×
The Military

US Army Officer Reply-All Email Chain Causes Pandemonium (military.com) 68

An anonymous officer writes in an opinion piece via Military.com: It was the "reply-all" heard around the world. Around 06:30 Eastern time Feb. 2, approximately 13,000 Army inboxes pinged with an email from an unfamiliar sender. It was from a U.S. Army captain, asking to be removed from a distribution list. It initially seemed as though some unfortunate soul had inadvertently hit "reply-all" and made an embarrassing mistake. What followed can really be described only as professional anarchy, as thousands of inboxes became buried in an avalanche of email replies. Someone appears to have unwittingly edited an email distribution list, entitled "FA57 Voluntary Transfer Incentive Program," routing replies back to the entire list.

Most Army officers receive emails from human resources managers from time to time, usually sent using the blind copy (BCC) address line with replies routed to specific inboxes, preventing someone from accidentally triggering the mayhem that unfolded Feb. 2. The voluntary incentive program list, however, hadn't been so prudently designed and, in addition to 13,000 Army captains and some newly promoted majors, a single chief warrant officer, a Space Force captain and a specialist began to have their inboxes groan under the weight of inbound traffic. Within a few short hours of the initial email, predictable hilarity ensued. Hundreds of Army captains were sending emails asking to be removed from the distro list. In short order, hundreds of other captains replied, demanding that everyone stop hitting "reply-all" and berating their peers' professionalism (oblivious to the fact that they were also part of the problem). Many others found humor in the event, writing poems, sending memes and adding snarky comments to the growing dumpster fire. Before long, the ever-popular U.S. Army WTF! Moments Facebook page picked up on the mayhem and posted one of the memes that had been circulating in the email thread.

By 7 p.m. Eastern time, more than 1,000 emails had been blasted out to this massive group of Army officers. Those in different time zones (like Hawaii) came into work and were quickly overwhelmed by the deluge of emails clogging their inboxes. Some of the humorless officers resorted to typing in all caps "PLEASE REMOVE ME FROM THIS DISTRO," prompting at least two to three sarcastic replies in return. Other captains took the opportunity to blast out helpful (or not so helpful) instructions on how to properly create email sorting rules in Outlook. A few intrepid officers tried to Rickroll everyone, and one even wrote new lyrics to the tune of an Eminem song. A particularly funny officer wrote a Nigerian prince scheme email and blasted it out to the group. Eventually, someone created and shared a Microsoft Teams group to move the devolving conversation to a new forum, quickly amassing more than 1,700 members. What started off as a gloriously chaotic email chain quickly turned into one the largest and most successful professional networking opportunities most of us have ever seen. Officers from multiple branches and functional areas across the globe took to the Microsoft Teams page, sharing useful products, making professional connections, and generally raising everyone's esprit de corps. The group's creator even started a petition to promote the one specialist who was inadvertently added to the distro list.

China

Apple Pulls 'Damus' From Its App Store in China (9to5mac.com) 42

9to5Mac is reporting that Apple pulled the Damus app from its App Store in China on Thursday, "with the developers being informed that the Nostr app 'includes content that is illegal in China.'" Apple rejected the app multiple times, applying the app review guidelines that would apply to a social networking service. In reality, all Damus does is provide access to Nostr feeds, so it would be more accurate to consider it akin to a web browser, with the developers having no control over, or responsibility for, the content of those feeds. Damus finally made it into the App Store this week.

Apple has now pulled Damus from the App Store in China. Damus developer William Casarin posted a screengrab of the notice, which claimed it included illegal content....

The app doesn't contain any content at all. It would be like banning Safari because it can be used to access the websites of terrorist organizations.

Networking

Decentralized Social Media Project Nostr's Damus Gets Listed On Apple App Store (coindesk.com) 24

Nostr, a startup decentralized social network, got its Twitter-like Damus application listed on Apple's App Store. CoinDesk reports: Nostr is an open protocol that aims to create a censorship-resistant global social network. Media commentators have described it as a possible alternative to Elon Musk's Twitter. According to an article in Protos, Nostr is popular with bitcoiners partly because most implementations of it support payments over Bitcoin's Lightning Network.

