Microsoft’s OneDrive storage platform has become a critical component for the company’s Office 365 service and today the company is announcing several new features coming to OneDrive that will enhance collaboration and management of content. Specifically, these new features will make it easier to sync, share, and collaborate with the content that you are storing in OneDrive.
If you use SharePoint Online team sites and OneDrive, Microsoft is enabling the ability to sync content between the two services. This sync includes files inside of Teams, OneDrive, folders that are shared, and this service works across both PC and Mac. This feature is a huge improvement for companies that use both services as it finally bridges the gap between these two online repositories of content.
When it comes to syncing files, Microsoft is adding a new ‘Activity Center’ that will provide visibility into the process. This feature is coming to both PC and Mac; in addition, there is a new stand-alone Mac OneDrive client that works outside of the app store.
To help IT admins manage their content, sync, and sharing capabilities, Microsoft is releasing an updated OneDrive admin center. This updated control center has several improvements including a new dashboard for more granular control for sharing, syncing, and storage.
As Office 365 continues to expand, so will the usage of OneDrive for Business and these new features will enhance compatibility with older services like SharePoint. You can read more about the updates to the platform, here.
Microsoft gave users and administrators of OneDrive for Business some new features on Tuesday that they’ve requested for a while.
The company also launched a new Mac client for its business-focused cloud storage service that can be deployed outside the confines of the Mac App Store. Users will also be able to sync files from SharePoint sites and OneDrive for Business shared folders to their desktops, like they have been able to for files that they own.
IDC Research Manager Chandana Gopal said in an interview that she saw the new features are Microsoft’s attempt to play catch up with other players in the enterprise cloud storage market like Box and Dropbox, which already offer Mac clients and broad syncing of all the files stored in their services. What’s more, Box and Dropbox are working on making it possible for people to stream files from the cloud to the desktop when they need them.
“If you think about it, some of the other [cloud storage] players that they’re competing with have gone beyond the sync client, they’re thinking beyond sync,” she said.
Like Mac clients from competing services, the OneDrive for Business client will sync files from Microsoft’s cloud and make them accessible from a user’s computer. Microsoft allowed Mac users to access OneDrive for Business files through the OneDrive app available in the Mac App Store. This standalone client gives IT administrators a way to directly deploy business-specific functionality.
Allowing users to sync group shared folders and data from SharePoint means that teams can have up-to-date versions of broadly shared files automatically available to them. In the past, users had to go get those files from a web interface, or use an older version of the OneDrive client that supported SharePoint sync.
January seems like the season for updates to cloud file storage services. Box just announced a set of updates to its Notes notetaking and collaboration product, and Dropbox is hosting a press event next week.
While these updates help address some of the key critiques of OneDrive for Business, Microsoft still has a list of other feature updates that it needs to tackle. For example, building applications that work with OneDrive for Business is a difficult process that Microsoft says it is working on, but those changes haven’t yet materialized.
A fleet of autonomous trucks is joining all the self-driving taxis and buses Singapore is testing on its streets. Toyota and Volkswagen subsidiary Scania will begin the first full-scale autonomous truck platooning trial in the country this month. For the next three years, the two companies will operate a fleet of trucks composed of three autonomous vehicles following a manned one to transport cargo between ports. Singapore’s authorities organized the project, because aside from its desire to become the world’s first smart city, it’s also seeking to optimize road capacity. It’s a relatively tiny city-state, after all, and the number of vehicles on its roads keep on growing along with its population.
Scania’s and Toyota’s trial is composed of two phases. For the first one, both companies will focus on designing and refining their truck platooning technology in Sweden and Japan. Scania has even teamed up with Ericsson to improve its wireless communication between trucks. Local trials and further development of the technology in Singapore make up the second and final phase. You can get a glimpse of the partners’ platooning tech in the video below if you want to see how the trucks will traverse Singapore’s roads.
Today I am happy to share the news that IPv6 support for EC2 instances in VPCs is now available in a total of fifteen regions, along with Application Load Balancer support for IPv6 in nine of those regions.
You can now build and deploy applications that can use IPv6 addresses to communicate with servers, object storage, load balancers, and content distribution services. In accord with the latest guidelines for IPv6 support from Apple and other vendors, your mobile applications can now make use of IPv6 addresses when they communicate with AWS.
IPv6 Now in 15 Regions IPv6 support for EC2 instances in new and existing VPCs is now available in the US East (Northern Virginia), US East (Ohio), US West (Northern California), US West (Oregon), South America (São Paulo), Canada (Central), EU (Ireland), EU (Frankfurt), EU (London), Asia Pacific (Tokyo), Asia Pacific (Singapore), Asia Pacific (Seoul), Asia Pacific (Sydney), Asia Pacific (Mumbai), and AWS GovCloud (US) Regions and you can start using it today!
Application Load Balancer Application Load Balancers in the US East (Northern Virginia), US West (Northern California), US West (Oregon), South America (São Paulo), EU (Ireland), Asia Pacific (Tokyo), Asia Pacific (Singapore), Asia Pacific (Sydney), and AWS GovCloud (US) Regions now support IPv6 in dual-stack mode, making them accessible via IPv4 or IPv6 (we expect to add support for the remaining regions within a few weeks).
Simply enable the dualstack option when you configure the ALB and then make sure that your security groups allow or deny IPv6 traffic in accord with your requirements. Here’s how you select the dualstack option:
IPv6 Recap Here are the IPv6 launches that we made in the run-up to the launch of IPv6 support for EC2 instances in VPCs:
CloudFront, WAF, and S3 Transfer Acceleration – This launch let you enable IPv6 support for individual CloudFront distributions. Newly created distributions supported IPv6 by default and existing distributions could be upgraded with a couple of clicks (if you using Route 53 alias records, you also need to add an AAAA record to the domain). With IPv6 support enabled, the new addresses will show up in the CloudFront Access Logs. The launch also let you use AWS WAF to inspect requests that arrive via IPv4 or IPv6 addresses and to use a new, dual-stack endpoint for S3 Transfer Acceleration.
