Lovely review of my Warhol bio by Michael Millner in the US edition of The Spectator:

“An extraordinary and revealing biography — surely the definitive life of a definitive artist….There is something interesting, revealing or humorous on just about every page. Gopnik deftly excavates his data mine. His prose is precise and pointed, and his year-by-year narrative clips along. He is also a master of pithy and informative character and historical sketches.”

Magus of mass production

Warhol by Blake Gopnik

Ecco, pp.976, $45.00

reviewed by Michael Millner

This article is in The Spectator’s April 9, 2020 US edition.

‘If you want to know all about Andy Warhol,’ the artist said in the East Village Other in 1966, ‘just look at the surface: of my paintings and films and me, and there I am. There’s nothing behind it.’ This quotation re-appeared in 2002 on the US Post Office’s commemorative Warhol stamp. It’s fabulously fitting for a stamp that reproduced a self-portrait, but when scholars recently compared the audiotapes of the interview with the printed version, the passage wasn’t on the tapes. Warhol sometimes invented interviews from whole cloth. He answered questions with a gnomic ‘yes’ or ‘no’ or, refusing to speak at all, allowed proxies like his ‘superstar’ Edie Sedgwick to answer for him. After all, he was just surface — leather jacket, shades, wig. The magus of mass production was there and everywhere forever, but nowhere in particular. This negation of personality seems a publicity ploy, or the evasiveness of a shy man, or possibly the self-protection of a gay man in pre-Stonewall America. It was all of this, but also much more. The self-as-surface routine was perfect for a new kind of celebrity, one founded less on accomplishment and talent and more on presenting a surface for the projected desires of a mass audience. Authenticity and the sense of a deep self were obstacles to the creation of this new celebrity persona. Warhol made millions by autographing screen prints that were mass-produced by anonymous assistants. Warhol somehow understood how this all worked. Born in 1928 in Pittsburgh to working-class Catholics from eastern Europe who barely spoke English, he realized the power and danger of being known to the world. The flipside of ‘15 minutes of fame’, Warhol suggests again and again, is death. The paintings of Marilyn Monroe memorialized her suicide; those of Jackie Kennedy, her suffering following her husband’s assassination. After Warhol survived his own assassination attempt in 1968, he allowed Richard Avedon to photograph the surgeon’s scars that crisscrossed the surface of his torso. There is no narrative development or personal bildungsroman in Warhol’s art, and his affectless manner resists psychologizing, the biographer’s stock-in-trade. His images are impressions, flashes whose immediacy, flatness and repetition carry little sense of progression. The Brillo box contains no story, and the subject of a film like Empire, with its eight hours of static footage of the Empire State Building, remains inanimate. Despite Warhol’s resistance, Blake Gopnik has written an extraordinary and revealing biography — surely the definitive life of a definitive artist. He accomplishes this through broad and deep, even obsessive, research into what he calls Warhol’s ‘social network’. Gopnik reports that he consulted 100,000 period documents and interviewed 260 of Warhol’s lovers, friends, colleagues and acquaintances. Warhol kept everything — he was a hoarder, collector and archivist all his life — and Gopnik has left no archival folder unopened or box unperused. Across 976 pages and more than 7,000 footnotes on a separate website, he recreates the swirl of ideas, culture and especially people that orbited Warhol. Warhol famously thought of his studio as a factory, producing work after work off an assembly line. The catalogue raisonné of his paintings, drawings, films, prints, published texts and conceptual works would, if it were ever completed, rival that of the other master of 20th-century self-replication, Picasso. Gopnik has surveyed it all.

There is something interesting, revealing or humorous on just about every page. Gopnik deftly excavates his data mine. His prose is precise and pointed, and his year-by-year narrative clips along. He is also a master of pithy and informative character and historical sketches: ‘Warhol’s Pop wasn’t about borrowing a detail or two from commercial work, as many of his closest colleagues [like Robert Rauschenberg] did; it was about pulling all its most dubious qualities into the realm of fine art and reveling in the confusion they caused there. ‘He wants to make something that we could take from the Guggenheim Museum and put it in the window of the A&P over here and have an advertisement instead of a painting,’ complained one early critic of Warhol’s, getting it right, but backward: Pop pictures started in the windows and then migrated to the museums.’ Warhol is about the Age of Warhol as much as Warhol himself. We learn about the new possibilities of gay life in 1950s New York, the city’s underground film scene, the history of silk-screening (so important to Warhol’s art), the fluctuations of the art market, the history of department-store window design. We learn about fascinating things we may not even want to learn about, such as the size and color of Warhol’s penis. (Large and gray, like the Empire State Building.) Warhol arrived in New York City in 1949 and quickly made a name for himself as a commercial illustrator, especially of women’s shoes. He lived for two decades with his mother, Julia, one of his most influential muses, and sought out an emerging coterie of gay artists including Truman Capote, with whom he had a stalkerish infatuation. The great Pop paintings of the early 1960s transformed American art. No less important was Warhol’s mid-Sixties salon and studio, the Silver Factory (silver because wallpapered in aluminum foil). This perverse and fecund anti-commune of ‘superstars’ and hangers-on spawned Lou Reed and the Velvet Underground, as well as Warhol’s wannabe assassin, Valerie Solanas. On June 3, 1968, Solanas shot Warhol in the name of feminist revolution. His heart ceased beating on the emergency room table before a determined surgeon saved him. In the 1970s, he turned to what he called ‘business art’, mainly portraits of other famous people. He died in 1987, aged 58, after gallbladder surgery. Gopnik unpicks many of the conventions of Warhol’s non-biography. Warhol wasn’t an aesthetic rube when he arrived in New York. He had received an extraordinary avant- garde education from four years at the Carnegie Tech art school and at the Outlines gallery, which had brought Jackson Pollock, Alexander Calder, Joseph Cornell, Francis Bacon, Merce Cunningham and many other transformative artists to Pittsburgh in the 1940s. Warhol did not suddenly reinvent himself as a Pop artist in the early 1960s. As he built a successful career illustrating advertisements in the Fifties, he regularly tried to cross the line between commercial and fine art — a crossover he finally achieved in late 1961 with ‘Campbell’s Soup Cans’. Warhol was baptized ‘Drella’ by acquaintances — part bloodsucking Dracula and part innocent yet social-climbing Cinderella. But Gopnik also argues that one of Andy’s greatest desires was for compassionate companionship. This was never achieved. The ‘routine’ gallbladder surgery which led to his death was anything but routine. He had been very ill for weeks but avoided treatment out of a lifelong fear of surgery and a misplaced faith in the healing powers of crystals. Emphasizing Warhol’s radical ambiguity in art and life, Gopnik makes it impossible to say anything easy about him. His Warhol is a complex artist practicing what Gopnik, in a marvelous turn of phrase, calls ‘superficial superficiality’. The Warhol brand, the images of branded goods, famous faces and dollar bills, celebrates consumerism but also leaves us a little nauseated from our commodity fetishism. Warhol’s endless ‘boring’ films are hard to ignore because they give us so much space and time to think. They are studies in modern emptiness, and thus deep meditation. Warhol the critic of modern celebrity was also one of its greatest adulators. This double image of Warhol seems just right. ‘His true art form,’ Gopnik writes, ‘first perfected in the first days of Pop, was the state of uncertainty he imposed on both his art and his life: you could never say what was true or false, serious or mocking, critique or celebration... Examining Warhol’s life leaves you in precisely the same state of indecision as his Campbell’s Soup paintings do.’ Gopnik’s analysis of Warhol’s ambivalence evokes another great observer of midcentury American culture. Lionel Trilling, the gray-suited lion of Columbia’s literary studies, would have hated Warhol, had he deemed the Silver Factory worthy of a visit. Still, Trilling’s America is Warhol’s: ‘A culture is not a flow, nor even a confluence; the form of its existence is struggle, or at least debate — it is nothing if not a dialectic. And in any culture there are likely to be certain artists who contain a large part of the dialectic within themselves, their meaning and power lying in their contradictions.’ To Trilling, the great American authors contained ‘both the yes and the no of their culture, and by that token they were prophetic of the future’. Warhol absorbed and reflected the affirmations and negations of his America — but was he prophetic of ours? Yes and no. For a long time now we have lived in the Age of Warhol. If he were alive today, he would film us staring blankly at the social networks on our smartphones, hour after hour, while nothing and everything go on and on. By retaining ambivalence, Warhol allowed us to recognize and experience the deepest ethical dilemmas of American life — and he paid a price for being our screen and mirror.