Former Twitter CEO Jack Dorsey, who last year donated roughly 14 BTC (worth $245,000 at the time) to fund Nostr's development, hailed the debut of Damus on Apple's App Store as a "milestone for open protocols," in a tweet posted late Tuesday. As of press time, the tweet had been viewed 2.1 million times. According to the Nostr website, Damus is one of several Nostr projects, including Anigma, a Telegram-like chat; Nostros, a mobile client; and Jester, a chess application.
You can download the iOS app here.
Microsoft

How a Microsoft Cloud Outage Hit Millions of Users Around the World (reuters.com) 50

An anonymous reader shares Reuters' report from earlier this week: Microsoft Corp said on Wednesday it had recovered all of its cloud services after a networking outage took down its cloud platform Azure along with services such as Teams and Outlook used by millions around the globe. Azure's status page showed services were impacted in Americas, Europe, Asia Pacific, Middle East and Africa. Only services in China and its platform for governments were not hit. By late morning Azure said most customers should have seen services resume after a full recovery of the Microsoft Wide Area Network (WAN).

An outage of Azure, which has 15 million corporate customers and over 500 million active users, according to Microsoft data, can impact multiple services and create a domino effect as almost all of the world's largest companies use the platform.... Microsoft did not disclose the number of users affected by the disruption, but data from outage tracking website Downdetector showed thousands of incidents across continents.... Azure's share of the cloud computing market rose to 30% in 2022, trailing Amazon's AWS, according to estimates from BofA Global Research.... During the outage, users faced problems in exchanging messages, joining calls or using any features of Teams application. Many users took to Twitter to share updates about the service disruption, with #MicrosoftTeams trending as a hashtag on the social media site.... Among the other services affected were Microsoft Exchange Online, SharePoint Online, OneDrive for Business, according to the company's status page.

"I think there is a very big debate to be had on resiliency in the comms and cloud space and the critical applications," Symphony Chief Executive Brad Levy said.

From Microsoft's [preliminary] post-incident review: We determined that a change made to the Microsoft Wide Area Network (WAN) impacted connectivity between clients on the internet to Azure, connectivity across regions, as well as cross-premises connectivity via ExpressRoute.

As part of a planned change to update the IP address on a WAN router, a command given to the router caused it to send messages to all other routers in the WAN, which resulted in all of them recomputing their adjacency and forwarding tables. During this re-computation process, the routers were unable to correctly forward packets traversing them. The command that caused the issue has different behaviors on different network devices, and the command had not been vetted using our full qualification process on the router on which it was executed....

Due to the WAN impact, our automated systems for maintaining the health of the WAN were paused, including the systems for identifying and removing unhealthy devices, and the traffic engineering system for optimizing the flow of data across the network. Due to the pause in these systems, some paths in the network experienced increased packet loss from 09:35 UTC until those systems were manually restarted, restoring the WAN to optimal operating conditions. This recovery was completed at 12:43 UTC.

Thanks to Slashdot reader bobthesungeek76036 for submitting the story.
Intel

Intel Sunsets Network Switch Biz, Kills RISC-V Pathfinder Program (tomshardware.com) 33

Intel's disastrous Q4 2022 earnings found the company losing $661 million and its margins crashing to the lowest point in decades, so it isn't surprising that the company announced new cost-cutting measures. From a report: That includes news that it would no longer invest in new products for its networking switch business, effectively sunsetting the unit much like it recently decided to end its Optane Memory business. Surprisingly, Intel also pulled the rug from under its respected RISC-V Pathfinder program without a formal announcement, raising questions about its commitment to its other broad investments in the RISC-V ecosystem.

"NEX continues to do well and is a core part of our strategic transformation, but we will end future investments in our network switching product line, while still fully supporting existing products and customers," said Intel CEO Pat Gelsinger. "Since my return, we have exited seven businesses, providing in excess of $1.5 billion in savings," he added. However, Gelsinger also noted that he is still doing a thorough analysis across Intel's portfolio to look for other cost-saving measures in areas that don't generate strong returns. Intel's networking switch business stems from acquiring Barefoot networks in 2019 for an undisclosed sum (the company had raised $144 million over several investment rounds). The Tofino series of network switches gave Intel yet another tool in its arsenal of data center 'adjacencies' that it could leverage to expand its data center revenue. However, this unit faces stiff competition from entrenched players like Broadcom, Cisco, and Nvidia's Mellanox, making it an easy cost-cutting target.

Open Source

Linux Foundation's New 'Open Metaverse Foundation' Launches (linuxfoundation.org) 41

The Linux Foundation's new Open Metaverse Foundation wants to unite industries "to work on developing open source software and standards for an inclusive, global, vendor-neutral and scalable Metaverse."

