Podcasts about ddos

Share on
Share on Facebook
Share on Twitter
Share on Reddit
Copy link to clipboard

Cyber attack disrupting service by overloading the provider of the service

  • 829PODCASTS
  • 1,993EPISODES
  • 45mAVG DURATION
  • 5WEEKLY NEW EPISODES
  • Jan 24, 2022LATEST
ddos

POPULARITY

20122013201420152016201720182019202020212022


Best podcasts about ddos

Show all podcasts related to ddos

Latest podcast episodes about ddos

mixxio — podcast diario de tecnología

Los seguros vs. los hackeos masivos / Ataque DDoS a tuicheros andorranos / YouTuber estrelló un avión para ganar visitas / Juez impide a un youtuber jugar a Roblox / Detenido por estafar en Grindr / Estudio de cine en órbita / La NASA limpia la Perseverance / Chrome 100.0 Patrocinador: Cuidado con las Macros Ocultas https://www.cuidadoconlasmacrosocultas.com/ es un podcast de divulgación tecnológica para empresas impulsado por Cuatroochenta que responde a preguntas clave de nuestra época en cada episodio: ¿Cómo es un ciberataque desde dentro?, ¿cuál es el impacto medioambiental de la nube?, ¿qué cambiará realmente la IA? — Suscríbete en Spotify https://open.spotify.com/episode/1IyJTLfo2XlrwNwwm0q2gp?si=2gOAVIqdR3yDHLlRU3CX5g, Apple https://podcasts.apple.com/es/podcast/cuidado-con-las-macros-ocultas/id1582767310?i=1000547511042, Ivoox https://www.ivoox.com/m05-automatismos-robots-avatares-el-nuevo-digital-audios-mp3_rf_80668395_1.html, Google https://podcasts.google.com/feed/aHR0cHM6Ly9vbW55LmZtL3Nob3dzL2N1aWRhZG8tY29uLWxhcy1tYWNyb3Mtb2N1bHRhcy9wbGF5bGlzdHMvcG9kY2FzdC5yc3M/episode/ZjgxYjg5MDQtODAyYi00MjI5LTk3Y2ItYWUwODAwOTdhZWVi?ep=14, etc. Los seguros vs. los hackeos masivos / Ataque DDoS a tuicheros andorranos / YouTuber estrelló un avión para ganar visitas / Juez impide a un youtuber jugar a Roblox / Detenido por estafar en Grindr / Estudio de cine en órbita / La NASA limpia la Perseverance / Chrome 100.0

The Cloud Pod
148: The Cloud Pod Siemplify's Our First Recording of 2022

The Cloud Pod

Play Episode Listen Later Jan 21, 2022 53:40


On The Cloud Pod this week, Peter finally gets to share his top announcements of 2021. Plus, Google increases security with Siemplify, Azure updates Defender, and AWS comes into the new year with a lot of changes. A big thanks to this week's sponsors: Foghorn Consulting, which provides full-stack cloud solutions with a focus on strategy, planning, and execution for enterprises seeking to take advantage of the transformative capabilities of AWS, Google Cloud, and Azure. This week's highlights

Paul's Security Weekly
Really Good Brownies - PSW #724

Paul's Security Weekly

Play Episode Listen Later Jan 21, 2022 175:59


This week, we start the show off with an interview with Neal O'Farrel, Founder of The PsyberResilience Project, to talk about Cyber Resilience & Cybersecurity Mental Health! Next up, it's the Security News: Malware targets Ukraine, I wonder where that's coming from?, evil Google Docs comments, Russia grabs REvil, funding a dictatorship, Zoom zero clicks, When 9-year olds launch DDoS attacks, 5G interference, and when your Mom steals your brownies.! In the Final Segment, we air a Technical Segment showing you how to Use WPScan To Find Wordpress Vulnerabilities!   Show Notes: https://securityweekly.com/psw724 Visit https://www.securityweekly.com/psw for all the latest episodes!   Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly  

Defense in Depth
DDoS Solutions

Defense in Depth

Play Episode Listen Later Jan 20, 2022 28:46


How seamless are Distributed Denial of Service or DDoS solutions today? If you get a denial of service attack, how quickly can these solutions snap into action with no manual response by the user? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Alastair Cooke (@demitasenz), analyst, GigaOm. Huge thanks to our podcast sponsor, MazeBolt In this episode: Where should a DDoS solution reside? What vital elements should go into a DDoS solution? Do we need more automation and intelligence in these solutions? How involved should the customer be with their DDoS solution? 

BlockHash: Exploring the Blockchain
Watchlist Wednesday | EP. 207

BlockHash: Exploring the Blockchain

Play Episode Listen Later Jan 5, 2022 26:46


This week on the new segment "Watchlist Wednesday", I cover the Bitcoin outlook for 2022, the Solana network going down via a DDOS attack, the Peruvian Crypto Bill, a large whale buying up Bitcoin, an Italian Bank offering crypto services, and the $9.3B in fund inflows from 2021 into crypto.

The CyberWire
Log4j updates, including an Aquatic Panda sighting. Cyberattacks hit news services in Norway, Israel, and Portugal. Addressing Y2K22.

The CyberWire

Play Episode Listen Later Jan 3, 2022 26:29


Aquatic Panda has been found working Log4shell exploits against an academic institution. Apache fixes new Log4j issues reported last week, and Microsoft also updates Windows Defender to address Log4j risks. Cyberattacks, criminal or hacktivist in motivation, hit news outlets around the new year. Microsoft works on fixing a Y2K22 bug in on-premise Exchange Server. Andrea Little Limbago from Interos on technology spheres of influence. Our guest is Mark Dehus from Lumen's Black Lotus Labs with DDoS insights. And CISA issues some ICS security advisories. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/11/1

Down the Wormhole
Faith, Astronomy, and Space Telescopes with Dr Jennifer Wiseman

