Once upon a time, 450 million years ago, scavenger fish without teeth or bones roamed the shallow icy waters of Africa which was undergoing an Ice Age. Slowly, over millions of years, they gained teeth and other structures characteristic of more advanced fish. Then, a few thousand years ago, a lake in the (now continental Africa) dried up, and its cichlid-fish inhabitants underwent an explosive burst of speciation. That’s the gist of two stories, one from BBC News and one from National Geographic. The fossil fish story in BBC News emphasizes the claim that this is a “missing link” three times. Professor Richard Aldridge (U. of Leicester) is quoted as saying:“The fossil record confirms that the evolution of fish was a step-wise event,” explained Professor Aldridge. “The various characters that make up a fish, or a vertebrate, didn’t all appear at once – they were added one by one through evolutionary time. These [new] fossils help fill in this pattern of how early vertebrate evolution began.” (Emphasis added in all quotes.)One problem is noted: “These fossils are important because there is a theory that the origins of fish really took place in the northern continents, and then spread south,” he said. “This find [from Southern Africa] dispels that theory.” How fish got to China 80 million years earlier he does not explain. The cichlid fish inhabiting east African lakes today are another matter. In just a few thousand years, according to National Geographic, these freshwater fish “have evolved an astonishing array of forms in Africa.” The high rates of speciation among these fish is “almost beyond belief,” yielding up to 400 species. Evolution apparently has a variable speed control. “The discovery should provide valuable new insights into the march of evolution, which, in the case of cichlids, seems to favor the fast-forward button.”If evolution had a fast-forward button, it would be an intelligently designed machine. These two articles illustrate the extreme flexibility of evolutionary logic, where any data point, no matter how anomalous, can be fit into the tall tale somehow. Contradictions, rather than being disturbing, make the plot thicker and more interesting. Somehow, in an early world with a plethora of unfilled ecological niches, fish took their time evolving over tens of millions of years. Then in a relatively small lake habitat on one continent, Tinkerbell hit the fast-forward button and generated hundreds of species of fish in a geological instant. Evolution marches on.(Visited 13 times, 1 visits today)FacebookTwitterPinterestSave分享0
Astronomers are spending millions on their biggest gamble yet: looking for something that may not exist.Are physicists, astronomers and cosmologists hunting for ghosts? The lure of being first to discover something big is prompting countries around the globe to spend millions of dollars on expensive detectors deep underground, at the poles, or in space — for what? Particles they can’t describe, have never been detected, and may not even exist. The stakes are high: whoever finds dark matter will gain international prestige. If everyone loses, it will have been an expensive snipe hunt with nothing to show for it. Even worse, cosmologists will have to revise their fundamental theories in major ways.New results from world’s most sensitive dark matter detector (PhysOrg): The results are in from the most sensitive dark-matter detector to date: the LUX (Large Underground Xenon) Detector in the Black Hills of South Dakota. And the answer is: nothing.ESA’s Euclid dark universe mission ready to take shape (PhysOrg): A space-based detector is being built by the European Space Agency, set for launch in 2020. Its method will be to monitor shapes, positions and movements of two million galaxies over time.Monkey King: China’s dark-matter satellite launches era of space science (Nature): China beat the Europeans by launching Wukong (“Monkey King”), a dark matter orbiting observatory. The Chinese think dark matter will be detected by high-energy cosmic rays, but the Europeans aren’t so sure: “We don’t know if this is a better way to search for dark matter, because dark matter has not yet been found.” Science Magazine explains that the search is based on WIMP theory (Weakly Interacting Massive Particles). If they exist and annihilate, they should give off characteristic rays.MACHOs or WIMPs? (PhysOrg): This article lists the five leading candidates for dark matter, including MACHOs (Massive Compact Halo Objects) and the aforesaid WIMPs. May the strongest survive! Other candidates are axions, Kaluza-Klein particles, or gravitinos. Nobody knows what any of these are.XXL hunt for galaxy clusters: Observations from ESO telescopes provide crucial third dimension in probe of Universe’s dark side (Science Daily): Over 100 astronomers are on a hunt for X-rays from large clusters of galaxies. They think the clusters are influenced by the “Universe’s notoriously strange components — dark matter and dark energy.”Did ‘dark matter’ or a star called Nemesis kill the dinosaurs? (The