Route 53 – This launch added support for DNS queries over IPv6 (support for the requisite AAAA records was already in place). A subsequent launch added support for Health Checks of IPv6 Endpoints, allowing you to monitor the health of the endpoints and to arrange for DNS failover.
IoT – This product launch included IPv6 support for message exchange between devices and AWS IoT.
S3 – This launch added support for access to S3 buckets via dual-stack endpoints.
Elastic Load Balancing – This launch added publicly routable IPv6 addresses for Elastic Load Balancers.
The content below is taken from the original (7 Reasons Why IIoT Projects Fail), to continue reading please visit the site. Remember to respect the Author & Copyright.
The IIoT brings new promises to the plant floor: lower operating cost, better visibility, and improved Overall Equipment Effectiveness.
Architecture is in the middle of its biggest transformation since the introduction of computers. Building information modelling (BIM) is a simple enough idea: a single digital model of a building that everyone – architect, client, suppliers, builders, environmental managers – can work on. A Google Docs for buildings. But its implications could change the built environment.
Despite their link to drugs, murder, extortion—you name it–we glamorize old-time organized crime figures like Al Capone, Bugsy Siegel and Lucky Luciano. These gun-toting thugs, donning pin-striped suits and fedoras and smoking the finest Cuban cigars, exuded a certain class and charm despite their wrongdoings.
Today, the picture of organized crime has a much different face—and very few people have ever seen its members in person or viewed photographs. Sitting secretly behind locked doors or lurking where we least expect them, Carbanak, Dyre Wolf, the Shifu Trojan and the Cryptolocker Gang don’t use brute force or bullets; they use brains, and prey on others’ vulnerabilities.
Unlike in the past when ad hoc networks of individuals motivated mainly by ego and notoriety, today’s breed of hackers is described by CSO Online as: “35-year-old highly experienced developers with deep knowledge that allows them to bring constant innovation into malware and attack tactics; and 80 percent of black-hat (e.g., criminal) hackers are affiliated with organized crime—a playground of financially driven, highly organized and sophisticated groups.”
The 19 cybercriminals on the FBI’s Most Wanted List are absolute masters at getting what they want: credit card numbers, social security numbers, bank accounts, health records, secret government documents, critical business data, client lists and your identity.
So are former hackers who left the dark side to help fight the battle against cybercrime, many of which are landing on the payroll of major corporations or starting their own.
Former hacker-turned businessman, Kevin Mitnick, to keynote Data Center World.
Known for popularizing the term “social engineering,” Kevin Mitnick was convicted of several computer-related crimes, including hacking into Pacific Bell’s voice mail computers and copying proprietary software from some of the country’s largest cell phone and computer companies. Today, he is Chief Hacking Officer at security awareness training site KnowBe4. Businesses now hire him and The Global Ghost Team™ to protect against hackers and to test their systems’ vulnerabilities to attack.
Once on the FBI’s Most Wanted list for hacking into 40 major corporations, Mitnick will present the keynote address at Data Center World on April 4 in Los Angeles. His specialty: social engineering. “It takes one to catch one,” he says.
In his bestselling book, The Art of Deception, Mitnick writes, “Social engineering uses influence and persuasion to deceive people by convincing them that the social engineer is someone he isn’t, or by manipulation. As a result, the social engineer is able to take advantage of people to obtain information with or without the use of technology.”
“My presentation will clearly illustrate why people are the weakest link in the security chain,” Mitnick says. “Attendees will see real demonstrations of some of the most current combinations of hacking, social engineering and cutting-edge technical exploits my team and I actually use to penetrate client systems, with a 100 percent success rate. They will also gain strategies to protect their organizations, and themselves, from harm and to help mitigate the risks they face.”
Although attacks can come from sources other than e-mail—phone, online, social media and onsite filtration–the sheer number we send and receive make it popular among hackers.
A 2015 study by the Radicati Group estimated the number of email users worldwide at 2.6 billion, and the amount of emails sent per day (in 2015) around 205 billion. Additionally, Digital Marketing Ramblings (DMR) reported that:
The average office worker receives 121 emails a day
Percentage of email that is spam: 49.7 percent
Percentage of emails that have a malicious attachment: 2.3 percent
According to Mitnick’s book, “All of the firewalls and encryption in the world can’t stop a gifted social engineer from rifling through a corporate database. If an attacker wants to break into a system, the most effective approach is to try to exploit the weakest link—not operating systems, firewalls or encryption algorithms—but people. You can’t go and download a Windows update for stupidity… or gullibility.”
Although Mitnick will go into greater detail about how to prevent and spot social engineering attacks, here are three actionable steps you can take in your business and in your personal life to protect you from hackers from his Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker book:
NEVER use any kind of public network (hotel, restaurant, transport etc.) even when travelling.
NEVER open ANY PDF file on anything other than your desktop and only once scanned (but even then some malware might pass anti-virus).
Anybody using the same private network as you HAS to apply Rule #1 and #2 otherwise there is a breach.
The above rules may not result in complete prevention, but they should reduce your exposure.
A word of warning, though: If you plan to attend the keynote address: Mitnick has been known to use unsuspecting volunteers from audiences to show how he can steal someone’s identity in three minutes.
You might want to make sure all of your phones and electronic devices are powered down. Just a suggestion.
Kevin Mitnick will present the Data Center World keynote address on Tuesday, April 4, from 4 p.m.-5:15 p.m. Register today.
Google has hinted that it is interested in bringing “smart tools” to users of board computers like Raspberry Pi 3 and Intel’s Edison.
The company has launched a market research survey of the maker community, and the front page of the site states: “We at Google are interested in creating smart tools for makers, and want to hear from you about what would be most helpful.”
The survey includes queries on preferred maker boards, proficiency in hardware and software, and projects users may want to pursue.
Google did not respond to request for comment.
But in a blog entry, Raspberry Pi noted that the smart tools will be available sometime this year.