Down the Wormhole

Play Episode Listen Later Dec 22, 2021 61:18


Episode 96 We are beyond thrilled to welcome Dr Jennifer Wiseman to the podcast today. We talk about her faith journey as well as her work in astronomy as she helps us to understand why the James Webb Space Telescope (launching this week), is going to take the Hubble to the next level. Her enthusiasm and wonder is contagious, so I hope you're ready to be inspired!    Dr Jennifer Wiseman is the Director of the American Association for the Advancement of Science (AAAS) program of Dialogue on Science, Ethics, and Religion (DoSER). She is also an astrophysicist, studying the formation of stars and planetary systems using radio, optical, and infrared telescopes. She studied physics for her bachelor's degree at MIT, discovering comet Wiseman-Skiff in 1987. After earning her Ph.D. in astronomy from Harvard University in 1995, she continued her research as a Jansky Fellow at the National Radio Astronomy Observatory and as a Hubble Fellow at the Johns Hopkins University. She also has an interest in national science policy and has served as an American Physical Society Congressional Science Fellow. She has worked with several major observatories and is currently a senior astrophysicist at the Goddard Space Flight Center.  She is also a public speaker and author, and enjoys giving talks on the inspiration of astronomy and scientific discovery to schools, youth and church groups, and civic organizations. She is a Fellow of the American Scientific Affiliation and a former Councilor of the American Astronomical Society.   https://sciencereligiondialogue.org/ https://hubblesite.org/ https://www.jwst.nasa.gov/ https://roman.gsfc.nasa.gov/      Support this podcast on Patreon at https://www.patreon.com/DowntheWormholepodcast   More information at https://www.downthewormhole.com/   produced by Zack Jackson music by Zack Jackson and Barton Willis    Transcript  This transcript was automatically generated by www.otter.ai, and as such contains errors (especially when multiple people are talking). As the AI learns our voices, the transcripts will improve. We hope it is helpful even with the errors. Zack Jackson 00:05 You are listening to the down the wormhole podcast exploring the strange and fascinating relationship between science and religion.   Ian Binns 00:13 Our guest today is the director of the American Association for the Advancement of Science program of dialogue on science, ethics and religion, also known as dozer. She is also an astrophysicist studying the formation of stars and planetary systems using radio, optical and infrared telescopes. She studied physics for her bachelor's degree at MIT discovering comet Wiseman Skiff in 1987. After earning her PhD in astronomy from Harvard University in 1995, she continued her research as the Jansky fellow at the National Radio Astronomy Observatory, and as a Hubble Fellow at the Johns Hopkins University. She also has an interest in national science policy and has served as an American Physical Society congressional science fellow. She has worked with several major observatories, and is currently a senior astrophysicist at the Goddard Space Flight Center. She's also a public speaker and author and enjoys giving talks and inspiration of astronomy and scientific discovery to schools, youth and church groups, and civic organizations. She's a fellow of the American scientific affiliation, and a former Counselor of the American Astronomical Society. We're very excited to welcome Dr. Jennifer Wiseman to the show today.   Jennifer Wiseman 01:22 Thank you, it's my pleasure to join you.   Ian Binns 01:25 So, um, Jennifer, again, thank you for agreeing to come and talk, we just, you know, we've met you and I met several years ago, I know that you and Zach know each other as well. And so we kind of wanted to start off with what got you into astronomy. And then how did that grow to include your science and religion work as well,   Jennifer Wiseman 01:47 I grew up out in a rural area in Arkansas, on a family farm. And so I was just surrounded by nature growing up, we lived in a pretty area that had nearby lakes and rivers. So I enjoyed everything about the natural world, I thought we had animals of our own livestock and pets, but also lots of wildlife that I enjoyed seeing. And then I also enjoy just wandering around meadows and the streams and, you know, swimming, and kayaking, and all those kinds of things. And that made me appreciate the natural world, we also had dark night skies when I was growing up. So we could go out at night and see stars from horizon to horizon. And that is such a rare treat these days, most people live in cities or suburbs and have stray light from parking lots and stores and streets that create a glow in the sky and really drown out a lot of the beauty of seeing stars, unfortunately. But I was able to see the night sky, we would go on evening walks my parents and dogs and and I would enjoy these these regular walks. And I would imagine what it was like to, to go up where the stars are. And I would I was curious. So I think that started me out just being naturally curious about nature. And then science was a kind of a natural affinity then because science is basically the formal study of how nature works. And I had good teachers in my public schools who encouraged me in all kinds of subjects, science, mathematics, but also humanities and music. But all of that together, I think was the foundation and then Pair that with as I was growing up, there was a lot of flurry of interest about space exploration, the Voyager spacecraft, were just sending the first images back to earth, of moons around planets in our solar system, close up views we've never had before. I just thought this was fascinating. And you know, a lot of science fiction like Star Wars movies and things were starting to come out in the late 70s and 80s. And I was caught up in that too. So there was a lot of social interest in space, as well as my own natural affinity for nature. And all of that together, I think set the foundation for my interest in doing something related to the space program, but I didn't have a clue as to how to get involved in it. But thankfully, I had teachers and encouraging family and church that just encouraged me to go on and try anything I wanted. So I went on to study science.   Zack Jackson 04:42 That's beautiful.   Ian Binns 04:43 Yeah, there's a lot to take away from that. One of the things I love the most is you referred to Star Wars and Star Wars fans. Thank you for that.   Zack Jackson 04:53 genre that we've we've spent quite some time on this podcast talking about the value of science fiction and how it implants This sorts of love of cosmos in love of the world into people into children's minds. And so they grow up to great things. Yeah, that's so sorry. Go ahead. Sorry, I'm walking all over you. So I'm, I hear you say that there was a lot of support from family from, from friends and teachers and even church. Did you get any of that? That sort of feeling that science and and God are at odds that so many young Christians did as they're growing up? Did you taste any of that? Or was it all supportive?   Jennifer Wiseman 05:36 I never had any sense that there should be some kind of conflict between science and faith. In fact, quite the opposite. I grew up again, in a in a place where nature just surrounded us, it was a rural area where people had farms or they enjoy recreation on the lakes and rivers, and it was pretty and so we just naturally correlated the beauty of the natural world with our faith and our love for God, because we understood that God is the Creator, and God is responsible for the creation and called it good. So I think at a very basic level there, there really wasn't any sense of conflict, quite the opposite that science was the study of God's handiwork. And we should be grateful for that. Now, when it came to the particulars, like how do you interpret the opening verses of the biblical book of Genesis, that seems to stipulate that all of creation came into being in a few literal days and those kinds of things? You know, I think we, we probably took that rather literally in church and so forth. We didn't have any reason not to. But I think I was also given a sense of humility that our pastors and things would would tell us that God doesn't give us all the details in in Scripture that, that He's given us just enough for what we need to know to have a relationship with God, but but he's also given us mines and other tools and giving us more knowledge as time goes on. And so I think, even though I was probably schooled in a more literalistic view of Scripture growing up, I was also given a sense of humility, that there might be more to it than just what is more two more information that that God will give us than just what's written in Scripture. So I think that enabled me as I began to learn more about the scientific picture of the vast size and age of the universe and the development of life, I was able to correlate that with a humble view of scripture that God didn't give us all these details in Scripture, but delights in us using scientific knowledge to learn some of these rich details, and wow, are they Rich, I mean, the universe is not small. It's enormous, beyond our wildest imaginations, both in space and time. And I think that's something that fascinates me the most about astronomy is that it is a time machine, we can use telescopes to see out and that is equivalent to seeing back in time has taken time for the light to get to us from either planets in our solar system, or other stars or distant galaxies. And we can see how the universe has changed over time by looking back in time to distant objects in space. So I think what I did pick up growing up in terms of attention is more of a philosophical tension. I remember watching my favorite program on television, which was the cosmos program, which was a wonderful exploration of the universe. And I really admire Carl Sagan to this day, I'm so grateful for how he opened my eyes to the mysteries of the solar system and the universe beyond and introduced me to these images coming from the Voyager probes of the outer solar system, things like that. But every once in a while he and some other well, spoken scientist would interject some philosophical opinions and things that were kind of denigrating toward religion or religious faith and I picked that up even as a teenager and as a child. I couldn't quite articulate it, but I even then could sense that while I loved the Science, I didn't like some of the content Have dismissive comments I was hearing about religious faith and I, you know, I just kind of put tuck that away, in my mind kind of puzzling. Why does there have to be some kind of, of denigration of faith when you're talking about the majesties of science and, and then, of course, as I became an adult and a scientist, I realized that there is, of course, a strong difference between what the science is telling us about the natural world and how it works. And human philosophical interpretation of which there can be different opinions. And and trying to separate, you know, what is the science telling us from? What are the different human interpretations of what the natural world is telling us about human purpose and meaning, and even our beliefs and God and purpose. And I'm able to do that much better as a as an adult scientist, and to see where that wind falls, then I think a lot of folks in the public may be prepared for when they hear a scientist kind of crossing the line between talking about just the science and expressing personal philosophical views.   Zack Jackson 11:12 But I think you do so with the same sort of humility, like it spills over from, from your study of astronomy into your, into your religion and philosophy, that, like you study the stars, and you see the unbelievable fakeness. And you just can't help but let that spill over into everything that well, why would I know everything about philosophy? Why would I know everything about God, that's absurd. I don't even know everything about our solar system. There's like a certain humility, I think that comes from, from when you're really into, into that kind of science that I appreciate, I think, I think astronomy makes me a better Christian, or at least a more of a mystical one. Anyway,   Jennifer Wiseman 11:57 I think what astronomy does for me is not you know, sort of prove God or something like that, I think it's very hard to take something from the natural world and use it to prove or disprove something that isn't confined to just the natural, observable world. But what it does do, being a person of faith as I am in enrich that faith, I mean, I believe in God as the Creator and Sustainer of the universe. And when I learn more about what that universe is like, that means that my reverence for God is much deeper. I mean, it's almost scary when you think about the ages of time we're talking about in terms of our own universe, and there may be other universes too, that we don't even know anything about. And yet we read in Scripture, that the same God who's responsible for this 13 point a billion years of the universe, and its content, and its evolution, is also concerned with the lives of us and of the sparrow, you know, of the, of the individual, what we would call insignificant wife in terms of time and space, and yet God chooses to call us significant because of God's own choosing and love. And so it's that kind of, you know, the infinitely large almost, and the infinitely small, almost, that God encompasses that's very hard for me to comprehend. But it does deepen my, my reverent fear and my appreciation for the kind of God that that we read about in Scripture, and that we experience as people of faith.   Zack Jackson 13:54 So you are the director of the American, the American Association for the Advancement of Science program of dialogue on science, ethics and religion, which is a huge mouthful. Which is triple A S. dozer, you know, for those who like acronyms, which is an organization that I think every single one of our listeners, like if you if you subscribe to this podcast, and this is an organization that you would be interested in learning more about, but I would wager to guess that a lot of them have never heard of it. Can you tell us a little bit about what you do and what the organization does and what kind of resources are available, how they can connect?   Jennifer Wiseman 14:40 Sure. Okay, so so the the world's largest scientific society is the American Association for the Advancement of Science. And that organization does exactly what it sounds like it triple as advances science for the good of people around the world. So AAA is publishes a journal scientific journal called science that many have heard of, or even written scientific articles for. AAA is also advocates the good use of science in society. So, AAA is has public education programs and programs helping legislators to see how science is beneficial to people in all walks of life, triple as sponsors some programs to advocate science for advancing human rights, and to work with different components of society to make sure science is being used to the benefit of all people. One of those programs is this dialogue program called the dialogue on science, ethics and religion, or doser. It's the you can find out about it by the website as.org/doser DDoS, er doser was thought of back in the 1990s, when scientists realized that to really be effective and communicating with people, we needed to understand how important religion and faith is in people's lives. And if we're really going to interface with different communities, especially in the US, we need to recognize that people's faith identity is a very important part of their worldview. Most people identify with a religion or a religious tradition, as an important aspect of their identity, and how they get a lot of their sense of values and worldview, including how they see the world and hear and articulate science and its use in their lives and work in ministries and so forth. So if scientists are not understanding of the importance of religion and faith in the lives of most people, and if they're not able to articulate science in a way that brings people on board and listen to the values of people from faith communities, then scientists are really missing a huge chance of understanding the value of science and how it can be incorporated into the lives of our culture. So the doser program was invented back in the 1990s, to start building those relationships between scientists and religious communities. These are religious communities of all faiths, and scientists of any faith or no faith, but building a dialogue about how science is important in the lives of our people in our culture. Today, the dozer program is very active, we have several projects, one of them, I think you guys are particularly knowledgeable, that is our science for seminaries project, where we work with seminaries from across the country, and even beyond the US that are interested in, in incorporating good science into the training of future pastors and congregational leaders, because science is a part of everyone's life today. So if a church wants to serve the world in the most effective way, they need to know to how to incorporate science into their ministries, if they want to be relevant to our culture, especially for young people, they need to understand the role of science. It's not just the old arguments about science and creation and evolution. A lot of people when they think about science and religion, they immediately wonder if there's some kind of an argument about how old the the world is. And you know, there are still some very interesting questions, of course, about How did life come into being and so forth. But most faith communities now are really much more excited about talking about many other aspects of science as well like space exploration. Could there be life beyond Earth or, or more practical things? How do we incorporate good science into ministries to the poor or helping people around the world have better food better, cleaner water? How do we get the best science incorporated into the best health care practices? I mean, this is of course come to the forefront during this pandemic with COVID-19 and trying to understand the science of vaccinations and the social reality of distributing vaccine and getting people to understand and trust the science enough to become protected as best we can against the terrible disease. So all these aspects Our I think invigorating a dialogue between faith communities and scientists in our dozer program really seeks to bring scientists and faith communities into better relationship and contact. And of course, these are overlapping communities. I mean, a lot of scientists themselves are people of faith from various faith traditions. But even scientists who are not or not, for the most part, are not hostile to faith communities, they just need a better architecture for building dialogue and relationship. In fact, most scientists already of course, are interfacing with people of faith, whether they know it or not the students in their classrooms, people in their lab and so forth. And so we also hold workshops for scientists, at scientific society meetings, and at research universities to help scientists better understand the important role that faith plays in the lives of many, probably most people in the US if you look at the polls, and how to make sure that they are incorporating a respect for that faith component of people's lives when they're talking about science in their classrooms, and, and in their interface with people in their public spheres of influence. Not just to help welcome people into science, but also to help people see how science is relevant to the values they already have.   Ian Binns 21:26 So I'm curious if we can shift a little bit a UML mentioned in your bio, that you've did have done some work with Hubble, the Hubble Space Telescope, and you know, we, this is going to be versus being released, hopefully, in the same day that the new The Next Generation Space Telescope, the James Webb Space Telescope will be launched. And so can you talk to us a little bit about your work with the Hubble Space Telescope, and then maybe the distinction between Hubble that a lot of people know about and the new one, the James Webb Space Telescope and what your hopes are for that.   Jennifer Wiseman 22:02 I've had the privilege of working with many different types of telescopes throughout my astronomical career. My own research is based on the use of radio telescopes, which are these big dish shaped telescopes. My doctoral research used an array of them out in New Mexico called the Very Large Array or the VLA. In fact, you can drive out there and see the Very Large Array, southwest of Albuquerque. And with these kinds of telescopes, I've been able to study how stars form in interstellar clouds, you can peer in through the dust and see some of these regions where infant stars are forming. I've also used and worked with the Hubble Space Telescope, which is a platform that's now become very famous Hubble is a is a satellite orbiting the Earth. It's not very far above the earth just a little over 300 miles above the surface of the Earth, but it's up there to get it above the clouds. So you can get a much clearer image of objects in deep space, whether you're observing planets or stars or distant galaxies and Hubble has been operating for almost 32 years now, thanks to repeated visits from astronauts that have kept the observatory functioning by replacing cameras from time to time and repairing electronics. So so the the observatories in very good shape. We're recording this discussion right now in mid December looking forward to next week what we're anticipating as it's the launch of another very large space telescope called the James Webb Space Telescope, named after a NASA administrator who was a science supporter back in the Apollo years. This telescope will be every bit as good as Hubble in terms of getting beautiful images of space. But it will also be different from Hubble because it will be very sensitive to infrared wavelengths of light, the Hubble telescope sees visible light like our eyes can see. And even energetic light that's bluer than blue ultraviolet light, which is emitted from energetic processes in galaxies and in regions where stars are forming. Hubble can even see a little bit into the infrared part of the spectrum of light, so that's a little redder than red, which helps us to see somewhat into these interstellar clouds I mentioned where stars are still forming and planets are forming and to see very distant galaxies because as we look out into distance space, light from very distant galaxies has taken millions, sometimes billions of years to come. To us, and as it's traveling through expanding space, that light loses some of its energy, it gets shifted into what we call the reddened part of the spectrum, we get red shifted. Because it's stretched the wavelength of light, we can think of it as being stretched as they pass through expanding space to get to our telescope. And so some of those galaxies even though the light started its trip as blue eight from stars and ends up being infrared light when we receive it here, Hubble can see some of those very distant galaxies, which we're seeing as they were very far back in time when they were just infant galaxies. But some of those galaxies that light is redshift, and even beyond what Hubble can see in this new Webb Space Telescope will see infrared light much farther into the infrared part of the electromagnetic spectrum than Hubble can see. So the Webb telescope will be able to see galaxies even earlier in the history of our universe, when they were just starting to form. And that will complement the kinds of galaxies and the kinds of information that Hubble sees for us. So, you know, we talked about the universe being about 13 point 8 billion years old, which we can glean from various different types of information about the universe. We're now seeing galaxies as they were forming for Well, within that first point, eight of the 13 point 8 billion year history of the universe, we're really seeing the universe at when it was basically in its childhood, and the Webb telescope will show us proto galaxies, the very first generations of stars and gas kind of coalescing as gravity holds it together in the very first few 100,200,000,000 years of the universe after its beginning, so we're excited about that closer to home, the Webb telescope will also see into that deeper into that infrared part of the spectrum that allows us to see deeper into these nurseries of interstellar gas in our own galaxy, where stars are forming and planets are forming and disks around those stars. And to gather the Hubble Telescope, which we anticipate will keep working for quite a few more years, and the Webb telescope will provide complimentary information. For example, when we look at star forming regions, the Hubble Telescope will tell us something about emission in visible light and ultraviolet light. Webb Telescope will give us the infrared part that gives us a lot more information about what those baby stars are like as they form. And even more exciting, we're now we're now discovering that there are planets around other stars we call those exoplanets because they're outside our solar system. We can study something about their atmospheres and in their composition of those atmospheres. Hubble tells us something about the atoms and molecules that emit their light and visible wavelengths and in ultraviolet wavelengths. The Webb telescope gives us information from molecules in these exoplanet atmospheres that emit in infrared wavelengths. So then we can get a whole spectrum of information, we can know whether some of these exoplanets have water vapor, whether they have oxygen, have other kinds of things that we really want to know about exoplanets, and what they're like. So, complimentary science is the name of the game as we look forward to the James Webb Space Telescope, and we think about how it will work in complement to the Hubble Space Telescope in the coming years.   Zack Jackson 28:56 I bet you blew my mind in about seven different times in the past couple of years. So I'm not entirely sure where to go with the fact that you can point to telescope towards an exoplanet and look at the way that light passes through the tiny sliver of an atmosphere and be able to then tell what that atmosphere is made out of. That blows my mind.   Jennifer Wiseman 29:32 Well, the Hubble Space Telescope was actually the pioneer of this method of studying exoplanets. To study exoplanets, you have to be kind of like a detective because you have to use indirect methods to detect them in the first place, and even to study much about them. I mean, we would all like to simply point a camera at another planet, outside our solar system and take a nice picture But these things are really small. They are tiny objects orbiting bright things we call stars, and they get lost in the glare of the star. So astronomers have to use indirect methods to detect them to detect exoplanets. The first ones were detected not by seeing the planet, but by seeing how the star it was orbiting would wobble in its orbit. And that's because there's a gravitational mutual tug between a planet and its parent star. So even if you can't see the planet, you can see the star wobbling a little bit in its position as the planet orbits around, and they're both actually orbiting what's called the center of mass between the two. So the first exoplanets were detected by noticing stars periodically wobbling in their position, and determining from that what mass of planet, we would need to create that much of a wobble. And then the idea of transiting exoplanets was explored. That is certain planets happened to orbit their parent star in a plane that's along our line of sight as we're looking toward that star. And that means every time the planet passes in front of its parent star, it blocks out a little bit of that star light from our view. So even if we can't see the planet, we can see the starlight dimming just a little bit periodically as the planet orbits in front of it. Those transit observations were used by the Kepler space telescope, to discover hundreds of new exoplanet candidates. In fact, we have 1000s of them of systems simply by looking at the parent star and seeing them dim periodically and then doing follow up observations with other telescopes to really confirm whether or not what's causing that is, is an exoplanet. They have Hubble Telescope has taken this one step farther, which is using transits to, to study the composition of the atmospheres of some of these exoplanets. So when a planet passes in front of its parent star, not only does it block out some of the starlight, but some of the starlight passes through that outer rim of the planet's atmosphere along the outer limb on its way to as it passes through. And that atmosphere, what depending on what's in the planet's atmosphere will absorb some of that light. If there are molecules and atoms in the atmosphere, it will absorb light at very certain colors or frequencies. So a spectroscopy just can take that light and spread it out into its constituent colors, kind of like using a prism. And you can see the very particular color band where light is missing because atoms or molecules in that exoplanet atmosphere have absorbed it. And so we have, we have instruments on the Hubble Space Telescope, that are what we call spectrograph. They don't take the pretty pictures, they simply take the light and spread it out into its constituent frequencies or colors, like a prism and see where there are very particular color bands missing. And that pattern tells us what's been munched out, and that tells us what kinds of atoms or molecules are in the exoplanet atmosphere. So Hubble was the first observatory to be used to determine the composition of an exoplanet atmosphere. And now this has grown into a huge astronomical industry, if you will, of using telescopes, Hubble and other telescopes to do spectroscopic analysis of the atmospheres of exoplanets to learn something about their composition. And here, we're excited about this new webb space telescope that's going to do that as well. But in the far infrared in the sorry, in the mid infrared part of the electromagnetic spectrum, where we can do we can determine even more molecules and kinds of diagnostics that tell us more about what's in these exoplanet atmospheres. We want to know whether planets outside of our solar system are similar or different to planets inside our solar system. And of course, we'd like to know if any of them are habitable for life. We don't yet have the technology sadly to visit planets that are outside our solar system and take samples of their atmospheres or their their dirt if they have dirt or things like that, but we can observe them remotely and so that is what we're trying to perfect are these techniques of taking remote information Like the spectrum of light from an exoplanet atmosphere, and determining from that, what's in that atmosphere. And then from there we can discern whether or not there might be habitability for life. Like we know we need water for life as we know it. So could there be water on one of these exoplanets, or even signs of biological activity, we know that if we looked at Planet Earth from a distance, we would see oxygen in the atmosphere. And that's evidence of, of the work of plant life on our Earth's surface, generating oxygen, this kind of, of process photosynthesis tells us that there's an ongoing biological community, if you will, on planet Earth, otherwise, all the oxygen in the atmosphere would disappear through reactions, but the fact that we have continuing refreshed oxygen tells us that there's biological activity on our planet. If we saw oxygen, as well as other indicators in the atmospheres of other planets, that would be a clue that there might be biological activity there. So we're taking steps the Webb telescope will give us more information than Hubble and then future telescopes beyond Webb will be able to discern whether there are earth like planets with truly Earth light compositions in their atmospheres in in star systems around our galactic neighborhood. So the web is the next step in a whole series of future telescopes that astronomers are planning.   Ian Binns 36:39 That's exciting. Yeah. And I, and doing a little bit of research on James Webb and comparing it to the Hubble and and, you know, I've always been a huge fan of the Hubble Space Telescope and you know, have little models of it. Growing up when you know, I'm a huge LEGO fan, when Lego released the new space shuttle model. In the spring, the one that had Hubble with it was really exotic, so I could kind of build the space shuttle and Hubble. And so but doing those comparisons, I then saw just now the Nancy Grace Roman Space Telescope, that's in production, I guess, right? And,   Jennifer Wiseman 37:22 yes, so So the Nancy Grace Roman space telescope is named after you guessed it, Nancy Grace Roman, who was just a phenomenal pioneer in the history of NASA's foray into space astronomy, she was the first chief astronomer at NASA headquarters. And back in the 1970s, she was the one who advocated the idea of NASA building a space telescope. Now scientists had been talking about this for even decades about what you could do if you could put a telescope in space, but to actually get it implemented, required someone with a NASA headquarters to champion this idea. And she did, she got it started with a NASA Headquarters back in the 1970s. And that ended up being the Hubble Space Telescope. So she's sometimes referred to as the mother of Hubble. She passed away just recently, but she remained an active interested scientist for all of her life. So this telescope now that's being developed is named in her honor the the Roman space telescope, and it will again complement these other space telescopes, it will complement the Webb Space Telescope, which will launch sooner. And the Hubble Space Telescope, which is already operating, the Roman telescope will be an infrared telescope, you know, like the Webb telescope is, is an infrared Space Telescope. But the difference is that Roman is going to have a much wider field of view, that means it will see a much wider swath of the sky than either Hubble, or the Webb telescope can do. If, if Hubble wants to survey a wide, wider region of the sky, it has to do hundreds of little postage stamp observations and stitch it all together. And we've done that and we've done for example, a Hubble observation of a big part of the disk of the Andromeda Galaxy, which is our nearest big spiral galaxy, and we learned a lot by stitching together little postage stamp observation after observation. This is a project led by Professor Julianne del Canton and her team called the fat program which which is is spelled ph 80. But it's it's Hubble Andromeda Treasury program to look at stars in this nearby galaxy. But it's taken a long time. The Roman telescope can do this wide swath of the sky with just, you know, one exposure because it can see such a wider swath of the sky. And the other thing, the other kind of science that it's really being designed to do is to study the distribution of galaxies. Hubble's really good at looking at an individual galaxy and telling us a lot of information. But if you want to know how hundreds or 1000s of galaxies are distributed around the sky, it takes a long time, my favorite image from Hubble is called the Ultra Deep Field. I don't know if you've seen it. But it was a product of just pointing Hubble in one direction, the sky and collecting faint light over many days. And the product is this collection of little blotches of light that you might think are stars, but each one of them is actually another galaxy like like like or unlike the Milky Way each one that can contain billions of stars. And so if you imagine that extrapolated over the entire sky, you get a sense of how rich our universe is. But as wonderful as that deep field is, and you can see 1000s of galaxies, you can't get a sense of how galaxies are really distributed across wider swaths of the sky because it is a small field of view. The Roman telescope, which should be launched later, this decade, will have a wide field of view that can see how the patterns of galaxies have taken shape. Throughout cosmic history. We know that galaxies are distributed in more of a honeycomb fashion, there are regions where there aren't many galaxies, we call them, voids, voids. And then there are regions where there are kind of quite a few galaxies collected together. We know now that throughout the billions of years of cosmic history, there's been kind of a tug of war between gravity, which is trying to pull things together. And that's creating galaxies and even clusters of galaxies that are held together by their mutual gravitational pool. And something that's pushing things apart, we now know that the universe is not only expanding, but that expansion is getting faster. So something is, is kind of pushing out. And we're calling that dark energy, because we don't really know what it is, it may be some repulsive aspect of gravity. Over time, this tug of war between dark energy pushing things apart, and the matter pulling things together, through what we would call traditional gravitational pull has resulted in the distribution of galaxies that we now have today, we would like to understand that better. And the Roman Space Telescope is going to help us see how galaxies have been distributed across space throughout cosmic time. And then the Webb telescope, and the Hubble telescope can help us hone in on very specific galaxies and small clusters to give us more detail. So again, we use different observatories in complement, because they each have their own kind of unique scientific niche of what they can tell us. And together, we get a much better bigger picture of what's going on in the universe. And we also use telescopes on the ground that are getting more and more sophisticated in what they can do to complement telescopes in space. So all of these facilities work in complement.   Ian Binns 43:51 So I'm curious, Jennifer, you know, with Hubble, and you're especially bringing up the Ultra Deep Field. And before that there was so the Hubble Deep Field, and then the hobo Ultra Deep Field, right. And they were both just unbelievable. To look at. I remember when they both came out. And I cannot remember the years, obviously, but I do remember, I think the Hubble are the first one I was able to use and I was a high school science teacher. But it was just unbelievable to look at these things. Will there be with the James Webb Space Telescope? For example? Will we is there will there be an effort to kind of point it in the same direction? You know, the Hubble has been pointing out and look at either the same areas that Hubble's looked at to see what else we could get from that location. And then also to Will there be something kind of like the Hubble Ultra Deep Field with the James Webb, like, is there going to be do you know, or is that just anything is possible?   Jennifer Wiseman 44:52 Oh, absolutely. I mean, one of the main drivers for the the James Webb Space Telescope was this desire to look at the Deep feels like Hubble has done. But to be able to see galaxies that are even more distant than what Hubble can pick up the these distant galaxies, of course, we're not seeing them as they actually are right this minute, we're seeing them as they were when the light began its track from those galaxies across space, to our telescope. And for some of these galaxies in these deep fields, those galaxies are billions of what we call light years away a light year is a unit of distance is the distance that light travels in a year. So when we see a galaxy that's billions of light years away, we're seeing it as it was billions of years back in time. And as that light has traveled across space to get to our telescope, it's traveled through space that is actually expanding, that creates what we call a red shifting effect, the light that we receive is redder than it was when it started, it's its journey. And sometimes that red shifting goes all the way into the infrared part of the spectrum, even beyond what Hubble can pick up. So for these most distant galaxies, we anticipate that a lot of them are shining most of their light in, in a wavelength that's become shifted into the infrared part of the spectrum that only the Webb telescope will pick up, it will pick up galaxies and see them that that the Hubble Deep fields haven't seen so we anticipate seeing even more galaxies with the Webb telescope than Hubble has seen. And yet Hubble can see galaxies in ways that the web won't be able to see Hubble can see the ultraviolet light from the more nearby galaxies. And we can then put a picture together as how as to how galaxies have changed. Over time, by comparing those early infant galaxies at the Webb telescope, we'll pick up with the galaxies that Hubble can see brightly in ultraviolet light that won't be as bright in the infrared light that Webb can see. And then all those intermediate galaxies that we pick up, the infrared light from the Webb telescope and the visible and ultraviolet light from Hubble, and we can put all that information together to make deep feels like we've never had before. So yes, we're going to see the same deals that Hubble has seen, Webb will look at and pick up more galaxies, and then other deep fields Webb will look at. And we will we're already doing preparatory science with Hubble knowing that we want to use Webb for the things that Webb uniquely can do, and can use it in complement with what Hubble can already do. So we're already doing what we call preparatory observations. With Hubble, that makes sure that we understand everything we can about these different fields of galaxies with Hubble, so that we know just the kinds of things we want to learn with JT VST. And we use that telescope as efficiently as we can, once it gets going. You know, the Webb telescope is anticipated as we record this to be launching in late December. But it'll take several months for it to get out where it will be perched a million miles more and more from Earth. That's a lot farther away than Hubble is, but it's being put that far away from Earth to keep it very cool. So that it can pick up the faintest infrared light from these distant galaxies, and from these closer to home star forming regions. So we won't be getting science images from the web for quite a few months, as it makes this trek out into a much more distant part of space than the Hubble telescope. So we're gonna have to be patient. But I'm looking forward to those first science images coming in, in the in the middle part of 2022. If all goes well,   Zack Jackson 48:57 so when we do start to get those images, wow, if they're in the infrared, what will they look like to us humans? Will they have to be artificially colored? Or?   Jennifer Wiseman 49:09 Yes, so so the the Webb telescope will see red light that we can see. But then beyond read into the infrared that we cannot see. And the Hubble itself also sees Light We Cannot See. So Hubble picks up visible light that we can see. But Hubble's picks up ultraviolet light that we can't see and also near infrared light that we cannot see. So already with Hubble images, we have to give them colors that our eyes can see so that we can have a picture to look at. So for Hubble images, if you read carefully, it will tell you whether what you're seeing is visible light or if it's for example, near infrared light, it will be given a red hue so that you can see that part of the spectrum showing up In in the eyes, your colors your eyes can see, we usually label the things on Hubble images. So you know exactly what the color coding is. The Webb telescope images will be likewise sort of translated into colors that we can see in pictures and photographs so that the part of the infrared spectrum that is closer to visible light will be colored, a little less red, maybe even blue. And the part of the infrared spectrum that the web will pick up that's deeper into the infrared part of the spectrum will be colored, very red. And so you'll you'll see probably a, a, a legend that, you know, next to these James Webb images that tell you the range of colors that it's actually picking up and what that has been translated to in the colors that have been put into the image, it's, it's not just any color goes these, usually what happens is you try to make the color range that's on the image as close to the span of color as the actual information is, but just transferred over into a band that our eyes can see. So yes, you have to do something, or else you couldn't see it, with our eyes looking at a picture, because we can't see infrared light. And the same is already true with Hubble images that go beyond just the visible light of the spectrum.   Ian Binns 51:35 I'm just in awe. It's just, I've always loved astronomy, and you know, it's something that I've always just been passionate about. What is it that you're most excited about? And I'm sorry, I just you know, in listening to you talk about it, you may have talked some already. But with this, the Webb Space Telescope, the Nancy Grace, Roman, and telescope and all these different ones that are coming, what is it that you're most excited about with these things?   Jennifer Wiseman 52:06 I think I'm most excited about what you might call two extremes of the spacial scale of the Universe. With these new telescopes, like the the Webb Space Telescope, and then later the Roman Space Telescope. I'm excited about getting even a better understanding of how the universe we live in has become hospitable over billions of years for life, we can actually, you know, look at the earliest galaxies and compare them to galaxies, like our own Milky Way and intermediate time galaxies as well. And we can see how they've changed over these billions of years of time, we can't follow an individual galaxy as it changed. But we can look at the whole population at these different epochs of time. And we can tell that galaxies have merged together and become bigger over time we think our own Milky Way is the project product of mergers. And we can tell that stars have come and gone in these galaxies, massive stars don't live that long. And so they they produce heavier elements that we need four planets in life. As they shine, they, they they go through a process, a process called Fusion that creates heavier elements. And then when the massive stars become unstable, and run out of fuel, they explode and disperse that material into these interstellar clouds where the next generations of stars form. So we know there's been several generations of stars building upon prior generations. And all that process does is to create heavier elements that enable things like planets to form around star. So in our own galaxy, when stars are still forming, we see them forming with discs of dusty debris and planets forming around them. We know that that's only possible because of previous generations of stars in the galaxy that have created heavier elements. So as as we look at this process of the whole universe, the whole cosmos becoming more hospitable to life over eons of time, and that fascinates me and I'm excited with these new telescopes to get a greater sense of how that process has worked. And that personally feeds my, my faith, my sense of offer, how our universe has been endowed with what we need for for life and eventually the ability to have these kinds of conversations to exist and to think about our purpose and our existence and to contemplate on greater meaning. So that excites me and then much closer to home. I really am excited about observations within our solar system, I like the idea that we, with these new telescopes can also study details about planets and moons in our own solar system. And also that we're sending probes, you know, the the kind of space exploration that got me excited in astronomy in the first place. Where are these probes that humans have constructed and sent out to send back images of other planets and their moons in our solar system, I still think that's the the one of the greatest things humans have done and can do, if we put our heads together and do constructive international cooperations. And so I'm excited about probes that will go to places like Europa in our own solar system, in the coming years, that's an ice covered moon that we know has water ocean underneath, I'd like to know what what that water is like, you know, and there are missions that are already sampling the region around Jupiter, and have probed the environment of Saturn. These are things that excite me. And so I'm looking forward also to probe and telescope studies of our own solar system in the coming years. That's our own backyard. And we can learn a lot about even our own planet, by studying our sister planets in our own solar system. So those are the things I'm most excited about.   Zack Jackson 56:29 Do you think we're going to find life on Venus?   Jennifer Wiseman 56:33 Venus is harsh. Venus is is hot, and you know, really inhospitable to life as we know it. Now you can say, well, what if there's life, that's not as we know it? But, you know, we've all watched a lot of science fiction. But the trouble is, we have to know how to identify life, what is life? And so we have to start with what we know, which is life, even in the most extreme conditions on planet Earth. And, you know, what, what are they? The conditions, even the most extreme ones that in which life can thrive? There's a whole field called astrobiology right? Now, that's, that's a new field. But it's a very vibrant field where scientists are trying to understand what are the even the extreme conditions in which life can exist in our own planet Earth? And then, how would that translate to environments in space, either in interstellar space or on other planets or other star systems? And then how would we identify it as life? You know, that's really the tough question, especially if you can't go someplace physically, you can only observe remotely, how would you know that? That's that there's life there? That's a hard question in the field of astrobiology is trying to address all those questions. One of the things I like about astronomy right now is it's very interdisciplinary. It's not that you know, astronomy is separate from geology, which is separate from physics, which is separate from chemistry. No, all these things are being used together now, including biology to try to understand environments of other star systems and planets. And you know, how these conditions of stellar radiation and geology and atmospheres and chemistry work together and how that might affect even biology. So everything is very interdisciplinary now. And I just encourage people to get excited about space exploration, even if that's not your professional feel, there's so much you can learn and enjoy, even if it's not your occupation. By paying attention online, what's going on Hubble Space Telescope images are all freely available online, you can go to the website nasa.gov/hubble. And learn about it are also the galleries at Hubble site.org. And see any of these amazing images I've been talking about. The other telescopes that are large and space are on the ground also have magnificent websites with images. So you can learn a lot just by paying attention online. And I hope everybody also encourages young people to go into science fields or to realize that science is relevant to all walks of life, not just if you're thinking about becoming professional involved in space, but if you're thinking about just about anything, science is relevant to what you do. Science is relevant to our food to communications, to our health, to our exploration of oceans, and mountains, even on this planet, so I hope everybody takes a sense of time to just look around the natural world right around you. be appreciative of the wildlife and the trees and the natural world in a pretty Science as a way of studying that natural world but but keep a sense of wonder and awe. That's how I would encourage everyone to walk away from a program like this.   Zack Jackson 1:00:11 Well, thank you so much for that. Yeah. And   Ian Binns 1:00:13 I'll give a great ending.   Zack Jackson 1:00:14 I'll give a plug for we did an episode on on astrobiology back in January that you all should check out if you haven't had a chance to read Adams book. What is it living with tiny aliens? The image of God and the Anthropocene? Right, am I getting that subtitle? Right? He's not here. He's one of our CO hosts. He's not with us today to plug his own book. But thank you so much for the the wonder the all the inspirations hope. There's a lot to get excited about. Yeah, thank you.   Jennifer Wiseman 1:00:45 My pleasure. I'm glad you're interested in and I'm sure there'll be many more conversations to come have

