投稿時間:2022-11-08 03:22:08 RSSフィード2022-11-08 03:00 分まとめ(26件)

カテゴリー等	サイト名等	記事タイトル・トレンドワード等	リンクURL	頻出ワード・要約等/検索ボリューム	登録日
AWS	AWS Startups Blog	Four simple steps to classify your data and secure your startup	https://aws.amazon.com/blogs/startups/four-simple-steps-to-classify-your-data-and-secure-your-startup/	Four simple steps to classify your data and secure your startupUnderstanding your data types and their sensitivity levels ensures that your startup stays ahead of unintended data use or disclosures and satisfies compliance requirements By identifying the data you have and implementing appropriate automated controls you can meet these requirements more easily while also improving your security posture To get you started this post provides four simple steps to simplify and automate the data classification process for your startup	2022-11-07 17:15:20
python	Pythonタグが付けられた新着投稿 - Qiita	世界最高精度を達成した言語モデルLUKEの論文を徹底解説（試しに使えるソースコードも記載）	https://qiita.com/Mizuiro__sakura/items/9ccbd655501e78df5cc6	世界最高	2022-11-08 02:47:27
python	Pythonタグが付けられた新着投稿 - Qiita	ubuntuでtkinterが使えなくなった（泣）	https://qiita.com/Ze_roP/items/14739dfb8e3f0f5162e4	tkinter	2022-11-08 02:33:24
js	JavaScriptタグが付けられた新着投稿 - Qiita	JavaScriptから使いやすいWebAPIをRPCでお手軽に	https://qiita.com/economist/items/0e1fabdfcd75d1e3bafa	javascript	2022-11-08 02:38:22
js	JavaScriptタグが付けられた新着投稿 - Qiita	javascriptを基本から　① ボタンクリック時、何かjavascript（alert()メソッド）を実行する	https://qiita.com/Amanzo/items/c6ea9ccc76c07ff2647c	javascript	2022-11-08 02:34:21
js	JavaScriptタグが付けられた新着投稿 - Qiita	【Next.js】React-Hook-FormとSSGformを使ったお問い合わせフォーム作成【フォーム送信】	https://qiita.com/SyoInoue/items/561b2a22a53a482c9654	react	2022-11-08 02:00:58
海外TECH	DEV Community	Apache Commons Text CVE-2022-42889 Fix for JMeter	https://dev.to/qainsights/apache-commons-text-cve-2022-42889-fix-for-jmeter-2507	Apache Commons Text CVE Fix for JMeterAfter the LogShell fiasco last year it is now time to apply the patch for CVE to your Java ecosystem In this blog post we will see about CVE specs and how to mitigate in your JMeter ecosystem What is CVE From the National Vulnerability Database the description is as follows Apache Commons Text performs variable interpolation allowing properties to be dynamically evaluated and expanded The standard format for interpolation is prefix name where prefix is used to locate an instance of org apache commons text lookup StringLookup that performs the interpolation Starting with version and continuing through the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers These lookups are script execute expressions using the JVM script execution engine javax script dns resolve dns records url load values from urls including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used Users are recommended to upgrade to Apache Commons Text which disables the problematic interpolators by default What is Apache Commons Apache Commons is a collection of Java reusable components from the Apache Software Foundation It consists of three parts The Commons Proper  A repository of reusable Java componentsThe Commons Sandbox  A workspace for Java component developmentThe Commons Dormant  A repository of components that are now inactiveCommonly used Java components from Apache Commons are CSV IO Net Text and more Apache Commons TextApache Commons Text is a library focused on algorithms working on strings Here is the Java documentation page If you are a developer you still use this library without your knowledge via the software supply chain Dive into CVE If your application uses the Apache Commons Text version between both inclusive then the attacker can make use of the vulnerability in StringSubstitutor class Here is the sample snippet which I created using the above docs page Below code snippet using Apache Commons Text leverages the StringSubstitutor and interpolation where it prints the encoding and decoding string information by executing it as a string input Apache Commons Text package org qainsights import org apache commons text public class Main public static void main String args StringSubstitutor interp StringSubstitutor createInterpolator String str Base Decoder baseDecoder UUFJbnNpZhcw nBase Encoder baseEncoder QAInsights String rep interp replace str System out println rep It may not look like a vulnerability for normal eyes but attackers can leverage the string inputs of dns script and url functions Here are the default interpolators which use the string lookups as above final StringSubstitutor interpolator StringSubstitutor createInterpolator final String text interpolator replace Base Decoder baseDecoder SGVsbGXbJsZCE n Base Encoder baseEncoder HelloWorld n Java Constant const java awt event KeyEvent VK ESCAPE n Date date yyyy MM dd n Environment Variable env USERNAME n File Content file UTF src test resources document properties n Java java version n Localhost localhost canonical name n Properties File properties src test resources document properties mykey n Resource Bundle resourceBundle org apache commons text example testResourceBundleLookup mykey n System Property sys user dir n URL Decoder urlDecoder Hello World n URL Encoder urlEncoder Hello World n XML XPath xml src test resources document xml root path to node n Below are the extra lookups which are not included in Apache Commons Text dns dnsStringLookup url urlStringLookup script scriptStringLookup Let us execute the url string lookup in version package org qainsights import org apache commons text public class Main public static void main String args StringSubstitutor interp StringSubstitutor createInterpolator String str url UTF String rep interp replace str System out println rep The above snippet will display the HTML output of Now let us upgrade the Apache Commons Text to The above code will display the output below url UTF Basically version will not process the string lookups of dns script and url by DEFAULT If you still want to make use of the dns script and url lookups you need to enable them explicitly Here is the sample code Enabling dns lookup in Apache Commons Text package org qainsights import org apache commons text import org apache commons text lookup StringLookup import org apache commons text lookup StringLookupFactory import java util HashMap import java util Map public class Main public static void main String args Map lt String StringLookup gt lookupMap new HashMap lt gt lookupMap put dns StringLookupFactory INSTANCE dnsStringLookup StringLookup variableResolver StringLookupFactory INSTANCE interpolatorStringLookup lookupMap null false System out println new StringSubstitutor variableResolver replace dns address apache org Mitigating it in Apache JMeterNow we are equipped with the knowledge of Apache Commons Text vulnerability Let us go ahead with how to mitigate the CVE in Apache JMeter As you already know Apache JMeter is a pure Java performance testing tool which heavily relies on Apache Commons libraries First step is to find the commons text jar in JMETER HOME lib folder and replace it with the version by downloading and extracting it from That s it You are good to go Here is the automated script GitHub Repo lt wp button gt ConclusionConsidering the CVSS of for the CVE it is highly recommended to patch your environment with the latest patch You can use the above script to automate Please let me know if you have any questions	2022-11-07 17:35:17
