IT |
InfoQ |
Java News Roundup: JDK 20 in Rampdown Phase 2, New JEP Drafts, JobRunr 6.0, GraalVM 22.3.1 |
https://www.infoq.com/news/2023/01/java-news-roundup-jan23-2023/?utm_campaign=infoq_content&utm_source=infoq&utm_medium=feed&utm_term=global
|
Java News Roundup JDK in Rampdown Phase New JEP Drafts JobRunr GraalVM This week s Java roundup for January rd features news from OpenJDK JDK JDK GraalVM TornadoVM Spring Cloud Azure Spring Shell and Spring Cloud Quarkus and Alpha Micronaut JobRunr MicroStream EA Hibernate CR Tomcat Groovy and Camel Quarkus JDKMon and Foojay io at FOSDEM By Michael Redlich |
2023-01-30 02:30:00 |
AWS |
AWS Japan Blog |
DAZN はイベントベースの動画ストリーミングを大規模にオーケストレーションするために AWS Step Functions をどのように利用しているか |
https://aws.amazon.com/jp/blogs/news/jpmne-how-dazn-uses-aws-step-functions-to-orchestrate-event-based-video-streaming-at-scale/
|
awsstepfunctions |
2023-01-30 02:54:28 |
AWS |
AWS Japan Blog |
デジタルトランスフォーメーション:なぜ、誰が、どの様にそして何を – パート2「誰が」 |
https://aws.amazon.com/jp/blogs/news/digital-transformation-the-why-who-how-and-what-part-2-the-who/
|
重要 |
2023-01-30 02:32:20 |
js |
JavaScriptタグが付けられた新着投稿 - Qiita |
【AWS】ローカルからプライベートサブネットにあるRDSに接続したい |
https://qiita.com/huntas0624/items/bfed6fa21d55bb929198
|
dbmysql |
2023-01-30 11:59:06 |
js |
JavaScriptタグが付けられた新着投稿 - Qiita |
【Illustrator】3点のパスポイントからなるpathItemの角度 |
https://qiita.com/comsk/items/76fee69dfb952e2db274
|
lengthampampselecteditems |
2023-01-30 11:27:57 |
AWS |
AWSタグが付けられた新着投稿 - Qiita |
【AWS】ローカルからプライベートサブネットにあるRDSに接続したい |
https://qiita.com/huntas0624/items/bfed6fa21d55bb929198
|
dbmysql |
2023-01-30 11:59:06 |
AWS |
AWSタグが付けられた新着投稿 - Qiita |
【AWS】VSCodeのターミナルからEC2の踏み台サーバを通してRDSに接続したい |
https://qiita.com/huntas0624/items/72ff2b3e08a0110a0f06
|
powershell |
2023-01-30 11:28:42 |
AWS |
AWSタグが付けられた新着投稿 - Qiita |
[クロスアカウント]S3バケット間でのS3sync(S3アクセスポイント編) |
https://qiita.com/Tsukasa_Ishimaru/items/f9f6888bb79f424cb37e
|
ssyncs |
2023-01-30 11:00:29 |
Docker |
dockerタグが付けられた新着投稿 - Qiita |
Laravelの開発環境をDockerで構築する |
https://qiita.com/Akihiro-Fujishima/items/af27578d235e61f4cd30
|
dockercomposeym |
2023-01-30 11:00:56 |
技術ブログ |
Yahoo! JAPAN Tech Blog |
ヤフーが実践するプロダクション環境でのカオスエンジニアリング |
https://techblog.yahoo.co.jp/entry/2023013030404798/?cpt_n=BlogFeed&cpt_m=lnk&cpt_s=rss
|
環境 |
2023-01-30 11:15:00 |
海外TECH |
DEV Community |
Build Networks with VLANs |
https://dev.to/aakhtar3/build-networks-with-vlans-1ldd
|
Build Networks with VLANsWhyWhatHow Infrastructure Administrator Game Laboratory Internet of Things Network Attachment Storage Dematerialized Zone Work Guest WhyHaving all devices on the same network introduces risk and network congestion Physically separating devices onto subnets and then bridging them together is complex Virtual Local Area Networks VLANs provide a way to keep all devices on the same physical network but will logically isolate traffic You wouldn t let strangers take a squat in your home so why should you let rouge devices on your network Properly identifying which device is who and what are they doing is important to reduce risks Each device can be identified by it s Media Access Control MAC address and be assigned a static Internet Protocol IP address and hostname You can easily spoof these but this is a layer in the defense in depth strategy Your firewall will identify VLANs through interfaces and can be used to quickly filter and debug network issues Grouping devices together into an interface will reduce broadcasts and improve network traffic by splitting into separate lanes P Each interface will have