identifying common bottlenecks and errors. This methodology can be used early in a performance investigation to quickly identify the most severe system performance issues, and is a methodology the speaker has used successfully for years in both enterprise and cloud computing environments. Checklists have been developed to show how the USE Method can be applied to Solaris/illumos-based and Linux-based systems.
Many hardware and software resource types have been commonly overlooked, including memory and I/O busses, CPU interconnects, and kernel locks. Any of these can become a system bottleneck. The USE Method provides a way to find and identify these.
This approach focuses on the questions to ask of the system, before reaching for the tools. Tools that are ultimately used include all the standard performance tools (vmstat, iostat, top), and more advanced tools, including dynamic tracing (DTrace), and hardware performance counters.
Other performance methodologies are included for comparison: the Problem Statement Method, Workload Characterization Method, and Drill-Down Analysis Method.
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault Outlyer
A review of AWS security concepts, leaks at Beamly, an Introduction to Hashicorp Vault and how we use use Vault at Beamly.
Watch YouTube video here: http://bit.ly/25ytNAD
Join DevOps Exchange London Meetup: http://bit.ly/22y4Var
Follow DOXLON on Twitter: http://bit.ly/1ZdugEJ
Presentation done at the November meeting of the Sudoers Barcelona group (https://www.meetup.com/sudoersbcn/).
HashiCorp Vault (https://www.vaultproject.io/)
"Vault és una eina per emmagatzemar i gestionar secrets. Veurem què ofereix, com instal·lar-la, utilitzar-la i operar-la, i la nostra experiència."
Slides from "Managing Secrets at scale" at Velocity EU 2015
Secrets come in many shapes and sizes: database API keys, database passwords, private keys. Distributing and managing these secrets is usually an afterthought. It's hard to get right, and can be very expensive if you get it wrong. In this session, we'll look at the core operations and properties that make up a good secret management system, and how these principals can be implemented
Session Description:
In this session, Ravi Described some use cases about harmonizing Ceph storage with Apache CloudStack for a CloudStack infrastructure setup. This includes using primary and secondary storage for CloudStack, synchronizing and rendering VM snapshots accessible across remote zones, fortifying storage for disaster recovery, and upholding client VM data backup.
Speaker Bio:
Ravichandran has 15+ years of technical expertise in Linux and Cloud solutions in Assistanz Networks Private Limited. Ravi is currently leading Business Development at Apache CloudStack consulting, Storage solutions and Stackbill CMP product.
---------------------------------------------
On Friday 18th August, the Apache CloudStack India User Group 2023 took place in Bangalore, seeing CloudStack enthusiasts, experts, and industry leaders from across the country, discuss the open-source project. The meetup served as a vibrant platform to delve into the depths of Apache CloudStack, share insights, and forge new connections.
aptly is a swiss army knife for Debian repository management: it allows to mirror remote repositories, take snapshots, pull new versions of packages along with dependencies, publish snapshots.
http://www.aptly.info/
ModSecurity 3.0 and NGINX: Getting StartedNGINX, Inc.
On demand version can be accessed at https://www.nginx.com/resources/webinars/modsecurity-3-0-and-nginx-getting-started/
The long-awaited ModSecurity 3.0 is available now. ModSecurity 3.0 is a complete rewrite of ModSecurity, and is the first version to work natively with NGINX. ModSecurity 3.0 loads into NGINX as a dynamic module.
Watch this webinar to learn:
- A brief history of the ModSecurity project
- How ModSecurity stops Layer 7 attacks
- What’s changed with ModSecurity 3.0 and how it integrates with NGINX
- How to install and configure ModSecurity with both open source NGINX and NGINX Plus
[KubeCon EU 2022] Running containerd and k3s on macOSAkihiro Suda
https://sched.co/ytpi
It has been very hard to use Mac for developing containerized apps. A typical way is to use Docker for Mac, but it is not FLOSS. Another option is to install Docker and/or Kubernetes into VirtualBox, often via minikube, but it doesn't propagate localhost ports, and VirtualBox also doesn't support the ARM architecture. This session will show how to run containerd and k3s on macOS, using Lima and Rancher Desktop. Lima wraps QEMU in a simple CLI, with neat features for container users, such as filesystem sharing and automatic localhost port forwarding, as well as DNS and proxy propagation for enterprise networks. Rancher Desktop wraps Lima with k3s integration and GUI.