海外TECH	DEV Community	Web3 Security: Types of Attacks and Lessons Discovered	https://dev.to/guildaudits/web3-security-types-of-attacks-and-lessons-discovered-2ioi	Web Security Types of Attacks and Lessons DiscoveredWeb security is largely dependent on blockchains unique capacity for commitment and resistance to human interference These software controlled networks are a prime target for attackers because of the related property of finality where transactions are typically irreversible As blockchains the distributed computer networks at the core of web gain value so do the supporting technologies and apps making them more and more attractive targets for attackers We have seen similarities with historical software security trends despite web s variances from earlier internet iterations The major issues are frequently still the same By researching these topics defenders ーwhether developers security teams or regular crypto users ーcan better protect their projects personal belongings and wallets from would be thieves Based on our expertise we ve listed several recurring themes and predictions below Following the moneyAttackers typically want to get the best return on their investment Due to the higher potential rewards they can spend more time and effort attacking protocols that have more “total value locked or TVL High value systems are more frequently the target of hacking organizations with the most resources These desirable targets are also more commonly the target of novel exploits the most profitable kind We anticipate that for the foreseeable future low cost assaults like phishing will grow more prevalent Patching the holesAs programmers gain knowledge from tried and true assaults web software may eventually become “secure by default Application programming interfaces or APIs are frequently tightened in order to reduce the likelihood of errors leading to the introduction of vulnerabilities The effectiveness of the following attacks including governance assaults pricing oracle manipulation and re entrancy flaws may significantly decline as security techniques and technology advance The cost of assaults may be increased by removing most of the low hanging fruit for attackers even if security is always a work in progress and nothing is ever hack proof Platforms that can t guarantee “perfect security will need to employ exploit mitigation measures to reduce the likelihood of losses By lowering the “benefit or upward component of their cost benefit equation this may dissuade attacks Categorizing attacksAttacks on diverse systems can be categorised based on their similar properties Defining qualities include how complex an assault is to pull off to what extent the attacks can be automated and what protection measures can be put in place to fight against them Pricing oracle attacks market manipulators It s difficult to value assets accurately Market manipulation is prohibited in the conventional trading environment and you risk being fined or even arrested if you artificially raise or lower an asset s price The issue is severe in DeFi which enables arbitrary individuals to “flash trade hundreds of millions or billions of dollars resulting in abrupt price changes Numerous web initiatives rely on “oracles which are computer systems that offer real time data and serve as a source for data that cannot be obtained on chain Oracles are frequently used for example to calculate the exchange rate between two assets However attackers have discovered a means to deceive these purportedly reliable sources As the standardization of oracles progresses there will be safer bridges between the off chain and on chain worlds available and we can expect markets to become more resilient to manipulation attempts With any luck this class of attacks may one day disappear almost entirely ProfileWho Organized groups APTs solo actors and insiders Sophistication Moderate technical knowledge required Automatability High most attacks likely involve automation detecting an exploitable issue Expectations for the future Likely to decrease as methods for accurate pricing become more standard Governance attacks the election stealers The first crypto specific problem to appear on the list is this one A governance component is present in many web projects allowing token holders to submit and decide on network change requests While this offers a chance for ongoing development and improvement it also creates a backdoor for the introduction of malevolent ideas that if implemented might harm the network Attackers have developed novel strategies to get around restrictions seize control of the leadership and plunder coffers Governance assaults have now been seen in the wild while they were formerly only a theoretical worry As happened recently with the decentralized finance or DeFi project Beanstalk attackers can take out substantial “flash loans to sway votes Attackers can more easily take advantage of governance votes that trigger automatic proposal execution but if proposal enactment is delayed or needs human approval from many parties via a multisig wallet for example it may be more difficult to carry off ProfileWho Anyone from organized groups APTs to solo actors Sophistication Low to High depending on the protocol Many projects have active forums communities on Twitter and Discord and delegation dashboards that can easily expose more amateur attempts Automatability Low to High depending on the protocol Expectations for the future These attacks are highly dependent on governance tooling and standards especially as they relate to monitoring and the process of proposal enactment Supply chain vulnerabilities the weakest links Safety recalls are issued by automakers when they find faulty parts in their cars and the software supply chain is no different Libraries created by third parties for software increase the attack surface This has long been a security issue for systems prior to web as demonstrated by the logj hack from last December which had an impact on a lot of web server software In order to locate unpatched vulnerabilities they may exploit attackers will search the internet for known flaws Although your engineering staff may not have created the imported code it still has to be maintained Teams must maintain track of the progress and condition of the projects they rely on check for vulnerabilities in the individual components of their software and make sure updates are applied It is difficult to appropriately inform library users of these risks due to the actual and immediate costs of exploitation for web software vulnerabilities The jury is still out on how or where teams should share them with one another so as not to unintentionally jeopardize user funding ProfileWho Organized groups such as APTs solo actors and insiders Sophistication Moderate need technical know how and some time Automatability Moderate scanning to find faulty software components can be automated but when new vulnerabilities are discovered exploits need to be constructed manually Expectations for the future Supply chain vulnerabilities are likely to increase as the interdependence and complexity of software systems rises Opportunistic hacking will likely also increase until good standardized methods of vulnerability disclosure are developed for web security APT operations the top predators Expert adversaries sometimes referred to as Advanced Persistent Threats APTs are the security industry s bogeymen They have a wide range of motives and skills but they are frequently wealthy and persistent as their name would imply regrettably they are quite likely to constantly exist Although various APTs carry out a wide range of operations these threat actors are more likely to directly target the network layer of businesses in order to achieve their objectives We are aware that certain highly developed groups are actively pursuing web initiatives and we believe there may be more unidentified entities as well The individuals responsible for the most worrisome APTs typically reside in nations lacking extradition agreements with the U S and EU making it more challenging to bring charges against them Lazarus a North Korean organization that the FBI has blamed for carrying out the biggest crypto attack to date is one of the most well known APTs ProfileWho Nation states well funded criminal organizations and other advanced organized groups Examples include Ronin hackers Lazarus widely linked to North Korea Sophistication High only available to highly resourced groups usually in countries that won t prosecute Automatability Low still mostly manual efforts with some custom tooling Expectations for the future APTs will remain active as long as they can monetize their activities or achieve various political ends New weaknesses unknown unknowns Web security is no different “Zero day vulnerabilities so termed because they were widely known for zero days at the time of their debut are a contentious topic in the world of information security The hardest strikes to ward against are those that appear out of nowhere Web has if anything made it simpler to monetize these pricy time consuming operations because it might be challenging to recover stolen crypto money Attackers can invest a lot of time looking through the code of on chain apps in an attempt to uncover a defect that will make their efforts worthwhile Unaware projects are still plagued by certain former new vulnerabilities for example the re entrancy problem that notably brought down TheDAO an early Ethereum project is still present in other places today ProfileWho Organized groups APTs solo actors less likely and insiders Sophistication Moderate High technical knowledge is required but not all the vulnerabilities are too complex for people to understand Automatability Low finding novel vulnerabilities takes time and effort and is not likely to be automated once found scanning for similar issues across other systems is easier Expectations for the future More attention attracts more whitehats and makes the “barrier to entry higher for discovering novel vulnerabilities Meanwhile as web adoption grows so does the motive for blackhats to find new exploits This is likely to remain a game of cat and mouse as it has in many other areas of security	2022-11-07 17:24:50
