Creating "Secure" PHP applications, Part 2, Server Hardeningarchwisp
The document provides guidance on server hardening techniques. It discusses using netstat to view listening services on a server and using update-rc.d or chkconfig to disable unnecessary services from starting at boot. It also recommends enabling access control lists (ACLs) in file system mounts, using SELinux or AppArmor to enforce mandatory access controls, and setting reasonable PHP memory limits to prevent potential denial of service attacks. The document stresses the importance of only allowing approved applications to execute and knowing the resource limits of the server to avoid potential outages.
The document discusses the "Hello World" program in C and assembly languages. It provides the C code, compiles and runs it using GCC and LLVM, and examines the output assembly code, object file and executable using various Linux tools like objdump, readelf, nm, and strace. It explains concepts like sections, segments, symbol tables, relocation records, and the role of linker and loader.
The document evaluates OpenFlow implementation in RouterOS 6.6 on an RB750GL router. Testing showed that while the control plane functions, forwarding does not work properly. Packet-in messages are not generated and flows installed by the controller are not matched. This is due to buffers being set to zero, preventing packet-in messages. The router also cannot replace or rewrite packet headers as required. The current implementation is experimental and not production ready.
The document discusses honeypots, which are computer resources dedicated to being probed, attacked, or compromised. Honeypots can be used to detect internal attacks, identify scans and automated attacks, identify trends, keep attackers away from important systems, and collect signatures of attacks and malicious code. They work by emulating known vulnerabilities to collect information about attacks. Honeypots include low and high interaction varieties. Popular honeypot software includes Honeyd, which simulates virtual networks, and Nepenthes, which emulates vulnerabilities to capture binaries and commands executed by worms. Logs from honeypots can be analyzed to identify attack sources and collect malware samples.
The document discusses reverse engineering the firmware of Swisscom's Centro Grande modems. It identifies several vulnerabilities found, including a command overflow issue that allows complete control of the device by exceeding the input buffer, and multiple buffer overflow issues that can be exploited to execute code remotely by crafting specially formatted XML files. Details are provided on the exploitation techniques and timeline of coordination with Swisscom to address the vulnerabilities.
Creating "Secure" PHP applications, Part 2, Server Hardeningarchwisp
The document provides guidance on server hardening techniques. It discusses using netstat to view listening services on a server and using update-rc.d or chkconfig to disable unnecessary services from starting at boot. It also recommends enabling access control lists (ACLs) in file system mounts, using SELinux or AppArmor to enforce mandatory access controls, and setting reasonable PHP memory limits to prevent potential denial of service attacks. The document stresses the importance of only allowing approved applications to execute and knowing the resource limits of the server to avoid potential outages.
The document discusses the "Hello World" program in C and assembly languages. It provides the C code, compiles and runs it using GCC and LLVM, and examines the output assembly code, object file and executable using various Linux tools like objdump, readelf, nm, and strace. It explains concepts like sections, segments, symbol tables, relocation records, and the role of linker and loader.
The document evaluates OpenFlow implementation in RouterOS 6.6 on an RB750GL router. Testing showed that while the control plane functions, forwarding does not work properly. Packet-in messages are not generated and flows installed by the controller are not matched. This is due to buffers being set to zero, preventing packet-in messages. The router also cannot replace or rewrite packet headers as required. The current implementation is experimental and not production ready.
The document discusses honeypots, which are computer resources dedicated to being probed, attacked, or compromised. Honeypots can be used to detect internal attacks, identify scans and automated attacks, identify trends, keep attackers away from important systems, and collect signatures of attacks and malicious code. They work by emulating known vulnerabilities to collect information about attacks. Honeypots include low and high interaction varieties. Popular honeypot software includes Honeyd, which simulates virtual networks, and Nepenthes, which emulates vulnerabilities to capture binaries and commands executed by worms. Logs from honeypots can be analyzed to identify attack sources and collect malware samples.
The document discusses reverse engineering the firmware of Swisscom's Centro Grande modems. It identifies several vulnerabilities found, including a command overflow issue that allows complete control of the device by exceeding the input buffer, and multiple buffer overflow issues that can be exploited to execute code remotely by crafting specially formatted XML files. Details are provided on the exploitation techniques and timeline of coordination with Swisscom to address the vulnerabilities.
The document discusses using HoneyPots with Honeyd to detect attacks. It describes how Honeyd can create virtual hosts and configure them with various personalities and services. Logs of activity on services like SMTP, HTTP, and SSH can be examined to identify attacks. Configuring a HoneyPot with Honeyd involves creating host profiles, adding services and scripts to emulate operating systems and applications. This allows monitoring of attacks while adding security.