Slides from "Managing Secrets at scale" at Velocity EU 2015
Secrets come in many shapes and sizes: database API keys, database passwords, private keys. Distributing and managing these secrets is usually an afterthought. It's hard to get right, and can be very expensive if you get it wrong. In this session, we'll look at the core operations and properties that make up a good secret management system, and how these principals can be implemented
Session Description:
In this session, Ravi Described some use cases about harmonizing Ceph storage with Apache CloudStack for a CloudStack infrastructure setup. This includes using primary and secondary storage for CloudStack, synchronizing and rendering VM snapshots accessible across remote zones, fortifying storage for disaster recovery, and upholding client VM data backup.
Speaker Bio:
Ravichandran has 15+ years of technical expertise in Linux and Cloud solutions in Assistanz Networks Private Limited. Ravi is currently leading Business Development at Apache CloudStack consulting, Storage solutions and Stackbill CMP product.
---------------------------------------------
On Friday 18th August, the Apache CloudStack India User Group 2023 took place in Bangalore, seeing CloudStack enthusiasts, experts, and industry leaders from across the country, discuss the open-source project. The meetup served as a vibrant platform to delve into the depths of Apache CloudStack, share insights, and forge new connections.
aptly is a swiss army knife for Debian repository management: it allows to mirror remote repositories, take snapshots, pull new versions of packages along with dependencies, publish snapshots.
http://www.aptly.info/
ModSecurity 3.0 and NGINX: Getting StartedNGINX, Inc.
On demand version can be accessed at https://www.nginx.com/resources/webinars/modsecurity-3-0-and-nginx-getting-started/
The long-awaited ModSecurity 3.0 is available now. ModSecurity 3.0 is a complete rewrite of ModSecurity, and is the first version to work natively with NGINX. ModSecurity 3.0 loads into NGINX as a dynamic module.
Watch this webinar to learn:
- A brief history of the ModSecurity project
- How ModSecurity stops Layer 7 attacks
- What’s changed with ModSecurity 3.0 and how it integrates with NGINX
- How to install and configure ModSecurity with both open source NGINX and NGINX Plus
[KubeCon EU 2022] Running containerd and k3s on macOSAkihiro Suda
https://sched.co/ytpi
It has been very hard to use Mac for developing containerized apps. A typical way is to use Docker for Mac, but it is not FLOSS. Another option is to install Docker and/or Kubernetes into VirtualBox, often via minikube, but it doesn't propagate localhost ports, and VirtualBox also doesn't support the ARM architecture. This session will show how to run containerd and k3s on macOS, using Lima and Rancher Desktop. Lima wraps QEMU in a simple CLI, with neat features for container users, such as filesystem sharing and automatic localhost port forwarding, as well as DNS and proxy propagation for enterprise networks. Rancher Desktop wraps Lima with k3s integration and GUI.
Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/1LTLBAJ.
Todd Montgomery discusses the challenges of I/O, as software and hardware change rapidly and conventional wisdom must evolve to keep up. Montgomery thinks now is a good time to revisit old ideas with new and different perspectives. Filmed at qconsf.com.
Todd Montgomery is a networking hacker who has researched, designed, and built numerous protocols, messaging-oriented middleware systems, and real-time data systems, done research for NASA, contributed to the IETF and IEEE, and co-founded two startups. He currently works as an independent consultant and is active in several open source projects.
Protecting Python applications the simpler wayteam-WIBU
All software ought to be protected, not just applications made with one of the usual suspects: C or Java. In recent years, Python has become an increasingly attractive choice for software developers, not least with the language’s commitment to simplicity and clarity, but also the sheer range of solid, up-to-date resources for AI or machine learning applications. The newfound popularity of the language becomes plain when one sees its ranking in the TIOBE Index, following hot on the heels of the two traditional favorites.
