Feed aggregator

South Korean Web Hosting Provider Pays $1 Million In Ransomware Demand

Slashdot -

An anonymous reader writes: Nayana, a web hosting provider based in South Korea, announced it is in the process of paying a three-tier ransom demand of nearly $1 million worth of Bitcoin, following a ransomware infection that encrypted data on customer' servers. The ransomware infection appears has taken place on June 10, but Nayana admitted to the incident two days later, in a statement on its website. Attackers asked for an initial ransom payment of 550 Bitcoin, which was worth nearly $1.62 million at the time of the request. After two days of negotiations, Nayana staff said they managed to reduce the ransom demand to 397.6 Bitcoin, or nearly $1 million. In a subsequent announcement, Nayana officials stated that they negotiated with the attackers to pay the ransom demand in three installments, due to the company's inability to produce such a large amount of cash in a short period of time. On Saturday, June 17, the company said it already paid two of the three payment tranches. In subsequent announcements, Nayana updated clients on the server decryption process, saying the entire operation would take up to ten days due to the vast amount of encrypted data. The company said 153 Linux servers were affected, servers which stored the information of more than 3,400 customers.

Read more of this story at Slashdot.

Elevated Third: Recorded Webinar: A Decoupled Drupal Story

Drupal Planet -

Recorded Webinar: A Decoupled Drupal Story Recorded Webinar: A Decoupled Drupal Story Tue, 06/20/2017 - 13:30

We teamed up with Acquia to present “A Decoupled Drupal Story: Powdr Gives Developers Ultimate Flexibility To Build Best CX Possible.” The webinar aired in June but you can view the recording here anytime.

As the internet and web-connected devices continue to evolve, so do the needs to develop and render content. Given today’s rate of change, organizations are using decoupled architecture to build applications - giving them flexibility to accommodate any device or experience.

In this session, we’ll cover Powdr, a ski resort holding company. To give its developers the freedom to use the right front-end tools needed for any given use case, Powdr built its 17 ski resort websites on one decoupled Drupal platform. Join Elevated Third, Hoorooh Digital and Acquia to learn:

  • How a custom Drupal 8 solution cut implementation time in half vs Drupal 7

  • The ease in which Drupal 8’s internal REST API can be extended to fit a client's needs

  • The details of handling non-Drupal application routing on Acquia's servers

 

If you are considering a decoupled Drupal implementation, let’s talk.

David Lohmeyer's Blog: Clean up database pollution from the migrate Drupal module

Drupal Planet -

I'm working on a large, complex migration from Drupal 7 to Drupal 8 right now. One thing I noticed is that the migrate modules pollute the database with an unreal number of tables which allow migrations to be re-run, etc. Well if you don't need that, here's how to remove these tables. Currently the migrate modules don't clean up after themselves. Put this in a custom module or PHP script that has bootstrapped Drupal. Note this code only works in Drupal 8. Shown is a .install file for a custom module. If you uninstall the custom module, it will run the cleanup:

Amazon Web Services Quietly Forms a Mixed Reality Team, But What Is It Building?

Slashdot -

Nat Levy, reporting for GeekWire: Amazon is building a new "two pizza team" within Amazon Web Services focused on mixed-reality technology, another sign that the cloud powerhouse is expanding its reach and branching out into new areas. AWS isn't talking publicly about the initiative, but a job posting for a software engineer sheds some light on the team's goals. The posting says the company is "building a set of services, and platform to bring AWS and Amazon into the world of Mixed Reality." The company wants engineers with experience in "Computer Vision, 3D objects, rendering and data storage by designing, developing and testing software solutions." The posting further states that "applications would include real-time 3D modeling, image and video stream processing all within a scalable distributed environment." The posting calls the group a "true start-up within AWS (a real two pizza team)." The two-pizza term goes back to Amazon CEO Jeff Bezos, and his well-known rule that any team or meeting that can't be fed with two pizzas is too large.

Read more of this story at Slashdot.