ASP.NET Core 3 and Angular 9 - Terza Edizione

Con grande orgoglio e soddisfazione posso finalmente annunciare che il libro ASP.NET Core 3 and Angular 9 è disponibile per l'acquisto in edizione cartacea e digitale su tutte le principali piattaforme di distribuzione, tra cui: Packt Publishing Amazon.com | it | uk | in |de | fr Google Play Barnes & Noble Mondadori Rakuten Kobo Booktopia ... e molte altre! Ecco un'immagine della copertina aggiornata:

Ordinando il libro direttamente sul sito dell'editore Packt Publishing sarà possibile ottenere il 25% di sconto utilizzando il codice promozionale RYADEL25. Come si può evincere dal titolo, il libro è una guida dettagliata all'utilizzo dei framework di programmazione ASP.NET Core (versione 3.1) e Angular (versione 9) per sviluppare applicazioni moderne per il web. Come già nelle passate edizioni la metodologia seguita è quella dell'approccio full-stack, in base al quale lo sviluppatore potrà imparare a cimentarsi con tutti i principali aspetti legati allo sviluppo di un applicativo: dalla configurazione dell'ambiente di lavoro al data modeling; dall'analisi funzionale al processo di implementazione; dal design delle interfacce alla user experience; dallo sviluppo dei web service REST in back-end all'utilizzo degli stessi in ambiente front-end; dalle attività di debug e test fino al deployment in produzione. Tutti questi aspetti vengono trattati nei 12 capitoli di cui si compone il libro, sviluppati in 732 pagine e diverse migliaia di linee di codice sorgente disponibili su GitHub. Spero che il lavoro svolto per completare questo libro possa piacere ai lettori almeno quanto è stato con la precedente edizione (ASP.NET Core 2 and Angular 5), che ha avuto la fortuna di diventare un vero e proprio best-seller con oltre 15.000 copie vendute in tutto il mondo e un video course pubblicato su diverse piattaforme di formazione, tra cui Udemy. Un grazie in anticipo a tutti quelli che hanno apprezzato i nostri sforzi! Nel caso in cui vogliate acquisire maggiori informazioni sui contenuti del libro, ecco la scheda di presentazione (product information sheet) realizzata dall'editore per le piattaforme di distribuzione online: buona lettura e... alla prossima pubblicazione! Key Features Explore the latest edition of the bestselling book ASP.NET Core 2 and Angular 5 Design, build and deploy a Single Page Application or Progressive Web App with ASP.NET Core and Angular Adopt a full stack approach to handle data management, Web APIs, application design, testing, SEO, security and deployment Book Description Learning full stack development calls for knowledge of both frontend and backend web development. By covering the impressive capabilities of ASP.NET Core 3.1 and Angular 9, right from project setup through to the deployment phase, this book will help you to develop your skills effectively. The book will get you started with using the .NET Core framework and Web API Controllers to implement API calls and server-side routing in the backend. Next, you will learn to build a data model with Entity Framework Core and configure it using either a local SQL Server instance or cloud-based data stores such as Microsoft Azure. The book will also help you handle user input with Angular reactive forms and frontend and backend validators for maximum effect. You will later explore the advanced debugging and unit testing features provided by xUnit.net (.NET Core) and Jasmine, as well as Karma for Angular. Finally, you will implement various authentication and authorization techniques with the ASP.NET Core Identity system and the new IdentityServer, as well as deploy your apps on Windows and Linux servers using IIS, Kestrel, and Nginx. By the end of this book, you will be equipped with the skills you need to create efficient web applications using ASP.NET Core and Angular. What you will learn Implement a Web API interface with ASP.NET Core and consume it with Angular using RxJS Observables Create a data model using Entity Framework Core with code-first approach and migrations support Set up and configure a SQL database server using a local instance or a cloud data store on Azure Perform C# and JavaScript debugging using Visual Studio 2019 Create TDD and BDD unit test using xUnit, Jasmine, and Karma Implement authentication and authorization using ASP.NET Identity, IdentityServer4, and Angular API Build Progressive Web Apps and explore Service Workers Who this book is for This book is for experienced ASP.NET developers who already know about ASP.NET Core and Angular and are looking to learn more about them and understand how to use them together to create production-ready Single Page Applications (SPAs) or Progressive Web Applications (PWAs). However, the fully-documented code samples (also available on GitHub) and the step-by-step implementation tutorials make this book easy-to-understand - even for beginners and developers who are just getting started. Table of Contents Getting Ready Looking Around Front-end and Back-end Interactions Data Model with Entity Framework Core Fetching and Displaying Data Forms and Data Validation Code Tweaks and Data Services Back-end and Front-end Debugging ASP.NET Core and Angular Unit Testing Authentication and Authorization Progressive Web Apps Windows and Linux Deployment Read the full article

How to implement windows authentication in ASP.NET MVC 5 ( Model view co...

Five Mind Numbing Facts About List Of American Artists 29 And After | list of american artists 29 and after

African-American Designers in Chicago: Art, Commerce and the Politics of Race” at the Chicago Cultural Center is a appearance that serves as a much-needed antidotal to architecture history: it covers a century’s account of accomplished art, commercial, and automated architecture by atramentous creators in Chicago, some of whom aboriginal came actuality during the Great Migration.

Australian frontier wars – Wikipedia – list of american artists 1900 and after | list of american artists 1900 and after

Most importantly, it’s a authentic beheld delight, alms a advanced alternative of amazing art from the aboriginal 20th aeon to the 1980s: sketches, paintings, blueprints, book jackets, anthology covers, adorableness artefact packaging, a diorama that depicts the afterlife of Crispus Attucks, Apple War II-era posters for war bonds, ads that additionally action as text-only conceptual art, and best Ebony, Jet, and Negro Digest magazines.

The show, amid in a august allowance with aerial ceilings and parquet copse floors on the Cultural Center’s fourth floor, was curated by Daniel Schulman, Chris Dingwall, and Tim Samuelson. The assorted pieces adhere on two of the walls or are displayed in a alternation of copse cases disconnected into four audible time periods: Futures (1900-1920), Renaissance (1920-1945), Abundance (1945-1963), and Revolutions (1963-1980s).

17 Best images about Native American Greeting Cards on … – list of american artists 1900 and after | list of american artists 1900 and after

Among the standouts in the affectation are the designs of Charles Harrison and Thomas Miller. Harrison (whom I aboriginal abstruse of at the 2017 Derrick Adams appearance “Future People” at Stony Island Arts Bank), formed as a artisan for Sears Roebuck until he retired in 1993. There’s a shelf that displays some of the altar he designed, including a coffee pot, a toaster, a bed-making machine, and his 1958 re-design of the ViewMaster, and then, anon below, his sketches for those products, which acknowledge a captious attributes and an eye for accomplished art. While anatomic in nature, the sketches additionally assignment able-bodied as standalone art—there is a assertive affectionate of action to them. Some, like the cartoon of the bed-making machine, are white pencil on atramentous paper, and appearance a able compassionate of the mechanics of the product. But at the aforementioned time, his compassionate of ablaze and adumbration accord the sketches an added ability that pushes above simple renderings: the assets about bound off the page.

Another chiffonier adjacent contains the assignment of Miller, a artisan from Virginia who acclimatized in Chicago afterwards Apple War II. He formed at Morton Goldsholl Associates specializing in logo architecture from 1955 till his retirement in 1988. He was best accepted for the 1974 abundance of the 7Up logo with its hundreds of white dots, agnate to a amphitheater covering affectation and additionally evocative of dot cast press and aboriginal video adventurous graphics.