Conversation): This article gives you two occult phenomena for the price of one: destroyers in the form of dark matter or in a hidden star or planet for which there is no evidence. Konstantinos Dimopoulos keeps both options alive while admitting throughout his article there is no evidence for either of them.If they don’t find this dark stuff soon, there’s going to be hell to pay. Someone should count up the millions of dollars spent so far and tell Senator Jeff Flake to promote it to #1 spot in his Wastebook and get it into the talk radio circuit. If they find it, good; we will learn something. But how much time do you give them to look? Till after we’re all dead? What, then, if future astronomers determine it never existed? That would be scandalous! We can’t throw tax dollars down a dark hole forever. Those who are paying should get the results in a reasonable time, or call it off. If astronomers want to continue looking after an agreed-on deadline, let them raise their own money on GoFundMe or something, or find a Russian millionaire willing to throw his own money at it, like the guy did for SETI (7/22/15). But this endless quest for mystical occult stuff is not the taxpayers’ responsibility.(Visited 61 times, 1 visits today)FacebookTwitterPinterestSave分享0
Car meets lion on a Zambian road. (Image: Silver Spirit Adventure)The adventures of South African septuagenarians Mike and Jeanette van Ginkel, who undertook an ambitious trans-Africa journey that would have daunted many a younger person, are to debut on international television in September 2009.The 10-part series, titled Silver Spirit – An Epic African Adventure, shows in the UK on Southern Direct on Sky channel 270, starting at 19h30 UK time. The first episode can be seen on Wednesday 9 September, with successive episodes following on a weekly basis.The series is also accessible via internet streaming on the Southern Africa Direct website. South African viewers will have to add an hour to the UK screening time. SA Direct has said that it is working towards getting the series onto local television stations.For those who don’t have access to Sky or a fast internet connection, the series may be purchased on DVD – enquiries may be emailed to SA Direct.Age no barrierThe elegant couple, who have been married for 53 years, decided towards the end of 2007 that age was no barrier to a life of excitement, and began to envision the ultimate road trip – a journey in their 1981 Rolls Royce Silver Spirit from Cape Town to London, via Cairo.This would be the first time a Rolls had ever made such a journey and although she only had 100 000km on the clock, a few modifications, such as a raised suspension and reinforced undercarriage, would still be necessary.Six months in the planning, the adventure took to the road at the end of March 2008. On 29 May they reached London, having negotiated 17 800km through 12 countries.Adventure clearly runs in their blood: in 1969 and 1972 the van Ginkels won the prestigious State President’s Air Race, a double win that has not been repeated. Mike ran a flying school in George for many years, while Jeanette in 1977 became the first licensed hot air balloon pilot in South Africa. Around the same time the couple started the Pioneer Balloon Club.For the epic overland trip Mike and Jeanette recruited a host of experts. For planning, support and backup they turned to veteran explorer Roger Pearce, mechanic Steve Pickering and paramedic Marc Campbell-Gibson. Filmmaker and cameraman Koos Roets, who directed the 1991 South African comedy The Angel, the Bicycle and the Chinaman’s Finger, among other productions, came on board to capture the trip on film.A trial run over the Sani Pass, the road that connects Lesotho with KwaZulu-Natal province, proved successful. Normally the Sani Pass is accessible only to 4×4 vehicles, unless with prior approval from the administrator.Having obtained the necessary permission and made the modifications, the team set off, and the Rolls took the treacherous road in her stride, proving that she was capable of tackling the cross-continental journey.Cape to UK in 60 daysThe goal was to make the trip, which ran up the eastern side of the continent, in 60 days. The expedition set off from Cape Town on 30 March 2008, taking four days to pass through Stellenbosch, the small Victorian town of Matjiesfontein in the Klein Karoo, Kimberley, and Johannesburg.The team left South Africa on 3 April, crossing into Botswana at the border post of Groblarsbrug and spending a night in Francistown before driving to Kazangula Ferry to cross into Zambia. Here they spent a couple of days, and enjoyed a stay at the Mutinondo private game lodge in the north of the country.From Zambia the team crossed into Tanzania at the Mbeya border post. From Mbeya they travelled to Morogoro, then to Arusha in northern Tanzania – without catching a glimpse of the magnificent Mount Kilimanjaro, as she was clouded over – and from Arusha to Nairobi in Kenya.From Nairobi they drove to the Sarova Shaba Lodge on the periphery