Devices strapped together via maker boards will become more capable with Google’s smart tools, Raspberry Pi said.
The smart tools could help Google grow in IoT market, which is expected to touch 30.7 billion by 2020, and 75.4 billion by 2025, according to research released by IHS in March last year.
Google is also trying to get into more smart devices via Android Things, which is the company’s IoT OS. The OS is a lightweight version of Android for use with sensors and cameras.
Only three boards — Raspberry Pi 3, Intel Edison and NXP’s Pico i.MX6UL — support Android Things.
The first Android Things developer preview of the OS was released in December, but many issues have yet to be resolved. The preview doesn’t support hardware-based graphics acceleration on Raspberry Pi, and there are audio issues with the Edison board.
Google has released code to make a doorbell and a weather station with the OS. Only two Android Things projects are listed on Hackster.io, a resource website listing maker projects.
Bringing more tools to smart devices is also one way for Google to combat Amazon, whose Alexa virtual assistant was in cars, home appliances and numerous gizmos at this month’s CES.
In this Ask the Admin, I’ll provide an overview of Active Directory Federation Services (ADFS) and how it can be used to simplify identity management.
Microsoft is big on identity-driven security, and its Federation Services component for Active Directory is now an integrated part of Windows Server. While trust relationships can be set up between AD domains and forests to allow sharing of network resources, ADFS provides secure sharing of identity information between federated business partners.
For example, if a user in Org A needs to access a web app hosted by Org B, Org A authenticates its own user. The user provides their credentials to Org A if no open browser session has authentication information for the user, and a signed XML-document containing the user’s email address or login name, or “claim” is sent back to Org B’s web app. The claim is then mapped to Org B’s trust policy to establish whether the user should be provided with authorized access to the app.
Federation or Trust?
A federation trust is designed to enable efficient and secure online transactions between business partners over the public Internet. ADFS uses the standards-based WS-Federation protocol and SAML (Security Assertion Markup Language), and credentials are only exposed to the user’s local ADFS server. Because of the standards-based approach, ADFS can also be used with other federation platforms, such as IBM Tivoli, Novell Access manager, and Sun Open SSO.
The SAML protocol is designed for secure Internet communication, performing lightweight and secure communications across public networks that are separated by firewalls and NAT connections, making federated trusts more suitable for sharing identity information across public networks.
Cross-forest or domain AD trusts were designed for private networks that are directly connected to one another and require a secure channel to be permanently established between the trusted entities, but also enable a wider range of scenarios, allowing clients to access apps and resources in one or more trusted forests and domains.
Active Directory as an Identity Provider
When a user requests access to a web application, that request is forwarded to an identity provider, or in this case the user’s ADFS server. Because the web app has a federation trust established with the identity provider, it’s able to verify the authentication response and authorize access to the web app.
This technology is very common on the Internet; for example, when you use your Facebook account to sign in to a third-party website. Facebook acts as an identity provider, saving you having to create an account in each web app that you use on the Internet.
Expanding on the Facebook analogy, when an organization uses ADFS to enable single sign-on to Office 365, ADFS is acting as an identity provider for the organization. Office 365 works with ADFS to authenticate users, and the user’s password information never leaves the corporate intranet. Using ADFS as an identity provider means that accounts don’t need to set up and managed in a partner’s system, greatly reducing administrative effort.
Sponsored
ADFS can be deployed in scenarios in which single sign-on to web apps is required, and because ADFS uses the WS-Federation specification, it doesn’t matter if those sites are outside the corporate intranet and don’t the Windows identity model.
In an upcoming article on Petri, I’ll show you how to install and set up ADFS in Windows Server 2016.
We’re barely a month into the new year, but it’s already clear some of us still want to live in the past. Case in point: US cassette tape sales actually grew in 2016, with a whopping 129,000 copies sold. That might not be as many as the number of vinyl albums sold in the same year (13.1 million!), but it’s an impressive 74 percent increase from the 74,000 sold in 2015.
There are a few reasons for this growth. Specialty cassette albums from Justin Bieber and The Weeknd certainly contributed, each selling close to a thousand copies, while re-issued versions of Eminem’s The Slim Shady LP and Prince and The Revolution’s Purple Rain sold 3,000 and 2,000 units respectively. The Guardians of the Galaxy: Awesome Mix Vol. 1 soundtrack was the most popular, having sold about 4,000 copies each in 2016 and 2015. Fans of the movie no doubt wanted to get their hands on the album, considering it looks like an exact replica of the tape that protagonist Star-Lord plays on repeat.
Most of the tapes (43 percent) were sold online, while the rest were bought at independent retailers, non-traditional music stores like Urban Outfitters, as well as chains and mass merchants. Last year’s Cassette Store Day, which took place on October 8th, also boosted sales. A large chunk of cassettes reportedly get sent to prisons, where the old-fashioned medium is one of very few ways inmates are allowed to listen to music.
In the beginning, life in the cloud was simple. Type in your credit card number and—voilà—you had root on a machine you didn’t have to unpack, plug in, or bolt into a rack.
That has changed drastically. The cloud has grown so complex and multifunctional that it’s hard to jam all the activity into one word, even a word as protean and unstructured as “cloud.” There are still root logins on machines to rent, but there are also services for slicing, dicing, and storing your data. Programmers don’t need to write and install as much as subscribe and configure.
Here, Amazon has led the way. That’s not to say there isn’t competition. Microsoft, Google, IBM, Rackspace, and Joyent are all churning out brilliant solutions and clever software packages for the cloud, but no company has done more to create feature-rich bundles of services for the cloud than Amazon. Now Amazon Web Services is zooming ahead with a collection of new products that blow apart the idea of the cloud as a blank slate. With the latest round of tools for AWS, the cloud is that much closer to becoming a concierge waiting for you to wave your hand and give it simple instructions.
Here are 10 new services that show how Amazon is redefining what computing in the cloud can be.
Glue
Anyone who has done much data science knows it’s often more challenging to collect data than it is to perform analysis. Gathering data and putting it into a standard data format is often more than 90 percent of the job.