In a blog post this week the group's executive director explained the advantages of an open Metaverse: It can create new jobs and industries in the digital space. It can bridge the gap between the physical and digital worlds while providing an amazing world where anyone can create their own opportunities. An open Metaverse broadens commerce for digital ownership and consumables, and it offers shared experiences and learning opportunities for anyone with access. The future market value for all of this may exceed any single media market.

The potential for the Metaverse is boundless, but only if we pursue it as an open, collaborative endeavor. The mission of the Open Metaverse Foundation (OMF) is to foster a strong community of developers, engineers, academics and thought leaders who will solve the difficult challenges of building the open Metaverse through open source software and standards that enable portability and interoperability for an inclusive, global, scalable world, supporting interactive and immersive experiences for the benefit of any individual or industry.

Through the Foundation, we'll work together to discuss, pinpoint and create the building blocks to transform the emerging concept of the Metaverse into a reality — spanning digital assets, simulations, transactions, artificial intelligence, networking, security, privacy, and legal considerations.... Backend services, standards, and relationships are critical to success, including elements like digital ID representation for users and objects. Transactions must provide receipts for proof and commerce.... Worlds need a standard to communicate with other worlds so that users can move in and out without breaking the immersive experience. Providing an open standard to move objects across worlds is a huge part of what the OMF can deliver. Other technical challenges that demand open collaboration include the reshaping of our networks and internet to accommodate greater needs presented by the open Metaverse.

All of this can seem overwhelming. And it is, unless you have the proven expertise in community building, governance and other elements offered by the Linux Foundation, which provides the focus needed to create manageable, tangible tasks to complete. We've already set up several Foundational Interest Groups (FIGs), which provide a great starting place to engage with the OMF. These FIGs enable a focused, distributed decision structure for key topics, and provide targeted resources and forums for the identification of new ideas, getting work done, and onboarding new contributors....

Contributions to OMF projects are licensed under both Apache 2.0 and MIT, enabling anyone to use, modify, extend and distribute the source code without any fees or commercial obligations....

We look forward to working with a broad, global community to advance the promise of the Metaverse.

Microsoft

Microsoft Kills Off AltspaceVR Amid Major Layoffs (uploadvr.com) 30

AltspaceVR is shutting down in March as Microsoft decimated its teams working in VR & AR this week as part of a major workforce reduction across the entire company. Upload VR reports: Altspace was one of the early VR-based social networking services alongside others like Rec Room and VRChat. As an independent startup Altspace ran out of money, but in 2017 Microsoft acquired it and continued the effort. Microsoft says it is shifting "our focus to support immersive experiences powered by Microsoft Mesh." We tried out Mesh on HoloLens 2 back in 2021 and were pretty impressed by its functionality, with the company saying it'll be officially launching the service as "a new platform for connection and collaboration, starting by enabling workplaces around the world."

Microsoft posted instructions for creators on how to download content before the March 10, 2023 shutdown date, while noting "AltspaceVR Worlds are not able to be downloaded in full or ported directly to another platform because AltspaceVR is a mix of Worlds made up of a collection of assets owned by a variety of different entities." "While you cannot download them in full, you are able to download items from your Worlds data, which we call meta-data," Microsoft explains, providing people files with references noted as comma-separated values.
Here's an excerpt from Microsoft's "sunset" update on altvr.com: "The decision has not been an easy one as this is a platform many have come to love, providing a place for people to explore their identities, express themselves, and find community. It has been a privilege to help unlock passions among users, from educational opportunities for personal growth to the development of unique and wonderful events, groundbreaking art, and immersive experiences -- enabling this community to achieve more. With Mesh, we aspire to build a platform that offers the widest opportunity to all involved, including creators, partners and customers."
Apple

App Store Developers Have Earned $320 Billion To Date, Says Apple (techcrunch.com) 43

Apple today shared an update on its subscription businesses and global App Store, noting that the tech company has now paid out a record $320 billion to app developers since 2008 -- a number that reflects the revenue apps have generated, minus Apple's commission. From a report: In addition, the tech giant said it now has more than 900 million paid subscriptions across Apple services, with subscriptions on the App Store driving a "significant" part of that figure. [...] The company noted that more than 650 million visitors from 175 regions worldwide visit the App Store every week and it's still delivering new experiences. Among the highlights was the launch of Apex Legends on mobile earlier this year, and the growing popularity of a new form of social networking with BeReal, Apple's "app of the year."
Facebook

