Podcasts about FIPS

After some jerk sabotaged a cable in his neighborhood the day before, West Coast correspondent Will Allan was able to fire up his copper wire to connect with duty geezer and father, Leigh ... on the Isle of Man! Yes, No. 146 is the first international edition of Sharing Sox and most likely the only international podcast in the South Side Sox/Sox Populi annals. The never-before MLB podcast from the Isle of Man began with talk of the Andrew Vaughn-Aaron Civale trade — including Civale's possible trade value a month from now. That led to other possible trade values of White Sox gettables, including Luis Robert Jr., Mike Tauchman, Miguel Vargas, Mike Vasil and Adrian Houser ... which led to the wild difference between ERAs and FIPs for Vasil and Houser. Then it was onto great praise for Chase Meidroth offset by great concern over the hole at first base (Leigh again brought up the idea of plunking Andrew Benintendi there). The podcast ended up with the Athletic feature about the deadened ball flying about four feet shorter this year. Please support our White Sox writing and podcasts.   Learn more about your ad choices. Visit megaphone.fm/adchoices

Wenn sich bei mir im Oberstübchen eine Idee einnistet, macht sie sich das nicht lange gemütlich und muss umgesetzt werden! Einfach mal so einen Podcast zu starten, ist allerdings bei arg begrenztem Wissen um diesen schwierig. Aber es gelang mit Anschubhilfe und somit dürfen wir die Nr. 100 ins Leben rufen! Dafür habe ich mir 4 Freunde nach Buxtehude-Dammhausen eingeladen, die schon mal (oder auch öfter) zu Gast waren: 1000-Sascha Dalig, Sonnenschein Anna Heuer, Miss Lautlach Isabella Owen und Superknipse Thomas Loris (die Namen erklären sich im Podcast von selbst, glaubt mir). Man ergänze dies durch 13 unfassbar wertschätzende Grußworte von Konstantin Ballek, Philipp von Bodman, Suzann Heinemann, Kathrina Heun, Philipp Sebastian Ingenillem, Corinna und Peter Joehnk, Mario Krar, Caroline von Kretschmann, Arne Mundt, Oliver Ratajczak und Marcus Smola und serviere dazu 2 Liter selbst gemachte Erdbeerbowle und fertig ist ein launig-lustiger Schnack durch 100 Folgen Hotelier.de-Podcast. Gutes Hören!

Fresh off Red Hat Summit, Chris is eyeing an exit from NixOS. What's luring him back to the mainstream? Our highlights, and the signal from the noise from open source's biggest event of the year.Sponsored By:Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices! 1Password Extended Access Management: 1Password Extended Access Management is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps. Support LINUX UnpluggedLinks:

Go gets auditedBlog: Go Cryptography Security Audit by Roland Shoemaker and Filippo ValsordaDeeper dive into FIPS in Episode 89 with Alex Scheel✋ Proposal declined: x/exp/xiter: new package with iterator adapters⛺ Gophercamp video: Your code deserves better: give it a linter by Gabriel Augendre

Constantin hat sich von Lüneburg auf den Weg nach Buxtehude gemacht. Dort sitzt er als vierter Podcast-Gast im Fips und schaut in den Garten voller Grünlinge, Spatzen und Stare. Diese kümmern sich z. T. nur einen halben Meter entfernt um das Futter für ihre Kleinen und sich. Friedlicher kann eine Podcast-Umgebung kaum sein, auch wenn es stürmt sowie teils hagelt. Drei Jahre nach unserem Erstling wagen wir einen zweiten. Wir schauen, was sich beim Bargeld getan hat: Wird es eines Tages ganz abgeschafft sein? Wie war die Reise mit Senior Serviced Co-Living-Anbieter Lively wie auch Service-Apartment-Anbieter Stayery und warum enden die jetzt?

GoldenGate 23ai takes security seriously, and this episode unpacks everything you need to know. GoldenGate expert Nick Wagner breaks down how authentication, access roles, and encryption protect your data.   Learn how GoldenGate integrates with identity providers, secures communication, and keeps passwords out of storage. Understand how trail files work, why they only store committed data, and how recovery processes prevent data loss.   Whether you manage replication or just want to tighten security, this episode gives you the details to lock things down without slowing operations.   Oracle GoldenGate 23ai: Fundamentals: https://mylearn.oracle.com/ou/course/oracle-goldengate-23ai-fundamentals/145884/237273 Oracle University Learning Community: https://education.oracle.com/ou-community LinkedIn: https://www.linkedin.com/showcase/oracle-university/ X: https://x.com/Oracle_Edu   Special thanks to Arijit Ghosh, David Wright, Kris-Ann Nansen, Radhika Banka, and the OU Studio Team for helping us create this episode.   --------------------------------------------------------------   Episode Transcript: 00:00 Welcome to the Oracle University Podcast, the first stop on your cloud journey. During this series of informative podcasts, we'll bring you foundational training on the most popular Oracle technologies. Let's get started! 00:25 Lois: Hello and welcome to the Oracle University Podcast! I'm Lois Houston, Director of Innovation Programs with Oracle University, and with me is Nikita Abraham, Team Lead: Editorial Services.  Nikita: Welcome, everyone! This is our fourth episode on Oracle GoldenGate 23ai. Last week, we discussed the terminology, different processes and what they do, and the architecture of the product at a high level. Today, we have Nick Wagner back with us to talk about the security strategies of GoldenGate. 00:56 Lois: As you know by now, Nick is a Senior Director of Product Management for GoldenGate at Oracle. He's played a key role as one of the product designers behind the latest version of GoldenGate. Hi Nick! Thank you for joining us again. Can you tell us how GoldenGate takes care of data security? Nick: So GoldenGate authentication and authorization is done in a couple of different ways. First, we have user credentials for GoldenGate for not only the source and target databases, but also for GoldenGate itself. We have integration with third-party identity management products, and everything that GoldenGate does can be secured. 01:32 Nikita: And we must have some access roles, right? Nick: There's four roles built into the GoldenGate product. You have your security role, administrator, operator, and user. They're all hierarchical. The most important one is the security user. This user is going to be the one that provides the administrative tasks. This user is able to actually create additional users and assign roles within the product. So do not lose this password and this user is extremely important. You probably don't want to use this security user as your everyday user. That would be your administrator. The administrator role is able to perform all administrative tasks within GoldenGate. So not only can they go in and create new extracts, create new replicats, create new distribution services, but they can also start and stop them. And that's where the operator role is and the user role. So the operator role allows you to go in and start/stop processes, but you can't create any new ones, which is kind of important. So this user would be the one that could go in and suspend activity. They could restart activity. But they can't actually add objects to replication. The user role is really a read-only role. They can come in. They can see what's going on. They can look at the log files. They can look at the alerts. They can look at all the watches and see exactly what GoldenGate is doing. But they're unable to make any changes to the product itself. 02:54 Lois: You mentioned the roles are hierarchical in nature. What does that mean? Nick: So anything that the user role does can be done by the operator. Anything that the operator and user roles can do can be done by the administrator. And anything that the user, operator, and administrator roles do can be done by the security role. 03:11 Lois: Ok. So, is there a single sign-on available for GoldenGate? Nick: We also have a password plugin for GoldenGate Connections. A lot of customers have asked for integration with whatever their single sign-on utility is, and so GoldenGate now has that with GoldenGate 23ai. So these are customer-created entities. So, we have some examples that you can use in our documentation on how to set up an identity provider or a third-party identity provider with GoldenGate. And this allows you to ensure that your corporate standards are met. As we started looking into this, as we started designing it, every single customer wanted something different. And so instead of trying to meet the needs for every customer and every possible combination of security credentials, we want you to be able to design it the way you need it. The passwords are never stored. They're only retrieved from the identity provider by the plugin itself. 04:05 Nikita: That's a pretty important security aspect…that when it's time to authenticate a user, we go to the identity provider. Nick: We're going to connect in and see if that password is matching. And only then do we use it. And as soon as we detect that it's matched, that password is removed. And then for the extract and replicats themselves, you can also use it for the database, data source, and data target connections, as well as for the GoldenGate users. So, it is a full-featured plugin. So, our identity provider plugin works with IAM as well as OAM. These are your standard identity manager authentication methods. The standard one is OAuth 2, as well as OIDC. And any Identity Manager that uses that is able to integrate with GoldenGate. 04:52 Lois: And how does this work? Nick: The way that it works is pretty straightforward. Once the user logs into the database, we're going to hand off authentication to the identity provider. Once the identity provider has validated that user's identity and their credentials, then it comes back to GoldenGate and says that user is able to log in to either GoldenGate or the application or the database. Once the user is logged in, we get that confirmation that's been sent out and they can continue working through GoldenGate. So, it's very straightforward on how it works. There's also a nice little UI that will help set up each additional user within those systems. All the communication is also secured as well. So any communication done through any of the GoldenGate services is encrypted using HTTPS. All the REST calls themselves are all done using HTTPS as well. All the data protection calls and all the communication across the network when we send data across a distribution service is encrypted using a secure WebSocket. And there's also trail file encryption at the operating system level for data at REST. So, this really gives you the full level of encryption for customers that need that high-end security. GoldenGate does have an option for FIPS 140-2 compliance as well. So that's even a further step for most of those customers. 06:12 Nikita: That's impressive! Because we want to maintain the highest security standards, right? Especially when dealing with sensitive information. I now want to move on to trail files. In our last episode, we briefly spoke about how they serve as logs that record and track changes made to data. But what more can you tell us about them, Nick? Nick: There's two different processes that write to the trail files. The extract process will write to the trail file and the receiver service will write to the trail file. The extract process is going to write to the trail file as it's pulling data out of that source database. Now, the extract process is controlled by a parameter file, that says, hey, here's the exact changes that I'm going to be pulling out. Here's the tables. Here's the rows that I want. As it's pulling that data out and writing it to the trail files, it's ensuring that those trail files have enough information so that the replicat process can actually construct a SQL statement and apply that change to that target platform. And so there's a lot of ways to change what's actually stored in those trail files and how it's handled. The trail files can also be used for initial loads. So when we do the initial load through GoldenGate, we can grab and write out the data for those tables, and that excludes the change data. So initial loads is pulling the data directly from the tables themselves, whereas ongoing replication is pulling it from the transaction logs. 07:38 Lois: But do we need to worry about rollbacks? Nick: Our trail files contain committed data only and all data is sequential. So this is two important things. Because it contains committed data only, we don't need to worry about rollbacks. We also don't need to worry about position within that trail file because we know all data is sequential. And so as we're reading through the trail file, we know that anything that's written in a prior location in that trial file was committed prior to something else. And as we get into the recovery aspects of GoldenGate, this will all make a lot more sense. 08:13 Lois: Before we do that, can you tell us about the naming of trail files? Nick: The trail files as far as naming, because these do reside on the operating system, you start with a two-letter trail file abbreviation and then a nine-digit sequential value. So, you almost look at it as like an archive log from Oracle, where we have a prefix and then an affix, which is numeric. Same kind of thing. So, we have our two-letter, in this case, an ab, and then we have a nine-digit number. 08:47 Transform the way you work with Oracle Database 23ai! This cutting-edge technology brings the power of AI directly to your data, making it easier to build powerful applications and manage critical workloads. Want to learn more about Database 23ai? Visit mylearn.oracle.com to pick from our range of courses and enroll today! 09:12 Nikita: Welcome back! Ok, Nick. Let's get into the GoldenGate recovery process. Nick: When we start looking at the GoldenGate recovery process, it essentially makes GoldenGate kind of point-in-time like. So on that source database, you have your extract process that's going to be capturing data from the transaction logs. In the case of Oracle, the Oracle Database is actually going to be reading those transaction logs from us and passing the change records directly to GoldenGate. We call them an LCR, Logical Change Record. And so the integrated extract and GoldenGate, the extract portion tells the database, hey, I'm now going to be interested in the following list of tables. And it gives a list of tables to that internal component, the log mining engine within the database. And it says, OK, I'm now pulling data for those tables and I'm going to send you those table changes. And so as the extract process gets sent those changes, it's going to have checkpoint information. So not only does it know where it was pulling data from out of that source database, but what it's also writing to the trail file. The trail files themselves are all sequential and they have only committed data, as we talked about earlier. The distribution service has checkpoint information that says, hey, I know where I'm reading from in the previous trail file, and I know what I've sent across the network. The receiver service is the same thing. It knows what it's receiving, as well as what it's written to the trail file and the target system. The replicat also has a checkpoint. It knows where it's reading from in the trail file, and then it knows what it's been applying into that target database.  This is where things start to become a little complicated. Our replicat process in most cases are parallel, so it'll have multiple threads applying data into that target database. Each of those threads is applying different transactions. And because of the way that the parallelism works in the replicat process, you can actually get situations where one replicat thread might be applying a transaction higher than another thread. And so you can eliminate that sequential or serial aspect of it, and we can get very high throughput speeds to the replicat. But it means that the checkpoint needs to be kind of smart enough to know how to rebuild itself if something fails. 11:32 Lois: Ok, sorry Nick, but can you go through that again? Maybe we can work backwards this time?  Nick: If the replicat process fails, when it comes back up, it's going to look to its checkpoint tables inside that target database. These checkpoint tables keep track of where each thread was at when it crashed. And so when the replicat process restarts, it goes, oh, I was applying these threads at this location in these SCNs. It'll then go and read from the trail file and say, hey, let me rebuild that data and it only applies transactions that it hasn't applied yet to that target system. There is a synchronized replicat command as well that will tell a crashed replicat to say, hey, bring all your threads up to the same high watermark. It does that process automatically as it restarts and continues normal replication. But there is an option to do it just by itself too. So that's how the replicat kind of repairs and recovers itself. It'll simply look at the trail files. Now, let's say that the replicat crashed, and it goes to read from the trail files when it restarts and that trail profile is missing. It'll actually communicate to the distribution, or excuse me, to the receiver service and say, hey, receiver service, I don't have this trail file. Can you bring it back for me? And the receiver service will communicate downstream and say, hey, distribution service, I need you to resend me trail find number 6. And so the distribution service will resend that trail file so that the replicat can reprocess it. So it's often nice to have redundant environments with GoldenGate so we can have those trail files kind of around for availability. 13:13 Nikita: What if one of these files gets corrupted? Nick: If one of those trail files is corrupt, let's say that a trail file on the target site became corrupt and the replicat can't read from it for one reason or another. Simply stop the replicat process, delete the corrupt trail file, restart the replicat process, and now it's going to rebuild that trail file from scratch based on the information from the source GoldenGate environment. And so it's very recoverable. Handles it all very well. 13:40 Nikita: And can the extract process bounce back in the same way? Nick: The extract process can also recover in a similar way. So if the extract process crashes, when it restarts itself, there's a number of things that it does. The first thing is it has to rebuild any open transactions. So it keeps all sorts of checkpoint information about the oldest transaction that it's keeping track of, any open transactions that haven't been committed, and any other transactions that have been committed that it's already written to the trail file. So as it's reprocessing that data, it knows exactly what it's committed to trail and what hasn't been committed. And there's a number of ways that it does this.  There's two main components here. One of them is called bounded recovery. Bounded recovery will allow you to set a time limit on transactions that span a certain length of time that they'll actually get flushed out to disk on that GoldenGate Hub. And that way it'll reduce the amount of time it takes GoldenGate to restart the extract process. And the other component is cache manager. Cache manager stores uncommitted transactions. And so it's a very elegant way of rebuilding itself from any kind of failure. You can also set up restart profiles so that if any process does crash, the GoldenGate service manager can automatically restart that service an x number of times across y time span. So if I say, hey, if my extract crashes, then attempt to restart it 100 times every 5 seconds. So there's a lot of things that you can do there to make it really nice and automatic repair itself and automatically resilient.  15:18 Lois: Well, that brings us to the end of this episode. Thank you, Nick, for going through the security strategies and recovery processes in such detail. Next week, we'll look at the installation of GoldenGate. Nikita: And if you want to learn more about the topics we discussed today, head over to mylearn.oracle.com and take a look at the Oracle GoldenGate 23ai Fundamentals course. Until next time, this is Nikita Abraham… Lois: And Lois Houston signing off! 15:44 That's all for this episode of the Oracle University Podcast. If you enjoyed listening, please click Subscribe to get all the latest episodes. We'd also love it if you would take a moment to rate and review us on your podcast app. See you again on the next episode of the Oracle University Podcast.

Aufpassen, der Devil kommt. Aber nicht nur der, auch der ungewaschene Christian, Peter, Tax und Fips sind wieder am fabulieren über alles was sie kürzlich konsumiert haben. Dazu gehört natürlich auch das leckere Dr. Peter, das unser Pepper sich schmecken lässt (der alte Süssstoff-Junkie, echt ma)... wie die Junkies geben sich aber alle wieder eine Überdosis teils dubiosen Filmstoffs. Tax fapt munter seinen Hass auf schwarze Katzen aus, was natürlich sozial echt nicht akzeptiert ist und zu deutlich hörbarer Verzeiflung führt. Nicht nur bei des Fipsens Fellviechern, die gleich die Flucht antreten, und das lautstark... Ihr, unsere treuen Hörer, die BeHöAZ (Besten Hörer Aller Zeiten) bleibt natürlich dran. Ihr könnte ja nicht anders. [Unsere letterboxd Liste 2025](https://letterboxd.com/ckatzorke/list/geekzone-2025/) [Unsere serializd Liste 2025](https://www.serializd.com/list/Geekzone-2025-266409)

Welcome to episode 293 of The Cloud Pod – where the forecast is always cloudy! This week we've got a lot of new and, surprise, a new installment of Cloud Journey AND and aftershow – so make sure to stay tuned for that! We've got undersea cables, Go 1.24, Wasm, Anthropic and more.  Titles we almost went with this week: Lets Go! Under Sea cables make AI go BRRRRRR The CloudPod says it will grow the listeners by 10x by 2027 A big thanks to this week's sponsor: We're sponsorless! Want to get your brand, company, or service in front of a very enthusiastic group of cloud news seekers? You've come to the right place! Send us an email or hit us up on our slack channel for more info.  General News 01:30 Go 1.24 is released!  Go 1.24 has been released with a bunch of improvements!  Go now fully supports generic type aliases. It also includes several performance improvements to the runtime that have reduced CPU overhead by 2-3% on average across a suite of representative benchmarks. (Say that 5 times fast.) Tool improvements around tool dependencies for a module.  The standard library now includes new mechanisms to facilitate FIPS-140-3 compliance. And you know we love some good FIPS-140-3 compliance.  Lastly, it includes some improved WebAssembly support – which we'll talk about later.  04:46 Unlocking global AI potential with next-generation subsea infrastructure Meta announced their most ambitious subsea cable endeavor: Project Waterworth.  Once the cable is completed, the project will reach five major continents and span over 50,000 KM (longer than the earth’s circumference) making it the world’s longest subsea cable project using the highest-capacity technology available.  It will bring connectivity to the US, India, Brazil, South Africa, as well as other key regions.  Waterworth will be a multi-billion dollar, multi-year investment to strengthen the scale and reliability of the world's digital highways by opening three new oceanic corridors with the abundant, high-speed connectivity needed to drive AI innovation around the world. Meta has apparently developed 20 subsea cables over the last decade, including multiple deployments of industry leading subsea cables of 24 fiber pairs, compared to the typical 8 to 16 pairs of other new systems . They are also deploying a first of its kind routing system, maximizing the cable load in deep waters at depths up to 7,000 meters and using enhanced burial techniques in high-risk fault areas, such as shallow waters near the coast, to avoid damage from ship anchors and other hazards.  They wrap up the article by basically saying t

Protecting healthcare IT presents challenges that do not appear in other areas. Today, we examine three areas of concern: interoperability, unique aspects of the attack surface, and the impact of IoT devices. Medical records need to be transferred between hospitals and between medical systems. This provides tremendous flexibility, but it also has risks. Jennifer Franks from the GAO cites a recent report that showed an increase in medical cyber-attacks due to interconnection. She notes that personal information, like medical information, unlike other systems, does not change over time. As a result, legacy systems must be protected. Dr. Joe Ronzio notes the VA  controls over 170 hospitals; getting an inventory of all the medical devices is a significant challenge. Each time a medical device is upgraded or replaced, a process must start to understand the new threat environment that presents. Medical devices can be protected with encryption, but this is another system that is subject to upgrades. Dr. Joe Ronzio describes a situation in which he is upgrading an encryption system called FIPS 140 to a newer model. Gaps in that process can cause vulnerabilities.    