海外TECH	DEV Community	[EN] Git. Guide from scratch	https://dev.to/davidrojom/en-git-guide-from-scratch-ao4	EN Git Guide from scratchIn this article we will cover everything from creating a new repository to publishing it on a server and some commands that I use on a daily basis that may be useful Installed Git is a must ¿What is Git Git is the most widely used version control system in use nowadays it has become the de facto standard for most companies so it is important to know how to manage it efficiently A versioned project in Git is composed of a minimum of four areas Working Area contains files that have been created modified or deleted Stash Area files that have been modified and we ve set aside to do something with them in the future Staging Area contains the files that we want to be added to the repository Local Repository This is the modification history of our repository it is made up of different branches that contain all the changes that have been made to a project The branches are copies of the project starting from the same codebase their function is to implement changes to our repository Additionally we can have one more area called Remote repository which is nothing more than a copy of our Local Repository area located in one or more servers be it GitHub GitLab or BitBucket among others It is possible to have more than one Remote Repository for a single Local Repository Initial configuration The first thing we have to do after installing Git is to configure our credentials for this we are going to make use of these three commands git config global user name your username git config global user email your email git config global core editor your text editor Vim is the default text editor Initialising Downloading a repository To start a repository we just need to run the git init command inside our project directory To download clone an existing repository we must execute the command git clone lt url repository gt Common commands Most of the commands contain extra parameters that for simplicity will not be explained in this article The most common ones for everyday use will be explained Files git add lt file gt allows us to move files from Working directory to Staging Area git stash allows us to reserve changes from our Staging Area for later use git stash list allows us to list the changes we have previously stashed git stash pop allows us to retrieve the last change we saved git stash pop lt index stash gt retrieve the change with a given index git stash drop allows us to delete a change we have reserved git commit m message allows us to move files from Staging Area to Local Repository by adding a message git diff lt filename gt shows the difference in a file from its previous version git reset allows us to move all files from Staging Area to Working Directory git reset lt filename gt allows us to move a file from the Staging Area to the Working Directory git reset soft HEAD lt commits number gt allows us to undo changes to our Local Repository x commits backwards without losing those modifications where x lt commits number gt git restore lt filename gt allows us to undo changes that have been made to a file Branches git branch lists all the branches in our Local Repository and which one we are currently on git branch d remove a branch that has already been merged into another branch git branch D forces the removal of a branch whether it has already been merged or not git switch lt destination branch name gt allows us to switch to the destination branch git switch c lt branch name gt create a new branch from the branch we are currently on and move to it git checkout lt id commit gt allows us to move to an existing commit git merge lt branch to merge gt merge a branch into our current branch Remote Repository git remote add lt link name gt lt url repository gt links our Local Repository to a Remote Repository git remote remove lt link name gt delete a link to a Remote Repository git remote v lists which Remote Repositories our Local Repository is linked to git push lt link name gt lt remote branch gt allows us to upload commits from our Local Repository to a Remote Repository git push f lt link name gt lt remote branch gt allows us to force the upload of commits from our Local Repository to a Remote Repository git fetch download metadata from a Remote Repository to a Local Repository git pull is a combination of git fetch and git merge it pulls the changes and metadata from a Remote Repository and merges them with our current branch in Local Repository Generic git status shows the current status of our repository git log lists the changes If you know of a useful command that you think should be on this list don t hesitate to comment	2022-11-07 17:14:19
海外TECH	DEV Community	Top 10 ways to become a self-taught developer	https://dev.to/documatic/top-10-ways-to-become-a-self-taught-developer-5gig	Top ways to become a self taught developer IntroductionHello fellow newbies and self taught developers As a rookie what are your challenges in learning My biggest challenges as a self taught in development were No clear path and visionLack of structuresNo one to hold me accountableNo proper guidanceI was learning alone No one was there to guide me or share my problems and frustrations Whenever I get confused and burned out I procrastinate for days even weeks to cool down Does it sound familiar to you I learned it the hard way but you don t have to go through what I ve been through Or at least you can avoid spending your time on things that I wish I knew sooner and could do better I hope this advice can help and guide you as new self taught developers Find your field of interest As a self taught developer and a newbie I got interested in a few different development fields I was at crossroads between choosing to pursue data science or web development I learned Python first because I heard that it is a beginner friendly language So what can go wrong It took me almost two months and I didn t go far beyond of the programming because it didn t click And I got frustrated Rather than stick to my learning I switched to the other course I am a visual person So the fact that I could see Hello World rendered on the page for the first time with HTML made my heart jump with excitement After trying a couple of languages I found where my bigger interest lies You can read this developer roadmap to give you clearer insight if you haven t found your niche Stick to your choice and go deepAfter trying several languages and finding your niche stick and go deep into it Get good at it As it takes a lot of time and effort to be a successful programmer so go deep as you can and try to become a master at one portion or a language Once you find the best fit for you then start with it Find your best time to learn and create a structureI started to learn to code alone At that time learning in the morning or during the day was almost impossible So outside her nap time I found another time that works for me And it is around PM after everybody in the house sleeps Most of the time I m already exhausted But I will intrigue myself to sit and learn for at least half hour which usually will increase to one or two hours And the learning structure that works for me is to practice what I ve learned the day before Then I add one or two new topics daily instead of cramming some new knowledge Don t memorize the code just understand how things workYes don t memorize the code just try to understand