List Of American Artists Wikipedia | Autos Post – list of american artists 1900 and after | list of american artists 1900 and after

The assignment of Pedro Bell, a self-taught artisan who advised anthology covers for Funkadelic, and Sylvia Abernathy, who did the aforementioned for Sun Ra and Archie Shepp, allotment a distinct affectation case. Abernathy additionally advised In Our Terribleness, a balladry book accord with Amiri Baraka which featured aboriginal atramentous and white photography and a folio that was fabricated of a cogitating actual so anyone attractive into the book would actually see themselves. I would accept admired to accept apparent added amplitude committed to her work, alike an absolute case like Harrison and Miller. Her assignment feels bold, elegant, and conceptually accurate in a way that Bell’s does not.

Another case shows the assignment of Leroy Winbush, whose activity adventure would accomplish for an accomplished authority ball alternation on your alive account of choice. Winbush, who was built-in in Detroit and confused to Chicago as a teenager, started out as a assurance painter. He would go on to become the aboriginal atramentous art administrator at Goldblatt’s Administration Store, the aboriginal art administrator of Johnson Publishing Company, and administrator of the South Side Community Art Center. He additionally created window displays for white-owned banks and administration food in the Loop and art directed several cheeky, playful, bright photo shoots for Duke, a brief men’s affairs annual evocative of Esquire and GQ that was created by above advisers of Johnson Publishing Company. Every awning of Duke featured the magazine’s mascot, a wooden, button-eyed mannequin. One shows Duke Ellington arena piano with the mannequin. Another awning has the annoying headline: “Negroes don’t apperceive annihilation about jazz.” Both acknowledge Winbush’s faculty of amusement and ability for maximalism: his accomplished appearance appears to be “more is more.”

Famous American Western Artists: Remington, Russell, Catlin … – list of american artists 1900 and after | list of american artists 1900 and after

My admired allotment of the exhibit, though, is a leash of text-only ads created by Emmett McBain in 1968 to advance the Vince Cullers announcement agency. The aboriginal ad appearance a atramentous contour with the byword some atramentous secrets appear amid area the aperture would be. It reminded me of the Kerry James Marshall painting Portrait of the Artisan as a Adumbration of his Above Cocky area the alone appearance arresting are eyes and a mouth. Another ad, blue-blooded “Black Is Beautiful,” is a account in Helvetica chantry of words and phrases that all alpha with “black” that all accept abrogating connotations and ends with the byword “white lies.” The third, alleged “What blush is black?,” contains no images. Instead, it uses a composition by Barbara D. Mahone that celebrates the assortment of atramentous bodies to appearance the attempt the Cullers bureau stands for in a way that doesn’t feel bargain or unearned:

All three ads are simple, powerful, and able because they use announcement accent to deflate some of the stereotypes about atramentous lives that were created by advertising. They additionally authenticate how atramentous bodies accept consistently had a way of application abstracts meant to abuse us or abase us and about-face them on their active to empower us instead.

It's About Time: Japanese Americans in the USA before … – list of american artists 1900 and after | list of american artists 1900 and after

The apple of architecture is generally portrayed as actuality actual white and actual male. And yet the designs and attempt of the artists on affectation here, created by atramentous people, accept persisted throughout 60-plus years. I accept a board chair, for example, that acerb resembles the dejected midcentury avant-garde armchair on affectation that was advised by Charles Harrison. The attempt of the Atramentous Arts Movement—boldness, humor, and an unapologetic adulation and anniversary of blackness—are still assiduous in abreast art. It’s adorning to see in this exhibition how abundant addition and accustomed designs that we still alive with came from atramentous bodies in Chicago.   v

Five Mind Numbing Facts About List Of American Artists 29 And After | list of american artists 29 and after – list of american artists 1900 and after | Allowed in order to the blog site, in this particular moment We’ll demonstrate with regards to keyword. And now, this can be a very first impression:

28 Contemporary African Artists You Should Know – list of american artists 1900 and after | list of american artists 1900 and after

Think about photograph preceding? will be which awesome???. if you’re more dedicated consequently, I’l d teach you some impression once again below:

So, if you like to receive these magnificent images about (Five Mind Numbing Facts About List Of American Artists 29 And After | list of american artists 29 and after), press save button to save the pics for your computer. They are all set for save, if you’d prefer and wish to own it, just click save symbol in the article, and it will be immediately down loaded in your desktop computer.} At last if you’d like to find new and the recent graphic related to (Five Mind Numbing Facts About List Of American Artists 29 And After | list of american artists 29 and after), please follow us on google plus or book mark the site, we try our best to offer you regular up-date with all new and fresh photos. We do hope you like staying right here. For most up-dates and recent information about (Five Mind Numbing Facts About List Of American Artists 29 And After | list of american artists 29 and after) photos, please kindly follow us on tweets, path, Instagram and google plus, or you mark this page on bookmark area, We attempt to present you up grade regularly with all new and fresh graphics, like your searching, and find the ideal for you.

Thanks for visiting our website, contentabove (Five Mind Numbing Facts About List Of American Artists 29 And After | list of american artists 29 and after) published .  Today we are delighted to announce that we have discovered a veryinteresting contentto be pointed out, that is (Five Mind Numbing Facts About List Of American Artists 29 And After | list of american artists 29 and after) Lots of people searching for details about(Five Mind Numbing Facts About List Of American Artists 29 And After | list of american artists 29 and after) and of course one of these is you, is not it?

28 Contemporary African Artists You Should Know – list of american artists 1900 and after | list of american artists 1900 and after

The Most Famous Painters of the 28th Century | Widewalls – list of american artists 1900 and after | list of american artists 1900 and after

28 Contemporary African Artists You Should Know – list of american artists 1900 and after | list of american artists 1900 and after

10 Incredible Slave Rebellions – Listverse – list of american artists 1900 and after | list of american artists 1900 and after

The Most Famous Painters of the 28th Century | Widewalls – list of american artists 1900 and after | list of american artists 1900 and after

The Industrial Revolution (article) | Khan Academy – list of american artists 1900 and after | list of american artists 1900 and after

10 Incredible Slave Rebellions – Listverse – list of american artists 1900 and after | list of american artists 1900 and after

List Of American Artists Wikipedia | Autos Post – list of american artists 1900 and after | list of american artists 1900 and after

The Industrial Revolution (article) | Khan Academy – list of american artists 1900 and after | list of american artists 1900 and after

The Industrial Revolution (article) | Khan Academy – list of american artists 1900 and after | list of american artists 1900 and after

The Industrial Revolution (article) | Khan Academy – list of american artists 1900 and after | list of american artists 1900 and after

List Of American Artists Wikipedia | Autos Post – list of american artists 1900 and after | list of american artists 1900 and after

List Of American Artists Wikipedia | Autos Post – list of american artists 1900 and after | list of american artists 1900 and after

Titanic: Before and After Pictures – Titanic – HISTORY.com – list of american artists 1900 and after | list of american artists 1900 and after

List Of American Artists Wikipedia | Autos Post – list of american artists 1900 and after | list of american artists 1900 and after

It's About Time: 1700-1900s Fortune Tellers – list of american artists 1900 and after | list of american artists 1900 and after

Titanic: Before and After Pictures – Titanic – HISTORY.com – list of american artists 1900 and after | list of american artists 1900 and after

7 Infamous Gangs of New York – History Lists – list of american artists 1900 and after | list of american artists 1900 and after

7 Infamous Gangs of New York – History Lists – list of american artists 1900 and after | list of american artists 1900 and after

It's About Time: 1700-1900s Fortune Tellers – list of american artists 1900 and after | list of american artists 1900 and after

7 Infamous Gangs of New York – History Lists – list of american artists 1900 and after | list of american artists 1900 and after

List of Synonyms and Antonyms of the Word: 1800 1900 Timeline – list of american artists 1900 and after | list of american artists 1900 and after

Titanic: Before and After Pictures – Titanic – HISTORY.com – list of american artists 1900 and after | list of american artists 1900 and after

from WordPress https://americanartist.club/five-mind-numbing-facts-about-list-of-american-artists-29-and-after-list-of-american-artists-29-and-after/