The document discusses using proxy ARP to allow multiple containers and VMs to share a single network interface on the host machine. It notes some limitations of alternative approaches like Linux bridges, Open vSwitch, and MACVLAN. It also describes some issues with proxy ARP like stealing MAC addresses and requiring static routing. The proposed solution is to use arptables to selectively allow ARP requests from specific IP addresses to prevent MAC address conflicts while enabling network access for containers and VMs.
High Availability Server Clustering without ILB(Internal Load Balancer) (MEMO)Naoto MATSUMOTO
High Availability Server Clustering without ILB(Internal Load Balancer) (MEMO)
20-Feb-2015
SAKURA Internet Research Center.
Senior Researcher / Naoto MATSUMOTO
This document discusses techniques for bypassing security products on Windows systems by manipulating process and registry notification callbacks. It shows how the Mimikatz tool can be used to find and modify these callbacks to prevent security products from receiving important notifications. Specifically, it demonstrates patching a callback routine to do nothing, and notes unlinking callbacks from the notification list is also possible but requires more work. The conclusion is this approach allows killing any security tool while making it appear still active from a monitoring perspective.
An Easy way to build a server cluster without top of rack switches (MEMO)Naoto MATSUMOTO
An Easy way to build a server cluster without top of rack switches (MEMO)
12-Feb-2015
SAKURA Internet Research Center.
Senior Researcher / Naoto MATSUMOTO
This document discusses tools and techniques for securing Mac OS servers and workstations. It provides tips for choosing strong passwords and securing accounts. It also summarizes intrusion detection tools like Nessus, SAINT, and Splunk that can detect vulnerabilities, rootkits, and unusual network activity. Finally, it describes Neofelis, an open-source honeypot for Mac OS X that can monitor attacks and aid in forensic analysis to identify zero-day vulnerabilities.
The document aims to analyze in detail the main phases of a penetration test, in particular: how to become silent, how to performe information gathering and service information gathering, how to find exploits and how you can actually use them.
By the way … the platform used to perform the penetration test is Kali (not Kali 2.0 because at the moment it works but not perfectly)..
How to install OpenStack MITAKA --allinone - cheat sheet -Naoto MATSUMOTO
How to install OpenStack MITAKA --allinone - cheat sheet -
27-Jun, 2016
SAKURA Internet, Inc. / SAKURA Internet Research Center
Senior Researcher / Naoto MATSUMOTO
Il documento si propone di analizzare in dettaglio le fasi di un penetration test (information gathering, ricerca exploit, client side attack, password cracking, backdoor).
La distribuzione GNU/Linux utilizzata come piattaforma di base per eseguire i penetration test è BackTrack.
Day by day, we store more and more confidential information on our computers, from sites account credentials to our bank account. Every day, malware becomes more and more silent, they don’t want you to be suspicious, they just want to stay into your device to do something …that you don’t really want.
The document discusses an offline brute force attack method against the WiFi Protected Setup (WPS) protocol. It explains that many wireless access points and routers use weak pseudo-random number generators with small states that can be recovered, allowing an attacker to determine the nonces used in the WPS handshake and then brute force the PIN offline. It provides details on how the attack would work by recovering the PRNG state from the initial message and then determining the PIN. Vendors are shown to have weak responses or lack of acknowledgment of the issue, which affects many chipset and product brands that use a common reference implementation.
Watching And Manipulating Your Network TrafficJosiah Ritchie
This is an intro presentation to using the powerful tools for provided for linux in the area of networking. These are command line only tools because in a good network firewall, you won't have the option of graphical tools.
The document contains information about various digital circuits that can be used for a VHDL practical exam, including code and simulations for:
1. A 4-bit by 4-bit multiplier circuit with VHDL code and a simulation forcing inputs and displaying outputs.
2. An 8-bit by 8-bit multiplier circuit with similar VHDL code and simulation.
3. A 128-bit by 8-bit RAM circuit with 1024 bits of memory, VHDL code, and a simulation storing values and reading them back out.
