投稿時間:2022-11-11 17:28:57 RSSフィード2022-11-11 17:00 分まとめ(32件)

カテゴリー等 サイト名等 記事タイトル・トレンドワード等 リンクURL 頻出ワード・要約等/検索ボリューム 登録日
IT 気になる、記になる… Twitterの有料プラン「Twitter Blue」が日本国内の一部ユーザーでも登録可能になったとの報告例 − 月額料金は900円 https://taisy0.com/2022/11/11/164910.html twitter 2022-11-11 07:47:55
IT 気になる、記になる… Amazon、音楽聴き放題サービス「Amazon Music Unlimited」の3ヶ月無料キャンペーンを実施中(1月11日まで) https://taisy0.com/2022/11/11/164907.html amazon 2022-11-11 07:41:24
IT ITmedia 総合記事一覧 [ITmedia News] 楽天モバイル、プラチナバンド24年3月からの開始を目指す 終了促進措置は「使わない」 https://www.itmedia.co.jp/news/articles/2211/11/news138.html itmedia 2022-11-11 16:37:00
IT ITmedia 総合記事一覧 [ITmedia Mobile] 楽天モバイルの契約数、455万に 6月末時点から22万減 https://www.itmedia.co.jp/mobile/articles/2211/11/news139.html itmediamobile 2022-11-11 16:34:00
IT ITmedia 総合記事一覧 [ITmedia Mobile] 楽天モバイル、2024年3月に「プラチナバンド」運用開始を目指す https://www.itmedia.co.jp/mobile/articles/2211/11/news134.html itmediamobile 2022-11-11 16:27:00
IT ITmedia 総合記事一覧 [ITmedia PC USER] ベンキュー、360Hz駆動に対応した24.5型ゲーミング液晶「XL2566K」 https://www.itmedia.co.jp/pcuser/articles/2211/11/news135.html itmediapcuser 2022-11-11 16:26:00
IT ITmedia 総合記事一覧 [ITmedia News] 「呪文詠唱で天地創造」 音声からメタバースを自動生成するAI スタートアップがデモ動画公開 https://www.itmedia.co.jp/news/articles/2211/11/news132.html itmedia 2022-11-11 16:10:00
AWS AWS Japan Blog Amazon EKS の包括的なオブザーバビリティを実現する AWS Observability Accelerator https://aws.amazon.com/jp/blogs/news/announcing-aws-observability-accelerator-to-configure-comprehensive-observability-for-amazon-eks-jp/ abilityacceleratortoconfi 2022-11-11 07:16:47
js JavaScriptタグが付けられた新着投稿 - Qiita Reactで制限時間バーを実装する https://qiita.com/oreoandrio/items/bcc891afac6537070428 react 2022-11-11 16:10:02
golang Goタグが付けられた新着投稿 - Qiita direnvで設定された環境変数はVSCodeで反映されない!?と思っていたら初歩的なミスでした。 https://qiita.com/10_tenk/items/7b5b0425dad5173f3cdd direnv 2022-11-11 16:59:12
技術ブログ Developers.IO NAT インスタンス用の AMI を Packer で作ってみた https://dev.classmethod.jp/articles/nat-instance-ami-packer/ packer 2022-11-11 07:15:41
技術ブログ Hatena::Engineering はてなのポッドキャスト Backyard Hatena #16 - 最強の現場リーダーへの道!(id:yigarashi) #byhatena https://developer.hatenastaff.com/entry/2022/11/11/170000 backyard 2022-11-11 17:00:00
海外TECH DEV Community AKS Security: 10 Proven Tactics for Securing Your Kubernetes Clusters https://dev.to/castai/aks-security-10-proven-tactics-for-securing-your-kubernetes-clusters-44fo AKS Security Proven Tactics for Securing Your Kubernetes ClustersKubernetes comes with many challenges and one of them is security Managed Kubernetes solutions like Azure Kubernetes Service AKS take many tasks off your plate but what about AKS security Teams can gain confidence here by implementing practices that have become industry standards and go to methods for the Kubernetes community Here are the AKS security practices you need to secure your clusters What is AKS security Azure Kubernetes Service AKS is a cloud based service for deploying managing and securing containerized applications on Kubernetes AKS takes care of control plane maintenance and health monitoring leaving you to manage and maintain worker nodes  Like any other managed Kubernetes service AKS still requires you to come up with a security plan for your deployment You re responsible for configuring secure configurations building security into the architecture setting up secure network communications within your cluster and maintaining other aspects of the system such as upgrade management To protect a cluster running on AKS users can leverage the built in security features in AKS and add some Kubernetes specific security best practices to the mix We cover the most important ones below Additionally it would help if you considered secure configurations recommended by the industry itself for example CIS benchmarks Basics of security for Azure Kubernetes Service AKS Pod and cluster securityAzure provides a number of predefined security policies that improve the security posture of your AKS clusters and pods One of the key best practices is based on limiting access to container operations and preventing root privilege escalations Luckily an Azure Policy add on for AKS allows you to install a managed instance of OPA Gatekeeper an open source Kubernetes admission controller  What exactly is Gatekeeper It works by checking every request that creates or updates a resource Also it supports RBAC integration with Azure Active Directory AD or other identity providers This brings fine grained access which is very similar to how you control access to other Microsoft Azure resources It additionally opens the door to logging and auditing on all of the API server operations Azure also provides tools for orchestrating cluster