Home Blog Page 33

IP loss in Windows 7 computers | CONET IT Blog

0

A computer loses its DHCP IP address when no DHCP server is available in Windows 7 or Windows Vista.

Given the occasion, I would like to pass this information on to all administrators who are currently working with Windows 7 or have rolled it out.

You may have noticed that the Windows 7 computers suddenly have no or the wrong IP if the connection to the DHCP server was briefly lost. Normally, this should be corrected with the lease time, but unfortunately this is a small bug in Windows 7, which can be switched off simply by changing a RegKey and the normal behavior can be restored.

Editor’s note: The following description of the solution is largely based on a corresponding article on the Microsoft support pages, which is currently only available in English and in machine German translation and which we are therefore making available to you here in an edited German version. The link to the original entry can be found at the end of this blog entry.

Scenario:

  • You have a Dynamic Host Configuration Protocol (DHCP) client computer running Windows Vista or later operating system.
  • The DHCP server service is not available.
  • The client computer will restart.

It can now happen that a Windows 7 client does not maintain its valid lease. As a result, you cannot reach some network resources.

Cause:

In this scenario, the computer loses the IP address that was assigned to it by the DHCP server. This occurs even if the default gateway is still available. Instead, the client computer is assigned an address using Automatic Private IP Addressing (APIPA) or the adapter uses the IP address given to it via the tab Alternative configuration was assigned separately.

Solution:

To resolve this issue, add a registry value to the registry that forces the client to keep its DHCP IP address even when no DHCP server is available. To do this, follow these steps:

  1. Start Registry Editor. To do this, click on Startgive regedit in the field start search and then press the Enter key.
  2. To enable this setting for all adapters, locate the following registry key (registry subkey):HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters(For Windows Vista only:) To enable this setting for only a specific adapter, locate the specific adapter registry key:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\
  3. Do you click in the menu To edit on NI and then click DWORD value.
  4. Give DontPingGateway and then press the Enter key.
  5. Do you click in the menu To edit on To change.
  6. Type in the box value1” and then click OK.
  7. Exit Registry Editor.
  8. Restart the computer.

This technique forces the client to keep its DHCP IP address even if no DHCP server is available. If you tab Alternative configuration used to change the IP address of an adapter, the IP address assigned here will be assigned to this adapter.

Please note: In Windows 7 the new registry value will not be honored if you try to set it only for a specific adapter in the following subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\

Link to the English KB article in Microsoft Support: http://support.microsoft.com/kb/958336/en-us


This script or this procedure has been successfully tested by the author on the platforms described here under the specified framework conditions. If you have your own experiences or questions about the application, we look forward to your comments. Disclaimer: The scripts and procedures described herein are provided “as is” and without warranty of any kind. All risks arising from the use or execution of the scripts and procedures described herein are entirely your responsibility. In no event shall CONET, our authors, or anyone else involved in providing the Content provide any support in connection with the scripts and practices described herein, nor shall they be liable for any damages (including without limitation any damages for loss of business, business failure, the loss of business information or other financial loss) arising from the use or inability to use the scripts and procedures described herein.


About the author

Dirk Machnitzke worked as an IT consultant at CONET and supported the planning, consulting, implementation and management of IT architecture solutions based on Microsoft products in the Microsoft operating environment.

Source: https://www.conet.de/blog/ip-verlust-bei-windows-7-rechnern/

Hacker attack saves 3,000 speed offenders from punishment

0

The district of Ludwigslust-Parchim will not rest after a hacker attack in October 2021. As the Schwerin People’s Newspaper reported, but now 3,000 traffic offenders in the district can breathe a sigh of relief.

Speed ​​cameras can lead to lucrative additional income for cities and communities. This is also the case in the Hanseatic City of Hamburg. In 2020 alone, 17.1 million euros were taken with speed camera photos.

Hamburg is the German leader in a survey conducted by the Traffic Law Working Group of the German Lawyers’ Association among the 150 largest cities in Germany.

However, the district of Ludwigslust-Parchim was not so lucky in 2021. Because according to a report by Schwerin People’s Newspaper a hacker attack has dried up this source of income.