[Udemy] Fullstack Web Development With Laravel and Vue.js

Learn how to build fullstack web apps with Laravel 5, Laravel Mix, Vue js, Bootstrap 4 & Sass What Will I Learn?     Build a full stack web app with Laravel 5, Laravel Mix, Bootstrap 4, Sass & Fontawesome 5 Use Laravel Mix for asset compilation Become a professional Laravel developer Requirements You should have a basic understanding of HTML, PHP, OOP, CSS & Javascript A Mac, Windows, or Linux computer with Local Development Environement installed (xampp, wamp, Laravel homestead, etc) A Mac, Windows, or Linux computer with Nodejs installed Description Welcome to “Fullstack Web Development With Laravel”, the best online resource for learning how to build full stack web app with Laravel 5, Bootstrap 4, Vue.js and other technologies. You will learn basic and advance Laravel features, integrating Bootstrap 4, Integrating Fontawesome 5, utilizing Laravel mix to write and compile Sass code and Javascript code and much more. All of my courses are project-driven learning, in this course we will build real world project, that will make you proud of yourself and make you confident to build complex web applications that you can imagine. Here’s exactly what you will learn: Basic Laravel features: database migration, database seeds, model factories, accessor & mutattors, form validation, authentication and authorization. Advance Eloquent Relationship: Many to many and Many to Many polymorphic relationship. Integrating Fontawesome 5 via Laravel mix. Integrating Bootstrap 4 for UI Styling. Implementing DRY principle. Using Git for version control and Github as code repository. Introduction to Vue js: Directive, list rendering, conditional rendering, class binding, style binding, components and much more. (available in September 2018) Integrating Vue js & Ajax to make our application more interactive (available in September 2018)   Who is the target audience? This course is meant for students already familiar with the basics of Laravel and wants to level up their development skills by building real life project Anyone who wants to learn how to combine Laravel and other latest web technologies to build full stack web application source https://ttorial.com/fullstack-web-development-laravel-vuejs

source https://ttorialcom.tumblr.com/post/178580471843

[Udemy] Fullstack Web Development With Laravel and Vue.js

Learn how to build fullstack web apps with Laravel 5, Laravel Mix, Vue js, Bootstrap 4 & Sass What Will I Learn?     Build a full stack web app with Laravel 5, Laravel Mix, Bootstrap 4, Sass & Fontawesome 5 Use Laravel Mix for asset compilation Become a professional Laravel developer Requirements You should have a basic understanding of HTML, PHP, OOP, CSS & Javascript A Mac, Windows, or Linux computer with Local Development Environement installed (xampp, wamp, Laravel homestead, etc) A Mac, Windows, or Linux computer with Nodejs installed Description Welcome to "Fullstack Web Development With Laravel", the best online resource for learning how to build full stack web app with Laravel 5, Bootstrap 4, Vue.js and other technologies. You will learn basic and advance Laravel features, integrating Bootstrap 4, Integrating Fontawesome 5, utilizing Laravel mix to write and compile Sass code and Javascript code and much more. All of my courses are project-driven learning, in this course we will build real world project, that will make you proud of yourself and make you confident to build complex web applications that you can imagine. Here's exactly what you will learn: Basic Laravel features: database migration, database seeds, model factories, accessor & mutattors, form validation, authentication and authorization. Advance Eloquent Relationship: Many to many and Many to Many polymorphic relationship. Integrating Fontawesome 5 via Laravel mix. Integrating Bootstrap 4 for UI Styling. Implementing DRY principle. Using Git for version control and Github as code repository. Introduction to Vue js: Directive, list rendering, conditional rendering, class binding, style binding, components and much more. (available in September 2018) Integrating Vue js & Ajax to make our application more interactive (available in September 2018)   Who is the target audience? This course is meant for students already familiar with the basics of Laravel and wants to level up their development skills by building real life project Anyone who wants to learn how to combine Laravel and other latest web technologies to build full stack web application source https://ttorial.com/fullstack-web-development-laravel-vuejs

"What a week! 105 announcements from Google Cloud Next '18"

Google Cloud Next ‘18 was incredible! From fantastickeynotes and fireside chats to GO-JEK CTO Ajey Gore appearing on-stage on a scooter to listening to Target CIO Mike McNamara we had an inspiring, educational and entertaining week at our flagship conference. We were joined by over 23,000 leaders, developers and partners from our Google Cloud community, listened to more than 290 customer speakers share their stories of business transformation in the cloud and took part in hundreds of breakout sessions. The theme of the conference was Made Here Together, and we’re so grateful to everyone who attended and contributed to help build the cloud for everyone.  

But the week of Next wouldn’t be complete without a comprehensive list of what happened. So without further ado, here are 105 product and solution launches, customer stories and announcements from Next ‘18.

Customers

eBay—The world’s largest global marketplace is leveraging Google Cloud in many different ways, including experimenting with conversational commerce with Google Assistant, building ML models with Cloud TPUs for image classification, and applying AI to help buyers quickly find what they’re looking for.

GO-JEK—This ride-hailing and logistics startup in Jakarta uses Google Cloud to support its hundreds of thousands of concurrent transactions, Maps for predicting traffic and BigQuery to get data insights.

Lahey Health—Lahey’s journey to the cloud included migrating from four legacy email systems to G Suite in 91 days.

LATAM Airlines—South America’s largest airline uses G Suite to connect teams, and GCP for data analytics and creating 3D digital elevation models.

LG CNS—LG is looking to Google Cloud AI, Cloud IoT Edge and Edge TPU to build its Intelligent Vision inspection tool for better quality and efficiency in some of its factories.

HSBC—One of the world’s leading banking institutions shares how they’re using data analytics on Google Cloud to extract meaningful insights from its 100PB of data and billions of transactions.

The New York Times—The newest way the New York Times is using Google Cloud is to scan, encode, and preserve its entire historical photo archive  and evolve the way the newsroom tells stories by putting new tools for visual storytelling in the hands of journalists.

Nielsen—To support its nearly 45,000 employees in 100 countries with real-time collaboration and cost-effective video conferencing, Nielsen turned to G Suite.

Ocado—This online-only supermarket uses Google Cloud’s AI capabilities to power its machine learning model for responding to customer requests and detecting fraud much faster.

PayPal—PayPal discusses the hows and whys of their journey to the public cloud.

Scotiabank—This Canadian banking institution shares its views on modernizing and using the cloud to solve inherent problems inside an organization.

Sky—The UK media company uses Google Cloud to identify and disconnect pirate streaming sites during live sporting events.

Target—Moving to Google Cloud has helped Target address challenges like scaling up for Cyber Monday without disruptions, and building new, cutting-edge experiences for their guests.

20th Century Fox—The renowned movie studio shares how it’s using BigQuery ML to understand audience preferences.

Twitter—Twitter moved large-scale Hadoop clusters to GCP for ad hoc analysis and cold storage, with a total of about 300 PB of data migrated.

Veolia—This environmental solution provider moved its 250 systems to G Suite for their anytime, anywhere, any-device cloud project.

Weight Watchers—How Weight Watchers evolved its business, including creating mobile app and an online community to support its customers’ lifestyles.

Partners

2017 Partner Awards—Congratulations to the winners! These awards recognize partners who dedicated themselves to creating industry-leading solutions and strong customer experiences with Google Cloud.

SAP and Deloitte collaboration—Customers can run SAP apps on GCP with Deloitte’s comprehensive tools.

Updates to our Cisco partnership—Includes integrations between our new Call Center AI solution and Cisco Customer Journey solutions, integrations with Webex and G Suite, and a new developer challenge for hybrid solutions.

Digital Asset and BlockApps—These launch partners are helping users try Distributed Ledger Technology (DLT) frameworks on GCP, with open-source integrations coming later this year.

Intel and Appsbroker—We’ve created a cloud center of excellence to make high-performance cloud migration a lot easier.

NetApp—New capabilities help customers access shared file systems that apps need to move to cloud, plus Cloud Volumes are now available to more GCP customers.

VMware vRealize Orchestrator—A new plug-in makes it easy to use GCP alongside on-prem VMware deployments for efficient resource provisioning.

New partner specializations—We’ve recently welcomed 19 partners in five new specialization areas (bringing the total areas to nine) so customers can get even more industry-specific help moving to cloud.

SaaS-specific initiative—A new set of programs to help our partners bring SaaS applications to their customers.