2024 was an eventful year for post quantum cryptography (PQC). This includes FIPS standards, the PQC onramp, and the dawn of widespread interest among IT professionals.

Michaels Karriere begann im familiären Hotelbetrieb, gefolgt von Ausbildungen und Erfahrungen in einem Michelin-Sterne-Restaurant. Sein Vater war noch vom alten Schlag à la 'So lange Du Dein Füsse unter meinem Tisch hast...'. So fügte sich Michael und kochte ein paar Jahre nicht nur mit Wasser. Aber mit knapp 30 ging der matheaffine Garmisch-Partenkirchener in die Datenwelt mit Bezug zur Hotellerie. Im Jahr 2000 vertiefte er sein Wissen im Bereich CRS und CRM bei der Schörghuber Unternehmensgruppe, zu der heute fast 20 Hotels zählen. 2005 gründete er die Toedt, Dr. Selk & Coll. GmbH, bekannt als dailypoint, die sich auf Softwareinnovationen und Datenmanagement für die Hotellerie spezialisiert hat. Heute ist Michael ein führender Experte für Big Data und Customer Relationship Management (CRM) in der Welt der Hotelbetriebe. Außerdem war er lange Regionalleiter der Region Süd-Ost der HSMA sowie (Vize)Präsident der Cornell Hotel Society. Wir sprechen also über - harte Wege, die sich trotzdem lohnen (auch wenn das heute manch einer nicht mehr glauben möchte ;-) - künstliche Intelligenzen, die für personalisierte Gästeerlebnisse sorgen können - zentrale Gästeprofile als Erfolgsfaktor nicht nur für Hotels - Hotelketten, die keine Benchmark mehr darstellen - echt spannend-witzige Überraschungsfragen von Gabriele Maessen und Sandra Bayer - Treudelberger Weihnachtsbäume Wir wünschen 'Gutes Hören' beim Podcast aus dem rollenden Wohlfühlaufnahmeort - denn Fips war wieder on fire!

This week Jonathan and Shay go deep into FIPS, cryptography, and security, and interview Alex Scheel about it as well!ProposalsGo moves toward FIPS-140

Companies, organizations and governments have massive volumes of data, and the primary focus for its security is placed on that which is stored in the cloud, but many are not following best practices of taking the extra steps necessary to ensure their backed up data is secure, complete and uncorrupted. This story is to talk about using the 3-2-1 rule for cyber resiliency (keep three copies of data, on two different formats–both encrypted, one of which is stored off-site and offline) and discuss anecdotes of what can happen when cyber resilience plans are not put in place or followed.Data is the most important asset an organization has, whether it's a business, organization or a government. At the same time, the frequency of cyber attacks that compromise data are increasing. Ransomware continues to be a plague, with some reports showing more than 14 publicly claimed attacks daily for the first half of 2024. Having a plan to thwart cyberattack is only part of the strategy. Equally important is how to rapidly recover and restore operations after a ransomware disruption has occurred. Share anecdote about OVHcloud data center that burned down in 2021 with backups in it – all assets destroyed and websites down for days. also might be good to mention the latest ransomware attack on university of texas healthcare that is still not fully operational, 3 weeks after the attack and counting. it is unknown if they paid the ransom, but if they did and they're still not operational, that goes to show how unreliable the ransomed data is. Apricorn's own research shows that only half of U.S. respondents are conducting automatic backups to both a central repository AND a personal repository. Additionally, more than 25% of survey respondents were unable to recover all of their data successfullyIf attackers are successfully breaching data and holding it for ransom, organizations have to be able to recover complete backups of their data in order to a) avoid paying the ransom and b) assure the original data needed for restoration of operations is complete and intact, which statistics show, frequently is corrupted and incomplete when ransom is paid. One of the easiest and most effective ways to rapidly restore operations after a ransomware attempt is to keep multiple copies of integrity-checked data so you can fully recover it if it's compromised. The 3-2-1 rule is a proven cyber resilience best practice. The 3-2-1 rule calls for keeping at least three copies of your data on two different types of media, with one being encrypted and offsite. This is where Apricorn comes into play - we make the highest grade, portable data encryption products on the market. Our products are security focused - 100% software free, FIPS certified, non-Chinese chips and so many unique features such as admin AND user forced enrollment, programmable PIN lengths, brute force defense, self destruct PINS and more.Learn more about Apricorn: https://itspm.ag/apricomebvNote: This story contains promotional content. Learn more.Guest: Kurt Markley, Managing Director, America's, Apricorn [@apricorn_info]On LinkedIn | https://www.linkedin.com/in/kurt-markley-1596054/ResourcesSecuring Data with Hardware Encrypted USB Drives: https://itspm.ag/apricoy0dmLearn more and catch more stories from Apricorn: https://www.itspmagazine.com/directory/apricornLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Companies, organizations and governments have massive volumes of data, and the primary focus for its security is placed on that which is stored in the cloud, but many are not following best practices of taking the extra steps necessary to ensure their backed up data is secure, complete and uncorrupted. This story is to talk about using the 3-2-1 rule for cyber resiliency (keep three copies of data, on two different formats–both encrypted, one of which is stored off-site and offline) and discuss anecdotes of what can happen when cyber resilience plans are not put in place or followed.Data is the most important asset an organization has, whether it's a business, organization or a government. At the same time, the frequency of cyber attacks that compromise data are increasing. Ransomware continues to be a plague, with some reports showing more than 14 publicly claimed attacks daily for the first half of 2024. Having a plan to thwart cyberattack is only part of the strategy. Equally important is how to rapidly recover and restore operations after a ransomware disruption has occurred. Share anecdote about OVHcloud data center that burned down in 2021 with backups in it – all assets destroyed and websites down for days. also might be good to mention the latest ransomware attack on University of Texas healthcare that is still not fully operational, 3 weeks after the attack and counting. it is unknown if they paid the ransom, but if they did and they're still not operational, that goes to show how unreliable the ransomed data is. Apricorn's own research shows that only half of U.S. respondents are conducting automatic backups to both a central repository AND a personal repository. Additionally, more than 25% of survey respondents were unable to recover all of their data successfullyIf attackers are successfully breaching data and holding it for ransom, organizations have to be able to recover complete backups of their data in order to a) avoid paying the ransom and b) assure the original data needed for restoration of operations is complete and intact, which statistics show, frequently is corrupted and incomplete when ransom is paid. One of the easiest and most effective ways to rapidly restore operations after a ransomware attempt is to keep multiple copies of integrity-checked data so you can fully recover it if it's compromised. The 3-2-1 rule is a proven cyber resilience best practice. The 3-2-1 rule calls for keeping at least three copies of your data on two different types of media, with one being encrypted and offsite. This is where Apricorn comes into play - we make the highest grade, portable data encryption products on the market. Our products are security focused - 100% software free, FIPS certified, non-Chinese chips and so many unique features such as admin AND user forced enrollment, programmable PIN lengths, brute force defense, self destruct PINS and more.Learn more about Apricorn: https://itspm.ag/apricomebvNote: This story contains promotional content. Learn more.Guest: Kurt Markley, Managing Director, America's, Apricorn [@apricorn_info]On LinkedIn | https://www.linkedin.com/in/kurt-markley-1596054/ResourcesSecuring Data with Hardware Encrypted USB Drives: https://itspm.ag/apricoy0dmLearn more and catch more stories from Apricorn: https://www.itspmagazine.com/directory/apricornLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Emeli az okostévéinek biztonságát a Samsung Márkamonitor     2024-10-31 07:06:03     Infotech Samsung Adatvédelem A Samsung saját fejlesztésű kriptográfiai modulja, a Samsung CryptoCore megszerezte a Nemzeti Szabványügyi és Technológiai Intézet (Nist) rangos Fips 140-3 tanúsítványát. A titkosítási minősítés a vállalat azon elhivatottságát támasztja alá, hogy okostelevízióin is kiemelkedő biztonsági és adatvédelmi megoldásokat nyújtson a felhasználóknak.   "Aho Új kvantumszimulációs rekordot állított fel két magyar kutató Telex     2024-10-31 04:42:01     Tudomány A korábban több hónapig tartó számítások jelenleg már akár napi szinten is megvalósíthatók. Elege lett az amerikai kormánynak a fogyasztónak mindent beígérő, semmit nem teljesítő alkalmazásokból ICT Global     2024-10-31 05:03:17     Infotech USA Mesterséges intelligencia Egyre több mesterséges intelligencia tűnik mindenhatónak, a jogtól a pénzcsinálásig mindenhez jobban ért, mint a terület humán szakértője. Az esetek zömében persze nincs így, inkább a szolgáltatást nyújtó cégek igyekeznek minél többet kicsalni a gyanútlan felhasználótól. Az amerikai kormány hadat üzent nekik. 20 kvintilliárd dollárra büntette Oroszország a Google-t Rakéta     2024-10-31 12:53:21     Infotech Google YouTube Propaganda Leányvállalat A cégnek az volt a bűne, hogy a leányvállalatukként működő YouTube 2020-ban letiltott néhány orosz propagandát terjesztő csatornát. Ingyenes túravezetőt ad a magyar startup Digital Hungary     2024-10-31 09:54:08     Infotech Mesterséges intelligencia Startup A túravezető alkalmazás célja, hogy a turisztikában magyar cégként először, mesterséges intelligencia segítségével kínálja a legteljesebb élményt az utazók számára. Ne csak egy-egy város jól ismert nevezetességeit mutassa be, hanem érdekes történetekkel, titkokkal és különleges tartalmakkal gazdagítsa az utazási élményt. Nagy Klaudia Vivien az ország első űrorvosa Tudás.hu     2024-10-31 10:28:19     Tudomány Kapu Tibor Magyarországon elsőként végezte el az Európai Űrügynökség (ESA) által akkreditált űrorvos szakképzést Nagy Klaudia Vivien, ezzel a kardiológus az ország első ESA-minősített űrorvosaként támogatja az európai űrhajósok küldetéseit, köztük a kijelölt magyar űrhajós, Kapu Tibor 2025-re tervezett misszióját is. Nagy Klaudia Vivien 2011-ben végzett az eg Gyűlnek a viharfelhők a felhő fölött? Bitport     2024-10-31 10:08:00     Infotech Ennél szebb képzavarral nehéz lenne kifejezni a cloud computing és a vállalatok viszonyának ellentmondásosságát. Amerika a választások után, társas robotok, szabad zene és fúziós erőművek – Jön a Magyar Tudomány Ünnepe Helló Sajtó!     2024-10-31 04:34:42     Tudomány Robot MTA A Magyar Tudományos Akadémia bicentenáriumának előestéjén is az egész országra kiterjedő, egy hónapon át tartó programsorozattal, több száz rendezvénnyel, előadással várja vendégeit, hogy megismerhessék a tudomány legújabb vívmányait. Hivatalos: a Microsoft 13 milliárd dollárt fektetett be az OpenAI-ba ITBusiness     2024-10-31 14:54:17     Cégvilág Infotech Mesterséges intelligencia Microsoft OpenAI A Microsoft nemrég közzétette pénzügyi jelentésében, hogy összesen 13 milliárd dollárnyi befektetést eszközölt az OpenAI-ba. Ez az első alkalom, hogy a vállalat hivatalosan megerősítette a befektetés nagyságát, amely korábban csak sajtóértesülésekből volt ismert. A jelentés nem tartalmazza azt a további 750 millió dollárt, amelyet Microsoft az Open MKIK: Jön a Modern Vállakozások Programja 2.0 Mínuszos     2024-10-31 07:33:29     Infotech Európai Bizottság MKIK Parragh László Mérő László Jelentős előrelépés tapasztalható Magyarország digitális felzárkózásában az Európai Bizottság legfrissebb, a digitális gazdaság és társadalom fejlettségét mérő mutatója (DESI) szerint — jelentette ki egy konferencián Parragh „nem mondok számot, mert irritáló lenne” László. A tanácskozáson az eredményekről, illetve a Magyar Kereskedelmi és Iparkamar A potnonomicaphobiában szenvedők jobb, ha nem nézik meg a NASA felvételét Rakéta     2024-10-31 10:39:04     Tudomány Világűr NASA Fóbia Sokféle furcsa fóbia létezik, egyike ezeknek a krumplitól való félelem. A világ nincs kész arra, ami most következik ICT Global     2024-10-31 14:32:10     Infotech Mesterséges intelligencia Épphogy megbarátkoztunk a mesterséges intelligenciával, már jönne az AGI. A volt Google-vezér az amerikai hadsereg jelentős átalakítását sürgeti BitcoinBázis     2024-10-31 09:17:47     Infotech USA Mesterséges intelligencia Drón Google Szaúd-Arábia Eric Schmidt, a Google egykori vezérigazgatója a szaúd-arábiai Future Investment Initiative konferencián az amerikai hadsereg technológiai korszerűsítését szorgalmazta, különös hangsúlyt helyezve a mesterséges intelligenciával támogatott drónok szerepére a modern hadviselésben. A drónok és a harctéri változások Schmidt szerint az Egyesült Államok r A további adásainkat keresd a podcast.hirstart.hu oldalunkon.

Emeli az okostévéinek biztonságát a Samsung Márkamonitor     2024-10-31 07:06:03     Infotech Samsung Adatvédelem A Samsung saját fejlesztésű kriptográfiai modulja, a Samsung CryptoCore megszerezte a Nemzeti Szabványügyi és Technológiai Intézet (Nist) rangos Fips 140-3 tanúsítványát. A titkosítási minősítés a vállalat azon elhivatottságát támasztja alá, hogy okostelevízióin is kiemelkedő biztonsági és adatvédelmi megoldásokat nyújtson a felhasználóknak.   "Aho Új kvantumszimulációs rekordot állított fel két magyar kutató Telex     2024-10-31 04:42:01     Tudomány A korábban több hónapig tartó számítások jelenleg már akár napi szinten is megvalósíthatók. Elege lett az amerikai kormánynak a fogyasztónak mindent beígérő, semmit nem teljesítő alkalmazásokból ICT Global     2024-10-31 05:03:17     Infotech USA Mesterséges intelligencia Egyre több mesterséges intelligencia tűnik mindenhatónak, a jogtól a pénzcsinálásig mindenhez jobban ért, mint a terület humán szakértője. Az esetek zömében persze nincs így, inkább a szolgáltatást nyújtó cégek igyekeznek minél többet kicsalni a gyanútlan felhasználótól. Az amerikai kormány hadat üzent nekik. 20 kvintilliárd dollárra büntette Oroszország a Google-t Rakéta     2024-10-31 12:53:21     Infotech Google YouTube Propaganda Leányvállalat A cégnek az volt a bűne, hogy a leányvállalatukként működő YouTube 2020-ban letiltott néhány orosz propagandát terjesztő csatornát. Ingyenes túravezetőt ad a magyar startup Digital Hungary     2024-10-31 09:54:08     Infotech Mesterséges intelligencia Startup A túravezető alkalmazás célja, hogy a turisztikában magyar cégként először, mesterséges intelligencia segítségével kínálja a legteljesebb élményt az utazók számára. Ne csak egy-egy város jól ismert nevezetességeit mutassa be, hanem érdekes történetekkel, titkokkal és különleges tartalmakkal gazdagítsa az utazási élményt. Nagy Klaudia Vivien az ország első űrorvosa Tudás.hu     2024-10-31 10:28:19     Tudomány Kapu Tibor Magyarországon elsőként végezte el az Európai Űrügynökség (ESA) által akkreditált űrorvos szakképzést Nagy Klaudia Vivien, ezzel a kardiológus az ország első ESA-minősített űrorvosaként támogatja az európai űrhajósok küldetéseit, köztük a kijelölt magyar űrhajós, Kapu Tibor 2025-re tervezett misszióját is. Nagy Klaudia Vivien 2011-ben végzett az eg Gyűlnek a viharfelhők a felhő fölött? Bitport     2024-10-31 10:08:00     Infotech Ennél szebb képzavarral nehéz lenne kifejezni a cloud computing és a vállalatok viszonyának ellentmondásosságát. Amerika a választások után, társas robotok, szabad zene és fúziós erőművek – Jön a Magyar Tudomány Ünnepe Helló Sajtó!     2024-10-31 04:34:42     Tudomány Robot MTA A Magyar Tudományos Akadémia bicentenáriumának előestéjén is az egész országra kiterjedő, egy hónapon át tartó programsorozattal, több száz rendezvénnyel, előadással várja vendégeit, hogy megismerhessék a tudomány legújabb vívmányait. Hivatalos: a Microsoft 13 milliárd dollárt fektetett be az OpenAI-ba ITBusiness     2024-10-31 14:54:17     Cégvilág Infotech Mesterséges intelligencia Microsoft OpenAI A Microsoft nemrég közzétette pénzügyi jelentésében, hogy összesen 13 milliárd dollárnyi befektetést eszközölt az OpenAI-ba. Ez az első alkalom, hogy a vállalat hivatalosan megerősítette a befektetés nagyságát, amely korábban csak sajtóértesülésekből volt ismert. A jelentés nem tartalmazza azt a további 750 millió dollárt, amelyet Microsoft az Open MKIK: Jön a Modern Vállakozások Programja 2.0 Mínuszos     2024-10-31 07:33:29     Infotech Európai Bizottság MKIK Parragh László Mérő László Jelentős előrelépés tapasztalható Magyarország digitális felzárkózásában az Európai Bizottság legfrissebb, a digitális gazdaság és társadalom fejlettségét mérő mutatója (DESI) szerint — jelentette ki egy konferencián Parragh „nem mondok számot, mert irritáló lenne” László. A tanácskozáson az eredményekről, illetve a Magyar Kereskedelmi és Iparkamar A potnonomicaphobiában szenvedők jobb, ha nem nézik meg a NASA felvételét Rakéta     2024-10-31 10:39:04     Tudomány Világűr NASA Fóbia Sokféle furcsa fóbia létezik, egyike ezeknek a krumplitól való félelem. A világ nincs kész arra, ami most következik ICT Global     2024-10-31 14:32:10     Infotech Mesterséges intelligencia Épphogy megbarátkoztunk a mesterséges intelligenciával, már jönne az AGI. A volt Google-vezér az amerikai hadsereg jelentős átalakítását sürgeti BitcoinBázis     2024-10-31 09:17:47     Infotech USA Mesterséges intelligencia Drón Google Szaúd-Arábia Eric Schmidt, a Google egykori vezérigazgatója a szaúd-arábiai Future Investment Initiative konferencián az amerikai hadsereg technológiai korszerűsítését szorgalmazta, különös hangsúlyt helyezve a mesterséges intelligenciával támogatott drónok szerepére a modern hadviselésben. A drónok és a harctéri változások Schmidt szerint az Egyesült Államok r A további adásainkat keresd a podcast.hirstart.hu oldalunkon.

