Monday, June 19, 2017

pfSense Brand Refresh



----
pfSense Brand Refresh
// Netgate Blog

On Monday, June 5, 2017, Netgate®, the host of the pfSense® Project, unveiled its new company brand, as well as an updated brand logo for pfSense software.

The pfSense distribution has been available as an open source firewall since 2006. As the undisputed leader of open source firewalls, pfSense now has over 600,000 installs - providing IT security for consumer, businesses, higher education institutions, and government agencies on all seven continents.


----

Read in my feedly


Sent from my iPhone

What’s In a Name? Does DevOps Mean Just Dev and Ops?



----
What's In a Name? Does DevOps Mean Just Dev and Ops?
// Chef Blog

One of the challenges in implementing DevOps practices and processes is spreading collaboration beyond developers and operations engineers.

At InformationWeek's Interop ITX conference last month, Nathen Harvey, our VP of Community Development, pointed to one reason many organizations struggle. It's right there in the name.

I hate the word DevOps.

If you want a high velocity organization you can't just focus on two departments. It involves everyone.

Nathen Harvey at Interop ITX

Jennifer Davis, senior software engineer at Chef and co-author of Effective DevOps, agrees that the name for DevOps can be misleading.

"Understanding the context of other departments within our organizations helps to repair wasted time and effort spent on unnecessary work and helps to minimize unplanned work…Security, marketing, legal, and sales can all be part of a successful DevOps transformation."

Jennifer Davis, in Implementing DevOps: 5 Obstacles to Overcome, ZDNet

Maybe we need to expand the word (and definition) to include more of the business. We already have DevSecOps. Why not DevMarkOps, DevSalesOps, or DevOps, Esq. ?

No matter what we call it, there will sometimes be challenges in getting buy-in on new practices from the business side of an organization.

"We are technologists. We are leaders in our organizations. We need to speak the language of business [and] the language of business is about moving faster."

Nathen Harvey at Interop ITX

The best way to encourage DevOps within your company is to focus on the value increased velocity — or the time from idea to when software is shipped to users — will bring to the business.

Aligning DevOps measurement with critical business outcomes allows everyone to see the value or work yet to be done in order to see improvements with the process. These outcomes are:

  • Speed: The rate of software change, measured by deployment frequency and time from commit to deploy.
  • Efficiency: Effectiveness of software change, measured by change failure rate and mean time to recovery.
  • Risk: Quality of software change, measured by compliance audit frequency and time to deploy remediation.

Nathen explained these three metrics in an article for IBM's developerWorks blog.

These metrics are one cohesive set. Companies cannot pick and choose a la carte, otherwise they will not be laddering up to the larger outcome of building a high-velocity organization. Outperformance is correlated only with organizations that achieve all of these metrics. The outcomes of effectively implementing DevOps mean increased speed, efficiency and decreased risk. Measuring DevOps performance allows teams to analyze where they are succeeding and where improvements need to be made so companies can continue to drive innovative solutions to exceed customer needs and ship better software experiences faster and more reliably.

Measuring your success with DevOps also ensures you're incorporating everyone into the practice, not just developers and operations teams.
In the end, it's important to remember what Nell Shamrell-Harrington explained in the 'History of DevOps':

Ops and Dev actually have the same job, and that is to enable the business to function. And the truth about business is that all businesses require change.

In that context, it's everybody's job to make the business better at delivering change faster, more efficiently while improving risk management. Of course, we'd love to help you with that.

The post What's In a Name? Does DevOps Mean Just Dev and Ops? appeared first on Chef Blog.


----

Read in my feedly


Sent from my iPhone

Our First Month with Learn Chef Rally



----
Our First Month with Learn Chef Rally
// Chef Blog

One month ago, we launched a new learning site for Chef practitioners called Learn Chef Rally. The release was a very exciting moment for our team and we were thrilled to share it all with many of you at ChefConf 2017. We debuted a completely revamped website, with 12 tracks and over 50 modules.

It's not all tweets. The positive feedback translated into usage. Here are some highlights:

  • Over 12,000 of you tried one or more modules
  • 3,000+ rallygoers created accounts to track progress and start collecting badges. Nice work everyone!
  • You have collected more than 650 badges for completing tracks so far! Here are the most popular badges and how many people have earned each so far.