District Ludwigslust-Parchim: There was something

At the end of last year, the district of Ludwigslust-Parchim was in the headlines because of this hacker attack. At that time, the Corona card from the Robert Koch Institute was the focus of reporting. There was a large gap on this in northern Germany.

A white spot on the unfathomable corona map of incidences. But how did it come about? On October 15, 2021, hackers attacked the municipal IT service provider of the district. As a precaution, all systems in the district were shut down.

However, the Mecklenburg state capital Schwerin was not affected. The reason: The city uses the less common software SurvNet to transmit the number of corona cases. The district of Ludwigslust-Parchim, on the other hand, transmits the data via Sormas.

Traffic offenders should now be happy about the hack

As of 2021, there were around 4,700 permanently installed speed cameras in Germany. This means that Germany is clearly lagging behind the European leader. Because there are around 17,900 permanently installed speed cameras on Italian roads.

While the speed cameras do not have a very pleasant side effect for many drivers, the cities and municipalities should be very happy about the additional income. The district of Ludwigslust-Parchim in Mecklenburg-Western Pomerania is exempt from this – at least temporarily.

Because last year’s hacker attack not only disrupted the transmission of the corona numbers. Around 3,000 speed offenders can now breathe a sigh of relief thanks to the cyber attack. In the meantime, the procedures for the respective speed camera photos have expired because the processing period has expired.

Who is behind the hacker attack?

The county was unable to process the data due to the impact of the attack. In the period between the hacker attack in mid-October and the end of 2021, the city was not able to obtain any owner queries from the Federal Motor Transport Authority.

Those responsible for the cyber attack on the district of Ludwigslust-Parchim have not yet been identified. The public prosecutor’s office in Rostock announced in November that the “Deep Blue Magic” malware was used in the attack. More is not yet known.

Also interesting:

Source: https://www.basicthinking.de/blog/2022/04/08/landkreis-ludwigslust-parchim-hackerangriff-temposuender/

200 million euros for the climate startup 1Komma5 by Philipp Schröder

0

The former Tesla manager has raised a lot of money for his new climate startup. He dreams of a tech company that can compete with Elon Musk’s company.

Philipp Schröder in front of the Hamburg showroom of his startup 1Komma5: The former Tesla manager wants to promote the expansion of renewable energies.
1Komma5

He was able to do without the exhausting search for investors. This is what Philipp Schröder (38) tells in an interview with the start-up scene. The founder and former Tesla manager is well connected in the industry and maintains contacts with the richest Germans. Once again, this benefits him at his celebrated climate startup 1Komma5.

200 million euros are flowing into the young Hamburg company as part of a new round of financing. Series A is led by a group of well-known investors, including Porsche Ventures, Btov Ventures, eCapital from Münster and the French investment fund Eurazeo. Well-known family offices have also bought into Schröder’s company. The financiers include the billionaire industrialist family Haniel, the Schürfeld Group from Hamburg and Jan Klatten, ex-husband of BMW major shareholder Susanne Klatten.

“We sent 40 rejections”

Investors were very interested, says Philipp Schröder. Many would have asked proactively about joining the climate startup. “Ultimately, we accepted 20 investors and sent 40 rejections,” says the founder. Since it was founded a good year ago, 1Komma5 has expanded its investment framework to 300 million euros. Schröder does not want to comment on the rating. However, it should be in the high three-digit million range – with a lot of room for improvement, as Schröder himself emphasizes. “We founders still hold the majority of the shares with almost 60 percent.”

read too

“I don’t want Tesla in my personal life anymore”

The fact that the company raises so much money at an early stage is not only due to investors’ hopes for profits from the energy transition. 1Komma5’s plans are cost-intensive: The start-up buys up electrician companies across Europe and modernizes them using software and IT. The electricians of the start-up then take care of the installation of solar systems, electricity storage and charging stations – lean and digitally organized.