how code works and internal behaviour so you will get a deep knowledge Good to know Senior developers would still google things Because no one knows everything Try to understand the concept and the flow And google the rest also the syntaxes when you get lost as in the programming world every individual does googling every day to find his her answers so that s not the issue Ask questions or helpI was uncomfortable asking questions because I felt like my questions were very beginner or it was stupid questions Or I could get Have you Google it Little did I know that those thoughts were only playing in my head It took me a long time to finally threw my first question And when I finally did it wasn t as bad as I thought The first time I asked a question I threw it on Twitter To my surprise I received answers and some people even offered to walk through the codes with me The courses that I took provide Discord channels for their students I started to feel more confident in asking questions or asking for help when I needed it there So don t hesitate When you get stuck for some time ask for help It could be on Twitter or on the Discord channels where you at This journey is supposed to be enjoyable make you grow and not make you frustrated for too long or even quit Create projectsA piece of advice that s always been given after learning something is Go build a project Self taught is often get trapped in tutorial hell It s a good practice that we code along with a tutorial rather than only watching and doing nothing But when it comes to building a project from scratch there would be times when we don t even know where to start Then we find ourselves getting back to a tutorial When you have an idea for a project build it and learn things on the go But when you don t know what to build try replicating the tutorial s project without playing it back Even better try to add some more features to the project When you get stuck google your problems to find solutions Give yourself half to one hour to search for it And only after you searched in that time frame and still don t find any solution ask for help or look back at the tutorial Don t let yourself get lost for too long and get demotivated Another tip when you build a project breaking tasks into smaller chunks would help you to finish your project quickly and you won t feel bored as this technique is called Divide and Conquer in DSA Research for Jobs related to your skillsIs your goal to land a job in the web development field Then before you go much further in your learning you better research job demands in your area My goal is to land a job as a full stack developer I learned by following the course s lessons ーHTML CSS JavaScript MongoDB Express and NodeJS without a front end framework After I finished the course six months later someone gave me the advice to do my research on web developer jobs in my area They said it would help me pick which front end framework I need to learn since I haven t discovered one The result was heartbreaking The on demand front end jobs in my area are React and Angular while the backend is Java PHP and NET C Based on my research the backend stack that I ve learned wasn t on demand So a slight change of plan has to be made React is what I m learning now to be a front end developer Find a popular and active communityWhen you are in a positive and supportive community you will gain much more than if you are alone You have people who genuinely care for you and support your journey You can ask questions get help when needed and have the whole community hold you accountable You can also help others who need your support in any way With community you will gain confidence and grow faster Be patient and kind to yourselfLearning to code is hard for everyone There would be times when you have a hard time understanding a concept There would be lots of times when you have trouble finding solutions You might cross paths with imposter syndrome When they come don t be too hard on yourself Take a break Pat yourself on the back Remember where you are today is one step ahead of where you were yesterday Don t compare yourself with anybody else The only comparison is who and where you are now and before Be kind to yourself always Last but not the leastBe patient and consistent as it takes a lot of time and effort to be a champ as no one becomes a master in one day It takes time to build a great personality Just trust the process I hope you find the above tips helpful and I wish you a pleasant journey in your learning Feel free to add your tips and experience as a self taught developer in the comment below Thanks for reading	2022-11-07 17:05:35
Apple	AppleInsider - Frontpage News	Poweradd Pro Portable Charger review: Attractive portable charging	https://appleinsider.com/articles/22/11/07/poweradd-pro-portable-charger-review-a-modern-portable-charger-for-your-apple-devices?utm_medium=rss	Poweradd Pro Portable Charger review Attractive portable chargingYour iPhone may already get you through the work day but the Poweradd Pro Portable Charger pairs ease of use and design to go even further The charger ships with the charger itself and a USB C to USB A charging cable to charge either the power bank or one of your devices There are multiple portable chargers to choose from but with a sleek design Fast Charging and an affordable price the Poweradd Pro Portable Charger may be the one to get Read more	2022-11-07 17:50:16
海外TECH	Engadget	Apple's latest 11-inch iPad Pro has received its first discount at $749	https://www.engadget.com/apple-ipad-pro-11-inch-m2-has-received-its-first-discount-at-749-174915244.html?src=rss	Apple x s latest inch iPad Pro has received its first discount at Apple s latest inch iPad Pro has received its first discount with both Amazon and B amp H dropping the GB version of the new tablet down to That s a modest off and still rather expensive but Apple only launched this refresh a couple of weeks ago If you were already planning on picking up the device ahead of the holidays this deal lets you save a few bucks over buying from Apple directly Just know that the deal only applies to the Space Gray model The new iPad Pro is a minor refresh compared to the previous model that launched in The main upgrades are a processor bump ーthe M SoC powering last year s model has been replaced by the M SoC first seen in this year s MacBook Air and inch MacBook Pro ーand a new feature for the second gen Apple Pencil that lets you preview inputs and effects with the stylus just by hovering it over the display There s support for WiFi E and Bluetooth networking too instead of WiFi and Bluetooth That s about it though The M chip is a nice raw performance bump for media editing and general futureproofing but the M is still more than powerful enough for most things people would do with an iPad and the tablet s design and accessory support is otherwise unchanged The last gen inch iPad Pro is on sale for as of this writing so if you re willing to buy an older model to save a bit more cash that remains a worthwhile option That said if you want the latest and greatest the model is still a superb piece of hardware We gave it a review score of last week While the more affordable iPad Air offers enough of the same features to be a better value for most ーespecially with it now discounted to ーthe inch iPad Pro continues to be a superior piece of hardware with support for a smoother Hz refresh rate higher maximum brightness much improved speakers and Face ID support It also starts with GB of storage the Air starts with half of that and you need to jump all the way to a GB model if you want to upgrade Doing that would currently cost you or at MSRP which makes the inch Pro s price a bit more competitive if still pricey nbsp The inch Pro is still overkill for most people s iPad needs and even with iPadOS new Stage Manager multitasking feature it won t fully replace most people s MacBooks The basic inch iPad is probably still the best overall bargain for casual iPad users but that s almost a different class of device at this point The inch Pro also lacks the brighter and noticeably more vibrant mini LED display of the more expensive inch Pro However this is still a strong choice for power users or serious artist types who are looking to upgrade from an aging iPad Air or iPad Pro It s possible we ll see a larger discount over Black Friday but we wouldn t expect it given that the device just released In other iPad deals the cellular version of the th gen iPad is also on sale at off in yellow We see these kind of minor Apple deals from Amazon fairly often but again this is the first discount to date for a brand new model Our review found that one trickier to recommend in the context of the wider iPad lineup but if you need a cellular tablet and can live with a non laminated display and first gen Pencil support it may be of interest Get the latest Black Friday and Cyber Monday offers by following EngadgetDeals on Twitter and subscribing to the Engadget Deals newsletter	2022-11-07 17:49:15