Getting Started: 326

Infrastructure Automation: 102

Developer Essentials: 52

Local Development and Testing: 31

Becoming Part of the Chef Community: 25

If you haven't started collected badges, head to Learn Chef Rally to create your account or log in.
Already have those badges and looking for a new challenge? Give our Extending Chef, Integrated Compliance or Continuous Automation tracks a spin. These badges are much harder to come by!

Coming Back for More

The most exciting and encouraging stat that I've pulled thus far is the Learn Chef return rate. We're seeing 20% more users return to learn.chef.io on the same day since the launch of Learn Chef Rally. Our mission is to make Learn Chef Rally something that you all would enjoy and find useful, this metric shows me that we're on the right path.
If you haven't had a chance to check out Learn Chef Rally, be sure to do so by clicking here. Be sure to log in or create an account to track your progress.
Thank you all for helping us make Learn Chef Rally a success. Stay tuned for more updates and more content very soon.

The post Our First Month with Learn Chef Rally appeared first on Chef Blog.


----

Read in my feedly


Sent from my iPhone

Tuesday, June 13, 2017

Adobe Fixes 21 Critical Vulnerabilities with June Patch Tuesday Update



----
Adobe Fixes 21 Critical Vulnerabilities with June Patch Tuesday Update
// Threatpost | The first stop for security news

Adobe fixed 21 vulnerabilities across four products - Flash, Shockwave Player, Captivate, and Adobe Digital Editions - on Tuesday.
----

Read in my feedly


Sent from my iPhone

Microsoft Patches Two Critical Vulnerabilities Under Attack



----
Microsoft Patches Two Critical Vulnerabilities Under Attack
// Threatpost | The first stop for security news

Microsoft patched 95 vulnerabilities today, including two under attack.
----

Read in my feedly


Sent from my iPhone

Risk of ‘Destructive Cyber Attacks’ Prompts Microsoft to Update XP Again



----
Risk of 'Destructive Cyber Attacks' Prompts Microsoft to Update XP Again
// Threatpost | The first stop for security news

Citing an elevated risk for destructive attacks, Microsoft today included patches for vulnerabilities in Windows XP among its Patch Tuesday updates.
----

Read in my feedly


Sent from my iPhone

Microsoft Patch Tuesday - June 2017



----
Microsoft Patch Tuesday - June 2017
// Talos Blog

Today, Microsoft has release their monthly set of security updates designed to address vulnerabilities. This month's release addresses 92 vulnerabilities with 17 of them rated critical and 75 rated important. Impacted products include Edge, Internet Explorer, Office, Sharepoint, Skype for Business, Lync, and Windows.


Vulnerabilities Rated Critical

CVE-2017-0283

This is a remote code execution vulnerability in Windows Uniscribe related to improper handling of objects in memory. The attack can result in the attacker gaining full control of the affected system. This can be exploited through multiple vectors including viewing a specially crafted website or a user opening a specially crafted document file.

CVE-2017-0291 / CVE-2017-0292

These are remote code execution vulnerability in Microsoft Windows if a user opens a specially crafted PDF file. The attack results in potential arbitrary code execution in the context of the current user and can be exploited by having the user open a specially crafted PDF file.

CVE-2017-0294

This is a remote code execution vulnerability in Microsoft Windows related to the failure to properly handle cabinet files. This is exploitable by an attacker having a user to open a specially crafted cabinet file or spoofing a network printer and tricking the user into installing a malicious cabinet file disguised as a printer driver.

CVE-2017-8464

This is a remote code execution vulnerability related to the way that Windows Explorer handles LNK files. This vulnerability can be triggered if the icon of a specially crafted shortcut is displayed.

CVE-2017-8496 / CVE-2017-8497

These are remote code execution vulnerabilities in Microsoft's Edge browser related to improper access of objects in memory. This resulting memory corruption can result in arbitrary code execution. These can be exploited by a user visiting a specially crafted website.

CVE-2017-8499

This is a remote code execution vulnerability in the Microsoft Edge JavaScript scripting engine related to the improper handling of objects in memory. The resulting memory corruption could result in arbitrary code execution. This can be exploited by having a user view a specially crafted websites.

CVE-2017-8517

This is a remote code execution vulnerability in the JavaScript engine in Microsoft browsers related to improper handling of objects in memory. Exploitation can occur through a specially crafted website resulting in the attacker gaining taking full control of the affected system.