In this way, Schröder wants to advance the sluggish expansion of renewable energies. Especially in Germany. “We want to be the first energy company that really offers everything from a single source – from the solar system to the electricity tariff,” explains Schröder. Consumers’ interest in renewable energies, which is already growing, has increased significantly again recently. The reason is the war between Russia and Ukraine. “People not only want to set an example against Putin, they are above all afraid that they will soon no longer be able to pay their bills,” said Schröder.

The model is a Tesla innovation

Because of the recent sharp rise in gas and petrol prices, people are always thinking about alternative energy sources. Electric cars, solar systems and heat pumps are increasingly paying off. “Of course we also benefit from this,” says Schröder. He assumes that his company will turn over around 200 million euros this year. Twice as much as originally planned. 1Komma5 currently has 13 locations across Europe, most of them in Germany. The startup currently employs 420 people. Many of them technicians.

However, it is important for Schröder not to be understood merely as a digital workbench for the energy transition. He sees 1Komma5 as a holistic tech company. Customers should not only be able to purchase the systems directly from the startup, but also receive a special energy computer for their own four walls. Customers can use this to make the electricity they produce available to other households, for example if the full electricity storage device at home remains unused during a holiday trip.

This is controlled via a software platform that 1Komma5 is also developing. In the long term, such a decentralized power grid could emerge beyond large providers such as RWE or Eon. A concept that the electric car and solar manufacturer Tesla has been pursuing for some time with its “Autobidder” software. “Tesla is a role model, but we’re just building a manufacturer-independent platform,” says Schröder. It should therefore be possible to use devices from various manufacturers and network them with one another.

Showrooms planned in prime locations

But it will probably be a few years before that happens. Not only because, according to Schröder, there are currently several hundred thousand technicians missing in Germany alone. There is also still a great need for information on the customer side – energy crisis or not.

read too

Elon Musk no longer wants to sell cars

In order to make the concept behind 1Komma5 known to more people, Schröder relies on on-site advice. The startup is planning to open several showrooms in prime locations in major German cities. There customers should be able to test the technology of the startup. The first store near Hamburg’s well-known Jungfernstieg shopping mile is scheduled to open in July. Tesla once had a shop there in the immediate vicinity.

Source: https://www.businessinsider.de/gruenderszene/technologie/1komma5-philipp-schroeder-200-millionen-angriff-auf-tesla/

Cybersecurity – In just a few steps to more security

0

With every step on the Internet, the risk to your own data security increases. Data is one of the most valuable currencies on the web. That’s why hackers do everything they can to get hold of sensitive information. They’re up to no good. In many cases, those affected lose a great deal of money and personal data that must be completely renewed. In some cases, entire networks are paralyzed. This also happens regularly to public institutions. Therefore, every user should get more security in the network in a few simple steps.
The following article provides the essential steps that significantly increase digital security.

Find the right antivirus program

Even with simple means, you can significantly increase the IT security of the systems. Companies only achieve greater security if they sensitize all employees and teams to the topic. Regular training and thorough instructions are just as important a prerequisite as functioning software. Private users and entrepreneurs alike are looking for the best antivirus program that suits their own requirements.

These programs protect against spyware, ransomware and trojans.

In doing so, they address the different dangers of infected downloads, hidden viruses on the websites and infected e-mail attachments. The hackers come up with a number of ingenious ways to get at the passwords and login data (Have hackers already found their own login data?). In some cases, they hijack the PC without a user noticing.

virus found
Find the right antivirus program – Bild: © Vector Tradition #459612836 stock.adobe.com

What does good software do?

The advanced software convinces with modern protection in all directions. Most people are looking for a coherent overall package that scores with good virus detection. Current manufacturers have developed programs that detect most of the latest threats at first go. The only difference is in terms of price.

The choice remains to take out a program as a subscription. In this case, you would transfer a fixed sum monthly and benefit from the strengths of the antivirus program.
The second option is to purchase and then download the antivirus software. The providers do not consume any resources on the PC and the programs always run in the background without slowing down the processes in the digital context.

Anyone who sends e-mails and messages with their notebook, PC, smartphone or tablet without anti-virus protection is entering a digital gamble. Accordingly, the hackers are constantly developing new malware that is able to access data in different ways and paralyze devices.