海外TECH	Engadget	The best projectors you can buy in 2022, plus how to choose one	https://www.engadget.com/best-projectors-123004354.html?src=rss	The best projectors you can buy in plus how to choose oneProjectors have come a long way from the clunky dim models of the past The latest models are brighter sharper more discreet and easier to install than ever They also deliver a picture size you could never get on a TV without spending a fortune With all that the best projectors are highly desirable for home theater buffs who want a true cinematic experience at home Over the last year we ve seen models bright enough to use in a normal room short throw models that take up very little space and have built in sound bars and better picture quality than ever with K and Dolby Vision features Better still you can now get K HDR models that can project up to a inch image for as little as That s around the same price and over double the size of a decent inch TV giving you something close to true movie theater immersion with a home theater projector There are a lot of different types of projectors though ranging from ultra short throw to portable to long throw There are also a lot of terms to understand like lens shift LCD vs DLP laser vs lamp illumination and more This guide will help you understand all that so that you can purchase the best projector for your needs within your budget The technologyHere are the basics Projectors generally use two types of technology LCD and DLP They re fundamentally different systems with their own advantages and drawbacks The rise of ultra short throw projectors and brighter long throw models meanwhile has been powered by falling prices in laser illumination technology Lasers are a far better solution than lamps because they re brighter and last far longer ーup to hours instead of That s essentially a lifetime of use about years Most projector manufacturers now use DLPs or digital light processing units manufactured nearly exclusively by Texas Instruments TI The heart of the tech is an optical semiconductor called a digital micromirror device DMD that contains millions of aluminum mirrors Those tilt either toward the light source on or away from it off at up to times per second Budget projectors like BenQ s HTi use TI s inch DMD while higher end models like the Samsung Premium LSPT use the inch chip Both use mirrors that tilt by and degrees for white and black but TI recently unveiled a new inch K capable DMD with degrees of tilt which should enhance both brightness and contrast DLP projector makers include LG Optoma LG BenQ and Panasonic The benefits of the tech are portability high contrast less fringing and cheaper projectors especially K and ultra short throw models The biggest drawback is the rainbow effect or bright red blue green artifacts that affect some viewers more than others LCD tech meanwhile uses a prism to split a light source into red green and blue beams Those then pass through LCD displays containing the image and converge via another prism before passing through the projector s lens Epson is the primary user of LCD tech along with Sony Sanyo and others LCD projectors tend to be sharper more efficient and more color accurate but have lower contrast ratios and can experience image degradation over time In general they re also more expensive What to look for in a projectorUltra short throwSince the last time we updated our guide ultra short throw projectors have become the hot new category offering several benefits You can mount them close to the wall like a TV with no need to run wires through the walls and ceiling but still get an immersive image as large as inches ーsomething that s impossible with a TV unless you re very rich They use brighter lasers that never need to be replaced ーand because laser light is collimated focusing is eliminated They re also physically less awkward to install than a ceiling mounted projector though that doesn t mean installation is super easy To get the perfect screen fit and alignment you must place them an exact height and distance from your wall or screen This can be quite a pain as I ve discovered You also need a perfectly flat wall or projector screen because ultra short throw projectors beam up at an acute angle so any imperfections will show as shadows For that reason you can t use a roll down screen because they have slight ripples For the best results particularly with a lot of ambient light you should use an ambient light rejecting ALR screen Those have small ridges that reflect light from below back to your eyes but absorb any light ie ambient light that comes from above For one of those you ll need to budget at least and way up Some projectors including models from Epson and HiSense come with ALR screens Elite Starling Brightness and contrastHome theater projectors generally range in brightness between to lumens but you ll need to take those figures with a grain of salt Some models might actually hit lumens or more but cranking the lamp to that level will hurt the image quality and lifespan of your bulb Also some manufacturers tend to exaggerate maximum brightness As a point of reference many K flat panel TVs nowadays can hit nits of brightness but the brightest consumer projectors only display between and nits from the screen That s not as big a deal as it might seem because projector images are much larger and meant to be used in dark rooms where your eyes will automatically adjust to the light and “brighten the image Contrast is also substantially different on projectors Unlike OLED TVs projectors don t allow for zero black levels because of ambient light reflections and other reasons You also can t have local dimming zones found on LED TVs for true blacks Some projectors do have a dynamic iris to improve the contrast scene by scene but those can often produce a “pumping effect with the image dimming or brightening in mid scene Mounting and fan noiseA big advantage of regular long throw projectors is that you can mount the projector and screen on the ceiling using zero space in your room If you plan to do that don t forget to budget for a mounting bracket and any necessary long cables including extra power for Google s finicky Chromecast Also keep in mind that it s easier to mount a lightweight projector and DLP models are usually lighter than those with LCD tech Some projectors are noisier than others and usually the more you spend the less noise you get Many of the new K DLP projectors when operating in K mode are particularly noisy There s one other cool thing if you have a portable projector or even one that is relatively easy to take down and put up you can take it outside for magical night screenings under the stars HDR and resolutionAs related to projectors these things could each take up an entire article In fact they have ーfor a deeper dive take a look at Projector Central s excellent takes on HDR and resolution On the resolution front only expensive projectors have native K resolution indeed most movie theaters still use K projectors for various reasons However there are many relatively inexpensive DLP projectors that use pixel shifting to attain K resolution That system emits each pixel four times while moving it to the correct position for a K image all in less than th of a second As such it puts as many pixels on the screen in the same amount of time as a K native projector ーand visually it performs nearly as well On the other hand Epson s LCD “K enhanced projectors also have p native resolution but the image is just shifted twice not four times So those projectors are not K natively or otherwise but do produce double the pixel count of a p projector If you really want a