CVE-2017-8520

This is a remote code execution vulnerability in Microsoft Edge JavaScript scripting engine related to the way the engine handles objects in memory. The resulting corruption of memory can result in arbitrary code execution. This can be exploited by a user visiting a specially crafted webpage.

CVE-2017-8522

This is a remote code execution vulnerability in the way the Javascript engines render when handling objects in memory in Microsoft browsers including both Internet Explorer and Edge. This can be exploited by a user visiting a specially crafted webpage.

CVE-2017-8524

This is a remote code execution in the JavaScript engines in Microsoft Browsers related to improper handling of objects in memory. Exploitation can occur through the viewing of a specially crafted website and can result in the attacker gaining the same user rights as the current user.

CVE-2017-8527

This is a remote code execution vulnerability in the Windows font library related to improper handling of specially crafted embedded fonts. There are multiple ways this vulnerability can be exploited including viewing a specially crafted websites and a specially crafted document opened by the user.

CVE-2017-8528

This is a remote code execution vulnerability in Windows Uniscribe related to improper handling of objects in memory. There are multiple ways this vulnerability can be exploited including viewing a specially crafted websites and a specially crafted document opened by the user.

CVE-2017-8543

This is a remote code execution vulnerability in Windows Search related to the improper handling of objects in memory. This can be exploited by an attacker sending a specially crafted SMB message to the Windows Search service.

CVE-2017-8548 / CVE-2017-8549

These are remote code execution vulnerabilities in the JavaScript engines of Microsoft Browsers related to improper handling of objects in memory. This can be exploited by having a user viewing a specially crafted website.

Vulnerabilities Rated as Important

CVE-2017-0173 / CVE-2017-0215 / CVE-2017-0216 / CVE-2017-0218 / CVE-2017-0219

These are security feature bypass vulnerabilities in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session. This can be exploited by an attacker with access to a local machine by injecting malicious code into a script that is trusted by the Code Integrity policy.

CVE-2017-0193

This is a privilege escalation vulnerability in Windows Hyper-V instruction emulation related to improper privilege level enforcement. This vulnerability could be combined with another vulnerability to take advantage of the elevated privileges while running.

CVE-2017-0260 / CVE-2017-8506

These are remote code execution vulnerabilities in Microsoft Office related to improper input validation prior to loading dynamic link library (DLL) files. They can be exploited by a user opening a specially crafted office document and can result in the attacker gaining full control of the affected system.

CVE-2017-0282 / CVE-2017-0284 / CVE-2017-0285

This is an information disclosure vulnerability in Windows Uniscribe related to improper disclosure of the contents of its memory. This can be exploited by having a user open a specially crafted document or visit an untrusted webpage.

CVE-2017-0286 / CVE-2017-0287 / CVE-2017-0288 / CVE-2017-0289

These are information disclosure vulnerabilities in the Windows GDI functionality that results in disclosure of the contents of memory. This can be exploited by a user opening a specially crafted document or convincing a user to access an untrusted webpage.

CVE-2017-0295

This is a tampering vulnerability in Microsoft Windows that allows an authenticated attacker to modify the C:\Users\DEFAULT folder structure. This is exploitable by an authenticated user prior to the target user logging on locally to the computer. Users that have previously logged on to the system are not impacted by this vulnerability.

CVE-2017-0296

This is a privilege escalation vulnerability that impacts Windows 10. The vulnerability is a buffer overrun corruption that can result in escalation of privilege. This is exploitable by local attacker executing a specially crafted application to elevate privilege.

CVE-2017-0297

This is a privilege escalation vulnerability in the Windows Kernel related to the improper handling of objects in memory. This is exploitable by local attacker executing a specially crafted application to elevate privilege.

CVE-2017-0298

This is a privilege escalation vulnerability in the Windows, specifically when a DCOM object in Helppane.exe that is configured to run as the interactive user fails to improperly authenticate a client. Exploitation occurs by an attacker that is logged into the system and executed a specially crafted application that would exploit the vulnerability after another user logged on to the same system via Terminal Services or Fast User Switching.