of Shaba National Reserve, where they spent a few days. Sarova Shaba was at one time the home of renowned conservationists George and Joy Adamson.Still in Kenya, next they travelled to Marsabit and then to Moyale, on the Ethiopian border. After just 17 days, they were already halfway across the continent. The team spent about a week in Addis Ababa, an unfortunate delay while waiting for Sudanese authorities to approve their visas but an opportunity to explore Africa’s fourth largest city.While travelling through the Ethiopian highlands on the way to Sudan, the team recorded a record high altitude of 3 109m above sea level, higher even than the Sani pass. Soon after, they crossed the Nile river, and from the ancient city of Gondar in northern Ethiopia, they headed for the Sudanese border.By that stage the Silver Spirit was taking some strain and suffering from a leaky radiator and loose engine mountings, among other glitches. But she pushed on and they made it to historic Khartoum, where they spent five days having the car repaired – and enjoying some South African fare in the form of fast food chains Steers and Debonairs.Heading for EuropeOn day 29 it was back on the road, heading for Wadi Halfa, on the Egyptian border, via Dongola. They encountered another delay getting into Egypt, as the cars were held back for an extra few days, and they were forced to spend some time in Aswan.Finally the cars were released and they hit the roads of Egypt, driving along the Nile to the ancient city of Luxor and from there to Port Ghalib on the shore of the Red Sea, Hurghada, and finally Cairo – 42 days after setting out.Once there they met Cairo governor Abdul Azim Wazir and presented him with a letter of goodwill given to them by then Cape Town mayor Helen Zille, now premier of the Western Cape.After a few days’ rest in Cairo it was off to Alexandria, where the cars were loaded into containers for the ferry crossing to Naples. The team travelled back to Cairo and flew to Rome, where they were able to spend a few days sightseeing in Naples, Pisa, Florence, Capri and Pompeii before the arrival of the cars.The cars were finally good to go on day 55 and the drive straight across Europe began. From Naples the team drove up to Maranello, then Cannes, over the world’s highest bridge at Millau, through Arras and Calais, and finally arrived on schedule in Goodwood in south-east England, the modern home of Rolls Royce. After 60 thrilling days the historic trip was over, and it was time to relax.The team arrived back in South Africa on 26 June, day 89, after travelling around the UK and Wales and attending an annual rally with over 1 000 other Rolls Royces.
The 5th annual South African Premier Business awards will take place on 7 December at the Sandton Convention Centre.Brand South Africa reporterThe South African Premier Business Awards, hosted by the dti, in partnership with Proudly South African and Brand South Africa, celebrates innovation and excellence. The awards recognise and reward entrepreneurs and businesses who have played their part in transforming and growing the South African economy.Lifetime Achievement winner, Dr Anna Mokgokong, with deputy president Cyril Ramaphosa and trade minister, Rob Davies. (Image: SA Premier Business Awards)Listen to Ms Mpumi Mabuza the general manager of stakeholder relations at Brand South Africa speaking to 702’s Early Breakfast host, Relebogile Mabotja, about the 2017 South African Premier Business Awards.Businesses are encouraged to enter before the closing date for entries on 13 October. Since its inception in 2013, the prestige of the awards has grown with 133 entries across the 10 categories.Would you like to use this article in your publication or on your website? See Using Brand South Africa material.
Top Indian cricketers, who have been part of different teams of Indian Premier League (IPL), have objected to a clause in their contract with the respective franchises that denies them 20 per cent of their fees in case their team fails to finish among the top three.The clause has been introduced for season IV. As per the rule, if the teams fail to qualify for the Champions League (top three IPL teams make it to the international league), the players would get only 80 per cent of their fees.The players of the 10 IPL teams read the newly-introduced fine print in their contracts only after the January 8-9 auction. They collectively approached Board of Control for Cricket in India (BCCI) president Shashank Manohar with their complaint last week.At the meeting, the players said that the clause was unfair, and a breach of their trust. Manohar assured them that the matter would be discussed at the IPL governing council meeting on February 4.However, the team owners insisted there was nothing unfair in the clause as the players’ payment was meant to be for both the IPL and the Champions League.The clause was part of the contract of only those players whose names figured during the auction. Uncapped players would get full payment regardless of how their teams do.