Antivirus am PC
Current manufacturers have developed programs that detect most of the latest threats at first go – Image: © nusala #481788114 stock.adobe.com

Manage passwords and design securely

Finally, there are a few key steps everyone can take to increase their own security. One of the security basics is a password. It should be at least eight or more characters in length and include both uppercase and lowercase letters. Combinations of special characters and digits are also mandatory. Then it is almost impossible for strangers to abstract the password.

A password should never be linked to your own data.

The most popular passwords are, for example, children’s birthdays, wedding anniversaries or your own birthday. Even simple mechanisms can be sufficient to avoid risks. The specifications within a company are very limited.
For very few, IT security is a priority. It is best to use a password manager because it will help you manage and generate your passwords.

Send encrypted data

Current analyzes have shown that IT security staff can significantly increase the number of e-mails, not least through encryption. The corresponding technologies pay the least attention. It is advisable to use comprehensive and general encryption. Then it makes no difference whether personal e-mails are written or documents with contracts and price lists change recipients.

Send encrypted data
Send encrypted data – Image: © momius #135298524 stock.adobe.com

Multi-factor authentication with increased security

A higher level of security is ensured by multi-factor authentication. This is used in a controlled manner because it should never stand in the way of productivity.

The big providers such as Microsoft and Apple now offer this process to significantly increase security. In sales processes in particular, it is important not to randomly enter your own credit card information or account details online. Activate the automatic connection to an unsecured WLAN network on your own PC. Only transmit your data in encrypted form and avoid dangerous and unsecured sites and online shops.

In this way, everyone can increase IT security

Nobody would leave their own door open all day at home. Unfortunately, most users are not very careful when it comes to the security of their data. This not only puts the PC and the network at risk. In the worst case, large sums of money are lost. In this way, every user should definitely use an additional antivirus program that immediately recognizes suspicious emails and websites and protects the data from the latest attacks from the network.

At the same time, it is important to select passwords that are as complicated as possible and to use different symbols. There are free tools and very practical programs that do a lot of the work for you. Investing in a good antivirus program and taking precautions for more security is nothing compared to the complete loss of sensitive data and damage to the hard drive and digital end devices.

Source: https://www.blog.de/cybersecurity-in-wenigen-schritten-zu-mehr-sicherheit/

Cyberus Technology – Cyberus Technology Gives Keynote at Symposium on the Science of Security (HotSoS)

0

HoTSoS identifies itself as “research event centered on the Science of Security, which aims to address the fundamental problems of security in a principled manner.” Because the seminal Spectre paper won NSA’s Best Scientific Cybersecurity Paper Competition last year, its authors were invited to give a keynote speech at the symposium. Given that the corresponding vulnerabilities were disclosed to Intel almost 4 years ago, we (the authors) decided to take a step back and to look, in HotSoS’ spirit, at the fundamental problems. We (Cyberus Technology) feel deeply honoured that we were entrusted with delivering the talk and want to give you a sneak preview of what to expect.

  • Iron Law of processor performance
  • Memory latency, caching, and side-channels
  • Turing machine and performance increase through parallelism
  • Control flow discontinuities: branch history (BHT) and branch targets (BTB)
  • Spectre v1 (BHT) and v2 (BTB)

By the way, the conference is fully virtual this year and registration is open to everybody for free. The keynote is scheduled for April 14th, 15:35 CEST (9:35am EDT).

Update: in case you are curious about the keynote, the organisers made the slides and the recording available on the HoTSoS site. You can also go directly to YouTube to watch the video.

Fundamentals of microprocessor architecture

Like in our CPU trainings (see Cyberus consulting), the Iron Law of processor performance is the linchpin of the keynote and we will learn to appreciate cycles-per-instruction (CPI) as critical factor in judging (micro-)architecture. Many more exploits became public since the initial disclosure and “side-channel attack” is frequently used as generic label. Hence, the first part is concerned with the impact of memory latency on performance. A look into 80386’s datasheet explains how caches evolved to such critical components in modern computers and became malicious actors’ favourite pet.

