Home Blog Page 3850

Time to problem your self within the 2024 Google CTF

codesanitize
-
0
Time to problem your self within the 2024 Google CTF


It’s Google CTF time! Set up your instruments, commit your scripts, and clear your schedule. The competitors kicks off on June 21 2024 6:00 PM UTC and runs by June 23 2024 6:00 PM UTC. Registration is now open at goo.gle/ctf.

Be a part of the Google CTF (at goo.gle/ctf), an exhilarating enviornment to showcase your technical prowess. The Google CTF consists of a set of pc safety puzzles (or challenges) involving reverse-engineering, reminiscence corruption, cryptography, internet applied sciences, and extra. Contributors can use obscure safety information to seek out exploits by bugs and inventive misuse, and with every accomplished problem your workforce will earn factors and transfer up by the ranks. 

The highest 8 groups of the Google CTF will qualify for our Hackceler8 competitors going down in Málaga, Spain later this 12 months as part of our bigger Escal8 occasion. Hackceler8 is our experimental esport-style hacking recreation competitors, custom-made to combine CTF and speedrunning. 

Screenshot from final 12 months’s Hackceler8 recreation

Within the competitors, groups want to seek out intelligent methods to abuse the sport options to seize flags as rapidly as doable.

Final 12 months, groups assumed the position of Bartholomew (Mew for brief), the fuzzy and lovable protagonist of Hackceler8 2023, set to defeat and overcome the evil rA.Ibbit taking up Silicon Valley! What adventures will Mew encounter this 12 months? See the 2023 grand remaining to get a way of the story and gameplay. The prize pool for this 12 months’s Google CTF and Hackceler8 stands at greater than $32,000.

Itching to get began early? Need to be taught extra, or get a leg up on the competitors? Evaluate challenges from earlier years, together with earlier Hackceler8 matches, all open-sourced right here. Or acquire inspiration by binge watching hours of Hackceler8 2023 movies!

If you’re simply beginning out on this house, try our documentary H4CK1NG GOOGLE, it’s a good way to get acquainted with safety. We additionally advocate testing this 12 months’s Newbie’s Quest that’ll be launching later this summer time which can educate you a number of the instruments and tips with less complicated gamified challenges. For instance, final 12 months we explored hacking by time – you should utilize this to arrange for what’s but to return.

Whether or not you’re a seasoned CTF participant or simply interested in cybersecurity and moral hacking, we need to invite you to affix us. Join the Google CTF to broaden your ability set, meet new pals within the safety group, and even watch the professionals in motion. For the newest bulletins, see goo.gle/ctf, subscribe to our mailing record, or observe us on Twitter @GoogleVRP. Excited by bug looking for Google? Try bughunters.google.com. See you there!



Cloudera’s Bangalore Heart of Excellence – Native Innovation Driving World Influence

codesanitize
-
0
Cloudera’s Bangalore Heart of Excellence – Native Innovation Driving World Influence


Posted in Enterprise |
August 22, 2024 3 min learn

Within the coronary heart of India’s tech hub, Bangalore, you’ll discover our Heart of Excellence (CoE), an innovation hub centered on technological development. Established in 2014, this middle has develop into a cornerstone of Cloudera’s world technique, taking part in a pivotal position in driving the corporate’s three progress pillars: accelerating enterprise AI, delivering a very hybrid platform, and enabling fashionable information architectures. It’s an engine of cutting-edge options that preserve us near our open supply roots, and drive our mission of constructing information and analytics accessible and simple for everybody.  

The Indian Expertise Prowess

Over almost a decade, the Bangalore CoE has grown into a strong hub, housing over 600 staff, primarily in engineering roles, which type the spine of product innovation and buyer assist along with the staff in Chennai. The opposite groups liable for delivering these merchandise embrace efficiency engineering, information engineering, storage, management aircraft, take a look at infrastructure, safety, efficiency, associate certification, launch engineering, and web site reliability. This numerous vary of experience ensures that our options are complete and of the best high quality to assist the info journeys of high enterprises globally. 

