Tag Archives: Oracle

Security updates for Friday

Post Syndicated from ris original https://lwn.net/Articles/734606/rss

Security updates have been issued by CentOS (augeas, samba, and samba4), Debian (apache2, bluez, emacs23, and newsbeuter), Fedora (kernel and mingw-LibRaw), openSUSE (apache2 and libzip), Oracle (kernel), SUSE (kernel, spice, and xen), and Ubuntu (emacs24, emacs25, and samba).

Security updates for Wednesday

Post Syndicated from ris original https://lwn.net/Articles/734318/rss

Security updates have been issued by CentOS (emacs), Debian (apache2, gdk-pixbuf, and pyjwt), Fedora (autotrace, converseen, dmtx-utils, drawtiming, emacs, gtatool, imageinfo, ImageMagick, inkscape, jasper, k3d, kxstitch, libwpd, mingw-libzip, perl-Image-SubImageFind, pfstools, php-pecl-imagick, psiconv, q, rawtherapee, ripright, rss-glx, rubygem-rmagick, synfig, synfigstudio, techne, vdr-scraper2vdr, vips, and WindowMaker), Oracle (emacs and kernel), Red Hat (emacs and kernel), Scientific Linux (emacs), SUSE (emacs), and Ubuntu (apache2).

Weekly roundup: Calming diversions

Post Syndicated from Eevee original https://eev.ee/dev/2017/09/19/weekly-roundup-calming-diversions/

  • art: Doodled some expressions and an action pose or two. Ended up spending a day or two finishing this little beach picture (tumblr) with probably the best background I’ve ever produced? So that’s nice.

  • stream: I started streaming Oracle of Ages in two-to-three-hour chunks, on a whim.

  • writing: I did a little bit. Dipped my toe in the water, I guess.

  • fox flux: Still approaching finishing the protagonist, which I’ve been avoiding showing because it’s interesting spoilers, but god damn it’s annoying not being able to even show what I’m doing. Anyway I’m really close and then I can start building, like, the game.

  • cc: Stubbed out a scheme for moving between rooms, though it’s not quite usable on maps yet. Implemented one-way platforms. Finally finished splitting player input out of the player actor code. Gave up on finding any other way to do it and started writing my own GUI for defining sprite animations.

I seem to have spent the last few days fighting with obscure tech issues, which is getting pretty frustating, but it happened this week so it doesn’t count for the purposes of this post.

Other than that, I’m making steady progress on… stuff. Just not nearly as fast as I’d like. Never as fast as I’d like. Never enough time in the day, I guess.

Security updates for Friday

Post Syndicated from ris original https://lwn.net/Articles/733829/rss

Security updates have been issued by Arch Linux (flashplugin, kernel, lib32-flashplugin, and linux-lts), CentOS (postgresql), Debian (tcpdump and wordpress-shibboleth), Fedora (lightdm, python-django, and tomcat), Mageia (flash-player-plugin and libsndfile), openSUSE (chromium, cvs, kernel, and libreoffice), Oracle (postgresql), and Ubuntu (libgcrypt20 and thunderbird).

Security updates for Thursday

Post Syndicated from ris original https://lwn.net/Articles/733699/rss

Security updates have been issued by Arch Linux (tcpdump), CentOS (bluez and kernel), Debian (wordpress-shibboleth), Fedora (augeas, bluez, emacs, and libwmf), Oracle (kernel), Red Hat (instack-undercloud, kernel, openvswitch, and postgresql), Scientific Linux (postgresql), SUSE (kernel and xen), and Ubuntu (tcpdump).

Security updates for Wednesday

Post Syndicated from ris original https://lwn.net/Articles/733583/rss

Security updates have been issued by Arch Linux (bluez and linux-hardened), CentOS (bluez and kernel), Debian (bluez, emacs24, tcpdump, and xen), Fedora (kernel and mimedefang), Oracle (bluez and kernel), Red Hat (bluez, flash-plugin, instack-undercloud, kernel, kernel-rt, and openvswitch), Scientific Linux (bluez and kernel), Slackware (emacs and libzip), SUSE (xen), and Ubuntu (bluez and qemu).