K native projector you ll have to pay two of the cheapest ones are Sony s VPL VWES and JVC s DLA NX HDR is a very different animal on projectors compared to TVs As mentioned projectors can t produce anywhere close to the amount of light required nits to qualify as true HDR Rather they use a technique called tone mapping to fit the entire HDR gamut into a lower brightness range For that reason among others almost all projectors only support HDR Only one uses Dolby Vision the Xiaomi Laser Cinema only available officially in China and just a couple of models work with Samsung s HDR ーand those are Samsung s own Premiere K models However most support a wider bit color gamut that allows for superior color reproduction Samsung OpticsIf you re mounting a short or long throw projector between five and feet you might need to consider the zoom range and whether the projector has a lens shift option A decent zoom range will make it easier to mount the projector where you want with the screen size that you want Lens shift meanwhile is used if the projector is mounted higher or lower relative to the screen than recommended by the manufacturer or any horizontal distance off center That creates a trapezoidal shaped image but by dialing in some lens shift you can optically square it up Otherwise you might have to use a keystone correction which digitally stretches or shrinks part of the image resulting in noticeable distortion or pixel artifacts Digital correction might not work in gaming modes either for some projector models GamingIf you re interested in a projector for gaming you ll want to look up the refresh rate and input lag figures Some new projectors from Viewsonic Optoma and others offer up to Hz p refresh rates and input lag settings down to or milliseconds However some projectors designed more for home entertainment have very poor input lag and refresh rates at just Hz Portable projectorsFinally portable projectors have become popular enough to merit discussion this year They re relatively cheap compact and portable and can run on batteries making them ideal for entertainment outside or while camping They re not nearly as bright as other projectors of course but are more designed for a fun night of entertainment under the stars Engadget picksAs with previous updates I m dividing projectors into ultra short throw and long throw categories As mentioned ultra short throw models have rapidly established themselves in the market due to the extra performance and convenience and all manufacturers sell at least a couple of models Within the ultra short throw category We ll compare two price categories under and with three projectors each In the long throw category we re again looking at projectors under and with three products in each range Finally we ll take a look at the best portable projectors Ultra short throw projectors under LG CineBeam HUQLG s nice looking HUQ is the new king of ultra short throw UST projectors due to the picture quality tech on offer and reasonable price With a hour laser light source it delivers ANSI lumens along with accurate colors across percent of the DCI P gamut enough for most HDR content And speaking of that it supports both HDR and HLG along with frame by frame tone mapping Rival models offer similar specs but the HUQ trumps them in sound and technology The watt way stereo speakers are great on their own but you can supplement them with Bluetooth speakers from LG and nearly any other brand to create surround sound The standout feature though is LG s webOS smart TV capabilities that give you Netflix Disney Amazon Prime and other apps all with full K HDR support and surround sound including eARC output for Dolby Atmos and lossless audio It also supports HDMI and better still full K x rather than just UHD Buy LG CineBeam HUQ at Amazon Optoma CinemaX P Steve Dent Engadget Optoma s CinemaX P made our list last year but it s still a great choice because the price has dropped considerably It delivers lumen brightness impressive contrast ratio and accurate colors with percent DCI P coverage It s not quite as sharp as the pricier projectors as it uses TI s inch rather than inch DLP tech though you ll still get a near K image The CinemaX P may also better match your decor as it comes in white rather than dark grey like the P The watt NuForce Dolby Digital soundbar is one of the best on any ultra short throw projector as well On the downside it does offer apps but they re not as good as you ll find on say Google s Chromecast Buy Optoma CinemaX P at Amzon BenQ ViBenQ s first UST laser projector is at the top end of the price scale at but it offers some impressive capabilities Light output is a bright ANSI lumens and it delivers a full percent DCI P coverage for as good an HDR experience as you can get on a projector You also get a Filmmaker Mode to see colors as the directors intended It s powered by Android TV so you get all the streaming services and apps you want along with apps games and more The downside is the lack of decent speakers as it only offers dual watt speakers with clear sound but limited bass Buy BenQ Vi at Amazon Epson EpiqVision Ultra LSWIf you re okay with p projection Epson s EpiqVision Ultra LSW is a very interesting option because of the design excellent sound built in Android TV and extreme ANSI lumen brightness That allows for a wide color gamut with no rainbow effect excellent connectivity and very good sound without the need to buy a soundbar or surround sound system Best of all it s priced at just making it one of the cheaper short throw projectors out there Buy EpiqVision Ultra LSW at Amazon Ultra short throw projectors under Samsung Premium LSPTUltra short throw projectors are a hot enough entertainment category that Samsung decided to re enter the market with two models as part of its Lifestyle TV series The LSPT is the premium model and it certainly brings some premium specs With separate red green and blue lasers it covers percent of the full Rec color range percent of DCI P ーsomething we ve rarely if ever seen on any TV or even pro monitor It delivers a very bright lumens and a ANSI contrast ratio As it uses TI s higher resolution inch DLP chip with pixel shifting you get as close as you can to true K without investing in a native K projector Finally the LSPT is the first projector on the market rated for HDR ーSamsung s answer to Dolby Vision On top of all that the LSPT delivers watts of audio using Samsung s Acoustic Beam technology while offering Samsung s well regarded Tizen powered Smart TV platform Buy Premium LSPT at Amazon Epson EpiqVision Ultra LS Epson If you need the brightest possible image Epson s LCD powered EpiqVision Ultra LS delivers It s rated at up to lumens making it one of the brightest ultra short throw projectors in any price range It also supports HDR modes in HDR and HLG and is sold with both inch and inch ALR screens making the price effectively lower The main drawback is that it only offers double the pixels of p rather than four times like competing DLP tech It also offers a relatively weak watt built in speaker system Buy EpiqVision Ultra LS at Amazon HiSense LGThis is HiSense s new flagship UST that uses a tricolor laser to achieve high brightness ANSI lumens and an incredible percent BT HDR coverage topping even Samsung s formidable LSPT It has a powerful W Dolby Atmos sound system and built in Android TV with Google Assistant and Alexa Best of all that price includes a inch ALR Daylight screen or for an extra you can get it with a inch ALR cinema screen Buy HiSense LG at Amazon Projectors under Viewsonic PX KThere are very few K projectors available under and Viewsonic s PX K is one of the most recent For the money it offers impressive performance You get K HDR with lumens of brightness via TI s inch DLP chip More importantly for gamers you can get a p signal at up to Hz with a millisecond input lag time The drawbacks are a limited x optical zoom so you ll need to make sure it fits in your space Buy Viewsonic PX K at Amazon BenQ HTA BenQ For around the BenQ HTA is still one of the best budget p projectors It delivers where it counts with the best contrast ANSI and color accuracy in its class and is reasonably bright as well with lumens in vivid mode On top of that it comes with a x zoom and vertical lens shift option for maximum installation flexibility The drawbacks