Tag: 爱上海419Th

CATEGORIES:

first_imgFRISCO, Texas – Abilene Christian’s Josh Sheehy and Central Arkansas’ Chunxi Xin are the Southland Conference Men’s and Women’s Tennis Players of the Week, the league announced Wednesday. Southland Conference Players of the Week are presented by MidSouth Bank.Sheehy recorded the match-clinching point Friday with an upset of No. 50 Carles Sarrio to help the Wildcats (11-3) take down SMU 4-3 on the road for their fifth-straight team victory.Abilene Christian takes the weekend off before two road matches against Arkansas-Pine Bluff and Harding on March 9 at 9 a.m. and 2 p.m. CT, respectively.After missing the opening month of the season due to injuries, Xin made her collegiate debut Saturday, earning the Bears’ only point in a 4-1 loss at No. 34 Missouri. The next day, she won her singles and doubles matches in a 6-1 win over Missouri State, also in Columbia, Mo.Central Arkansas opens conference play at home against Lamar at noon Friday and faces Texas A&M-Corpus Christi at noon Sunday in Waco.Men’s Tennis Player of the Week – Josh Sheehy, Abilene Christian – Senior – Arlington, TexasSheehy claimed his fifth-consecutive singles win and ninth of the spring season after upsetting No. 50 Carles Sarrio 6-2, 3-6, 6-4. Alongside brother Jonathan, Sheehy’s top-line doubles match was left unfinished with the score tied at 5-5. The weekly honor is the second for Josh and the fourth for the team as Jonathan has also taken home two weekly awards.Honorable Mention: Carlos Pedrosa Cuevas, Texas A&M-Corpus ChristiWomen’s Tennis Player of the Week – Chunxi Xin, Central Arkansas – Freshman – Baoding, ChinaIn the first spring collegiate match of her career, Xin rebounded after losing set two 3-6 to edge Missouri’s Lisa Fukutoku 7-6 in the final frame. The next morning, Xin picked up her second-straight win in a 6-3, 6-2 sweep of Missouri State’s Anna Alons before joining forces with teammate Marli Van Heerden to win 6-4 in doubles play. Honorable Mention: Jasmin Buchta, Lamar; Carolina Bulatovic, Texas A&M-Corpus Christi; Jelena Dordan, Incarnate Word; Sahaja Yamalapalli, Sam Houston State.Southland weekly award winners are nominated and voted upon by each school’s sports information director. Voting for one’s own athlete is not permitted. To earn honorable mention, a student-athlete must appear on at least 25 percent of ballots.last_img read more

Read More
CATEGORIES:

first_imgAttempts by Anne Frank’s father to escape the Nazis in Europe and travel to the United States were complicated by tight U.S. restrictions on immigration at the time, one of a series of roadblocks that narrowed the Frank family’s options and thrust them into hiding, according to a new report released Friday.The research, conducted jointly by the Anne Frank House in Amsterdam and the U.S. Holocaust Memorial Museum in Washington, details the challenges faced by the Frank family and thousands of others looking to escape Europe as Nazi Germany gained strength and anti-refugee sentiment swept the United States.Otto Frank, Anne’s father, was never outright denied an immigration visa, the report concludes, but “bureaucracy, war and time” thwarted his efforts.To obtain a visa, Frank would have had to gather copies of family birth certificates, military records and proof of a paid ticket to America, among other documents, and be interviewed at the consulate.In one instance, an application that Frank said he submitted in 1938 languished in a U.S. consulate in Rotterdam, Netherlands, amid a swell of similar applications and was lost in a bombing raid in 1940. Frank wrote to a friend that the extensive papers he had gathered as part of a visa application “have been destroyed there.”In 1941, as Frank was again attempting to navigate the matrix of paperwork and sponsors necessary to immigrate, the U.S. government imposed a stricter review of applications for visas, grew suspicious of possible spies and saboteurs among Jewish refugees, and banned applicants with relatives in German-occupied countries.President Franklin Delano Roosevelt warned at the time that Jewish refugees could be “spying under compulsion,” and the report states that “national security took precedence over humanitarian concerns.”Frank had sought help from an influential friend, Nathan Straus Jr., who was the head of the U.S. Housing Authority, a friend of Eleanor Roosevelt’s and the son of a Macy’s co-owner. Despite Straus’ connections, Frank wrote to him that “all their efforts would be useless” given the immigration climate, the report states.“We wanted to learn more about the process in itself and what documentation an applicant (e.g. Otto Frank) had to produce,” said Gertjan Broek, a researcher with the Anne Frank House who worked on the latest findings. “In the report, we point out how complex and tedious the process was and how the bombing of the Rotterdam consulate disrupted things.”The report was released 76 years after the Frank family went into hiding on July 6, 1942. Researchers drew on dozens of pages of correspondence between Frank and friends, much of which was first made public in 2007, as well as records involving U.S. immigration policy.Anne Frank’s diaries describing her time in hiding gave a voice to millions who died at the hands of the Nazis. She was eventually discovered and she died in a concentration camp in 1945, when she was 15.Otto Frank was the only member of the immediate family to survive the concentration camps.News about the Frank family continues to captivate the public, despite challenges in educating younger generations about the Holocaust.“She has allowed millions of people, maybe hundreds of millions of people, to identify with persecution at the worst level,” said Richard Breitman, a professor emeritus at American University who has written about the family’s attempts to immigrate to the United States. “Any time there is a glimmer of new information, it’s a big story.”The new research comes at a time when President Donald Trump’s attempts to curb immigration have been likened to those in the World War II era. Trump has repeatedly sought to justify letting fewer people into the country by arguing that criminals and terrorists could be among the immigrants and refugees seeking to enter.Breitman underscored those similarities, pointing to debates over immigration policy today and after Sept. 11. Breitman said that as Frank was trying to get to the United States, the country was instituting an “extreme cutback” on immigration.“It wasn’t just extremists and wackos who believed that there was a serious threat to the security of the United States in 1940 that justified an immigration cutback,” Breitman said. “You can fill in the rest of it after 9/11 and today.”Broek said the researchers did not intend to highlight parallels.“The Anne Frank House researches into the life of Anne Frank and her family, to tell her story as accurate as possible,” Broek said. “The attempted immigration is a part of that story too.”© 2018 New York Times News Service Related Itemslast_img read more

Read More
CATEGORIES:

first_imgOver the past decade, the world has fundamentally changed in a variety of ways, with huge implications for business. We’ve seen the rise of transformational new technologies, for instance, such as cloud, mobile, and big data. When it comes to running a modern security engineering team that keeps your business secure, three changes have been particularly important: speed to market, continuous deployment, and increasing the cost of the attack.Speed to Market Taxes SecurityFor starters, things move a lot faster than they used to. Code that once took weeks or even months to deploy can now go into production almost instantaneously. Plus, we’ve got the added complexity of having more people with access to production systems than ever before as the responsibilities of development and operations teams merge. Last but not least, the cost of launching attacks has dropped significantly, making it a lot easier for hackers to target companies.To adequately address these changes, today’s security engineering teams need to understand continuous deployment and DevOps. Not only that, they need to figure out ways to drive up attack costs to make themselves a harder target for attackers.Near Instantaneous Deployment is the New NormWe’ve come a long way from the days of traditional waterfall, where deployment to production was often months or even years away. In my previous role at Etsy as Director of Security Engineering, we were pushing new code to production an average of 30 times a day. Additionally, we were constantly iterating in production using feature flags, ramp ups, and A/B testing — something that’s been a game changer for security requiring everyone to adopt a completely new mindset.The control we thought we had was really just an illusion. Why? Because every practical development methodology results in shipping code with vulnerabilities in one way or another.In the old deployment models, like waterfall, security functioned as a blocker to the business requiring sign off before allowing anything to go into production. The shift to quicker deployment models is therefore often scary to security teams. It feels like code is now going to be flying out the door without any degree of control.But here’s the thing. The control we thought we had was really just an illusion. Why? Because every practical development methodology results in shipping code with vulnerabilities in one way or another.What makes continuous deployment a better and ultimately safer option is that it allows you to actually react when those vulnerabilities are discovered. That’s critical given most customers’ growing demands and expectations, particularly when issues arise.If you’ve ever lived through waterfall development methodologies or out-of-band patches, then you know how painful it can be when an emergency comes up. Whether it’s because of a security issue, a performance issue, or just a general bug fix, shipping any type of fix, especially for an emergency, has traditionally been incredibly hard. Most organizations that only release every 18 months just aren’t designed to rush something out the door in a matter of days or even weeks. With continuous deployment, by contrast, there’s no such thing as an out-of-band patch. An “emergency fix” is just one of the dozens of deployments that are already going to happen that day.With continuous deployment, by contrast, there’s no such thing as an out-of-band patch. An “emergency fix” is just one of the dozens of deployments that are already going to happen that day.What makes continuous deployment safe?In a word, safety comes from “visibility.” Over the past five years, DevOps teams have been focused on increasing visibility and awareness to facilitate informed decision-making. Although security is a few years behind the curve here, we’re finally headed in that direction now, too.To explain why, let me draw an analogy to aviation. Security, at present, is like piloting a plane without any instruments. Sure, you can fly, but when there are bumps along the way you have no idea if it’s because you’ve just hit some turbulence or because your engines are on fire. In other words, it’s like living in a binary world where things are either fine or they’re not, when of course it’s never really that black or white.Thankfully, with the shift to DevOps and continuous deployment, we have the opportunity to gain far greater visibility and awareness than ever before so that we can make better decisions. Of course, to ensure the kind of visibility and awareness you need, you’ve got to actively share information with other teams and organizations. One way of doing this is by embracing the cultural change that the shift to DevOps/continuous deployment often triggers.Greater Communication is KeyWith continuous deployment, you no longer kick your code over to Q&A for six weeks and then on to staging for twelve more. Instead, you perform code reviews and tests and then ultimately deploy it to production yourself. By removing the old organizational blockers, speed is dramatically increased.For security engineering teams, this means that if you’re a roadblock to development, it’s now easy for them to work around and actively avoid you. A big part of the solution is better communication, and here are some key lessons learned:Don’t be a jerk. This should be obvious, but empathy needs to be a core part of your security team’s culture. People should want to talk to security, so make sure that you’re hiring with that in mind. Especially important is empathy with operations and development teams. Understanding their daily battles and commiserating gives you credibility making you more successful in the long run.Make realistic tradeoffs. Don’t fall into the trap of thinking every issue is critical. If you prioritize the ones that really matter and agree to not hold up the works for those that don’t, you’ll find that teams will be much more willing to engage with you.Explain impact clearly. Telling colleagues in another department that “if an attacker did X and Y, our user data would be compromised” paints a clear picture. Telling them that “the input validation in this function is weak” doesn’t. Remove the security language barrier by speaking in plain English.Reward people who