Tim Cook Told Trump Tech Employees Are 'Nervous' About Immigration

Slashdot -

Behind the scenes at the White House tech CEO meeting, Apple CEO Tim Cook told President Donald Trump that technology employees are "nervous" about the administration's approach to immigration, CNBC reports, citing a source familiar with the exchange. From the report: The source said the president told the CEOs on Monday that the Senate's health-care bill needs "more heart." That would be a second known instance of the president criticizing the GOP plan in private meetings. To that, the source said, Cook replied that the immigration approach by the administration also "needs more heart." Cook cited the Deferred Action for Childhood Arrivals program, which is under review by the Trump administration. He also said people in tech and their co-workers were nervous about their status, and added that it "would be great" if the president could "send them a signal." Here's what executives of Amazon, Google, and Microsoft said.

Read more of this story at Slashdot.

The casync filesystem image distribution tool

LWN Headlines -

Lennart Poettering announces casync, a tool for distributing system images. "casync takes inspiration from the popular rsync file synchronization tool as well as the probably even more popular git revision control system. It combines the idea of the rsync algorithm with the idea of git-style content-addressable file systems, and creates a new system for efficiently storing and delivering file system images, optimized for high-frequency update cycles over the Internet. Its current focus is on delivering IoT, container, VM, application, portable service or OS images, but I hope to extend it later in a generic fashion to become useful for backups and home directory synchronization as well."

[$] Attacking the kernel via its command line

LWN Headlines -

The kernel's command line allows the specification of many operating parameters at boot time. A silly bug in command-line parsing was reported by Ilya Matveychikov on May 22; it can be exploited to force a stack buffer overflow with a controlled payload that can overwrite memory. The bug itself stems from a bounds-checking error that, while simple, has still been in the Linux kernel source since version 2.6.20. The subsequent disclosure post by Matveychikov in the oss-security list spawned a discussion on what constitutes a vulnerability, and what is, instead, merely a bug.

3D Printed Airliner Parts Face Regulatory Headwinds

Slashdot -

Some aerospace suppliers are eager to start using 3-D printing technology to turn out large, high-volume structural parts for jetliners, but U.S. safety regulators are taking a go-slow approach toward approving such production. From a report: Three-dimensional printing is a darling of the aerospace industry because it is relatively inexpensive compared with more-prevalent ways of making components. A series of announcements at the Paris Air Show expected in coming days illustrates the immense promise of airliner parts manufactured by 3-D printers -- as well as the formidable regulatory challenges confronting their widespread acceptance (alternative source). On Tuesday, officials of Norsk Titanium AS, a closely held Norwegian company that has developed a novel 3-D printing approach, will unveil a broad partnership with Spirit AeroSystems, a major subcontractor for Boeing and other industry players. Under the arrangement, Spirit sees the potential of eventually using Norsk's technology to produce thousands of different parts at 30% lower cost than traditional milling methods. However, before that can happen, the Federal Aviation Administration has to approve the overall process and certify that the cutting-edge, plasma-deposition technology is reliable enough to ensure identical strength and other properties from batch to batch. FAA officials have said they are moving cautiously, because they want to fully understand the unique technical issues.

Read more of this story at Slashdot.

OnePlus 5, 'The Best Sub-$500 Phone You Can Buy', Launched

Slashdot -

From an ArsTechnica article: Smartphone companies don't seem to care about cultivating a true "lineup" of phones. If you aren't spending at least $650, most companies will offer you anonymous, second-rate devices that seem like they've had no thought put into them. Enter the OnePlus 5, which continues the company's tradition of offering an all-business, high-end smartphone for a great price. Today OnePlus is both announcing the OnePlus 5 and lifting the review embargo on the device, which we've had for about two weeks now. $479 gets you an aluminum-clad pocket computer with a 2.45GHz Snapdragon 835 SoC, 6GB of RAM, 64GB of storage, and a 3,300mAh battery. You still get OnePlus' physical 3-way alert switch, a USB-C port, capacitive buttons with a front-mounted fingerprint reader, and a headphone jack. The phone has two cameras on the back: one 16MP main camera and one 20MP telephoto camera, arranged in the most iPhone-y way possible. Besides the $479 version, there's a more expensive $539 version, which ups the RAM from 6GB to a whopping 8GB, adds another 64GB of storage for a total of 128GB, and changes the color from "Slate Grey" to "Midnight Black." Further reading: OnePlus 5 review: as fast and smooth as Google Pixel, without the price tag - The Guardian; OnePlus 5 review: the me-too phone - The Verge; OnePlus 5 Review - Wired.