Meta's New Year Kicks Off With Over $410 Million in Fresh EU Privacy Fines (techcrunch.com) 21

Meta is kicking off the New Year with more privacy fines and corrective orders hitting its business in Europe. The latest swathe of enforcement relates to EU's General Data Protection Regulation (GDPR) complaints over the legal basis it claims to run behavioral ads. From a report: The Facebook owner's lead data protection watchdog in the region, the Irish Data Protection Commission (DPC), announced today that it's adopted final decisions on two of these long-running enquiries -- against Meta owned social networking site, Facebook, and social photo sharing service, Instagram. The DPC's press release today announces financial penalties of ~$223 million for Facebook and ~$191 million for Instagram -- and confirms the European Data Protection Board (EDPB)'s binding decision last month on these complaints that contractual necessity is not an appropriate basis for processing personal data for behavioral ads.

These new sanctions add to a pile of privacy fines for Meta in Europe last year -- including a $281 million penalty for a Facebook data-scraping breach; $429 million for an Instagram violation of children's privacy; $18 million for several historical Facebook data breaches; and a $63.6 million penalty over Facebook cookie consent violations -- making for a total of $792 million in (publicly disclosed) EU data protection and privacy fines handed down to the adtech giant in 2022. But now, in the first few days of 2023, Meta has landed financial penalties worth more than half last year's regional total -- and more sanctions could be coming shortly.

Security

NSA Says Chinese Hackers Are Exploiting a Zero-Day Bug in Popular Networking Gear (techcrunch.com) 19

The U.S. National Security Agency is warning that Chinese government-backed hackers are exploiting a zero-day vulnerability in two widely used Citrix networking products to gain access to targeted networks. From a report: The flaw, tracked as CVE-2022-27518, affects Citrix ADC, an application delivery controller, and Citrix Gateway, a remote access tool, and are both popular in enterprise networks. The critical-rated vulnerability allows an unauthenticated attacker to remotely run malicious code on vulnerable devices -- no passwords needed. Citrix also says the flaw is being actively exploited by threat actors. "We are aware of a small number of targeted attacks in the wild using this vulnerability," Peter Lefkowitz, chief security and trust officer at Citrix, said in a blog post. "Limited exploits of this vulnerability have been reported." Citrix hasn't specified which industries the targeted organizations are in or how many have been compromised.
Privacy

FBI's Vetted Info Sharing Network 'InfraGard' Hacked (krebsonsecurity.com) 21

An anonymous reader quotes a report from KrebsOnSecurity: On Dec. 10, 2022, the relatively new cybercrime forum Breached featured a bombshell new sales thread: The user database for InfraGard, including names and contact information for tens of thousands of InfraGard members. The FBI's InfraGard program is supposed to be a vetted Who's Who of key people in private sector roles involving both cyber and physical security at companies that manage most of the nation's critical infrastructures -- including drinking water and power utilities, communications and financial services firms, transportation and manufacturing companies, healthcare providers, and nuclear energy firms. "InfraGard connects critical infrastructure owners, operators, and stakeholders with the FBI to provide education, networking, and information-sharing on security threats and risks," the FBI's InfraGard fact sheet reads.

KrebsOnSecurity contacted the seller of the InfraGard database, a Breached forum member who uses the handle "USDoD" and whose avatar is the seal of the U.S. Department of Defense. USDoD said they gained access to the FBI's InfraGard system by applying for a new account using the name, Social Security Number, date of birth and other personal details of a chief executive officer at a company that was highly likely to be granted InfraGard membership. The CEO in question -- currently the head of a major U.S. financial corporation that has a direct impact on the creditworthiness of most Americans -- did not respond to requests for comment. USDoD told KrebsOnSecurity their phony application was submitted in November in the CEO's name, and that the application included a contact email address that they controlled -- but also the CEO's real mobile phone number. "When you register they said that to be approved can take at least three months," USDoD said. "I wasn't expected to be approve[d]." But USDoD said that in early December, their email address in the name of the CEO received a reply saying the application had been approved. While the FBI's InfraGard system requires multi-factor authentication by default, users can choose between receiving a one-time code via SMS or email. "If it was only the phone I will be in [a] bad situation," USDoD said. "Because I used the person['s] phone that I'm impersonating."