CVE-2017-0299 / CVE-2017-0300 / CVE-2017-8462

These are information disclosure vulnerabilities in the Windows kernel related to improper initialization of a memory address allowing the attacker to retrieve information to potentially bypass Kernel Address Space Layout Randomization (KASLR). The vulnerabilities can be exploited by an attacker that is logged on to the affected system and executes a specially crafted application.

CVE-2017-8460

This is an information disclosure vulnerability in Microsoft Windows related to a user opening a specially crafted PDF file. This vulnerability can be exploited by an attacker having a user open a specially crafted PDF file.

CVE-2017-8465 / CVE-2017-8466 / CVE-2017-8468

These are use-after-free vulnerability that can result in privilege escalation. This is specifically triggered when the Windows improperly handles objects in memory. These vulnerabilities can be exploited by the attacker logging in locally or convincing a user to execute a specially crafted application.

CVE-2017-8469 / CVE-2017-8470

This is an information disclosure vulnerability related to the way the Windows kernel improperly initializes objects in memory. This can be triggered by an authenticated attacker executing a specially crafted application.

CVE-2017-8471 / CVE-2017-8472 / CVE-2017-8473 / CVE-2017-8474 / CVE-2017-8475 / CVE-2017-8476 / CVE-2017-8477 / CVE-2017-8478 / CVE-2017-8479 / CVE-2017-8480 / CVE-2017-8481 / CVE-2017-8482 / CVE-2017-8483 / CVE-2017-8484 / CVE-2017-8485 / CVE-2017-8488 / CVE-2017-8489 / CVE-2017-8490 / CVE-2017-8491 / CVE-2017-8492 / CVE-2017-8553

These are information disclosure vulnerabilities in the Windows kernel related to improper initialization of objects in memory. Exploitation can occur by an authenticated attacker executing a specially crafted application.

CVE-2017-8493

This is a security feature bypass vulnerability that exists when Microsoft Windows fails to enforce case sensitivity for certain variable checks. This could result in an attacker being able to set variables that are either read-only or require authentication. This can be exploited by an attacker executing a specially crafted application to bypass UEFI variable security in Windows.

CVE-2017-8494

This is a privilege escalation vulnerability related to improper object handling in memory in Windows Secure Kernel Mode. This can be exploited by a locally-authenticated attacker executing a specially crafted application.

CVE-2017-8507

This is a remote code execution vulnerability in Microsoft Outlook related to parsing of specially crafted email messages. This vulnerability is triggered when Microsoft Outlook processes a specially crafted message that allows script execution. This can be exploited by opening a specially crafted email message.

CVE-2017-8508

This is a security feature bypass vulnerability in Microsoft Office related to the improper handling of the parsing of file formats. The vulnerability by itself does not allow arbitrary code execution, but could be used in conjunction with another vulnerability to take advantage of the security feature bypass to execute arbitrary code. This can be exploited by having a user open a specially crafted file.

CVE-2017-8509 / CVE-2017-8510 / CVE-2017-8511 / CVE-2017-8512 / CVE-2017-8513

These are remote code execution in Microsoft Office related to improper handling of objects in memory. Exploitation occurs when a user opens a specially crafted file. This file could be delivered via an email message or be hosted on a website.

CVE-2017-8514

This is a reflective cross site scripting vulnerability in Microsoft SharePoint Server related to improper sanitization of specially crafted requests. This can be exploited by sending a specially crafted request to an affected SharePoint server and will run the script in the security context of the current user. The request could be delivered via both email message or through a specially crafted URL on a website.

CVE-2017-8515

This is a denial of service vulnerability in Microsoft Windows that is triggered when an unauthenticated attacker sends a specially crafted kernel mode request. This attack could cause a denial of service on the target system, requiring a reboot to resolve.

CVE-2017-8519

This is a remote code execution vulnerability in Internet Explorer related to the objects in memory are improperly accessed. The resulting corruption of memory can result in arbitrary code execution. This can be exploited by a user visiting a specially crafted webpage.

CVE-2017-8521

This is a remote code execution vulnerability in Microsoft Edge JavaScript scripting engine related to the way the engine handles objects in memory. The resulting corruption of memory can result in arbitrary code execution. This can be exploited by a user visiting a specially crafted webpage.

CVE-2017-8523

This is a security feature bypass vulnerability in Microsoft Edge related to a failure to correctly apply Same Origin Policy for HTML elements present in other browser windows. This vulnerability could be leveraged to trick a user into loading a page with malicious content when a user visits a specially crafted website.