Apresentação na Pós-Graduação em Segurança da Informação:
- Sniffer de senhas em plain text;
- Ataque de brute-force no SSH;
- Proteção: Firewall, IPS e/ou TCP Wrappers;
- Segurança básica no sshd_config;
- Chaves RSA/DSA para acesso remoto;
- SSH buscando chaves no LDAP;
- Porque previnir o acesso: Fork Bomb
Free LIX is an open source firewall and load balancer software that runs on Linux. It provides stateful packet inspection firewall capabilities and uses Netfilter, LVS, and Keepalived to provide high availability and load balancing. The document discusses Free LIX's command syntax, configuration options, virtualization support, and prototype hardware implementations using low-cost devices.
Palestra realizada por Toronto Garcez aka torontux durante a 3a. edição da Nullbyte Security Conference em 26 de novembro de 2016.
Resumo:
O objetivo da apresentação é demonstrar de forma prática, o passo-a-passo para criar uma botnet com roteadores wi-fi e/ou embarcados em geral. Será demonstrado o desenvolvimento de um comando e controle e a utilização de firmwares "backdorados" para tornar dispositivos em bots.
The document discusses using HoneyPots with Honeyd to detect attacks. It describes how Honeyd can create virtual hosts and configure them with various personalities and services. Logs of activity on services like SMTP, HTTP, and SSH can be examined to identify attacks. Configuring a HoneyPot with Honeyd involves creating host profiles, adding services and scripts to emulate operating systems and applications. This allows monitoring of attacks while adding security.
The document discusses using proxy ARP to allow multiple containers and VMs to share a single network interface on the host machine. It notes some limitations of alternative approaches like Linux bridges, Open vSwitch, and MACVLAN. It also describes some issues with proxy ARP like stealing MAC addresses and requiring static routing. The proposed solution is to use arptables to selectively allow ARP requests from specific IP addresses to prevent MAC address conflicts while enabling network access for containers and VMs.
High Availability Server Clustering without ILB(Internal Load Balancer) (MEMO)Naoto MATSUMOTO
High Availability Server Clustering without ILB(Internal Load Balancer) (MEMO)
20-Feb-2015
SAKURA Internet Research Center.
Senior Researcher / Naoto MATSUMOTO
This document discusses techniques for bypassing security products on Windows systems by manipulating process and registry notification callbacks. It shows how the Mimikatz tool can be used to find and modify these callbacks to prevent security products from receiving important notifications. Specifically, it demonstrates patching a callback routine to do nothing, and notes unlinking callbacks from the notification list is also possible but requires more work. The conclusion is this approach allows killing any security tool while making it appear still active from a monitoring perspective.
An Easy way to build a server cluster without top of rack switches (MEMO)Naoto MATSUMOTO
An Easy way to build a server cluster without top of rack switches (MEMO)
12-Feb-2015
SAKURA Internet Research Center.
Senior Researcher / Naoto MATSUMOTO
This document discusses tools and techniques for securing Mac OS servers and workstations. It provides tips for choosing strong passwords and securing accounts. It also summarizes intrusion detection tools like Nessus, SAINT, and Splunk that can detect vulnerabilities, rootkits, and unusual network activity. Finally, it describes Neofelis, an open-source honeypot for Mac OS X that can monitor attacks and aid in forensic analysis to identify zero-day vulnerabilities.
The document aims to analyze in detail the main phases of a penetration test, in particular: how to become silent, how to performe information gathering and service information gathering, how to find exploits and how you can actually use them.
By the way … the platform used to perform the penetration test is Kali (not Kali 2.0 because at the moment it works but not perfectly)..
How to install OpenStack MITAKA --allinone - cheat sheet -Naoto MATSUMOTO
How to install OpenStack MITAKA --allinone - cheat sheet -
27-Jun, 2016
SAKURA Internet, Inc. / SAKURA Internet Research Center
Senior Researcher / Naoto MATSUMOTO
Il documento si propone di analizzare in dettaglio le fasi di un penetration test (information gathering, ricerca exploit, client side attack, password cracking, backdoor).
La distribuzione GNU/Linux utilizzata come piattaforma di base per eseguire i penetration test è BackTrack.
Day by day, we store more and more confidential information on our computers, from sites account credentials to our bank account. Every day, malware becomes more and more silent, they don’t want you to be suspicious, they just want to stay into your device to do something …that you don’t really want.
The document discusses an offline brute force attack method against the WiFi Protected Setup (WPS) protocol. It explains that many wireless access points and routers use weak pseudo-random number generators with small states that can be recovered, allowing an attacker to determine the nonces used in the WPS handshake and then brute force the PIN offline. It provides details on how the attack would work by recovering the PRNG state from the initial message and then determining the PIN. Vendors are shown to have weak responses or lack of acknowledgment of the issue, which affects many chipset and product brands that use a common reference implementation.