How many times we have heard of organization’s entire database being breached and downloaded by the hackers. The irony is, they are not even aware about anything until the hacker is selling the database details on the dark web after few months. Even though they implement decent security controls, what they lack is continuous security monitoring policy. It is one of the most common things that you might find in a startup or mid-sized organization. In this article, we will show how to choose the right log monitoring tool to implement continuous security monitoring policy. You are reading an excerpt from the book Enterprise Cloud Security and Governance, written by Zeal Vora. Log monitoring is a must in security Log monitoring is considered to be part of the de facto list of things that need to be implemented in an organization. It gives us the power of visibility of various events through a single central solution so we don’t have to end up doing less or tail on every log file of every server. In the following screenshot, we have performed a new search with the keyword not authorized to perform and the log monitoring solution has shown us such events in a nice graphical way along with the actual logs, which span across days: Thus, if we want to see how many permission denied events occurred last week on Wednesday, this will be a 2-minute job if we have a central log monitoring solution with search functionality. This makes life much easier and would allow us to detect anomalies and attacks in a much faster than traditional approach. Choosing the right log monitoring tool This is a very important decision that needs to be taken by the organization. There are both commercial offerings as well as open source offerings that are available today but the amount of efforts that need to be taken in each of them varies a lot. I have seen many commercial offerings such as Splunk and ArcSight being used in large enterprises, including national level banks. On the contrary, there are also open source offerings, such as ELK Stack, that are gaining popularity especially after Filebeat got introduced. At a personal level, I really like Splunk but it gets very expensive when you have a lot of data being generated. This is one of the reasons why many startups or mid-sized organizations use commercial offering along with open source offerings such as ELK Stack. Having said that, we need to understand that if you decide to go with ELK Stack and have a large amount of data, then ideally you would need a dedicated person to manage it. Just to mention, AWS also has a basic level of log monitoring capability available with the help of CloudWatch. Let’s get started with logging and monitoring There will always be many sources from which we need to monitor logs. Since it will be difficult to cover each and every individual source, we will talk about two primary ones, which we will be discussing sequentially: VPC flow logs AWS Config VPC flow logs VPC flow logs is a feature that allows us to capture information related to IP traffic that goes to and from the network interfaces within the VPC. VPC flow logs help in both troubleshooting related to why certain traffic is not reaching the EC2 instances and also understanding what the traffic is that is accepted and rejected. The VPC flow logs can be part of individual network interface level of an EC2 instance. This allows us to monitor how many packets are accepted or rejected in a specific EC2 instance running in the DMZ maybe. By default, the VPC flow logs are not enabled, so we will go ahead and enable the VPC flow log within our VPC: Enabling flow logs for VPC: In our environment, we have two VPCs named Development and Production. In this case, we will enable the VPC flow logs for development VPC: In order to do that, click on the Development VPC and select the Flow Logs tab. This will give you a button named Create Flow Log. Click on it and we can go ahead with the configuration procedure: Since the VPC flow logs data will be sent to CloudWatch, we need to select the IAM Role that gives these permissions: Before we go ahead in creating our first flow log, we need to create the CloudWatch log group as well where the VPC flow logs data will go into. In order to do it, go to CloudWatch, select the Logs tab. Name the log group according to what you need and click on Create log group: Once we have created our log group, we can fill the Destination Log Group field with our log group name and click on the Create Flow Log button: Once created, you will see the new flow log details under the VPC subtab: Create a test setup to check the flow: In order to test if everything is working as intended, we will start our test OpenVPN instance and in the security group section, allow inbound connections on port 443 and icmp (ping). This gives us the perfect base for a plethora of attackers detecting our instance and running a plethora of attacks on our server: Analyze flow logs in CloudWatch: Before analyzing for flow logs, I went for a small walk so that we can get a decent number of logs when we examine; thus, when I returned, I began analyzing the flow logs data. If we observe the flow log data, we see plenty of packets, which have REJECT OK at the end as well as ACCEPT OK. Flow logs can be unto specific interface levels, which are attached to EC2 instances. So, in order to check the flow logs, we need to go to CloudWatch, select the Log Groups tab, inside it select the log group that we created and then select the interface. In our case, we selected the interface related to the OpenVPN instance, which we had started: CloudWatch gives us the capability to filter packets based on certain expressions. We can filter all the rejected packets by creating a simple search for REJECT OK in the search bar and CloudWatch will give us all the traffic that was rejected. This is shown in the following image: Viewing the logs in GUI: Plain text data is good but it’s not