its own firewall rules on ingress and egress traffic There are many risks introduced when using a single Local Area Network LAN but here are a few examples AttackRiskTraffic SniffingUnencrypted traffic can be readOn PathMan in the middle can be passive or maliciousDNS ARP PoisoningCorrupted data on important network protocolsInternet of Things IOT Devices that have weak security or rouge services WhatQ is known as VLAN tagging Which adds a VLAN ID tag on the data frame When moving across the network this frame is tagged and untagged Be aware of VLAN hopping attacks this can be achieved by misconfigured VLAN tables and adding additional VLAN tags on the data frame but the data can not return in this situation networkacademy io HowThe goal of this guide is to learn about different types of networks by building the example network architecture using open source software When following this guide you should work on ONE network at a time Be patient patch to latest version of software firmware use different web browsers use commands ping ssh netstat route read logs and restart devices as a last resort Physical and Logical Network Diagram Networks WAN LAN VLANs PANs Wireless Frequencies GHz Wifi GHz Wifi ZigBee Channel GHz Bluetooth GHz Infrared INFRAThis is your most critical network because it will logically separate your network You should put physical safeguards on these devices You can achieve this by storing in a secure location disabling unused port and applying MAC address allow lists ADMINThis network should be limited to an administrator who will build monitor debug test and fix the network The admin s access should still be limited to a few ports You can do most task over Ping HTTP S and SSH SSH Tunneling Bluetooth devices such as wireless headphones will create a Personal Area Network PAN GAMEYou want to take advantage of prioritizing networks by moving this network to a lower priority using quality of service P Bluetooth controllers are on PAN with the consoles Infrared remotes also create a PAN with the receiver LABThis network is physically separated over a distance between four switches You should have a laboratory dev network to test on before making changes on other networks IOTIOT devices should be on GHz since they do not need high data caps and to lower broadcast interference In addition these devices can have poor security and can be exploited GHzmetageek comZigBee is using the GHz frequency but has multiple channels that overlap Wifi channels This frequency should be placed on a channel that won t get overpowered from wifi devices ZigBeemetageek com NASData is your Gold Network Attached Storage NAS so it need to be protected This is a private network meaning it has no access to any network including the internet Only a few devices should have access to the data ports To perform updates on the system and software you can forward proxy the requests through a NAT using filtered allow list of endpoints DMZThere are many ways to connect to a dematerialized zone DMZ a k a screened subnet and one wrong misconfiguration can be disastrous This type of network is open to the WAN Internet This can be used when you want to host a website file server or VPN concentrator WORKSometimes you need to work from home and you should avoid mixing network traffic with your personal network Your work network should be connected to your works network through a VPN GUESTGuests will need access to your internet so having a wifi only connection will serve this purpose You can send all egress WAN