Andrea Unger Academy - EN
200. Must-Know to Protect Your VPS - Viruses, DDoS, Malware...

Andrea Unger Academy - EN

Play Episode Listen Later Dec 21, 2021 16:04


Click here to register for my FREE Masterclass: https://autc.pro/TSSeng-pod?sl=POD-48010106

PodRocket - A web development podcast from LogRocket

Jon Kuperman, Developer Advocate at Cloudflare, takes us through Cloudflare's product portfolio, including the DNS provider, DDoS protection, Cloudflare workers, video streaming, and more. Links https://www.cloudflare.com https://twitter.com/jkup https://workers.cloudflare.com Review us https://ratethispodcast.com/podrocket Contact us https://podrocket.logrocket.com/contact-us @PodRocketpod (https://twitter.com/PodRocketpod) What does LogRocket do? LogRocket combines frontend monitoring, product analytics, and session replay to help software teams deliver the ideal product experience. Try LogRocket for free today. (https://logrocket.com/signup?pdr) Special Guest: Jon Kuperman.

Kodsnack
Kodsnack 452 - Det kommer inte att tolkas som en sträng, med Johan Boger

Kodsnack

Play Episode Listen Later Dec 21, 2021 51:15


Fredrik snackar Log4shell med Johan Boger, IT-säkerhetschef på GleSYS. Vi inleder ganska naturligt med att diskutera vad Log4shell är, och den klassiska undran hur ett sådant fel kunnat finnas där så länge. Bara för att något använts av många länge är det inte mer säkert. När kommer TV-serien där hjältarna sitter och läser loggar för att skydda mot dataintrång? Borde man ändra sitt sätt att jobba som en reaktion på problem som detta? Borde Fredrik läsa mer källkod? Johan är inte övertygad. Avsnittet sponsras av Länsförsäkringar, som kraftsamlar och investerar för ett digitalt kundmöte i landslagsklass. Surfa in på Lf.se/itjobb för mer information om att jobba på Länsförsäkringar! Fler rader kod kommer bara att ge oss fler fel i samtiden. Kan det bli trendigt med minimalism i framtiden? Slutligen diskuterar vi lite att hitta balansen mellan att hantera akuta problem och att kommunicera om dem. Vi kommer även in en del på fördelarna med att säkerhetsproblem får coola namn och stiliga (eller mindre stiliga) loggor. Ett stort tack till Cloudnet som sponsrar vår VPS! Har du kommentarer, frågor eller tips? Vi är @kodsnack, @tobiashieta, @oferlund, och @bjoreman på Twitter, har en sida på Facebook och epostas på info@kodsnack.se om du vill skriva längre. Vi läser allt som skickas. Gillar du Kodsnack får du hemskt gärna recensera oss i iTunes! Du kan också stödja podden genom att ge oss en kaffe (eller två!) på Ko-fi, eller handla något i vår butik. Länkar Log4shell GleSYS Johan Original-kvittret om Log4shell-problemet Original-pull-requesten för att lösa problemet på Github Log4shell-varianter på Github (originalet verkar inte finnas kvar) Memes om Log4shell Log4j Graylog JNDI - Java naming and directory interface Shellshock Rensa bort klasser ur Log4j-jarfilen (under sjunde sektionen) Versioner av Log4j Lunasecs “vaccin” mot Log4j Mr Robot Fuzzer Honggfuzz - Googles fuzzer Avsnittet med Snyk - som bygger verktyg för att hitta säkerhetsproblem Defcon Moxie Marlinspike Länsförsäkringar - veckans sponsor Lf.se/itjobb - för mer information om att jobba på Länsförsäkringar Mikael Nyman Unixfilosofin Elastics inlägg om Log4shell Bonuslänk Säkerhetspodcasten om Log4shell Titlar Något enkelt Det pyr lite i kanten på världen Korrekt strängformattering Det kommer inte att tolkas som en sträng Raka motsatsen till vad man vill ha Finess från internets barndom Tillverkaren loggar allt jag skriver En form av trampolin Alla ficklampor på det här området Med all välvilja i världen Dagsfärsk information Samhällsklimat kring säkerhet Att få backning av ledningen DDOS:ad av tiotusen glödlampor i Borås Källkritiska mot källkod Foliehatts-Johan på säkerhetsavdelningen

Recorded Future - Inside Threat Intelligence for Cyber Security

Distributed Denial of Services attacks continue to grow in size, frequency and sophistication, and it's in every organization's best interest to properly prepare themselves against this sort of online attack.  The team at Cloudflare recently published their 2021 Q3 report on DDoS, outlining their observations and recommendations for mitigating DDoS attacks. Joining us is John Graham-Cumming, CTO at Cloudflare, to share his insights on the state of the DDoS threat, and where things may be headed.

Light Reading Podcasts
Lumen's Mark Dehus tracks DDoS threats

Light Reading Podcasts

Play Episode Listen Later Dec 16, 2021 18:13


Mark Dehus, director of information security and threat intelligence for Lumen Technologies, joins the podcast to share the key findings from the operator's Q3 DDoS report, and his predictions for DDoS trends in Q4. In addition, Dehus explains why multi-vector DDoS attacks were more common than single-vector, why voice and VoIP attacks are on the rise and which verticals were hit the hardest by bad actors.

Cloud Security Podcast
Log4j - How the Cloud Providers responded!

Cloud Security Podcast

Play Episode Listen Later Dec 15, 2021 2:52


Cloud Security News this week 15 December 2021 This week, the world of cybersecurity has been consumed by the Log4Shell vulnerability. So whats it all about. Log4j is a Java library for logging error messages in applications. It was developed by the open-source Apache Software Foundation and is a key Java-logging framework. The critical zero day security vulnerability has been named ‘Log4Shell' and has a maximum CVSS ( Common Vulnerability Scoring System ) score of 10. The zero-day had been exploited at least nine days before it surfaced on Thursday. This vulnerability puts any device connected to the internet and running Apache Log4J, versions 2.0 to 2.14.1.at risk. This impacts cloud services, developer services, security devices, mapping services, and more. AWS has released details on how the flaw impacts its services and said it is working on patching its services that use Log4j and has released mitigations for services like CloudFront. This can be viewed here. Microsoft has also released Guidance for preventing, detecting, and hunting for Log4j exploitation here and Google cloud is also “is actively following the security vulnerability” and has released recommendations for investigating and responding to the Apache “Log4j 2” vulnerability here IBM said it is "actively responding" to the Log4j vulnerability across IBM's own infrastructure and its products, can be found here and Oracle has issued a patch too here. There is a comprehensive list of all known softwares vulnerable and not vulnerable to LogShell is available on GitHub along with any known fixes. Here This vulnerability is being exploited to install malware, crypto mining, perform DDOS attacks, drop Cobalt Strike beacons, scan for vulnerable servers and exfiltrate information. To finish on a note other log4J - Have you heard about Dazz? Well if you haven't, they are a one-year old cloud security remediation startup that recently closed another round of funding and raised 60 million dollars. Dazz is looking to automate cloud security through their AI driven product in a developer friendly way. You can find out more about them hereEpisode Show Notes on Cloud Security Podcast Website. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:

Cloud Security News
The Log4j Vulnerability - Cloud Providers Respond

Cloud Security News

Play Episode Listen Later Dec 15, 2021 2:51


Cloud Security News this week 15 December 2021 This week, the world of cybersecurity has been consumed by the Log4Shell vulnerability. So whats it all about. Log4j is a Java library for logging error messages in applications. It was developed by the open-source Apache Software Foundation and is a key Java-logging framework. The critical zero day security vulnerability has been named ‘Log4Shell' and has a maximum CVSS ( Common Vulnerability Scoring System ) score of 10. The zero-day had been exploited at least nine days before it surfaced on Thursday. This vulnerability puts any device connected to the internet and running Apache Log4J, versions 2.0 to 2.14.1.at risk. This impacts cloud services, developer services, security devices, mapping services, and more. AWS has released details on how the flaw impacts its services and said it is working on patching its services that use Log4j and has released mitigations for services like CloudFront. This can be viewed here. Microsoft has also released Guidance for preventing, detecting, and hunting for Log4j exploitation here and Google cloud is also “is actively following the security vulnerability” and has released recommendations for investigating and responding to the Apache “Log4j 2” vulnerability here IBM said it is "actively responding" to the Log4j vulnerability across IBM's own infrastructure and its products, can be found here and Oracle has issued a patch too here. There is a comprehensive list of all known softwares vulnerable and not vulnerable to LogShell is available on GitHub along with any known fixes. Here This vulnerability is being exploited to install malware, crypto mining, perform DDOS attacks, drop Cobalt Strike beacons, scan for vulnerable servers and exfiltrate information. To finish on a note other log4J - Have you heard about Dazz? Well if you haven't, they are a one-year old cloud security remediation startup that recently closed another round of funding and raised 60 million dollars. Dazz is looking to automate cloud security through their AI driven product in a developer friendly way. You can find out more about them hereEpisode Show Notes on Cloud Security Podcast Website. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:

The Swyx Mixtape
[Weekend Drop] Cloudflare vs AWS, API Economy, Learning in Public on the Changelog