We function three main engineering facilities worldwide within the US, India, and Hungary. This strategic distribution permits Cloudera to drive steady innovation and supply well timed assist to its world buyer base.  Inside India, the engineering experience in Chennai and Bangalore play a strategic position to world progress & progress because of its wealthy expertise pool and historic contributions to open-source tasks like Iceberg. The middle’s prominence within the open-source group has made it a magnet for high expertise.

Our staff in Bangalore is instrumental in offering complete cloud assist for end-to-end supply of tasks, holding main releases updated with the newest options, in addition to improvements together with options in Cloudera Machine Studying (CML) that empower clients to develop, take a look at, practice, and deploy fashions inside their information environments. The staff performs a vital position in delivering options and enhancements by means of designing and constructing options that speed up the journey from exploration to manufacturing, and scale their Machine Studying workloads.These work towards supporting Generative AI functions for enterprises in a hybrid cloud atmosphere, making certain that each one their information is AI-ready. 

Forging forward with improvements in machine studying and cloud computing, the staff has refined flows for Generative AI workloads and developed an alert system for Cloud, which permits clients to attain vital financial savings in cloud prices. With the staff propelling these developments, Cloudera retains its foothold as a pacesetter offering cutting-edge machine studying and information science options worldwide.

Native Innovation with World Influence

The affect of our Bangalore CoE extends past the borders of India. The staff works on world tasks that drive vital progress throughout industries, resembling finance, telcos and manufacturing. Options engineered listed here are designed with a world perspective in thoughts, making certain they meet the various wants of our world and Indian clients. 

Cloudera is aiding main banks, inventory exchanges, and high organizations throughout industries in India by offering the infrastructure wanted to investigate the info. This assist helps them in value discount, elevated income, and enhanced operational effectivity. These sectors continuously deal with giant volumes of delicate information demanding sturdy safety and there’s a rising have to handle giant and sophisticated information units with higher methods and infrastructure. 

We imagine that information could make what’s not possible in the present day, doable tomorrow. Our Bangalore and Chennai CoE play a key position in empowering organizations to unlock the total potential of their information. By growing sturdy and safe information platforms, our staff ensures companies can derive significant insights that drive a aggressive benefit. From enhancing information governance and safety to optimizing information workflows and enabling real-time analytics, our staff’s contributions are instrumental in shaping the way forward for data-driven enterprises.

The middle’s skill to deal with all aspects of software program improvement from ideation to supply ensures that innovation is steady. 600+ engineers with a ardour for open supply applied sciences, have helped speed up the enterprise AI and machine studying story for  a whole bunch of shoppers — throughout a sequence of generative AI use circumstances resembling agentic functions on our lakehouse, co-pilots for elevated productiveness, and textual content summarization at scale. The distinctive collocation has additionally helped clients transfer to the cloud sooner and deploy safe hybrid options that empower them to rework information of all kinds on any public or non-public cloud into worthwhile and trusted insights.  

Trying forward, Cloudera plans to proceed its investments within the Bangalore CoE, with plans to rent an extra 50 engineers this 12 months alone. The main target might be on growing expertise to gas enterprise AI and hybrid platform capabilities. Regardless of challenges to find area of interest ability units, Cloudera’s dedication to upskilling and offering progress alternatives stays steadfast. 

As Cloudera continues to evolve, the Bangalore CoE will undoubtedly stay on the forefront, pushing the boundaries of what’s doable on the planet of massive information and AI.

Analyzing Cisco’s Place within the Forrester XDR Wave

codesanitize
-
0
Analyzing Cisco’s Place within the Forrester XDR Wave


Lately, analysis agency Forrester launched its XDR Wave, which ranks many of the main safety distributors based mostly on their capabilities on this market. Whereas I usually agree with the location of many of the distributors within the Wave, I did assume Cisco appeared grossly misplaced. Because of this I’ve determined to problem this placement, based mostly on my expertise working carefully with Cisco, its clients, and companions on XDR deployments, and my perception that the answer is effectively aligned with what clients are on the lookout for.