Glue is a new collection of Python scripts that automatically crawls your data sources to collect data, apply any necessary transforms, and stick it in Amazon’s cloud. It reaches into your data sources, snagging data using all the standard acronyms, like JSON, CSV, and JDBC. Once it grabs the data, it can analyze the schema and make suggestions.
The Python layer is interesting because you can use it without writing or understanding Python—although it certainly helps if you want to customize what’s going on. Glue will run these jobs as needed to keep all the data flowing. It won’t think for you, but it will juggle many of the details, leaving you to think about the big picture.
FPGA
Field Programmable Gate Arrays have long been a secret weapon of hardware designers. Anyone who needs a special chip can build one out of software. There’s no need to build custom masks or fret over fitting all the transistors into the smallest amount of silicon. An FPGA takes your software description of how the transistors should work and rewires itself to act like a real chip.
Amazon’s new AWS EC2 F1 brings the power of FGPA to the cloud. If you have highly structured and repetitive computing to do, an EC2 F1 instance is for you. With EC2 F1, you can create a software description of a hypothetical chip and compile it down to a tiny number of gates that will compute the answer in the shortest amount of time. The only thing faster is etching the transistors in real silicon.
Who might need this? Bitcoin miners compute the same cryptographically secure hash function a bazillion times each day, which is why many bitcoin miners use FPGAs to speed up the search. Anyone with a similar compact, repetitive algorithm you can write into silicon, the FPGA instance lets you rent machines to do it now. The biggest winners are those who need to run calculations that don’t map easily onto standard instruction sets—for example, when you’re dealing with bit-level functions and other nonstandard, nonarithmetic calculations. If you’re simply adding a column of numbers, the standard instances are better for you. But for some, EC2 with FGPA might be a big win.
Blox
As Docker eats its way into the stack, Amazon is trying to make it easier for anyone to run Docker instances anywhere, anytime. Blox is designed to juggle the clusters of instances so that the optimum number are running—no more, no less.
Blox is event driven, so it’s a bit simpler to write the logic. You don’t need to constantly poll the machines to see what they’re running. They all report back, so the right number can run. Blox is also open source, which makes it easier to reuse Blox outside of the Amazon cloud, if you should need to do so.
X-Ray
Monitoring the efficiency and load of your instances used to be simply another job. If you wanted your cluster to work smoothly, you had to write the code to track everything. Many people brought in third parties with impressive suites of tools. Now Amazon’s X-Ray is offering to do much of the work for you. It’s competing with many third-party tools for watching your stack.
When a website gets a request for data, X-Ray traces as it as flows your network of machines and services. Then X-Ray will aggregate the data from multiple instances, regions, and zones so that you can stop in one place to flag a recalcitrant server or a wedged database. You can watch your vast empire with only one page.
Rekognition
Rekognition is a new AWS tool aimed at image work. If you want your app to do more than store images, Rekognition will chew through images searching for objects and faces using some of the best-known and tested machine vision and neural-network algorithms. There’s no need to spend years learning the science; you simply point the algorithm at an image stored in Amazon’s cloud, and voilà, you get a list of objects and a confidence score that ranks how likely the answer is correct. You pay per image.
The algorithms are heavily tuned for facial recognition. The algorithms will flag faces, then compare them to each other and references images to help you identify them. Your application can store the meta information about the faces for later processing. Once you put a name to the metadata, your app will find people wherever they appear. Identification is only the beginning. Is someone smiling? Are their eyes closed? The service will deliver the answer, so you don’t need to get your fingers dirty with pixels. If you want to use impressive machine vision, Amazon will charge you not by the click but by the glance at each image.
Athena
Working with Amazon’s S3 has always been simple. If you want a data structure, you request it and S3 looks for the part you want. Amazon’s Athena now makes it much simpler. It will run the queries on S3, so you don’t need to write the looping code yourself. Yes, we’ve become too lazy to write loops.
Athena uses SQL syntax, which should make database admins happy. Amazon will charge you for every byte that Athena churns through while looking for your answer. But don’t get too worried about the meter running out of control because the price is only $5 per terabyte. That’s about 50 billionths of a cent per byte. It makes the penny candy stores look expensive.
Lambda@Edge
The original idea of a content delivery network was to speed up the delivery of simple files like JPG images and CSS files by pushing out copies to a vast array of content servers parked near the edges of the Internet. Amazon is taking this a step further by letting us push Node.js code out to these edges where they will run and respond. Your code won’t sit on one central server waiting for the requests to poke along the backbone from people around the world. It will clone itself, so it can respond in microseconds without being impeded by all that network latency.
Amazon will bill your code only when it’s running. You won’t need to set up separate instances or rent out full machines to keep the service up. It is currently in a closed test, and you must apply to get your code in their stack.
Snowball Edge
If you want some kind of physical control of your data, the cloud isn’t for you. The power and reassurance that comes from touching the hard drive, DVD-ROM, or thumb drive holding your data isn’t available to you in the cloud. Where is my data exactly? How can I get it? How can I make a backup copy? The cloud makes anyone who cares about these things break out in cold sweats.
The Snowball Edge is a box filled with data that can be delivered anywhere you want. It even has a shipping label that’s really an E-Ink display exactly like Amazon puts on a Kindle. When you want a copy of massive amounts of data that you’ve stored in Amazon’s cloud, Amazon will copy it to the box and ship the box to wherever you are. (The documentation doesn’t say whether Prime members get free shipping.)
Snowball Edge serves a practical purpose. Many developers have collected large blocks of data through cloud applications and downloading these blocks across the open internet is far too slow. If Amazon wants to attract large data-processing jobs, it needs to make it easier to get large volumes of data out of the system.
If you’ve accumulated an exabyte of data that you need somewhere else for processing, Amazon has a bigger version called Snowmobile that’s built into an 18-wheel truck complete with GPS tracking.
Oh, it’s worth noting that the boxes aren’t dumb storage boxes. They can run arbitrary Node.js code too so you can search, filter, or analyze … just in case.