The Swyx Mixtape

Play Episode Listen Later Dec 12, 2021 68:13


Listen to the Changelog: https://changelog.com/podcast/467Essays: https://www.swyx.io/LIP https://www.swyx.io/api-economy https://www.swyx.io/cloudflare-go TranscriptJerod Santo: So swyx, we have been tracking your work for years; well, you've been Learning in Public for years, so I've been (I guess) watching you learn, but we've never had you on the show, so welcome to The Changelog.Shawn Wang: Thank you. Long-time listener, first-time guest, I guess... [laughs]Adam Stacoviak: Yeah.Jerod Santo: Happy to have you here.Adam Stacoviak: Very excited to have you here.Jerod Santo: So tell us a little bit of your story, because I think it informs the rest of our conversation. We're gonna go somewhat deep into some of your ideas, some of the dots you've been connecting as you participate and watch the tech industry... But I think for this conversation it's probably useful to get to know you, and how you got to be where you are. Not the long, detailed story, but maybe the elevator pitch of your recent history. Do you wanna hook us up?Shawn Wang: For sure. For those who want the long history, I did a 2,5-hour podcast with Quincy Larson from FreeCodeCamp, so you can go check that out if you want. The short version is I'm born and raised in Singapore, came to the States for college, and was totally focused on finance. I thought people who were in the finance industry rules the world, they were masters of the universe... And I graduated just in time for the financial crisis, so not a great place to be in. But I worked my way up and did about 6-7 years of investment banking and hedge funds, primarily trading derivatives and tech stocks. And the more I covered tech stocks, the more I realized "Oh, actually a) the technology is taking over the world, b) all the value is being created pre-IPO, so I was investing in public stocks, after they were basically done growing... And you're kind of just like picking over the public remains. That's not exactly true, but...Jerod Santo: Yeah, tell that to Shopify...Shawn Wang: I know, exactly, right?Adam Stacoviak: And GitLab.Shawn Wang: People do IPO and have significant growth after, but that's much more of a risk than at the early stage, where there's a playbook... And I realized that I'd much rather be value-creating than investing. So I changed careers at age 30, I did six months of FreeCodeCamp, and after six months of FreeCodeCamp - you know, I finished it, and that's record time for FreeCodeCamp... But I finished it and felt not ready, so I enrolled myself in a paid code camp, Full Stack Academy in New York, and came out of it working for Two Sigma as a frontend developer. I did that for a year, until Netlify came along and offered me a dev rel job. I took that, and that's kind of been my claim to fame; it's what most people know me for, which is essentially being a speaker and a writer from my Netlify days, from speaking about React quite a bit.[04:13] I joined AWS in early 2020, lasted a year... I actually was very keen on just learning the entire AWS ecosystem. You know, a frontend developer approaching AWS is a very intimidating task... But Temporal came along, and now I'm head of developer experience at Temporal.Adam Stacoviak: It's an interesting path. I love the -- we're obviously huge fans of FreeCodeCamp, and Quincy, and all the work he's done, and the rest of the team has done to make FreeCodeCamp literally free, globally... So I love to see -- it makes you super-happy inside just to know how that work impacts real people.Like, you see things happen out there, and you think "Oh, that's impacting", but then you really meet somebody, and 1) you said you're a long-time listener, and now you're on the show, so it just really -- like, having been in the trenches so long, and just see all this over-time pay off just makes me really believe in that whole "Slow and steady, keep showing up, do what needs done", and eventually things happen. I just love that.Shawn Wang: Yeah. There's an infinite game mentality to this. But I don't want to diminish the concept of free, so... It bothers me a little, because Quincy actually struggles a lot with the financial side of things. He supports millions of people on like a 300k budget. 300k. If every single one of us who graduated at FreeCodeCamp and went on to a successful tech career actually paid for our FreeCodeCamp education - which is what I did; we started the hashtag. It hasn't really taken off, but I started a hashtag called #payitbackwards. Like, just go back, once you're done -- once you can afford it, just go back and pay what you thought it was worth. For me, I've paid 20k, and I hope that everyone who graduates FreeCodeCamp does that, to keep it going.Adam Stacoviak: Well, I mean, why not...?Shawn Wang: I'd also say one thing... The important part of being free is that I can do it on nights and weekends and take my time to decide if I want to change careers. So it's not just a free replacement to bootcamps, it actually is an async, self-guided, dip-your-toe-in-the-water, try-before-you-buy type of thing for people who might potentially change their lives... And that's exactly what happened for me. I kept my day job until the point I was like "Okay, I like enough of this... I'm still not good, but I like enough of this that I think I could do this full-time."Adam Stacoviak: I like the #payitbackwards hashtag. I wish it had more steam, I suppose.Jerod Santo: We should throw some weight behind that, Adam, and see if we can...Adam Stacoviak: Yeah. Well, you know, you think about Lambda School, for example - and I don't wanna throw any shade by any means, because I think what Austin has done with Lambda... He's been on Founders Talk before, and we talked deeply about this idea of making a CS degree cost nothing, and there's been a lot of movement on that front there... But you essentially go through a TL;DR of Lambda as you go through it, and you pay it after you get a job if you hit certain criteria, and you pay it based upon your earnings. So why not, right? Why not have a program like that for FreeCodeCamp, now that you actually have to commit to it... But it's a way. I love that you paid that back and you made that an avenue, an idea of how you could pay back FreeCodeCamp, despite the commitment not being there.Jerod Santo: Right.Shawn Wang: Yeah. And Quincy is very dedicated to it being voluntary. He thinks that people have different financial situations. I don't have kids, so I can afford a bit more. People should have that sort of moral obligation rather than legal obligation.I should mention that Lambda School is currently being accused of some fairly substantial fraud against its students...Jerod Santo: Oh, really?Shawn Wang: Yeah, it actually just came out like two days ago.Adam Stacoviak: I saw that news too, on Monday.Shawn Wang: Yeah. It's not evidenced in the court of law, it's one guy digging up dirt; let's kind of put this in perspective. But still, it's very serious allegations, and it should be investigated. That said, the business of changing careers and the business of teaching people to code, and this innovation of Income Share Agreements (ISA), where it actually makes financial sense for people to grow bootcamps and fund bootcamps - this is something I strongly support... Whether or not it should be a venture-funded thing, where you try to go for 10x growth every year - probably not... [laughs]Adam Stacoviak: Yeah...Jerod Santo: So after FreeCodeCamp you didn't feel quite ready, so you did do a bootcamp... Did you feel ready after that?Shawn Wang: [08:03] Yeah. [laughs] I did a reflection, by the way, of my first year of learning to code, so people can look it up... It's called "No zero days. My path to learning to code", and I think I posted it on Hacker News. And doing everything twice actually helped me a lot. Because before I came into my paid bootcamp, I had already spun up some React apps. I had already started to mess with WebPack, and I knew enough that I wasn't understanding it very much, I was just following the instructions. But the second time you do things, you have to space, to really try to experiment, to actually read the docs, which most people don't do, and actually try to understand what the hell it is you're doing. And I felt that I had an edge over the other people in my bootcamp because I did six months of FreeCodeCamp prior.Jerod Santo: So this other thing that you do, which not everybody does, is this Learning in Public idea... And you have this post, Learn in Public. You call it "The fastest way to learn", or the fastest way to build your expertise - networking, and second brain. I'm not sure what the second brain is, so help us out with that one... But also, why is learning in public faster than learning in private.Shawn Wang: Yeah. This is a reflection that came from me understanding the difference, qualitatively, between why I'm doing so well in my tech career versus my finance career. In finance, everything is private, meaning the investment memos that I wrote, the trade ideas that I had - they're just from a company; they're intellectual property of my company. In fact, I no longer own them. Some of my best work has been in that phase, and it's locked up in an email inbox somewhere, and I'll never see it again. And that's because tech is a fundamentally open and positive-sum industry, where if you share things, you don't lose anything; you actually gain from sharing things... Whereas in finance it's a zero-sum battle against who's got the secret first and who can act on it first.And I think when you're in tech, you should exploit that. I think that we have been trained our entire lives to be zero-sum, from just like the earliest days of our school, where we learn, we keep it to ourselves to try to pass the test, try to get the best scores, try to get the best jobs, the best colleges, and all that, because everything's positional. For you to win, others have to lose. But I don't see tech in that way, primarily because tech is still growing so fast. There's multiple ways for people to succeed, and that's just the fundamental baseline. You layer on top of that a bunch of other psychological phenomenon.I've been really fascinated by this, by what it is so effective. First of all, you have your skin in the game, meaning that a lot of times when your name is on the blog posts out there, or your name is on the talk that you gave, your face is there, and people can criticize you, you're just incentivized to learn better, instead of just "Oh, I'll read this and then I'll try to remember it." No, it doesn't really stick as much. So having skin in the game really helps.When you get something wrong in public, there are two effects that happen. First is people will climb over broken glass to correct you, because that's how the internet does. There's a famous XKCD comic where like "I can't go to bed yet." "Why?" "Someone's wrong on the internet. I have to correct them."Jerod Santo: Right.Shawn Wang: So people are incentivized to fix your flaws for you - and that's fantastic - if you have a small ego.Jerod Santo: I was gonna say, that requires thick skin.Shawn Wang: Yeah, exactly. So honestly -- and that's a barrier for a lot of people. They cannot get over this embarrassment. What I always say is you can learn so much on the internet, for the low, low price of your ego. If we can get over that, we can learn so much, just because you don't care. And the way to get over it is to just realize that the version that you put out today is the version you should be embarrassed about a year from now, because that shows that you've grown. So you divorce your identity from your work, and just let people criticize your work; it's fine, because it was done by you, before you knew what you know today. And that's totally fine.And then the second part, which is that once you've gotten something wrong in public, it's just so embarrassing that you just remember it in a much clearer fashion. [laughter] This built a feedback loop, because once you started doing this, and you show people that you respond to feedback, then it builds a feedback and an expectation that you'll do the next thing, and people respond to the next thing... It becomes a conversation, rather than a solitary endeavor of you just learning the source material.So I really like that viral feedback loop. It helps you grow your reputation... Because this is not just useful for people who are behind you; a lot of people, when they blog, when they write, when they speak, they're talking down. They're like "I have five years experience in this. Here's the intro to whatever. Here's the approach to beginners." They don't actually get much out of that.[12:17] That's really good, by the way, for beginners; that's really important, that experts in the field share their knowledge. They don't see this blogging or this speaking as a way to level up in terms of speaking to their experts in their fields. But I think it's actually very helpful. You can be helpful to people behind you, you can be helpful to people around you, but you can actually be helpful to people ahead of you, because you're helping to basically broadcast or personalize their message. They can check their messaging and see - if you're getting this wrong, then they're getting something wrong on their end, docs-wise, or messaging-wise. That becomes a really good conversation. I've interacted with mentors that way. That's much more how I prefer to interact with my mentors than DM-ing and saying "Hey, can you be my mentor?", which is an unspecified, unpaid, indefinitely long job, which nobody really enjoys. I like project-based mentorship, I like occasional mentorship... I really think that that develops when you learn in public.Adam Stacoviak: I've heard it say that "Today is the tomorrow you hope for."Shawn Wang: Wow.Adam Stacoviak: Because today is always tomorrow at some point, right? Like, today is the day, and today you were hoping for tomorrow to be better...Jerod Santo: I think by definition today is not tomorrow...Adam Stacoviak: No, today is the tomorrow that you hoped for... Meaning like "Seize your moment. It's here."Jerod Santo: Carpe diem. Gotcha.Adam Stacoviak: Yeah, kind of a thing like that.Shawn Wang: I feel a little shady -- obviously, I agree, but also, I feel a little shady whenever I venture into this territory, because then it becomes very motivational speaking-wise, and I'm not about that. [laughs]Adam Stacoviak: Kind of... But I think you're in the right place; keep showing up where you need to be - that kind of thing. But I think your perspective though comes from the fact that you had this finance career, and a different perspective on the way work and the way a career progressed. And so you have a dichotomy essentially between two different worlds; one where it's private, and one where it's open. That to me is pretty interesting, how you were able to tie those two together and see things differently. Because I think too often sometimes in tech, especially staying around late at night, correcting someone on the internet, you're just so deeply in one industry, and you have almost a bubble around you. You have one lens for which you see the world. And you've been able to have multi-faceted perspectives of this world, as well as others, because of a more informed career path.Jerod Santo: Yeah. When you talk about finance as a zero-sum game, I feel like there's actually been moves now to actually open up about finance as well; I'm not sure if either of you have tracked the celebrity rise of Cathie Wood and Ark Invest, and a lot of the moves that she's doing in public. They're an investment fund, and they will actually publish their moves at the end of every day. Like, "We sold these stocks. We bought these stocks." And people laughed at that for a while, but because she's been successful with early on Bitcoin, early with Tesla, she's very much into growth stocks - because of that, people started to follow her very closely and just emulate. And when she makes moves now, it makes news on a lot of the C-SPANs and the... Is C-SPAN the Congress one? What's the one that's the finance one...?Shawn Wang: CNBC?Jerod Santo: CNBC, not C-SPAN. And so she's very much learning in public. She's making her moves public, she's learning as she goes, and to a certain degree it's paid off, it's paid dividends in her career. Now, I'm not sure if everyone's doing that... When you look at crypto investors, like - okay, pseudonymous, but a lot of that stuff, public ledgers. So there's moves that are being made in public there as well. So I wonder if eventually some of that mentality will change. What do you think about that?Shawn Wang: [15:45] It's definitely changed for -- there's always been celebrity investors, and people have been copying the Buffett portfolio for 30 years. So none of that is new. What is new is that Cathie Wood is running an ETF, and just by way of regulation and by way of innovation, she does have to report those changes. [laughs] So mutual funds, hedge fund holdings - these have all been public, and people do follow them. And you're always incentivized to talk your book after you've established your position in your book...Jerod Santo: Right, but you establish it first.Shawn Wang: ...so none of that has changed. But yeah, Cathie has been leading an open approach...Jerod Santo: Is it the rate of disclosure perhaps that's new? Because it seems like it's more real-time than it has historically...Shawn Wang: Yeah. I mean, she's running an ETF, which is new, actually... Because most people just run mutual funds or hedge funds, and those are much more private. The other two I'll probably shout out is Patrick O'Shaughnessy who's been running I guess a fund of funds, and he's been fairly open. He actually adopted the "learn in public" slogan in the finance field, independently of me. And then finally, the other one is probably Ted Seides, who is on the institutional investor side of things. So he invests for universities, and teachers pensions, and stuff like that. So all these people - yeah, they've been leading that... I'm not sure if it's spreading, or they've just been extraordinarily successful in celebrity because of it.Adam Stacoviak: This idea of "in public" is happening. You see people too, like -- CopyAI is building in public... This idea of learning in public, or building in public, or exiting in public... Whatever the public might be, it's happening more and more... And I think it's definitely similar to the way that open source moves around. It's open, so it's visible to everyone. There's no barrier to see what's happening, whether it's positive or negative, with whatever it is in public. They're leveraging this to their advantage, because it's basically free marketing. And that's how the world has evolved to use social media. Social media has inherently been public, because it's social...Jerod Santo: Sure.Adam Stacoviak: Aside from Facebook being gated, with friends and stuff like that... Twitter is probably the most primary example of that, maybe even TikTok, where if I'm a creator on TikTok, I almost can't control who sees my contact. I assume it's for the world, and theoretically, controlled by the algorithm... Because if I live in Europe, I may not see content in the U.S, and the algorithm says no, or whatever. But it's almost like everybody is just in public in those spaces, and they're leveraging it to their advantage... Which is an interesting place to be at in the world. There was never an opportunity before; you couldn't do it at that level, at that scale, ten years ago, twenty years ago. It's a now moment.Jerod Santo: Yeah. Swyx, can you give us an example of something learned in public? Do you basically mean like blog when you've learned something, or ask questions? What does learning in public actually mean when it comes to -- say, take a technology. Maybe you don't understand Redux. I could raise my hand on that one... [laughter] How could I learn that in public?Shawn Wang: There are a bunch of things that you can try. You can record a livestream of you going through the docs, and that's useful to maintainers, understanding "Hey, is this useful or not?" And that's immediately useful. It's so tangible.I actually have a list -- I have a talk about this on the blog post as well... Just a suggestion of things you can do. It's not just blogging. You can speak, you can draw comics, cheatsheets are really helpful... I think Amy Hoy did a Ruby on Rails cheatsheet that basically everyone has printed out and stapled to their wall, or something... And if you can do a nice cheatsheet, I think that's also a way for you to internalize those things that you're trying to learn anyway, and it just so happens to benefit others.So I really like this idea that whatever content you're doing, it's learning exhaust, it's a side effect of you learning, and you just happen to put it out there; you understand what formats work for you, because you have abnormal talents. Especially if you can draw, do that. People love developers who can draw. And then you just put it out there, and you win anyway just by doing it. You don't need an audience. You get one if you do this long enough, but you don't need an audience right away. And you win whether or not people participate with you. It's a single-player game that can become a multiplayer game.Specifically for Redux - you know, go through source code, or go through the docs, build a sample app, do like a simple little YouTube video on it... Depending on the maturity, you may want to try to speak at a meetup, or whatever... You don't have to make everything a big deal. I'm trying to remove the perception from people that everything has to be this big step, like it has to be top of Hacker News, or something. No. It could just be helpful for one person. I often write blog posts with one persona in mind. I mean, I don't name that person, but if you focus on that target persona, actually often it does better than when you try to make some giant thesis that shakes the world...Adam Stacoviak: [20:22] Yeah. Too often we don't move because we feel like the weight of the move is just too much. It's like "How many people have to read this for me to make this a success for me?" You mentioned it's a learning exhaust... And this exhaust that you've put out before - has it been helpful really to you? Is that exhaust process very helpful to you? Is that ingrained in the learnings that you've just gone through, just sort of like synthesize "Okay, I learned. Here's actually what I learned"?Shawn Wang: Yeah. This is actually an opportunity to tie into that second brain concept which maybe you wanted to talk a little bit about. Everything that you write down becomes your second brain. At this point I can search Google for anything I've ever written on something, and actually come up on my own notes, on whatever I had. So I'm not relying on my memory for that. Your human brain, your first brain is not very good at storage, and it's not very good at search; so why not outsource that to computers? And the only way to do that is you have to serialize your knowledge down into some machine-readable format that's part of research. I do it in a number of places; right now I do it across GitHub, and my blog, and a little bit of my Discord. Any place where you find you can store knowledge, I think that's a really good second brain.And for Jerod, I'll give you an example I actually was gonna bring up, which is when I was trying to learn React and TypeScript - like, this goes all the way back to my first developer job. I was asked to do TypeScript, even though I'd never done it before. And honestly, my team lead was just like "You know TypeScript, right? You're a professional React dev, you have to know TypeScript." And I actually said no, and I started learning on day one.And what I did was I created the React to TypeScript cheatsheet, which literally was just copy-pasteable code of everything that I found useful and I wish I knew when I was starting out. And I've just built that over time. That thing's been live for three years now, it's got like 20,000 stars. I've taught thousands of developers from Uber, from Microsoft, React and TypeScript. And they've taught me - every time they send in a question or a PR... I think it's a very fundamental way of interacting, which is learning in public, but specifically this one - it's open source knowledge; bringing up our open source not just to code, but to everything else. I think that's a fundamental feedback loop that I've really enjoyed as well.Break: [22:31]Jerod Santo: One of the things I appreciate about you, swyx, is how you are always thinking, always writing down your thoughts... You've been watching and participating in this industry now for a while, and you've had some pretty (I think) insightful writings lately. The first one I wanna talk about is this API Economy post. The Light and Dark Side of the API Economy. You say "Developers severely underestimate the importance of this to their own career." So I figure if that's the case, we should hear more about it, right?Shawn Wang: [laughs] Happy to talk about it. So what is the API economy? The API economy is developers reshaping the world in their image. Very bold statement, but kind of true, in the sense that there is now an API for everything - API for cards, API for bank accounts, API for text, API for authentication, API for shipping physical goods... There's all sorts of APIs. And what that enables you to do as a developer is you can call an API - as long as you know REST or GraphQL these days, you know how to invoke these things and make these things function according to the rest of your program. You can just fit those things right in. They're a very powerful thing to have, because now the cost of developing one of these services just goes down dramatically, because there's another company doing that as a service for you.I wrote about it mainly because at Netlify we were pitching serverless, we were pitching static hosting, and we were pitching APIs. That's the A in JAMstack. But when I google "API economy", all the search results were terrible. Just horrible SEO, bland, meaningless stuff that did not speak to developers; it was just speaking to people who like tech buzzwords. So I wrote my own version. The people who coined it at Andreessen Horowitz, by the way, still to this day do not have a blog post on the API economy. They just have one podcast recording which nobody's gonna listen. So I just wrote my version.Jerod Santo: You're saying people don't listen to podcasts, or what?Shawn Wang: [laughs] When people are looking up a term, they are like "What is this thing?", and you give them a podcast, they're not gonna sit down and listen for 46 minutes on a topic. They just want like "Give me it, in one paragraph. Give me a visual, and I'm gonna move on with my day." So yeah, whenever I see an opportunity like that, I try to write it up. And that's the light side; a lot of people talk about the light side. But because it's a personal blog, I'm empowered to also talk about the dark side, which is that as much as it enables developers, it actually is a little bit diminishing the status of human expertise and labor and talent. So we can talk a little bit about that, but I'm just gonna give you time to respond.Jerod Santo: [28:05] Hm. I'm over here thinking now that you're not at Netlify, I'm curious - this is tangential, but what's your take on JAMstack now? I know you were a professional salesman there for a while, but... It seems like JAMstack - we've covered it for years, it's a marketing term, it's something we've already been doing, but maybe taking it to the next level... There's lots of players now - Netlify, Vercel etc. And yet, I don't see much out there in the real world beyond the people doing demos, "Here's how to build a blog, here's how to do this, here's my personal website", and I'm just curious... I'm not like down on JAMstack, but I just don't see it manifesting in the ways that people have been claiming it's going to... And maybe we're just waiting for the technology to catch up. I'd just love to hear what you think about it now.Shawn Wang: Yeah. I think that you're maybe not involved in that world, so you don't see this, but real companies are moving on to JAMstack. The phrasing that I like is that -- JAMstack has gone mainstream, and it's not even worth talking about these days, because it's just granted that that's an option for you... So PayPal.me is on the JAMstack, there's large e-commerce sites... Basically, anything that decouples your backend from your frontend, and your frontend is statically-hosted - that is JAMstack.I actually am blanking on the name, but if you go check out the recent JAMstack Conf, they have a bunch of examples of people who've not only moved to JAMstack, but obviously moved to Netlify, where they're trying to promote themselves.Jerod Santo: Sure, yeah.Shawn Wang: So yes, it's true that I'm no longer a professional spokesperson, but it's not true that JAMstack is no longer being applied in the enterprise, because it is getting adoption; it's moved on that boring phase where people don't talk about it.One thing I'll say - a thesis that I've been pursuing is that JAMstack is in its endgame. And what do I mean by that? There's a spectrum between the previous paradigm that JAMstack was pushing back on, which is the all-WordPress/server-render-everything paradigm, and then JAMstack is prerender-everything. And now people are filling in--Jerod Santo: In the middle.Shawn Wang: ...I'm gonna put my hands in the Zoom screen right now. People are filling that gap between fully dynamic and fully static. So that's what you see with Next.js and Gatsby moving into serverless rendering, partial rendering or incremental rendering... And there's a full spectrum of ways in which you can optimize your rendering for the trade-offs of updating your content, versus getting your data/content delivered as quickly as possible. There's always some amount of precompilation that you need to do, and there's always some amount of dynamicism that you have to do, that cannot be precompiled. So now there is a full spectrum between those.Why I say it's the end game is because that's it, there's nothing else to explore. It's full-dynamic, full-static, choose some mix in the middle, that's it. It's boring.Jerod Santo: Hasn't that always been the case though? Hasn't there always been sites that server-side render some stuff, and pre-render other things? You know, we cache, we pre-render, some people crawl their own websites once, and... I don't know it seems like maybe just a lot of excitement around a lot of things that we've been doing for many years.Shawn Wang: [laughs] So first of all, those are being remade in the React ecosystem of things, which a lot of us lost when a lot of the web development industry moved to React... So that's an important thing to get back.I mean, I agree, that's something that we've always had, pre-rendering, and services like that, caching at the CDN layer - we've always had that. There's some differences... So if you understand Netlify and why they're trying to push distributed persistent rendering (DVR), it's because caching is a hard problem, and people always end up turning off the cache. Because the first time you run into a bug, you're gonna turn off the cache. And the cache is gonna stay off.So the way that Netlify is trying to fix it is that we put the cache in Git, essentially. Git is the source of truth, instead of some other source of truth distributed somewhere between your CDN and your database and somewhere else. No, everything's in Git. I'm not sure if I've represented that well, to be honest... [laughter]Adam Stacoviak: Well, good thing you don't work for Netlify anymore. We're not holding you to the Netlify standard.Shawn Wang: [31:58] Exactly. All I can say is that to me now it's a good thing in the sense that it's boring. It's the good kind of boring, in the sense of like "Okay, there's a spectrum. There's all these techniques. Yes, there were previous techniques, but now these are the new hotness. Pick your choice." I can get into a technical discussion of why this technique, the first one, the others... But also, is it that interesting unless you're evaluating for your site? Probably not...Jerod Santo: Well, it does play into this API economy though, right? Because when you're full JAMstack, then the A is your most important thing, and when the A is owned by a bunch of companies that aren't yours - like, there's a little bit of dark side there, right? All of a sudden, now I'm not necessarily the proprietor of my own website, to a certain degree, because I have these contracts. I may or may not get cut off... There's a lot of concerns when everybody else is a dependency to your website.Shawn Wang: Yeah. So I don't consider that a dark side at all.Jerod Santo: No, I'm saying to me that seems like a dark side.Shawn Wang: Yeah, sure. This is the risk of lock-in; you're handing over your faith and your uptime to other people. So you have to trade that off, versus "Can you build this yourself? And are you capable of doing something like this, and are you capable of maintaining it?" And that is a very high upfront cost, versus the variable cost of just hiring one of these people to do it for you as a service.So what I would say is that the API economy is a net addition, because you as a startup - the startup cost is very little, and if you get big enough where it makes sense for you to build in-house - go ahead. But this is a net new addition for you to turn fixed costs into variable costs, and start with a small amount of investment. But I can hire -- like, Algolia was started by three Ph.D's in search, and I can hire them for cents to do search on my crummy little website. I will absolutely do that every single day, until I get to a big enough point where I cannot depend on them anymore, and I have to build my own search. Fine, I'll do that. But until then, I can just rely on them. That's a new addition there.Jerod Santo: One hundred percent. So what then do you think is the darker side? You mentioned it, but put a finer point on it.Shawn Wang: Yeah. The dark side is that there are people -- like, when I call an Uber ride, Uber is an API for teleportation, essentially. I'm here, I wanna go there. I press a button, the car shows up. I get in the car, get off, I'm there. What this papers over is that the API is calling real actual humans, who are being commoditized. I don't care who drives the car, I really don't. I mean, they may have some ratings, but I kind of don't care.Jerod Santo: That was the case with taxis though, wasn't it?Shawn Wang: That was the case with taxis, for sure. But there's a lot of people living below the API, who are economically constrained, and people who live above the API, developers, who have all the upside, essentially... Because the developers are unique, the labor is commoditized. My DoorDash pickers, my Instacart deliverers - all these are subsumed under the API economy. They're commodities forever, they know it, and there's no way out for them, unless they become developers themselves. There's a class system developing below and above the API. And the moment we can replace these people under the API with robots, you better believe we'll do that, because robots are way cheaper, and they complain less, they can work 24 hours, all this stuff.Jerod Santo: Yeah.Shawn Wang: So that's the dark side, which is, yeah, as a developer now - fantastic. I can control most parts of the economy with just a single API call. As a startup founder, I can develop an API for literally anything, and people will buy it. The downside is human talent is being commoditized, and I don't know how to feel about that. I think people are not talking enough about it, and I just wanna flag it to people.Jerod Santo: Yeah.Adam Stacoviak: So dark side could mean a couple things. One, it could mean literally bad; dark as synonymous with bad. Or dark as in shady. And we're not sure, it's obscured in terms of what's happening. And so let's use an Instacarter or a Dasher - to use their terminology. I happen to be a DoorDash user, so I know they're called Dashers; that's the only reason I know that. It's not a downplay, it's just simply what the terminology is...