Watching And Manipulating Your Network TrafficJosiah Ritchie
This is an intro presentation to using the powerful tools for provided for linux in the area of networking. These are command line only tools because in a good network firewall, you won't have the option of graphical tools.
The document contains information about various digital circuits that can be used for a VHDL practical exam, including code and simulations for:
1. A 4-bit by 4-bit multiplier circuit with VHDL code and a simulation forcing inputs and displaying outputs.
2. An 8-bit by 8-bit multiplier circuit with similar VHDL code and simulation.
3. A 128-bit by 8-bit RAM circuit with 1024 bits of memory, VHDL code, and a simulation storing values and reading them back out.
Apresentação na Pós-Graduação em Segurança da Informação:
- Sniffer de senhas em plain text;
- Ataque de brute-force no SSH;
- Proteção: Firewall, IPS e/ou TCP Wrappers;
- Segurança básica no sshd_config;
- Chaves RSA/DSA para acesso remoto;
- SSH buscando chaves no LDAP;
- Porque previnir o acesso: Fork Bomb
Free LIX is an open source firewall and load balancer software that runs on Linux. It provides stateful packet inspection firewall capabilities and uses Netfilter, LVS, and Keepalived to provide high availability and load balancing. The document discusses Free LIX's command syntax, configuration options, virtualization support, and prototype hardware implementations using low-cost devices.
Palestra realizada por Toronto Garcez aka torontux durante a 3a. edição da Nullbyte Security Conference em 26 de novembro de 2016.
Resumo:
O objetivo da apresentação é demonstrar de forma prática, o passo-a-passo para criar uma botnet com roteadores wi-fi e/ou embarcados em geral. Será demonstrado o desenvolvimento de um comando e controle e a utilização de firmwares "backdorados" para tornar dispositivos em bots.
Linux Tracing Superpowers by Eugene PirogovPivorak MeetUp
This document discusses Linux tracing tools and the evolution from DTrace on BSD to eBPF on Linux. It begins with an overview of DTrace and its capabilities on BSD, then discusses the limitations of early Linux tracing tools. It introduces eBPF and the BCC compiler collection, which make it easier to write and use eBPF programs. Examples are given showing how BCC can be used to trace system calls, file opens, and command executions. The document argues that BCC and eBPF help address the problems of early Linux tracing by making the tools more approachable and powerful for production use.
Linux 4.x Tracing: Performance Analysis with bcc/BPFBrendan Gregg
Talk about bcc/eBPF for SCALE15x (2017) by Brendan Gregg. "BPF (Berkeley Packet Filter) has been enhanced in the Linux 4.x series and now powers a large collection of performance analysis and observability tools ready for you to use, included in the bcc (BPF Complier Collection) open source project. BPF nowadays can do system tracing, software defined networks, and kernel fast path: much more than just filtering packets! This talk will focus on the bcc/BPF tools for performance analysis, which make use of other built in Linux capabilities: dynamic tracing (kprobes and uprobes) and static tracing (tracepoints and USDT). There are now bcc tools for measuring latency distributions for file system I/O and run queue latency, printing details of storage device I/O and TCP retransmits, investigating blocked stack traces and memory leaks, and a whole lot more. These lead to performance wins large and small, especially when instrumenting areas that previously had zero visibility. Tracing superpowers have finally arrived, built in to Linux."
This document describes how to configure an OpenStack environment with Distributed Virtual Router (DVR) functionality using VirtualBox virtual machines. It includes details on setting up 3 VMs for the controller, network, and compute nodes, installing OpenStack using scripts, configuring IP addresses and users, replicating the compute node, and verifying the DVR installation and environment.
bcc/BPF tools - Strategy, current tools, future challengesIO Visor Project
Brendan Gregg discusses the current state and future potential of BPF and BCC tools for observability in Linux. He outlines 18 areas where BPF support has progressed and 16 areas still needing work. Gregg also discusses challenges like dynamic tracing stability, overhead, ease of coding, and developing visualizations. He proposes finishing ports of his old DTrace tools and links to resources on BPF, BCC, and flame graphs.
OSDC 2017 - Werner Fischer - Linux performance profiling and monitoringNETWAYS
Nowadays system administrators have great choices when it comes down to Linux performance profiling and monitoring. The challenge is to pick the appropriate tools and interpret their results correctly.
This talk is a chance to take a tour through various performance profiling and benchmarking tools, focusing on their benefit for every sysadmin.