Pinpoint
Once you’ve amassed a list of customers, members, or subscribers, there will be times when you want to push a message out to them. Perhaps you’ve updated your app or want to convey a special offer. You could blast an email to everyone on your list, but that’s a step above spam. A better solution is to target your message, and Amazon’s new Pinpoint tool offers the infrastructure to make that simpler.
You’ll need to integrate some code with your app. Once you’ve done that, Pinpoint helps you send out the messages when your users seem ready to receive them. Once you’re done with a so-called targeted campaign, Pinpoint will collect and report data about the level of engagement with your campaign, so you can tune your targeting efforts in the future.
Polly
Who gets the last word? Your app can, if you use Polly, the latest generation of speech synthesis. In goes text and out comes sound—sound waves that form words that our ears can hear, all the better to make audio interfaces for the internet of things.
Related articles
This story, "10 new AWS cloud services you never expected" was originally published by InfoWorld.
In this Ask the Admin, I’ll provide an overview of Active Directory Federation Services (ADFS) and how it can be used to simplify identity management.
Microsoft is big on identity-driven security, and its Federation Services component for Active Directory is now an integrated part of Windows Server. While trust relationships can be set up between AD domains and forests to allow sharing of network resources, ADFS provides secure sharing of identity information between federated business partners.
For example, if a user in Org A needs to access a web app hosted by Org B, Org A authenticates its own user. The user provides their credentials to Org A if no open browser session has authentication information for the user, and a signed XML-document containing the user’s email address or login name, or “claim” is sent back to Org B’s web app. The claim is then mapped to Org B’s trust policy to establish whether the user should be provided with authorized access to the app.
Federation or Trust?
A federation trust is designed to enable efficient and secure online transactions between business partners over the public Internet. ADFS uses the standards-based WS-Federation protocol and SAML (Security Assertion Markup Language), and credentials are only exposed to the user’s local ADFS server. Because of the standards-based approach, ADFS can also be used with other federation platforms, such as IBM Tivoli, Novell Access manager, and Sun Open SSO.
The SAML protocol is designed for secure Internet communication, performing lightweight and secure communications across public networks that are separated by firewalls and NAT connections, making federated trusts more suitable for sharing identity information across public networks.
Cross-forest or domain AD trusts were designed for private networks that are directly connected to one another and require a secure channel to be permanently established between the trusted entities, but also enable a wider range of scenarios, allowing clients to access apps and resources in one or more trusted forests and domains.
Active Directory as an Identity Provider
When a user requests access to a web application, that request is forwarded to an identity provider, or in this case the user’s ADFS server. Because the web app has a federation trust established with the identity provider, it’s able to verify the authentication response and authorize access to the web app.
This technology is very common on the Internet; for example, when you use your Facebook account to sign in to a third-party website. Facebook acts as an identity provider, saving you having to create an account in each web app that you use on the Internet.
Expanding on the Facebook analogy, when an organization uses ADFS to enable single sign-on to Office 365, ADFS is acting as an identity provider for the organization. Office 365 works with ADFS to authenticate users, and the user’s password information never leaves the corporate intranet. Using ADFS as an identity provider means that accounts don’t need to set up and managed in a partner’s system, greatly reducing administrative effort.
Sponsored
ADFS can be deployed in scenarios in which single sign-on to web apps is required, and because ADFS uses the WS-Federation specification, it doesn’t matter if those sites are outside the corporate intranet and don’t the Windows identity model.
In an upcoming article on Petri, I’ll show you how to install and set up ADFS in Windows Server 2016.
Hi all, I got tired of trying to find ready made images from searching so I made a list of every Pi image I could find. Did I miss any? I've got 31 Disk images so far, surely there are more! 🙂
Asus has launched a RPi-like “Tinker Board” that runs Debian and Kodi on a quad-core 1.8GHz -A17 RK3288, and offers 2GB RAM, GbE, 4K video, and 40-pin GPIO. The rumored Asus Tinker Board is finally for sale at Farnell in the UK, with a footprint, layout, and features that are very close to that of […]
Refreshing and Revalidating API Compatibility Guidelines
In the last TC meeting 5 , a tag was in review for supporting API compatibility 6 .
The tag evaluates projects by using the API guideline which is out of date 7.
A review has been posted to refresh these guidelines 8 .
API compatibility of overtime is a fundamental aspect of OpenStack interoperability. Not only do we need to get it it right, we need to make sure we understand it.
Will remain open until January 29, 2017 23:45 UTC.
Candidates must submit a text file openstack/election repository 15
Filename convention is $cyclename/$projectname/$ircname.txt.
To be eligible, you need to have contributed an accepted patch to one of the corresponding program’s projects 16 during the Neutron-Ocata timeframe (April 11, 2016 00:00 UTC to January 23, 2017 23:59 UTC).
Additional information about the nomination process 17
As previously mentioned 20, it’s possible for teams to setup stable branches when ready.
The release team will not be automatically setting up branches this cycle.
The release liaison within teams will need to inform when ready.
The PTL or release liaison may request a new branch by submitting a patch to the openstack/releases repository specifying the tagged version to be used as the base of the branch.
Guidelines for when projects should branch:
Projects using the cycle-with-milestone release model should include the request for their stable branch along with the RC1 tag request (target week is R-3 week, so use Feb 2 as the deadline)
Library projects should be branched with, or shortly after, their final release this week (use Jan 19 as the deadline)
I will branch the requirements repository shortly after all of the cycle-with-milestone projects have branched. After the requirements repository is branched and the master requirements list is opened, projects that have not branched will be tested with Pike requirements as the requirements master branch advances and stable/ocata stays stable. Waiting too long to create the stable/ocata branch may result in broken CI jobs in either stable/ocata or master. Don’t delay any further than necessary.
Projects using the cycle-trailing release model should branch by R-0 (23 Feb). The remaining two weeks before the trailing deadline should be used for last-minute fixes, which will need to be backported into the branch to create the final release.