CVE-2017-8529

This is an information disclosure vulnerability that targets both Internet Explorer and Edge. The vulnerability resides specifically in print preview and can be triggered by browsing to a specially crafted URL.

CVE-2017-8530

This is a security feature bypass vulnerability in Microsoft Edge related to a failure to correctly enforce Same Origin Policies potentially allowing an attacker to access information from origins outside of the current one. This vulnerability could be leveraged to trick a user into loading a page with malicious content when a user visits a specially crafted website.

CVE-2017-8531 / CVE-2017-8532 / CVE-2017-8533

These are information disclosure vulnerabilities in the Windows CDI component related to improper disclosure of the contents of its memory. They can be exploited by having a user open a specially crafted document or visit an untrusted webpage.

CVE-2017-8534

This is an information disclosure vulnerability in Windows Uniscribe related to the improper disclosure of the contents of its memory. There are multiple ways to exploit this vulnerability including having the user open a specially crafted document of having them visit an untrusted webpage.

CVE-2017-8544

This is an information disclosure vulnerability in Windows Search related to improper handling of objects in memory. This can be exploited by an attacker sending a specially crafted SMB message to the Windows Search service.

CVE-2017-8545

This is a spoofing vulnerability in Microsoft Office for Mac related to the improper sanitization of html or treat it in a safe manner. This can be exploited by sending an email with specific HTML tags that display a malicious authentication prompt and could provide the attacker a user's authentication information or login credentials.

CVE-2017-8547

This is a remote code execution vulnerability in Internet Explorer related to improper access of objects in memory. The vulnerability could result in corrupt memory that can be leveraged to execute arbitrary code. Exploitation can occur by having a user view a specially crafted website.

CVE-2017-8550

This is a remote code execution vulnerability in Skype for Business and Microsoft Lync Servers related to a failure to properly sanitize specially crafted content. An authenticated attacker could leverage this vulnerability to execute HTML and JavaScript content in the Skype for Business of Lync context including opening a web page using the default browser or opening another messaging session with another user. Exploitation would require an attacker to invite a user to an instant message session and then send a message that contains specially crafted JavaScript content.

CVE-2017-8551

This is a privilege escalation vulnerability in SharePoint Server related to the improper sanitization of a specially crafted web request. Successful exploitation could result in cross-site scripting attacks on affected systems and the script running in the security context of the current user. Exploitation occurs by an authenticated attacker sending a specially crafted request to an affected SharePoint Server.

CVE-2017-8555

This is a security feature bypass vulnerability in Microsoft Edge related to improper validation of specially crafted documents in the Edge Content Security Policy. This vulnerability could be leveraged to trick a user into loading a web page with malicious content. Exploitation occurs through a user viewing a specially crafted webpage.

Coverage

In response to these bulletin disclosures, Talos is releasing the following rules to address these vulnerabilities. Please note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Management Center or Snort.org.

Snort Rules:
17042
24500
43155-43166
43169-43176

----

Read in my feedly


Sent from my iPhone

Beware! Over 800 Android Apps on Google Play Store Contain 'Xavier' Malware



----
Beware! Over 800 Android Apps on Google Play Store Contain 'Xavier' Malware
// The Hacker News

Over 800 different Android apps that have been downloaded millions of times from Google Play Store found to be infected with malicious ad library that silently collects sensitive user data and can perform dangerous operations. Dubbed "Xavier," the malicious ad library, initially emerged in September 2016, is a member of AdDown malware family, potentially posing a severe threat to millions of

----

Read in my feedly


Sent from my iPhone

Habitat and InSpec



----
Habitat and InSpec
// Food Fight

Watch Now!

Nell Shamrell-Harrington, Adam Leff, and Tom McLaughlin discuss Habitat and Inspec!

Panel

Show Notes

Picks

Nell

Adam

Tom


----

Read in my feedly


Sent from my iPhone

Introducing NetQ — a fabric validation system providing unparalleled visibility



----
Introducing NetQ — a fabric validation system providing unparalleled visibility
// Cumulus Networks Blog

Today is a big day for us over here at Cumulus Networks! We are pleased to announce the launch of a brand new product designed to bring you unparalleled network visibility & remediation.  The newest addition to the Cumulus Networks portfolio, NetQ, is a telemetry-based fabric validation system that ensures the network is behaving as it was intended to. It allows you to test, validate and troubleshoot using advanced fabric-wide telemetry and Cumulus Linux.