The cybersecurity world is changing, and where the signature methods of RSA, ECDSA and EdDSA are likely to be replaced by FIPS 204 (aka ML-DSA Module-Lattice-Based Digital Signature Standard— Dilithium) and FIPS 205 (aka SLH-DSA (Stateless Hash-based Digital Signature Standard — SPHINCS+) https://medium.com/@billatnapier/so-what-is-a-prehash-and-what-has-it-to-do-with-post-quantum-signatures-bf7812cfa203

Well, as if cybersecurity doesn't have enough acronyms. There's RIP, OSPF, TCP, IP, SSH, AES, and so many others. Now, there are three really important ones to remember: ML-KEM (Module Lattice-Based Key Encapsulation Mechanism), ML-DSA (Module Lattice-Based Signature Standard) and SLH-DSA (Stateless Hash-based Digital Signature Standard). ML-KEM is defined in the FIPS 203 standard, ML-DSA as FIPS 204, and for SLH-DSA, we have FIPS 205. https://medium.com/@billatnapier/get-used-to-three-boring-acronyms-ml-kem-ml-dsa-and-slh-dsa-0156b6ab82c5 

In this episode, Intel Federal CTO Steve Orrin discusses securing edge devices, enabling trusted AI, and navigating cybersecurity challenges in the public sector. Discover strategies for protecting sensitive data, complying with regulations, and ensuring the trustworthiness of cutting-edge technologies critical to government missions.

Join Rich Fips as he shares his teaching. The post Special Guest Rich Fips appeared first on Charis Christian Center.

NIST recently released PQC algorithmic standards in FIPS-203, FIPS-204, and FIPS-205 (ML-KEM, ML-DSA, and SLH-DSA). We describe what is necessary for enterprises to begin using these algorithms.

Send us a Text Message.Can quantum computing break your encryption overnight? Discover the profound impact of this emerging technology on cybersecurity as we decode the recently introduced FIPS 203, 204, and 205 standards. Join me, Sean Gerber, on this week's electrifying episode of the CISSP Cyber Training Podcast to understand how the US government is preemptively tackling "harvest now, decrypt later" threats. Learn why these standards are crucial for federal entities and contractors and why mandatory adoption by 2035 is a game-changer for cybersecurity professionals, especially those engaging with the Cybersecurity Maturity Model Certification (CMMC).Unlock the secrets to mastering access control models essential for fortified cybersecurity. We'll explore the nuanced features and ideal applications for Attribute-Based Access Control (ABAC), Discretionary Access Control (DAC), Role-Based Access Control (RBAC), and Mandatory Access Control (MAC), as well as the fine-grained Rule-Based Access Control (RBAC). Beyond the technical knowledge, we dive into the critical mindset required for true CISSP mastery—one that transcends the exam and empowers real-world application. Plus, your participation supports adoptive families, making our journey together even more impactful. Tune in and transform your cybersecurity strategy today!Gain access to 60 FREE CISSP Practice Questions each and every month for the next 6 months by going to FreeCISSPQuestions.com and sign-up to join the team for Free. That is 360 FREE questions to help you study and pass the CISSP Certification. Join Today!

In this episode of the Azure Podcast, Cale, Evan, and Sujit engage in a comprehensive discussion about the Secure Future Initiative at Microsoft. They explore how this initiative influences our use of Azure and why it's beneficial for customers to consider implementing similar strategies in their own Azure environments.   Media file: https://azpodcast.blob.core.windows.net/episodes/Episode503.mp3 YouTube: https://youtu.be/TyvkKhdRR5k Resources: https://www.microsoft.com/en/microsoft-cloud/resources/secure-future-initiative#tabx6a6ce2c0327741938ac10b008d5cff64 https://learn.microsoft.com/en-us/azure/well-architected/security/design-patterns SFI Updates   Other resources: https://azure.microsoft.com/en-us/updates/v2/Volume-enhancements https://azure.microsoft.com/en-us/updates/v2/Dedicated-log-analytics-tables-in-Application-Gateway https://azure.microsoft.com/en-us/updates/v2/ANF-Double-Encryption-at-rest https://azure.microsoft.com/en-us/updates/v2/FIPS-mutability-support-in-AKS https://azure.microsoft.com/en-us/updates/v2/CNI-Powered-by-Cilium-Azure-CNI-Overlay-support-AKS https://azure.microsoft.com/en-us/updates/v2/New-features-in-AKS-extension-for-Visual-Studio-Code https://azure.microsoft.com/en-us/updates/v2/Enable-multifactor-authentication-for-your-tenant-by-15-October-2024  (also below) https://azure.microsoft.com/en-us/updates/v2/generally-available-azure-chaos-studio-supports-a-new-network-isolation-fault-for-virtual-machines https://azure.microsoft.com/en-us/updates/v2/High-Scale-mode-Container-Insights

Eagle Brand: LOLO Gros Anis Couleur Eagle Brand: Tamarind Sugar & Plum Eagle Brand: Tamarind Sugar & Chilli Maubon Banana Chips Original Korne May Frir - Crispy Flavoured Corn (Saver Kari Masala / Curry Masala) K-ramel croc: NOUGAT au miel K-ramel croc: NOUGAT au Gingembre Pistache Praliné Croquant Haw Flakes Heute überraschen wir uns selbst mit sehr unüblichen Süßigkeiten! Wir haben original Snacks aus Mauritius! Wie spannende ist das denn! Knuspriger Mais mit Curry Geschmack! Tamarinde mit Pflaume oder Chili! Herzhafte Bananenchips und Nougat, der kein Nougat ist. Aber viel Ingwer mitbringt. Und wir halten fest: Eine Erdnuss ist keine Pistazie. Und ein Pinienkern schonmal gar nicht! Kommt mit uns nach Mauritius! www.lisa-feller.de Intro & Outro: Sprecher: Horst Lichter Sprecherin: Gergana Muskalla Musik: Jens Heinrich Claassen Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's episode, we explore recent major cybersecurity upgrades aimed at safeguarding the American healthcare system, including a new initiative by Microsoft to provide critical cybersecurity resources to rural hospitals. Additionally, we delve into the Ticketmaster-Snowflake data breach perpetrated by ShinyHunters, targeting 560 million users and exposing key vulnerabilities in cloud environments. Lastly, we cover AWS's new and improved security features announced at the re:Inforce conference, which include added multi-factor authentication options, expanded malware protection for Amazon S3, and updated AI apps governance. Read more at: https://www.helpnetsecurity.com/2024/06/12/american-healthcare-cybersecurity/ https://thehackernews.com/2024/06/lessons-from-ticketmaster-snowflake.html https://www.helpnetsecurity.com/2024/06/12/aws-security-features/ Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags Microsoft, Cyberattacks, Healthcare systems, Rural hospitals, ShinyHunters, Breach, Data, Cybersecurity, AWS, FIDO2 passkeys, Malware protection, Cloud environment Search Phrases How Microsoft is protecting rural hospitals from cyberattacks Cybersecurity initiatives for rural healthcare by Microsoft ShinyHunters data breach impact on cloud security Essential measures to prevent cyberattacks in cloud environments Latest AWS security features from re:Inforce conference How FIDO2 passkeys enhance cloud environment security Updated malware protection for AWS S3 buckets Microsoft and Biden-Harris Administration cybersecurity efforts Impact of ShinyHunters breach on data security practices Advanced multi-factor authentication in AWS cloud environments Major cybersecurity upgrades announced to safeguard American healthcare https://www.helpnetsecurity.com/2024/06/12/american-healthcare-cybersecurity/ Rising Threats: Cyberattacks on American healthcare systems soared 128% from 2022 to 2023, leading to significant disruptions in hospital operations and payment systems. Actionable Insight: Healthcare professionals should stay vigilant and ensure their organizations have updated cybersecurity measures to mitigate risks. Impact of Recent Attacks: In early 2024, a major cyberattack affected one-third of healthcare claims in the U.S., delaying payments and services. Critical Implication: Entry to mid-level cybersecurity professionals should focus on protecting payment systems and ensuring quick recovery plans are in place. Government Initiatives: The Biden-Harris Administration launched several initiatives to bolster healthcare cybersecurity, including a new gateway website and voluntary performance goals. Actionable Insight: Healthcare institutions should leverage these resources to enhance their cybersecurity posture. Collaboration for Solutions: In May 2024, the White House gathered industry leaders to discuss cybersecurity challenges and promote secure-by-design solutions. Engagement Suggestion: Ask listeners how their organizations collaborate with other entities to share threat intelligence and improve security. ARPA-H UPGRADE Program: The Advanced Research Projects Agency for Health introduced the UPGRADE program, investing over $50 million in tools to defend hospital IT environments. Actionable Insight: IT teams should explore participation in this program to access cutting-edge cybersecurity tools and support. Rural Hospital Support: Cyber disruptions severely impact rural hospitals. Leading tech companies, including Microsoft and Google, committed to providing free or discounted cybersecurity resources to these institutions. Critical Implication: Rural hospital IT staff should take advantage of these offers to strengthen their defenses against cyberattacks. Microsoft's Cybersecurity Program: Microsoft announced a program offering up to 75% discounts on security products, free cybersecurity assessments, and training for rural hospitals. Actionable Insight: Rural healthcare providers should engage with Microsoft's program to improve their cybersecurity measures and resilience. Google's Contributions: Google will offer endpoint security advice and discounted communication tools to rural hospitals, along with a pilot program to tailor security solutions to their needs. Engagement Suggestion: Prompt listeners to consider what specific cybersecurity challenges their rural hospitals face and how these new initiatives could assist them. Continued Efforts: The White House and industry leaders emphasize the importance of private-public partnerships to ensure the security and functionality of healthcare systems nationwide. Efficiency Tip: Cybersecurity professionals should stay informed about these partnerships and actively participate to benefit from shared knowledge and resources. Lessons from the Ticketmaster-Snowflake Breach https://thehackernews.com/2024/06/lessons-from-ticketmaster-snowflake.html ShinyHunters Breach: Last week, hacker group ShinyHunters allegedly stole 1.3 terabytes of data from 560 million Ticketmaster users. The breach could expose massive amounts of personal data and has sparked significant concern. Listener Question: How can we ensure our data is safe with such large-scale breaches happening? Actionable Insight: Regularly update passwords and enable multi-factor authentication (MFA) on all accounts. Live Nation Confirms Breach: Live Nation confirmed the breach in an SEC filing, stating unauthorized activity occurred in a third-party cloud database. An investigation is ongoing, and law enforcement is involved. Listener Question: What steps should companies take immediately after discovering a breach? Actionable Insight: Initiate a comprehensive investigation, notify affected parties, and work with law enforcement. Santander Also Affected: ShinyHunters claim to have data from Santander, affecting millions of customers and employees in Chile, Spain, and Uruguay. The breach involved a third-party provider. Listener Question: Should we be worried about third-party services? Actionable Insight: Ensure third-party services adhere to stringent security protocols and regularly review their security measures. Snowflake Connection: Both Ticketmaster and Santander used Snowflake for their cloud databases. Snowflake warned of increased cyber threats targeting customer accounts, urging users to review logs for unusual activity. Listener Question: What can companies do to safeguard their cloud data? Actionable Insight: Enforce MFA, set network policies to limit access, and regularly rotate credentials. Snowflake's Response: Snowflake's CISO clarified their system wasn't breached; single-factor authentication vulnerabilities were exploited. They recommend MFA and network policy rules for enhanced security. Mitiga's Research: Mitiga found the attacks exploited environments without two-factor authentication, primarily using commercial VPN IPs to execute attacks. Listener Question: How can we protect against these types of attacks? Actionable Insight: Implement and enforce MFA, utilize corporate SSO, and regularly monitor for unusual login activity. Cloud Security Challenges: Modern cloud environments limit some security controls. Ensure platforms offer APIs for privileged identity management and integrate with corporate security. Listener Question: What should we look for in a cloud service provider? Actionable Insight: Choose providers that support MFA, SSO, password rotation, and centralized logging. Non-Human Identities: Protecting non-human identities like service accounts is challenging but necessary. Snowflake provides guidance on securing these accounts. Listener Question: How do we secure non-human identities? Actionable Insight: Use strong, unique passwords and rotate credentials frequently for service accounts. Cost of Cyber Attacks: Cybercriminals aim to maximize profit through mass, automated attacks like credential stuffing. Simple security measures can make these attacks less feasible. Listener Question: What simple measures can we take to protect against cyber attacks? Actionable Insight: Implement SSO, MFA, and regular password rotation to increase the cost and complexity for attackers. Remember, these insights are not just theoretical—they can help you strengthen your organization's security posture today!` AWS unveils new and improved security features https://www.helpnetsecurity.com/2024/06/12/aws-security-features/ Key Information and Actionable Insights Multi-Factor Authentication (MFA) Upgrades: New Option: AWS introduces support for FIDO2 passkeys as an additional MFA method. Security Assurance: FIDO2 security keys offer the highest level of security, ideal for environments with stringent regulatory requirements (FIPS-certified devices). Considerations: Evaluate passkey providers' security models, especially for access and recovery. Enhanced Access Management: IAM Access Analyzer Update: Now assists in identifying and removing unused roles, access keys, and passwords. Permissions Management: Helps set, verify, and refine unused permissions to maintain a streamlined and secure access environment. Malware Protection for Amazon S3: GuardDuty Expansion: Now detects malicious file uploads in S3 buckets. Configuration Options: Teams can set up post-scan actions like object tagging or use Amazon EventBridge to manage malware isolation processes. AI Apps Governance: Audit Manager Update: New AI best practice framework simplifies evidence collection and ongoing compliance audits. Standard Controls: Includes 110 pre-configured controls organized under domains such as accuracy, fairness, privacy, resilience, responsibility, safety, security, and sustainability. Additional Improvements: Log Analysis: Simplified through natural language queries that produce SQL queries (currently in preview). Network Services Integration: Streamlined process for incorporating firewalls, IDS/IPS, and other network services into customers' WANs.

As Craig's road to recovery nears an end, Matti takes the DYK crew through another thrilling adventure into the depths of Osirion. We are but one week away from the official restart of Describe Your Kill, so please, enjoy this apéritif to the main event as Bümlik, Fips, Teknik, Throb and... a mystery player go hunting for treasure in the desert.New episodes are released every Wednesday; find out more at describeyourkill.com or come say hi to the DYK crew on our DISCORD.This podcast is an actual-play of Paizo's Stolen Fate Adventure Path for Pathfinder Second Edition.PS. We just recorded the next 'real' episode. So. Very. Excited. Hosted on Acast. See acast.com/privacy for more information.

This episode features Ryan Bigelow, the Director of Projects for the Conservation Alliance for Seafood Solutions. He discusses the seafood industry, the alliance's role, and the importance of conservation. From consumer to industry perspectives, the conversation delves into the challenges of sustainable seafood practices. Tune in to learn about the Seafood Watch program and how to make informed seafood choices for a better ocean. Website: https://solutionsforseafood.org/ The Conservation Alliance for Seafood Solutions is dedicated to improving sustainability in the seafood industry by fostering collaboration between NGOs and businesses. With approximately 150 members from 22 countries worldwide, the Alliance works towards enhancing the sustainability of seafood. It serves as a platform for experts from various organizations to address key topics such as improving fisheries, social responsibility in seafood, and advancing sustainability efforts. One of the primary functions of the Alliance is to provide guidance and resources for businesses seeking to enhance their sustainability practices in the seafood industry. By closely collaborating with NGOs and businesses, the Alliance aims to ensure all stakeholders are aligned in promoting sustainable seafood practices. The organization also facilitates discussions, collaborations, and the sharing of best practices to drive positive change within the industry. Through initiatives like Fishery Improvement Projects (FIPs), the Alliance supports fisheries in their journey towards sustainability by setting goals and timelines for improvement. Additionally, the Alliance places a strong emphasis on social responsibility within the seafood industry, addressing issues such as human rights violations, unsafe working conditions, and gender inequity. By integrating social responsibility considerations into sustainability efforts, the Alliance recognizes the interconnected nature of environmental and social issues within the seafood supply chain. The Conservation Alliance for Seafood Solutions plays a crucial role in promoting sustainability and responsible practices in the seafood industry by fostering collaboration, providing guidance, and advocating for the integration of social responsibility principles into sustainability initiatives. The Alliance for Seafood Solutions, led by Director of Projects Ryan Bigelow, provides essential guidance on various seafood industry topics, with a focus on sustainable seafood practices. Working with a diverse group of NGOs and businesses, the Alliance aims to improve global sustainability standards. This guidance is vital for businesses looking to enhance their sustainability efforts and align with industry standards. Additionally, the Alliance actively supports fishery improvement projects (FIPs) to address environmental and social issues within fisheries, such as overfishing. By providing guidance on participating in FIPs, the Alliance helps fisheries progress towards sustainable practices. Another significant aspect of the Alliance's work is addressing social responsibility in fisheries, including human rights violations and unsafe working conditions. The Alliance emphasizes integrating social responsibility into seafood sustainability efforts to ensure these issues are addressed alongside environmental concerns. The Alliance collaborates with industry stakeholders, NGOs, and experts to develop comprehensive guidance documents that address the complex challenges faced by the seafood industry. By bringing together diverse perspectives and expertise, the Alliance promotes responsible and ethical practices in the seafood supply chain. Building trust with industry partners is a crucial aspect of the Alliance's work. By collaborating with businesses in the seafood industry, the Alliance promotes sustainability and addresses social responsibility issues. Active listening, collaboration, and providing valuable resources without immediate financial expectations are key strategies to build trust and engage effectively with industry partners towards shared goals.