The Weather Station and the eclipse

Post Syndicated from Richard Hayler original https://www.raspberrypi.org/blog/weather-station-eclipse/

As everyone knows, one of the problems with the weather is that it can be difficult to predict a long time in advance. In the UK we’ve had stormy conditions for weeks but, of course, now that I’ve finished my lightning detector, everything has calmed down. If you’re planning to make scientific measurements of a particular phenomenon, patience is often required.

Oracle Weather Station

Wake STEM ECH get ready to safely observe the eclipse

In the path of the eclipse

Fortunately, this wasn’t a problem for Mr Burgess and his students at Wake STEM Early College High School in Raleigh, North Carolina, USA. They knew exactly when the event they were interested in studying was going to occur: they were going to use their Raspberry Pi Oracle Weather Station to monitor the progress of the 2017 solar eclipse.

Wake STEM EC HS on Twitter

Through the @Celestron telescope #Eclipse2017 @WCPSS via @stemburgess

Measuring the temperature drop

The Raspberry Pi Oracle Weather Stations are always active and recording data, so all the students needed to do was check that everything was connected and working. That left them free to enjoy the eclipse, and take some amazing pictures like the one above.

You can see from the data how the changes in temperature lag behind the solar events – this makes sense, as it takes a while for the air to cool down. When the sun starts to return, the temperature rise continues on its pre-eclipse trajectory.

Oracle Weather Station

Weather station data 21st Aug: the yellow bars mark the start and end of the eclipse, the red bar marks the maximum sun coverage.

Reading Mr Burgess’ description, I’m feeling rather jealous. Being in the path of the Eclipse sounds amazing: “In North Carolina we experienced 93% coverage, so a lot of sunlight was still shining, but the landscape took on an eerie look. And there was a cool wind like you’d experience at dusk, not at 2:30 pm on a hot summer day. I was amazed at the significant drop in temperature that occurred in a small time frame.”

Temperature drop during Eclipse Oracle Weather Station.

Close up of data showing temperature drop as recorded by the Raspberry Pi Oracle Weather Station. The yellow bars mark the start and end of the eclipse, the red bar marks the maximum sun coverage.

 Weather Station in the classroom

I’ve been preparing for the solar eclipse for almost two years, with the weather station arriving early last school year. I did not think about temperature data until I read about citizen scientists on a NASA website,” explains Mr Burgess, who is now in his second year of working with the Raspberry Pi Oracle Weather Station. Around 120 ninth-grade students (ages 14-15) have been involved with the project so far. “I’ve found that students who don’t have a strong interest in meteorology find it interesting to look at real data and figure out trends.”

Wake STEM EC Raspberry Pi Oracle Weather Station installation

Wake STEM EC Raspberry Pi Oracle Weather Station installation

As many schools have discovered, Mr Burgess found that the biggest challenge with the Weather Station project “was finding a suitable place to install the weather station in a place that could get power and Ethernet“. To help with this problem, we’ve recently added two new guides to help with installing the wind sensors outside and using WiFi to connect the kit to the Internet.

Raspberry Pi Oracle Weather Station

If you want to keep up to date with all the latest Raspberry Pi Oracle Weather Station activities undertaken by our network of schools around the world, make sure you regularly check our weather station forum. Meanwhile, everyone at Wake STEM ECH is already starting to plan for their next eclipse on Monday, April 8, 2024. I wonder if they’d like some help with their Weather Station?

The post The Weather Station and the eclipse appeared first on Raspberry Pi.

Security updates for Wednesday

Post Syndicated from ris original https://lwn.net/Articles/733040/rss

Security updates have been issued by Debian (file, icedove, irssi, ruby2.3, and tcpdump), Fedora (libzip and openjpeg2), openSUSE (clamav-database, icu, libzypp, zypper, and php5), Oracle (389-ds-base), Red Hat (rh-maven33-groovy), SUSE (postgresql94, postgresql96, and python-pycrypto), and Ubuntu (bzr and libgd2).

2017-09-05 апокрифи 2

Post Syndicated from Vasil Kolev original https://vasil.ludost.net/blog/?p=3365

Насъбрали са се още апокрифи, та след първата част, ето и втора…

На един мобилен оператор му се строшило нещо по billing-а. Оказал се тежък проблем, и докато го решавали тумбата техничари, се оказало, че от другата страна нещата имат двучасов буфер за CDR-ите и почнали да се drop-ват. Последвали тайно обаждания “звъни където искаш, сега не се отчита”…

Случка, която най-вероятно е позната от личен опит на много хора – един админ щял да си ляга и написал “halt” на лаптопа си. Учудил се, след като 10на минути лаптопа не угаснал, погледнал и открил, че това го бил пуснал на един от сървърите. Последвало ходене в снега посред нощ да го включи обратно.