USDoD said the InfraGard user data was made easily available via an Application Programming Interface (API) that is built into several key components of the website that help InfraGard members connect and communicate with each other. USDoD said after their InfraGard membership was approved, they asked a friend to code a script in Python to query that API and retrieve all available InfraGard user data. "InfraGard is a social media intelligence hub for high profile persons," USDoD said. "They even got [a] forum to discuss things." USDoD acknowledged that their $50,000 asking price for the InfraGard database may be a tad high, given that it is a fairly basic list of people who are already very security-conscious. Also, only about half of the user accounts contain an email address, and most of the other database fields -- like Social Security Number and Date of Birth -- are completely empty. [...] While the data exposed by the infiltration at InfraGard may be minimal, the user data might not have been the true end game for the intruders. USDoD said they were hoping the imposter account would last long enough for them to finish sending direct messages as the CEO to other executives using the InfraGuard messaging portal.

Businesses

Cisco Faces Resistance To Software Bundles from Cost-Conscious Companies 27

For years, Cisco has relied on a widely used tactic to drive sales: The enterprise tech giant pitches customers on large bundles of products that include everything from its core networking products to more peripheral offerings from its sprawling portfolio, such as security software and its Webex videoconferencing app. But now customers are starting to resist buying the company's bundles, The Information reported Wednesday, citing current and former Cisco employees. From the report: Corporate IT departments, under pressure to save money, are picking through their Cisco enterprise agreements with a fine-toothed comb to cut out products they don't use as much, the people said. Industry executives say a similar trend is happening across the enterprise software industry, which spells problems for big firms such as Microsoft and Oracle that also encourage customers to buy a wide array of products in suites. Cisco's customers are balking at offers to renew contracts that include software licenses for tools the companies don't feel they use enough to justify, employees say. That has contributed to a slowing in sales of some of its subscription-based software, including Webex, AppDynamics and certain security products, employees say.
Social Networks

Tumblr To Add Support For ActivityPub, the Social Protocol Powering Mastodon and Other Apps (techcrunch.com) 36

An anonymous reader quotes a report from TechCrunch: Tumblr will add support for ActivityPub, the open, decentralized social networking protocol that's today powering social networking software like Twitter alternative Mastodon, the Instagram-like Pixelfed, video streaming service PeerTube, and others. The news was revealed in a response to a Twitter user's complaint about Mastodon's complexities. Automattic CEO Matt Mullenweg -- whose company acquired Tumblr from Verizon in 2019 -- suggested the user "come to Tumblr" as the site would soon "add activitypub for interconnect."

"Don't stress," he said, before clarifying that Tumblr first has to deal with the waves of new users coming in right now from Twitter, but that support for "interop and activitypub" were due to come "ASAP." In short, this announcement means Tumblr would move from being only a niche blogging platform to instead become a part of a larger, decentralized social network of sorts -- and one whose user base has grown in size in recent days as people flee Elon Musk's Twitter in search of new communities.

The ActivityPub protocol, its website explains, provides a client-to-server API for creating, updating, and deleting content as well as a federal server-to-server API for delivering notifications and subscribing to content. In practice, this means that Mastodon users can interact and follow users on other instances (independently run nodes), as well as with users on other social apps (like PeerTube), which also support the implementation of ActivityPub. It makes for a web of social networks where users can find and follow each other without having to set up new accounts on each new service. This is the opposite approach to today's "walled garden" social networks, where a post on one platform can't be viewed by those on others, unless you re-upload or repost the content directly or share a link to the other site where the content can be found.

Open Source

Thanks To Open Source, 5G Cracks 50% of the Telecom Market 25

An anonymous reader quotes a report from ZDNet: For years, 5G wasn't able to deliver on its high-speed, low-latency promises. Things have changed. Today, 5G is finally delivering on its performance promises. A big reason for that, proclaimed Arpit Joshipura, the Linux Foundation's general manager of Networking, Edge, and IoT at ONE Summit North America, a networking trade show, is 5G's open-source networking foundation. Joshipura said, "The industry has surpassed the tipping point when it comes to leveraging open source for enabling digital transformation. Leading organizations are using our projects' code -- which continues to evolve and mature -- in real-world deployments to scale."