Live Q&A episode. Learn why I left med sales, the current state of commercial real estate, living through house flips and how to make money in today's market. Marijuliette.com 954 326 4476 --- Send in a voice message: https://podcasters.spotify.com/pod/show/marijuliette/message

Nach dem AHGZ-Hotelkongress im Europapark Rust nahmen Fips und sein Chauffeur Kurs in Richtung Heimat. Kurz überlegt: "Ach komm, lass uns mal in der Best-Western-Zentrale in Eschborn vorbeischauen, liegt doch eh auf dem Weg. Vielleicht hat der CEO ja Lust auf einen Podcast?". Läuft. "Und Marcus, bringe gleich Dein Klavier mit, dann können wir FC Bayern- und HSV-Lieder sowie Deinen Corona-Verarbeitungs-Song 'Das Hotel ist mein Beruf' zum Besten geben!". Gebongt. "Sascha, ich habe zum Schluss noch etwas für Dich: Zwei von mir getextete Strophen für meinen neuen Nr.1-Hit 'Ich bin Podcaster von Beruf!". Schluck. Feuchte Augen beim Fips-Fahrer... So oder ähnlich hat es sich zugetragen mit Marcus Smola, der gerade sein 25-jähriges Best-Western-Jubiläum feiern durfte. Liebevoll ausgestattet mit Speis, Trank und Stromkabeltrommel durch die zauberhaften BWH-PR-Damen Anke Cimbal und Seraphina Konietzka musizierten wir natürlich nicht nur. Wie ist Marcus zur Hotellerie gekommen, warum gab es mit Steigenberger und Best Western letztlich nur zwei lange Hotel.-Stationen und wieso hat er den Großraum Frankfurt nie verlassen? Was möchten Petra Bierwirth-Schaal, Matthias Beinlich sowie Max C. Luscher mit ihren Überraschungsfragen aus dem Mann mit dem Klavier herauskitzeln? Freut Euch auf einen Podcast mit viel Wertschätzung, Humor und auch nachdenkliche Töne. Es ist im Übrigen die Nr. 14 im Fips, dem tapferen Pferde(stärken)freund, der mit seinem gemütlichen Ambiente immer wieder für eine wunderbare Talk-Atmosphäre sorgt... Gutes Hören!

Mark and Mat discuss Tampa Bay Rays Opening Week and a look at baseball luminaries and failures amongst other MLB teamsOpening week review: The Rays' performance in first 7games, facing tough opponents like Toronto Blue Jays and World Series Champions Texas Rangers.Analysis of other AL East teams:  Red Sox, Yankees, Orioles, and Blue Jays' early season performances.Oakland A's - Athletics set new Error recordsBryce Harper 0 for 11 AB's and then 3 HRs in 1 game Jose Caballero's impact on the team & the competitive atmosphere among young players.Caballero & Genesis Cabrera pushing and patiencePitching strategies: Insights on the Rays' rotation and bullpen, including thoughts on Ryan Pepiot and Shane Baz.Showcase of pitchers with Rangers' Nate Eovaldi, Rays' Zach Eflin & CivaleInjury updates: Shane Baz's setback and the team's approach to managing pitcher health.Looking ahead: Preview of upcoming series against the Rockies and Angels, and expectations for the team moving forward.Measuring a Pitcher's success - ERA, Wins, Saves, Innings, FIPs, what is most important metric?Mat's experience watching Ray's Opening Day from Canada across multiple media outletsFollowing emerging talent, Wyatt Langford, Jackson Chourio & Bobby Witt Jr.eX-Rays play between Twins' Manuel Margot and Brewers' Willie Adames & Jake BauersMinor League Season has begun, Durham Bulls & Joe RockMark talks about the transition from Spring Training to Minor League teams  Tampa Tarpons, Dunedin Blue Jays, Clearwater ThreshersCan Rays get Luis Arraez from the MarlinsWyatt Langford - Florida nativeThanks to Mat Germain, Mr. Wizard, for bringing his knowledge, wit and wisdom to the show. You can catch find more of Mat on Twitter x.com @Mat_Germain_    Mark can be found on Twitter @TheBaseballBiz & at http://www.baseballbizondeck.comJust remember to subscribe, follow and rate the show. Thank you.BaseballBiz can be found on iheartradio, Stitcher, Apple, and SpotifySpecial thanks to XTaKeRuX for the music “Rocking Forward”

Welcome to "The Founder's Guide to Compliance," a YSecurity.io production, hosted by Jon McLachlan and Sasha Sinkevich. We tear down the complexity surrounding compliance standards like SOC2, NIST, FIPS, PCI-DSS, HITRUST and the myriad facets of cybersecurity. Whether you're a startup founder knee-deep in the trenches or a seasoned executive navigating the ever-evolving landscape of digital security, this podcast is your no-BS zone for getting to the essence of what these standards mean for you and your business. Jon, a Minnesota native and security enthusiast, brings his rich background from Apple and various startups to the table, sharing insights born from a life that embraces risk for greatness. With a passion for security that's as undeniable as his love for motorcycles, Jon's journey is about leading by example, turning challenges into stepping stones for success. Sasha, starting his cybersecurity journey in Silicon Valley, has been shaped by the brilliant minds around him. His experience spans working with heavily regulated industries, creating security solutions for global financial institutions, and navigating the startup world from the ground up. Sasha's story is one of transformation, leveraging complex compliance requirements into simple, actionable strategies. Together, Jon and Sasha aim to demystify compliance, making it accessible and understandable. They're here to show you how navigating these standards isn't just about ticking boxes but seizing opportunities to elevate your business. "The Founder's Guide to Compliance" is empowers you with the knowledge and tools to not only meet but exceed the expectations of your customers and investors. Dive into a world where compliance becomes your competitive edge, enabling your startup to thrive in the digital age. Join Jon and Sasha as they guide you through the what, why, when, and how of compliance, turning potential hurdles into launchpads for success. Welcome to the podcast where compliance meets clarity, and where your startup's security journey begins.

In this episode, Andy and Adam discuss updates to the Microsoft Authenticator app, including its phish-resistant capabilities and FIPS compliance. They also highlight the rise of QR code phishing and provide tips on protecting users from this type of attack. Additionally, they discuss the deprecation of Application Guard and the Evaluation Lab in the Microsoft Security Stack. Takeaways -The Microsoft Authenticator app is becoming phish-resistant and will support device-bound passkeys, providing a more secure authentication method. -QR code phishing is on the rise, and users should exercise caution when scanning unfamiliar QR codes. -Educating users and conducting phishing training campaigns can help mitigate the risk of QR code phishing. -Application Guard and the Evaluation Lab in the Microsoft Security Stack are being deprecated, and organizations should explore alternative solutions for sandboxed browsing and evaluation environments. ------------------------------------------- Youtube Video Link: ⁠https://youtu.be/24KccYCGR-o⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ------------------------------------------- Documentation: https://techcommunity.microsoft.com/t5/microsoft-entra-blog/advancing-cybersecurity-the-latest-enhancement-in-phishing/ba-p/2365681 https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/protect-your-organizations-against-qr-code-phishing-with/ba-p/4007041 ---------------------- Contact Us: Website: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://bluesecuritypod.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Twitter: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/bluesecuritypod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Threads: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.threads.net/@bluesecuritypodcast⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Linkedin: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/company/bluesecpod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Youtube: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.youtube.com/c/BlueSecurityPodcast⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Twitch: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.twitch.tv/bluesecuritypod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ------------------------------------------- Andy Jaw Mastodon: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://infosec.exchange/@ajawzero⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Twitter: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/ajawzero⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ LinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/andyjaw/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠andy@bluesecuritypod.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ------------------------------------------- Adam Brewer Twitter: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/ajbrewer⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ LinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/adamjbrewer/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠adam@bluesecuritypod.com --- Send in a voice message: https://podcasters.spotify.com/pod/show/blue-security-podcast/message

תקינה, הסמכה, חתימה – מלים שנראות אפרוריות, ושלא נמצאות בראש מעייניהם של אף מפתח או מפתחת, בטח לא בישראל. אבל את הרשויות האמריקאיות הן דווקא מעניינות מאוד. ולמעשה, הן חייבות לעניין גם את כל מי שעוסק בתחום. כי מוצר תוכנה שלא יעמוד בדרישות התקינה של ארצות הברית, המיוצגות למשל על ידי ראשי תיבות מסתוריים כמו FIPS או FEDRAMP, ימצא את עצמו מחוץ לשוק החשוב בעולם.על הנושא המרתק (והבלתי-זוהר) הזה, דיברתי לעומק עם שניים: גיל עדה, ארכיטקט תוכנה בכיר בסייברארק, שמתמחה בתחומי התקשורת, מערכות ניהול ובקרת גישה, והנדסת מערכות. ולצדו – מי אם לא - רן בר זיק! אורח סדרתי בפודקאסט, שגם הוא ארכיטקט תוכנה בכיר בסייברארק, ואף עיתונאי בדה-מרקר ומרצה בקריה האקדמית אונו ובאוניברסיטת חיפה.פרק סוער על האותיות הקטנות, שמעטים טורחים לקרוא ולקודד.האזנה נעימה,בועז לביאלינקים:מאמר של גיל על FIPS:https://medium.com/cyberark-engineering/navigating-fips-compliance-for-go-applications-libraries-integration-and-security-42ac87eec40bהאתר של FEDRAMP:https://www.fedramp.gov/ פרק קודם עם רן בר זיק וארז ויסברד, על הכנה להתמודדות עם סיכוני המחשוב קוונטי:https://www.osimhistoria.com/software/ep138-quantum

Fips Neukamm gehörte über Jahre der rechtsextremistischen Gruppe „Das rechte Plenum“ in Chemnitz an. Die Neonazis wollten eine Gesellschaftsordnung nach Vorbild des Dritten Reichs errichten.

We explore how the NIST curve parameter seeds were generated, as best we can, with returning champion Steve Weis!“At the point where we find an intelligible English string that generates theNIST P-curve seeds, nobody serious is going to take the seed provenance concerns seriously anymore.”Transcript: https://securitycryptographywhatever.com/2023/10/12/the-nist-curvesLinks:- Steve's post: https://saweis.net/posts/nist-curve-seed-origins.html- ANSI X9.62 ECDSA: https://safecurves.cr.yp.to/grouper.ieee.org/groups/1363/private/x9-62-09-20-98.pdf / FIPS 186-2 https://csrc.nist.gov/files/pubs/fips/186-2/final/docs/fips186-2.pdf- “A RIDDLE WRAPPED IN AN ENIGMA”: https://eprint.iacr.org/2015/1018.pdf- https://arstechnica.com/information-technology/2015/01/nsa-official-support-of-backdoored-dual_ec_drbg-was-regrettable/- https://www.muckrock.com/foi/united-states-of-america-10/origin-of-fips-186-4-elliptic-curves-over-prime-field-seed-parameters-national-institute-of-standards-and-technology-78756/- https://www.muckrock.com/foi/united-states-of-america-10/origin-of-fips-186-4-elliptic-curves-over-prime-field-seed-parameters-national-security-agency-78755/- Filippo's bounty: https://words.filippo.io/dispatches/seeds-bounty/- Recommendations for Discrete Logarithm-based Cryptography: Elliptic Curve Domain Parameters - NIST 800-186 with Curve25519 and friends- RFC 8422: Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) Versions 1.2 and Earlier- https://www.rfc-editor.org/rfc/rfc4492#section-6- https://blog.cryptographyengineering.com/2017/12/19/the-strange-story-of-extended-random/- https://en.wikipedia.org/wiki/Bullrun_(decryption_program)- https://en.wikipedia.org/wiki/BSAFE- https://sockpuppet.org/blog/2015/08/04/is-extended-random-malicious/"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