Why NetQ?

To respond to the evolving industry, increasing business demands and growth, many companies have started the web-scale journey by deploying a fully programmable fabric with fully automated configurations across an open network infrastructure. Companies that have implemented some of these best practices are quickly seeing the benefits of agility, efficiency and lowered costs.

However, these organizations are also facing some unknowns: They are worried about making ad-hoc changes that disrupt the network and they can't easily demonstrate "network correctness." They're interested in moving towards intent-based networking methods, but don't have the right technology in place to do so.

Traditional operations tools and workflows weren't built for the speed and scale that a modern cloud data center needs as they are manual, reactive and require a tedious, box-by-box process. Businesses need better notifications, analysis and troubleshooting capabilities.

Today, customers are automating configurations and deploying with web-scale principles, but the "ops" side of the equation has remained the same. In short, the operations side of the business is currently slowing business adoption of web-scale principles.

Operators need a modern, supplemental solution that will support the newest trends in web-scale efficiency. They need a web-scale operations tool.

NetQ brings web-scale agility by upgrading network operations from a manual, reactive, box-by-box process built on old-world polling tools to an algorithmic, preventive, centralized telemetry system built for the modern automated cloud network. NetQ is the next step in the web-scale journey, designed to help give operators the same peace of mind that cloud and network architects and engineers are already experiencing.

What is NetQ

NetQ is a telemetry-based fabric validation system, that ensures the network is behaving as intended.

netq fabric validation architecture

The three core tenants of NetQ are that it is preventative, proactive and diagnostic.

In the preventative workflow, you can validate network behavior when rolling staged configurations into production so you can quickly rollback to previous configurations in case an error occurs. NetQ helps you efficiently determine if the configurations accurately represent what you intend the network to do.

In the proactive workflow, NetQ algorithmically checks for faulty network behavior that results in packet loss or connectivity issues and sends real-time alerts to notify users that a network state deviation has occurred. When alerted, you'll know precisely where the fault occurred so you can remediate quickly.

In the diagnostic workflow, NetQ allows you to go back in time to replay network state, just like if you had a time machine, to see fabric-wide event changelog and find root cause state deviations. NetQ not only allows you to replay network wide events, but also allows for the ability to trace network paths so you can avoid similar issues in the future. Plus, all of this information is available in one single console so you can easily delegate access. Other team members can log in to prove the network without risking disruption.

More specifically, NetQ fabric validation offers you:

  • Preventative workflows to validate configuration while rolling out in production. Innovate with confidence.
  • Proactive alerts for quick remediation. NetQ detects faulty network state and alerts you in real time with precise fault location.
  • Diagnostic analysis of fabric-wide events. It's as if you had a time machine, so you can "go back in time" to replay network state for exact root-cause analysis.
  • Fabric-wide network validation of the entire stack including access to data from layer 1, network topologies, protocols and host environments.
  • A single console with data from every switch on one single screen. Delegate access to infrastructure operators and application owners so they can analyze the network easily.
  • Algorithmic functionality using check, show and trace commands so you can easily automate throughout the entire stack.
  • Seamless integration with existing tools and workflows for change management, CI/CD and automation.
  • Web-scale efficiencies through designing, building and operating data center networks, together with Cumulus Linux.

How do I get started?

We're thrilled to announce the general release of this product and we invite you to explore its features and capabilities. Here are a few documents that will help you do so:

NetQ product page
NetQ white paper
NetQ data sheet
Webinar

If you're interested in seeing a free demo, we encourage you to contact your dedicated sales rep or fill out the form at the bottom of this product page.

The post Introducing NetQ — a fabric validation system providing unparalleled visibility appeared first on Cumulus Networks Blog.


----

Read in my feedly


Sent from my iPhone

Announcing Chef Automate Compliance Training Course



----
Announcing Chef Automate Compliance Training Course
// Chef Blog

How can you ensure that your systems are secure without slowing down your deployments? Use Chef Automate for compliance.