include slightly excessive fan noise rainbow effect and red tinted D Buy BenQ HTA at Amazon Optoma HDXIf you re looking to spend a little less the Optoma HDX is your best option Using DLP tech it delivers p at up to lumens with excellent brightness color accuracy contrast and black levels You also get decent millisecond input lag for gaming The drawbacks are a single HDMI port x optical zoom and poor built in audio Buy Optoma HD X at Amazon Projectors under BenQ HTiBenQ s K HTi is an update to last year s HT but with a huge addition Android TV With that you get multi platform wireless projection from Android and iOS devices via Chromecast or Airplay ーa huge plus compared to rival projectors As before it offers reference quality K color reproduction in both HDR and SDR that s a match for projectors costing triple the price Contrast is excellent thanks to the dynamic iris though brightness is limited to lumens It has a x zoom and vertical lens shift option plus a surprisingly good built in speaker The fan noise is still present but less than before If brightness is more important than picture quality take a look at BenQ s TKi instead It also comes with Android TV but delivers far more brightness lumens in exchange for less color accurate picture quality Buy BenQ HTi at Amazon Optoma UHD Optoma For extra brightness and speed for gaming the answer is Optoma s all new K capable UHD It cranks the lumens up to and like the Viewsonic PX K offers Hz gaming at p with one of the lowest latency figures we ve seen yet in a projector at milliseconds Otherwise you can do K Hz gaming with milliseconds of lag which is very quick for K It s optimized more for gaming than entertainment unlike BenQ s HTi but it can still handle HDR and HLG It supports both zoom albeit just x but also vertical and horizontal lens shift Buy Optoma UHD at Amazon Epson Home Cinema K ProEpson s Home Cinema K Pro is the Cadillac of under K home projectors thanks to features like lumen brightness dynamic iris and motorized zoom x focus and lens shift This Epson projector delivers in picture quality too covering percent of the DCI P color space in cinema mode with both HDR and HLG It also offers near K quality using x LCD image chips with pixel shifting The drawbacks are lack of support for Hz K due to the HDMI ports If you need that want to pay a bit less and don t care about the motorized focus Epson s Home Cinema K Pro is the way to go It offers similar features like HDR and HLG but supports K p thanks to the HDMI b ports There s no motorization and the zoom drops to x but it supports generous tilt shift and zoom ranges Buy Home Cinema K Pro at Amazon Projectors under Epson Home Cinema LS laserFans of Epson s LCD projectors will be interested in this model which received a big update in the form of a laser light source That bumps the brightness to ANSI lumens and the three p LCDs use a pixel shifter to quadruple the resolution to something close to true K It offers very accurate colors with HDR and HLG capability but is also great for gaming thanks to the Hz refresh rate millisecond input lag and HDMI support You also get a way motorized lens scene adaptive correction and more for Buy Home Cinema LS at Crunchfield Optoma UHZLVOptoma s UHZLV also uses a long lasting laser light source to deliver a lumen image much brighter than any lamp powered projector It also delivers true K resolution up to p thanks to the TI inch DLP chip The extra brightness and contrast make it ideal for HDR or HLG content It also comes with desirable features for a long throw projector like a x zoom and vertical lens shift Buy Optoma UHZLV at B amp H LG CineBeam HUPW K LG Speaking of long throw laser projectors LG s CineBeam HUPW is another excellent pick at a much lower price point There are some compromises as the laser light pushes out a lower lumens that s still a lot and it has a smaller inch DLP chip that delivers slightly lower perceived resolution However it has dual blue and green lasers which help it deliver accurate HDR colors with an excellent percent DCI P coverage It also offers a x zoom with lens shift and an HDMI port that allows for K at p with up to bit color depth It comes with LG s webOS so it supports Amazon Prime Netflix Hulu and other streaming services without the need for a dongle Buy CineBeam HUPW K at Amazon Sony VPL VWESIf you re looking for a true native K projector Sony s VPL VWES is the least costly option out there It s by far the sharpest K projector in this roundup thanks to Sony s proprietary K SXRD native DCI K x panels It also delivers extremely accurate colors with percent DCI P coverage and HDR HLG support You also get niceties like a zoom lens with powered zoom lens shift and focus The main drawback is a relatively dim lumen brightness but it s a top pick if picture quality is paramount above all Buy Sony VPL VWES at Amazon Best budget portable projectorsXgimi MoGo ProXgimi is a relatively new brand but has started to gain traction thanks to its lineup of portable projectors The best of those is the MoGo Pro which can be powered by a battery with two hours of playtime and is small enough to fit in a backpack But this mini projector still delivers a detailed and reasonably accurate p image while offering automatic focus and vertical keystone adjustment It even comes with Android TV giving you all the streaming options you can need all for Buy Xgimi MoGo Pro at Amazon BenQ GSBenQThis model is designed specifically for outdoor entertainment so it s battery powered and splash and shock resistant making it a good choice for backyard movies or sports events camping and more It s also one of the brightest portable projectors out there It only delivers p resolution but it does come with a streaming app in the form of Aptoide TV Buy BenQ GS at Amazon Anker Nebula Solar HDThis p projector has a pretty rich feature set considering the price including a battery This portable projector delivers lumens for reasonably bright outdoor use has a reasonably powerful xW speaker system with Dolby Digital Plus comes with Android TV and has a built in stand for easy adjustment Buy Anker Nebular Solar HD at Amazon	2022-11-07 17:05:27
海外科学	NYT > Science	Switzerland Is Paying Poorer Nations to Cut Emissions on Its Behalf	https://www.nytimes.com/2022/11/07/climate/switzerland-emissions-ghana-peru-ukraine-georgia.html	Switzerland Is Paying Poorer Nations to Cut Emissions on Its BehalfThe agreements raise concerns that other countries will follow suit delaying more difficult cuts of greenhouse gas emissions in wealthier nations	2022-11-07 17:18:22
海外科学	NYT > Science	Climate Conference to Debate Whether Rich Nations Will Pay for Damage	https://www.nytimes.com/2022/11/06/world/africa/climate-talks-cop27-egypt.html	Climate Conference to Debate Whether Rich Nations Will Pay for DamageFor the first time the conference agenda will officially include the divisive issue of compensation by large nations responsible for the bulk of emissions	2022-11-07 17:01:00
海外科学	NYT > Science	Big Tobacco Heralds a Healthier World While Fighting Its Arrival	https://www.nytimes.com/2022/11/06/health/tobacco-fda-menthol-ban-nicotine.html	Big Tobacco Heralds a Healthier World While Fighting Its ArrivalThe industry continues to fight efforts to restrict certain products like spending heavily to urge California voters to overturn a law banning tobacco flavors	2022-11-07 17:03:57
金融	金融庁ホームページ	「企業内容等の開示に関する内閣府令」等の改正案について公表しました。	https://www.fsa.go.jp/news/r4/sonota/20221107/20221107.html	企業内容等の開示に関する内閣府令	2022-11-07 17:01:00
ニュース	BBC News - Home	UK drops plans for £250m national flagship yacht	https://www.bbc.co.uk/news/uk-politics-63547568?at_medium=RSS&at_campaign=KARANGA	boris	2022-11-07 17:11:45
ニュース	BBC News - Home	Grenfell Tower fire: Relatives want national remembrance day	https://www.bbc.co.uk/news/uk-england-london-63546256?at_medium=RSS&at_campaign=KARANGA	daythey	2022-11-07 17:28:26
ニュース	BBC News - Home	Stolen $3bn Bitcoin mystery ends with popcorn tin discovery	https://www.bbc.co.uk/news/technology-63547765?at_medium=RSS&at_campaign=KARANGA	bitcoin	2022-11-07 17:07:35
ニュース	BBC News - Home	Just Stop Oil: Dozens of activists arrested over M25 protest	https://www.bbc.co.uk/news/uk-england-london-63539967?at_medium=RSS&at_campaign=KARANGA	junctions	2022-11-07 17:13:03