Jeff Geerling, Owner of Midwestern Mac, joins Corey on Screaming in the Cloud to discuss the importance of storytelling, problem-solving, and community in the world of cloud. Jeff shares how and why he creates content that can appeal to anybody, rather than focusing solely on the technical qualifications of his audience, and how that strategy has paid off for him. Corey and Jeff also discuss the impact of leading with storytelling as opposed to features in product launches, and what's been going on in the Raspberry Pi space recently. Jeff also expresses the impact that community has on open-source companies, and reveals his take on the latest moves from Red Hat and Hashicorp. About JeffJeff is a father, author, developer, and maker. He is sometimes called "an inflammatory enigma".Links Referenced:Personal webpage: https://jeffgeerling.com/ TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. A bit off the beaten path of the usual cloud-focused content on this show, today I'm speaking with Jeff Geerling, YouTuber, author, content creator, enigma, and oh, so much more. Jeff, thanks for joining me.Jeff: Thanks for having me, Corey.Corey: So, it's hard to figure out where you start versus where you stop, but I do know that as I've been exploring a lot of building up my own home lab stuff, suddenly you are right at the top of every Google search that I wind up conducting. I was building my own Kubernete on top of a Turing Pi 2, and sure enough, your teardown was the first thing that I found that, to be direct, was well-documented, and made it understandable. And that's not the first time this year that that's happened to me. What do you do exactly?Jeff: I mean, I do everything. And I started off doing web design and then I figured that design is very, I don't know, once it started transitioning to everything being JavaScript, that was not my cup of tea. So, I got into back-end work, databases, and then I realized to make that stuff work well, you got to know the infrastructure. So, I got into that stuff. And then I realized, like, my home lab is a great place to experiment on this, so I got into Raspberry Pis, low-power computing efficiency, building your own home lab, all that kind of stuff.So, all along the way, with everything I do, I always, like, document everything like crazy. That's something my dad taught me. He's an engineer in radio. And he actually hired me for my first job, he had me write an IT operations manual for the Radio Group in St. Louis. And from that point forward, that's—I always start with documentation. So, I think that was probably what really triggered that whole series. It happens to me too; I search for something, I find my old articles or my own old projects on GitHub or blog posts because I just put everything out there.Corey: I was about to ask, years ago, I was advised by Scott Hanselman to—the third time I find myself explaining something, write a blog post about it because it's easier to refer people back to that thing than it is for me to try and reconstruct it on the fly, and I'll drop things here and there. And the trick is, of course, making sure it doesn't sound dismissive and like, “Oh, I wrote a thing. Go read.” Instead of having a conversation with people. But as a result, I'll be Googling how to do things from time to time and come up with my own content as a result.It's at least a half-step up from looking at forums and the rest, where I realized halfway through that I was the one asking the question. Like, “Oh, well, at least this is useful for someone.” And I, for better or worse, at least have a pattern of going back and answering how I solved a thing after I get there, just because otherwise, it's someone asked the question ten years ago and never returns, like, how did you solve it? What did you do? It's good to close that loop.Jeff: Yeah, and I think over 50% of what I do, I've done before. When you're setting up a Kubernetes cluster, there's certain parts of it that you're going to do every time. So, whatever's not automated or the tricky bits, I always document those things. Anything that is not in the readme, is not in the first few steps, because that will help me and will help others. I think that sometimes that's the best success I've found on YouTube is also just sharing an experience.And I think that's what separates some of the content that really drives growth on a YouTube channel or whatever, or for an organization doing it because you bring the experience, like, I'm a new person to this Home Assistant, for instance, which I use to automate things at my house. I had problems with it and I just shared those problems in my video, and that video has, you know, hundreds of thousands of views. Whereas these other people who know way more than I could ever know about Home Assistant, they're pulling in fewer views because they just get into a tutorial and don't have that perspective of a beginner or somebody that runs into an issue and how do you solve that issue.So, like I said, I mean, I just always share that stuff. Every time that I have an issue with anything technological, I put it on GitHub somewhere. And then eventually, if it's something that I can really formulate into an outline of what I did, I put a blog post up on my blog. I still, even though I write I don't know how many words per week that goes into my YouTube videos or into my books or anything, I still write two or three blog posts a week that are often pretty heavy into technical detail.Corey: One of the challenges I've always had is figuring out who exactly I'm storytelling for when I'm putting something out there. Because there's a plethora, at least in cloud, of beginner content of, here's how to think about cloud, here's what the service does, here's why you should use it et cetera, et cetera. And that's all well and good, but often the things that I'm focusing on presuppose a certain baseline level of knowledge that you should have going into this. If you're trying to figure out the best way to get some service configured, I probably shouldn't have to spend the first half of the article talking about what AWS is, as a for instance. And I think that inherently limits the size of the potential audience that would be interested in the content, but it's also the kind of stuff that I wish was out there.Jeff: Yeah. There's two sides to that, too. One is, you can make content that appeals to anybody, even if they have no clue what you're talking about, or you can make content that appeals to the narrow audience that knows the base level of understanding you need. So, a lot of times with—especially on my YouTube channel, I'll put things in that is just irrelevant to 99% of the population, but I get so many comments, like, “I have no clue what you said or what you're doing, but this looks really cool.” Like, “This is fun or interesting.” Just because, again, it's bringing that story into it.Because really, I think on a base level, a lot of programmers especially don't understand—and infrastructure engineers are off the deep end on this—they don't understand the interpersonal nature of what makes something good or not, what makes something relatable. And trying to bring that into technical documentation a lot of times is what differentiates a project. So, one of the products I love and use and recommend everywhere and have a book on—a best-selling book—is Ansible. And one of the things that brought me into it and has brought so many people is the documentation started—it's gotten a little bit more complex over the years—but it started out as, “Here's some problems. Here's how you solve them.”Here's, you know, things that we all run into, like how do you connect to 12 servers at the same time? How do you have groups of servers? Like, it showed you all these little examples. And then if you wanted to go deeper, there was more documentation linked out of that. But it was giving you real-world scenarios and doing it in a simple way. And it used some little easter eggs and fun things that made it more interesting, but I think that that's missing from a lot of technical discussion and a lot of technical documentation out there is that playfulness, that human side, the get from Point A to Point B and here's why and here's how, but here's a little interesting way to do it instead of just here's how it's done.Corey: In that same era, I was one of the very early developers behind SaltStack, and I think one of the reasons that Ansible won in the market was that when you started looking into SaltStack, it got wrapped around its own axle talking about how it uses ZeroMQ for a full mesh between all of the systems there, as long—sorry [unintelligible 00:07:39] mesh network that all routes—not really a mesh network at all—it talks through a single controller that then talks to all of its subordinate nodes. Great. That's awesome. How do I use this to install a web server, is the question that people had. And it was so in love with its own cleverness in some ways. Ansible was always much more approachable in that respect and I can't understate just how valuable that was for someone who just wants to get the problem solved.Jeff: Yeah. I also looked at something like NixOS. It's kind of like the arch of distributions of—Corey: You must be at least this smart to use it in some respects—Jeff: Yeah, it's—Corey: —has been the every documentation I've had with that.Jeff: [laugh]. There's, like, this level of pride in what it does, that doesn't get to ‘and it solves this problem.' You can get there, but you have to work through the barrier of, like, we're so much better, or—I don't know what—it's not that. Like, it's just it doesn't feel like, “You're new to this and here's how you can solve a problem today, right now.” It's more like, “We have this golden architecture and we want you to come up to it.” And it's like, well, but I'm not ready for that. I'm just this random developer trying to solve the problem.Corey: Right. Like, they should have someone hanging out in their IRC channel and just watch for a week of who comes in and what questions do they have when they're just getting started and address those. Oh, you want to wind up just building a Nix box EC2 for development? Great, here's how you do that, and here's how to think about your workflow as you go. Instead, I found that I had to piece it together from a bunch of different blog posts and the rest and each one supposed that I had different knowledge coming into it than the others. And I felt like I was getting tangled up very easily.Jeff: Yeah, and I think it's telling that a lot of people pick up new technology through blog posts and Substack and Medium and whatever [Tedium 00:09:19], all these different platforms because it's somebody that's solving a problem and relating that problem, and then you have the same problem. A lot of times in the documentation, they don't take that approach. They're more like, here's all our features and here's how to use each feature, but they don't take a problem-based approach. And again, I'm harping on Ansible here with how good the documentation was, but it took that approach is you have a bunch of servers, you want to manage them, you want to install stuff on them, and all the examples flowed from that. And then you could get deeper into the direct documentation of how things worked.As a polar opposite of that, in a community that I'm very much involved in still—well, not as much as I used to be—is Drupal. Their documentation was great for developers but not so great for beginners and that was always—it still is a difficulty in that community. And I think it's a difficulty in many, especially open-source communities where you're trying to build the community, get more people interested because that's where the great stuff comes from. It doesn't come from one corporation that controls it, it comes from the community of users who are passionate about it. And it's also tough because for something like Drupal, it gets more complex over time and the complexity kind of kills off the initial ability to think, like, wow, this is a great little thing and I can get into it and start using it.And a similar thing is happening with Ansible, I think. We were at when I got started, there were a couple hundred modules. Now there's, like, 4000 modules, or I don't know how many modules, and there's all these collections, and there's namespaces now, all these things that feel like Java overhead type things leaking into it. And that diminishes that ability for me to see, like, oh, this is my simple tool that solving these problems.Corey: I think that that is a lost art in the storytelling side of even cloud marketing, where they're so wrapped around how they do what they do that they forget, customers don't care. Customers care very much about their problem that they're trying to solve. If you have an answer for solving that problem, they're very interested. Otherwise, they do not care. That seems to be a missing gap.Jeff: I think, like, especially for AWS, Google, Azure cloud platforms, when they build their new services, sometimes you're, like, “And that's for who?” For some things, it's so specialized, like, Snowmobile from Amazon, like, there's only a couple customers on the planet in a given year that needs something like that. But it's a cool story, so it's great to put that into your presentation. But some other things, like, especially nowadays with AI, seems like everybody's throwing tons of AI stuff—spaghetti—at the wall, seeing what will stick and then that's how they're doing it. But that really muddies up everything.If you have a clear vision, like with Apple, they just had their presentation on the new iPhone and the new neural engine and stuff, they talk about, “We see your heart patterns and we tell you when your heart is having problems.” They don't talk about their AI features or anything. I think that leading with that story and saying, like, here's how we use this, here's how customers can build off of it, those stories are the ones that are impactful and make people remember, like, oh Apple is the company that saves people's lives by making watches that track their heart. People don't think that about Google, even though they might have the same feature. Google says we have all these 75 sensors in our thing and we have this great platform and Android and all that. But they don't lead with the story.And that's something where I think corporate Apple is better than some of the other organizations, no matter what the technology is. But I get that feeling a lot when I'm watching launches from Amazon and Google and all their big presentations. It seems like they're tech-heavy and they're driven by, like, “What could we do with this? What could you do with this new platform that we're building,” but not, “And this is what we did with this other platform,” kind of building up through that route.Corey: Something I've been meaning to ask someone who knows for a while, and you are very clearly one of those people, I spend a lot of time focusing on controlling cloud costs and I used to think that Managed NAT Gateways were very expensive. And then I saw the current going rates for Raspberries Pi. And that has been a whole new level of wild. I mean, you mentioned a few minutes ago that you use Home Assistant. I do too.But I was contrasting the price between a late model, Raspberry Pi 4—late model; it's three years old if this point of memory serves, maybe four—versus a used small form factor PC from HP, and the second was less expensive and far more capable. Yeah it drags a bit more power and it's a little bit larger on the shelf, but it was basically no contest. What has been going on in that space?Jeff: I think one of the big things is we're at a generational improvement with those small form-factor little, like, tiny-size almost [nook-sized 00:13:59] PCs that were used all over the place in corporate environments. I still—like every doctor's office you go to, every hospital, they have, like, a thousand of these things. So, every two or three or four years, however long it is on their contract, they just pop all those out the door and then you get an E-waste company that picks up a thousand of these boxes and they got to offload them. So, the nice thing is that it seems like a year or two ago, that really started accelerating to the point where the price was driven down below 100 bucks for a fully built-out little x86 Mini PC. Sure, it's, you know, like you said, a few generations old and it pulls a little bit more power, usually six to eight watts at least, versus a Raspberry Pi at two to three watts, but especially for those of us in the US, electricity is not that expensive so adding two or three watts to your budget for a home lab computer is not that bad.The other part of that is, for the past two-and-a-half years because of the global chip shortages and because of the decisions that Raspberry Pi made, there were so few Raspberry Pis available that their prices shot up through the roof if you wanted to get one in any timely fashion. So, that finally is clearing up, although I went to the Micro Center near me yesterday, and they said that they have not had stock of Raspberry Pi 4s for, like, two months now. So, they're coming, but they're not distributed evenly everywhere. And still, the best answer, especially if you're going to run a lot of things on it, is probably to buy one of those little mini PCs if you're starting out a home lab.Or there's some other content creators who build little Kubernetes clusters with multiple mini PCs. Three of those stack up pretty nicely and they're still super quiet. I think they're great for home labs. I have two of them over on my shelf that I'm using for testing and one of them is actually in my rack. And I have another one on my desk here that I'm trying to set up for a five gigabit home router since I finally got fiber internet after years with cable and I'm still stuck on my old gigabit router.Corey: Yeah, I wound up switching to a Protectli, I think is what it's called for—it's one of those things I've installed pfSense on. Which, I'm an old FreeBSD hand and I haven't kept up with it, but that's okay. It feels like going back in time ten years, in some respects—Jeff: [laugh].Corey: —so all right. And I have a few others here and there for various things that I want locally. But invariably, I've had the WiFi controller; I've migrated that off. That lives on an EC2 box in Ohio now. And I do wind up embracing cloud services when I don't want it to go down and be consistently available, but for small stuff locally, I mean, I have an antenna on the roof doing an ADS-B receiver dance that's plugged into a Pi Zero.I have some backlogged stuff on this, but they've gotten expensive as alternatives have dropped in price significantly. But what I'm finding as I'm getting more into 3D printing and a lot of hobbyist maker tools out there, everything is built with the Raspberry Pi in mind; it has the mindshare. And yeah, I can get something with similar specs that are equivalent, but then I've got to do a whole bunch of other stuff as soon as it gets into controlling hardware via GPIO pins or whatnot. And I have to think about it very differently.Jeff: Yeah, and that's the tough thing. And that's the reason why Raspberry Pis, even though they're three years old, even though they're hard to get, they still are fetching—on the used market—way more than the original MSRP. It's just crazy. But the reason for that is the Raspberry Pi organization. And there's two: there's the Raspberry Pi Foundation that's goals are to increase educational computing and accessibility for computers for kids and learning and all that, then there's the Raspberry Pi trading company that makes the Raspberry Pis.The Trading Company has engineers who sit there 24/7 working on the software, working on the kernel drivers, working on hardware bugs, listening to people on the forums and in GitHub and everywhere, and they're all English-speaking people there—they're over in the UK—and they manufacture their own boards. So, there's a lot of things on top of that, even though they're using some silicons of Broadcom chips that are a little bit locked down and not completely open-source like some other chips might be, they're a phone number you could call if you need the support or there's a forum that has activity that you can get help in and their software that's supported. And there's a newer Linux kernel and the kernel is updated all the time. So, all those advantages mean you get a little package that will work, it'll sip two watts of power, sitting 24/7. It's reliable hardware.There's so many people that use it that it's so well tested that almost any problem you could ever run into, someone else has and there's a blog post or a forum post talking about it. And even though the hardware is not super powerful—it's three years old—you can add on a Coral TPU and do face recognition and object recognition. And throw in Frigate for Home Assistant to get notifications on your phone when your mom walks up to the door. There's so many things you can do with them and they're so flexible that they're still so valuable. I think that they really knocked it out of the park with that model, the Raspberry Pi 4, and the compute module 4, which is still impossible to get. I have not been able to buy one for two years now. Luckily, I bought 12 two-and-a-half years ago [laugh] otherwise I would be running out for all my projects that I do.Corey: Yeah. I got two at the moment and two empty slots in the Turing Pi 2, which I'll care more about if I can actually get the thing up and booted. But it presupposes you have a Windows computer or otherwise, ehh, watch this space; more coming. Great. Like, do I build a virtual machine on top of something else? It leads down the path super quickly of places I thought I'd escaped from.Jeff: Yeah, you know, outside of the Pi realm, that's the state of the communities. It's a lot of, like, figuring out your own things. I did a project—I don't know if you've heard of Mr. Beast—but we did a project for him that involves a hundred single-board computers. We couldn't find Raspberry Pi's so we had to use a different single-board computer that was available.And so, I bought an older one thinking, oh, this is, like, three or four years old—it's older than the Pi 4—and there must be enough support now. But still, there's, like, little rough edges everywhere I went and we ended up making them work, but it took us probably an extra 30 to 40 hours of development work to get those things running the same way as a Raspberry Pi. And that's just the way of things. There's so much opportunity.If one of these Chinese manufacturers that makes most of these things, if one of them decided, you know what? We're going to throw tons of money into building support for these things, get some English-speaking members of these forums to build up the community, all that stuff, I think that they could have a shot at Raspberry Pi's giant portion of the market. But so far, I haven't really seen that happen. So far, they're spamming hardware. And it's like, the hardware is awesome. These chips are great if you know how to deal with them and how to get the software running and how to deal with Linux issues, but if you don't, then they're not great because you might not even get the thing to boot.Corey: I want to harken back to something you said a minute ago, where there's value in having a community around something, where you can see everyone else has already encountered a problem like this. I think that folks who weren't around for the rise of cloud have no real insight into how difficult it used to be just getting servers into racks and everything up, and okay, they're identical, and seven of them are working, but that eighth one isn't for some strange reason. And you spend four hours troubleshooting what turns out to be a bad cable or something not seated properly and it's awful. Cloud got away from a lot of that nonsense. But it's important—at least to me—to not be Captain Edgecase, where if you pick some new cloud provider and Google for how to set up a load balancer and no one's done it before you, that's not great. Whereas if I'm googling now in the AWS realm and no one has done, the thing I'm trying to do, that should be something of a cautionary flag of maybe this isn't how most people go about approaching production. Really think twice about this.Jeff: Yep. Yeah, we ran into that on a project I was working on was using Magento—which I don't know if anybody listening uses Magento, but it's not fun—and we ran into some things where it's like, “We're doing this, and it says that they do this on their official supported platform, but I don't know how they are because the code just doesn't exist here.” So, we ran into some weird edge cases on AWS with some massive infrastructure for the databases, and I ran into scaling issues. But even there, there were forum posts in AWS here and there that had little nuggets that helped us to figure out a way to get around it. And like you say, that is a massive advantage for AWS.And we ran into an issue with, we were one of the first customers trying out the new Lambda functions for RDS—or I don't remember exactly what it was called initially—but we ended up not using that. But we ran into some of these issues and figured out we were the first customer running into this weird scaling thing when we had a certain size of database trying to use it with these Lambda calls. And eventually, they got those things solved, but with AWS, they've seen so many things and some other cloud providers haven't seen these things. So, when you have certain types of applications that need to scale in certain ways, that is so valuable and the community of users, the ability to pull from that community when you need to hire somebody in an emergency, like, we need somebody to help us get this project done and we're having this issue, you can find somebody that is, like, okay, I know how to get you from Point A to Point B and get this project out the door. You can't do that on certain platforms.And open-source projects, too. We've always had that problem in Drupal. The amount of developers who are deep into Drupal to help with the hard problems is not vast, so the ones who can do that stuff, they're all hired off and paid a handsome sum. And if you have those kinds of problems you realize, I either going to need to pay a ton of money or we're just going to have to not do that thing that we wanted to do. And that's tough.Corey: What I've found, sort of across the board, has been that there's a lot of, I guess, open-source community ethos that has bled into a lot of this space and I wanted to make sure that we have time to talk about this because I was incensed a while back when Red Hat decided, “Oh, you know that whole ten-year commitment on CentOS? That project that we acquired and are now basically stabbing in the face?”—disclosure. I used to be part of the CentOS project years ago when I was on network staff for the Freenode IRC network—then it was, “Oh yeah, we're just going to basically undermine our commitments to you and now you can pay us if you want to get that support there.” And that really set me off. Was nice to see you were right there as well in almost lockstep with me, pointing out that this is terrible, just as far as breaking promises you've made to customers. Has your anger cooled any? Because mine hasn't.Jeff: It has not. My temper has cooled. My anger has not. I don't think that they get it. After all the backlash that they got after that, I don't think that the VP-level folks at Red Hat understand that this is already impacting them and will impact them much more in the future because people like me and you, people who help other people build infrastructure and people who recommend operating systems and people who recommend patterns and things, we're just going to drop off using CentOS because it doesn't exist. It does exist and some other people are saying, “Oh, it's actually better to use this new CentOS, you know, Stream. Stream is amazing.” It's not. It's not the same thing. It's different. And—Corey: I used to work at a bank. That was not an option. I mean, granted at the bank for the production systems it was always [REL 00:25:18], but being able to spin up a pre-production environment without having to pay license fees on every VM. Yeah.Jeff: Yeah. And not only that, they did this announcement and framed it a certain way, and the community immediately saw. You know, I think that they're just angry about something, and whether it was a NASA contract with Rocky Linux, or whether it was something Oracle did, who knows, but it seems petty in retrospect, especially in comparison to the amount of backlash that came out of it. And I really don't think that they understand the thing that they had with that Red Hat Enterprise Linux is not a massive growth opportunity for Red Hat. It's, in some ways, a dying product in terms of compared to using cloud stuff, it doesn't matter.You could use CoreOS, you could use NixOS, and you could use anything, it doesn't really matter. For people like you and me, we just want to deploy our software. And if it's containers, it really doesn't matter. It's just the people in government or in certain organizations that have these roles that you have to use whatever FIPS and all that kind of stuff. So, it's not like it's a hyper-growth opportunity for them.CentOS was, like, the only reason why all the software, especially on the open-source side, was compatible with Red Hat because we could use CentOS and it was easy and simple. They took that—well, they tried to take that away and everybody's like, “That's—what are you doing?” Like, I posted my blog post and I think that sparked off quite a bit of consternation, to the point where there was a lot of personal stuff going on. I basically said, “I'm not supporting Red Hat Enterprise Linux for any of my work anymore.” Like, “From this point forward, it's not supported.”I'll support OpenELA, I'll support Rocky Linux or Oracle Linux or whatever because I can get free versions that I don't have to sign into a portal and get a license and download the license and integrate it with my CI work. I'm an open-source developer. I'm not going to pay for stuff or use 16 free licenses. Or I was reached out to and they said, “We'll give you more licenses. We'll give you extra.” And it's like, that's not how this works. Like, I don't have to call Debian and Ubuntu and [laugh] I don't even have to call Oracle to get licenses. I can just download their software and run it.So, you know, I don't think they understood the fact that they had that. And the bigger problem for me was the two-layer approach to destroying all the trust that the community had. First was in, I think it was 2019 when they said—we're in the middle of CentOS 8's release cycle—they said, “We're dropping CentOS 8. It's going to be Stream now.” And everybody was up in arms.And then Rocky Linux and [unintelligible 00:27:52] climbed in and gave us what we wanted: basically, CentOS. So, we're all happy and we had a status quo, and Rocky Linux 9 and [unintelligible 00:28:00] Linux nine came out after Red Hat 9, and the world was a happy place. And then they just dumped this thing on us and it's like, two major release cycles in a row, they did it again. Like, I don't know what this guy's thinking, but in one of the interviews, one of the Red Hat representatives said, “Well, we wanted to do this early in Red Hat 9's release cycle because people haven't started migrating.” It's like, well, I already did all my automation upgrades for CI to get all my stuff working in Rocky Linux 9 which was compatible with Red Hat Enterprise Linux 9. Am I not one of the people that's important to you?Like, who's important to you? Is it only the people who pay you money or is it also the people that empower your operating system to be a premier Enterprise Linux operating system? So, I don't know. You can tell. My anger has not died down. The amount of temper that I have about it has definitely diminished because I realize I'm talking at a wall a lot of times, when I'm having conversations on Twitter, private conversations and email, things like that.Corey: People come to argue; they don't come to actually have a discussion.Jeff: Yeah. I think that they just, they don't see the community aspect of it. They just see the business aspect. And the business aspect, if they want to figure out ways that they can get more people to pay them for their software, then maybe they should provide more value and not just cut off value streams. It doesn't make sense to me from a long-term business perspective.From a short term, maybe there were some clients who said, “Oh, shoot. We need this thing stable. We're going to pay for some more licenses.” But the engineers that those places are going to start making plans of, like, how do we make this not happen again. And the way to not make that happen, again is to use, maybe Ubuntu or maybe [unintelligible 00:29:38] or something. Who knows? But it's not going to be increasing our spend with Red Hat.Corey: That's what I think a lot of companies are missing when it comes to community as well, where it's not just a place to go to get support for whatever it is you're doing and it's not a place [where 00:29:57] these companies view prospective customers. There's more to it than that. There has to be a social undercurrent on this. I look at the communities I spend time in and in some of them dating back long enough, I've made lifelong significant friendships out of those places, just through talking about our lives, in addition to whatever the community is built around. You have to make space for that, and companies don't seem to fully understand that.Jeff: Yeah, I think that there's this thing that a community has to provide value and monetizable value, but I don't think that you get open-source if you think that that's what it is. I think some people in corporate open-source think that corporate open-source is a value stream opportunity. It's a funnel, it's something that is going to bring you more customers—like you say—but they don't realize that it's a community. It's like a group of people. It's friends, it's people who want to make the world a better place, it's people who want to support your company by wearing your t-shirt to conferences, people want to put on your red fedora because it's cool. Like, it's all of that. And when you lose some of that, you lose what makes your product differentiated from all the other ones on the market.Corey: That's what gets missed. I think that there's a goodwill aspect of it. People who have used the technology and understand its pitfalls are likelier to adopt it. I mean, if you tell me to get a website up and running, I am going to build an architecture that resembles what I've run before on providers that I've run on before because I know what the failure modes look like; I know how to get things up and running. If I'm in a hurry, trying to get something out the door, I'm going to choose the devil that I know, on some level.Don't piss me off as a community member and incentivize me to change that estimation the next time I've got something to build. Well, that doesn't show up on this quarter's numbers. Well, we have so little visibility into how decisions get made many companies that you'll never know that you have a detractor who's still salty about something you did five years ago and that's the reason the bank decided not to because that person called in their political favors to torpedo that deal and have a sweetheart offer from your competitor, et cetera and so on and so forth. It's hard to calculate the actual cost of alienating goodwill. But—Jeff: Yeah.Corey: I wish companies had a longer memory for these things.Jeff: Yeah. I mean, and thinking about that, like, there was also the HashiCorp incident where they kind of torpedoed all developer goodwill with their Terraform and other—Terraform especially, but also other products. Like, I probably, through my book and through my blog posts and my GitHub examples have brought in a lot of people into the HashiCorp ecosystem through Vagrant use, and through Packer and things like that. At this point, because of the way that they treated the open-source community with the license change, a guy like me is not going to be enthusiastic about it anymore and I'm going to—I already had started looking at alternatives for Vagrant because it doesn't mesh with modern infrastructure practices for local development as much, but now it's like that enthusiasm is completely gone. Like I had that goodwill, like you said earlier, and now I don't have that goodwill and I'm not going to spread that, I'm not going to advocate for them, I'm not going to wear their t-shirt [laugh], you know when I go out and about because it just doesn't feel as clean and cool and awesome to me as it did a month ago.And I don't know what the deal is. It's partly the economy, money's drying up, things like that, but I don't understand how the people at the top can't see these things. Maybe it's just their organization isn't set up to show the benefits from the engineers underneath, who I know some of these engineers are, like, “Yeah, I'm sorry. This was dumb. I still work here because I get a paycheck, but you know, I can't say anything on social media, but thank you for saying what you did on Twitter.” Or X.Corey: Yeah. It's nice being independent where you don't really have to fear the, well if I say this thing online, people might get mad at me and stop doing business with me or fire me. It's well, yeah, I mean, I would have to say something pretty controversial to drive away every client and every sponsor I've got at this point. And I don't generally have that type of failure mode when I get it wrong. I really want to thank you for taking the time to talk with me. If people want to learn more, where's the best place for them to find you?Jeff: Old school, my personal website, jeffgeerling.com. I link to everything from there, I have an About page with a link to every profile I've ever had, so check that out. It links to my books, my YouTube, all that kind of stuff.Corey: There's something to be said for picking a place to contact you that will last the rest of your career as opposed to, back in the olden days, my first email address was the one that my ISP gave me 25 years ago. I don't use that one anymore.Jeff: Yep.Corey: And having to tell everyone I corresponded with that it was changing was a pain in the butt. We'll definitely put a link to that one in the [show notes 00:34:44]. Thank you so much for taking the time to speak with me. I appreciate it.Jeff: Yeah, thanks. Thanks so much for having me.Corey: Jeff Geerling, YouTuber, author, content creator, and oh so very much more. I'm Cloud Economist Corey Quinn and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice along with an angry comment that we will, of course, read [in action 00:35:13], just as soon as your payment of compute modules for Raspberries Pi show up in a small unmarked bag.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.