Read more of this story at Slashdot.

Amazon Will Now Let You Try On Clothes Before You Buy Them

Slashdot -

For many people, buying clothing online is not worth the hassle of getting a pair of pants or a shirt that does not fit. Many retailers have sought to eliminate that risk by offering free returns on clothing, but now Amazon is going even further. From a report: Amazon is launching Prime Wardrobe, a new program that will let you try on clothes before you buy them. Once you select at least three Prime Wardrobe-eligible pieces from over a million clothing options, Amazon will ship your selections to you in a resealable return box with a prepaid shipping label. After you try on the clothes, you can put the ones you don't want back in the box and leave it at your front door -- Prime Wardrobe also comes with free scheduled pickups from UPS. If you decide to keep at least three items you will get a 10 percent discount off your purchase, and if you keep five or more pieces the discount rises to 20 percent.

Read more of this story at Slashdot.

Elevated Third: Elevated Third Ranks No. 1 Among Denver’s Best Places to Work

Drupal Planet -

Elevated Third Ranks No. 1 Among Denver’s Best Places to Work Elevated Third Ranks No. 1 Among Denver’s Best Places to Work Nate Gengler Tue, 06/20/2017 - 10:20

The Denver Business Journal’s annual “Best Places to Work” awards wrapped up with Elevated Third landing the top spot in the “Workplace Wellness” category for small companies. The category recognizes Denver employers with an outstanding commitment to employee well-being.

 As a business practice, committing to employee wellness means that everyone is operating at their highest capacity. When our minds are fresh to focus on the task at hand, we can crank out the best work possible.

 Striking the ideal work-life balance is central to our culture. Where some agencies expect employees to work nights and weekends at the drop of a hat, we are committed to respecting employees’ time beyond the office and staying true to a 40 hour work week.

 We believe that when employees feel valued beyond the output of their work, the workplace is a more positive and productive environment.

Outside of the office, the Elevated Third team is covered with 3 weeks of Paid Time Off, a subsidized gym membership, a $1,500 Health Reimbursement Account (HRA), and an RTD ecopass. 

In the office, we are surrounded by a work environment that stimulates creativity and keeps spirits high. Office dogs can be found roaming the hallways, the kitchen is stocked with goodies of a (mostly) healthy variety, and our location on the top floor of the Denver Masonic Building provides plenty of sunlight and the occasional summer breeze.

We are incredibly proud to be recognized among Denver’s best places to work. Joining our fellow recipients, we believe this commitment to workplace wellness makes Denver a better place to live, work, and do business.

 

Interested in joining the team? Have a look at our open positions

NYTimes: Move Over, Bitcoin. Ether Is the Digital Currency of the Moment.

Slashdot -

An anonymous reader shares a report: The price of Bitcoin has hit record highs in recent months, more than doubling in price since the start of the year. Despite these gains, Bitcoin is on the verge of losing its position as the dominant virtual currency. The value of Ether, the digital money that lives on an upstart network known as Ethereum, has risen an eye-popping 4,500 percent since the beginning of the year (alternative source). With the recent price increases, the outstanding units of the Ether currency were worth around $34 billion as of Monday -- or 82 percent as much as all the Bitcoin in existence. At the beginning of the year, Ether was only about 5 percent as valuable as Bitcoin. The sudden rise of Ethereum highlights how volatile the bewildering world of virtual currency remains, where lines of computer code can be spun into billions of dollars in a matter of months. [...] The two-year old system has picked up backing from both tech geeks and big corporate names like JPMorgan Chase and Microsoft, which are excited about Ethereum's goal of providing not only a digital currency but also a new type of global computing network, which generally requires Ether to use. In a recent survey of 1,100 virtual currency users, 94 percent were positive about the state of Ethereum, while only 49 percent were positive about Bitcoin, the industry publication CoinDesk said this month.