I’ve appeared on the Wave and analyzed the place Cisco scored poorly, and I wish to provide my evaluation. Under are the highest 5 key factors that, for my part, Forrester didn’t precisely rating Cisco.

Further detection surfaces – Cisco Rating: 1

A part of the problem right here is the definition of XDR. I used to be the primary analyst to make use of the time period in 2018, lengthy earlier than the Wave existed. In my submit, I wrote that the “X” in XDR means “all the things,” the place telemetry must be gathered from as many sources as potential, with cloud, endpoint, and community being the core knowledge sources. Since then, different corporations have embraced the time period “X,” that means eXtended from the endpoint.

When one appears on the Wave, many endpoint distributors, together with Microsoft, CrowdStrike, and TrendMicro, are close to the highest proper. Distributors I contemplate to be extra network-centric, corresponding to Cisco and Fortinet, scored decrease. I additionally assume Fortinet must be increased within the Wave, however I will go away that for an additional submit.

Of all of the XDR distributors, Cisco has one of many richest knowledge units from merchandise corresponding to Cisco NVM, ISE, Umbrella, Talos, and its firewall and community gadgets. Moreover, it gathers knowledge natively from Safe Endpoint, in addition to from a number of third events corresponding to AWS, Azure, and GCP.

Giving Cisco a “1” on this class defies the straightforward eyeball check of the place the corporate has merchandise feeding telemetry to XDR.

Innovation – Cisco Rating: 1

This rating is calculated based mostly on the corporate’s funding in R&D at an organization degree. Cisco is a large firm with R&D spend throughout its portfolio, together with networking, safety, collaboration, and different areas. Forrester likes to see an R&D spend of 20% of firm income to award a 5, and Cisco spends about 13%. Nevertheless, this quantity is deceptive. For an organization of Cisco’s dimension, 13% of its income is greater than most of its opponents mixed.

Additionally, in my dialogue with Cisco management, they indicated that the extent of R&D throughout Cisco shouldn’t be uniform. Extra mature areas require much less spending, whereas rising applied sciences, corresponding to safety, are effectively above the 20% threshold. Scoring a broad, various firm like Cisco on the identical scale as a small startup is deceptive and admittedly irresponsible.

The scoring standards for “neighborhood” is holding a security-specific convention. That is one other case the place the variety of Cisco’s portfolio shouldn’t be thought-about. The corporate’s consumer occasion, Cisco Reside, is without doubt one of the largest expertise exhibits held in lots of areas. So long as I’ve been attending Cisco Reside, which has been occurring for over 20 years, safety has been a major a part of the occasion.

Particularly, concerning XDR, I appeared again on the agenda for Cisco Reside 2024 EMEA, and there have been dozens of safety classes, a lot of which had been devoted to XDR. The corporate additionally holds threat-hunting workshops for its clients, as do a lot of its world companions.

Cisco was additionally a key sponsor on the RSA Convention, held a keynote and lots of academic classes, and had a large total presence. When one appears on the dimension of Cisco’s buyer base, companion neighborhood, licensed engineers, sponsorships, and different associated elements, it’s quantifiability one of many largest safety communities.

Product Safety – Cisco Rating: 3

I discovered the quantification of this a bit complicated. Forrester states, “5 = The seller offers transparency on the way it secures its providing.” From my expertise, which dates to being a Cisco Safety buyer, the corporate has a well-established course of round safety belief and insurance policies. I’ve talked with Cisco management, and the corporate as a complete takes vulnerability scanning, pen-testing, and red-teaming very severely whereas pushing this mentality all the way down to its channel companions to make sure its total ecosystem is clear.