and component upgrades to the latest version of Kubernetes This helps you maintain compliance and security as well as get access to the latest Kubernetes features Both Kubernetes masters and agents are included in this upgrade orchestration as Azure upgrades each AKS node Network securityAKS provides security policies you can use to secure clusters and pods Some of these policies include  Ingress controllers use ingress controllers to say who can access internal IP addresses making internal IPs accessible only from your internal network  Filtering network traffic only allow network traffic from authorized networks based on IP address or namespace  Web application firewall WAF using the Azure WAF solution together with an egress firewall allows you to manage predefined routes in and out of an environment Network security groups implement finer grained control by applying security groups to AKS resources allowing specific ports and protocols based on source destination By default AKS creates a subnet level security group for your cluster Security groups change automatically when you add services such as load balancers port mappings and ingress routing  Master securityAKS manages maintains and provides the Kubernetes master components as part of its service AKS clusters include a single tenant Kubernetes master where you can find features such as the API Server and Kubernetes Scheduler  In AKS the API server has a public IP address with a domain name If you need to restrict API access you can limit access to specific IP ranges or create private clusters inside an Azure Virtual Network VNet All in all you end up managing access via RBAC and Kubernetes RBAC privileges proven AKS security practices Think twice about running containers in privileged modeDoes your deployment have containers running in privileged root mode This lets the container get access to important host resources and as a result brings about some security problems Don t run containers in privileged mode Alternatively you can turn the podSecurityPolicy on and then set the privileged parameter to false This is how you make sure that no container can run processes that require root privileges on the host Avoid sharing the host s IPC or network namespace Do your pods share the host s IPC or network namespace Sharing namespaces for pod and host interprocess communication can be tricky It poses a security issue because it may open access to this shared information  That s why it s an industry best practice to keep pods from accessing host namespaces because it lets network access to the host network from the pod As a result you re dealing with a broken network isolation  What can you do about it Set the hostNetwork parameter to false in PodSecurityPolicy and you ll sleep much better at night confident that your cluster is secure Make sure to isolate Kubernetes nodesAnother best practice is not exposing your Kubernetes nodes to public networks directly Instead locate your nodes on a separate network so they don t have any direct connection to the general company network  Isolate Kubernetes control and data traffic isolated so they don t flow through the same pipe Open access to the data plane means open access to the control plane which is bad news for AKS security Make sure to configure nodes with the help of an ingress controller and set it to only give access to connections from the master node via a specified port in the network access control list ACL Use Kubernetes Role Based Access Control RBAC Use RBAC to define who has access to the Kubernetes API and based on what permissions In Kubernetes and higher RBAC is usually enabled by default Since Kubernetes brings together authorization controllers you can disable the Attribute Based Access Control ABAC when you use RBAC To tighten your cluster security further pick namespace specific permissions over cluster wide permissions Even when you re debugging your application you should refrain from granting cluster administrator privileges If you do you risk compromising your container security Avoid using the root file system for container securityAre your containers running without a read only root file system Expect security issues to arise soon  Do yourself a favor and use a read only file system This helps to avoid all kinds of malicious binaries be it writing to a system or facing a system takeover Double check that your containers use only the read only file system and set the readOnlyRootFilesystem to true in Pod securityContext definition   Boost authentication and authorizationAnother best practice is integrating Kubernetes with a third