However, caches merely serve as convenient tool. So the talk takes us even further back to the roots to the Turing machine as mathematical model of CPUs. Interpreting CPI as instructions-per-cycle (IPC) leads us to the intricacies of branch prediction and why Spectre is not simply the result of careless, performance-obsessed computer architects. It should also become obvious why Spectre was assigned two CVEs although there is just one branch prediction unit.

Summary slide of the talk

More information

  • Paul Mortfield & Stefano Cancelli discovered Spectre in the veil nebula which was an opportunity not to be missed
  • Backdrop for the Iron Law is the stele with the Code of Hammurabi
  • The picture of a gravitational lens shows the result of a massive object bending light rays, a kind of side channel in astronomy
  • Mars comes up in a couple of analogies throughout the talk

If you are interested in learning more, there is time for Q&A after the talk and you can contact me directly if you have further questions.

Source: https://www.cyberus-technology.de/posts/2021-04-09-hotsos-keynote.html

How Is This Serverless Tool Built? Der PROTOS CloudAdvisor

0

Our serverless AWS web tool: The PROTOS technology CloudAdvisor

With the CloudAdvisor we give you the opportunity to get an assessment of your existing cloud infrastructure in 5 minutes and with just a few clicks. If you have not yet ventured into the cloud, the CloudAdvisor will help you to develop your potential and opportunities in the cloud.

At PROTOS Technologie we specialize in all things cloud. We designed the CloudAdvisor as a tool for our partners, customers and anyone interested. Naturally cloud-native, serverless and via Infrastructure-as-Code. In the following, we present our implementation of a modern web application that allows you to develop quickly, operate easily and have a high level of scalability.

functionality

However, our website or web application should not only display static content, but also have its own functionality. However, without their own compute servers that run the program code, but Serverless – only on-demand responses to request events. In the AWS Cloud, the combination of Amazon API Gatewayfor easy creation and management of RESTful-APIsand AWS Lambdathe managed service for on-demand computing power to run program code.

Lambda is at the heart and makes it possible to easily upload program code (Python, JavaScript, Go, etc.) and run it immediately (Functions-as-a-Service). The integration into the AWS environment is smooth and access is via the common authorization principle (IAM). For example, secure access to S3 buckets is guaranteed or API communication is permitted via the API gateway.

A common functionality that is often necessary is a contact form or another type of communication with the user in order to be able to send you your results at the end, as is the case with CloudAdvisor. In addition, Lambda naturally offers the possibility of integrating external APIs from CRM or marketing tools, for example, or on AWS’s own Simple E-Mail-Service (SES) to fall back. This allows the information from the contact form in the frontend to be transferred easily and securely to the Lambda function via the API gateway for executing the code using an API call to your own REST API. Data can be processed there and further services can be integrated using the AWS SDK (see e.g. boto3 for Python). This is done particularly securely by using the AWS System Mangers, which allows you to store API keys and access them securely via its parameter store. In this way, results and an e-mail are created for the users of the CloudAdvisor according to the questionnaire answers, which are sent via SES API call.

This gives you all the options to integrate a wide variety of systems and connections into your web application and to concentrate exclusively on the functionality and content. Because while you focus on your priorities, the cloud provider takes over the complete management of all services and always allows scalable and highly available access to your content.

development

But you don’t just want to make ready-made content available in the cloud, you also want to learn about the advantages modern development paradigms benefit in a cloud environment. Therefore, both the infrastructure and the content are made available via AWS developer tools and their stack for Continuous Integration and Deployment (CI / CD) unrolled. The CloudAdvisor was also launched with a DevOps Approach developed and agile to the satisfaction of our product owner after 5 sprints Scrum brought methodology to its first release.

For the development of the web application, the frontend developers have their own access (IAM role) to a AWS CodeCommit Repository, the Git-based version control service from AWS. Committing changes to the React codebase automatically creates a AWS CodePipeline triggered by the means AWS CodeBuildwhich compiles and tests the changes and first saves the artifact to an S3 bucket for subsequent deployment AWS CodeDeploy to the hosting S3 bucket.

