The protocols discussed here cover SAML 2.0, OpenID Connect (OIDC) and OAuth2. Note that OAuth2 is not an authentication protocol, but because of the popularity of its use in cases such as enabling users to sign in with a social provider such as Facebook or Amazon, it is included here.
Identity, authentication and authorization protocols

These three protocols overlap frequently in functionality:

• Identity protocols supply information about a user — such as a persistent identifier, phone or email address — that may be used for long-term identification of that user to your system and hence for authenticating the user and authorizing access to resources. SAML and OIDC are the best-known examples.

• Authentication protocols do not necessarily carry a personal identifier. For example, the Kerberos system is based on the exchange of transient anonymous keys that, in themselves, include no identification data.

• Authorization protocols, such as OAuth2 and UMA provide a means to acquire access-protected resources without requiring the resource owner to share credentials. Interactive user consent is an important aspect of these protocols. The OAuth2 protocol is often used, casually, for identity and authentication using user data, such as an identifier, returned in the OAuth2 process.

#staatstrojaner #bundestrojaner

Human rights abuse and a decimated reputation killed Hacking Team. The new owners want to rebuild.
Lezzi is the owner of Memento Labs and its parent company, InTheCyber. Memento Labs was formed in March when Lezzi acquired Hacking Team.

The company provides what it calls a “trusted implant” to get KRAIT onto the target’s device, meaning the malware will be delivered from what looks to the victim like a known source. It’s a service “making effortless the social engineering campaign.” KRAIT is a small agent and hides inside legitimate applications.

The result of 15 years of development, RCS X offers “invisible” infection of “99% of the most used platforms in the world,” including macOS, Linux, Android, iOS, and BlackBerry.

The specific use case for a vTPM on vSphere is to support Windows 10 and 2016 security features. The HTML5 UI is designed with this in mind. Enablement of VBS does not require a vTPM.

Enablement of vTPM for any VM other than Windows 10 and 2016 is done via API. More on that in the future.

Let’s get a question I get asked about out of the way up front.

“Does this mean I can run Bitlocker on a Windows VM now?!”

Well, technically, all the parts are now there to run Bitlocker but I have to ask “Why??”. Remember, in order to enable vTPM you have to already have VM Encryption!

This means you already have a virtual machine encryption solution that’s easy to manage and works for every virtual machine that’s supported on vSphere, regardless of the guest operating system. Not to mention, you don’t have to manage the encryption “in guest” which lowers your overall workload significantly. #NoSecuritySnowflakes

If you want to test software which exploits TPM 2.0 functionality inside the qemu-kvm emulator, this can be challenging because the software stack is still quite new. Here is how I did it.

To login to the vm run: virsh console test
Please then complete the following steps:
dhclient should get an address for the vm
dnf install tpm2-tools tpm2-tss tpm2-abrmd

Then run the abrmd as root:
/usr/sbin/tpm2-abrmd --allow-root &

You should now be able to query the tpm with a command such as tpm2_pcrlist

In this blog, I am going to explain how you could configure SAML SSO between wso2 identity server and was sample application snoop. You can find the port number of the was applications through the following the doc [1] and take the port number of WC_defaulthost_secure for the applications. Also please note that I have tested the SAML SSO configuration between wso2-is-5.7.0 and IBM WAS-8.0.0.12.

Vielleicht hat selten jemand Foucault so konsequent und düster zu Ende gedacht wie Mark Fisher, vielleicht hat es auch kaum jemand wirklich ausgehalten, ihn so zu Ende zu denken, wie man sagt, zu Ende denken, wenn es das überhaupt gibt, etwas zu Ende zu denken, jemanden zu Ende zu denken, überhaupt etwas irgendwann zu Ende zu denken – vielleicht sollte man auch einfach viele Gedanken lieber erst gar nicht zu Ende zu denken, damit man sich selbst nicht aus Versehen dabei auch noch zu Ende denkt, vielleicht ist das aber auch schon eine Spur der Macht, dass wir bestimmte Gedanken nicht zu Ende denken, weil wir wissen, was auf uns warten würde, würden wir einen bestimmten Gedanken bis an sein Ende durchspielen.