More than 25 different tools are presented. Ranging from well known tools like strace, iostat, tcpdump or vmstat to new features like Linux tracepoints or perf_events. You will also learn which tools can be monitored by Icinga and which monitoring plugins are already available for that.
At the end the goal is to gather reference points to look at, whenever you are faced with performance problems.
Take the chance to close your knowledge gaps and learn how to get the most out of your system.
The document discusses various vulnerabilities in the Metasploitable virtual machine that can be exploited to gain unauthorized access. It describes how backdoors in FTP, IRC, and other services can be used to obtain root shells. It also explains how unintended access points like DistCC and Samba shares are misconfigured, allowing command execution and access to the file system.
- The document discusses various Linux system log files such as /var/log/messages, /var/log/secure, and /var/log/cron and provides examples of log entries.
- It also covers log rotation tools like logrotate and logwatch that are used to manage log files.
- Networking topics like IP addressing, subnet masking, routing, ARP, and tcpdump for packet sniffing are explained along with examples.
Slides from a talk at HPC Admintech 2019 about containers, a brief review on containers, how to create a container using common linux tools and how to integrate Docker with Slurm.
The document discusses hacking the Swisscom modem by exploiting default credentials to gain access. Upon login, the author runs commands to investigate the system such as viewing configuration files and mapping the internal network. Various system details are discovered including the Linux kernel version and software components.
This document provides an overview of the Linux kernel, including its history, structure, build process, installation, updating, and customization. It discusses getting the kernel source code, configuring and building the kernel, installing modules and the kernel, applying updates via patches, and determining the correct driver for PCI devices by matching the vendor and device IDs. The key steps are to find the PCI IDs, search for the IDs in kernel headers to identify the driver, search the kernel makefiles and configuration to enable that driver for compilation.
This document provides instructions for setting up a CentOS 7 VM using VirtualBox for DPDK training. It describes installing CentOS 7 Minimal, configuring the VM with 4 network interfaces, installing DPDK and related tools, compiling sample applications like l3fwd and pktgen, and manually starting the applications on the VM to test basic packet forwarding functionality.
This document provides an overview of Linux performance monitoring tools including mpstat, top, htop, vmstat, iostat, free, strace, and tcpdump. It discusses what each tool measures and how to use it to observe system performance and diagnose issues. The tools presented provide visibility into CPU usage, memory usage, disk I/O, network traffic, and system call activity which are essential for understanding workload performance on Linux systems.
Talk by Brendan Gregg for USENIX LISA 2019: Linux Systems Performance. Abstract: "
Systems performance is an effective discipline for performance analysis and tuning, and can help you find performance wins for your applications and the kernel. However, most of us are not performance or kernel engineers, and have limited time to study this topic. This talk summarizes the topic for everyone, touring six important areas of Linux systems performance: observability tools, methodologies, benchmarking, profiling, tracing, and tuning. Included are recipes for Linux performance analysis and tuning (using vmstat, mpstat, iostat, etc), overviews of complex areas including profiling (perf_events) and tracing (Ftrace, bcc/BPF, and bpftrace/BPF), and much advice about what is and isn't important to learn. This talk is aimed at everyone: developers, operations, sysadmins, etc, and in any environment running Linux, bare metal or the cloud."
This document provides information on various debugging and profiling tools that can be used for Ruby including:
- lsof to list open files for a process
- strace to trace system calls and signals
- tcpdump to dump network traffic
- google perftools profiler for CPU profiling
- pprof to analyze profiling data
It also discusses how some of these tools have helped identify specific performance issues with Ruby like excessive calls to sigprocmask and memcpy calls slowing down EventMachine with threads.
This document provides instructions for receiving signals from ADS-B, AIS, and APRS systems using a software defined radio (SDR) on Ubuntu. It outlines the steps to install various software packages like dump1090, rtl-ais, gnuais, and multimon-ng. It also provides sample commands for decoding ADS-B transmissions on 1090MHz, AIS transmissions on 161.975/162.025MHz, and APRS signals on 144.640/431.040MHz using tools like dump1090, rtl_ais, gnuais, and multimon-ng in conjunction with the rtl-sdr SDR device.
1. The document discusses binary portability in virtualized environments using WebAssembly as an example.
2. It shows the steps to run an nginx WebAssembly binary using the wasmer runtime on Linux, including cloning the wasmer repository and running an nginx.wasm file.
