Monday morning. Apparently a Tesla exploded on a Russian highway after a crash.
A Tesla vehicle involved in a collision burst into flames and exploded on a highway near Moscow last night, local media reported. The occupants were slightly injured, but the car is toast.
Source: Tesla explodes after crash on Russian highway – TechCrunch
While a lot of people debate DNS-over-https (and it’s dependencies), IETF has a specification for DNS-over-QUIC on it’s standards track.
This document describes the use of QUIC to provide transport privacy for DNS. The encryption provided by QUIC has similar properties to that provided by TLS, while QUIC transport eliminates the head-of-line blocking issues inherent with TCP and provides more efficient error corrections than UDP. DNS over QUIC (DNS/QUIC) has privacy properties similar to DNS over TLS specified in RFC7858, and performance similar to classic DNS over UDP.
Source: Specification of DNS over Dedicated QUIC Connections
Macrumors, among others, reports. A good move in the vulnerability ecosystem.
As one of the top technology hubs in Europe, Munich is an economic powerhouse, hosting the presence of international corporations, strong VC support, top universities and of course, the Oktoberfest. Many startups choose to make the city their headquarters each year – and here are 10 of the most promising Munich-based to watch in 2019.
Source: 10 Munich-based startups to look out for in 2019 and beyond
GitHub today released a CI/CD Tool, GitHub Actions. With the tight integration into development workflows and rich, community maintained build-command, actions appears an interesting competitor in the market. As a minimum, the release indicates the importance of CI/CD for the modern software development lifecycle.
Developer productivity and frictionless workflows have been buzzwords for the past half decade and the arrival and rapid growth of Travis-CI, Jenkins or Cirlce-CI have proven the resonance in development organisations. GitHub has outstanding testimonials from day one on the announcement and the ecosystem appears to be ready to go.
It is an offering that comes with appealing integrations and a competitive price, that sure is worth watching.
GitHub Actions makes it easy to automate all your software workflows, now with world-class CI/CD. Build, test, and deploy your code right from GitHub. Make code reviews, branch management, and issue triaging work the way you want.
Old and busted: How to respond to Distributed Denial of Service on the Internet
New hotness: How to respond to Denial of Service in a Restaurant.
Open Policy Agent to manage policy for Kubernetes with GateKeeper.
Es ist schlimmer, als wir alle gedacht haben.
Mail rechtzeitig verschickt, Frist aber trotzdem versäumt: Das BeA kommt mit Umlauten nicht klar, der Absender einer Nachricht erfährt davon aber nichts.
Source: BeA: Besonderes elektronisches Anwaltspostfach kann kein Deutsch – Golem.de
Should you be working in Product Management, this may well be a good selection for Sunday evening to watch:
As a product manager, you’ll want to continuously be seeking out new ways to learn, new information, fresh ideas, and inspiration. It’s a constant learning process, and it’s important to stay open and stay motivated. While there are many resources out there, including books, blogs, podcasts, influential people on social media, and tons of online publications, there is something we love about TED Talks.
Earlier this week, it became public that Capital One was victim to a privacy leak, affecting more than 100 million of their customers. News revealed details about the source of the attack, that apparently an individual conducted and bragged about it publicly.
Now, a few days later and more facts known, the always excellent Krebs on Security blog offers some lessons learned from the incident. It has good statements from Netflix, CloudFlare, DisruptOS and AWS personnel, including citations about the involvement of IAM, EC2 and WAF. In particular, it points out mitigations that AWS recommends in response to Server Side Request Forgery (SSRF).
Interesting is the conclusion that Rich Mogull comes to, that the industry is facing a major gap in skills, related to this kind of cloud security. Basic skill and availability thereof has always been a major gap in the entire industry. Only with the arrival of cloud it becomes more sparse. Mostly, because corporations maintain both their existing data centers and new cloud infrastructure, leaving out on the opportunity to become more secure in the cloud.