party authentication provider to get an extra layer of security like multi factor authentication  For secure control plane access avoid managing users at the level of the API server but use the Azure Active Directory and Azure RBAC Choose OpenID Connect OIDC together with an SSO provider that you ve got if you can t get CSP IAM   Disable NET RAWIf your containers don t drop the NET RAW capability you might let in various networking exploits from inside the cluster To boost your AKS security take advantage of Policy Enforcement solutions such as Open Policy Agents Kyverno or Kubernetes Pod Security admission controller  Additionally you can set drop for ALL or NET RAW capabilities in the pod s securityContext definition This is how you ensure that the NET RAW capability is disabled Double check unsafe proc mount Containers with unsafe proc mount procMount Unmasked let others bypass the default masking behavior of the container runtime If you set your Kubernetes container with Unmasked proc mount type you might expose the host information to that container Why is that a bad idea You re looking at problems like data leaks or container escapes Set procMount Default to ensure your container doesn t expose any parts of proc Don t keep secrets in an environment variableIt s a good practice to have your secret outside an environment variable The reason for that is that other parts of your system can access environment variables Use secrets as files or leverage secretKeyRef to minimize threats You can also leverage Azure Key Vault service to store and access your secrets securely Develop a rolling update strategyTo keep your AKS security tight build a rolling update strategy Rolling updates allow deployment updates to minimize application downtime by updating pod instances with new ones incrementally  Another good practice is to run a vulnerability scan at runtime to prevent supply chain attacks That way you can see what really got to your cluster even if you carried out a scan of your deployment artifacts in the CI CD stage  If you re using third party tools you might install them via vendor provided scripts as a result bypassing security tools built into your CI CD Agent based security solutions give you more accurate and deeper insights than agentless ones Achieve AKS security with expert helpAs the Kubernetes ecosystem grows so do its security concerns To stay on top of emerging threats engineers must learn how to prioritize security issues and track them effectively  With CAST AI s Kubernetes Security feature you can scan your cluster against industry best practices Kubernetes recommendations and container security system benchmarks to identify vulnerabilities and set yourself up for success right from the start Scan your Kubernetes cluster against a curated list of configuration and security best practices and find out how to secure it optimally Check your Kubernetes cluster against configuration and security best practicesConnect your cluster and see your costs in min no credit card required Get startedReferences Kubernetes documentation Kubernetes documentation Kubernetes documentation Microsoft 2022-11-11 07:42:12
海外TECH Engadget UN initiative will use satellites to detect methane emission hotspots https://www.engadget.com/un-global-methane-detection-system-070057307.html?src=rss UN initiative will use satellites to detect methane emission hotspotsThe United Nations is betting that satellites could help the world catch up on emissions reductions The organization has unveiled a Methane Alert and Response System MARS that as the name implies will warn countries and companies of major methane emission releases The technology will use satellite map data to identify sources notify the relevant bodies and help track progress on lowering this output The initial MARS platform will focus on very large energy sector sources It ll gradually expand to include less powerful sources more frequent alerts and data from animals coal rice and waste Partners in the program such as the International Energy Agency and UN s Climate and Clean Air Coalition will provide help and advice The information also won t remain a secret as the UN will make both data and analyses public between to days after it s detected The system will get its early funding from the US government European Commission Bezos Earth Fund and the Global Methane Hub Both Bezos fund and GMH are backing related efforts such as studies on spotting and counteracting agricultural methane emissions This is the first publicly available system of its kind the UN claims It will theoretically lead to faster more targeted