Internet traffic through a VPN So that you can provide them privacy and prevent your IP address from being associated with their network activity InstallationfirewalldnssiemwapTL TL TL firewall Specs Config VLANs Interfaces DHCP Aliases Rules Log Diagnostics firewall SpecsSoftware pfSenseHardware Protectli VaultQuad Core Switch PortAES NIGB RAMGB mSATA SSDThere are many hardware alternativesYou can also run pfSense on a virtual environment General ConfigYou should already have pfSense installed and configured on your Local Area Network LAN and connected to a Wide Area Network WAN Click General SetupAdd your local DNSSave VLANsAdd your VLANs with a priority and ID Click Interfaces AssignmentsAdd VLANsAdd Interfaces InterfacesYou will do this for each interface Edit InterfaceSaveApply Dynamic Host Configuration ProtocolYou will need to do this for each interface This protocol will assign IP address for each VLAN Click Services DHCP ServerEnable Dynamic Host Configuration Protocol DHCP Add DNSUse MAC address to assign static IP and hostnameSave AliasesThese are used to point to more one or more devices on the the network These can be edited and applied across all firewall rules Click Firewall AliasesAdd IPsAdd PortsSave Firewall RulesRules are stateful Ingress traffic will be able to return egress traffic with out any rules read from top to bottom and have a implicit deny Click Firewall Rules WAN RulesWide Area Network WAN is used to connect to remote networks over your ISP or VPN connection Block Everything by using the implicit deny Floating RulesThese can be applied across multiple interfaces that share the same logic The alternative is to add ingress and egress rules for all VLANs which is prone to errors The LAN internal traffic will allow the ADMIN HOSTS to perform debugging tasks on the LAN by using these protocols PING SSH HTTP HTTPS In addition all LANS on the network will have access to these protocols DNS NTP SYSLOG which are on the INFRA LAN The LAN Egress traffic is set to WAN only The NAS interface does not have this rule because the data on this network needs to be tightly locked down Add Floating Rules Infra RulesAnti Lock is added by default to prevent from being locked out The SIEM Security Incident Event Management host will be the only host on the entire network to connect to the NAS network Data Ports Add rule with aliases NAS RulesAdd Rules Route TableYou can run this command on the firewall netstat nWr to see the route table on the firewall Save Firewall LogsFor short term log viewing you can view from statusClick Status System LogsAdd FilterFor long term log viewing you can send to a SIEM Click Status System LogsEnableAdd SIEMSave DiagnosticsUse these services to help troubleshoot Click DiagnosticsType Host IP to see active connectionsFilter on interfaceRestart if all else fails dns Specs Software DNS SpecsSoftware dietpiHardware raspberry Pi B Quad Core ETH Port USBGB RAMGB Micro SD DNS SoftwareYou can either use a remote DNS servers but your network will need to make a round trip through the WAN Local DNS can cache provide insights on your requests and filter out request with DNS sink pi holeAdguard siem Specs Software SIEM SpecsSoftware macOSHardware Mac Mini M Core ETH Port USB GB RAM SSD Siem SoftwareThis device will collect logs and metrics from the network and use this data to trigger events There s a lot on this topic so I do a separate write up and update at a later point GrayLogUsing docker compose you can run a local installation of the application