[35:59] You could say it's below the API, but I wonder, if you've spoken with these people, or people that live in what you call below the API, because I would imagine they're not doing that because they're being forced. Like, it's an opportunity for them.Shawn Wang: Oh, yeah.Adam Stacoviak: And I remember when I was younger and I had less opportunity because I had less "above the API" (so to speak) talent... And I do agree there's a class here, but I wonder if it's truly bad; that dark is truly bad, or if it's just simply obscure in terms of how it's gonna play out.Shawn Wang: This is about upside. They will never get to that six figures income with this thing.Adam Stacoviak: Not that job.Jerod Santo: No.Shawn Wang: It's really about the class system, which is the dark side. You don't want to have society splinter into like a serving class and whatever the non-serving class is. It's also about the upside - like, I don't see a way for these people to break out unless, they really just take a hard stop and just go to a completely different career track.Jerod Santo: Right.Adam Stacoviak: Here's where I have a hard time with that... I'm not pushing back on that you're wrong, I'm just wondering more deeply...Shawn Wang: Sure.Adam Stacoviak: I imagine at one point in my life I was a DoorDasher.Shawn Wang: Yeah.Adam Stacoviak: I washed dishes, I did definitely unique jobs at a young age before I had skill. And so the path is skill, and as long as we have a path to skill, which you've show-cased through FreeCodeCamp in your path, then I think that dark side is just simply shady, and not bad.Shawn Wang: Okay.Adam Stacoviak: And I'm just trying to understand it, because I was truly a DoorDasher before DoorDash was available. I washed dishes, delivered papers, I had servant-level things; I was literally a server at a restaurant before... And I loved doing that kind of work, but my talents have allowed me to go above that specific job, and maybe even the pay that came with that job. I've served in the military before, got paid terrible dollars, but I loved the United States military; it's great. And I love everybody who's served in our military. But the point is, I think the path is skill, and as long as we have a pathway to skill, and jobs that can house that skill and leverage that skill to create new value for the world, I just wonder if it's just necessary for society to have, I suppose, above and below API things.Jerod Santo: Until we have all the robots. Then there is nobody underneath. At that point it's all robots under the API.Shawn Wang: Yes, and that is true in a lot of senses, actually. Like, farming is mostly robots these days. You do have individual farmers, but they're much less than they used to be. I don't know what to say about that, shady or dark... I think it's just -- there's no career track. You have to go break out of that system yourself. Thank God there's a way to do it. But back in the day, you used to be able to go from the mailroom to the boardroom.Adam Stacoviak: I see.Shawn Wang: I see these stories of people who used to be janitors at schools become the principal. Companies used to invest in all their people and bring them up. But now we're just hiring your time, and then if you wanna break out of that system - good luck, you're on your own. I think that that lack of upward mobility is a problem, and you're not gonna see it today. It's a slow-moving train wreck. But it's gonna happen where you have society split in two, and bad things happen because of it.Adam Stacoviak: I mean, I could agree with that part there, that there definitely is no lateral movement from Dasher to CEO of DoorDash.Shawn Wang: It's just not gonna happen.Adam Stacoviak: Or VP of engineering at DoorDash. I think because there is no path, the path would be step outside of that system, because that system doesn't have a path. I could agree with that, for sure.Jerod Santo: Yeah. I mean, the good news is that we are creating -- there are paths. This is not like a path from X to Y through that system, but there are other alternate paths that we are creating and investing in, and as well as the API gets pushed further and further down in terms of reachability - we now have more and more access to those things. It's easier now, today, than it ever has been, because of what we were talking about, to be the startup founder, right? To be the person who starts at CEO because the company has one person in it, and they're the CEO. And to succeed in that case, and become the next DoorDash.Adam Stacoviak: True.Jerod Santo: So there are opportunities to get out, it's just not a clear line... And yeah, it takes perhaps some mentorship, perhaps ingenuity... A lot of the things that it takes to succeed anyway, so...Shawn Wang: [40:05] I'll give a closing note for developers who are listening, because you're already a developer... So the analogy is if you're above the API, you tell machines what to do; if you're below the API, machines tell you what to do. So here's the developer analogy, which is there's another division in society, which is the kanban board. If you're below the kanban board, the kanban board tells you what to do. If you're above it, you tell developers what to do. [laughs]Jerod Santo: There you go.Shawn Wang: So how do you break out of that class division? I'll leave it out to you, but just keep in mind, there's always layers.Jerod Santo: I love that.Adam Stacoviak: I love the discussion around it, but I'm also thankful you approached the subject by a way of a blog post, because I do believe that this is interesting to talk about, and people should talk about it, for sure. Because it provides introspection into, I guess, potentially something you don't really think about, like "Do I live below or above the APi?" I've never thought about that in that way until this very moment, talking to you, so... I love that.Break: [40:58]Jerod Santo: So another awesome post you have written lately is about Cloudflare and AWS. Go - not the language, the game Go... I know very little about the language, and I know even less about the game... And Chess... How Cloudflare is approaching things, versus how AWS and Google and others are... Given us the TL;DR of that post, and then we'll discuss.Shawn Wang: Okay. The TL;DR of that post is that Cloudflare is trying to become the fourth major cloud after AWS, Azure and GCP. The way they're doing it is fundamentally different than the other three, and the more I've studied them - I basically observed Cloudflare for the entire time since I joined Netlify. Netlify kind of is a competitor to Cloudflare, and it's always this uncomfortable debate between "Should you put Cloudflare in front of Netlify? Netlify itself is a CDN. Why would you put a CDN in front of another CDN?" Oh, because Netlify charges for bandwidth, and Cloudflare does not. [laughter]Jerod Santo: It's as simple as that.Shawn Wang: And then there's DDOS protection, all that stuff; very complicated. Go look up the Netlify blog post on why you should not put Cloudflare in front of Netlify, and decide for yourself. But Netlify now taking on AWS S3 - S3 is like a crown jewel of AWS. This is the eighth wonder of the world. It provides eleven nines of durability. Nothing less than the sun exploding will take this thing down... [laughs]Jerod Santo: Right? You know what's funny - I don't even consider us at Changelog AWS customers; I don't even think of us that way. But of course, we use S3, because that's what you do. So yeah, we're very much AWS customers, even though I barely even think about it, because S3 is just like this thing that of course you're gonna use.Shawn Wang: There's been a recent history of people putting out S3-compatible APIs, just because it's so dominant that it becomes the de-facto standard. Backblaze did it recently. But Cloudflare putting out R2 and explicitly saying "You can slurp up the S3 data, and by the way, here's all the cost-benefit of AWS egress charges that's what Matthew Prince wrote about in his blog post is all totally true, attacks a part of AWS that it cannot compromise on and just comes at the top three clouds from a different way, that they cannot respond to.[44:17] So I always like these analogies of how people play destruction games. I'm a student of destruction, and I study Ben Thompson and Clay Christensen, and that entire world, very quickly... So I thought this was a different model of destruction, where you're essentially embracing rather than trying to compete head-on. And wrapping around it is essentially what Go does versus chess, and I like -- you know, there's all these comparisons, like "You're playing 2D chess, I'm playing 3D chess. You're playing chess, I'm playing Go." So Cloudflare is playing Go by surrounding the S3 service and saying "Here is a strict superset. You're already a consumer of S3. Put us on, and magically your costs get lower. Nothing else about it changes, including your data still lives in AWS if you ever decide to leave us." Or if you want to move to Cloudflare, you've just gotta do the final step of cutting off S3.That is a genius, brilliant move that I think people don't really appreciate, and it's something that I study a lot, because I work at companies that try to become the next big cloud. I worked at Netlify, and a lot of people are asking, "Can you build a large public company on top of another cloud? Our second-layer cloud is viable." I think Vercel and Netlify are proving that partially it is. They're both highly valued. I almost leaked some info there... When does this go out? [laughs]Jerod Santo: Next week, probably...Shawn Wang: Okay, alright... So they're both highly valued, and - like, can they be hundred-billion-dollar companies? I don't know. We don't know the end state of cloud, but I think people are trying to compete there, and every startup -- I nearly joined Render.com as well. Every startup that's trying to pitch a second-layer cloud thesis is always working under the shadows of AWS. And this is the first real thesis that I've seen, that like "Oh, okay, you not only can credibly wrap around and benefit, you can actually come into your own as a fourth major cloud." So I'm gonna stop there... There's so many thoughts I have about Cloudflare.Jerod Santo: Yeah. So do you see that R2 then -- I think it's a brilliant move, as you described it... As I read your post, I started to appreciate, I think, the move, more than I did when I first read about it and I was like "Oh, they're just undercutting." But it seems they are doing more than just that. But do you think that this R2 then is a bit of a loss leader in order to just take a whole bunch of AWS customers, or do you think there's actually an economic -- is it economically viable as a standalone service, or do you think Cloudflare is using it to gain customers? What are your thoughts in their strategy of Why?Shawn Wang: This is the top question on Twitter and on Hacker News when they launch. They are going to make money on this thing, and the reason is because of all the peering agreements that they've established over the past five years. As part of the normal business strategy of Cloudflare, they have peering agreements with all of the ISPs; bandwidth is free for them. So... For them in a lot of cases. Again, I have to caveat all this constantly, because I should note to people that I am not a cloud or networking expert. I'm just learning in public, just like the rest of you, and here's what I have so far. So please, correct me if I'm wrong, and I'll learn from it.But yeah, I mean - straight on, it's not a loss leader. They plan to make money on it. And the reason they can is because they have worked so hard to make their cost structure completely different in AWS, and they've been a friend to all the other ISPs, rather than AWS consuming everything in its own world. Now you're starting to see the benefits of that strategy play out. And by the way, this is just storage, but also they have data store, also they have service compute, all following the same model.Jerod Santo: So what do you think is a more likely path over the next two years? Cloudflare --Adam Stacoviak: Prediction time!Jerod Santo: ...Cloudflare steals just massive swathes of AWS customers, or AWS slashes prices to compete?Shawn Wang: So I try not to do the prediction business, because I got out of that from the finance days... All I'm doing is nowcasting. I observe what I'm seeing now and I try to put out the clearest vision of it, so the others can follow.I think that it makes sense for them to be replicating the primitives of every other cloud service. So in 2017 they did service compute with Cloudflare Workers. In 2018 they did eventually consistent data store. In 2019 - website hosting; that's the Netlify competitor. In 2020 they did strongly-consistent data store, with Durable Objects. In 2021 object storage. What's next on that list? Go on to your AWS console and go shopping. And instead of seven different ways to do async messaging in AWS, probably they're gonna do one way in Cloudflare. [laughs]Adam Stacoviak: [48:34] A unified API, or something like that...Jerod Santo: Yeah, they'll just look at AWS' offerings, the ones they like the best, and do it that way, right?Shawn Wang: Yeah, just pick it up.Adam Stacoviak: Maybe the way to get a prediction out of you, swyx, might be rather than directly predict, maybe describe how you win Go.Shawn Wang: How you win Go...Adam Stacoviak: Yeah, what's the point of Go? How do you win Go? Because that might predict the hidden prediction, so to speak.Shawn Wang: Okay. For listeners who don't know Go, let me draw out the analogy as well. So most people are familiar with chess; individual chess pieces have different values and different points, and they must all support each other. Whenever you play chess, you need the Knight to support the pawns, something like that... Whereas in Go, you place your pieces everywhere, and they're all indistinguishable from each other. And it's more about claiming territory; at the end of the day, that's how you win Go, you claim the most territory compared to the others... And it's never a winner-take-all situation. Most likely, it's like a 60/40. You won 60% of the territory and your competitor has 40% of the territory. That's more likely a mapping of how cloud is gonna play out than chess, where winner-takes-all when you take the King. There's no King in the cloud, but--Jerod Santo: Are you sure...?Shawn Wang: ...there's a lot likely of territory claiming, and Cloudflare is really positioned very well for that. It's just part of the final realization that I had at the end of the blog post. And partially, how you take individual pieces of territory is that you surround all the pieces of the enemy and you place the final piece and you fill up all the gaps, such that the enemy is completely cut off from everything else and is surrounded. And that's what R2 does to S3 - it surrounds S3, and it's up to you to place that final piece. They call it, Atari, by the way, which is the name of the old gaming company, Atari. They have placed AWS S3 in Atari, and it's up to the customers to say "I'm gonna place that final piece. I'm gonna pay the cost of transferring all my data out of S3 and cut S3 off", and they cut off all the remaining liberties. So how do you win in Go? You claim the most amount of territory, and you surround the pieces of the enemy.Adam Stacoviak: Which, if you thought maybe that was oxygen, the territory, you might suck the oxygen away from them, so they can't live anymore, so to speak... And maybe you don't take it by killing it. Maybe you sort of suffocate it almost, if their space becomes small enough; if you take enough territory and it begins to shrink enough, it's kind of like checkmate, but not.Shawn Wang: Yeah. There's also a concept of sente in Go, which is that you make a move that the opponent has to respond to, which is kind of like a check, or checkmate -- actually, not; just the check, in chess. And right now, AWS doesn't feel the need to respond. Cloudflare is not big enough. Like, these are names to us, but let's just put things in numbers. Cloudflare's market cap is 36 billion, AWS' market cap is 1.6 trillion; this is Amazon's total market cap. Obviously, AWS is a subset of that.Jerod Santo: Sure.Shawn Wang: So your competitor is 40 times larger than you. Obviously, Cloudflare is incentivized to make a lot of noise and make themselves seem bigger than it is. But until AWS has to respond, this is not real.Adam Stacoviak: Nice.Jerod Santo: So as a developer, as a customer of potentially one or both of these... Let's say you have a whole bunch of stuff on S3 - I'm asking you personally now, swyx - and R2 becomes available... Is that a no-brainer for you, or is there any reason not to use that?Shawn Wang: You're just adding another vendor in your dependency tree. I think for anyone running silicon bandwidth, it is a no-brainer.Jerod Santo: Yeah. So over the course of n months, where n equals when they launch plus a certain number - I mean, I think this is gonna end up eventually on Amazon's radar, to where it's gonna start affecting some bottom lines that important people are gonna notice. So I just wonder - I mean, how much territory can Cloudflare grab before there's a counter-move? It's gonna be interesting to watch.Shawn Wang: [52:12] So Ben from Vantage actually did a cost analysis... Vantage is a startup that is made up former AWS Console people; they're trying to build a better developer experience on top of AWS. They actually did a cost analysis on the R2 move, and they said that there's probably a hundred billion dollars' worth of revenue at stake for Amazon. So if they start to have a significant dent in that, let's say like 40%, AWS will probably have to respond. But until then, there's nothing to worry about. That's literally how it is in Amazon; you have to see the numbers hit before you respond.Jerod Santo: Yeah. It hasn't even been a blip on the radar at this point, the key metrics to the people who are important enough to care are watching. You said you started watching all of these CDNs. Of course, you worked at Netlify... You take an interest in backends. There's something you mentioned in the break about frontenders versus backend, and where you've kind of been directing your career, why you're watching Cloudflare so closely, what you're up to now with your work... Do you wanna go there?Shawn Wang: Let's go there. So if you track my career, I started out as a frontend developer. I was developing design systems, I was working with Storybook, and React, and all that... Then at Netlify I was doing more serverless and CLI stuff. At AWS more storage and database and AppSync and GraphQL stuff... And now at Temporal I'm working on a workflow engine, pure backend. I just went to KubeCon two weeks ago...Jerod Santo: Nice!Shawn Wang: What is a frontend developer doing at KubeCon...?Adam Stacoviak: New territory.Shawn Wang: It's a frontend developer who realizes that there's a career ceiling for frontend developers. And it's not a polite conversation, and obviously there are exceptions to frontend developers who are VPs of engineering, frontend developers who are startup founders... And actually, by the way, there's a lot of VC funding coming from frontend developers, which is fantastic for all my friends. They're all getting funded, left, right and center. I feel left out. But there is a Career ceiling, in a sense that survey a hundred VPs of engineering, how many of them have backend backgrounds, and how many of them have frontend backgrounds? And given that choice, what's more likely for you and your long-term career progression? Do you want to specialize in frontend or do you want to specialize in backend? Different people have different interests, and I think that you can be successful in whatever discipline you pick. But for me, I've been moving towards the backend for that reason.Adam Stacoviak: Describe ceiling. What exactly do you mean when you say "ceiling"?Shawn Wang: Career ceiling. What's your terminal title.Jerod Santo: Like your highest role, or whatever. Highest salary, highest role, highest title...Adam Stacoviak: Gotcha.Shawn Wang: Like, straight up, how many VPs of engineering and CTOs have backend backgrounds versus frontend.Jerod Santo: Yeah. I mean, just anecdotally, I would agree with you that it's probably 8 or 9 out of 10 CTOs have -- is that what you said, 8 or 9?Shawn Wang: Yeah, yeah. So there's obviously an economic reasoning for this; it's because there's a bias in the industry that frontend is not real development, and backend is. And that has to be combated. But also, there's an economic reasoning, and I always go back to the economics part, because of my finance background... Which is that your value to the company, your value to the industry really depends on how many machines run through you. You as an individual unit of labor, how much money do you control, and how much machine process, or compute, or storage, or whatever runs through you. And just straight-up frontend doesn't take as much. [laughs] Yes, frontend is hard, yes, design is hard, yes, UX is crucially important, especially for consumer-facing products... But at the end of the day, your compute is being run on other people's machines, and people don't value that as much as the compute that I pay for, that I need to scale, and therefore I need an experienced leader to run that, and therefore that is the leader of my entire eng.Jerod Santo: I wonder if that changes at all for very product-focused orgs, where I think a lot of frontenders, the moves are into product design and architecture, and away from - not software architecture, but product design. And it seems like maybe if you compare - not VP of engineering, but VP of product, you'd see a lot of former frontenders.Shawn Wang: [56:03] Yeah.Jerod Santo: Maybe that's their path. Do you think that's --Shawn Wang: Totally. But you're no longer a frontend dev. You suddenly have to do mocks...Jerod Santo: Yeah, but when you're VP of engineering you're not a backend dev either.Shawn Wang: Yeah.Jerod Santo: So you're kind of both ascending to that degreeShawn Wang: Backends devs will never report to you, let's put it that way.Jerod Santo: Okay. Fair.Shawn Wang: [laughter] But somehow, frontend devs have to report to backend devs, for some reason; just because they're superior, or something. I don't know, it's just like an unspoken thing... It's a very impolite conversation, but hey, it's a reality, man.Jerod Santo: So do you see this personally, or do you see this by looking around?Shawn Wang: Yeah.Jerod Santo: Yeah. You felt like you had reached a ceiling.Shawn Wang: Well, again, this is very impolite; there's a ton of ways to succeed, and there are definitely exceptions. Emily Nakashima at Honeycomb - former frontend person, now VP of engineering. I don't know, I could have done that. I have interest in backend and I'm pursuing that. So I will say that - this is a soft ceiling, it's a permeable ceiling. It's not a hard ceiling.Jerod Santo: Sure.Shawn Wang: But there's a ceiling though, because you can see the numbers.Adam Stacoviak: What is it in particular the VP of engineering does that would make a frontender less likely to have that role? What specifically? I mean, engineering is one of the things, right? Commanding the software... Which is not necessarily frontend.Jerod Santo: Well, frontend is also an engineering discipline.Adam Stacoviak: I guess it kind of depends on the company, too. Honeycomb is probably a different example.Shawn Wang: I haven't been a VP of engineering, so I only have some theories. I suggest you just ask the next VP of engineering that you talk to, or CTO.Adam Stacoviak: Yeah.Jerod Santo: Yeah. That'd be a good one to start asking people.Adam Stacoviak: What do you do here? What is it you do here?Shawn Wang: What is it you do here?Jerod Santo: Exactly.Shawn Wang: [laughs]Adam Stacoviak: Well, I just wondered if there was a specific skillset that happens at that VP of engineering level that leads more towards a backender being more likely than a frontender to get hired into the role.Shawn Wang: I think there's some traditional baggage. Power structures persist for very long times... And for a long time UX and frontend was just not valued. And we're like maybe five years into the shift into that. It's just gonna take a long time.Jerod Santo: I agree with that. So tell us what you're up to now. You said you're doing workflows... I saw a quick lightning talk; you were talking about "React for the backend." So you're very much taking your frontend stuff into the backend here, with React for the backend. Tell us about that.Shawn Wang: Let's go for it. So at Netlify and at AWS I was essentially a developer advocate for serverless. So this is very cool - it does pay-as-you-go compute, and you can do a lot of cool stuff with it. But something that was always at the back of my mind bothering me, that serverless does not do well, is long-running jobs. It just does not do well. You have to chain together a bunch of stuff, and it's very brittle; you cannot test it... It's way more expensive than you would do in a normal environment.Jerod Santo: Yeah.Shawn Wang: And it made me realize that in this move to take apart everything and make everything as a service, we have gained scalability, but we've lost basically everything else. And what I was trying to do was "How do we reconstruct the experience of the monolith? What are the jobs to be done?" When you break it down, what does a computer do for you, and what is not adequately addressed by the ecosystem?I went through the exercise... I wrote a blog post called "Reconstructing the monolith, and I actually listed it out." So what are the jobs of cloud for a computer? You want static file serving, you want functions, you want gateway, you want socket management, job runners, queue, scheduler, cold storage, hot storage. There's meta jobs like error logging, usage logging, dashboarding, and then edge computing is like a unique to cloud thing. But everything else, you can kind of break it up and you can locate it on one machine, or you can locate it on multiple machines, some of them owned by you, some of them not owned by you.The thing that serverless -- that had a whole in the ecosystem was job running. Not good. Basically, as an AWS developer right now, the answer is you set a CloudWatch schedule function, and you pull an endpoint, and that should read some states from a database, and check through where you are, and compute until the 15-minute timeout for Lambda, and then save it back in, and then wait for the next pull, and start back up again. Super-brittle, and just a terrible experience; you would never want to go this way.[01:00:08.13] The AWS current response to that is AWS Step Functions, which is a JSON graph of what happens after the other, and this central orchestrator controls all of that. I think we could do better, and that's eventually what got me to temporal. So essentially, this blog post that I wrote - people found me through that, and hired both our head of product and myself from this single blog post. So it's probably the highest ROI blog post I've ever written.Jerod Santo: Wow. That's spectacular.Shawn Wang: It's just the VC that invested in Temporal. So what Temporal does is it helps you write long-running workflows in a doable fashion; every single state transition is persisted to a database, in idiomatic code. So idiomatic Java, idiomatic Go, idiomatic JavaScript, and PHP. This is different from other systems, because other systems force you to learn their language. For Amazon, you have to learn Amazon States Language. For Google Workflows - Google Workflows has a very long, very verbose JSON and YAML language as well.And these are all weird perversions of -- like, you wanna start simple; JSON is very simple, for doing boxes and arrows, and stuff like that... But you start ending up having to handwrite the AST of a general-purpose programming language, because you want variables, you want loops, you want branching, you want all that god stuff. And the best way to model asynchronous and dynamic business logic is with a general-purpose programming language, and that's our strong opinion there.So Temporal was created at Uber; it runs over 300 use cases at Uber, including driver onboarding, and marketing, and some of the trips stuff as well. It was open source, and adopted at Airbnb, and Stripe, and Netflix, and we have all those case studies on -- DoorDash as well, by the way, runs on the Uber version of Temporal.Jerod Santo: There you go, Adam.Shawn Wang: And yeah, they spun out to a company two years ago, and we're now trying to make it as an independent cloud company. And again, the