3. A strace command is used to view the system calls made by the wasmer process running the nginx WebAssembly binary. This demonstrates it functioning like a normal Linux program and interacting with the operating system for I/O.
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyScyllaDB
Freshworks creates AI-boosted business software that helps employees work more efficiently and effectively. Managing data across multiple RDBMS and NoSQL databases was already a challenge at their current scale. To prepare for 10X growth, they knew it was time to rethink their database strategy. Learn how they architected a solution that would simplify scaling while keeping costs under control.
Digital Marketing Trends in 2024 | Guide for Staying AheadWask
https://www.wask.co/ebooks/digital-marketing-trends-in-2024
Feeling lost in the digital marketing whirlwind of 2024? Technology is changing, consumer habits are evolving, and staying ahead of the curve feels like a never-ending pursuit. This e-book is your compass. Dive into actionable insights to handle the complexities of modern marketing. From hyper-personalization to the power of user-generated content, learn how to build long-term relationships with your audience and unlock the secrets to success in the ever-shifting digital landscape.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on integration of Salesforce with Bonterra Impact Management.
Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...Alex Pruden
Folding is a recent technique for building efficient recursive SNARKs. Several elegant folding protocols have been proposed, such as Nova, Supernova, Hypernova, Protostar, and others. However, all of them rely on an additively homomorphic commitment scheme based on discrete log, and are therefore not post-quantum secure. In this work we present LatticeFold, the first lattice-based folding protocol based on the Module SIS problem. This folding protocol naturally leads to an efficient recursive lattice-based SNARK and an efficient PCD scheme. LatticeFold supports folding low-degree relations, such as R1CS, as well as high-degree relations, such as CCS. The key challenge is to construct a secure folding protocol that works with the Ajtai commitment scheme. The difficulty, is ensuring that extracted witnesses are low norm through many rounds of folding. We present a novel technique using the sumcheck protocol to ensure that extracted witnesses are always low norm no matter how many rounds of folding are used. Our evaluation of the final proof system suggests that it is as performant as Hypernova, while providing post-quantum security.
Paper Link: https://eprint.iacr.org/2024/257
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3Data Hops
Free A4 downloadable and printable Cyber Security, Social Engineering Safety and security Training Posters . Promote security awareness in the home or workplace. Lock them Out From training providers datahops.com
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframePrecisely
Inconsistent user experience and siloed data, high costs, and changing customer expectations – Citizens Bank was experiencing these challenges while it was attempting to deliver a superior digital banking experience for its clients. Its core banking applications run on the mainframe and Citizens was using legacy utilities to get the critical mainframe data to feed customer-facing channels, like call centers, web, and mobile. Ultimately, this led to higher operating costs (MIPS), delayed response times, and longer time to market.