The infrastructure management is also carried out by the backend developers via pipeline. Using the open-source tool Terraform All AWS services and configurations are delivered as Infrastructure-as-Code (IaC) declared and checked into an AWS CodeCommit repository as Terraform code. Changes trigger an AWS CodePipeline, which first tests the Terraform code with an AWS CodeBuild (terraform plan) and stores the generated artifact in the S3 bucket provided for this purpose, in order to finally carry out the changes specified in the code by executing the Terraform plan (using terraform apply). to provision the infrastructure in the AWS environment.

Source: https://www.protos-technologie.de/2021/11/25/how-is-this-tool-built-der-protos-cloudadvisor/

These are our 10 jobs of the week

0

Are you looking for a new challenge? Every Friday we give you an overview of new jobs in the areas of marketing, social media and IT. All jobs, also from other tech and digital areas, can be found in our job exchange. Would you like to place a job advertisement in our job exchange? It’s easy here.

Project manager (m/f/d)

at Paul Ehrlich Institute in Long

Data & Survey Engineer – Quantitative Market Research (m/f/d)

at GIM society for innovative market research ltd in Heidelberg

IT Operations Manager (m/w/d)

at Quantum Brilliance GmbH in Stuttgart

Software developer (m/f/d)

at Medical Laser Center Lübeck GmbH in Lübeck

Software developer (f/m/d)

at Technical University of Nuremberg Georg Simon Ohm in Nürnberg

Software architect in the field of Industry 4.0 (m/f/d)

at Fraunhofer Institute for Software and Systems Technology ISST in Dortmund

Data Analyst/ Software Developer (m/w/d)

at VDI / VDE Innovation + Technik GmbH in Berlin

Senior Data Scientist (m/w/d)

at Qiagen GmbH in Hilden

Product developer – research and development (m/f/d)

at Viege GmbH and Co. KG in Attendorn

IT System Engineer Workplace/ Client Management (m/w/d)

at Hamburger Wasserwerke GmbH in Hamburg

Even more BT job recommendations

For more jobs, check out our job board, our tech and digital jobs facebook group, our BT jobs facebook page and our @BT_jobs-Twitter-Account.

advertising




Source: https://www.basicthinking.de/blog/2022/04/08/jobs-der-woche-kw-14/

The problem of a lack of chips – the EU goes on the offensive

0

Even if numerous branches of industry are affected by the current chip shortage, the vehicle segment suffers particularly badly from this shortage. The constant shortage of chips means that production has to be cut back or even stopped again and again.
An EU offensive worth billions is intended to remedy this problem. But are the goals associated with the offensive actually realistic?

Fight against microchip shortage

In the future, an EU plan worth billions should counteract the lack of microchips in the future. An important contact person is Commission President Ursula von der Leyen, who was actively involved in the creation of the Chips Act.

According to information from Internal Market Commissioner Thierry Breton, more than 40 billion euros are to be used to implement this goal.

The current chip crisis is affecting consumers, for example, in that they have to put up with long waiting times for new vehicles or delivery problems with game consoles.

Fight against microchip shortage
In the future, an EU plan worth billions should counteract the lack of microchips in the future – Bild: © Gorodenkoff #264619020 – stock.adobe.com

Agreements in the Chips Act

The Chips Act is intended to ensure that Europe does not allow itself to be left behind by competing markets from Asia or America. After all, large economies such as China or the USA are also investing in this branch of industry. With regard to US plans, the EU Commission is assuming allocations of around 52 billion dollars or 45 billion euros. It is estimated that China will invest around 150 billion by the end of this decade.

The EU now wants to continue this trend. According to the plan, investments of twelve billion euros are planned for research and development and 30 billion euros for the construction of large production facilities. As early as mid-September, von der Leyen spoke out in favor of setting up a Europe-wide economic system for microchips. This deficiency affects, for example, the automotive industry.

Ambitious goals

The goals are high. According to information from the Commission, the EU share of chips on the world market is set to increase by 20 percent and thus double. However, production would then have to reach four times the current level. After all, economic experts assume that the market will double by 2030 anyway.