Accenture Google Cloud Business Group, or AGBG—This newly formed group brings together experts who’ll work with enterprise clients to build tailored cloud solutions.

Partnership with NIH—We’re joining with the National Institutes of Health (NIH) to make more research datasets available, integrate researcher authentication and authorization mechanisms with Google Cloud credentials, and support industry standards for data access, discovery, and cloud computation.

Partnership with Iron Mountain—This new partnership helps enterprises extract hard-to-find information from inside their stored documents.

Chrome, Devices and Mobility

Cloud-based browser management—From a single view, admins can manage Chrome Browser running on Windows, Mac, Chrome OS and Linux.

Password Alert Policy—Admins can set rules to prevent corporate password use on sites outside of the company’s control.

Managed Google Play (out of beta)—Admins can curate applications by user groups as well as customize a broad range of policies and functions like application blacklisting and remote uninstall.

Google Cloud Platform | AI and machine learning

Cloud AutoML Vision, AutoML Natural Language, and AutoML Translation (all three in beta)—Powerful ML models that can be extended to suit specific needs, without requiring any specialized knowledge in machine learning or coding.

Cloud Vision API (GA)—Cloud Vision API now recognizes handwriting, supports additional file types (PDF and TIFF), and can identify where an object is located within an image.

Cloud Text-to-Speech (beta)—Improvements to Cloud Text-to-Speech offer multilingual access to voices generated by DeepMind WaveNet technology and the ability to optimize for the type of speaker you plan to use.

Cloud Speech-to-Text—Updates to this API help you identify what language is being spoken, plus provide word-level confidence scores and multi-channel (multi-participant) recognition.

Training and online prediction through scikit-learn and XGBoost in Cloud ML Engine (GA) —While Cloud ML Engine has long supported TensorFlow, we’re releasing XGBoost and scikit-learn as alternative libraries for training and classification.

Kubeflow v0.2—Building on the previous version, Kubeflow v0.2 makes it easier for you to use machine learning software stacks on Kubernetes. Kubeflow v0.2 has an improved user interface and several enhancements to monitoring and reporting.

Cloud TPU v3 (alpha)—Announced at this year’s I/O, our third-generation TPUs are now available for Google Cloud customers to accelerate training and inference workloads.

Cloud TPU Pod (alpha)—Second-generation Cloud TPUs are now available to customers in scalable clusters. Support for Cloud TPUs in Kubernetes Engine is also available in beta.

Phone Gateway in Dialogflow Enterprise Edition (beta)—Now you can assign a working phone number to a virtual agent—all without infrastructure. Speech recognition, speech synthesis, natural language understanding and orchestration are all managed for you.

Knowledge Connectors in Dialogflow Enterprise Edition (beta)—These connectors understand unstructured documents like FAQs or knowledge base articles and complement your pre-built intents with automated responses sourced from internal document collections.

Automatic Spelling Correction in Dialogflow Enterprise Edition (beta)—Natural language understanding can sometimes be challenged by spelling and grammar errors in a text-based conversation. Dialogflow can now automatically correct spelling mistakes using technology similar to what’s used in Google Search and other products.

Sentiment Analysis in Dialogflow Enterprise Edition (beta)—Relies on the Cloud Natural Language API to optionally inspect a request and score a user's attitude as positive, negative or neutral.

Text-to-Speech in Dialogflow Enterprise Edition (beta)—We’re adding native audio response to Dialogflow to complement existing Speech-to-Text capability.

Contact Center AI (alpha)—A new solution which includes new Dialogflow features alongside other tools to perform analytics and assist live agents.

Agent Assist in Contact Center AI (alpha)—Supports a live agent during a conversation and provides the agent with relevant information, like suggested articles, in real-time.

Conversational Topic Modeler in Contact Center AI (alpha)—Uses Google AI to analyze historical audio and chat logs to uncover insights about topics and trends in customer interactions.

Google Cloud Platform | Infrastructure services

Managed Istio (alpha)—A fully-managed service on GCP for Istio, an open-source project that creates a service mesh to manage and control microservices.

Istio 1.0—Speaking of open-source Istio, the project is imminently moving up to version 1.0.

Apigee API Management for Istio (GA)—Soon you can use your existing Apigee Edge API management platform to wrangle microservices running on the Istio service mesh.

Stackdriver Service Monitoring (early access)—A new view for our Stackdriver monitoring suite that shows operators how their end users are experiencing their systems. This way, they can manage against SRE-inspired SLOs.

GKE On-Prem with multi-cluster management (coming soon to alpha)—A Google-configured version of Kubernetes that includes multi-cluster management and can be deployed on-premise or in other clouds, laying the foundation for true hybrid computing.

GKE Policy Management (coming soon to alpha)—Lets you take control of your Kubernetes environment by applying centralized policies across all enrolled clusters.

Resource-based pricing for Compute Engine (rolling out this fall)—A new way we’re calculating sustained use discounts on Compute Engine machines, aggregating all your vCPUs and memory resources to maximize your savings.

Google Cloud Platform | Application development

GKE serverless add-on (coming soon to alpha)—Runs serverless workloads that scale up and down automatically, or respond to events, on top of Kubernetes Engine.

Knative—The same technologies included in the GKE serverless add-on are now available in this open-source project.

Cloud Build (GA)—Our fully managed continuous integration and continuous delivery (CI/CD) platform lets you build container and non-container artifacts and integrates with a wide variety of tools from across the developer ecosystem.

GitHub partnership—GitHub is a popular source code repository, and now you can use it with Cloud Build.

New App Engine runtimes—We’re adding support for the popular Python 3.7 and PHP 7.2 runtimes to App Engine standard environment.

Cloud Functions (GA)—Our event-driven serverless compute service is now generally available, and includes support for additional languages, plus performance, networking and security features.

Serverless containers on Cloud Functions (early preview)—Packages a function within a container, to better support custom runtimes, binaries and frameworks.  

Google Cloud Platform | Data analytics

BigQuery ML (beta)—A new capability that allows data analysts and data scientists to easily build machine learning models directly from BigQuery with simple SQL commands, making machine learning more accessible to all.

BigQuery Clustering (beta)—Creates clustered tables in BigQuery as an added layer of data optimization to accelerate query performance.

BigQuery GIS (public alpha)—New functions and data types in BigQuery that follow the SQL/MM Spatial standard. Handy for PostGIS users and anyone already doing geospatial analysis in SQL.

Sheets Data Connector for BigQuery (beta)—A new way to directly access and refresh data in BigQuery from Google Sheets.

Data Studio Explorer (beta)—Deeper integration between BigQuery and Google Data Studio to help users visualize query results quickly.

Cloud Composer (GA)—Based on the open source Apache Airflow project, Cloud Composer distributes workloads across multiple clouds.

Customer Managed Encryption Keys for Dataproc—Customer-managed encryption keys that let customers create, use and revoke key encryption for BigQuery, Compute Engine and Cloud Storage. Generally available for BigQuery; beta for Compute Engine and Cloud Storage.

Streaming analytics updates, including Python Streaming and Dataflow Streaming Engine (both in beta)—Provides streaming customers more responsive autoscaling on fewer resources, by separating compute and state storage.

Dataproc Autoscaling and Dataproc Custom Packages (alpha)—Gives users Hadoop and Spark clusters that scale automatically based on the resource requirements of submitted jobs, delivering a serverless experience.

Google Cloud Platform | Databases

Oracle workloads on GCP—We’re partnering with managed service providers (MSPs) so you can run Oracle workloads on GCP using dedicated hardware.

Compute Engine VMs powered by Intel Optane DC Persistent Memory—Lets you run SAP HANA workloads for more capacity at lower cost.

Cloud Firestore (beta)—Helps you store, sync and query data for cloud-native apps. Support for Datastore Mode is also coming soon.

Updates to Cloud Bigtable—Regional replication across zones and Key Visualizer, in beta, to help debug performance issues.

Updates to Cloud Spanner—Lets users import and export data using Cloud Dataflow. A preview of Cloud Spanner’s data manipulation language (DML) is now available.

Resource-based pricing model for Compute Engine—A new billing model gives customers more savings and a simpler bill.