Ever-changing customer expectations demand more modern digital experiences, and the bank needed to find a solution that could provide real-time data to its customer channels with low latency and operating costs. Join this session to learn how Citizens is leveraging Precisely to replicate mainframe data to its customer channels and deliver on their “modern digital bank” experiences.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Astute Business Solutions | Oracle Cloud Partner |
Network Adapter Deep dive
1. Network Adapter Deep dive
6th May, 2020 SAKURA Internet, Inc. Research Center SR / Naoto MATSUMOTO
(C) Copyright 1996-2020 SAKURA Internet Inc
2. Enable SR-IOV TIPS (Melalnox ConnectX-4 EN)
2
# grep IOMMU /boot/config-`uname -r` | grep INTEL
CONFIG_INTEL_IOMMU=y
# vi /etc/default/grub
GRUB_CMDLINE_LINUX="intel_iommu=on iommu=pt"
# update-grub
# cd /opt
# tar xzvf ./mlnx-en-4.4-2.0.7.0-ubuntu16.04-x86_64.tgz
# cd mlnx-en-4.4-2.0.7.0-ubuntu16.04-x86_64
# ./install
# cd /opt
# tar xzvf ./mft-4.10.0-104-x86_64-deb.tgz
# cd mft-4.10.0-104-x86_64-deb
# ./install.sh
# mst start
# mst status
# mlxconfig -d /dev/mst/mt4115_pciconf0 set SRIOV_EN=1 NUM_OF_VFS=4
# sync; sync; sync; reboot
# echo 4 > /sys/class/net/enp101s0/device/sriov_numvfs
# dmesg | grep IOMMU
# mlxconfig -d /dev/mst/mt4115_pciconf0 q
# lspci -D | grep Mellanox
# lshw -class network -businfo
Bus info Device Class Description
========================================================
pci@0000:65:00.0 enp101s0 network MT27700 Family [ConnectX-4]
pci@0000:65:00.1 enp101s0f1 network Illegal Vendor ID
pci@0000:65:00.2 enp101s0f2 network Illegal Vendor ID
pci@0000:65:00.3 enp101s0f3 network Illegal Vendor ID
pci@0000:65:00.4 enp101s0f4 network Illegal Vendor ID
SOURCE: SAKURA Internet Research Center (2020/05)
3. Enable SR-IOV TIPS (Intel XL710)
3
# grep IOMMU /boot/config-`uname -r` | grep INTEL
CONFIG_INTEL_IOMMU=y
# vi /etc/default/grub
GRUB_CMDLINE_LINUX="intel_iommu=on iommu=pt"
# update-grub
# sync; sync; sync; reboot
# rmmod i40e
# modprobe i40e max_vfs=4
# echo 4 > /sys/class/net/enp101s0/device/sriov_numvfs
# lscpi
# lshw -class network -businfo
Bus info Device Class Description
========================================================
pci@0000:65:00.0 enp101s0 network Ethernet Controller XL710 for 40GbE QSFP+
pci@0000:65:02.0 enp101s2 network Illegal Vendor ID
pci@0000:65:02.1 enp101s2f1 network Illegal Vendor ID
pci@0000:65:02.2 enp101s2f2 network Illegal Vendor ID
pci@0000:65:02.3 enp101s2f3 network Illegal Vendor ID
SOURCE: SAKURA Internet Research Center (2020/05)
4. Enable RoCEv2 TIPS (Mellanox Connect X5)
4
# cd /opt
# tar xzvf ./mlnx-en-4.4-2.0.7.0-ubuntu18.04-x86_64.tgz
# cd mlnx-en-4.4-2.0.7.0-ubuntu18.04-x86_64
# ./insall
# /etc/init.d/mlnx-en.d restart
# cd /opt
# tar xzvf ./MLNX_OFED_LINUX-4.4-2.0.7.0-ubuntu18.04-x86_64.tgz
# cd MLNX_OFED_LINUX-4.4-2.0.7.0-ubuntu18.04-x86_64
# ./mlnxofedinstall
# /etc/init.d/openibd restart
# ufw disable
# ethtool -i enp1s0
# cma_roce_mode -d mlx5_0 -p 1 -m 2
RoCE v2
# show_gids
# mlnx_qos -i enp1s0 --pfc 0,0,0,1,0,0,0,0
# sysctl -w net.ipv4.tcp_ecn=1
# cma_roce_tos -d mlx5_0 -t 24
# /etc/init.d/irqbalance stop
# mlnx_affinity start
# ethtool -K enp1s0 tx-nocache-copy off
# echo performance > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
SERVER# ifconfig enp1s0 1.1.1.1/24 up up
CLIENT# ifconfig enp1s0 1.1.1.2/24 up up
SERVER# ib_write_bw -R --report_gbits --port=12500 -D 10
CLIENT# ib_write_bw -R --report_gbits 1.1.1.1 --port=12500 -D 10
SERVER# ib_write_lat -R --port=12500 -D 10
CLIENT# ib_write_lat -R 1.1.1.1 --port=12500 -D 10
SOURCE: SAKURA Internet Research Center (2020/05)
https://community.mellanox.com/docs/DOC-2650
https://community.mellanox.com/docs/DOC-2671
https://community.mellanox.com/docs/DOC-2521