Read more of this story at Slashdot.

Valuebound: How to hide Order ID from commerce checkout process in Drupal 8

Drupal Planet -

In Drupal, many a time we come across a situation where we want to hide certain URL part from end users.

To achieve this we often use Drupal modules like Pathauto to hide node IDs, taxonomy IDs from URL and replacing them with some patterns (eg. Titles).

The above scenario can not be achieved for Drupal commerce checkout flow(URLs) as the Drupal modules like PathAuto do not support this. To achieve this in Drupal 7 we often used one of the following ways mentioned below:

  • Commerce Checkout Paths Module.

  • Combination of…

Schaller: Fedora Workstation 26 and beyond

LWN Headlines -

Christian Schaller has posted an extensive look forward at the changes coming to the Fedora desktop. "Another major project we been working on for a long time in Fleet Commander. Fleet Commander is a tool to allow you to manage Fedora and RHEL desktops centrally. This is a tool targeted at for instance Universities or companies with tens, hundreds or thousands of workstation installation. It gives you a graphical browser based UI (accessible through Cockpit) to create configuration profiles and deploy across your organization."

Security updates for Tuesday

LWN Headlines -

Security updates have been issued by Arch Linux (glibc and lib32-glibc), CentOS (glibc and kernel), Debian (eglibc, kernel, and libffi), openSUSE (exim, freeradius-server, libxml2, Mozilla based packages, and xorg-x11-server), Oracle (glibc and kernel), Scientific Linux (glibc and kernel), SUSE (glibc, kernel, and openvpn), and Ubuntu (eglibc, glibc, exim4, libnl3, linux, linux-meta, linux-aws, linux-meta-aws, linux-gke, linux-meta-gke, linux-hwe, linux-meta-hwe, linux-lts-xenial, linux-meta-lts-xenial, linux-meta-raspi2, linux-raspi2, and linux-meta-snapdragon, linux-snapdragon).

Cisco Subdomain Private Key Found in Embedded Executable

Slashdot -

Earlier this month, a developer accidentally discovered the private key of a Cisco subdomain. An anonymous reader shares the post: Last weekend, in an attempt to get Sky's NOW TV video player (for Mac) to work on my machine, I noticed that one of the Cisco executables contains a private key that is associated with the public key in a trusted certificate for a cisco.com sub domain. This certificate is used in a local WebSocket server, presumably to allow secure Sky/NOW TV origins to communicate with the video player on the users' local machines. I read the Baseline Requirements document (version 1.4.5, section 4.9.1.1), but I wasn't entirely sure whether this is considered a key compromise. I asked Hanno Bock on Twitter, and he advised me to post the matter to this mailing list. The executable containing the private key is named 'CiscoVideoGuardMonitor', and is shipped as part of the NOW TV video player. In case you are interested, the installer can be found here (SHA-256: 56feeef4c3d141562900f9f0339b120d4db07ae2777cc73a31e3b830022241e6). I would recommend to run this installer in a virtual machine, because it drops files all over the place, and installs a few launch items (agents/daemons). The executable 'CiscoVideoGuardMonitor' can be found at '$HOME/Library/Cisco/VideoGuardPlayer/VideoGuardMonitor/ VideoGuardMonitor.bundle/Contents/MacOS/CiscoVideoGuardMonitor'. Certificate details: Serial number: 66170CE2EC8B7D88B4E2EB732E738FE3A67CF672, DNS names: drmlocal.cisco.com, Issued by: HydrantID SSL ICA G2. The issuer HydrantID has since communicated with the certificate holder Cisco, and the certificate has been revoked.