Digital Cash Network
Digital Cash Rundown 51 with Rodrix Digital: Solana DDoS Attack, Crypto Bull Market Over & More!

Digital Cash Network

Play Episode Listen Later Dec 11, 2021 64:54


Rodrix Digital, the man formerly known as Rodrigo Ambrissi, comes on the Digital Cash Rundown to talk all things crypto, especially the crypto bull market and how it may or may not be over already, having disappointed many by failing to propel many assets, especially Bitcoin, to top previous price expectations. We talk about the growth of the space into the bear market and beyond to mass adoption, including Solana and its DDoS attacks and issues with fundamental deficiencies of modern cryptos. We also talk El Salvador and different jurisdictions competing for status as best crypto haven. Finally, we talk about how crypto is going in Brazil. Donate - Sponsors Thank you so much for listening! Please leave a tip if you enjoy the content, either here or via any of the cryptocurrency addresses in my CoinTree link. You can also send a message with a CoinTree donation. I'd love to hear from you! Thanks to my recurring donors both anonymous and otherwise! - https://cointr.ee/thedesertlynx Support us by checking out our sponsors! Want to live on crypto? Create a Bitrefill account with the coupon code “DCN” and pay mobile bills or buy gift cards from more than 1650 businesses in 170 countries quickly and privately, and earn rewards. - https://www.bitrefill.com/buy/?code=DCN Buy anything you want in the world, even rare items, with crypto by using ShopInBit's concierge service. - https://shopinbit.com/en/conciergeservice-ordering-service?sPartner=joel If you're tired of YouTube and other platforms censoring and demonetizing creators, what are you waiting for? Join Odysee! - https://odysee.com/$/invite/@DigitalCashNetwork:c Protect your privacy online, sign up to NordVPN with the promo code DCN and get 68% off, plus an additional month free! - https://nordvpn.org/dcn If don't want search engines like Google controlling your search results and selling your information, join Presearch and get paid to search! - https://presearch.org/signup?rid=865012 Music from https://www.zapsplat.com

Easy Prey
The Risks of Online Gaming with Eric R. Jones

Easy Prey

Play Episode Listen Later Dec 8, 2021 44:37


Transparency in a family builds trust, but sharing information while gaming online can set you up for unnecessary risks. Your children may be sharing details that can impact not just them, but you. Today's guest is Eric Jones. Eric is an experienced product manager and developer with over 20 years experience and more than 9 years in Agile Software Development. He is the founder and creator of All Knowing Parent focused on educating people on all avenues of technology and hardware. Show Notes: [0:50] - Eric shares what he does as a career and about his startup. [2:27] - As a father of two young girls, Eric is adamant about monitoring technology use. [3:50] - Eric is a big believer in transparency. [5:40] - Gaming is not just a casual hobby anymore. [7:01] - On all gaming consoles there is some sort of communication with other players online available both as text and voice. [9:10] - On some platforms, you have to be “friends” with someone to play together. Some games do a better job than others on safety. [10:15] - Eric talks daily to his children about safety in gaming. These conversations started before they were even playing it. [12:03] - Setting rules ahead of time is important to avoid cleaning up a mess. [13:23] - Kids tend to give out so much information easily. [14:48] - What are the pieces of information that you should make sure are kept private? Eric says everything. [17:01] - Even giving out gamer handles from other consoles shouldn't be shared. [18:28] - Consoles protect your IP address better but gaming on servers do not. [20:25] - Almost everything these days is connected to the internet. Unfortunately, a lot of pressure is put on the user. [22:18] - When you're playing online, you don't see the type of people you play with through a username. Eric explains what swatting is. [23:20] - People can also raid a streamer's channel with obscenities and can piece together information through social engineering. [25:03] - Don't assume someone doesn't want your information. They may hack you simply as a launching off point to something else. [26:41] - Referring to a previous episode, everything connected to the internet can slowly give away pieces of information. [28:16] - Social engineering is not as hard as you might think in online gaming just by watching how you play. [30:57] - Children trust first and as adults, we've learned to trust second.  [31:54] - A gaming company's priority is not user safety. [33:16] - If playing with people you don't know, be extremely kind and avoid topics like politics and religion. [35:21] - DDoS attacks are less common these days but can still happen. [39:11] - Unfortunately, if a kid really wants something, they will be motivated to get around things you have in place to keep them safe. [39:45] - Eric describes how and why he founded All Knowing Parent. [41:14] - Eric's goal is to educate and be a support for people to better understand the technology in their life. [43:12] - There are no cookie-cutter answers. Eric helps people with each question as they arise and gives an example of a recent customer question. [44:10] - All Knowing Parent is offering discounts for Easy Prey listeners! Check that out at AllKnowingParent.com/EasyPrey Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.  Links and Resources: Podcast Web Page Facebook Page whatismyipaddress.com Easy Prey on Instagram Easy Prey on Twitter Easy Prey on LinkedIn Easy Prey on YouTube Easy Prey on Pinterest All Knowing Parent Website All Knowing Parent - Easy Prey Special Discounts All Knowing Parent on Facebook All Knowing Parent on Twitter All Knowing Parent on Instagram

mixxio — podcast diario de tecnología
Es más complicado de lo que parece

mixxio — podcast diario de tecnología

Play Episode Listen Later Dec 1, 2021 14:55


Seúl se mete en el metaverso / eBay verificará el calzado deportivo / Twitter contra las fotos privadas / Sube el precio de las batería de coches / Sindicato de Twitcheros Patrocinador: Esta Navidad protege los ordenadores de tus seres queridos con menos habilidades informáticas instalándoles el antivirus de nueva generación de Panda Security https://www.pandasecurity.com/es/, un Brand Watchguard. Cuesta muy poco asegurarte de que siempre tienen navegación web segura, sistemas anti-phising y anti-ransomware, y mucho más. Seúl se mete en el metaverso / eBay verificará el calzado deportivo / Twitter contra las fotos privadas / Sube el precio de las batería de coches / Sindicato de Twitcheros

Risky Business
Risky Business #647 -- Israel slashes cyber exports, Interpol takes down 1,000 crooks

Risky Business

Play Episode Listen Later Dec 1, 2021


On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: Israel slashes number of countries it will export cyber tools to Interpol takes down 1,000 Internet fraudsters Ransomware crews lying low? When the tabloids do cyber the results are sometimes awesome Much, much more… This week's sponsor interview is with Ryan Kalember of Proofpoint. He's the EVP of Cybersecurity Strategy there and he's joining me this week to talk about how investment activity in cybersecurity is basically leaving everyone who isn't a mega enterprise behind. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes Israel restricts cyberweapons export list by two-thirds, from 102 to 37 countries - The Record by Recorded Future US sanctions 28 quantum computing entities in China, Russia, Pakistan, Japan - The Record by Recorded Future Months-long Interpol crackdown nets more than 1,000 online fraud arrests Ukrainian police expose international phone-hacking gang | The Daily Swig Group-IB helps Italian officials take down scammers selling COVID-19 docs via Telegram - The Record by Recorded Future Ransomware gang targeting schools, hospitals reinvents itself to avoid scrutiny Russian hacker wanted by FBI for 'using ransomware to fleece millions of dollars' is unmasked | Daily Mail Online When Russia Helped the U.S. Nab Cybercriminals How the pandemic pulled Nigerian university students into cybercrime - The Record by Recorded Future A Hacking Spree Against Iran Spills Out Into the Physical World | WIRED China agency tells Tencent their apps have to be approved before they go live or update - The Record by Recorded Future Srsly Risky Biz: Thursday, November 25 - by Tom Uren Incident reporting, ransomware payment legislation faces trouble in Senate North Korean hackers posed as Samsung recruiters to target security researchers - The Record by Recorded Future FBI document shows what data can be obtained from encrypted messaging apps - The Record by Recorded Future AT&T takes action against DDoS botnet that hijacked VoIP servers - The Record by Recorded Future You Can Now Get $25 From Zoom Following a Class Action Settlement (3) Konstantin on Twitter: "Apparently, someone from r/antiwork is bombarding the internet with RAW TCP/IP printing requests. I'm going to tag this just for kicks. https://t.co/P0NC2dO6hx" / Twitter (3) Matthew Garrett on Twitter: "Someone is targeting network-attached receipt printers on the public internet and just printing copies of the r/antiwork manifesto and this is glorious" / Twitter Private 5G Mobile Networks – AWS Private 5G – Amazon Web Services

Hack Naked News (Audio)
Reaper Chinotto, Tardigrade, Cannazon DDoS, IKEA, Webcam Hijinks, & Seoul's Metaverse - SWN #171

Hack Naked News (Audio)

Play Episode Listen Later Nov 30, 2021 32:30


This week in the Security Weekly News: Tardigrade, Reaper, HP, Cannazon, Ikea, Cameras, The Virtual DMV Verse, and the Expert Commentary Jason Wood on this edition of the Security Weekly News!   Show Notes: https://securityweekly.com/swn171 Visit https://www.securityweekly.com/swn for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Paul's Security Weekly
Reaper Chinotto, Tardigrade, Cannazon DDoS, IKEA, Webcam Hijinks, & Seoul's Metaverse - SWN #171

Paul's Security Weekly

Play Episode Listen Later Nov 30, 2021 32:30


This week in the Security Weekly News: Tardigrade, Reaper, HP, Cannazon, Ikea, Cameras, The Virtual DMV Verse, and the Expert Commentary Jason Wood on this edition of the Security Weekly News!   Show Notes: https://securityweekly.com/swn171 Visit https://www.securityweekly.com/swn for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Hack Naked News (Video)
Tardigrade, Reaper Chinotto, Cannazon DDoS, IKEA, Webcam Hijinks, & Seoul's Metaverse - SWN #171

Hack Naked News (Video)

Play Episode Listen Later Nov 30, 2021 32:31


This week in the Security Weekly News: Tardigrade, Reaper, HP, Cannazon, Ikea, Cameras, The Virtual DMV Verse, and the Expert Commentary Jason Wood on this edition of the Security Weekly News!   Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn171

Cyber and Technology with Mike
30 November 2021 Cyber and Tech News

Cyber and Technology with Mike

Play Episode Listen Later Nov 30, 2021 9:35


In today's podcast we cover four crucial cyber and technology topics, including:  1. Panasonic confirms, reports breach, investigation underway    2. Yanluowang ransomware threat grows in scale and sophistication  3. Darkweb cannabis marketplace shutsdown following DDoS attack  4. IKEA seeing large number of reply-chain phishing attacks I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

Loop Matinal
Sexta-feira, 26/11/2021

Loop Matinal

Play Episode Listen Later Nov 26, 2021 10:16


Patrocínio: Alura Cursos Online de Tecnologia Acesse o link especial https://bit.ly/blackfriday2021-alura-loopmatinal e resgate 25% de desconto para estudar na Alura. Mas corre, porque só vale hoje (26/11)! -------------------------------- Sobre o Podcast O Loop Matinal é um podcast do Loop Infinito que traz as notícias mais importantes do mundo da tecnologia para quem não tem tempo de ler sites e blogs de tecnologia. Marcus Mendes apresenta um resumo rápido e conciso das notícias mais importantes, sempre com bom-humor e um toque de acidez. Confira as notícias das últimas 24h, e até amanhã! -------------------------------- Apoie o Loop Matinal! O Loop Matinal está no apoia.se/loopmatinal e no picpay.me/loopmatinal! Se você quiser ajudar a manter o podcast no ar, é só escolher a categoria que você preferir e definir seu apoio mensal. Obrigado em especial aos ouvintes Advogado Junio Araujo, Alexsandra Romio, Alisson Rocha, Anderson Barbosa, Anderson Cazarotti, Angelo Almiento, Arthur Givigir, Breno Farber, Caio Santos, Carolina Vieira, Christophe Trevisani, Claudio Souza, Dan Fujita, Daniel Ivasse, Daniel Cardoso, Diogo Silva, Edgard Contente, Edson  Pieczarka Jr, Fabian Umpierre, Fabio Brasileiro, Felipe, Francisco Neto, Frederico Souza, Gabriel Souza, Guilherme Santos, Henrique Orçati, Horacio Monteiro, Igor Antonio, Igor Silva, Ismael Cunha, Jeadilson Bezerra, Jorge Fleming, Jose Junior, Juliana Majikina, Juliano Cezar, Juliano Marcon, Leandro Bodo, Luis Carvalho, Luiz Mota, Marcus Coufal, Mauricio Junior, Messias Oliveira, Nilton Vivacqua, Otavio Tognolo, Paulo Sousa, Ricardo Mello, Ricardo Berjeaut, Ricardo Soares, Rickybell, Roberto Chiaratti, Rodrigo Rosa, Rodrigo Rezende, Samir da Converta Mais, Teresa Borges, Tiago Soares, Victor Souza, Vinícius Lima, Vinícius Ghise e Wilson Pimentel pelo apoio! -------------------------------- Fortnite encerrará temporada em 4/12: 
https://www.theverge.com/2021/11/24/22799221/fortnite-chapter-2-end-date BattleNet sofreu ataque DDoS: https://www.theverge.com/2021/11/24/22801521/blizzard-battle-net-down-ddos-attack-warzone-overwatch Chips MediaTek deixaram telefones Android vulneráveis: https://www.pcmag.com/news/researchers-finds-security-flaw-affecting-37-of-smartphones Falha nos Windows 10 e 11 permitiu invasão: https://www.bleepingcomputer.com/news/security/malware-now-trying-to-exploit-new-windows-installer-zero-day/ Lenovo lança o Legion Slim 7 no Brasil: https://tecnoblog.net/535119/lenovo-legion-slim-7-notebook-gamer-mais-fino-da-empresa-chega-ao-brasil/ STF obriga operadoras a reduzirem preços: https://tecnoblog.net/535038/vivo-tim-claro-e-oi-terao-que-reduzir-precos-apos-decisao-do-stf-sobre-icms/ Procon-SP divulga lista de lojas para evitar na Black Friday: 
https://www.infomoney.com.br/minhas-financas/black-friday-2021-procon-sp-lista-92-sites-para-voce-evitar-fazer-compras/ Nintendo faz promoção de Black Friday: https://tecnoblog.net/535029/black-friday-da-eshop-da-desconto-em-mario-odyssey-monster-hunter-e-mais/ Spotify testa cópia do TikTok: https://www.theverge.com/2021/11/25/22802056/spotify-discover-tab-tiktok-feed-canvas-videos Twitter para iOS está deslogando usuários: https://9to5mac.com/2021/11/24/twitter-for-ios-logging-users-out/ Adam Mosseri prestará depoimento ao Senado americano: https://www.nytimes.com/2021/11/24/technology/adam-mosseri-instagram-testify-congress.html Europa propõe novas regras de anúncios políticos: https://www.wsj.com/articles/eu-pushes-to-limit-how-tech-companies-target-political-ads-11637839613?mod=djemalertNEWS ZTE atualiza o Axon 30 Ultra: https://tecnoblog.net/535072/zte-axon-30-ultra-ganha-nova-edicao-com-18-gb-de-ram-e-1-tb-de-espaco/ -------------------------------- Site do Loop Matinal: http://www.loopmatinal.com Anuncie no Loop Matinal: comercial@loopinfinito.net Marcus Mendes: https://www.twitter.com/mvcmendes Loop Infinito: https://www.youtube.com/oloopinfinito