Show Notes  Seafood can change hands many times before it reaches your plate, which is why we need to know about all of the hard-working people who helped get it there.  Were they treated fairly? Are their rights being respected and upheld?  Here to help answer those questions and ensure human rights due diligence across seafood supply chains is Dr. Katrina Nakamura, CEO of Sustainability Incubator!  Tune into Season 4, Episode 9 to catch Katrina's insights into what's happening with forced labor in seafood, how women influence FIPs (aka: Fishery Improvement Projects), and how her diverse career path led her to the current impactful work she does today.  Audio production and sound design by Crystal Sanders-Alvarado for Seaworthy. Episode Transcript Episode Guide :00 Intro 01:34 Dr. Katrina Nakamura walks us through human rights due diligence in seafood: what it is and why it's critical. 04:42 There are two types of human rights abuses in seafood supply chains—Katrina breaks it down. 10:13  Labor is the first place the seafood industry squeezes to cut costs of production. Why are low labor costs becoming less of an asset and quickly becoming a liability? 15:50: Katrina shares the two things that are driving improvements in labor conditions in the sector.  18:26 As one of the biggest investments a company has, labor means a lot. The Labor Safe Screen is a human rights due diligence service that shows the value the company places on the relationships with their labor force. 24:09  You've uncovered abuses in your supply chains, how do you respond?   29:42 The time for forced labor in seafood supply chains is up as human rights due diligence is becoming mandatory globally. 33:25 The victim, the villain, and the hero: Is there a correlation between environmental sustainability and forced labor? 37:50  Fishery Improvement Projects: what are they and how are women influencing fisheries progress in innovative, yet invisible, ways? 46:22 Sidelining women and upholding barriers to leadership have very real consequences that hold back progress. 49:32 Katrina uplifts an angel! Resources:  Explore Katrina's work on human rights due diligence at Sustainability Incubator. Read more from the International Labor Organization (ILO) about forced labor and human trafficking in fisheries. Recommend this episode to one person who is concerned about forced labor in seafood production.

Welcome to the newest episode of The Cloud Pod podcast - where the forecast is always cloudy! Today your hosts are Jonathan and Matt as we discuss all things cloud and AI, including Temporary Elevated Access Management (or TEAM, since we REALLY like acronyms today)  FTP servers, SQL servers and all the other servers, as well as pipelines, whether or not the government should regulate AI (spoiler alert: the AI companies don't think so) and some updates to security at Amazon and Google.  Titles we almost went with this week: The Cloud Pod's FTP server now with post-quantum keys support The CloudPod can now Team into your account, but only temporarily  The CloudPod dusts off their old floppy drive  The CloudPod dusts off their old SQL server disks The CloudPod is feeling temporarily elevated to do a podcast The CloudPod promise that AI will not take over the world The CloudPod duals with keys The CloudPod is feeling temporarily elevated. A big thanks to this week's sponsor: Foghorn Consulting, provides top-notch cloud and DevOps engineers to the world's most innovative companies. Initiatives stalled because you have trouble hiring?  Foghorn can be burning down your DevOps and Cloud backlogs as soon as next week.

Who is Sorin?Sorin is CEO of SantinelaSantinela is an integrated Management Environment for production facilities, unlocking their full potential. It covers diverse functionalities specific to the management of production facilities, as a transversal platform designed by the workforce for the workforce.Key TakeawaysHow to help manufacturers improve their digitalization. 1:45The right process isn't it. 4:41Advice on how to improve your processes. 8:06Understanding the interconnectivity of processes and implementation. 11:53The importance of diversity in process improvement. 14:52Bringing people from the shop floor into the planning process. 19:30Valuable Free Resource or ActionFind out more about Santinela at www.Santinela.comA video version of this podcast is available on YouTube :_________________________________________________________________________________________________Subscribe to our newsletter and get details of when we are doing these interviews live at https://TCA.fyi/newsletterFind out more about being a guest at : link.thecompleteapproach.co.uk/beaguestSubscribe to the podcast at https://link.thecompleteapproach.co.uk/podcastHelp us get this podcast in front of as many people as possible. Leave a nice five-star review at apple podcasts : https://link.thecompleteapproach.co.uk/apple-podcasts and on YouTube : https://link.thecompleteapproach.co.uk/Itsnotrocketscienceatyt!Here's how you can bring your business to THE next level:If you are a business owner currently turning over £/$10K - £/$50K per month and want to grow to £/$100K - £/$500k per month download my free resource on everything you need to grow your business on a single page :It's a detailed breakdown of how you can grow your business to 7-figures in a smart and sustainable way————————————————————————————————————————————-TranscriptNote, this was transcribed using a transcription software and may not reflect the exact words used in the podcast)SUMMARY KEYWORDSdigitalization, processes, process improvement, factory, understand, people, organisation, important, problems, therese, roadmap, question, point, big, shop floor, continuous improvement, company, spending, talk, websiteSPEAKERSSorin Petcu, Stuart WebbStuart WebbHi and welcome back to it's not rocket science five questions over coffee. I'm here today with Simon Pesci. Sarin is the CEO of Centinela. They're a agency which is dedicated to making the manufacturing of efficiency greater and improving it through process improvement and using digitalization to do that. So I'm really excited about this, because this is something I've done in my past. So I'm really excited to welcome Soren today to the to the podcast, and sorry, welcome to It's not rocket science five questions over the coffee, which I have in front of me, I know you've got one as well. Excellent, excellent news. Well, I'm sorry,Sorin Petcuyou're enjoying a lot of stuff from my cup of tea, coffee, whatever.Stuart WebbYeah, whatever it takes to get through. Sorry, tell us a little bit about the sort of the customers you're trying to help with these with this great way of trying to digitalize some of the some of the work that's going on today and in process improvement.Sorin PetcuSo first of all, Stuart, thank you very much for having me. On today. So since 2003, I've been passionate about helping manufacturers to improve their manufacturing waste, let's put it like this. And after maybe 2005 2006, I started to see that there are lots of possibilities for digitalization in companies, and especially in the manufacturing businesses. And I've been working for different companies in food and beverage, so we are more specialised in food and beverage. And in 2016, I started to do consulting work. And I found out that food and beverage companies they were far behind, and they're still far behind in comparison to other to other industries, in terms of digitalization, digitalization is a very, very big word I would say. And what is happening is that manufacturers have some challenges, and they try to understand them. But to put in a very simple way, if you have a factory, a factory is like a black box, right. And if you look in, in the box, if you if you look at the box, you have inputs and your outputs. And in the box, if you don't understand it, as I was saying is a black box, you need to do something to be as efficient as possible to get those outputs the best way possible at the right time, the right quality, the right quality, you know the right quantity and stuff based on the inputs you get. So the challenges that they have, especially in this difficult and changing times is, I believe, to understand what they need to do to have the right digitalization. So how do you get from a process that is pen and paper in many, many factories and what we really want to do at something nela we really want to help manufacturers no matter the size, so there are small, medium or big. So the point is, how do you help them understand or generally they have a big problem to you know, to not look at the holes in front of the bike, but to look in the long term because they don't have time there are firefighting many times. And to think about how to optimise the processes, they have and digitalize them. This I believe are big challenges that they face in digitalization. Besides all the other challenges they have to face you know, with the inflation with Labour with whatever. So if we talk about digitalization, is about how you get the right processes, the right processes, not the wrong processes, digitalized and reliable Yeah,Stuart Webband that's the key isn't it? Sorry. And because I remember back in when I was one of the first companies I started was was was working with workflow technologies and we've talked about getting the right work to the right person at the right time. So so the problem that that many factories face. Is that right process, isn't it, which is the right process because you can pull a lever to digitalize a process which does not affect the if the efficiency of the factory does it you can, you can you can spend a lot of time and effort processing and working on a process which actually doesn't have as big an impact as you expect it to. So it is that right process, isn't it? And some, I would guess, of your customers have spent a lot of time trying to digitalize a process and then discovered it didn't have the effectiveness that they expected it to have.Sorin PetcuYeah, so the most interesting case I've I've seen many times in factories is that they tried to digitalize to digitise processes that are not, as you're saying that are not necessarily that important to the business. But most of all, they don't have the right processes in place, like the daily management system in a factory is critical. I call it the backbone of the factory. If if you don't have the right process in the in the shift, you know, the shifts, eight hour shifts, if you don't have the right meetings in the morning, if you don't talk about the right things in the morning, you know, the KPIs the actions from the day before the day the priorities of the day if you don't have the right processes and continuous improvement, right. What do you digitise you digitise some firefighting system, that will never give you the right results? So this is, I believe, the best example I have, and I've seen it in multiple multiple factories. So we go there to some basics of of management processes, let's put it like this.Stuart WebbYeah, yeah. And it is that problem of, of knowing, which is the right lever to pull, isn't it the growth lever, the big lever that you pull, which is the greatest growth lever for any, for any factory to improve its efficiency.Sorin PetcuFrom from our experience is that, you know, factories have systems like ERP warehouse management, quality system that they need for the for the whole, for their survival, and from a legal standpoint, and then they have the assets, right, they have the lines, and those lines have to produce in a reliable way. They also have the teams of course, that need to be trained, they need to know what they're doing, they need to have reliable processes, standardised work and stuff like this. So, in our experience, the biggest lever to improve efficiency and effectiveness, let's put it like this and productivity in a factory is by making sure that the lines and the assets run properly, and they produce the right quality product at the right time. And there you start with the holes with a whole package of methodologies for continuous improvement that you can of course apply and afterward digitise, right. But the biggest one I would say is the is the way the lines run the OEE, as general people call it, you know, but generally people call itStuart Webbso and I'm just gonna show on the screen now the your the link to your your company, LinkedIn profile. Now, there's some interesting stuff going on there. And then your website, or other any free piece of advice you have on the website that you can help people to understand exactly how they can make use of this obvious thinking, in order to get them to sort of understand that the way they should start to, to attack and to to approach these problems.Sorin PetcuYeah, well, we don't necessarily have these things on the website. But together with Leila, that was your that you invited last week, we were trying to make these messages come across to as many people as possible in the near future. But I would say if you want to improve your processes and digitise your processes, that's something along the way we think is the following. So first of all, don't think short term. So short term is you can cherry pick, but you won't see the whole stuff, you won't have the time to do a holistic approach. What is really important is to understand your problems, map your processes, understand your problems, create a roadmap, this is really important. There are some companies that you know, there are a pen and paper and they have some processes that sometimes are not the best one so they can be improved. And they're already thinking about deep learning AI but without necessarily understanding the full extent of all this. So Yeah, the way we think is, you know, you depending on the maturity, you must learn how to walk, then you must learn how to run, right. So understand your processes, understand and build your roadmap, talk to the people in their own your company, and the especially the ones that are impacted by the change, because fear of change and not not understanding the change can be a very big roadblock. And sometimes, you know, without any sustainable proof, so he's just about the feeling of people, right how they see the change. So afterwards, make sure that the roadmap is made in a pragmatic way, because your resources are limited, right? And take a look at what you were saying before about the things that mostly impact your business. But without you can cherry pick, but you can cherry pick from the roadmap, you don't cherry pick just to cherry pick, right? So and make sure that you plan the improvements, and that you have some way to track the success. And once you understand your needs, and you create your roadmap, only then you look for the suppliers that might help you. And one more thing, the suppliers, I would say that there's really two things very important about the suppliers, the hidden costs, sometimes are there. And the second one is get the supplier that can also help you not only from if we talk about digitalization, don't take a supplier that can only help you from an IP perspective. But also from a methodological aspect. It's goodStuart Webbpoint, I'm just going to show one point that somebody has pointed out on LinkedIn, which is a great point about changing the roadmap taking from your roadmap, which is thing. But there's a great comment that's coming in from Therese Batista, which is unless you understand the interconnectivity of the various processes, and proper implementation of change management, any change can lead to chaos. And as a really good point, because I do remember in one particular project in which I was involved in one company that I was involved with, for a while, the management decided to apply some some really interesting technology to one process. And all they did was made rubbish, effectively move, not rubbish knowledge move through the organisation much faster. I mean, I did say to them, I said, Look, I hate to tell you this, guys, I'm going to use a bad word, you just made the ship flow faster, rather than actually, rather than it clearing out what you should have done and actually get the right that these people had just just picked the wrong interconnectivity on various processes. And what they'd ended up with was a bigger mess that was now just flowing much quicker through the organisation. So it's really important. And Theresa makes a FIPS is picking suppliers to look at their understanding of compliance with ESG. That's really, really key, isn't it?Sorin PetcuAbsolutely. Absolutely. And I, again, talking about talking about things that that you have witnessed, I've also witnessed to SAP implementation some time ago, a long time ago. And I heard there was a consultant that was saying crap in crap out sorry for my word, right? So whatever you make sure you put the right data in there and without affecting the people that input the data, and also thinking about what's in it, about what they think you know, what's in it for me, because if you just asked me to put some numbers in, then it doesn't have my work. It doesn't help the digitalization process in any way.Stuart WebbSorry, news, there have been a particular book or something which has affected your thinking that you you'd like to share with with the people that are we're talking to at the moment, that would help them to understand some of some of what you're saying.Sorin PetcuYeah. So first of all, I would say that in order to have good digitalization processes, you must understand the continuous improvement process. If the organisations that, listen to us today, have the possibility to take to take a step back from the daily business, you know, and think a little bit about the continuous improvement roadmap that they'd like to implement. I think that some very good books would be TPM for process industries, which is, which is like, that was one of the first books I've ever read about, you know about TPM. It's really great. Then you have the Toyota way, which is also really good and it gives you but At one point here, it for both books. We are Europeans or from the US or certain things do not necessarily apply, as well as they would apply in Japan, for example, because we're not that. How do you say? Yeah, let's say that we have another way of thinking, right?Stuart WebbThe culture is different, isn't it? There's no point in pretending that you're right the process improvement is culturally dependent. You cannot employ process improvement in a culture, which is determined not to necessarily think in a particular way, Ken Yeah,Sorin Petcuexactly. But these two books they can give you hints about the steps to take. And you have to adapt them to the culture and to the into the company you're in. Right. So but these are two books that are really great. And the third one I've just started was white digital transformation fails. by Tony Sultana, I just have it in a document here. They this guy, I've just started it. So he's from Procter and Gamble, and Procter and Gamble, they are really well known in the industry for having some very good processes. So and I think that they've made it and they are making it the right way. Yeah. So I think that we can learn some things from theirStuart WebbSinem. I'm gonna throw in a question which is coming from the audience. So we can have a debate around this. But it's a question about how would you engage colleagues on equality, diversity, inclusion and belonging? What what do you think are important considerations for organisations to take into account to enable things like equality and diversity to get embedded during the sort of process improvement activities that you're, you're talking to your customers about? Wow, that's a long question. It's a it is a long, and we could talk for many hours about it. So let's,everybody by having a long debate, but I mean, the importance of diversity and equality are quite important in process improvement, because a lot of what you're doing at the moment can seem to disadvantaged people unless it's brought in so that people understand the change and understand how their part within it isn't. And bringing people along is a really important part of process improvement activities.Sorin PetcuSo all my life I've so one of my first one of my first credos, let's say in life is that I want to help people money comes, money comes if people are happy at the workplace, if they come to work, you know, liking the fact that they come to work that day. So, and in manufacturing, the manufacturing industry, the operator the technicians, the people on the shop floor, they are the ones that are really making the production happen, management is a supporting function. So, we do believe well, me and my colleagues, we do believe that equality and listening to people on the shop floor and making their lives easier and having good teams you know, that are motivated and happy to come to work. These are key to any digitalization and to any process improvement. Digitalization if it comes top down without explaining anything to the to the organisation will fail in probably more than 80 to 90% of the cases. So, diversity, inclusion belonging are really really important in all of this, but how do you engage? I would say I don't know if we can engage at the global level ourselves, but each organisation or small medium or big company, they should engage their colleagues you know, so, they should think that and operate operator is equal to a manager, you know, and their needs are equal. And moreover, a production line cannot run for the moment cannot run without an operator but it can run without the manager.Stuart WebbYeah, I have been involved in a number of change initiatives within organisations and the one thing that I nearly always advocate for where I where I where I can, I can help management to understand is to have people from the shop floor be involved in the planning process, because it's those people on the shop floor who have most understanding of where the changes will in fact impact on people. And, and I think that without bringing those people into the planning process and actually making the part of the team, you are going to be pushing against the forces, which actually, you can't understand from the boardroom, you don't understand. And actually having that person sort of tell you about where the real problems are, will enable you to make the the digital change so much easier, because you will actually be helping those people to make their lives easier and happier. And, and and, you know, sometimes that is about inclusion, sometimes it's about, it's about belonging. And I know that Theresa just made a great point that they have not given consideration to employ people with more skills. And and that's something that is part of this process as well, isn't it? It's bringing those people back into those skilled those skill areas.Sorin PetcuGreat points you both made, either in writing or verbally, I would like to add something here. So first of all, what is happening is that, you know, that you have I've seen over over time, two types of management in factories, yeah, top down. So basically, most of the decisions are taken at the top level of the factory, and the operators on the first line managers don't necessarily have any influence over the decision. But this is the not this is not the right or let's say the most successful, the most successful and the most inviting way of working. So in what we do at Santa nella, we try to invert this pyramid where operators team leaders, first line managers take most of the decisions. And we have, I have a great example from our of our customers that has implemented a ticketing module that we have with like, with a chat inside and people can work together. And just imagine that in over three is operators, with technicians, with team leaders with technical team leaders, they have worked on more than 100,000 tickets in a 150 person plant. Okay. So this is an extraordinary involvement of people in solving problems and the data, the the solutions, the problems, operators, know them, technicians know them. And most of the time, they also have the right solutions for the problems. Instead of getting an engineer like myself going there and creating, like the friends, they lose the night guys. So a guest station, right to solve a small problem. So these guys have a lot of experience, we should listen to them, and make sure that their lives and their opinions are respected.Stuart WebbGreat point. Listen, sorry, we could talk all afternoon about this. And I'm very conscious of keeping you away from doing something which I'm sure is really important in your business at the moment. So I'll bring it to an end. By asking you if there is a question that I hadn't yet asked you. Well, what would you have liked me to have asked you? And then obviously, you need to give us the answer to the question that you would have liked me to have asked you?Sorin PetcuWell, I would I would say that something really important to ask, but not necessarily myself, but maybe the manufacturers, I would have a question for the manufacturers, you know, in these in these really challenging times I was talking about the inputs, the inputs are getting more expensive, you don't find them at cetera, et cetera, right. So these are things that you can control up to a point. But every manufacturer is taken into account, the way that continuous improvement implemented a good continuous improvement programme, you know, what Lean Manufacturing, TPM, whatever, plus the digitalization, what implementing these things would bring to them in terms of resilience and come competitivity let's put like this. And this, I think that this is a question. Not that you haven't asked me, but I think that it's a pretty important question too, for manufacturers to think about maybe at the end of our session. So how have they thought about continuous improvement and digitalization? Have they taken these into account to help them get more competitivity and productivityStuart WebbBrilliant Sauron. Thank you so much. You know, I gotta I gotta finish by by thanking you for your time. Just to show one more comment from Therese, we what we're trying to do with this, in case you haven't guessed, guys, we're trying to remove the silos to give more exchange of information. Because for me, you know, removing silos in businesses is gonna lead to greater and I'm somebody who spends a lot of my time thinking about innovation. And one of the things that I find that too many companies think is that innovation is somehow just happens. Innovation doesn't just happen. Innovation happens to come from having conversations like this, potentially with sort of, you know, different viewpoints. And that brings together new ways of doing things. So I just love having people like sarin, come on and talk and give us their insights into things. Sorry. And thank you so much for spending a few minutes with us for talking about what you do at Santa nella, I would encourage you all to get onto the Santa nella website, which is here at Santa nella.com. And if you can't get on Santa nola.com, because your LinkedIn person, then get back to the LinkedIn website, which is Santa Ana, oh II on LinkedIn. And I really appreciate you, you coming on and spending a bit of time with us today. Sorry, if you're one of the people who comes on and listens to these things, please join our newsletter, where I send out an email which basically says who is going to be coming on, you can get details of that at HTTPS forward slash forward slash link the complete approach.co.uk newsletters, so that's link dot the complete approach.co.uk forward slash newsletter, go onto that website. And just subscribe to the newsletter. And you will get the notification coming and spending some time like people like Therese has done today. And being able to ask questions of our guests like sarin and future guests. Sorry, thank you so much for spending a few minutes with us really appreciate your insight. Love theSorin Petcupleasure, real pleasure to be with you. Thank you very much for the invitation. NoStuart Webbproblem. We could talk all afternoon and my coffee would go cold and I don't you need to get back to your job. Thank you so much for joining. Appreciate it.Sorin PetcuHave a great Day. Bye bye bye bye Get full access to It's Not Rocket Science! at thecompleteapproach.substack.com/subscribe