Read more of this story at Slashdot.

DataSmith: Setting up BLT with Reservoir

Drupal Planet -

Setting up BLT with Reservoir

Yesterday, Acquia open sourced Reservoir, a new distribution designed for building headless Drupal instances.  The Reservoir team provided a composer project command for setting up a Reservoir instance easily, but it doesn't bundle a VM.  Fortunately, making BLT work with Reservoir isn't difficult.  There are, though, a few steps to be aware of.

To get started, run the composer project to build a new BLT instance.

composer create-project --no-interaction acquia/blt-project MY_PROJECT

Once that completes, you need to add reservoir and (optionally) remove the lightning distro

composer require acquia/reservoir

composer remove acquia/lightning

Next, update the blt/project.yml file.  The key changes you'll want to make here (beyond setting a new project prefix, etc) are a) changing the distro from ligthning to reservoir and b) removing views_ui from the modules:enable list for local environments.*  An excerpt of my git diff for this file looks like...

profile:
-    name: lightning
+    name: reservoir
local:
-    enable: [dblog, devel, seckit, views_ui]
+    enable: [dblog, devel, seckit]

Once that's done, continue with the BLT setup process from Step 4 (assuming you want to use Drupal VM. Step 5 otherwise).

 

* If you don't remove views_ui, the world won't explode or anything, but when you run blt setup you'll get errors reported like the ones below:

blt > setup:toggle-modules:
    [drush] dblog is already enabled.                                                   [ok]
    [drush] The following extensions will be enabled: devel, seckit, views_ui, views
    [drush] Do you really want to continue? (y/n): y
    [drush] Argument 1 passed to                                                     [error]
    [drush] Drupal\Core\Config\Entity\ConfigEntityBase::calculatePluginDependencies()
    [drush] must implement interface
    [drush] Drupal\Component\Plugin\PluginInspectionInterface, null given, called
    [drush] in /var/www/mrpink/docroot/core/modules/views/src/Entity/View.php on
    [drush] line 281 and defined PluginDependencyTrait.php:29
    [drush] E_RECOVERABLE_ERROR encountered; aborting. To ignore recoverable         [error]
    [drush] errors, run again with --no-halt-on-error
    [drush] Drush command terminated abnormally due to an unrecoverable error.       [error]
[phingcall] /Users/barrett.smith/Desktop/mrpink/./vendor/acquia/blt/phing/tasks/setup.xml:370:8: /Users/barrett.smith/Desktop/mrpink/./vendor/acquia/blt/phing/tasks/setup.xml:374:12: /Users/barrett.smith/Desktop/mrpink/./vendor/acquia/blt/phing/tasks/setup.xml:377:69: Drush exited with code 255
[phingcall] /Users/barrett.smith/Desktop/mrpink/./vendor/acquia/blt/phing/tasks/setup.xml:350:45: Execution of the target buildfile failed. Aborting.

BUILD FAILED/Users/barrett.smith/Desktop/mrpink/./vendor/acquia/blt/phing/tasks/local-sync.xml:12:30: Execution of the target buildfile failed. Aborting.
; 2 minutes  37.24 seconds

 

Barrett Tue, 06/20/2017 - 10:09 Tags Add new comment

Drupal Association blog: Growing community in Moldova

Drupal Planet -

This guest blog post is from Drupal Moldova's Association (not affiliated with Drupal Association). Get a glimpse of what is happening in Moldova's community and how you can get involved.

Drupal Moldova Association’s mission is to promote Drupal CMS and Open Source technologies in Moldova, and to grow and sustain the local community by organising Events, Camps, Schools, Drupal meetups and various Drupal and Open Source related trainings, and by establishing partnerships with Companies, the Government, and NGO’s.

Come and share your expertise in Moldova at our events! We're looking for international speakers to speak about Drupal and open source.