https://community.mellanox.com/docs/DOC-2733
5. Enable TC H/W Offload TIPS (Mellanox Connect X5)
5
# apt install -y elfutils libelf-dev libmnl-dev bison flex pkg-config
# cd /opt; git clone https://git.kernel.org/pub/scm/network/iproute2/iproute2-next.git
# cd iproute2-next; ./configure ; make ; make install
# cd /opt; wget http://www.mellanox.com/downloads/ofed/MLNX_EN-4.4-2.0.7.0/mlnx-en-4.4-2.0.7.0-ubuntu18.04-x86_64.tgz
# tar xzvf mlnx-en-4.4-2.0.7.0-ubuntu18.04-x86_64.tgz; cd mlnx-en-4.4-2.0.7.0-ubuntu18.04-x86_64; ./install
# /etc/init.d/mlnx-en.d restart
# ethtool -k enp101s0 | grep hw-tc
hw-tc-offload: on
# grep IOMMU /boot/config-`uname -r` | grep INTEL
CONFIG_INTEL_IOMMU=y
# vi /etc/default/grub
GRUB_CMDLINE_LINUX="intel_iommu=on iommu=pt"
# update-grub
# dmesg | grep IOMMU
# cd /opt; tar xzvf ./mft-4.10.0-104-x86_64-deb.tgz; cd mft-4.10.0-104-x86_64-deb; ./install.sh
# mst start
# mlxconfig -d /dev/mst/mt4115_pciconf0 set SRIOV_EN=1 NUM_OF_VFS=4
# sync; sync; sync; reboot
# echo 4 > /sys/class/net/enp101s0/device/sriov_numvfs
# mlxconfig -d /dev/mst/mt4115_pciconf0 q
# lspci -D | grep Mellanox
# lshw -class network -businfo
# tc qdisc add dev enp101s0 ingress
# tc filter add dev enp101s0 protocol ip parent ffff: flower skip_sw ip_proto tcp dst_port 80 action drop
# tc -s filter show dev enp101s0 ingress
# tc qdisc add dev enp101s0f1 ingress
# tc -s monitor
# tc action help
# tc qdisc help
SOURCE: SAKURA Internet Research Center (2020/05)
6. Enable eswtich/ASAP2 TIPS (Mellanox Connect X5)
6
# mst start
# mlxconfig -d /dev/mst/mt4121_pciconf0 query
# mlxconfig -d /dev/mst/mt4121_pciconf0 set SRIOV_EN=1
# mlxconfig -d /dev/mst/mt4121_pciconf0 set NUM_OF_VFS=32
# sync; sync; sync; reboot
# echo 1 > /sys/class/net/enp1s0f0/device/sriov_numvfs
# devlink dev show
pci/0000:01:00.0 (*PF enp1s0f0 )
pci/0000:01:00.1 (*VF enp1s0f1 )
# echo 0000:01:00.1 > /sys/bus/pci/drivers/mlx5_core/unbind
# devlink dev eswitch set pci/0000:01:00.0 mode switchdev
# echo 0000:01:00.1 > /sys/bus/pci/drivers/mlx5_core/bind
# apt install openvswitch-switch -y
# /etc/init.d/openvswitch-switch start
# ovs-vsctl set Open_vSwitch . other_config:hw-offload=true
# /etc/init.d/openvswitch-switch restart
# ovs-vsctl add-br ovs-sriov
# ovs-vsctl add-port ovs-sriov enp1s0f0
# ovs-vsctl add-port ovs-sriov enp1s0f0_0
# ifconfig enp1s0f0 up up (*PF)
# ifconfig enp1s0f0_0 up up (*VF representor)
# ip netns add TEST (*namespace TEST)
# ip link set enp1s0f1 netns TEST
# ip netns exec TEST ifconfig enp1s0f1 up up (*VF)
# ip netns exec TEST dhcient enp1s0f1 (*VF assigned ip address 1.2.3.4)
# ip netns exec TEST ping 8.8.8.8
# ovs-dpctl dump-flows type=offloaded
# devlink dev eswitch show pci/0000:01:00.0
SOURCE: SAKURA Internet Research Center (2020/05)
7. Enable FD.io VPP TIPS (Intel XL710)
7
# update-grub
# apt remove --purge vpp*
# vi /etc/apt/sources.list.d/99fd.io.list
deb [trusted=yes] https://nexus.fd.io/content/repositories/fd.io.stable.1807.ubuntu.xenial.main/ ./
# apt update
# apt dist-upgrade -y
# apt install -y vpp vpp-lib vpp-plugins vpp-dpdk-dkms
# lshw -class network -businfo
# ifconfig enp101s0 down
# vi /etc/vpp/startup.conf
dpdk {
dev 0000:65:00.0
}
# service vpp restart
# vppctl show pci
Address Sock VID:PID Link Speed Driver Product Name
0000:65:00.0 0 8086:1584 8.0 GT/s x8 uio_pci_generic XL710 40GbE
# vppctl set int ip address FortyGigabitEthernet65/0/0 1.2.3.4/24
# vppctl set int state FortyGigabitEthernet65/0/0 up
# vppctl show interface addr
FortyGigabitEthernet65/0/0 (up):
L3 1.2.3.4/24
local0 (dn):
# vppctl show version
vpp v18.07-rc2~6-gdb6d6b3~b28 built by root on 10268b67c8b1 ...
SOURCE: SAKURA Internet Research Center (2020/05)