Sophos Podcasts
S3 Ep60: Exchange exploit, GoDaddy breach and cookies made public

Sophos Podcasts

Play Episode Listen Later Nov 25, 2021 30:38


Cybersecurity tips for the holiday season and beyond. Exchange at risk from public exploit. GoDaddy loses passwords for 1.2m users. Longest-lived Windows version ever. Don't make your cookies public. And the day that umbrellas became an anti-DDoS tool. https://nakedsecurity.sophos.com/black-friday-and-cyber-monday-heres-what https://nakedsecurity.sophos.com/check-your-patches-public-exploit-now-out https://nakedsecurity.sophos.com/godaddy-admits-to-password-breach-check https://nakedsecurity.sophos.com/github-cookie-leakage-thousands-of-firefox-cookie-files With Paul Ducklin and Doug Aamoth. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

Cybersecurity 101 with Joe and Larry
Episode 20 - The 25th Anniversary of DDoS with Pankaj Gupta from Citrix

Cybersecurity 101 with Joe and Larry

Play Episode Listen Later Nov 22, 2021 38:26


In this episode we discuss the 25th anniversary of the first DDoS (Distributed Denial of Service) and why this cybersecurity threat is a tricky one to solve.  00:00 to 2:00 Intro to Pankaj Gupta (@PankajOnCloud,CITRIX) Pankaj leads product and solutions marketing and go to market strategy for cloud, application delivery and security solutions at Citrix. He advises CIOs and business leaders for technology and business model transitions. In prior roles at Cisco, he led networking, cybersecurity and software solution marketing. 2:20 The 25th anniversary of the first Denial of Service attack against Panix, an Internet Service Provider (1996) (https://en.wikipedia.org/wiki/Denial-of-service_attack#Distributed_attack) 25 years later, the largest DDoS attack ever recorded targeted  Russian ISP Yandex (https://www.cpomagazine.com/cyber-security/russian-internet-giant-yandex-wards-off-the-largest-botnet-ddos-attack-in-history/). Pankaj notes how this was exactly 25 years later to the month. 3:15 What is a DDoS Attack? 1) Connection overload 2) Volumetric like ICMP flood 3) Application Layer  5:20 Coinminer as an example of Denial of Service when CPU is exhausted 6:00 Why are we still talking about DDoS 25 years later? Pankaj states that they are now easier than ever to perform.  7:00 Larry asks about the connection between ransomware and DDoS 9:00 Pankaj describes how the motivation for DDoS has shifted from hacktivism to financial motivation  9:30 Joe asks how much it costs for an attacker to operate  10:00 Pankaj explains that unskilled attackers with access to the Dark web can orchestrate attacks 11:45 Joe discusses how many attackers target healthcare despite how this hurts people 12:45 Pankaj discusses that while federal laws exist, very few are prosecuted for DDoS attacks. 13:50 Larry asks whether businesses are paying the ransom  14:15 Pankaj says paying the ransom is never recommended. Instead, Pankaj recommends investing in DDoS protection solutions 15:25 Joe asks whether tools exist to quantify costs for downtime to justify the expense of DDoS prevention solutions.  16:30 Pankaj explains how it is not just the economic impact of downtime that is to be factored into the equation but also the damage to reputation by losing customer's trust.  17:30 Pankaj describes three trends that will cause DDoS attacks to increase in the future (things will get worse rather than better). This is due to increased bandwidth for 5G, exponential growth of IoT devices, and the improved computation power.  18:30 What is IoT? (Internet of Things). This is any device that has an internet connection such as a Nanny Camera, home router, or NEST Thermostat. Bad actors exploits vulnerabilities to transform these devices into a “BOT Network” that the attackers can then use in mass quantity against a single target. This forms the source for the DDoS attacks. All of these devices combined will send packets to the victim website.  20:50 What solutions exist for DDoS? Joe explains how he has solved DDoS historically using services from CloudFlare.  22:00 Joe explains how he configured DDoS protection by configuring DNS, and the weakness when attackers discover the direct IP using OSINT 23:15 Joe asks Pankaj how does Citrix compare with competitors  23:35 Pankaj describes four key criteria when selecting a DDoS solution. 1) The solution should protect against a variety of types of DDoS attacks 2) Can the solution scale? As DDoS attacks increase in size 20% Year over Year (it's expected to be 3 terabits). 3) The advantage of a cloud-based solution is that it can auto-scale in bandwidth whereas an on-premises DDoS solution cannot guard against bandwidth saturation.  25:50 Joe asks Pankaj if Citrix uses its own data centers (does it have exposures if data centers like Google, Amazon or Microsoft). Pankaj describes the Citrix solution as having the scale to handle 12 terabits of scrubbing across multiple points of presence (pop).  29:00 Pankaj describes two types of DDoS solutions, Always-ON, or On-Demand.  If you are an e-commerce website then Always-on may make more sense even though it costs more than on-demand because every minute that you cannot sell your products will lose money.  31:00 DDoS attacks can be a diversion tactic to distract IT and SECOPS teams so that the attackers can perform other types of attacks such as financial fraud (Wire Fraud, SWIFT, etc) 32:40 Larry asks: What is the difference between a buffer overflow and DDoS? Pankaj explains that a buffer overflow could be used as a type of DDoS since it could impact the availability of the service. 34:00 Joe describes how DDoS strikes at the heart of one of the three components of the CIA Triad “Confidentiality, Integrity, and Availability.”  35:00 For businesses interested in learning more about Citrix solutions, Pankaj recommends using this contact form on the Citrix website: https://www.citrix.com/contact/form/inquiry/ 36:30 Joe asks what market is Citrix chasing: Small Business, Mid-Market or Enterprise? Pankaj responds that all businesses need DDoS protection, and how cloud-based solutions are easier to implement.   

Risky Business
Risky Biz Soap Box: DDoS crews will hit you creatively

Risky Business

Play Episode Listen Later Nov 19, 2021


In this edition of the Risky Biz Soap Box podcast we chat with Sean Leach, the Chief Product Architect at Fastly, about the history and current status of the DDoS ecosystem. Despite never really making money for criminals, DDoS attacks are still a problem. CDNs have soaked up a lot of the problem, so DDoS crews are getting creative. Do you know where you're vulnerable? Show notes Bouncy castle boss James Balcombe ordered arson hits on rivals

TechTimeRadio
TechTime's first look at Twitter Blue, and why YouTube suddenly dislikes the thumbs-down. Elon Musk Sells about 930,000 Tesla Shares Worth $1.1 Billion. Next, a rare, original Apple-1 computer just sold for 500K. Air Date: 11/13 - 11/19/21

TechTimeRadio

Play Episode Listen Later Nov 17, 2021 111:21


Join us on TechTime with Nathan Mumm this week on the show; we give you the first look at "Twitter Blue," and with this, does a new paradigm open to free social media services? Then YouTube suddenly dislikes the thumbs-down, while Elon Musk Sells about 930,000 Tesla Shares Worth $1.1 Billion. Next, a rare, original Apple-1 computer just sold, for how much? Gwen Way joins the show with a new Gadgets and Gear segment. Finally, we have our Pick of the Day Whiskey Tastings and Mike's Mesmerizing Moment brought to us by Stori-Coffee®.  On the Second Hour, From NASA's Perseverance rover to what is happening on the International Space station. Grab a pencil to keep track of our Technology Steals and Deals. Then what is happening in the Cyberworld with our scary segment, we call "Protect Yourself Today" Plus, you will not want to miss "This Week in Technology History" as we explore some Apple flair. "Welcome to TechTime Radio with Nathan Mumm, the show that makes you go "Hummmm" Technology news of the week for November 13th through the 19th, 2021.Episode 74: Hour 1--- [Now on Today's Show]: Starts at 9:15--- [Top Stories in 5 Minutes]: Starts at 11:39Elon Musk Sells About 930,000 Tesla Shares Worth $1.1 Billion - https://tinyurl.com/4nzzhjxc YouTube gives dislikes the thumbs-down, hides public counts - https://tinyurl.com/chzyvkke A rare, original Apple-1 computer just sold at auction for an astounding $500,000 - https://tinyurl.com/4skn6ykf MoviePass may return in 2022 -  https://tinyurl.com/59mp57bn Steam Deck delayed to 2022 due to ongoing supply-chain disruptions - https://tinyurl.com/47xhrzwv --- [Pick of the Day - Whiskey Tasting Review]: Starts at 25:56Riff Distilling Kentucky Straight | 100 Proof | $45.00 --- [Gadgets and Gear]: Starts at 28:18Marvel Dice Throne review by Gwen Way--- [Technology Insider]: Starts at 40:53"Twitter Blue" options that people have been asking for now a “Premium Service” - https://tinyurl.com/4744s52w--- [Mike's Mesmerizing Moment brought to us by StoriCoffee®]: Starts at 50:20--- [Pick of the Day]: Starts at 53:43Riff Distilling Kentucky Straight | 100 Proof | $45.00 Nathan: Thumbs Up  Mike: Thumbs UpEpisode 74: Hour 2 --- [Now on Today's Show]: Starts at 1:05:48--- [Steals and Deals]: Starts at 1:09:53Mike and Nathan share this week's best prices on technology items for the week. --- [Protect Yourself Today]: Starts at 1:20:28Breached Aruba Central using a stolen access key. FBI warns of Iranian hackers looking to buy US orgs' stolen data - https://tinyurl.com/mdryjhtv Telnyx is the latest VoIP provider hit with DDoS attacks - https://tinyurl.com/22v7pynd --- [What We Found on the Web]: Starts at 1:38:24Latest Astronaut Crew of Four Welcomed Aboard International Space StationNASA Mars rover roughs up a rock, peers at 'something no one's ever seen' --- [This Week in Technology]: Starts at 1:47:30November 10, 2001 - Apple ships the first iPod, the device that changed the course of both the music and technology industries. Podcorn: Podcast influencer marketplace The leading podcast marketplace. Connecting unique voices to unique brands for native advertising.

I'm All Ears: A Dead By Daylight Podcast
Streamers Get DDoS'd During The New PTB | I'm All Ears Episode 14

I'm All Ears: A Dead By Daylight Podcast

Play Episode Listen Later Nov 16, 2021 74:07


During today's episode, Dro and Dyllon sit down to discuss what has been going on with the new PTB release and streamers IP addresses being used to maliciously attack them and DDoS their systems. There is no evidence that these leaks have come from internal Behaviour or any hacks on Behaviour Servers - but their response has been less than ideal to say the least.

Cyber and Technology with Mike
15 November 2021 Cyber and Tech News

Cyber and Technology with Mike

Play Episode Listen Later Nov 15, 2021 8:57


In today's podcast we cover four crucial cyber and technology topics, including:  1. FBI flawed server hacked to send spam  2. Researches uncover new botnot that targets Linux  3. COSCTO store finds digital skimmer in one of payment terminals  4. Windows updates fix to patch that caused issues with SSO authentication I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

Forward Thinking Founders
755 - Viet York (Lectron) On Protecting Any Application from DDoS Attacks

Forward Thinking Founders

Play Episode Listen Later Nov 10, 2021 14:51


Viet York is the founder of Lectron. Lectron protects the metaverse, game server, and any online application from DDoS attacks. Then supercharge it with 210+ anycast edge locations around the world to enhance your end user experience★ Support this podcast ★

Risky Business
Risky Business #644 -- USA sanctions NSO Group, hits REvil

Risky Business

Play Episode Listen Later Nov 10, 2021


On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: US sanctions NSO, Candiru, COSEINC and Positive Technologies We wrap up the action in ransomware Why exploit tournaments are boring in America and exciting in China More malicious npm packages in the wild Pentagon updates CMMC to 2.0 Much, much more We'll hear from Corelight's CISO Bernard Brantley in this week's sponsor interview. We're talking about how attackers think in graphs and defenders think in lists.. Microsoft's John Lambert wrote a post about that back in 2015, and Bernard joins the show this week to talk about why it's just as relevant as ever. Stick around for that one. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes U.S. sanctions Israel's NSO Group over Pegasus spyware - The Washington Post Risky Business #310 -- Export exploits? Wassenaar says no - Risky Business Positive Technologies says US sanctions had little or no effect on its business - The Record by Recorded Future Hungarian official confirms government bought and used Pegasus spyware - The Record by Recorded Future NSO's Pegasus spyware found on the devices of six Palestinian activists - The Record by Recorded Future “A grim outlook”: How cyber surveillance is booming on a global scale | MIT Technology Review Spyware providers are flocking to international arms fairs to sell to NATO foes Ukraine discloses identity of Gamaredon members links it to Russia's FSB - The Record by Recorded Future PRC says FCC decision to pull China Telecom license was ‘based on suspicion,' not facts - The Record by Recorded Future China says a foreign spy agency hacked its airlines, stole passenger records - The Record by Recorded Future Hackers with Chinese links breach defense, energy targets, including one in US Pwn2Own Austin 2021: Synacktiv crowned Masters of Pwn after Sonos One, WD NAS exploits | The Daily Swig House approves massive infrastructure plan that includes $1.9 billion for cybersecurity - The Record by Recorded Future Malware found in coa and rc, two npm packages with 23M weekly downloads - The Record by Recorded Future Pentagon issues revised cyber standards for contractors - The Record by Recorded Future Hacker steals $55 million from bZx DeFi platform - The Record by Recorded Future Suspect in scheme to breach major Twitter accounts is now charged with hacking crypto executives Scammer Convinced Instagram That Its Top Executive Was Dead GitLab servers are being exploited in DDoS attacks in excess of 1 Tbps - The Record by Recorded Future Dangerous XSS bug in Google Chrome's ‘New Tab' page bypassed security features | The Daily Swig US offers $10 million reward for info on Darkside ransomware group - The Record by Recorded Future Hackers Apologize to Arab Royal Families for Leaking Their Data A ransomware gang shut down after Cybercom hijacked its site and it discovered it had been hacked - The Washington Post BlackMatter ransomware says its shutting down due to pressure from local authorities - The Record by Recorded Future CERT-France: Lockean ransomware group behind attacks on French companies - The Record by Recorded Future The ‘Groove' Ransomware Gang Was a Hoax – Krebs on Security Ransomware crackdown spreads in U.S., Europe and Asia US Treasury sanctions crypto-exchange Chatex for links to ransomware payments - The Record by Recorded Future Shared/Defenders think in lists. Attackers think in graphs. As long as this is true, attackers win.md at master · JohnLaTwC/Shared · GitHub Compare to open source Zeek

The Cloud Pod
TCP Talks: From Monolith to Microservices: Jonathan Heiliger on Modern IT Service Management

The Cloud Pod

Play Episode Listen Later Nov 3, 2021 49:35


In this TCP Talks episode, Justin Brodley and Jonathan Baker talk with Jonathan Heiliger, co-founder and partner at Vertex Ventures: an early-stage venture capital firm backing innovative technology entrepreneurs.  Earlier in his career, at just 19, Jonathan co-founded web hosting provider GlobalCenter and served as CTO. He went on to hold engineering roles at Walmart and Danger, Inc., the latter of which was acquired by Microsoft. He was also Vice President of Infrastructure and Operations at Facebook (now Meta), and a general partner at North Bridge Ventures. The latter firm's portfolio included Quora, Periscope, and Lytro (which has been acquired by Google.) At Vertex Ventures, Jonathan has helped cutting-edge companies like LaunchDarkly and OpsLevel revolutionize the tech space with continuous delivery and IT service management solutions. Jonathan shares his insights into the shifting market of IT services and explains why decentralizing infrastructure management can help digitally native companies operate at a faster pace. According to Jonathan, the question of IT service infrastructure isn't being adequately addressed. Without properly defining service ownership, businesses looking to scale run the risk of siloing critical knowledge, and losing track of services networks.  Jonathan also discusses his own experiences running infrastructure at Facebook (oops, Meta), the merits of both centralized and decentralized IT services management, and how he and his partners at Vertex Ventures approach new investments.   Featured Guest

Security Now (Video HI)
SN 843: Trojan Source - Chrome 0-days, Windows 11 confusion, VoIP DDos attacks, Dune

Security Now (Video HI)

Play Episode Listen Later Nov 3, 2021 110:04


Chrome 0-days, Windows 11 confusion, VoIP DDoS attacks, Dune More 0-days for Chrome. Two naughty Firefox add-ons have been caught abusing an extension API. Windows 11 News: Can we print yet? A new Local Privilege Escalation affecting all versions of Windows. Ask your AI. And speaking of the PC Health Check. Stand back for the Adobe Security Patch Tsunami. The VoIP DDoS attacks continue. Closing The Loop. SpinRite. "Trojan Source" Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: plextrac.com/twit itpro.tv/securitynow promo code SN30 business.eset.com/twit

Security Now (MP3)
SN 843: Trojan Source - Chrome 0-days, Windows 11 confusion, VoIP DDos attacks, Dune

Security Now (MP3)

Play Episode Listen Later Nov 3, 2021 110:04


Chrome 0-days, Windows 11 confusion, VoIP DDoS attacks, Dune More 0-days for Chrome. Two naughty Firefox add-ons have been caught abusing an extension API. Windows 11 News: Can we print yet? A new Local Privilege Escalation affecting all versions of Windows. Ask your AI. And speaking of the PC Health Check. Stand back for the Adobe Security Patch Tsunami. The VoIP DDoS attacks continue. Closing The Loop. SpinRite. "Trojan Source" Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: plextrac.com/twit itpro.tv/securitynow promo code SN30 business.eset.com/twit

Security Now (Video HD)
SN 843: Trojan Source - Chrome 0-days, Windows 11 confusion, VoIP DDos attacks, Dune