version services MongoDB mongo image mongo networks graylog Elasticsearch elasticsearch image docker elastic co elasticsearch elasticsearch oss environment http host transport host localhost network host ES JAVA OPTS Dlogj formatMsgNoLookups true Xmsm Xmxm ulimits memlock soft hard deploy resources limits memory g networks graylog Graylog graylog image graylog graylog environment CHANGE ME must be at least characters GRAYLOG PASSWORD SECRET somepasswordpepper Password admin GRAYLOG ROOT PASSWORD SHA cebbdebddeedfbacfcbbaffaba GRAYLOG HTTP EXTERNAL URI entrypoint usr bin tini wait for it elasticsearch docker entrypoint sh networks graylog restart always depends on mongo elasticsearch ports Graylog web interface and REST API Syslog TCP Syslog UDP udp GELF TCP GELF UDP udpnetworks graylog driver bridgeAdd inputSyslogPort GrafanaUse Graylog data to visualize on dashboard WiresharkUse this for packet capturing on a particular interface wap Specs Administration Config Services Wireless Security VLAN Networking DebugMake sure you are on the latest firmware to enable this feature Use Firefox or chrome There are different frequencies to understand GHZProvide higher speeds has multiple channels to use and radio waves dissipate in shorter distances GHZCan provide reasonable speeds for IOT devices has usable channels in the USA and radio waves can travel further distances wap SpecsSoftware dd wrtHardware linksys wrtacmDual Core Switch Port USBa b g n ac Dual Band AntennasThere are many hardware alternativesThe WAN port will be untagging the INFRA network to access admin consoleThe LAN port will be carrying the tagged trafficOnce VLANS are set up you can remove WAN port and plug into LAN AdministrationClick Administration ManagementEnable ProtocolsSave Basic ConfigClick Setup Basic SetupDisable WANAssign IP informationDisable DHCPSave wap ServicesClick Services ServicesDisable ServicesEnable SSHEnable SyslogSave wap WirelessYour wireless connection might be different Click Wireless Basic SettingAdd GHZ Virtual Access PointsAdd GHZ Virtual Access PointsDisable Mixed ConnectionSave wap SecurityClick Wireless Wireless SecuritySet ModeSave wap VLANYou will need to use ports on wap WAN and LAN when configuring your VLANs You can use one but you will be unplug and plug between these interfaces Once configuration is complete you will only need to connect LAN port but you will lose access to the router console Click Setup Switch ConfigConfigure your VLAN TableSave wap NetworkingClick Setup NetworkingAdd Bridges and map to your VLANsSave wap DebugUse the SIEM to read SYSlogs and Wireshark to analyze trafficReboot if all fails TPLink SwitchThese switch help expand the network by carrying VLAN IDs You will enable VLANS and set PVIDs through the admin console QEnableUse when a port needs to be untagged and allow DHCP to assign IPs for that VLAN TL VLAN TablePVID TL VLAN TablePVID TL VLAN TablePVID |
2023-01-30 02:21:31 |
金融 |
ニッセイ基礎研究所 |
小数について(その2)-循環小数を巡る話題- |
https://www.nli-research.co.jp/topics_detail1/id=73746?site=nli
|
また、以下で説明する「アルティン予想」が示しているように、逆数pの循環節の長さがpndashとなる素数pが無限個存在しており、よって、循環節の長さも無限に大きなものが存在すること、が予想されている。 |
2023-01-30 11:54:09 |
金融 |
ニッセイ基礎研究所 |
堅調な米個人消費は持続可能か-金融引締めの継続に伴う金融環境の引締まりや、労働市場の減速から個人消費の伸びは鈍化へ |
https://www.nli-research.co.jp/topics_detail1/id=73745?site=nli
|
nbsp目次はじめに米個人消費の動向ー月期の個人消費期連続で堅調な伸びが持続個人消費への逆風インフレ高進、FRBによる金融引締めに伴う金融環境の大幅な引締まり個人消費が堅調を維持している要因雇用増加、堅調な賃金の伸び個人消費が堅調を維持している要因良好な家計のバランスシート、過剰貯蓄個人消費が堅調を維持している要因インフレ低下、消費者センチメントの底入れ個人消費は年末に向けて減速月次データは個人消費が年末にかけて減速した可能性を示唆今後の見通し米国の個人消費はインフレ率が一時およそ年半ぶりとなるなどインフレが深刻化していることに加え、FRBによる大幅な金融引締めに伴う金融環境の引締まりなどの逆風にも関わらず、堅調を維持している。 |