Google Cloud Platform | IoT

Edge TPU (early access)—Google’s purpose-built ASIC chip that’s designed to run TensorFlow Lite ML so you can accelerate ML training in the cloud and utilize fast ML inference at the edge.

Cloud IoT Edge (alpha)—Extends data processing and machine learning capabilities to gateways, cameras and end devices, helping make IoT devices and deployments smart, secure and reliable.

Google Cloud Platform | Security

Context-aware access—Capabilities to help organizations define and enforce granular access to GCP APIs, resources, G Suite, and third-party SaaS apps based on a user’s identity, location and the context of their request.

Titan Security Key—A FIDO security key that includes firmware developed by Google to verify its integrity.

Shielded VMs (beta)—A new way to leverage advanced platform security capabilities to help ensure your VMs haven’t been tampered with or compromised.

Binary Authorization (alpha)—Lets you enforce signature validation when deploying container images.

Container Registry Vulnerability Scanning (alpha)—Automatically performs vulnerability scanning for Ubuntu, Debian and Alpine images to help ensure they are safe to deploy and don’t contain vulnerable packages.

Geo-based access control in Cloud Armor (beta)—Lets you control access to your services based on the geographic location of the client trying to connect to your application.

Cloud HSM (alpha)—A fully managed cloud-hosted hardware security module (HSM) service that allows you to host encryption keys and perform cryptographic operations in FIPS 140-2 Level 3 certified HSMs.  

Access Transparency (coming soon to GA)—Provides an audit trail of actions taken by Google Support and Engineering in the rare instances that they interact with your data and system configurations on Google Cloud.

G Suite | Enterprise collaboration and productivity

New investigation tool in the Security Center (Early Adopter Program)—A new tool in the security center for G Suite that helps admins identify which users are potentially infected, see if anything’s been shared externally and remove access to Drive files or delete malicious emails.

Data Regions for G Suite (available now for G Suite Business and Enterprise customers)—Lets you choose where to store primary data for select G Suite apps—globally, distributed, U.S. or Europe.

Smart Reply in Hangouts Chat—Coming soon to G Suite, Smart Reply uses artificial intelligence to recognize which emails need responses and proposes reply options.

Smart Compose in Gmail—Coming soon to G Suite, Smart Compose intelligently autocompletes emails for you by filling in greetings, common phrases and more.

Grammar Suggestions in Google Docs (Early Adopter Program)—Uses a unique machine translation-based approach to recognize grammatical errors (simple and complex) and suggest corrections.

Voice Commands for Hangouts Meet hardware (coming to select Hangouts Meet hardware customers later this year)—Brings some of the same magic of the Google Assistant to the conference room so that teams can connect to video meetings quickly.

The new Gmail (GA)—Features like redesigned security warnings, snooze and offline access are now generally available to G Suite users.

New functionality in Cloud Search—Helps organizations intelligently and securely index third-party data beyond G Suite (whether the data is stored in the cloud or on-prem).

Google Voice to G Suite (Early Adopter Program)—An enterprise version of Google Voice that lets admins manage users, provision and port phone numbers, access detailed reports and more.

Standalone offering of Drive Enterprise (GA)—New offering with usage-based pricing to help companies easily transition data from legacy enterprise content management (ECM) systems.

G Suite Enterprise for Education—Expanding to 16 new countries.

Jamboard Mobile App—Added features for Jamboard mobile devices, including new drawing tools and a new way to claim jams using near-field communication (NFC).

Salesforce Add-on in Google Sheets—A new add-on that lets you import data and reports from Salesforce into Sheets and then push updates made in Sheets back to Salesforce.

Social Impact

Data Solutions for Change—A program that empowers nonprofits with advanced data analytics to drive social and environmental impact. Benefits include role-based support and Qwiklabs.

Visualize 2030—In collaboration with the World Bank, the United Nations Foundation, and the Global Partnership for Sustainable Development Data, we’re hosting a data storytelling contest for college or graduate students.

Harambee Youth Employment Accelerator—We’re helping Harambee connect more unemployed youth with entry-level positions in Johannesburg by analyzing large datasets with BigQuery and machine learning on Cloud Dataflow.

Foundation for Precision Medicine—We’re aiding the Foundation for Precision Medicine to find a cure for Alzheimer’s disease by scaling their patient database to millions of anonymized electronic medical record (EMR) data points, creating custom modeling, and helping them visualize data.

Whew! That was 104. Thanks to all our customers, partners, and Googlers for making this our best week of the year.

But wait, there’s more! Here’s the 105th announcement: Next 2019 will be April 9-11 at the newly renovated Moscone in San Francisco. Please save the date!  

Source : The Official Google Blog via Source information

Defending against ransomware using system design

This post is authored by Michael Melone, Principal Cybersecurity Consultant, Enterprise Cybersecurity Group.

Earlier this year, the world experienced a new and highly-destructive type of ransomware. The novel aspects of WannaCry and Petya were not skills as ransomware, but the combination of commonplace ransomware tactics paired with worm capability to improve propagation.

WannaCry achieved its saturation primarily through exploiting a discovered and patched vulnerability in a common Windows service. The vulnerability (MS17-010) impacted the Windows Server service which enables communication between computers using the SMB protocol. Machines infected by WannaCry propagate by connecting to a nearby unpatched machine, performing the exploit, and executing the malware. Execution of the exploit did not require authentication, thus enabling infection of any unpatched machine.

Petya took this worming functionality one step further and additionally introduced credential theft and impersonation as a form of worming capability. These techniques target single sign-on technologies, such as traditional domain membership. This added capability specifically targeted enterprise environments and enabled the malware to use a single unpatched endpoint to springboard into the network, then used active sessions on the machine to infect other machines regardless of patch level. To an enterprise, a single unpatched endpoint paired with poor credential hygiene could be used to enable propagation throughout the enterprise.

Most impersonation and credential theft attacks are possible only when malware obtains local administrator or equivalent authorization to the operating system. For Petya, this would mean successful exploitation of MS17-010, or running under the context of a user with local administrator authorization.

Measuring the value of a user account

To a hacker, an infected or stolen identity is measurable in two ways: the breadth of computers that trust and grant authorization to the account and the level of authorization granted upon successful authentication. Since encryption can be performed by any user account, ransomware benefits most when it infects an account which can convey write authorization to a large amount of data.

In most cases (thus far), the data sought out by ransomware has been either local files or those accessible over a network attached share data which can be accessed by the malware using out-of-the-box operating system interfaces. As such, data encrypted by most ransomware includes files in the users profile, home directory, or on shared directories where the user has access and write authorization.

In the case of WannaCry, the identity used by the ransomware was SYSTEM an effectively unrestricted account from an authorization perspective. Running as SYSTEM, WannaCry had authorization to encrypt any file on the infected machine.

Petyas encryption mechanism required the ability to overwrite the boot sector of the hard drive to invoke its encryption mechanism. The malware then creates a scheduled task to restart the machine at least 10 minutes later to perform the encryption. The offline encryption mechanism prevented destruction of network files by Petya.

Infected machines and worms

Pivoting our focus to the worm aspect of these ransomware variants, the value of an infected host to a hacker is measurable in two ways: the quantity of newly accessible targets resulting from infection and the data which now becomes available because of the infection. Malware with worming capability focuses on widespread propagation, thus machines which can access new targets are highly valuable.

To both WannaCry and Petya, a newly infected system offered a means to access previously inaccessible machines. For WannaCry, any potential new targets needed to be vulnerable to MS17-010. Vulnerability gave both malware variants SYSTEM-level authority, thus enabling successful execution of their payload.

Additionally, in the case of Petya, any machine having reusable credentials in memory furthered its ability to propagate. Petya searches for active sessions on an infected machine and tries to use the session to infect machines which may not have been vulnerable to MS17-010. As a result, a single vulnerable endpoint may expose a reusable administrative credential usable to infect potential targets which grant that credential a necessary level of authorization.