Chef Automate compliance is a solution that allows you to assess your infrastructure's adherence to compliance requirements and to monitor that infrastructure on an ongoing basis. With Chef Automate compliance, you can express your security requirements as code and automate the assessment and remediation of your infrastructure.

Jumpstart your success with Chef Automate and enroll in our new training course: Chef Automate Compliance, designed for DevOps and Information Security Engineers.

Chef Automate Compliance Training Course (1 day)

In this instructor-led Chef Automate Compliance course, you will learn how to use the Chef Automate compliance UIs, perform compliance scans against Windows and Linux nodes, and remediate compliance issues.

In addition, you will learn how to use InSpec, Chef's open source testing framework for infrastructure. You will learn how use InSpec code to create and modify compliance profiles. You will also learn how to use the Chef audit cookbook, which allows you to run compliance profiles as part of the chef-client run. This course includes hands-on exercises to reinforce the material.

View the full course description

Enroll Today!

Our next public offering of this course will be delivered online, Tuesday, July 11, 2017 9:00 AM – 4:00 PM EDT.

Register Now

Compliance Certification

Chef Certification badges and exams for Compliance are currently under development and will be available by end of summer. Start training now to earn this certification!

Learn More About Compliance Automation

The post Announcing Chef Automate Compliance Training Course appeared first on Chef Blog.


----

Read in my feedly


Sent from my iPhone

Awesome Community Chefs – 2017 Award Winners



----
Awesome Community Chefs – 2017 Award Winners
// Chef Blog

Everyone who participates in the Chef Community does exceptional things on a regular basis. This work is worthy of celebration and stands as a testament to the way our community comes together to ensure all members are successful, together. During ChefConf, our annual community reunion, some individuals are recognized for the dramatic impact they have had on the community and our common cause of improving the practice of continuous automation. Four individuals were recognized as Awesome Community Chefs at ChefConf 2017.

Annie Hedgpeth

Annie (@anniehedgie) embraced a new career in technology and quickly became an extremely valuable member of the Chef, InSpec, and DevOps community. Using InSpec as a way to build empathy between security and operations teams, she has made the technology more accessible to everyone by documenting and speaking publicly of her journey. Many InSpec newcomers know of Annie simply because of her blog series that serves us well as an InSpec tutorial.

Annie is fantastic role model thanks to her honesty, humility, and infectious enthusiasm for learning. We are so thrilled she is part of our community.

Ben Dang

Ben (@bdangit) has been hacking in the community seemingly since the day Habitat was launched and the entire community will tell you that he's one of the most helpful individuals to work with. Ben isn't just helpful to new adopters, he also regularly works with the core team to identify and fix bugs, constantly weighs in on features/RFCs, and is in general a wonderful person to have around. Ben recently volunteered to join the Habitat Community Organizer Team as an advocate and we're super excited to have him as model for what we want the Habitat community to be.

Ben has been an absolutely incredible representative for the Habitat community; his care and feeding of new community members, the level of effort he has put towards making people feel welcome and heard, and his overall willingness to jump in and help at the drop of a (habi)hat are the reasons we're ecstatic about having Ben as an integral part of the community.

Sean O'Meara

Sean (@someara) really defined what it means to build cookbooks professionally. He single handedly maintained most of the core community cookbooks for years, helped to develop the library cookbook pattern, and introduced tools like kitchen-dokken to improve the testing process.

He's one of the most insightful and passionate members of our community, and his talks have lead many of us into the light.

 

Nell Shamrell-Harrington

Nell (@nellshamrell) is welcoming to all and shares her enthusiasm and skills with everyone who needs it.  In addition to her work on making Supermarket a delight, Nell has also been a major contributor to the latest Habitat releases.  Nell speaks at conferences, hosts webinars, writes blog posts, and has conversations with community members on the Food Fight Show podcast.  Whether considering your first open source contribution or adopting the latest features of Habitat, Nell is there to help!

Congratulations and thanks are in order for this years Awesome Community Chefs.  Take a minute to thank them on twitter, on github, or in person (maybe with a hug)!  

Have someone you would like to nominate as an Awesome Community Chef for 2018?  You can nominate them now!

The post Awesome Community Chefs – 2017 Award Winners appeared first on Chef Blog.