In today’s digital world, microelectronics is considered a key technology.

Semiconductors are an important technical basis. The major goal of this measure is therefore to create a separate European microelectronics ecosystem. This ecosystem should include production as well as design. In return, it is important to remain open to the world market in the future.

EU share of chips to double
According to information from the Commission, the EU share of chips on the world market is set to increase by 20 percent and thus double – Image: © sdecoret #244004782 – stock.adobe.com

Influence by several commission members

Two Commissioners in particular have influenced this claim – Commissioner Margrethe Vestager, who promotes competition, and Internal Market Commissioner Breton. Nevertheless, the media kept reporting on conflicts between the two visionaries.
The former manager Breton is committed to a traditional and state-dominated economic model. In contrast, Vestager belongs to the liberal group Renew Europe, which advocates less state influence on the economy.

A prioritization of EU interests

The Danish commissioner pointed out months ago that companies have the power to play several countries off against each other because of any grants. On the other hand, Breton warned as early as mid-September that the European Union could be overshadowed by other countries due to the high level of investment. Incidentally, Breton does not share the view that the EU could lose out in the fight for subsidies.
In addition, all companies are to be subject to certain rules that receive state funding. If necessary, it cannot be ruled out that EU interests will be given priority. After all, any industrial policy intervention by the EU could ultimately lead to distortion of competition. According to President Achim Wambach of the Leibniz Center for European Economic Research, individual funding should not trigger this effect.

Source: https://www.blog.de/problemfall-chipmangel-eu-offensive/

Cyberus Technology – Cyberus Secure Virtualization Platform: A technical perspective

0

In the last post of this series, we described the value proposition of the Cyberus Secure Virtualization Platform (SVP). This post goes into more technical details.

In this post we will talk about:

  • SVP as a fast, flexible and secure virtualization platform.
  • How the open-source Hedron Hypervisor enables uniquely flexible virtualization solutions
  • How our microkernel-based virtualization stack enables a small Trusted Compute Base for high-security use-cases
  • Enabling great performance through pass-through virtualization

At Cyberus Technology we have built our virtualization platform from scratch. We have chosen a microkernel-based architecture for SVP. This allows us to meet customer demands and still provide a system that is easily certifiable.

Security Through Simplicity

Traditional operating system kernels, such as the Windows and the Linux kernel, are huge and come with millions of lines of code. A lot of functionality is provided within these kernels and all code providing this functionality runs in a privileged CPU mode. For security this creates two problems: First it is hard to reason about the code and second the amount of bugs and security issues tends to scale with the amount of code in a linear fashion.

All of this code needs to be trusted to be correct by any application running on top. It is also called the Trusted Compute Base (TCB) and reducing this has been a hot topic in operating systems research.

Our open-source microkernel Hedron ² comes in at roughly 10 thousand lines of code, thus reducing the TCB by two orders of magnitude compared to traditional operating system kernels. Hedron is at a size that can still be understood by a single person. Most of the functionality is implemented in isolated components running in a less privileged mode, called user-space. This is important because you only need to understand a single component to be able to understand what it does and which role it plays. This is important for security, but it also provides the nice benefit that it is far easier to track bugs. In general this kind of component- based system is easier to understand. This in turn makes it easier for developers to create correct code and easier for reviewers to certify a system’s safety, security and correctness.

Radically Flexible

Having lots of small components also provides flexibility. While the Hedron and Supernova components provide basic virtualization primitives, we have developed a number of other components that can be combined to provide value.

Existing virtualization solutions usually emulate a number of devices in order to be able to run multiple virtual machines at the same time. This is necessary, for example when you want to run two VMs with network access, but only have one networking card in your system. While modern technologies like SR-IOV¹ make this easier this design still creates a lot of performance overhead and is not always necessary. Sometimes it is preferable to pass-through the actual hardware.

In SVP we are able to run a special kind of VM, that has access to the real hardware. Within this VM, which we call Control VM, we can run a deprivileged Linux system and Virtualbox in order to provide a full virtualization solution, or we can run Windows and malware samples as an analysis system.