Forrester might not discover what Cisco does sufficient, and that’s its opinion, however Cisco Safety scored a 5 within the community evaluation and visibility (NAV) wave. The method and standards are the identical for each, as must be the rating.

Coaching – Cisco Rating: 1

From the Wave’s scoring standards, a rating of 5 is achieved when “the seller presents free, complete on-line coaching on the product and presents reside on-line coaching for a payment. In-person coaching is out there for a payment in a number of languages.” As one of many extra lively Cisco trade watchers, I’m up to date on their coaching exercise from clients, companions, and the corporate. I do know Cisco has a wealth of free info within the space of XDR.

For instance, Cisco XDR clients obtain proactive onboarding and configuration steerage from a Buyer Success consultant. The corporate additionally presents in-product assist and product documentation to assist customers perceive the device, in addition to in-product video coaching and step-by-step directions.

Cisco additionally holds a variety of skilled and academic webinars, throughout which clients can work together with Cisco to resolve points, perceive finest practices, and develop methods for menace detection and response. The corporate additionally has its Studying Middle, which accommodates walkthroughs, demos, on-demand labs, and threat-hunting workshops.

Certainly one of Cisco’s historic differentiators, for the previous 30 years, has been the quantity of free coaching it presents throughout its product line. A rating of 1 right here signifies Forrester isn’t conscious of Cisco’s vary of coaching choices.

Abstract

Usually, I’m not one to criticize one other analyst agency’s evaluation as a lot of it’s opinion. Nevertheless, instruments like Waves and Magic Quadrants are worthwhile as they’re formulaic and supply a quantifiable “rating.” On this case, Forrester’s placement of Cisco appears manner off base from my information. As I discussed, Forrester’s definition might differ from mine, the place they view XDR because the evolution of EDR. I have a look at it extra holistically, however that doesn’t clarify among the different inconsistencies.

My recommendation to clients is at all times to make use of these as a information nevertheless it’s at all times clever to do your personal proof of ideas as each setting is completely different.

Zeus Kerravala is the founder and principal analyst with ZK Analysis.

Learn his different Community Computing articles right here.

Associated articles:



Upgrading a 20 yr previous College Undertaking to .NET 6 with dotnet-upgrade-assistant

codesanitize
-
0
Upgrading a 20 yr previous College Undertaking to .NET 6 with dotnet-upgrade-assistant



I wrote a Tiny Digital Working System for a 300-level OS class in C# for faculty again in 2001 (?) and later moved it to VB.NET in 2002. That is all pre-.NET Core, and on early .NET 1.1 or 2.0 on Home windows. I moved it to GitHub 5 years in the past and ported it to .NET Core 2.0 on the time. At this level it was 15 years previous, so it was cool to see this mission working on Home windows, Linux, in Docker, and on a Raspberry Pi…a machine that did not exist when the mission was initially written.

NOTE: If the timeline is complicated, I had already been working in trade for years at this level however was nonetheless plugging away at my 4 yr diploma at night time. It will definitely took 11 years to finish my BS in Software program Engineering.

This night, as the kids slept, I needed to see if I might run the .NET Improve Assistant on this now 20 yr previous app and get it working on .NET 6.

Let’s begin:

$ upgrade-assistant improve .TinyOS.sln
-----------------------------------------------------------------------------------------------------------------
Microsoft .NET Improve Assistant v0.3.256001+3c4e05c787f588e940fe73bfa78d7eedfe0190bd
We're fascinated about your suggestions! Please use the next hyperlink to open a survey: https://aka.ms/DotNetUASurvey
-----------------------------------------------------------------------------------------------------------------
[22:58:01 INF] Loaded 5 extensions
[22:58:02 INF] Utilizing MSBuild from C:Program Filesdotnetsdk6.0.100
[22:58:02 INF] Utilizing Visible Studio set up from C:Program FilesMicrosoft Visible Studio2022Preview [v17]
[22:58:06 INF] Initializing improve step Choose an entrypoint
[22:58:07 INF] Setting entrypoint to solely mission in resolution: C:UsersscottTinyOSsrcTinyOSCoreTinyOSCore.csproj
[22:58:07 INF] Recommending executable TFM net6.0 as a result of the mission builds to an executable
[22:58:07 INF] Initializing improve step Choose mission to improve
[22:58:07 INF] Recommending executable TFM net6.0 as a result of the mission builds to an executable
[22:58:07 INF] Recommending executable TFM net6.0 as a result of the mission builds to an executable
[22:58:07 INF] Initializing improve step Again up mission