В древни ISP времена, едно ISP искало да пусне нов ADSL link нанякъде. Имали си един дебел телефонен кабел в мазето, който бил развързан частично на една глава. Та, обадили се те на БТК, дошъл някакъв ядосан чичко, той гледал 5 минути кабела, след което хванал един чифт, казал ядосано “На!” и си тръгнал. Имало 30-40 стърчащи чифта там…

Един друг древен интернет доставчик хванал един програмист да им напише dialer за техните услуги (някакво програмче, което да настрои модеми, account-и и т.н., та да не се мъчи крайния потребител). Та, приложението тръгвало с един wizard, в който първия въпрос бил на какъв език да работи, втория – “приоритет на thread-а”.

Седнали няколко студента да играят sokoban (явно им било скучно). Дошъл им на гости един техен приятел, състезател по информатика (щях да кажа бивш, ама то бивши няма), който видял играта, седнал и написал нещо, което разпознавало нивото на екрана и го решавало.

В още по-древни времена, когато стандартното набиране беше пулсово, един от админите на ISP си звъни на dialup-а и нещо не се връзва. Вдига телефона да чуе какво става и чува някакъв женски глас отсреща. Казва “ама аз очаквах да ми вдигне модем” и отговора отсреща бил “модем съм, модем съм, говори ми”. Бил се преплел със секс телефон…

Като пример, че хората не се научават, на ТРИ пъти DNS зоната на една фирма, host-вана в определено ISP спирала да работи за по няколко часа, защото тамошния админ я редактирал с notepad, записвал я с CR/LF редове, и не забелязвал как nameserver-а отказва да я разбира.

И за завършек, нещо от VFU:
Преди около година .bat + oracle-джийските програмисти от Софийската фирма Б.С. заминават в командировка до град Плевен за да сменят локалната компютърна система на една банка. Пристигат в града, влизат в местния офис на банката; казват, че идват от София; служителите съответно ги пускат; момчетата преконфигурират и преинсталират всичко; инструктират персонала как да работи с новия софтуер.
Каква била изненадата им, когато на излизане поглеждат нагоре и разбират, че са объркали банката!

Security updates for Friday

Post Syndicated from corbet original https://lwn.net/Articles/732649/rss

Security updates have been issued by CentOS (openssh, poppler, and thunderbird), Debian (graphicsmagick and openexr), Fedora (cacti, dnsdist, exim, groovy18, kernel, libsndfile, mingw-libzip, and taglib), Oracle (openssh), Red Hat (openssh), Scientific Linux (openssh), and SUSE (git and xen).

Security updates for Thursday

Post Syndicated from jake original https://lwn.net/Articles/732530/rss

Security updates have been issued by Debian (connman, faad2, gnupg, imagemagick, libdbd-mysql-perl, mercurial, and php5), openSUSE (postgresql93 and samba and resource-agents), Oracle (poppler), Scientific Linux (poppler), SUSE (firefox and php7), and Ubuntu (pyjwt).

Security updates for Tuesday

Post Syndicated from corbet original https://lwn.net/Articles/731678/rss

Security updates have been issued by Debian (extplorer and libraw), Fedora (mingw-libsoup, python-tablib, ruby, and subversion), Mageia (avidemux, clamav, nasm, php-pear-CAS, and shutter), Oracle (xmlsec1), Red Hat (openssl tomcat), Scientific Linux (authconfig, bash, curl, evince, firefox, freeradius, gdm gnome-session, ghostscript, git, glibc, gnutls, groovy, GStreamer, gtk-vnc, httpd, java-1.7.0-openjdk, kernel, libreoffice, libsoup, libtasn1, log4j, mariadb, mercurial, NetworkManager, openldap, openssh, pidgin, pki-core, postgresql, python, qemu-kvm, samba, spice, subversion, tcpdump, tigervnc fltk, tomcat, X.org, and xmlsec1), SUSE (git), and Ubuntu (augeas, cvs, and texlive-base).