----

Read in my feedly


Sent from my iPhone

Get Chef Certified for 20% Off with our Summer Discount



----
Get Chef Certified for 20% Off with our Summer Discount
// Chef Blog

The community of Chefs at ChefConf 2017 took full advantage of our on-site certification exams. All told, we delivered over 300 exams. Many people took multiple exams and we had 9 people pass the required three exams to become a Certified Chef Developer. This was a significant achievement, considering we only offered the exams for two afternoons at ChefConf.

One of our newest Certified Chef Developers, Brandon Miller, shared what motivated him to take exams at the conference.

"My goal was validating to myself that the skillset and knowledge I gained over a year of using Chef was not just helping make my job easier, but was following best practices and meeting the standards that not only the Chef team saw fit but the community helped shape."

Brandon's comment is an awesome summary of one of our primary objectives for the certification program. Congratulations to Brandon and to all the other Certified Chef Developers!

Just before ChefConf, we introduced our newest badge and exam, Deploying Cookbooks. This exam blends both the multiple choice and hands on lab challenges into one exam. Based on the feedback we received, we will be moving forward with this blended experience for all exams going forward.

Starting today, we are offering a summer discount for all exams. When purchasing an exam, use the code "SUMMERCERT" for a 20% discount. This discount is good through August 31.

Here is the link to get you started – https://training.chef.io/certification.

If you are not familiar with the Chef certification program, details about the badge exams is here. On that page, you will find links to documents that specify the scope of each exam. This information will help you determine if you are ready or need additional Chef skill development.

Why Get Chef Certified?

  • By demonstrating Chef proficiency you are paving the way to a growing career focused on automation and DevOps
  • With the growing need for Chef practitioners, you put yourself in line for a promotion or a new career opportunity
  • Achieving Chef Certification is an inexpensive way to show proof that your expertise is staying current with the needs of the industry

The post Get Chef Certified for 20% Off with our Summer Discount appeared first on Chef Blog.


----

Read in my feedly


Sent from my iPhone

Monday, June 5, 2017

Apple unveils all-new App Store



----
Apple unveils all-new App Store
// Apple Inc. Press Releases

Apple today unveiled the all-new App Store, designed from the ground up to make discovering apps and games easier than ever before.
----

Read in my feedly


Sent from my iPhone

iMac Pro, the most powerful Mac ever, arrives this December



----
iMac Pro, the most powerful Mac ever, arrives this December
// Apple Inc. Press Releases

Apple today gave a sneak peek of iMac Pro, an entirely new workstation-class product line designed for pro users with the most demanding workflows.
----

Read in my feedly


Sent from my iPhone

iMac receives major update featuring more powerful graphics, faster processors, Thunderbolt 3 and brighter displays



----
iMac receives major update featuring more powerful graphics, faster processors, Thunderbolt 3 and brighter displays
// Apple Inc. Press Releases

Apple adds more powerful graphics, faster processors and brighter Retina display to iMac, and also upgrades processors for MacBook and MacBook Pro.
----

Read in my feedly


Sent from my iPhone

macOS High Sierra advances storage, video and graphics



----
macOS High Sierra advances storage, video and graphics
// Apple Inc. Press Releases

Apple today previewed macOS High Sierra, the latest version of the world's most advanced desktop operating system.
----

Read in my feedly


Sent from my iPhone

iOS 11 brings new features to iPhone and iPad this fall



----
iOS 11 brings new features to iPhone and iPad this fall
// Apple Inc. Press Releases

Apple today previewed iOS 11, bringing new experiences and hundreds of new features to iPhone and iPad this fall.
----

Read in my feedly


Sent from my iPhone

watchOS 4 brings more intelligence and fitness features to Apple Watch



----
watchOS 4 brings more intelligence and fitness features to Apple Watch
// Apple Inc. Press Releases

Apple previews watchOS 4 featuring a proactive Siri watch face, personalized Activity coaching and an entirely new music experience.
----

Read in my feedly


Sent from my iPhone

iPad Pro, in 10.5-inch and 12.9-inch models, introduces the world’s most advanced display and breakthrough performance



----
iPad Pro, in 10.5-inch and 12.9-inch models, introduces the world's most advanced display and breakthrough performance
// Apple Inc. Press Releases

Apple introduces powerful new iPads that feature the world's most advanced display and incredible performance.
----

Read in my feedly


Sent from my iPhone