See how the method is interactive on the command line, with colour prompts and a collection of dynamic multiple-choice questions?

Updating .NET project with the upgrade assistant

Curiously, it builds on the primary strive, no errors.

Once I manually take a look at the .csproj I can see some bizarre model numbers, doubtless from some not-quite-baked model of .NET Core 2 I used a few years in the past. My spidey sense says that is flawed, and I am assuming the improve assistant did not perceive it.

I additionally be aware a commented-out reference to ILLink.Duties which was a preview function in Mono’s Linker to cut back the ultimate dimension of apps and tree-trim them. A few of that performance is constructed into .NET 6 now so I am going to use that throughout the construct and packaging course of later. The reference will not be wanted at this time.

I am gonna blindly improve them to .NET 6 and see what occurs. I might do that by simply altering the numbers and seeing if it restores and builds, however I may strive dotnet outdated which stays a stunning device within the upgrader’s toolkit.

image

This “outdated” device is sweet because it talks to NuGet and confirms that there are newer variations of sure packages.

In my exams – which had been simply batch information at this early time – I used to be calling my dotnet app like this:

dotnet netcoreapp2.0/TinyOSCore.dll 512 scott13.txt

It will change to the trendy type with simply TinyOSCore.exe 512 scott13.txt with an exe and args and no ceremony.

Publishing and trimming my TinyOS turns into only a 15 meg EXE. Good contemplating that the .NET I want is in there with no separate set up. I might flip this little artificial OS right into a microservice if I needed to be completely further.

dotnet publish -r win-x64 --self-contained -p:PublishSingleFile=true -p:SuppressTrimAnalysisWarnings=true

If I add 

-p:EnableCompressionInSingleFile=true

Then it is even smaller. No code adjustments. Run all my exams, seems to be good. My mission from college from .NET 1.1 is now .NET 6.0, cross platform, self-contained in 11 megs in a single EXE. Candy.

Sponsor: At Rocket Mortgage® the work you do round right here might be 100% impactful however received’t take all of your free time, supplying you with the proper work-life stability. Or as we name it, tech/life stability! Study extra.




About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, guide, father, diabetic, and Microsoft worker. He’s a failed stand-up comedian, a cornrower, and a e book writer.

facebook
twitter
subscribe
About   Publication

Internet hosting By
Hosted in an Azure App Service










This AI Paper from ETH Zurich Introduces DINKEL: A State-Conscious Question Technology Framework for Testing GDBMS (Graph Database Administration Programs)

codesanitize
-
0
This AI Paper from ETH Zurich Introduces DINKEL: A State-Conscious Question Technology Framework for Testing GDBMS (Graph Database Administration Programs)


Graph database administration methods (GDBMSs) have change into important in right this moment’s data-driven world, which requires an increasing number of administration of advanced, extremely interconnected information for social networking, suggestion methods, and huge language fashions. Graph methods effectively retailer and manipulate graphs to rapidly retrieve information for relationship evaluation. The reliability of GDBMS will then be essential for sectors by which information integrity is essential, reminiscent of finance and social media.

