As one of the top technology hubs in Europe, Munich is an economic powerhouse, hosting the presence of international corporations, strong VC support, top universities and of course, the Oktoberfest. Many startups choose to make the city their headquarters each year – and here are 10 of the most promising Munich-based to watch in 2019.
Source: 10 Munich-based startups to look out for in 2019 and beyond
GitHub today released a CI/CD Tool, GitHub Actions. With the tight integration into development workflows and rich, community maintained build-command, actions appears an interesting competitor in the market. As a minimum, the release indicates the importance of CI/CD for the modern software development lifecycle.
Developer productivity and frictionless workflows have been buzzwords for the past half decade and the arrival and rapid growth of Travis-CI, Jenkins or Cirlce-CI have proven the resonance in development organisations. GitHub has outstanding testimonials from day one on the announcement and the ecosystem appears to be ready to go.
It is an offering that comes with appealing integrations and a competitive price, that sure is worth watching.
GitHub Actions makes it easy to automate all your software workflows, now with world-class CI/CD. Build, test, and deploy your code right from GitHub. Make code reviews, branch management, and issue triaging work the way you want.
Old and busted: How to respond to Distributed Denial of Service on the Internet
New hotness: How to respond to Denial of Service in a Restaurant.
Open Policy Agent to manage policy for Kubernetes with GateKeeper.
Es ist schlimmer, als wir alle gedacht haben.
Mail rechtzeitig verschickt, Frist aber trotzdem versäumt: Das BeA kommt mit Umlauten nicht klar, der Absender einer Nachricht erfährt davon aber nichts.
Source: BeA: Besonderes elektronisches Anwaltspostfach kann kein Deutsch – Golem.de
Should you be working in Product Management, this may well be a good selection for Sunday evening to watch:
As a product manager, you’ll want to continuously be seeking out new ways to learn, new information, fresh ideas, and inspiration. It’s a constant learning process, and it’s important to stay open and stay motivated. While there are many resources out there, including books, blogs, podcasts, influential people on social media, and tons of online publications, there is something we love about TED Talks.
Earlier this week, it became public that Capital One was victim to a privacy leak, affecting more than 100 million of their customers. News revealed details about the source of the attack, that apparently an individual conducted and bragged about it publicly.
Now, a few days later and more facts known, the always excellent Krebs on Security blog offers some lessons learned from the incident. It has good statements from Netflix, CloudFlare, DisruptOS and AWS personnel, including citations about the involvement of IAM, EC2 and WAF. In particular, it points out mitigations that AWS recommends in response to Server Side Request Forgery (SSRF).
Interesting is the conclusion that Rich Mogull comes to, that the industry is facing a major gap in skills, related to this kind of cloud security. Basic skill and availability thereof has always been a major gap in the entire industry. Only with the arrival of cloud it becomes more sparse. Mostly, because corporations maintain both their existing data centers and new cloud infrastructure, leaving out on the opportunity to become more secure in the cloud.
via.
Google’s Project Zero drops a hand full of Zero Day vulnerabilities for the iPhone at Black Hat 2019. Apparently one of them isn’t patched yet. Interaction-less Attack Surface in this context means, it’s wormable, executing code with no human interaction.
Source: Look, No Hands! — The Remote, Interaction-less Attack Surface of the iPhone
All too often, the task list for your teams shared project management tool shows items like “Create Workflow” or “Define Process”. Items that do resonate well in the flow of work and in the nexus of individuals. But they do fall short of allowing the rest of the organization to grasp the meaning and even fail to do so for the reporter when some time has passed.
Some consice expressions on expectations on what this story or ticket is about can do wonder to getting things done. Rather than “defining a a workflow”, for example the product management team would
The core idea is to eliminate any discussion about when an issue, item or story is delivered and is unique across function. Of course, the above serves as an example and will vary by team and work, and needs revision in any particular scenario. Having specific action advise will help reducing debates and focus on an actual deliverable, that is done by all opinion.
Source: Unlock your product organization’s potential by defining “done”