How big a tipping point? According to Joshipura, 5G deployment is now over 50%. And according to some analysts, by 2030, 5G will reach $7 trillion -- that's trillion, not billion -- in economic value. Behind all this, Joshipura said, "is a radical shift toward open networks and frameworks. This continues irrespective of economic and political headwinds. Indeed, open source is probably the only area that hasn't been impacted because of its ability to cross borders and boundaries to do what needs doing."
The Linux Foundation is working on an End-to-End, 5G Super Blueprint to bring together a wide variety of open-source networking programs and projects.

"While still a work in progress, it maps out a way to bring together multiple open-source and cloud-native projects into a relatively simple 5G deployment map," adds ZDNet. "It's designed so that any telecom can put together a high-bandwidth, low-latency, scalable, and cost-effective digital networking infrastructure all the way from end-user devices to the edge to cloud applications."
Cloud

Microsoft, Nvidia Partner To Build a Massive AI Supercomputer in the Cloud (zdnet.com) 11

Nvidia and Microsoft announced Wednesday a multi-year collaboration to build an AI supercomputer in the cloud, adding tens of thousands of Nvidia GPUs to Microsoft Azure. ZDNet: The new agreement makes Azure the first public cloud to incorporate Nvidia's full AI stack -- its GPUs, networking, and AI software. By beefing up Azure's infrastructure with Nvidia's full AI suite, more enterprises will be able to train, deploy, and scale AI -- including large, state-of-the-art models. "AI technology advances as well as industry adoption are accelerating," Manuvir Das, Nvidia's VP of enterprise computing, said in a statement. "The breakthrough of foundation models has triggered a tidal wave of research, fostered new startups, and enabled new enterprise applications."
Communications

LF Europe's Project Sylva Wants To Create an Open Source Telco Cloud Stack (techcrunch.com) 7

The Linux Foundation Europe (LF Europe) -- the recently launched European offshoot of the open source Linux Foundation -- today announced the launch of Project Sylva, which aims to create an open source telco cloud framework for European telcos and vendors. TechCrunch: This is the first project hosted by LF Europe and is a good example of what the organization is trying to achieve. The project aims to create a production-grade open source telco cloud stack and a common framework and reference implementation to "reduce fragmentation of the cloud infrastructure layer for telecommunication and edge services." Currently, five carriers (Telefonica, Telecom Italia, Orange, Vodafone and Deutsche Telekom) and two vendors (Ericsson and Nokia) are working on the project.

"There's a whole bunch of Linux Foundation networking projects already that have taken telecommunications into the open source era," Arpit Joshipura, the general manager for Networking, Edge and IoT at the Linux Foundation, told me. "All those projects are under what is called the [LF] Networking foundation. [â¦] So whatever that work is that is done by the telcos, Sylva is going to leverage and build on top of it with these European vendors to solve EU specific requirements. Those are security, energy, federated computing, edge and data trust." At the core of Sylva is a framework for a compute platform that can be agnostic to whether a workload is running on the telco access network, edge or in the core. The project aims to build a reference implementation, leveraging all of the work already being done by LF Networking, the Cloud Native Computing Foundation (the home of Kubernetes and other cloud-native infrastructure projects), LF Energy and others.

Education

Wharton, Berkeley, NYU Offering Online MBAs For the First Time (wsj.com) 22

An anonymous reader quotes a report from the Wall Street Journal: Starting next year, executive M.B.A. students at the Wharton School of the University of Pennsylvania can earn the $223,500 degree from their living rooms. After years of resistance, some of the country's top business schools are starting virtual M.B.A. programs that require only a few days of in-person instruction. Wharton and Georgetown University's McDonough School of Business said they would include options for executive and part-time M.B.A. students to take most coursework online in 2023. This fall, part-time M.B.A. students at New York University's Stern School of Business and the University of California, Berkeley's Haas School of Business were given an online option for most of their classes. All of the programs will charge online students the same tuition as those who attend in person, and those online students will get the same degree and credential as on-campus counterparts.

The move to give students flexible location options comes as demand for two-year, full-time traditional M.B.A. programs has been dropping amid a competitive job market and growing concern about the cost of college. Between 2009 and 2020 the number of online M.B.A.s at accredited business schools in the U.S.more than doubled, and schools added more fully online M.B.A. degrees over the past two years during the pandemic, according to the Association to Advance Collegiate Schools of Business. Recent announcements by Wharton and others mark a turning point for adoption of the degrees even at highly ranked campuses, school leaders say. For decades, part of the M.B.A.'s allure has been the face-to-face networking.But over the past two years, fully online M.B.A. programs in the U.S. enrolled more students than fully in-person programs, according to the association's survey of more than 150 business schools. A McDonough official said that part-time M.B.A. students tend to be less interested in the networking aspect of school.