methane emissions reduction than you see today That could be crucial in the years ahead The UN warned at the COP conference that Earth was nowhere near limiting global warming to the degrees Celsius from the Paris Agreement As human released methane is both a major contributor to climate change about percent the UN says and quick to leave the atmosphere an effective use of MARS could help get environmental strategy back on track As you might imagine though MARS will only work if governments and businesses cooperate There s not much point to alerts if emissions contributors ignore them An oil company might be reluctant to spend the money need to fix its flaring for instance The UN can point out a problem using this system but it can t require action 2022-11-11 07:00:57
医療系 医療介護 CBnews 「かかりつけ医機能」手上げ方式検討へ-患者が選択、全世代型社会保障構築会議 https://www.cbnews.jp/news/entry/20221111161135 医療機関 2022-11-11 16:25:00
金融 金融資本市場分析 | 大和総研グループ TCFDに沿った情報開示の状況(戦略) https://www.dir.co.jp/report/research/capital-mkt/esg/20221111_023394.html 2022-11-11 16:15:00
金融 日本銀行:RSS フェイルの発生状況(10月) http://www.boj.or.jp/statistics/set/bffail/sjgb2210.pdf 発生 2022-11-11 16:30:00
海外ニュース Japan Times latest articles G20 leaders set for high-stakes summit amid war, rivalries and food insecurity https://www.japantimes.co.jp/news/2022/11/11/world/politics-diplomacy-world/g20-leaders-global-challenges/ G leaders set for high stakes summit amid war rivalries and food insecurityFrom food and energy insecurity to the Sino U S rivalry and the war in Ukraine Group of Twenty leaders will have their work cut out for 2022-11-11 16:35:39
海外ニュース Japan Times latest articles China eases quarantine and flight bans in ‘COVID zero’ pivot https://www.japantimes.co.jp/news/2022/11/11/asia-pacific/china-covid-zero-pivot/ China eases quarantine and flight bans in COVID zero pivotThe changes are the furthest reaching overhaul of China s approach and potentially marks the beginning of the country s move to rejoin a world that s living with 2022-11-11 16:28:27
海外ニュース Japan Times latest articles Leading firms join Japan’s ‘last chance’ push to reinvigorate domestic chip sector https://www.japantimes.co.jp/news/2022/11/11/business/japan-domestic-semiconductor-push/ Leading firms join Japan s last chance push to reinvigorate domestic chip sectorEight major companies have jointly invested to launch a new firm that is expected to play a key role in boosting the chip sector 2022-11-11 16:25:24
ニュース BBC News - Home Recession looms as UK economy starts to shrink https://www.bbc.co.uk/news/uk-63582201?at_medium=RSS&at_campaign=KARANGA financial 2022-11-11 07:53:44
ニュース BBC News - Home Just Stop Oil: M25 protests to be halted immediately https://www.bbc.co.uk/news/uk-england-essex-63594641?at_medium=RSS&at_campaign=KARANGA foreseeable 2022-11-11 07:35:36
ニュース BBC News - Home Cost of living: Shares jump in US and Asia as inflation cools https://www.bbc.co.uk/news/business-63593361?at_medium=RSS&at_campaign=KARANGA tackles 2022-11-11 07:34:46
ニュース BBC News - Home Twitter boss Elon Musk 'not above the law', warns US regulator https://www.bbc.co.uk/news/business-63593242?at_medium=RSS&at_campaign=KARANGA orders 2022-11-11 07:20:02
北海道 北海道新聞 北海道内で7911人感染 14人死亡 7日連続で前週上回る 新型コロナ https://www.hokkaido-np.co.jp/article/759157/ 北海道内 2022-11-11 16:20:49
北海道 北海道新聞 肥満4割、コロナ流行後に体重増 行動制限や外出自粛が影響か https://www.hokkaido-np.co.jp/article/759160/ 行動 2022-11-11 16:04:19
北海道 北海道新聞 道南550人感染 新型コロナ https://www.hokkaido-np.co.jp/article/759181/ 医療機関 2022-11-11 16:04:00
ビジネス 東洋経済オンライン イーロン・マスクが本来やりたいと思っている事 2社経営で奮闘していた2009~2013年に語った生声 | リーダーシップ・教養・資格・スキル | 東洋経済オンライン https://toyokeizai.net/articles/-/632346?utm_source=rss&utm_medium=http&utm_campaign=link_back twitter 2022-11-11 16:35:00
仮想通貨 BITPRESS(ビットプレス) おまえもしかしてまだFTXが死なないとでも思ってたんじゃないかね? ビットコイナー反省会 Ep.75 https://bitpress.jp/video/hansei/entry-13424.html 反省会 2022-11-11 16:59:01
仮想通貨 BITPRESS(ビットプレス) FTX Japan、行政処分に関するお詫びとお知らせ https://bitpress.jp/count2/3_11_13423 ftxjapan 2022-11-11 16:12:07
IT 週刊アスキー 1秒決済のスマートリング「EVERING」、新色「EVERING silver」の販売を開始 https://weekly.ascii.jp/elem/000/004/112/4112752/ 秒決済のスマートリング「EVERING」、新色「EVERINGsilver」の販売を開始EVERINGは、キャッシュレス決済ドア解錠機能搭載のスマートリング「EVERINGエブリング」に、メタリックな質感を楽しめる新色「EVERINGsilverシルバー」を追加、月日より公式オンラインストアとEVERING取扱い各店で販売を開始する。 2022-11-11 16:45:00
IT 週刊アスキー 楽天モバイル、無料終了の契約者数減少から逆転純増へ プラチナバンドは2024年3月開始が目標 https://weekly.ascii.jp/elem/000/004/112/4112773/ 楽天グループ 2022-11-11 16:40:00

コメント

このブログの人気の投稿

投稿時間:2021-06-17 22:08:45 RSSフィード2021-06-17 22:00 分まとめ(2089件)

投稿時間:2021-06-20 02:06:12 RSSフィード2021-06-20 02:00 分まとめ(3871件)

投稿時間:2021-06-17 05:05:34 RSSフィード2021-06-17 05:00 分まとめ(1274件)