Other projects, including cycle-with-intermediary and independent projects that create branches, should request their stable branch when they are ready to declare a final version and start working on Pike-related changes. This must be completed before the final release week, use 16 Feb as the deadline.
See the README.rst file in openstack/releases for more details about how to format branch specifications.
This week begins feature freeze for all milestone-based projects.
No feature patches should be landed after this point.
PTLs may grant exceptions
Soft string freeze begins.
Review teams should reject any modifications to user-facing strings.
Requirement freeze begins.
Only critical requirements and constraints changes will be allowed.
Release Tasks:
Prepare final release and branch requests for all client libraries.
Review stable branches for unreleased changes and prepare those releases.
Milestone based projects should ensure that membership of $project-release gerri groups is up to date with the team who will finalize the project release.
General Notes:
RC1 target week in R-3 is only one week after freeze.
Important Dates:
Ocata 3 Milestone, with Feature and Requirements Freezes: 26 Jan
Compulab launched a rugged “IPC3” mini-PC that runs Linux on dual-core, 7th Gen Core i7/i5 CPUs, and also debuted three GbE-equipped FACE expansion modules. Compulab has opened pre-orders starting at $693 for the first mini-PCs we’ve seen to offer the latest, 14nm-fabricated 7th Generation Intel Core “Kaby Lake” processors. The passively cooled, 190 x 160 […]
Fintech startup Revolut just added a nifty bill splitting feature. You can now tap on a Revolut expense and request money from your Revolut contacts without having to use a calculator.
Swipe on a transaction, hit the split bill button and select your contacts. Other users receive a push notification saying that your friend is asking for some money. When you open the app, you’ll see the request directly in your transaction feed. You can accept or reject the transaction.
This is a straightforward way to pay back your friends and family and could end up generating more user transactions for the startup. You could already send money to other Revolut users for free, but now you don’t have to use another app such as Splitwise to figure out who owes what.
This is particularly important as Venmo and Square Cash aren’t available outside of the U.S. The peer-to-peer payment market is much more fragmented, and everybody wants a slice of that cake.
Revolut started out as a mobile foreign exchange service. You can upload money to your Revolut account using your credit card or a bank transfer. Then, you can send this money in dozens of different currencies and pay less fees.
The company also gives you a free MasterCard so that you can pay around the world without any foreign transaction fee. In other words, slowly but surely, Revolut is recreating all the features that you’d expect from a bank account. With today’s update, bill splitting requests and text message invitations could help Revolut when it comes to growth.
Linux is widely used in corporations now as the basis for everything from file servers to web servers to network security servers. The no-cost as well as commercial availability of distributions makes it an obvious choice in many scenarios. Distributions of Linux now power machines as small as the tiny Raspberry Pi to the largest supercomputers in the world. There is a wide variety of minimal and security hardened distributions, some of them designed for GPU workloads.
Even more compelling is the use of Linux in cloud-based infrastructures. Its comparatively lightweight architecture, flexibility, and options for customizing it make Linux ideal as a choice for permanent network infrastructures in the cloud, as well as specialized uses such as temporary high-performance server farms that handle computational loads for scientific research. As a demonstration of their own commitment to the Linux platform, AWS developed and continues to maintain their own version of Linux that is tightly coupled with AWS services.
AWS has been a partner to the Linux and Open Source Communities through AWS Marketplace:
It is a managed software catalog that makes it easy for customers to discover, purchase, and deploy the software and services they need to build solutions and run their businesses.
It simplifies software licensing and procurement by enabling customers to accept user agreements, choose pricing options, and automate the deployment of software and associated AWS resources with just a few clicks.
It can be searched and filtered to help you select the Linux distribution – independently or in combination with other components – that best suits your business needs.
Selecting a Linux Distribution for Your Company If you’re new to Linux, the dizzying array of distributions can be overwhelming. Deciding which distribution to use depends on a lot of different factors, and customers tell us that the following considerations are important to them:
Existing investment in Linux, if any. Is this your first foray into Linux? If so, then you’re in a position to weight all options pretty equally.
Existing platforms in use (such as on-premises networks). Are you adding a cloud infrastructure that must connect to your in-house network? If so, you need to consider which of the Linux distributions has the networking and application connectors you require.
Intention to use more than one cloud platform. Are you already using another cloud provider? Will it need to interconnect with AWS? Your choice of Linux distribution may be affected by what’s available for those connections.
Available applications, libraries, and components. Your choice of Linux distribution should take into consideration future requirements, and ongoing software and technical support.
Specialized uses, such as scientific or technical requirements. Certain applications only run on specific, customized Linux distributions.
By examining your responses to each of these areas, you can narrow the list of possible Linux distributions to suit your business needs.
Linux in AWS Marketplace AWS Marketplace is a great place to locate and begin using Linux distributions along with the top applications that run on them. You can deploy different versions of the distributions from this online store, and AWS scans the catalog daily for security, if we found an issue we notify you — this increases your speed. Scans are run continuously to identify vulnerabilities. AWS notifies customers of any issues found and works with experts to find work-arounds and updates. In addition to support provided by the sellers, the AWS Forums are a great place to ask questions about using Linux on AWS by setting up a free account on the forum. You can also get further details about Linux on AWS from the AWS Documentation.
Applications from AWS Marketplace Running on Linux Here is a sampling of the featured Linux distributions and applications that run on them, which customers launch from AWS Marketplace.
CentOS Versions 7, 6.5, and 6 The CentOS Project is a community-driven, free software effort focused on delivering a robust open source ecosystem. CentOS is derived from the sources of Red Hat Enterprise Linux (RHEL), and it aims to be functionally compatible with RHEL. CentOS Linux is no-cost to use, and free to redistribute. For users, CentOS offers a consistent, manageable platform that suits a wide variety of deployments. For open source communities, it offers a solid, predictable base to build upon, along with extensive resources to build, test, release, and maintain their code. AWS has several CentOS AMIs that you can launch to take advantage of the stability and widespread use of this distribution.