China

Why Is My Cat Using Baidu? And Other IoT DNS Oddities (sans.edu) 49

Long-time Slashdot reader UnderAttack writes: IoT devices are often stitched together from various odd libraries and features. The SANS Internet Storm Center has a story about a cat feeder that not only appears to reach out to Baidu.com every five minutes but also uses a vulnerable DNS library that uses repeating query ids allowing for simple spoofing not seen since the early dark years of DNS
The article, by a SANS.edu dean of research, concludes that "Some networking libraries use 'baidu.com' for internet connectivity checks. Even if the DNS lookup succeeds, there is no actual outbound connection in this case. The device is happy as long as an IP address is returned."
Security

OpenSSL Warns of Critical Security Vulnerability With Upcoming Patch (zdnet.com) 31

An anonymous reader quotes a report from ZDNet: Everyone depends on OpenSSL. You may not know it, but OpenSSL is what makes it possible to use secure Transport Layer Security (TLS) on Linux, Unix, Windows, and many other operating systems. It's also what is used to lock down pretty much every secure communications and networking application and device out there. So we should all be concerned that Mark Cox, a Red Hat Distinguished Software Engineer and the Apache Software Foundation (ASF)'s VP of Security, this week tweeted, "OpenSSL 3.0.7 update to fix Critical CVE out next Tuesday 1300-1700UTC." How bad is "Critical"? According to OpenSSL, an issue of critical severity affects common configurations and is also likely exploitable. It's likely to be abused to disclose server memory contents, and potentially reveal user details, and could be easily exploited remotely to compromise server private keys or execute code execute remotely. In other words, pretty much everything you don't want happening on your production systems.

The last time OpenSSL had a kick in its security teeth like this one was in 2016. That vulnerability could be used to crash and take over systems. Even years after it arrived, security company Check Point estimated it affected over 42% of organizations. This one could be worse. We can only hope it's not as bad as that all-time champion of OpenSSL's security holes, 2014's HeartBleed. [...] There is another little silver lining in this dark cloud. This new hole only affects OpenSSL versions 3.0.0 through 3.0.6. So, older operating systems and devices are likely to avoid these problems. For example, Red Hat Enterprise Linux (RHEL) 8.x and earlier and Ubuntu 20.04 won't be smacked by it. RHEL 9.x and Ubuntu 22.04, however, are a different story. They do use OpenSSL 3.x. [...] But, if you're using anything with OpenSSL 3.x in -- anything -- get ready to patch on Tuesday. This is likely to be a bad security hole, and exploits will soon follow. You'll want to make your systems safe as soon as possible.

Businesses

Meta's Profit Slides by More Than 50 Percent as Challenges Mount (nytimes.com) 84

The social networking company, which is trying to shift into the so-called metaverse, posted falling sales and said it was "making significant changes" to operate more efficiently. The New York Times reports: This year, Meta's earnings have been hit hard by its spending on the metaverse and its slowing growth in social networking and digital advertising. In July, the Silicon Valley company posted its first sales decline as a public company. Its stock has plunged more than 60 percent this year. On Wednesday, Meta continued that trajectory and indicated that the decline would not end anytime soon. It said it would be "making significant changes across the board to operate more efficiently," including by shrinking some teams and by hiring only in its areas of highest priority.

The company reported a 4 percent drop in revenue for its third quarter -- to $27.7 billion, down from $29 billion a year earlier. Net income was $4.4 billion, down 52 percent from a year earlier. Spending soared by 19 percent from a year earlier. The company's metaverse investments remained troubled. Meta said its Reality Labs division, which is responsible for the virtual reality and augmented reality efforts that are central to the metaverse, had lost $3.7 billion compared with $2.6 billion a year earlier. It said operating losses for the division would grow "significantly" next year. For the current quarter, Meta forecast revenue of between $30 billion and $32.5 billion, which would be down from a year ago. The company's shares fell more than 11 percent in after-hours trading.
In a statement, Mr. Zuckerberg, Meta's founder and chief executive, acknowledged "near-term challenges on revenue." But he added that "the fundamentals are there for a return to stronger revenue growth" and that he was "approaching 2023 with a focus on prioritization and efficiency."

Slashdot Top Deals