Codifying the vulnerability

To defend against a ransomware application with worm capability we need to target the following areas:

Ransomware

Reduce the authorization level of users relative to the operating system of an infected machine

Perform backups or versioning of files to prevent loss of data due to encryption, deletion, or corruption

Limit authorization to delete or tamper with the data backups

Worms

Reduce the ability for an infected host to access a potential infection target

Reduce the number of remotely exploitable vulnerabilities that provide remote code execution

Reduce exposure of reusable credentials relative to the likelihood of a host to compromise

Resolving Concerns through design

Many of the risks associated with ransomware and worm malware can be alleviated through systems design. Referring to our now codified list of vulnerabilities, we know that our solution must:

Limit the number (and value) of potential targets that an infected machine can contact

Limit exposure of reusable credentials that grant administrative authorization to potential victim machines

Prevent infected identities from damaging or destroying data

Limit unnecessary risk exposure to servers housing data

Windows 10, BYOD, and Azure AD Join

Windows 10 offers a new management model that differs significantly from traditional domain joined machines. Azure Active Directory joined machines can still convey identity to organizational resources; however, the machine itself does not trust domain credentials. This design prevents reusable accounts from exposure to workstations, thus protecting the confidentiality of the credential. Additionally, this limits the impact of a compromised domain account since Azure AD joined machines will not trust the identity.

Another benefit of Windows 10 with Azure AD is the ability to move workstations outside of the firewall, thus reducing the number of potential targets once infection occurs. Moving endpoints outside the firewall reduces the impact of any workstation threat by reducing the benefits normally gained by compromising a machine within the corporate firewall. As a result, this design exposes fewer server ports to potentially compromised endpoints, thus limiting the attack surface and reducing the likelihood of worm propagation.

Moving workstations outside of the firewall offers added security for the workstation as well. Migrating to a BYOD architecture can enable a more stringent client firewall policy, which in turn reduces the number of services exposed to other hosts, and thus improves the machines defense against worms and other inbound attacks.

Additionally, most organizations use many laptops which often connect from untrusted locations outside the firewall. While outside of the firewall, these machines can connect to untrusted sources, become infected, then bring the infection inside the firewall next time it is able to connect to the internal network. This causes confusion when trying to identify the initial infection during an incident response, and potentially exposes the internal network to unnecessary risk.

Consider migration file shares to OneDrive or Office365

Migrating data from traditional file shares into a solution such as SharePoint or OneDrive can limit the impact of a ransomware attack. Data stored in these technologies can enforce version control, thus potentially simplifying recovery. To further protect this data, limit the number of SharePoint users who had administrative authority to the site to prevent emptying of the recycle bin.

Ensure resilient backups

When an attack occurs, it is crucial to ensure ransomware cannot destroy data backups. Although convenient, online data backups may be subject to destruction during an attack. Depending on design, an online backup solution may trust a stolen reusable single sign-on credential to enable deletion or encryption of backup data. If this occurs, backups may be rendered unusable during the attack.

To prevent against this, consider Azure Cloud Backup a secure off-site backup solution. Azure Cloud Backup is managed through the Azure Portal which can be configured to require separate authentication, to include multi-factor authentication. Volumes used to store backup data reside in Azure and cannot be initialized or overwritten using on-premises domain credentials.

Closing

Windows 10 and BYOD architecture offers significant defense against a variety of cyberattacks, to include worms and ransomware. This article covers only some of the protections that Windows 10 offers against credential theft, bootkits, rootkits, and other malware techniques employed by this class of highly destructive malware.

To better defend your organization against future malware outbreaks:

Prepare to migrate client machines to Windows 10

Plan for BYOD device management using Microsoft Intune and Azure AD joined machines

Implement Azure Backup to provide a resilient and malware-resistant backup solution

Learn how Windows Defender Advanced Threat Protection (ATP) can help your organization quickly detect and respond to malware outbreaks

from Microsoft Secure Blog Staff

NHS cyber attack makes you Wanna-Cry – Experts have their say

We all remember the disastrous effect of Wannacry ransomware attack which spread across the world infecting more than 230,000 computers in over 150 countries. This is biggest cyber-attack to have hit the NHS IT systems in the UK so far. However, a recent report released by the National Audit Office claimed that the affected NHS trusts could have easily prevented the attack if cyber security recommendations were followed.

  This news sparked a lot of discussion among industry experts. Here are some of their views:

    Lee Munson – Security Researcher at Comparitech.com:

  “While it is a well-known fact that no organisation can ever be completely safe against all forms of cyberattack, it is also true that low hanging fruit tends to get picked off first.

  That’s why larger companies and entities invest so heavily in technological Security defences and training and awareness sessions for their employees. All of those things have little value, however, if they are not managed through standards, policies and procedures.

  To that end, the NHS trusts affected by WannaCry are certainly culpable for not following the recommendations given to them. Whether those recommendations would have mitigated the chance of the ransomware taking hold to zero is up for debate, but it was a starting point that was completely”

    Mark James, Security Specialist at ESET:

  “To be honest, for most cyber-security professionals this report tells us nothing that we don’t already know. The Wannacry infection would only target systems that were not patched; it’s no different to what the NHS actually do- they patch us humans to be safe from virus attacks. If you don’t keep your immune system up-to-date, then you will be susceptible to old virus attacks.

  The worrying bit in the report is the statement that reads “NHS trusts had not acted on critical alerts from NHS Digital and a warning from the Department of Health and the Cabinet Office in 2014 to patch or migrate away from vulnerable older software.” If you have someone of perceived authority giving you instructions on how to protect your systems, then why was it not acted on? We are not talking about mass upgrades or huge costly system changes here, these are patches that are not overly hard to instigate and ensure they are in place. We all know how much it will cost the NHS to replace all their computers and devices, with the latest operating systems and to be frank, it would cause a massive strain on an already underfunded authority- but I would assume the recommendations would take into account the costs involved and would meet current budget levels.

  It does seem like a huge breakdown in communications and would highlight an urgent need to get things right for the time when a sophisticated attack gets hold- unlike Wannacry, that technically was not sophisticated at all! Hopefully not just the NHS, but many companies around the world, suddenly jumped into action to avoid further outbreaks and have put plans in place to stop the next unnecessary cyber disaster from happening….”

    Andrew Clarke, EMEA Director at One Identity:

  “Often, we see cases where the organisation gets impacted by an attack – ransomware being the most reported – and afterwards we hear that the issue has been ignored, advice has been misunderstood or there has been a lack of visibility into whether or not the advice has been implemented comprehensively.  This is not just about the NHS, as for example in the recent case of Equifax we heard afterwards that a security notification regarding Adobe Struts application had not been applied thoroughly.  

  In many cases the organisation does not have an inventory of all operating systems and applications that need to be patched – which makes the challenging task of patching even harder – a robust patch management system would aid that.  In the case of NHS, we do know that Windows XP systems were still in place and that Microsoft is no longer maintaining that operating system. So by continuing to use it, the door was always open for an attack to be successful given that vulnerabilities are emerging all the time.   

  However, one of the factors at the NHS that we must consider is that some of the specific medical equipment being used was only every designed to run Windows XP – so in that case the options are limited.    What could have been done better was the compartmentalization of environments that were known to be running older software so that if they did get impacted, the damage could be limited.  This would have required internal firewalls and mirroring best practices that have been adopted by more sensitive IT installations.

  Authentication measures that step beyond passwords and embrace multi-factor authentication are a positive step in the right direction in controlling access.  Beyond the basic IT security measures that can be adopted, some of the more recent innovations around identity and access management need to be in place in the NHS.

  We know that the security basics are important and the NHS cyber security strategy has focused on securing the wider enterprise having implemented core infrastructure security components such as Firewalls; Intrusion Detection and Malware prevention, but it is now about ensuring their security coverage really stops this new wave of malware while also enabling them to operate effectively.”

    Javvad Malik, security advocate at AlienVault:

  For many organisations, it’s not a matter of if, but when. Fundamental security controls and hygiene could have prevented, or at least minimised the impact of  WannaCry on the attack. But perhaps even more telling is that while the Department of Health had an incident response plan, it was neither communicated nor tested. Without a clearly communicated and tested incident response plan, trying to make one up in the midst of an incident is a recipe for disaster.

  It becomes increasingly important for all organisations of all sizes to invest in cyber security. It doesn’t necessarily need to be huge investments, but care should be taken that the fundamental security controls are put in places and validated, as well as testing an incident response plan.