Debian GNU Linux Debian GNU/Linux, which includes the GNU OS tools and Linux kernel, is a popular and influential Linux distribution. Users have access to repositories containing thousands of software packages ready for installation and use. Debian is known for relatively strict adherence to the philosophies of Unix and free software as well as using collaborative software development and testing processes. It is popular as a web server operating system. Debian officially contains only free software, but non-free software can be downloaded from the Debian repositories and installed. Debian focuses on stability and security, and is used as a base for many other distributions. AWS has AMIs for Debian available for launch immediately.
Amazon Linux AMI Amazon Linux is a supported and maintained Linux image provided by AWS. Amazon EC2 Container Service makes it easy to manage Docker containers at scale by providing a centralized service that includes programmatic access to the complete state of the containers and Amazon EC2 instances in the cluster, schedules containers in the proper location, and uses familiar Amazon EC2 features like security groups, Amazon EBS volumes, and IAM roles. Amazon ECS allows you to make containers a foundational building block for your applications by eliminating the need to run a cluster manager, and by providing programmatic access to the full state of your cluster.
Getting Started with Linux on AWS Marketplace You can view a list hundreds of Linux offerings by simply selecting the Operating System category from the Shop All Categories link on the AWS Marketplace home screen.
From there you can select your preferred distribution and browse the available offerings:
Most offerings include the ability to launch using 1-Click, so your Linux server can be up and running in minutes.
Flexibility with Pay-As-You-Go Pricing You pay Amazon EC2 usage costs plus per hour (or per month or annual) and, if applicable, commercial Linux cost for certain distributions directly through your AWS account. You can see in advance what your costs will be, depending on the instance type you select. As a result, using AWS Marketplace is one of the fastest and easiest ways to launch your Linux solution.
LED Strip Display Gives You Two Ways to See the Music
What to call this LED strip music visualizer is a puzzler. It lights up and pulsates in time with music similar to the light organs of 1970s psychedelia fame, but it’s more than that. Is it more like the Larson Scanner that graced the front of [David Hasselhoff]’s ride on Knight Rider? A little, but not quite.
Whatever you decide to call this thing, it looks pretty cool, and [Scott Lawson] provides not one but two ways to build it. The business end is a simple strip of WS2812b addressable LEDs. It looks like the first incarnation of the project had an ESP8266 driving the LEDs in response to commands sent to it from a PC running the visualization code, written in Python. That setup keeps the computationally intensive visualization code separate from the display, but limits the display to 256 pixels and probably has to deal with network latency. The Raspberry Pi version both crunches the numbers and drives the display, but the Pi doesn’t have the oomph to run both the LEDs and the GUI, which is pretty interesting to look at by itself. The video below shows the different visualization modes available — we’re partial to the “energy effect” at the end.
Take your pick of hardware and throw a couple of these things together for your next rave. And if you need a little more background on the aforementioned Larson Scanner, we’ve got you covered.
Microsoft has made some changes to how it collects personal data of users, and how users manage what the company collects. It’s a whole new web-based Privacy Dashboard that works and probably works better than what was available before.
For quite some time, computer users have been asking Microsoft for more control over their data, and for the company to allow them to understand better how data is collected. Microsoft says there are benefits to having data gathered by the corporation, but not everyone knows what these benefits are.
Microsoft Privacy Dashboard
The new Microsoft Dashboard lets you manage your Rewards, Shop with smart limits, Add money anytime to your kids’ Microsoft accounts, Use phones to keep tabs on everyone, Check in on kids’ online activity, View and clear browser, Clear your search history, View and clear information about your Bing search activity, Review your location data, See and clear location data that we collect when you use Microsoft products and services, Edit Cortana’s Notebook, Manage what Cortana knows about you to provide personalized recommendations, Change your password or make it stronger, See when and where you’ve signed in, Manage payments, services, renewals & subscriptions, Redeem gift cards and codes, Find lost devices, Schedule a repair and more!
Let us take a look at how to manage Data with new web-based Privacy Dashboard. From our point of view, the whole process is easy, and as such, anyone should be able to take advantage of it without a lot of fuss.
First, users will be required to visit http://bit.ly/2j3ewpf to have a look at the data Microsoft has collected. From here, folks can look at their Browsing history, Search history, Location activity, Cortana’s Notebook, and Health activity.
Beside each privacy option, there’s a description that explains what they are all about, along with a button that allows the user to view and erase their history. For example, if the user clicks on “View and clear browsing history”, they’ll see a list of websites visited when using Microsoft Edge.
It also shows the amount of time a website has been visited by the user in a single day.
To remove the entire history, click on the “Clear browsing history” button on the right. Bear in mind that should this button be clicked on, Microsoft won’t be able to provide intelligent answers for quite some time until your browsing history has been populated again.
When it comes down to clearing your Location History, just follow the same instructions and all should be well.
Edit Cortana’s Data
Editing data here is a one-way street, let’s be clear. It’s only possible to delete information one-by-one, or completely, but not possible to add. For those who want to add new things to Cortana, they will have to launch Cortana via their Windows 10 computer or supported smartphone.
Keep in mind that clearing Cortana’s data on you will make it difficult for the service to provide recommendations and other relevant information.
In terms of the Health Activity option, just do things as if you were editing and or deleting the Cortana data. Bear in mind that the Health activity option might not be around for long seeing as the Microsoft Band has been canceled. Chances are, the company could release another version or something similar in the future, but we wouldn’t hold our breath for that ever happening.
Let’s Talk About Search History
Whenever the user makes web searches through Bing, whether or not they are using Edge or any other web browser; it is saved on the web. This will only happen if the user is logged into their Microsoft account at the time of searching. Now, not everyone will want to have their search history on the web for a long period of time, which is why Microsoft makes it possible to delete it.
To clear your search history click on the relevant button then select “Clear Search History” to move forward. Bear in mind that clearing your search history will make it difficult for Bing to provide relevant search results
Overall, this is a great thing Microsoft has done. It’s easy to understand, and there are even animated images to make the experience that much better. You can use this dashboard to harden Microsoft Account Privacy Settings.