2023-01-30 11:08:44 |
ニュース |
@日本経済新聞 電子版 |
逆風の「個人信用スコア」 あえて参入するMILIZEの勝算
https://t.co/6w7bv5Y2Se |
https://twitter.com/nikkei/statuses/1619888312407441408
|
milize |
2023-01-30 02:40:44 |
ニュース |
@日本経済新聞 電子版 |
霧島酒造、「サツマイモ発電」拡大 ニチレイ系と協働
https://t.co/tx12wN9OcX |
https://twitter.com/nikkei/statuses/1619887050173587456
|
霧島酒造 |
2023-01-30 02:35:43 |
ニュース |
@日本経済新聞 電子版 |
同性婚の権利保護、世界で拡大 米国やキューバで法制化
https://t.co/5tomLDjj3A |
https://twitter.com/nikkei/statuses/1619885794227011585
|
米国 |
2023-01-30 02:30:44 |
ニュース |
@日本経済新聞 電子版 |
冬のランニング、備え万全に 低体温症や関節痛の対策を
https://t.co/uyRF3ICf9H |
https://twitter.com/nikkei/statuses/1619884534396502016
|
低体温症 |
2023-01-30 02:25:43 |
ニュース |
@日本経済新聞 電子版 |
権利者不明のドラマや動画、二次利用促進へ法改正
https://t.co/DAAZLwCyBd |
https://twitter.com/nikkei/statuses/1619883274717007874
|
二次利用 |
2023-01-30 02:20:43 |
ニュース |
@日本経済新聞 電子版 |
防衛装備品、買い取り価格に最大15%上乗せ 防衛相
https://t.co/HZFhUgbW0N |
https://twitter.com/nikkei/statuses/1619882019282104320
|
買い取り価格 |
2023-01-30 02:15:44 |
ニュース |
@日本経済新聞 電子版 |
下請け問題、胸に手当てた財界人 賃上げへ問われる行動
https://t.co/eVQRsDDKeb |
https://twitter.com/nikkei/statuses/1619880757761310720
|
賃上げ |
2023-01-30 02:10:43 |
ニュース |
@日本経済新聞 電子版 |
リチウムイオン電池、リン酸鉄系が主流に 枯れた技術に脚光
https://t.co/l3mZBKjCXP |
https://twitter.com/nikkei/statuses/1619879751111553024
|
技術 |
2023-01-30 02:06:43 |
ニュース |
@日本経済新聞 電子版 |
パナソニックの歴代トップ、松下幸之助と終わらぬ対話
https://t.co/u0jpRNDlFM |
https://twitter.com/nikkei/statuses/1619878248841871360
|
松下幸之助 |
2023-01-30 02:00:45 |
海外ニュース |
Japan Times latest articles |
Two missing foreign skiers found unresponsive after Nagano avalanche |
https://www.japantimes.co.jp/news/2023/01/30/national/nagano-avalanche-missing-skiers/
|
Two missing foreign skiers found unresponsive after Nagano avalancheThe two skiers were among a total of people in three groups all foreign nationals who were outside of patrolled areas near the Tsugaike |
2023-01-30 11:44:39 |
海外ニュース |
Japan Times latest articles |
Kaoru Mitoma strikes late to lift Brighton to win over Liverpool |
https://www.japantimes.co.jp/sports/2023/01/30/soccer/mitoma-beats-liverpool/
|
stoppage |
2023-01-30 11:12:29 |
ニュース |
BBC News - Home |
Man rescued after crashing stolen police car on train tracks in Georgia |
https://www.bbc.co.uk/news/64448930?at_medium=RSS&at_campaign=KARANGA
|
atlanta |
2023-01-30 02:12:17 |
GCP |
Google Cloud Platform Japan 公式ブログ |
Kubernetes クラスタにポリシー バンドルを適用してポリシー準拠の状況を大規模にモニタリング |
https://cloud.google.com/blog/ja/products/containers-kubernetes/apply-policy-bundles-and-monitor-policy-compliance-at-scale-for-kubernetes-clusters/
|
AnthosのPolicyControllerダッシュボードこのダッシュボードでは、特定のポリシーの影響を受けるリソースを表示して、問題の解決方法について独自の提案を行うこともできます。 |
2023-01-30 02:30:00 |
IT |
週刊アスキー |
【ミニストップ】ちょっと贅沢な「プレミアム宇治抹茶ソフト」この冬解禁! |
https://weekly.ascii.jp/elem/000/004/122/4122537/
|
宇治抹茶 |
2023-01-30 11:55:00 |
IT |
週刊アスキー |
ユビテック、作業員の安全見守りサービス「Work Mate」に危険予知指標「注意力低下検知」機能を追加 |
https://weekly.ascii.jp/elem/000/004/122/4122525/
|
workmate |
2023-01-30 11:40:00 |
IT |
週刊アスキー |
【松のや】こだわりチーズで贅沢に!「2種のチーズのチキンかつ」発売 |
https://weekly.ascii.jp/elem/000/004/122/4122528/
|
鶏もも肉 |
2023-01-30 11:15:00 |
GCP |
Cloud Blog JA |
Kubernetes クラスタにポリシー バンドルを適用してポリシー準拠の状況を大規模にモニタリング |
https://cloud.google.com/blog/ja/products/containers-kubernetes/apply-policy-bundles-and-monitor-policy-compliance-at-scale-for-kubernetes-clusters/
|
AnthosのPolicyControllerダッシュボードこのダッシュボードでは、特定のポリシーの影響を受けるリソースを表示して、問題の解決方法について独自の提案を行うこともできます。 |
2023-01-30 02:30:00 |
コメント
コメントを投稿