Oracle considers letting go of Java EE

Post Syndicated from corbet original https://lwn.net/Articles/731579/rss

Oracle has announced
that it is considering stepping back from management of the Java Enterprise
Edition. “We are discussing how we can improve the Java EE
development process following the delivery of Java EE 8. We believe that
moving Java EE technologies including reference implementations and test
compatibility kit to an open source foundation may be the right next step,
in order to adopt more agile processes, implement more flexible licensing,
and change the governance process. We plan on exploring this possibility
with the community, our licensees and several candidate foundations to see
if we can move Java EE forward in this direction.

Security updates for Monday

Post Syndicated from jake original https://lwn.net/Articles/731567/rss

Security updates have been issued by Arch Linux (newsbeuter), Debian (augeas, curl, ioquake3, libxml2, newsbeuter, and strongswan), Fedora (bodhi, chicken, chromium, cryptlib, cups-filters, cyrus-imapd, glibc, mingw-openjpeg2, mingw-postgresql, qpdf, and torbrowser-launcher), Gentoo (bzip2, evilvte, ghostscript-gpl, Ked Password Manager, and rar), Mageia (curl, cvs, fossil, jetty, kernel, kernel-linus, kernel-tmb, libmspack, mariadb, mercurial, potrace, ruby, and taglib), Oracle (kernel), Red Hat (xmlsec1), and Ubuntu (graphite2 and strongswan).

Security updates for Friday

Post Syndicated from jake original https://lwn.net/Articles/731405/rss

Security updates have been issued by Debian (kernel and libmspack), Fedora (groovy18 and nasm), openSUSE (curl, java-1_8_0-openjdk, libplist, shutter, and thunderbird), Oracle (git, groovy, kernel, and mercurial), Red Hat (rh-git29-git), SUSE (openvswitch), and Ubuntu (c-ares, clamav, firefox, libmspack, and openjdk-7).

Security updates for Thursday

Post Syndicated from jake original https://lwn.net/Articles/731309/rss

Security updates have been issued by CentOS (git), Debian (firefox-esr and mariadb-10.0), Gentoo (bind and tnef), Mageia (kauth, kdelibs4, poppler, subversion, and vim), openSUSE (fossil, git, libheimdal, libxml2, minicom, nodejs4, nodejs6, openjpeg2, openldap2, potrace, subversion, and taglib), Oracle (git and kernel), Red Hat (git, groovy, httpd24-httpd, and mercurial), Scientific Linux (git), and SUSE (freeradius-server, ImageMagick, and subversion).

Security updates for Wednesday

Post Syndicated from ris original https://lwn.net/Articles/731167/rss

Security updates have been issued by CentOS (firefox, httpd, and java-1.7.0-openjdk), Fedora (cups-filters, potrace, and qpdf), Mageia (libsoup and mingw32-nsis), openSUSE (kernel), Oracle (httpd, kernel, spice, and subversion), Red Hat (httpd, java-1.7.1-ibm, and subversion), Scientific Linux (httpd), Slackware (xorg), SUSE (java-1_8_0-openjdk), and Ubuntu (firefox, linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon, linux-lts-xenial, postgresql-9.3, postgresql-9.5, postgresql-9.6, and ubufox).

AWS CloudHSM Update – Cost Effective Hardware Key Management at Cloud Scale for Sensitive & Regulated Workloads

Post Syndicated from Jeff Barr original https://aws.amazon.com/blogs/aws/aws-cloudhsm-update-cost-effective-hardware-key-management/

Our customers run an incredible variety of mission-critical workloads on AWS, many of which process and store sensitive data. As detailed in our Overview of Security Processes document, AWS customers have access to an ever-growing set of options for encrypting and protecting this data. For example, Amazon Relational Database Service (RDS) supports encryption of data at rest and in transit, with options tailored for each supported database engine (MySQL, SQL Server, Oracle, MariaDB, PostgreSQL, and Aurora).

Many customers use AWS Key Management Service (KMS) to centralize their key management, with others taking advantage of the hardware-based key management, encryption, and decryption provided by AWS CloudHSM to meet stringent security and compliance requirements for their most sensitive data and regulated workloads (you can read my post, AWS CloudHSM – Secure Key Storage and Cryptographic Operations, to learn more about Hardware Security Modules, also known as HSMs).