Article: KeePassXC - Cross-platform Password Manager. Article: KeePassXC Application Security Review Supporting Article: KeePassXC Release 2.7.4 Supporting Article: KeePassXC Release 2.7.5 Article: KeePassXC: User Guide. Article: Magic (cryptography). Article: Federal Information Processing Standards. The Federal Information Processing Standards (FIPS) of the United States are a set of publicly announced standards that the National Institute of Standards and Technology (NIST) has developed for use in computer systems of non-military, American government agencies and contractors. FIPS standards establish requirements for ensuring computer security and interoperability, and are intended for cases in which suitable industry standards do not already exist. Many FIPS specifications are modified versions of standards the technical communities use, such as the American National Standards Institute (ANSI), the Institute of Electrical and Electronics Engineers (IEEE), and the International Organization for Standardization (ISO). Supporting Article: FIPS General Information. FIPS are standards and guidelines for federal computer systems that are developed by National Institute of Standards and Technology (NIST) in accordance with the Federal Information Security Management Act (FISMA) and approved by the Secretary of Commerce. These standards and guidelines are developed when there are no acceptable industry standards or solutions for a particular government requirement. Although FIPS are developed for use by the federal government, many in the private sector voluntarily use these standards. Article: G502 HERO High Performance Gaming Mouse. Dual-Mode Hyper-Fast Scroll Wheel Unlock the scroll wheel for hyper-fast continuous scrolling to spin quickly through long pages, or lock it down for single click precision scrolling. The weighty, metal wheel delivers confident, smooth and satisfying control for either mode. General KeePassXC Information.   Why KeePassXC instead of KeePassX? KeePassX is an amazing password manager, but hasn't seen much active development for quite a while. Many good pull requests were never merged and the original project is missing some features which users can expect from a modern password manager. Hence, we decided to fork KeePassX to continue its development and provide you with everything you love about KeePassX plus many new features and bugfixes. Why KeePassXC instead of KeePass? KeePass is a very proven and feature-rich password manager and there is nothing fundamentally wrong with it. However, it is written in C# and therefore requires Microsoft's .NET platform. On systems other than Windows, you can run KeePass using the Mono runtime libraries, but you won't get the native look and feel which you are used to. KeePassXC, on the other hand, is developed in C++ and runs natively on all platforms giving you the best-possible platform integration. Why is there no cloud synchronization feature built into KeePassXC? Cloud synchronization with Dropbox, Google Drive, OneDrive, ownCloud, Nextcloud etc. can be easily accomplished by simply storing your KeePassXC database inside your shared cloud folder and letting your desktop synchronization client do the rest. We prefer this approach, because it is simple, not tied to a specific cloud provider and keeps the complexity of our code low. KeePassXC allows me to store my TOTP secrets. Doesn't this alleviate any advantage of two-factor authentication? Yes. But only if you store them in the same database as your password. We believe that storing both together can still be more secure than not using 2FA at all, but to maximize the security gain from using 2FA, you should always store TOTP secrets in a separate database, secured with a different password, possibly even on a different computer. How do I use the KeePassXC CLI tool with the AppImage? Starting with version 2.2.2, you can run the KeePassXC CLI tool from the AppImage by executing it with the cli argument: ./KeePassXC-*.AppImage cli Additional Information. What Is Infinite Scrolling? Infinite scrolling is a technique that loads more content as you scroll. It allows you to continue scrolling indefinitely and is sometimes known as endless scrolling. Article: blackeRnel Tries to help yoU undeRstand Enough about math and programming.

This week we discuss Cloud Earnings, OpenCost and Opensource Redflags. Plus, Matt recounts his epic return trip home from Amsterdam. Watch the YouTube Live Recording of Episode 413 (https://www.youtube.com/watch?v=SUMH3L0iLqs) Runner-up Titles Airplane Ghost No Hashtag for That Sorry Fellow Travelers That's what they said about Google Reader That's the beauty of nonsense stories How do you really feel Brandon? Nobody wants monitoring data Airport Hotels I don't remember Security Line Sick Rundown Checking in on Cloud Earnings Cloud Giants Update (https://twitter.com/jaminball/status/1651679974548738048?s=46&t=EoCoteGkQEahPpAJ_HYRpg) Clouded Judgement 4.28.23 (https://cloudedjudgement.substack.com/p/clouded-judgement-42823?utm_source=post-email-title&publication_id=56878&post_id=117470069&isFreemail=true&utm_medium=email) IaaS Pricing Patterns and Trends 2022 (https://redmonk.com/rstephens/2023/04/11/iaaspricing2022/) Of Course AWS Revenues Are Slowing And Profits Are Pinched (https://www.nextplatform.com/2023/04/28/of-course-aws-revenues-are-slowing-and-profits-are-pinched/) Don't be fooled by slowing cloud growth: Cost optimization is a feature, not a bug (https://siliconangle.com/2023/04/29/dont-fooled-slowing-cloud-growth-cost-optimization-feature-not-bug/) Amazon Starts Round of Layoffs in AWS Cloud Services Division (https://www.bloomberg.com/news/articles/2023-04-26/amazon-starts-round-of-layoffs-in-aws-cloud-services-division?utm_medium=email&utm_source=newsletter&utm_term=230426&utm_campaign=author_20879664&leadSource=uverify%20wall) Amazon's cloud business is clamping down on managers' freedom to hire in latest cost control—leaked memo (https://finance.yahoo.com/news/amazon-cloud-business-clamping-down-191234361.html) Google's cloud business turns profitable for the first time on record (https://www.cnbc.com/2023/04/25/googles-cloud-business-turns-profitable-for-the-first-time-on-record.html) Microsoft reports earnings beat, says A.I. will drive revenue growth (https://www.cnbc.com/2023/04/25/microsoft-msft-q3-earnings-report-2023.html) Navigating the High Cost of AI Compute | Andreessen Horowitz (https://a16z.com/2023/04/27/navigating-the-high-cost-of-ai-compute/) OpenCost (https://www.opencost.io) Kubecost's Path to Product-Market Fit (https://review.firstround.com/kubecosts-path-to-product-market-fit-how-the-co-founders-validated-their-idea-with-100-customer-conversations) MariaDB.com is dead, long live MariaDB.org (https://medium.com/@imashadowphantom/mariadb-com-is-dead-long-live-mariadb-org-b8a0ca50a637) Relevant to your Interests FBI seizes Genesis Market, a notorious hacker marketplace for stolen logins (https://techcrunch.com/2023/04/05/fbi-genesis-market-seized-stolen-logins/?_hsmi=253259905) Google Stadia head Phil Harrison has left the company (https://9to5google.com/2023/04/05/stadia-phil-harrison-departs/?utm_source=newsletter&utm_medium=email&utm_campaign=newsletter_axioslogin&stream=top) Observability platform Honeycomb pockets $50M in new funding (https://siliconangle.com/2023/04/06/observability-platform-honeycomb-pockets-50m-new-funding/) Tesla workers shared images from car cameras, including “scenes of intimacy” (https://arstechnica.com/tech-policy/2023/04/tesla-workers-shared-images-from-car-cameras-including-scenes-of-intimacy/) The Six Five Insider Edition with Ram Velaga, Broadcom - Moor Insights & Strategy (https://moorinsightsstrategy.com/webcasts/the-six-five-insider-edition-with-ram-velaga-broadcom/) Clubhouse ↓ (https://twitter.com/benedictevans/status/1644037829180239873?s=46&t=-2GRjYw3L96Jh3hL9tDPcg) Oops: Samsung Employees Leaked Confidential Data to ChatGPT (https://gizmodo.com/chatgpt-ai-samsung-employees-leak-data-1850307376) How SQLite helps you do ACID (https://fly.io/blog/sqlite-internals-rollback-journal/) On-prem still cheaper but don't rule out the cloud yet (https://www.theregister.com/2023/04/11/cloud_dc_costs/) Amazon Bans Flipper Zero, Claiming It Violates Policy Against Card Skimming Devices (https://gizmodo.com/amazon-bans-flipper-zero-card-skimming-on-tiktok-1850313284?_hsmi=253770930) Today in Apple history: Apple-1 starts a revolution (https://www.cultofmac.com/475761/apple-1-launch/) How Incumbents Survive and Thrive (https://hbr.org/2022/01/how-incumbents-survive-and-thrive?utm_campaign=hbr&utm_medium=social&utm_source=twitter) Announcing Linkerd 2.13 with circuit breaking, dynamic request routing, FIPS, health monitoring, and more (https://buoyant.io/blog/announcing-linkerd-2-13-circuit-breaking-dynamic-request-routing-fips) Pentagon leak traced to video game chat group users arguing over war in Ukraine (https://www.theguardian.com/world/2023/apr/11/pentagon-leak-traced-to-video-game-chat-group-users-arguing-over-war-in-ukraine) NPR quits Twitter after being falsely labeled as 'state-affiliated media' (https://www.npr.org/2023/04/12/1169269161/npr-leaves-twitter-government-funded-media-label) Mass Layoffs and Absentee Bosses Create a Morale Crisis at Meta (https://www.nytimes.com/2023/04/12/technology/meta-layoffs-employees-management.html) Announcing the deps.dev API: critical dependency data for secure supply chains (https://security.googleblog.com/2023/04/announcing-depsdev-api-critical.html?m=1) Futurepedia - The Largest AI Tools Directory | Home (https://www.futurepedia.io/?_hsmi=254110070) Amazon CEO Andy Jassy's 2022 Pay Falls to $1.3M, Touts Ad Business in Annual Letter (https://www.hollywoodreporter.com/business/digital/amazon-ceo-andy-jassy-2022-compensation-jeff-bezos-pay-1235373272/) Announcing New Tools for Building with Generative AI on AWS | Amazon Web Services (https://aws.amazon.com/blogs/machine-learning/announcing-new-tools-for-building-with-generative-ai-on-aws/) Venture Capital Deals (https://www.axios.com/newsletters/axios-pro-rata-94b71804-0a2d-45a5-b53e-dc667b154016.html?chunk=2&utm_term=emshare#story2) Zoom to acquire Workvivo to bolster employee experience offering (https://www.workvivo.com/newsroom/workvivo-zoom/) WSJ News Exclusive | IBM Explores Sale of Weather Business (https://www.wsj.com/articles/ibm-explores-sale-of-weather-business-c174f75c) Bluesky is my favorite Twitter clone yet (The Verge) (https://artifact.news/s/aIEifcBqhS0=) Keith White On Why He Is Leaving HPE, Dell Apex And Why The ‘Sky Is The Limit' For The HPE GreenLake Ecosystem (https://www.crn.com/news/cloud/keith-white-on-why-he-is-leaving-hpe-dell-apex-and-why-the-sky-is-the-limit-for-the-hpe-greenlake-ecosystem) Apple's batteries will use 100 percent recycled cobalt by 2025 (https://www.engadget.com/apples-batteries-will-use-100-percent-recycled-cobalt-by-2025-132837439.html?_hsmi=254528948) Apple Card's new high-yield Savings account is now available, offering a 4.15 percent APY (https://www.apple.com/newsroom/2023/04/apple-cards-new-high-yield-savings-account-is-now-available-offering-a-4-point-15-percent-apy/) Introducing Gloo Fabric (https://www.solo.io/blog/introducing-solo-gloo-fabric/) MillerKnoll CEO sparks backlash after telling employees to "leave Pity City" over lack of bonuses (https://www.cbsnews.com/news/millerknoll-ceo-andi-owen-backlash-pity-city/) Netflix Gains 1.75 Million Subscribers, Axes DVD-Rental Business (https://www.wsj.com/articles/netflix-nflx-q1-earnings-report-2023-8460b7e4) Uniquely Austin: Stewarding growth in America's boomtown (https://mckinsey.dsmn8.com/s3GcM4Y-Wx) A 12% decline in global smartphone shipments is what passes for stability these days (https://techcrunch.com/2023/04/18/a-12-decline-in-global-smartphone-shipments-is-what-passes-for-stability-these-days/) Stack Overflow Will Charge AI Giants for Training Data (https://www.wired.com/story/stack-overflow-will-charge-ai-giants-for-training-data/) Build Your Own Bootable Emacs Environment (https://hackaday.com/2023/04/22/build-your-own-bootable-emacs-environment/) Schools bought millions of Chromebooks in 2020 — and three years later, they're starting to break (https://www.theverge.com/2023/4/21/23691840/us-pirg-education-fund-report-investigation-chromebook-churn) Silver Lake to buy Germany's Software AG in $2.42 billion deal (https://www.reuters.com/markets/deals/silver-lake-buy-germanys-software-ag-242-bln-deal-2023-04-21/) "Verified" becomes a badge of dishonor (https://www.axios.com/newsletters/axios-login-4fc52afb-3c90-4bea-ad37-35b90c77ed9f.html?chunk=1&utm_term=emshare#story1) Apple throws VR spaghetti against the wall (https://www.axios.com/newsletters/axios-login-4fc52afb-3c90-4bea-ad37-35b90c77ed9f.html?chunk=2&utm_term=emshare#story2) GitLab Survey Reveals DevSecOps Gains (https://devops.com/gitlab-survey-reveals-devsecops-gains/) Zed - Code at the speed of thought (https://zed.dev/) U.S. appeals court upholds lower court order forcing Apple to allow third-party App Store payments (https://www.reuters.com/legal/us-appeals-court-upholds-lower-court-order-forcing-apple-allow-third-party-app-2023-04-24/) Red Hat cutting hundreds of jobs, CEO says in letter to employees (https://wraltechwire.com/2023/04/24/red-hat-cutting-hundreds-of-jobs-ceo-says-in-letter-to-employees/) Replit ⠕ on Twitter (https://twitter.com/Replit/status/1650900629521596421) Smartphones With Popular Qualcomm Chip Secretly Share Private Information With (https://www.nitrokey.com/news/2023/smartphones-popular-qualcomm-chip-secretly-share-private-information-us-chip-maker) Red Hat lays off 4% of its global workforce (https://www.axios.com/local/raleigh/2023/04/24/red-hat-lays-off-4-of-its-workforce?utm_source=newsletter&utm_medium=email&utm_campaign=newsletter_axioslogin&stream=top) There's a new AI unicorn that will make coders faster | Semafor (https://www.semafor.com/article/04/25/2023/theres-a-new-ai-unicorn-that-will-make-coders-faster) BMC to Acquire Model9 - BMC Software (https://www.bmc.com/newsroom/releases/bmc-to-acquire-model9.html) Broadcom Takes On InfiniBand With Jericho3-AI Switch Chips (https://www.nextplatform.com/2023/04/26/broadcom-takes-on-infiniband-with-jericho3-ai-switch-chips/) ChatGPT could cost over $700,000 per day to operate. Microsoft is reportedly trying to make it cheaper. (https://www.businessinsider.com/how-much-chatgpt-costs-openai-to-run-estimate-report-2023-4) Google Cloud suffers outage in Europe amid water leak, fire (https://www.theregister.com/2023/04/26/google_cloud_outage/) Automate Your Meetings - Magical (https://magical.so/?utm_source=futurepedia&utm_medium=marketplace&utm_campaign=futurepedia) Web3 Funding Continues To Crater — Drops 82% Year To Year (https://news.crunchbase.com/web3/vc-backed-funding-drops-q1-2023/) ‘The Godfather of A.I.' Leaves Google and Warns of Danger Ahead (https://www.nytimes.com/2023/05/01/technology/ai-google-chatbot-engineer-quits-hinton.html) IBM looks to turn nearly 8,000 jobs over to artificial intelligence, CEO says | WRAL TechWire (https://wraltechwire.com/2023/05/02/ibm-looks-to-turn-nearly-8000-jobs-over-to-artificial-intelligence-ceo-says/) The hardware we need for our cloud exit has arrived (https://world.hey.com/dhh/the-hardware-we-need-for-our-cloud-exit-has-arrived-99d66966) Cloud exit pays off in performance too (https://world.hey.com/dhh/cloud-exit-pays-off-in-performance-too-4c53b697) So, You Want To Build A DBaaS (https://matt.blwt.io/post/so-you-want-to-build-a-dbaas/) State of Kubernetes 2023 (https://tanzu.vmware.com/content/ebooks/stateofkubernetes-2023) Survey Shows Companies Moving away from DIY Kubernetes (https://thenewstack.io/survey-shows-companies-moving-away-from-diy-kubernetes/) The end of Microsoft-brand peripherals is only Surface deep (https://www.theregister.com/2023/04/28/the_end_of_microsoft_peripherals/) Google Devising Radical Search Changes to Beat Back A.I. Rivals (https://www.nytimes.com/2023/04/16/technology/google-search-engine-ai.html) Google in shock as Samsung considers moving to Bing as default search engine on Galaxy phones (https://www.sammobile.com/news/samsung-galaxy-phones-tablets-bing-search-replace-google-default-search-engine/) Netflix cancels 'Love is Blind' livestream after technical issues and hour delay (https://techcrunch.com/2023/04/16/netflix-issues-love-is-blind-livestream-reunion/?utm_source=newsletter&utm_medium=email&utm_campaign=newsletter_axioslogin&stream=top&guccounter=1) Intel reports largest quarterly loss in company history (https://www.cnbc.com/2023/04/27/intel-intc-earnings-report-q1-2023.html) Citigroup technology expenses grow as it pushes transformation (https://www.ciodive.com/news/Citigroup-hires-8K-technologists-Q1-IT-modernization/648204/) Ask Axios: What's the deal with "cashless" businesses in Columbus? (https://www.axios.com/local/columbus/2022/01/11/columbus-cashless-businesses-2021?utm_source=newsletter&utm_medium=email&utm_campaign=newsletter_axioslogin&stream=top) Opinion | Why does the IRS need $80 billion? Just look at its cafeteria. (https://www.washingtonpost.com/opinions/interactive/2022/irs-pipeline-tax-return-delays/?utm_medium=email&utm_source=topic+optin&utm_campaign=awareness&utm_content=20230414+econ+nl) Kroger Begins Accepting Apple Pay After Years of Holding Out (https://www.macrumors.com/2023/04/15/kroger-fred-meyer-apple-pay/) Nonsense The Bitcoin Whitepaper Is Hidden in Every Modern Copy of macOS (https://waxy.org/2023/04/the-bitcoin-whitepaper-is-hidden-in-every-modern-copy-of-macos/) Map of Buc-ees Locations (http://buc-eesmap.com/) The Gambler Who Beat Roulette (https://www.bloomberg.com/features/2023-how-to-beat-roulette-gambler-figures-it-out/?utm_source=newsletter&utm_medium=email&utm_campaign=newsletter_axioslogin&stream=top) Tech companies are hiring — a lot — despite recent wave of layoffs (https://www.marketwatch.com/story/tech-companies-are-hiring-a-lot-despite-recent-wave-of-layoffs-7d586b62) Elon Musk Painted Over the ‘W' on the Twitter Headquarters Sign (https://gizmodo.com/elon-musk-twitter-headquarters-sign-painted-w-titter-1850318181) Postage stamp prices expected to increase again in July (https://www.axios.com/2023/04/12/usps-stamp-price-increase-july-2023-inflation) Why pull weeds when you can zap them with AI-powered lasers? (https://thehustle.co/04132023-AI-powered-lasers/) Texas dairy farm explosion kills 18,000 cows (https://www.bbc.co.uk/news/world-us-canada-65258108) Americans Have Nearly $1 Trillion in Credit Card Debt (https://www.bloomberg.com/news/articles/2023-02-16/credit-card-debt-americans-have-racked-up-nearly-1-trillion-in-balances?srnd=premium&sref=3Ac2yX40&_hsmi=254863063&leadSource=uverify%20wall) FTX Founder Suffers Personal Nightmare as Courts Cut Him Off From League of Legends (https://futurism.com/the-byte/sbf-ftx-courts-cut-off-league-of-legends) Google gives Bard the ability to generate and debug code | Engadget (https://www.engadget.com/google-gives-bard-the-ability-to-generate-and-debug-code-130024663.html?_hsmi=255452821) Jekkmaster of Drip on Twitter (https://twitter.com/Jekkus/status/1651074439180582913) SDT news & hype Join us in Slack (http://www.softwaredefinedtalk.com/slack). Get a SDT Sticker! Send your postal address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) and we will send you free laptop stickers! Follow us on Twitch (https://www.twitch.tv/sdtpodcast), Twitter (https://twitter.com/softwaredeftalk), Instagram (https://www.instagram.com/softwaredefinedtalk/), Mastodon (https://hachyderm.io/@softwaredefinedtalk), LinkedIn (https://www.linkedin.com/company/software-defined-talk/) and YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured). Use the code SDT to get $20 off Coté's book, Digital WTF (https://leanpub.com/digitalwtf/c/sdt), so $5 total. Become a sponsor of Software Defined Talk (https://www.softwaredefinedtalk.com/ads)! Recommendations Brandon: YouTube TV Announces New Details About NFL Sunday Ticket Including Multiview, Family Plans, DVR, & More (https://cordcuttersnews.com/youtube-tv-announces-new-details-about-nfl-sunday-ticket-including-multiview-family-plans-dvr-more/) Huddle up football fans, the NFL Sunday Ticket presale kicks off today (https://blog.youtube/news-and-events/nfl-sunday-ticket-presale-2023/) Matt: Prometheus: Up & Running Second Edition (https://www.oreilly.com/library/view/prometheus-up/9781098131135/) Schipol Airport Sheraton / Abu Dhabi Airport Hotel Photo Credits Header (https://unsplash.com/photos/CkrrWXHzYFY) Artwork (https://labs.openai.com/s/PMx8vMRH7JNLNXDjFifjlbDB)