SVP enables different use-cases with its pass-through Control VM

Usually Virtualbox talks to its own kernel module to provide virtual machines. In the case of SVP Virtualbox talks to our own SLVM kernel module, which is a shim that forwards all calls to the SVP API, running in user-mode on the host system. This allows for a much smaller Linux system in the Control VM.

SLVM allows to take Linux out of the TCB

This design also allows us to move functionality from Virtualbox to SVP, either for performance reasons, or for security reasons. In the case of Graphics Virtualization we have moved the graphics stack from Virtualbox to SVP.

The Road Ahead

The flexible nature of SVP will allow us to provide more modules in the future. Think of a micro-VMM that allows special purpose VMs, running library operating systems ³ ⁴, just for networking. Or a specialized VMM to run cloud native applications directly on top of SVP.

We are also working on our own SDK, that will allow developers to easily build secure systems with their own components using the SVP platform, using the same libraries and languages they already are familiar with.

Read More

  1. SR-IOV
  2. Hedron Github Repository
  3. Unikernels: Rise of the Virtual Library Operating System
  4. Exokernel An Operating System Architecture for Application-Level Resource Management

Source: https://www.cyberus-technology.de/posts/2021-05-19-svp-tech-deep-dive.html

Migration and optimization of a travel platform for DB Regio Bus

0

The solution:

Standardization and reusability

The successful integration of acquisitions into a group is an important prerequisite for its growth. Cloud services offer the opportunity to use the innovative power of startups for corporations as well. This is not without its challenges. In addition to adhering to the Group’s compliance guidelines, stricter security standards often have to be met.

In this project, peripheral systems such as automated rollouts, monitoring and logging were designed for reusability and standardization. They form the stable framework for the successful migration of future projects and products.

AWS Elastic Beanstalk, AWS Lambda, AWS S3 & Cloudfront and AWS RDS were used for the application-specific components.

security and sustainability

In the rapidly developing cloud industry in particular, it is essential to regularly update applications and infrastructures. If this does not happen, technical debt arises, which leads to high additional costs for updates and changes in the long term. As part of the migration, we adapted the application and the infrastructure in accordance with the current AWS requirements and the group guidelines. The measures carried out by PROTOS guarantee not only increased security but also the future viability of the application.

During the project, PROTOS Technologie GmbH provided advisory and implementation support for the migration of the application and for the conversion of the infrastructure. In order to ensure a high rate of innovation, the project was carried out using an agile methodology. We worked together with an external development team.

The implementation

The first step of the migration involved rebuilding the infrastructure. The second step was to optimize the application and infrastructure. In addition, a separate test system was set up in order to be able to test any changes to the infrastructure and the application.

As part of the rebuild, the infrastructure was built using Terraform as infrastructure-as-code. Combined with the software versioning technology GIT, reproducibility, testability and automatic rollbacks could be guaranteed. Changes to the infrastructure code were rolled out automatically using a CI/CD pipeline (Continuous Integration / Continuous Deployment). The AWS developer tools AWS CodeCommit and AWS CodeBuild were used for this. The reproducibility could be used to provide an exactly the same image of the infrastructure as a productive system within a few minutes.

The application itself uses AWS Elastic Beanstalk, a Platform-as-a-Service service. Elastic Beanstalk handles everything from capacity provisioning, load balancing, and auto-scaling to application health monitoring. In addition, an SQL database is connected and in-memory storage is connected (with AWS Relational Database Service (RDS) and AWS Redis).

To enable CI/CD, frontend and backend changes were automated analogous to the infrastructure and for both environments using AWS CodeCommit, AWS CodeBuild, AWS CodeDeploy and AWS Pipeline. Unit and integration tests of the application artifact within the CI/CD pipeline are also automated.

In the second step of the migration, the application and the underlying infrastructure were optimized. Superfluous infrastructure components were removed and safety-critical parts were redesigned.

Source: https://www.protos-technologie.de/2021/11/30/reiseplattform-db-regio-bus/

Latest

Popular