Among DMA’s (short for Drupal Moldova Association) numerous commitments, the following are of special importance:

  • to gather the community around Drupal and Open Source technologies;

  • to train students and professionals who want to learn and work with Drupal;

  • to organise events to keep the community engaged and motivated to improve, learn, and share experience;

  • to make sure Drupal is accessible to everyone by offering scholarships to those who can't afford our programs;

  • to elaborate a well defined program that helps students learn Drupal, acquire enough knowledge to get accepted for internships by IT companies, and be able to build Drupal powered websites;  

  • to assist new IT companies in establishing a local office, promote themselves, collaborate with other companies, and connect with the local Drupal community by giving them the opportunity to support our projects.

Over the last 5 years, we have been dedicated to achieving our goals! DMA have organized over 20 projects and events, including Drupal Global Training Days, Drupal Schools, and the regional DrupalCamp -- Moldcamp. Our projects have gathered over 700 local and international participants and speakers, and more than 15 International Companies that have supported us during these years (FFW, Adyax, IP Group, Intellix, Endava and many others).

Moldova is rich in great developers and people driven to take initiative and to grow and place the country on the world map. We are aiming to go beyond our limits and have a bigger impact in the year (‘17-’18), therefore we have created a yearly plan that contains projects similar to those we have done in the past years, as well as new and exciting ones:

  • Drupal School (3 step program), starting with Drupal School 8 plus PHP (step 1):  Drupal School is an educational program - split into 2 months, 25 courses of different levels (Beginner, Intermediate, Advanced).Drupal School aims to introduce people to Drupal 8 and PHP, and help them become Drupal professionals;

  • Moldcamp 2017: Sep - Oct 2017. A regional DrupalCamp that gathers around 150 Drupal professionals, enthusiasts, beginners and any-Drupal-related-folk in one place for knowledge-sharing, presentations, networking, etc. We will announce the event soon and allow speaker registration. Please follow us and don’t miss out on the opportunity;

  • Drupal Global Training Day: Dec 1-2. A one-day workshop that has the purpose of introducing people to Drupal, both code and community.

  • Drupal Meetups: These are organized each month and they allow our community to be active and share knowledge.

  • Tech Pizza: - Jun, Aug, Oct, Dec. A bi-monthly event, where the ICT community can gather in a casual and an informal environment around a pizza and  soda and discuss the latest IT trends and news. The core of this event is a speaker / invitee from abroad with a domain of expertise;

  • Moldova Open Source Conference: March 2018. It is a regional conference for over 200 participants that aims to gather all the Open Source Communities (Wordpress, Laravel, Ruby on Rails, JavaScript, etc.) under one roof, where they will attend sessions that enhance the expertise of existing experts in various Open Source technologies and allow them to mix their technologies into new ideas.

The proposed program “Drupal and Open Source in Moldova 2017 - 2018” is made possible through the support of USAID and the Swedish Government. Thanks to these organizations we can focus on the quality of our projects make sure they happen as planned. Also, we have a very important partnership with Tekwill / Tekwill Academy, which helps us even more in our quests.

We start with School of Drupal 8 plus PHP program, which will be held on 19th of June 2017. So far we have 3 sponsors--IPGroup, Adyax and Intellix--and two trainers.

We, The DMA, believe in pushing the limits! Our long term goal is to build and maintain big an active Open Source community by attracting more local and International participants to our Projects and Events, and continuously improve our sessions. This will make our presence felt in the global Drupal and Open Source communities and markets. Find us on Twitter @drupalmoldova, or on our Facebook page. If you are interested in speaking in Moldova, contact us at [email protected].

Acquia Developer Center Blog: Percona Live 2017 Blog Post: ProxySQL as a Failover Option for Drupal

Drupal Planet -

One of the more interesting products to hit the spotlight at this year's Percona Live Open Source Database conference was ProxySQL.

This open source MySQL proxy server has been around for a couple of years now and keeps adding more features. The current release (1.3.6) has the usual features that you would expect from a proxy server, like load balancing and failover support, but ProxySQL also has database specific features like a query cache and query routing.

Tags: acquia drupal planet

Pages

Subscribe to Heydon Consulting aggregator