SCALE 2023 is a wrap and it was a blast! We introduce you to some new voices on the Linux scene as well as get an update from the projects you know and love! -- During The Show -- Parental Control of Internet - Cory OpenDNS Filtering is hard Kids have no expectation of privacy Don't trade in your "parent card" OpenSource Public Wishlist? - Dominik Next Cloud Deck Chritsmas Community (https://github.com/Wingysam/Christmas-Community) Backing up in PopOS! - Kevin Luks Encryption (https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup) VeraCrypt (https://www.veracrypt.fr/en/Home.html) Clonezilla (https://clonezilla.org/) Noah's strategy Continuing Nextcloud Journey - Micah Fast interconnect between files and server Install then mount NFS Tiny From the Bot AdGuard home News Wire Tails 5.11 Techaint (https://techaint.com/2023/03/21/anonymizing-linux-tails-5-11-compresses-memory/) Trisquel 11 OMG Linux (https://www.omglinux.com/trisquel-11-linux-distro/) SystemRescue 10 9 to 5 Linux (https://9to5linux.com/arch-linux-based-systemrescue-10-released-with-linux-kernel-6-1-lts) PyTorch 2.0 Venture Beat (https://venturebeat.com/ai/pytorch-2-0-brings-new-fire-to-open-source-machine-learning/) Firefox 111 Mozilla (https://www.mozilla.org/en-US/firefox/111.0/releasenotes/) Ken Switches to Linux Apple Slash Dot (https://apple.slashdot.org/story/23/03/18/237211/unix-pioneer-ken-thompson-announces-hes-switching-from-mac-to-linux) GitHub Publishes Internal Guides Tech Crunch (https://techcrunch.com/2023/03/15/github-releases-blueprint-for-budding-open-source-program-offices/) MoonRay Renderer No Film School (https://nofilmschool.com/dreamworks-open-source-moonray-renderer-finally-available-filmmakers) Open Health Stack Open Source For U (https://www.opensourceforu.com/2023/03/google-launches-a-new-open-source-effort-for-healthcare-welfare/) Docker Forces Open Source to Pay Info World (https://www.infoworld.com/article/3690890/docker-sunsets-free-team-subscriptions-roiling-open-source-projects.html) Alexellis (https://blog.alexellis.io/docker-is-deleting-open-source-images/) MNT Pocket Reform ArsTechnica (https://arstechnica.com/gadgets/2023/03/all-open-source-7-inch-mnt-reform-laptop-starts-at-899-ships-in-october/) System76 Meerkat System76 (https://system76.com/desktops/meerkat) ShellBot Malware The Hacker News (https://thehackernews.com/2023/03/new-shellbot-ddos-malware-targeting.html) SCaLE Coverage KDE Community Plasma Mobile (https://plasma-mobile.org/) Alma Linux (https://almalinux.org/) CERN Switching to Alma Community Support Commercial Support Tux Care, Alma Care, FIPS, etc Tux Care (https://tuxcare.com/) Live Patching Long Term Support Commercial Support Cisco Cloud Native Open Source Phillip Banks Linux Kids Convention Tours What's available for kids Next Week Immutable Operating Systems -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/330) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed)

When does the fashion industry ever stand still?! Hear what Omer Kulka, Chief Innovation Officer at Kornit Digital, has to say about mega trends in fashion and the shifts in the industry that are occurring as a result of digital print technology, in this informative conversation hosted by Johnny Shell, Principal Analyst in Keypoint Intelligence's Production Group.

The guys get together for a special Saturday episode to break down the Twins and Marlins blockbuster trade that included Pablo Lopez and two prospects heading to Minnesota for Luis Arraez. Also, Jazz Chisholm moves to centerfield and Aram has his 8 big questions ready for Peter and Jack. Who has a higher fWAR in 2023: Luis Arraez or Pablo Lopez? Kris Bryant had an OPS of .851 before going down for the year. Does he top that this season? Last year, Francisco Lindor and Jeff McNeil led all MLB MIF duos with 12.7 fWAR. Does any MIF duo beat them in 2023? If so, who? Last year, the White Sox and Cardinals posted identical FIPs (3.96) which slotted for exactly the middle of the pack in MLB. Which rotation will have the better FIP in 2023? Bo Bichette shook off a slow first half by going nuclear in the second half of the season (.337/.378/.543 with 163 wRC+). His strong finish gave him a 4.5 fWAR on the season. Wander Franco played 83 games while accumulating a 2.3 fWAR putting him on pace for…roughly a 4.5 fWAR. Who posts the higher win total in 2023? 9 teams won less than 70 games last year. The Tigers, Royals, Nationals, Marlins, Athletics, Reds, Pirates, Rockies and Rangers. Besides the Rangers, which team is the most likely to win 80 games next season.  4 teams won 100 games last year: Braves, Mets, Astros, Dodgers. Will that number rise or fall next year? Which teams repeat, fall off or join the group? Rank the Twins rotation with Pablo Lopez now there. Learn more about your ad choices. Visit megaphone.fm/adchoices

The guys get together for a special Saturday episode to break down the Twins and Marlins blockbuster trade that included Pablo Lopez and two prospects heading to Minnesota for Luis Arraez. Also, Jazz Chisholm moves to centerfield and Aram has his 8 big questions ready for Peter and Jack. Who has a higher fWAR in 2023: Luis Arraez or Pablo Lopez? Kris Bryant had an OPS of .851 before going down for the year. Does he top that this season? Last year, Francisco Lindor and Jeff McNeil led all MLB MIF duos with 12.7 fWAR. Does any MIF duo beat them in 2023? If so, who? Last year, the White Sox and Cardinals posted identical FIPs (3.96) which slotted for exactly the middle of the pack in MLB. Which rotation will have the better FIP in 2023? Bo Bichette shook off a slow first half by going nuclear in the second half of the season (.337/.378/.543 with 163 wRC+). His strong finish gave him a 4.5 fWAR on the season. Wander Franco played 83 games while accumulating a 2.3 fWAR putting him on pace for…roughly a 4.5 fWAR. Who posts the higher win total in 2023? 9 teams won less than 70 games last year. The Tigers, Royals, Nationals, Marlins, Athletics, Reds, Pirates, Rockies and Rangers. Besides the Rangers, which team is the most likely to win 80 games next season.  4 teams won 100 games last year: Braves, Mets, Astros, Dodgers. Will that number rise or fall next year? Which teams repeat, fall off or join the group? Rank the Twins rotation with Pablo Lopez now there. Our Sponsors:* Check out Factor 75 and use my code justbaseball50 for a great deal: https://www.factor75.comAdvertising Inquiries: https://redcircle.com/brandsPrivacy & Opt-Out: https://redcircle.com/privacy

In this episode, Bruce Magown, CEO of Integration Technologies joins the show. Mr. Magown is the Chief Executive Officer, President, Board Member and Investor in Integration Technologies, Inc., (dba) InterWeave Smart Solutions, which provides a SaaS, IaaS Integration Service, consisting of three simple components; the InterWeave Integration Platform, the Integration Manager and the Interactive Development Environment. Mr. Magown is the Chief Executive Officer, President, Board Member and Investor in SecurDigital, Inc., the company that developed SecurVoice©; the voice, data and video encryption solution designed to pass FIPS 140-2 certification. Additional features in SecurVoice© are (PKI, 3DES, AES - and 27 other encryption algorithms) and VOIP. SecurVoice© has several modes of operation; they include two forms of encryption, two forms of cryptographic key management supported and three forms of communications when operating as a voice device. SecurDigital focus is executing and supporting the global distribution plan for SecurVoice© world-wide. SecurDigital has established SecurDigital© of Europe Ltd. (EU and Middle East), SecurDigital© Latin America (Central and South America) and SecurDigital© Africa, Pacific Rim and other global continents (future) are underway. Mr. Magown served as the Chief Operating Officer, Chief Financial Officer, head of the Audit Committee, Investor and Board member of the Uncommon Media Group, LLC. Mr. Magown subsequently served as President and Chief Operations Officer of Knoa Corp., a privately held company focusing on interactive and media rich solutions. Mr. Magown served as the Vice President of the strategic Alliance of Sun/Netscape formed by America Online and Sun Microsystems representing Canada, United States East Coast, and Latin America.

Keypoint Intelligence's Johnny Shell, Principal Analyst of Functional & Industrial Printing, speaks with Michelle Moxley Hruby, Innovation Director at The M&R Companies, to discuss some of the new apparel decorating technologies coming to market, including high-speed inline digital systems. They also dissect the main apparel printing platforms and where each one fits, along with opinions on the best fit for each platform and why.

Keypoint Intelligence's Johnny Shell is joined by Andy MacDougall (Head Coach at MacDougall Screen Printing, Owner of TMI Screen Printing Equipment, and all-around print industry guru) to discuss screen printing. They also talk about the advantages of the technology for functional and industrial products as well as some cool projects MacDougall has been involved with, along with print activities anyone can do to garner interest from the younger generation.

Multi Factor Authentication is a topic we've covered here and there in the past. Yubikey is one of those companies that many of us have worked with. But planning for larger scale deployments is different than getting a key to work with our own password manager or in isolated cases. Further, webauthn and other standards are being embraced by Apple in the upcoming releases of the Apple operating systems. So in this episode we'll talk about what a Yubikey is, how to use them, and some of those things that we wish we'd've known before we got started! Hosts: Tom Bridge - @tbridge777 Charles Edge - @cedge318 Guests: John Mahlman - @EdTechJohnM Links: Yubikey 5 Yubikey FIPS WebAuthn Azure AD and Yubikey Yubikey on Google Accounts Use Yubikey with JumpCloud Setting up a Google Workspace Account with a hardware key sc_auth man page PIV Certificate Key Slots Yubikey SDK CMMC 2.0 FIPS 140-2 Acronyms: CAC = Common Access Cards PIV = Personal Identity Verification SCIF = Sensitive Compartmented Information Facility FIPS = Federal Information Processing Standards PGP = Pretty Good Privacy CMMC = Cybersecurity Maturity Model Certification FedRAMP = Federal Risk and Authorization Management Program Sponsors: Kandji Halp VMware Workspace One Watchman Monitoring If you're interested in sponsoring the Mac Admins Podcast, please email podcast@macadmins.org for more information. Get the latest about the Mac Admins Podcast, follow us on Twitter! We're @MacAdmPodcast! The Mac Admins Podcast has launched a Patreon Campaign! Our named patrons this month include Weldon Dodd, Damien Barrett, Justin Holt, Chad Swarthout, William Smith, Stephen Weinstein, Seb Nash, Dan McLaughlin, Joe Sfarra, Nate Cinal, Jon Brown, Dan Barker, Tim Perfitt, Ashley MacKinlay, Tobias Linder Philippe Daoust, AJ Potrebka, Adam Burg, & Hamlin Krewson