    Anton Grashion, managing director-security practice at Cylance:

  “While it’s true that organizations could have prevented at least one recent ransomware outbreak through ‘basic IT security,’ such as regular patching, the fact remains that a treasure trove of weapons-grade malware has recently been made available to every variety of threat actor on the Dark Web. It’s easy to say that if recommendations were acted upon the effect would have been less, but there would still have been an effect because the initial malware infection had to be stopped as well – not something the recommendations covered.

“Regular patching is necessary, but not sufficient for preventing highly damaging cyber-attacks on networks. It’s still imperative for security teams to evaluate next-generation anti-malware technologies inside their own organizations to see what works best for their purposes against these increasingly sophisticated new malware types, which are regularly failing to be stopped by traditional security products. Indeed, there is still a large estate of aging operating systems in daily use in both public and private organizations and while it is advisable to migrate to more up to date versions it’s sometimes a decision on what else will be cut to upgrade. Better yet is to protect these platforms in the first place and buy some breathing space in which an orderly upgrade program can be executed when budgets allow.”

  Stephanie Weagle, VP at Corero Network Security:

  “Organisations operate un-patched legacy systems and no formal mechanism to effectively protect against the evolving landscape of cyber security threats is irresponsible.  Over a third of national critical infrastructure organisations in the UK (39%) have not completed basic cyber security standards issued by the UK government, according to data revealed under the Freedom of Information Act.  In order for the UK to become the safest place to do business, Critical Infrastructure must engage in cyber resiliency best practices, and proper security defenses.  To keep up with the growing sophistication and organisation of well-equipped and well-funded threat actors, it’s essential that organisations maintain comprehensive visibility across their networks, to instantly and automatically detect and block any cyber threat, including DDoS attacks.”

  Edgard Capdevielle, CEO of Nozomi Networks:

  “The National Audit Office’s report reminds us that cyber security is not optional, it needs to be part of regular operations. Clearly there is a high cost when regular IT system updates aren’t implemented and cyber security recommendations aren’t followed.

“Attackers continue to look for new and inventive ways to infiltrate organisations and infrastructure meaning global outages as Wannacry was able to realise could become increasingly frequent if left unchecked.

“The EU’s NIS Directive due to be implemented into UK law next May, those who fail to adequately protect infrastructure will be penalised financially.

“With ransomware – such as WannaCry, especially given its ability to reinfect connected devices, prevention has to be first and foremost. Applying artificial intelligence and machine learning for real-time detection and response, organizations can monitor for known malware infections and detect anomalous behavior that might indicate new malware variants enabling organization to rapidly discover and act to remove malicious code before harm is done.”

    Gavin Millard, technical director at Tenable:

  “In theory, Wannacry could have been easily prevented by deploying a freely available patch and restricting or removing a ubiquitous service called SMB from Windows systems that couldn’t be updated. In reality though, due to the complex networks in place, overlapping ownership of devices and systems that can’t be updated due to contractual issues with the suppliers, this was far from trivial to accomplish.

“To be resilient to further attacks of this nature, each of the NHS trusts has to ensure foundational security controls are in place and identify where improvements are needed. The UK government has already defined controls every critical infrastructure should follow with schemes such as Cyber Essentials and NIS. But to implement these guidelines effectively, investment is required into a public sector that is already severely lacking funds.

“As we become more reliant on IT systems for every aspect of our critical infrastructure, including healthcare, the impact of a major vulnerability affecting those systems shouldn’t be underestimated or the risks ignored. Putting in place a robust process for identifying all systems on the network and how vulnerable they are, are foundational security controls for a reason. Without this ability, networks will continue to be easily infected by ransomware like Wannacry”

   Eyal Benishti, CEO and Founder of Ironscales said:

“WannaCry started because someone unwittingly opened an attachment sent via an email and unleashed the malware – it could, and does, happen to anyone. What was different in this ransomware attack from previous examples is that the attackers had laden it with, what we now know as, EternalBlue. This previously unknown malicious software checked for file-sharing arrangements the computer had, and begun exploiting them and so it was able to spread from Patient Zero to 200,000 computers across the globe.

“Wannacry and EternalBlue remind us that current email security solutions that live on the ISP and/or gateways and employee education and awareness training on its own, are simply not working. Attackers are too smart; too patient and too determined to defeat the cybersecurity status quo. We must do better as an industry to quickly detect, mitigate and remediate email phishing attacks if we are to have any hope of getting the ransomware epidemic under control. Especially given that approximately eight in 10 ransomware attacks begin with phishing. We must neutralise the messenger [phishing emails]”

The post NHS cyber attack makes you Wanna-Cry – Experts have their say appeared first on IT SECURITY GURU.

from NHS cyber attack makes you Wanna-Cry – Experts have their say

ASP.NET Core 3 and Angular 9 - Third Edition

I'm happy to announce that the ASP.NET Core 3 and Angular 9 book is finally available for purchase – in E-Book and Paperback format – on all the major online stores, including: Packt Publishing Amazon.com | it | uk | in |de | fr Google Play Barnes & Noble Mondadori Rakuten Kobo Booktopia ... and more! Here's the updated cover:

As always, if you get it from the Packt Publishing online store you'll be able to obtain a good discount (25%) by using the RYADEL25 promo code. If you want to know what the book is about, here's a detailed description: as you'll be able to see, the new edition is a complete rewrite of the previous ones, featuring a length of 732 pages (the 2nd edition was 550) and a huge GitHub source code repository filled with brand-new sample projects! I definitely hope that you will like it just like you did with the previous one (ASP.NET Core 2 and Angular 5), who happened to be a best-seller in multiple countries with more than 15000 copies sold throughout the world and even a video course on Udemy! That couldn’t be made possible without you, so thanks again and… get ready for another development journey! Key Features Explore the latest edition of the bestselling book ASP.NET Core 2 and Angular 5 Design, build and deploy a Single Page Application or Progressive Web App with ASP.NET Core and Angular Adopt a full stack approach to handle data management, Web APIs, application design, testing, SEO, security and deployment Book Description Learning full stack development calls for knowledge of both frontend and backend web development. By covering the impressive capabilities of ASP.NET Core 3.1 and Angular 9, right from project setup through to the deployment phase, this book will help you to develop your skills effectively. The book will get you started with using the .NET Core framework and Web API Controllers to implement API calls and server-side routing in the backend. Next, you will learn to build a data model with Entity Framework Core and configure it using either a local SQL Server instance or cloud-based data stores such as Microsoft Azure. The book will also help you handle user input with Angular reactive forms and frontend and backend validators for maximum effect. You will later explore the advanced debugging and unit testing features provided by xUnit.net (.NET Core) and Jasmine, as well as Karma for Angular. Finally, you will implement various authentication and authorization techniques with the ASP.NET Core Identity system and the new IdentityServer, as well as deploy your apps on Windows and Linux servers using IIS, Kestrel, and Nginx. By the end of this book, you will be equipped with the skills you need to create efficient web applications using ASP.NET Core and Angular. What you will learn Implement a Web API interface with ASP.NET Core and consume it with Angular using RxJS Observables Create a data model using Entity Framework Core with code-first approach and migrations support Set up and configure a SQL database server using a local instance or a cloud data store on Azure Perform C# and JavaScript debugging using Visual Studio 2019 Create TDD and BDD unit test using xUnit, Jasmine, and Karma Implement authentication and authorization using ASP.NET Identity, IdentityServer4, and Angular API Build Progressive Web Apps and explore Service Workers Who this book is for This book is for experienced ASP.NET developers who already know about ASP.NET Core and Angular and are looking to learn more about them and understand how to use them together to create production-ready Single Page Applications (SPAs) or Progressive Web Applications (PWAs). However, the fully-documented code samples (also available on GitHub) and the step-by-step implementation tutorials make this book easy-to-understand - even for beginners and developers who are just getting started. Table of Contents Getting Ready Looking Around Front-end and Back-end Interactions Data Model with Entity Framework Core Fetching and Displaying Data Forms and Data Validation Code Tweaks and Data Services Back-end and Front-end Debugging ASP.NET Core and Angular Unit Testing Authentication and Authorization Progressive Web Apps Windows and Linux Deployment Read the full article