very appealing and does not give you deep insights about what exactly is happening. It’s always preferred to send these logs to a Log Monitoring tool, which can give you deep insights about what exactly is happening. In my case, I have used Splunk to give us an overview about the logs in our environment. When we look into VPC Flow Logs, we see that Splunk gives us great detail in a very nice GUI and also maps the IP addresses to the location from which the traffic is coming: The following image is the capture of VPC flow logs which are being sent to the Splunk dashboard for analyzing the traffic patterns: The VPC Flow Logs traffic rate and location-related data The top rejected destination and IP address, which we rejected AWS Config AWS Config is a great service that allows us to continuously assess and audit the configuration of the AWS-related resources. With AWS Config, we can exactly see what configuration has changed from the previous week to today for services such as EC2, security groups, and many more. One interesting feature that Config allows is to set the compliance test as shown in the following screenshots. We see that there is one rule that is failing and is considered non-compliant, which is the CloudTrail. There are two important features that Config service provides: Evaluate changes in resources over the timeline Compliance checks Once they are enabled and you have associated Config rules accordingly, then you would see a dashboard similar to the following screenshot: In the preceding screenshot, on the left-hand side, Config gives details related to the Resources, which are present in your AWS; and on the right-hand column, Config gives us the status if the resources are compliant or non-compliant according to the rules that are set. Configuring the AWS Config service Let’s look into how we can get started with the AWS Config service and have great dashboards along with compliance checks, which we saw in the previous screenshot: Enabling the Config service: The first time when we want to start working with Config, we need to select the resources we want to evaluate. In our case, we will select both the region-specific resources as well as global resources such as IAM: Configure S3 and IAM: Once we decide to include all the resources, the next thing is to create an Amazon S3 bucket where AWS Config will store the configuration and snapshot files. We will also need to select IAM role, which will allow Config into put these files to the S3 bucket: Select Config rules: Configuration rules are checks against your AWS resources, which can be done and the result will be part of the compliance standard. For example, root-account-mfa-enabled rule will check whether the ROOT account has MFA enabled or disabled and in the end it will give you a nice graphical overview about the output of the checks conducted by the rules. Currently, there are 38 AWS-managed rules, which we can select and use anytime; however, we can have custom rules anytime as well. For our case, I will use five specific rules, which are as follows: cloudtrail-enabled iam-password-policy restricted-common-ports restricted-ssh root-account-mfa-enabled Config initialization: With the Config rules selected, we can click on Finish and AWS Config will start, and it will start to check resources and its associated rules. You might get the dashboard similar to the following screenshot, which speaks about the available resources as well as the rule compliance related graphs: Let’s analyze the functionality For demo purposes, I decided to disable the CloudTrail service and if we then look into the Config dashboard, it says that one rule check has been failed: Instead of graphs, Config can also show the resources in a tabular manner if we want to inspect the Config rules with the associated names. This is illustrated in the following diagram: Evaluating changes to resources AWS Config allows us to evaluate the configuration changes that have been made to the resources. This is a great feature that allows us to see how our resource looked a day, a week, or even months back. This feature is particularly useful specifically during incidents when, during investigation, one might want to see what exactly changed before the incident took place. It will help things go much faster. In order to evaluate the changes, we will need to perform the following steps: Go to AWS Config | Resources. This will give you the Resource inventory page in which you can either search for resources based on the resource type or based on tags. For our use case, I am searching for a tag value for an EC2 Instance whose name is OpenVPN: When we go inside the Config timeline, we see the overall changes that have been made to the resource. In the following screenshot, we see that there were a few changes that were made, and Config also shows us the time the changes that were made to the resource: When we click on Changes, it will give you the exact detail on what was the exact change that was made. In our case, it is related to the new network interface, which was attached to the EC2 instance. It displays the network interface ID, description along with the IP address, and the security group, which is attached to that network interface: When we start to integrate the AWS services with Splunk or similar monitoring tools, we can get great graphs, which will help us evaluate things faster. On the side, we always have the logs from the CloudTrail, if we want to see the changes that occurred in detail. We covered log monitoring and how to choose the right log monitoring tool for continuous security monitoring policy. Check out the book Enterprise Cloud Security and Governance to build resilient cloud architectures for tackling data disasters with ease. Read Next: Cloud Security Tips: Locking Your Account Down with AWS Identity Access Manager (IAM) Monitoring, Logging, and Troubleshooting Analyzing CloudTrail Logs using Amazon Elasticsearch