Security Now (Video HD)

Play Episode Listen Later Nov 3, 2021 110:04


Chrome 0-days, Windows 11 confusion, VoIP DDoS attacks, Dune More 0-days for Chrome. Two naughty Firefox add-ons have been caught abusing an extension API. Windows 11 News: Can we print yet? A new Local Privilege Escalation affecting all versions of Windows. Ask your AI. And speaking of the PC Health Check. Stand back for the Adobe Security Patch Tsunami. The VoIP DDoS attacks continue. Closing The Loop. SpinRite. "Trojan Source" Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: plextrac.com/twit itpro.tv/securitynow promo code SN30 business.eset.com/twit

Security Now (Video LO)
SN 843: Trojan Source - Chrome 0-days, Windows 11 confusion, VoIP DDos attacks, Dune

Security Now (Video LO)

Play Episode Listen Later Nov 3, 2021 110:04


Chrome 0-days, Windows 11 confusion, VoIP DDoS attacks, Dune More 0-days for Chrome. Two naughty Firefox add-ons have been caught abusing an extension API. Windows 11 News: Can we print yet? A new Local Privilege Escalation affecting all versions of Windows. Ask your AI. And speaking of the PC Health Check. Stand back for the Adobe Security Patch Tsunami. The VoIP DDoS attacks continue. Closing The Loop. SpinRite. "Trojan Source" Hosts: Steve Gibson and Jason Howell Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: plextrac.com/twit itpro.tv/securitynow promo code SN30 business.eset.com/twit

Risky Business
Risky Business #643 -- Iranian fuel stations targeted, PNG ransomware a regional security risk

Risky Business

Play Episode Listen Later Nov 3, 2021


On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: Someone took down Iranian fuel stations Papua New Guinea ransomware attack is pretty grim stuff Russia's SVR still going berserk in cloudtown China Telecom America gets the boot Much, much more We'll be hearing from Senetas CEO Andrew Wilson in this week's sponsor interview. He's joining us to talk about how the global semiconductor shortage is making him a very, very sad panda. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes Iran says sweeping cyberattack took down gas stations across country Cyber ​​group 'Adalat Ali' published documents related to the November 1998 protests - BBC News Farsi Papua New Guinea Hit by Ransomware Hackers With Millions in Aid Frozen - Bloomberg (1) Cloudpng on Twitter: "This is the setup for all agencies must be on-site at Vulupindi Haus, Finance dept POM to process claims for IFMS after the system was hacked in October 2021. It's pretty full so bookings must be made to secure a PC. #ifms #systems #png https://t.co/VCiUYE9hFL" / Twitter (1) Hon Sasindran Muthuvel MP on Twitter: "Statement on the financial system failure and the challenges it now creates for all provinces. This issue must be addressed holistically and the Finance Dept must work in conjunction with the provinces. Sasi https://t.co/OLMAHxgDel" / Twitter 'Destructive' cyberattack hits National Bank of Pakistan - The Record by Recorded Future Microsoft says Russia hacked at least 14 IT service providers this year - The Record by Recorded Future Industry group warns of coordinated DDoS extortion campaign against VoIP providers - The Record by Recorded Future Bandwidth.com expects to lose up to $12M following DDoS extortion attempt - The Record by Recorded Future DDoS attacks hit multiple email providers - The Record by Recorded Future FCC revokes license for China Telecom Americas amid national security concerns - The Record by Recorded Future LinkedIn to Shutter Service in China - The Record by Recorded Future A Roaming Threat to Telecommunications Companies | CrowdStrike NSA warns of threat actors compromising entire 5G networks via cloud systems - The Record by Recorded Future Commerce Department announces new rule aimed at stemming sale of hacking tools to Russia and China - The Washington Post Windows 10, iOS 15, Ubuntu, Chrome fall at China's Tianfu hacking contest - The Record by Recorded Future FBI Raids Chinese Point-of-Sale Giant PAX Technology – Krebs on Security Malware found in npm package with millions of weekly downloads - The Record by Recorded Future Polygon pays out record $2 million bug bounty reward for critical vulnerability | The Daily Swig Hacker steals government ID database for Argentina's entire population - The Record by Recorded Future Fraudsters Cloned Company Director's Voice In $35 Million Bank Heist, Police Find How Hackers Hijacked Thousands of High-Profile YouTube Accounts | WIRED Instagram Hacker Forces Victim to Make Hostage-Style Video Missouri governor calls for prosecution of journalist who flagged website flaw Israeli hospital cancels non-urgent procedures following ransomware attack | The Daily Swig Ransomware Has Disrupted Almost 1,000 Schools in the US This Year Ransomware attack disrupts Toronto's public transportation system - The Record by Recorded Future Workers sent home after ransomware attack on major automotive parts manufacturer - The Record by Recorded Future Largest candy corn maker in US gets hacked ahead of Halloween Sinclair Workers Say TV Channels Are in ‘Pandemonium' After Ransomware Attack Cybercriminals claim to have hacked the NRA 'Cyber event' knocks dairy giant Schreiber Foods offline amid industry ransomware outbreak - CyberScoop Cyberattack hits Meliá, one of the largest hotel chains in the world - The Record by Recorded Future Olympus US hack tied to sanctioned Russian ransomware group | TechCrunch Europol detains suspects behind LockerGoga, MegaCortex, and Dharma ransomware attacks - The Record by Recorded Future Hitting the BlackMatter gang where it hurts: In the wallet - Emsisoft | Security Blog Ransomware hackers nervous, allege harassment from U.S. DarkSide ransomware gang moves some of its Bitcoin after REvil got hit by law enforcement - The Record by Recorded Future Hackers use SQL injection bug in BillQuick billing app to deploy ransomware - The Record by Recorded Future Ransomware gangs are abusing a zero-day in EntroLink VPN appliances - The Record by Recorded Future Conti Ransom Gang Starts Selling Access to Victims – Krebs on Security Cybercrime gang sets up fake company to hire security experts to aid in ransomware attacks - The Record by Recorded Future FBI PIN on ransomware crew targeting trend EXCLUSIVE Governments turn tables on ransomware gang REvil by pushing it offline | Reuters REvil gang shuts down for the second time after its Tor servers were hacked - The Record by Recorded Future Countries agree to fight ransomware together after White House meetings - The Record by Recorded Future CISA, FBI, and NSA warn of BlackMatter attacks on agriculture and other critical infrastructure - The Record by Recorded Future International community joins forces as ransomware attacks create major disruptions | PBS NewsHour US Treasury said it tied $5.2 billion in BTC transactions to ransomware payments - The Record by Recorded Future Stream when do we get on the beers cause i'm losing it by Candy Moore | Listen online for free on SoundCloud

Random but Memorable
Ridiculous Nosey Neighbor Scam with Jorij Abraham from Scamadviser.com

Random but Memorable

Play Episode Listen Later Nov 2, 2021 41:22


Are scammers winning in 2021? This week we welcome Jorij Abraham to the show to fill us in on the global state of scams and how you can avoid them. Jorij shares why "nothing is as dangerous as an angry developer" and how anger fuelled the beginnings of Scamadviser.com.We're also joined again by 1Password founder Sara Teare as we rundown all the security news in Watchtower Weekly (faster than a school lunch queue with facial recognition). Plus, a new season means a brand new podcast game! Listen to the end for the grand unveiling of: Ridiculous Requirements!

The Cloud Pod
139: Back to the Future With Google Distributed Cloud

The Cloud Pod

Play Episode Listen Later Oct 21, 2021 61:55


On The Cloud Pod this week, Jonathan reveals his love for “Twilight.” Plus GCP kicks off Google Cloud Next and announces Google Distributed Cloud, and Azure admits to a major DDoS attack.  A big thanks to this week's sponsors: Foghorn Consulting, which provides full-stack cloud solutions with a focus on strategy, planning and execution for enterprises seeking to take advantage of the transformative capabilities of AWS, Google Cloud and Azure. JumpCloud, which offers a complete platform for identity, access, and device management — no matter where your users and devices are located.  This week's highlights

Packet Pushers - Network Break
Network Break 355: Azure Brags About DDoS Protection; Marvell Hitches Ride With Dent Network OS

Packet Pushers - Network Break

Play Episode Listen Later Oct 18, 2021 55:34


Today on the Network Break, we discuss Marvell's choice of the Dent network OS for its Prestera silicon, Microsoft shares details about how its Azure cloud service thwarted a 2.4Tbps DDoS attack, a researcher shares details on snooping data from a copper patch lead, and other tech tidbits. The post Network Break 355: Azure Brags About DDoS Protection; Marvell Hitches Ride With Dent Network OS appeared first on Packet Pushers.

Packet Pushers - Full Podcast Feed
Network Break 355: Azure Brags About DDoS Protection; Marvell Hitches Ride With Dent Network OS

Packet Pushers - Full Podcast Feed

Play Episode Listen Later Oct 18, 2021 55:34


Today on the Network Break, we discuss Marvell's choice of the Dent network OS for its Prestera silicon, Microsoft shares details about how its Azure cloud service thwarted a 2.4Tbps DDoS attack, a researcher shares details on snooping data from a copper patch lead, and other tech tidbits. The post Network Break 355: Azure Brags About DDoS Protection; Marvell Hitches Ride With Dent Network OS appeared first on Packet Pushers.

Risky Business
Risky Business #642 -- Brits, Dutch and Aussies embrace Hounds Doctrine

Risky Business

Play Episode Listen Later Oct 13, 2021


On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: UK, Netherlands and Australia promise offensive response to big ticket ransomware Wave of major cyber regulation and legislation in USA Iran up in yer O365s, Russians in yer gmails Submarine spy guy would have been fine, if he didn't make one very big mistake Much, much more Jonathan Reiber is this week's sponsor guest. He's senior director of cybersecurity at AttackIQ and he's joining us to talk through the US Government's executive order on Zero Trust. Jonathan says it is actually born of a realisation the US Government needs to do something differently, that the old approaches aren't working. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes UK cyber head says Russia responsible for 'devastating' ransomware attacks - BBC News Netherlands can use intelligence or armed forces to respond to ransomware attacks - The Record by Recorded Future Ransomware Action Plan Ransomware hackers find vulnerable target in U.S. grain supply Emergent ransomware gang FIN12 strikes hospitals, moves quickly against big targets Macquarie Health Corporation hit by cyberattack as hackers claim 6700 people affected | news.com.au — Australia's leading news site Microsoft: Iran-linked hackers breached Office 365 customer accounts - The Record by Recorded Future Google notifies 14,000 Gmail users of targeted APT28 attacks - The Record by Recorded Future Google distributing 10,000 security keys to journalists, elected officials, human rights activists | The Daily Swig Peanut butter and ProtonMail: US charges underscore evolution of espionage in digital age Hackers of SolarWinds stole data on U.S. sanctions policy, intelligence probes | Reuters Senate committee advances major cybersecurity legislation - The Record by Recorded Future Justice Department launches a National Cryptocurrency Enforcement Team - The Record by Recorded Future DOJ to go after government contractors who don't disclose breaches - The Record by Recorded Future TSA to impose cybersecurity mandates on major rail and subway systems - The Washington Post OMB orders federal agencies to let CISA access defenses of devices, servers CIA Funding Arm Gave Encrypted App Wickr $1.6 Million U.S. prosecution of alleged WikiLeaks ‘Vault 7' source hits multiple roadblocks Ukraine arrests operator of DDoS botnet with 100,000 bots - The Record by Recorded Future Botnet abuses TP-Link routers for years in SMS messaging-as-a-service scheme - The Record by Recorded Future Microsoft said it mitigated a 2.4 Tbps DDoS attack, the largest ever - The Record by Recorded Future Report links Indian company to spyware that targeted Togolese activist - The Record by Recorded Future Trolls defaced Twitch's website with pictures of Jeff Bezos, the latest security concern Twitch says no user passwords or cards numbers were exposed in major hack - The Record by Recorded Future Video game streaming service Twitch suffers major data breach Woman Allegedly Hacked Flight School, Cleared Planes With Maintenance Issues to Fly Microsoft to disable Excel 4.0 macros, one of the most abused Office features - The Record by Recorded Future NSA warns of ALPACA TLS attack, use of wildcard TLS certificates - The Record by Recorded Future Azure, GitHub, GitLab, BitBucket mass-revoke SSH keys following bug report - The Record by Recorded Future Reverse engineering and decrypting CyberArk vault credential files | Jelle Vergeer Security researchers find another UEFI bootkit used for cyber-espionage - The Record by Recorded Future Apple patches iPhone zero-day in iOS 15.0.2 - The Record by Recorded Future Bindiff and POC for the IOMFB vulnerability, iOS 15.0.2 | IOMFB_integer_overflow_poc Apache HTTP Server update fails to squash path traversal, RCE bugs | The Daily Swig Executive Order on Improving the Nation's Cybersecurity | The White House

The CyberWire
Espionage by password spraying, and espionage via peanut butter sandwich. Ransomware and DDoS warnings. Two journalists get the Nobel Peace Prize

The CyberWire

Play Episode Listen Later Oct 12, 2021 29:59


Teheran is running password spraying attacks (especially on Thursdays and Sundays). More on the renewed popularity of DDoS attacks. NCSC warns British businesses against ransomware. Two journalists win the Nobel Peace Prize. Joe Carrigan shares his thoughts on GriftHorse. Our guest is Bindu Sundaresan from AT&T Cybersecurity football season and cyber risks. And watch out for small data cards in your peanut butter sandwiches, kids. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/196

TechStuff
Tech News: Facebook's Very Bad Week

TechStuff

Play Episode Listen Later Oct 12, 2021 25:37


Last week, Facebook was dealing with a whistleblower. This week, the company might have another one. Plus stories about Amazon corporate employees working from home indefinitely, Microsoft blocking a massive DDoS attack and Magic Leap trying to bounce back. Learn more about your ad-choices at https://www.iheartpodcastnetwork.com

The CyberWire
Espionage, mostly cyber but also physical. DDoS in the Philippines. TSA regulations for rail and airline cybersecurity are coming. US DoJ promises civil action for cyber failures. Twitch update. And NFTs.

The CyberWire

Play Episode Listen Later Oct 7, 2021 26:11


Cyberespionage seems undeterred by stern warnings. DDoS hits the Philippine Senate. The US Department of Homeland Security intends to issue cybersecurity regulations for passenger rail and airlines. The US Department of Justice intends to use the False Claims Act to bring civil actions against government contractors who fail to follow “recognized cybersecurity standards.” An update on the Twitch breach. Josh Ray from Accenture looks at what's going on with Fancy Lazarus. Our guest is Sam Ingalls from eSecurity Planet on the state of Blockchain applications in cybersecurity. And what would it take to get you kids into a nice non-fungible token? For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/194

The CyberWire
DDoS is on an upward trend, and it's being used for extortion. A payroll provider recovers from an unspecified cyberattack. Russia charges Group-IB CEO with treason. NSA, CISA, advise on using VPNs.

The CyberWire

Play Episode Listen Later Sep 29, 2021 22:28


Distributed denial-of-service attacks have been making a comeback, and many of them represent criminal extortion attempts. A major British payroll provider is recovering from a cyberattack, but it's not providing much information on the nature of that attack. Russian authorities arrest the founder of Group-IB on treason charges. Johannes Ullrich from SANS on Out of Band Phishing Using SMS messages. Our UK correspondent Carole Theriault wonders how online trolling is still a thing. And NSA and CISA release guidelines on secure use of virtual private networks. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/188

The CyberWire
Homecomings, happy and not so happy. A backdoor for espionage, a Trojan for cybercrime. DDoS techniques, those iPhone zero-days, and indictments. And one guilty plea.

The CyberWire

Play Episode Listen Later Sep 28, 2021 26:16


The triumphant homecoming of Huawei's CFO. Microsoft describes the FoggyWeb backdoor, a significant cyberespionage tool. Kaspersky looks at the BloodyStealer Trojan and finds it especially risky to gamers. A novel approach to distributed denial-of-service. Apple looks into those iPhone zero-days. Joe Carrigan looks at the latest offerings in passwordless authentication. Our guest is Mathieu Gorge of VigiTrust on how law enforcement and executives can work together to fight cyber threats. And a look at doings in cybercrime: the US arrests more than thirty members of the Black Axe gang, a Russian convict is deported back to face Russian justice, and a blockchain maven pleads guilty to helping Pyongyang. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/187

Grumpy Old Geeks
523: More Buggy and Less Stable

Grumpy Old Geeks

Play Episode Listen Later Sep 22, 2021 57:09


Send us your Satoshis; bitcoin, Pizza and a movie; eggs in space; yep, Facebook is still awful; Rivian announces subscriptions; Bytedance limiting kids to 40 minutes a day; Amazon cracks down on review fraud; AI generated influencers; Count Me In; Into the Night; The Card Counter; Old; Kate; Only Murders in the Building; Fuzz; Apple iOS 15; hubs & docks; get poked on Clubhouse; AI 2041; authenticator woes; industrious criminals; AI controlled machine guns.Show notes at https://gog.show/523This episode of Grumpy Old Geeks is brought to you by Hover and ButcherBox!Hover is the place to get the best domains. With over 300 top level domains to choose from. Go to Hover.com/gog and get 10% off your first purchase.ButcherBox is giving new members a special offer of free ground beef for the life of your account! Sign up at ButcherBox.com/GOGFOLLOW UPHow to do value4value and earn Bitcoin from your podcastBitcoin Pizza Day 2021: Some interesting facts about this special cryptocurrency dayAMC says it will accept bitcoin as payment for movie tickets by year-endThe once-sedate astronomy world is quarreling over whether 'Oumuamua was an alien craftIN THE NEWSThe Facebook FilesRivian announces membership plan with complementary charging and LTE connectivityTikTok owner ByteDance limits younger users to 40 minutes a day in ChinaAmazon has banned over 600 Chinese brands as part of review fraud crackdownAmazon will hold a hardware event on September 28thApple mandates frequent COVID-19 testing for unvaccinated employeesSocial media influencer/model created from artificial intelligence lands 100 sponsorshipsMEDIA CANDYClarkson's Farm Season 1Count Me InInto the Night Season 2The Card CounterOldKateOnly Murders in the BuildingAPPS & DOODADSiOS 15 is now availableNeumann TLM 102 bk Studio SetClubhouse is developing a new way to invite friends to chat called 'Wave'AT THE LIBRARY5 real AI threats that make The Terminator look like Kindergarten CopAI 2041: Ten Visions for Our Future by Kai-Fu Lee , Chen QiufanAI Superpowers - China, Silicon Valley, and the New World Order by Kai-Fu LeeFuzz: When Nature Breaks the Law by Mary RoachSECURITY HAH!The CyberWireDave BittnerHacking HumansCaveatRecorded FutureAuth0Ireland's data regulator opens data privacy probes into TikTokResearcher discloses iPhone lock screen bypass on iOS 15 launch dayMan who unlocked 1.9 million AT&T phones sentenced to 12 years in prisonTrial Ends in Guilty Verdict for DDoS-for-Hire BossIsrael reportedly used a remote-controlled gun to assassinate an Iranian scientistUS officials can't decide if Honor smartphones are a national security threatSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Security Now (MP3)
SN 837: Cobalt Strike - Android Auto-Revokes Permissions, DDoS on VoIP.ms, Patch Tuesday, Was GRC Pwned?

Security Now (MP3)

Play Episode Listen Later Sep 22, 2021 114:43


Picture of the week. The DDoS attack on VoIP.ms. Patch Tuesday's Mixed Blessing. Android to auto-reset app permissions on many more devices. BREAKING: FBI held back ransomware decryption key from businesses to run operation targeting hackers. Google patched the 9th & 10th ITW 0-days in Chrome this year. Was GRC Pwned? Sci-Fi to look forward to. My work on SpinRite is progressing. Cobalt Strike. We invite you to read our show notes at https://www.grc.com/sn/SN-837-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.