communicate with your team. Believe it or not, t-shirts, gift cards and high fives all work (shockingly) well. Creating a culture where interacting with security is seen as a positive thing will dramatically pay off.Take the false positive hit yourself. Wherever possible, avoid sending unverified issues to engineering / operations teams. When issues are discovered or reported, have the security engineering team verify them and potentially even make the first attempt at a patch. When security sends loads of unverified issues to engineering teams that turn out to be false positives, engineering will rightfully ignore future communications from the security team which is exactly what you want to avoid.Scale via team leads. Build relationships with technical leads from other teams, encouraging them to make security part of their team’s culture. This ensures that when new engineers join their respective teams, security is emphasized to them even without your direct involvement.While it may sound trivial, the best you thing you can do to help ensure the success of your security team is to promote better communication.Widespread Access Needs to be ManagedMost startups begin with a pretty simple access control policy: everyone gets access to everything. That’s particularly true as development and operations teams merge. Of course, as organizations grow and scale, this becomes increasingly problematic and pressure starts to mount to put some policies and regulations around who can access what.The key to getting it right is avoiding knee-jerk reactions and taking away capabilities from people when they’re just trying to do their job. Instead, focus on building safe ways to perform needed job functions, by taking the following approach:MethodologyDon’t be a blocker, be an enabler. Figure out what the underlying function or capability is that your colleagues need. What is it that they require to get their job done? Once you understand the need, get out of the way!Do not say NO, instead deliver alternative solutions. Create an alternative, safe way for them to perform the function or capability. Give better ways to get the job done and employees will use them.Build options and impact change. Transition your entire organization over to the new, safer way of doing things. A transition takes time, don’t expect this to happen over night.Phase out the old in a controlled manner. Begin soft-failing the old system, setting up alerts to notify you of any usage of the old unsafe way of doing things so you can correct those instances.In PracticeAn often seen example of this is where a large percentage of the development organization has SSH access to production systems. SSH is typically used in an administrative capacity to provide access to a prompt on a remote or local system. In this case, the steps to improving security are:Determine why SSH access is needed to production systems. Often it’s due to needing to be able to view application logs to debug issues.Create the alternative solution. In this case application logs used for debugging are the required item, not SSH. Therefore, by providing an alternative way to safely access that data via a central logging system like Splunk, ELK, etc., SSH access can be removed over time.Transition over time. Publicize the new alternative way to access the data. When users are aware of a new, better, and more secure way of getting their jobs done they will naturally transition to the new system.Monitor on behavioral anomalies. Begin alerting on SSH access to production systems so a reminder about the new approach can be sent. Again this is a phase in the transition of users to the new system. Continue to softly alert them to the new and improved method without becoming the department of “no.”After transition, push the final hold outs. Restrict SSH access down to only those which require it, ex: sysops. Make sure that you have given ample time and direction to those in need of the solution.If you take this approach, everyone wins. Security doesn’t become a blocker by removing capabilities that people need to be effective, but instead they provided a safe approach to perform the required tasks.Increasing the Cost of Attack Brings Advantage to the DefenderAlthough it has become cheaper and easier to conduct attacks, there are several ways to use this to your advantage as a defender. Some of the most effective approaches are to run realistic attack simulations against your organization, have a disclosure policy, and potentially even a bug bounty program. The goals of these sorts of programs are to:Incentivize people to report issues to you.Drive up the costs of vulnerability discovery and exploitation.Provide external validation of where your security program is and isn’t working.If you’re worried about budgetary concerns, money is rarely the main motivation for researchers reporting issues (although it certainly helps!). Similarly, if you’re concerned about inviting attacks, the fact is that if you’re on the Internet you already get a free penetration assessment every single day, you just don’t receive the report.Before launching a disclosure program or a bounty, one of the most effective things you can do is take note of what vulnerability classes you expect to see and what ones you don’t. You can then compare your expectations against the issues that actually wind up getting reported to provide extremely useful data on where your security program is working well and where it needs adjustment and iteration.If you’re concerned about inviting attacks, the fact is that if you’re on the Internet you already get a free penetration assessment every single day, you just don’t receive the report.Keep Calm and Enable Your BusinessThe shift to DevOps and continuous deployment often feels scary to security teams because it represents such a significant departure from the way we’ve approached security in the past. However, instead of reducing security this transition actually affords us a unique opportunity to fundamentally shift the position of security from being a blocker to enabling greater business velocity.AddThis Sharing ButtonsShare to FacebookFacebookShare to TwitterTwitterShare to PrintPrintShare to EmailEmailShare to MoreAddThislast_img read more

Read More