• Edit /etc/systemd/logind.conf file:
• Find text #HandleLidSwitch=suspend
• Change suspend to ignore and remove the #
• Save file with changes

Back in 2017, I was building a rich text editor in the browser. Unsatisfied with existing libraries that used ContentEditable, I thought to myself “hey, I’ll just reimplement text selection myself! How difficult could it possibly be?” I was young. Naive. I estimated it would take two weeks. In reality, attempting to solve this problem would consume several years of my life, and even landed me a full time job for a year implementing text editing for a new operating system.

Rendering text, how hard could it be? As it turns out, incredibly hard! To my knowledge, literally no system renders text "perfectly". It's all best-effort, although some efforts are more important than others.

Freedom is a funny word. It's a hard thing to talk about because to a degree, if this kind of thing cuts down, let's say, on random crime, then it's going to make people effectively freer. Especially if you're a woman or someone who is vulnerable to being the victim of random crime, if some kind of surveillance system renders that less likely to happen, then effectively you've been granted a freedom that you didn't have before. But it's not the kind of statutory freedom that we tend to talk about when we're talking about politics.

Here's the point of the whole thing. The IETF people, when they were thinking about IPv6, saw this mess getting made - and maybe predicted some of the additional mess that would happen, though I doubt they could have predicted SDN and wifi repeater modes - and they said, hey wait a minute, stop right there. We don't need any of this crap! What if instead the world worked like this?

A tool for exploring a docker image, layer contents, and discovering ways to shrink the size of your Docker/OCI image

Putting a fat jar into a Docker container is a waste of storage, bandwidth and time. Fortunately, we can leverage Docker’s image layering and registry caching to create incremental builds and very small artifacts. For instance, we could reduce the effective size of new artifacts from 75 MB to only one MB! And the best is that there is a plugin for Maven and Gradle handling everything for us.

The FIRE (Financial Independence, Retire Early) movement is a lifestyle movement whose goal is financial independence and retiring early. The model became particularly popular among millennials in the 2010s, gaining traction through online communities via information shared in blogs, podcasts, and online discussion forums.

Those seeking to attain FIRE intentionally maximize their savings rate by finding ways to increase income or decrease expenses. The objective is to accumulate assets until the resulting passive income provides enough money for living expenses in perpetuity. Many proponents of the FIRE movement suggest the 4% rule as a guide, thus setting a goal of at least 25 times estimated annual living expenses. Upon reaching financial independence, paid work becomes optional, allowing for retirement from traditional work decades earlier than the standard retirement age.

Another type of American Dream has now developed: The freedom to upturn your desk, give your boss the finger, and retire on the spot—without making a lifestyle sacrifice, of course.

In some circles, the wealth required to burn any bridge you want has a name: “f–k you money.” That’s because, well, backed by the First Amendment and a large fortune, you can yell that without consequences to pretty much anyone, save for a judge, a plumber, or a tax assessor.

I decided then to write up the practices that I think lift a newly minted software engineer from amateur to professional: the path from fixing bugs as an “Engineer 1” to leading major projects as a “Senior Engineer.”

In this tutorial, learn to manage the persistent network configuration of your Linux host. Learn to:

• Understand basic TCP/IP host configuration.
• Configure Ethernet and wifi networks using Network Manager.
• Understand systemd-networkd.

In this tutorial, learn about TCP/IP network fundamentals for your Linux system. Learn to:

• Understand network masks and Classless Inter-Domain Routing (CIDR) notation.
  +Know the differences between private and public dotted quad IP addresses.
• Understand common Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) ports and services.
• Know the differences between and major features of UDP, TCP and Internet Control Message Protocol (ICMP).
• Know the major differences between IPv4 and IPv6.
• Know the basic features of IPv6.