Major CloudHSM Update
Today, building on what we have learned from our first-generation product, we are making a major update to CloudHSM, with a set of improvements designed to make the benefits of hardware-based key management available to a much wider audience while reducing the need for specialized operating expertise. Here’s a summary of the improvements:

Pay As You Go – CloudHSM is now offered under a pay-as-you-go model that is simpler and more cost-effective, with no up-front fees.

Fully Managed – CloudHSM is now a scalable managed service; provisioning, patching, high availability, and backups are all built-in and taken care of for you. Scheduled backups extract an encrypted image of your HSM from the hardware (using keys that only the HSM hardware itself knows) that can be restored only to identical HSM hardware owned by AWS. For durability, those backups are stored in Amazon Simple Storage Service (S3), and for an additional layer of security, encrypted again with server-side S3 encryption using an AWS KMS master key.

Open & Compatible  – CloudHSM is open and standards-compliant, with support for multiple APIs, programming languages, and cryptography extensions such as PKCS #11, Java Cryptography Extension (JCE), and Microsoft CryptoNG (CNG). The open nature of CloudHSM gives you more control and simplifies the process of moving keys (in encrypted form) from one CloudHSM to another, and also allows migration to and from other commercially available HSMs.

More Secure – CloudHSM Classic (the original model) supports the generation and use of keys that comply with FIPS 140-2 Level 2. We’re stepping that up a notch today with support for FIPS 140-2 Level 3, with security mechanisms that are designed to detect and respond to physical attempts to access or modify the HSM. Your keys are protected with exclusive, single-tenant access to tamper-resistant HSMs that appear within your Virtual Private Clouds (VPCs). CloudHSM supports quorum authentication for critical administrative and key management functions. This feature allows you to define a list of N possible identities that can access the functions, and then require at least M of them to authorize the action. It also supports multi-factor authentication using tokens that you provide.

AWS-Native – The updated CloudHSM is an integral part of AWS and plays well with other tools and services. You can create and manage a cluster of HSMs using the AWS Management Console, AWS Command Line Interface (CLI), or API calls.

Diving In
You can create CloudHSM clusters that contain 1 to 32 HSMs, each in a separate Availability Zone in a particular AWS Region. Spreading HSMs across AZs gives you high availability (including built-in load balancing); adding more HSMs gives you additional throughput. The HSMs within a cluster are kept in sync: performing a task or operation on one HSM in a cluster automatically updates the others. Each HSM in a cluster has its own Elastic Network Interface (ENI).

All interaction with an HSM takes place via the AWS CloudHSM client. It runs on an EC2 instance and uses certificate-based mutual authentication to create secure (TLS) connections to the HSMs.

At the hardware level, each HSM includes hardware-enforced isolation of crypto operations and key storage. Each customer HSM runs on dedicated processor cores.

Setting Up a Cluster
Let’s set up a cluster using the CloudHSM Console:

I click on Create cluster to get started, select my desired VPC and the subnets within it (I can also create a new VPC and/or subnets if needed):

Then I review my settings and click on Create:

After a few minutes, my cluster exists, but is uninitialized:

Initialization simply means retrieving a certificate signing request (the Cluster CSR):

And then creating a private key and using it to sign the request (these commands were copied from the Initialize Cluster docs and I have omitted the output. Note that ID identifies the cluster):

$ openssl genrsa -out CustomerRoot.key 2048
$ openssl req -new -x509 -days 365 -key CustomerRoot.key -out CustomerRoot.crt
$ openssl x509 -req -days 365 -in ID_ClusterCsr.csr   \
                              -CA CustomerRoot.crt    \
                              -CAkey CustomerRoot.key \
                              -CAcreateserial         \
                              -out ID_CustomerHsmCertificate.crt

The next step is to apply the signed certificate to the cluster using the console or the CLI. After this has been done, the cluster can be activated by changing the password for the HSM’s administrative user, otherwise known as the Crypto Officer (CO).

Once the cluster has been created, initialized and activated, it can be used to protect data. Applications can use the APIs in AWS CloudHSM SDKs to manage keys, encrypt & decrypt objects, and more. The SDKs provide access to the CloudHSM client (running on the same instance as the application). The client, in turn, connects to the cluster across an encrypted connection.

Available Today
The new HSM is available today in the US East (Northern Virginia), US West (Oregon), US East (Ohio), and EU (Ireland) Regions, with more in the works. Pricing starts at $1.45 per HSM per hour.

Jeff;