Regardless of excessive diffusion, the intrinsic complexity and dynamic information adjustments these methods deal with are severe issues and hassles within the GDBMS. A bug in these methods might create severe issues, together with information corruption and attainable safety flaws. As an illustration, these bugs in GDBMS can result in denial-of-service assaults or info disclosure that shall be disastrous in high-assurance functions. As each the methods and the character of the queries they course of are very advanced, their detection and backbone are fairly difficult; therefore, these bugs may pose a extreme reliability and safety danger.

State-of-the-art methods for testing GDBMS generate queries in Cypher, essentially the most broadly adopted graph question language. Nevertheless, these methods solely generate comparatively small complexity queries and totally mannequin state adjustments and information dependencies typical of advanced real-world functions. Certainly, state-of-the-art approaches often cowl a small portion of the performance supplied by GDBMSs and fail to detect bugs that will compromise system integrity. These deficiencies underline the necessity for extra subtle testing instruments able to precisely modeling advanced operations in GDBMS.

That being the case, ETH Zurich researchers have proposed another means of testing GDBMS specializing in state-aware question era. The workforce carried out this strategy as a totally computerized GDBMS testing framework, DINKEL. This technique allows modeling the dynamic states of a graph database to create advanced Cypher queries that signify real-life information manipulation in GDBMS. In distinction to conventional methods, DINKEL permits the continual replace of state details about a graph through the era of queries, thus guaranteeing that each impartial question displays a database’s attainable states and dependencies. Therefore, this multi-state change and sophisticated information interplay empower queries to allow the testing of GDBMS with excessive take a look at protection and effectiveness.

One other strategy by DINKEL is predicated on the systematic modeling of graph states, divided by question context and graph schema. Question context accommodates details about the short-term variables declared within the queries; graph schema contains info on present graph labels and properties. On the era of Cypher queries, DINKEL incrementally constructs each question, drawing on details about the present state of the graph’s accessible components and updating state info because the question evolves. This state consciousness ensures syntactical correctness but in addition ensures real-world situations are represented by the queries generated from DINKEL, enabling the revelation of bugs that may have flown beneath the radar.

The outcomes of DINKEL efficiency are actually spectacular. His intensive testing on three main open-source GDBMSs—Neo4j, RedisGraph, and Apache AGE—DINKEL confirmed an excellent validity fee for advanced Cypher queries of 93.43%. In a 48-hour take a look at marketing campaign, DINKEL uncovered 60 distinctive bugs, amongst which 58 have been confirmed, and the builders later mounted 51. By making use of this technique, DINKEL might cowl over 60% extra code than the perfect baseline testing methods, thus demonstrating improved deep bug-exposing capability. Most of those bugs have been beforehand unknown and concerned tough logic or state adjustments within the GDBMS, underpinning the effectiveness of DINKEL’s state-aware question era.

The strategy by the ETH Zurich workforce serves a needy trigger in testing GDBMS. They’ve developed a state-aware strategy to producing queries for constructing this software, drastically enhancing advanced bug detection that hazard reliability and safety in graph database methods. Outcomes Their work, materialized by means of DINKEL, confirmed exceptional enhancements in take a look at protection and bug detection. This advance is a step forward in GDBMS robustness assurance; DINKEL is one related software for builders and researchers.

Take a look at the Paper. All credit score for this analysis goes to the researchers of this undertaking. Additionally, don’t neglect to comply with us on Twitter and be part of our Telegram Channel and LinkedIn Group. In the event you like our work, you’ll love our e-newsletter..

Don’t Overlook to affix our 49k+ ML SubReddit

Discover Upcoming AI Webinars right here


Nikhil is an intern marketing consultant at Marktechpost. He’s pursuing an built-in twin diploma in Supplies on the Indian Institute of Know-how, Kharagpur. Nikhil is an AI/ML fanatic who’s all the time researching functions in fields like biomaterials and biomedical science. With a powerful background in Materials Science, he’s exploring new developments and creating alternatives to contribute.



1...3,8493,8503,851...4,063Page 3,850 of 4,063
© Newspaper WordPress Theme by TagDiv