ニュース	BBC News - Home	Just Stop Oil: What is it and what are its goals?	https://www.bbc.co.uk/news/uk-63543307?at_medium=RSS&at_campaign=KARANGA	april	2022-11-07 17:50:44
ニュース	BBC News - Home	Injured Jordan Nobbs and Lauren Hemp withdraw from the England squad	https://www.bbc.co.uk/sport/football/63548076?at_medium=RSS&at_campaign=KARANGA	england	2022-11-07 17:38:49
ビジネス	ダイヤモンド・オンライン - 新着記事	「英単語1000個を30分で覚える」京大で出会った天才・変人たち - 逆転合格90日プログラム	https://diamond.jp/articles/-/312486	逆転	2022-11-08 02:55:00
ビジネス	ダイヤモンド・オンライン - 新着記事	米中間選挙、黒人・中南米系でも「民主離れ」＝WSJ調査 - WSJ発	https://diamond.jp/articles/-/312528	中間選挙	2022-11-08 02:12:00
GCP	Cloud Blog	For a successful cloud transformation, change your culture first	https://cloud.google.com/blog/products/identity-security/culture-comes-first-in-cloud-transformations/	For a successful cloud transformation change your culture firstTwenty years ago organizations discovered the magic of server virtualization Among the many benefits of virtualization it heralded the end of the need for one physical server per application and the beginning of managing software defined infrastructure It helped automate building and installing systems and it helped lay foundations for today s Continuous Integration Continuous Delivery mechanisms and DevOps practices However the adoption of virtualization was not always smooth and several hurdles stood in its path Today s organizations are facing similar obstacles in their journey to the cloud   Organizations that wanted to virtualize their server environment two decades ago faced a significant challenge that was neither technical nor budgetary but organizational stretching across IT teams and beyond The first team to be concerned about virtualization was the one in charge of installing the physical servers in the racks of the datacenter managing the physical network connections and operating environmental controls such as HVAC and power systems These tasks were drastically reduced if not outright eliminated  The second team affected by this shift in technology was the one responsible for installing the operating system and running the post install procedures Their job almost completely disappeared as most virtual machines were automatically instantiated from templates   As a result successful adoption relied on the ability to smooth these organizational changes Along the way training the staff and making sure they acquire the new skills necessary to operate the virtualization infrastructure was critical And usually the affected teams eventually found that their new responsibilities were different but still essential to the organization and perhaps even more appealing Virtualizations lessons for cloud transformation regulatorsDiscussions on virtualization didn t end with these internal changes when organizations were operating in a regulated environment They needed to engage closely with their regulators Regulated organizations often considered the hypervisor solely as an additional layer of software with potential vulnerabilities  This viewpoint raised risks such as virtual machine escape that didn t exist with physical servers Even if this is taken into account and the risks mitigated it should have been considered in balance with all the benefits of machine virtualization including security benefits such as asset identification harmonization and smoother patch management While the relevance and benefits of virtualization are now widely accepted history has repeated itself as similar issues have arisen for organizations facing cloud migrations When large cloud service providers CSP began supporting critical workloads for their customers regulators increased their oversight over CSPs and issued guidance concerning cloud adoption This happened in the European financial sector with guidelines from the European Supervisory Authorities European Banking Authority European Securities and Market Authority and European Insurance and Occupational Pensions Authority and the coming Digital Operational Resilience Act regulation  These regulations can help establish trust between providers and customers As regulator decisions are vital for organizations there is an opportunity now with cloud technology to balance the risks with the benefits and take into consideration all the ways CSPs can help organizations improve their overall security and compliance levels  Cultural transformation can drive cloud transformationAnother similarity between cloud transformation and the journey to virtualization is the required internal transformation When an organization decides to start its journey to the cloud training its staff with the new technology and tools is a necessary step but probably not the first nor the most arduous to make A change of mindset is paramount to fully incorporate all the cloud benefits in particular regarding security  This new approach begins with a deep transformation at the organizational level Organizations should avoid viewing the cloud as a datacenter because there s so much more potential to cloud technology This new approach and its accompanying organizational transformation is driven by two factors The burdens that the CSP removes from the customer and the new flexibility that software defined infrastructure brings to the table  The CSP directly manages several tasks and services and their security which means that they re no longer a direct concern for the customer These responsibilities include data center management security hardened hardware default encryption for data at rest and data in transit and resilient network management Since all the infrastructure used by the organization to manage its workloads is software defined it brings much more flexibility to what can be done with it Software defined infrastructure can more easily enable security guardrails and continuous compliance that weren t possible before  While there s a temptation to approach an organization s cloud transformation as merely a “lift and shift operation from on premises infrastructure the reality is that approach reduces the potential gains a cloud transformation can bring to an organization Moving systems to the cloud accounts for a small portion of the potential impact while updating the mindset can be truly transformational Development architecture and security processes need to be rebuilt this inevitably requires a deeper transformation of the organization The next step is to transform the operations to align them with the overall organization and the new defined processes operationalize CI CD and build DevOps practices After that the technological gap will be adjusted moving the new tools and teaching teams how to best use them  The important point here is the order of the transformation to manage organization operations and technologies O O T and not the other way round T O O Of course these three steps should not be considered completely sequential as technology plays an important role in the organization and the operations However it is essential to support the development of personnel and frameworks to take full advantage of the transformation opportunity rather than primarily focusing on the tooling   In addition at Google Cloud we believe in a shared fate that goes far beyond the usual shared responsibility model We think it is part of our duty to help our customers to achieve their goals in their scope of responsibility We prepare secure landing zones and guide the customers we bring transparency to security controls and help them with cyber insurance  Our shared objective with our customers is to continuously improve security Our Google Cybersecurity Action Team initiative helps us to be engaged alongside our customers provide them with necessary guidance support them in their security and compliance strategies and assist their organizational and operational transformation in their cloud journey Listen to a related podcast “How to Apply Lessons from Virtualization Transition to Make Cloud Transformation Better Listen to “Preparing for Cloud Migrations from a CISO Perspective Part Read “The journey to the cloud mitigates enterprise risk Also review “Megatrends drive cloud adoptionーand improve security for all Visit Google Cybersecurity Action Team websiteaside block StructValue u title u Cloud Security Podcast u body lt wagtail wagtailcore rich text RichText object at xecefac gt u btn text u Listen now u href u u image None	2022-11-07 17:30:00