But simple and clear also means: an appealing target for would-be attackers. And Python does make it unnecessarily easy for them to access the code. If it is not available in plaintext form from the outset, but precompiled with Cython, skilled attackers would still have no major problems with getting back to the original code by using common hacking tools. Especially in innovation-heavy areas like AI, that code can represent a substantial intellectual and commercial asset, making it perfect prey for unscrupulous hackers.
Wibu-Systems believes that only solid encryption can truly protect sensitive code from these threats. That is why Python support has been added to the popular CodeMeter Protection Suite. The traditional approach would be to transform Python code into a native application with tools like Cython and to then protect that application with CodeMeter’s powerful encryption. But there is a second, revolutionary approach: Encrypting the Python code itself in its original form. With CodeMeter’s technology, the code is only decrypted when it is actually needed and remains encrypted at all other times, so that it could not simply be extracted from working memory. CodeMeter can also encrypt different parts of the code with separate licenses or cryptographic keys to allow smart modular protections for the finished application.
A Modern Fairy Tale: Java Serialization Steve Poole
Once, long ago, we we looked at serialization as an important addition to Java. As the years passed, we began to recognize the flaws in its design and sighed. Today we realize that the story of serialization has become a dark and twisted tale. In this session, see why we still need serialization, how the built-in design is fatally flawed, and how it is being exploited and used against us. Learn how to work against the dark arts rallied against us, and understand how even the alternative forms of Java serialization can still be open to attack.
Does this tale have a happy ending? Can goodness prevail and can you make your application safe from Java serialisation weaknesses?
Only your can decide.
Demystifying hash collisions.
Pass the Salt, 1st July 2019.
video @ https://passthesalt.ubicast.tv/videos/kill-md5-demystifying-hash-collisions/
Hack.Lu, 22 October 2019.
video @ https://www.youtube.com/watch?v=JXazRQ0APpI
CONFidence 2014: Vlatko Kosturjak: Exploring treasures of 77FEhPROIDEA
If vendors need to expose serial interface to “modern” IP world, they often use ready-made solution like Lantronix. You can find different vendors to use these devices as part of different embedded systems – from alarms to legacy SCADA systems. If you find such devices on the Internet or LAN, the most imporant part is to check if 77FEh is enabled. We will cover already known stuff with 77FEh, but also new interesting findings in owning such devices.
New tool to exploit all of this will be presented as well as counter-measures.
0x01 - Newton's Third Law: Static vs. Dynamic AbusersOWASP Beja
f you offer a service on the web, odds are that someone will abuse it. Be it an API, a SaaS, a PaaS, or even a static website, someone somewhere will try to figure out a way to use it to their own needs. In this talk we'll compare measures that are effective against static attackers and how to battle a dynamic attacker who adapts to your counter-measures.
About the Speaker
===============
Diogo Sousa, Engineering Manager @ Canonical
An opinionated individual with an interest in cryptography and its intersection with secure software development.
This presentation by Morris Kleiner (University of Minnesota), was made during the discussion “Competition and Regulation in Professions and Occupations” held at the Working Party No. 2 on Competition and Regulation on 10 June 2024. More papers and presentations on the topic can be found out at oe.cd/crps.
This presentation was uploaded with the author’s consent.
Have you ever wondered how search works while visiting an e-commerce site, internal website, or searching through other types of online resources? Look no further than this informative session on the ways that taxonomies help end-users navigate the internet! Hear from taxonomists and other information professionals who have first-hand experience creating and working with taxonomies that aid in navigation, search, and discovery across a range of disciplines.
Acorn Recovery: Restore IT infra within minutesIP ServerOne
Introducing Acorn Recovery as a Service, a simple, fast, and secure managed disaster recovery (DRaaS) by IP ServerOne. A DR solution that helps restore your IT infra within minutes.
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...Orkestra
UIIN Conference, Madrid, 27-29 May 2024
James Wilson, Orkestra and Deusto Business School
Emily Wise, Lund University
Madeline Smith, The Glasgow School of Art