The Pi 3 Compute Module was teased all the way back in July, and what we knew then is just about what we know now. The new Compute Module is based on the BCM2837 processor – the same as found in the Raspberry Pi 3 – running at 1.2 GHz with 1 gigabyte of RAM. The basic form factor SODIMM form factor remains the same between the old and new Compute Modules, although the new version is 1 mm taller.
The Compute Module 3 comes with four gigabytes of eMMC Flash and sells for $30 on element14 and RS Components. There’s also a cost-reduced version called the Compute Module 3 Light that forgoes the eMMC Flash and instead breaks out those pins to the connector, allowing platform integrators to put an SD card or Flash chip on a daughter (mother?) board. The CM3 Lite version sells for $25.
The Compute Module was always the black sheep of the Raspberry Pi family, although it did find a few applications in its desired use case. The Raspberry Pi Foundation heralded NEC’s announcement of a line of large-format displays using the Compute Module recently. The OTTO, from Next Thing Co., makers of the C.H.I.P. single board computer, also had a Pi Compute Module shoved in its brain. Whether or not companies will choose the Compute Module 3 as a platform remains up in the air, but the value proposition is there; the Pi 3 is a vastly superior computational platform compared to the Pi 1. Putting this power on an easy-to-use module will make for some very interesting products.
If you’re looking for a really cool project for the Compute Module 3, I would suggest a cluster of Pis. The problem with a cluster of Compute Modules is that nearly all SODIMM sockets are horizontal, and for maximum efficiency, you’ll want a vertical header. The good news is vertical SODIMM headers do exist, and you can buy 20% of the world’s supply of these headers for about $500. I know because I did.
Azure Automation is now available in the Azure UK and West Central US regions. These new regions give you more options for locating Automation accounts in geographic locations that work best for you.
You can use Azure Automation to create, monitor, deploy, and maintain resources in your Azure, on-premises, and third-party cloud environments, by using highly scalable and reliable process execution and desired state configuration engines.
Windows: If you spent a lot of time tweaking your Start Menu to your liking, you’ll want to make sure you don’t lose it. Fortunately, you can backup your layout by making a copy of a hidden folder.
Meeting times Alternate, even weeks Thursday at 20:00UTC, odd weeks Thursday at 01:00UTC
Currently two proposes:
“Base Services” proposal 5 recognizes components leveraging features from external services that OpenStack components can assume will be present. Two kinds:
Local (like a hypervisor on a compute node)
Global (like a database)
“Nova Compute API” proposal 6 breaking nova-compute out of Nova itself.
Restarting Service-types-authority / service catalog work
In anticipation of having a productive time in Atlanta for the PTG, various patches have been refreshed 7.
Two base IASS services aren’t in the list yet because of issues:
Neutron / network – discrepancy between common use of “network” and “networking” in the API reference URL. Other services in the list have the service-type and the URL name for the API reference are the same.
Cinder / volume – Moving forward from using volumev2 and volumev3 in devstack.
What constitutes a project was never for drivers. Drivers are part part of the project. Driver developers contribute to OpenStack by creating drivers.
Discoverability:
Consensus: it is currently all over the place 8910.
There should be CI results available.
Discoverability can be fixed independently of governance changes.
Driver projects official or not?
Out-of-tree vendors have a desire to become “official” OpenStack projects.
Opinion: let driver projects become official without CI requirements.
Opinion: Do not allow drivers projects to become official, that doesn’t mean they shouldn’t easily be discoverable.
Opinion: We don’t need to open the flood gates of allowing vendors to be teams in the OpenStack governance to make the vendors developers happy.
Fact: This implies being placed under the TC oversight. It is a significant move that could have unintended side-effects, it is hard to reverse (kicking out teams we accepted is worse than not including them in the first place), and our community is divided on the way forward. So we need to give that question our full attention and not rush the answer.
Opinion: Consider driver log 11 an official OpenStack project to be listed under governance with a PTL, weekly meetings, and all that it required to allow the team to be effective in their mission of keeping the marketplace a trustworthy resource for learning about OpenStack driver ecosystem.
Driver Developers:
Opinion: A driver developer that ONLY contributes to vendor specific driver code should not have the same influence as other OpenStack developers, voting for PTL, TC, and ATC status.
Opinion: PTLs should leverage the extra-atcs option in the governance repo.
In-tree VS out-of-tree
Cinder has in-tree drivers, but also has out-of-tree drivers when their CI is not maintained or when minimum feature requirements are not met. They are marked as ‘not supported’ and have a single release to get things working before being moved out-of-tree.
Ironic has a single out-of-tree repo 12 — But also in-tree 13
Neutron has all drivers out-of-tree, with project names like: ‘networking-cisco’.
Many opinions on the “stick-based” approach the cinder team took.
Opinion: The in-tree vs out-of-tree argument is developer focused. Out-of-tree drivers have obvious benefits (develop quickly, maintain their own team, no need for a core to review the patch). But a vendor that is looking to make sure a driver is supported will not be searching git repos (goes back to discoverability).
Opinion: May be worth handling the projects that keep supported drivers in-tree differently that we handle projects that have everything out-of-tree.
Submissions will be evaluated next week and grantees will be notified by Friday, January 20th.
Register for the event 22 if you haven’t yet. Prices will increase on January 24 and February 14.
If you haven’t already booked your hotel yet, do ASAP in the event hotel itself using the PTG room block. This helps us keep costs under control and helps share the most time with the event participants.
Feature work and major refactoring be starting to wrap up as we approach the the third milestone.
Release Tasks:
stable/ocata branches will be created and configured with a small subset of the core review team. Release liaisons should ensure that these groups exist and the membership is correct.
General Notes:
We will start the soft string freeze during R-4 (Jan 23-27) 24
Subscribe to the release calendar with your favorite calendaring software 25
Important Dates:
Final release for non-client libraries: January 19
Ocata 3 milestone with feature and requirements freeze: January 26
