×
Open Source

Linux Foundation's New 'Open Metaverse Foundation' Launches (linuxfoundation.org) 41

The Linux Foundation's new Open Metaverse Foundation wants to unite industries "to work on developing open source software and standards for an inclusive, global, vendor-neutral and scalable Metaverse."

In a blog post this week the group's executive director explained the advantages of an open Metaverse: It can create new jobs and industries in the digital space. It can bridge the gap between the physical and digital worlds while providing an amazing world where anyone can create their own opportunities. An open Metaverse broadens commerce for digital ownership and consumables, and it offers shared experiences and learning opportunities for anyone with access. The future market value for all of this may exceed any single media market.

The potential for the Metaverse is boundless, but only if we pursue it as an open, collaborative endeavor. The mission of the Open Metaverse Foundation (OMF) is to foster a strong community of developers, engineers, academics and thought leaders who will solve the difficult challenges of building the open Metaverse through open source software and standards that enable portability and interoperability for an inclusive, global, scalable world, supporting interactive and immersive experiences for the benefit of any individual or industry.

Through the Foundation, we'll work together to discuss, pinpoint and create the building blocks to transform the emerging concept of the Metaverse into a reality — spanning digital assets, simulations, transactions, artificial intelligence, networking, security, privacy, and legal considerations.... Backend services, standards, and relationships are critical to success, including elements like digital ID representation for users and objects. Transactions must provide receipts for proof and commerce.... Worlds need a standard to communicate with other worlds so that users can move in and out without breaking the immersive experience. Providing an open standard to move objects across worlds is a huge part of what the OMF can deliver. Other technical challenges that demand open collaboration include the reshaping of our networks and internet to accommodate greater needs presented by the open Metaverse.

All of this can seem overwhelming. And it is, unless you have the proven expertise in community building, governance and other elements offered by the Linux Foundation, which provides the focus needed to create manageable, tangible tasks to complete. We've already set up several Foundational Interest Groups (FIGs), which provide a great starting place to engage with the OMF. These FIGs enable a focused, distributed decision structure for key topics, and provide targeted resources and forums for the identification of new ideas, getting work done, and onboarding new contributors....

Contributions to OMF projects are licensed under both Apache 2.0 and MIT, enabling anyone to use, modify, extend and distribute the source code without any fees or commercial obligations....

We look forward to working with a broad, global community to advance the promise of the Metaverse.

Microsoft

Microsoft Kills Off AltspaceVR Amid Major Layoffs (uploadvr.com) 30

AltspaceVR is shutting down in March as Microsoft decimated its teams working in VR & AR this week as part of a major workforce reduction across the entire company. Upload VR reports: Altspace was one of the early VR-based social networking services alongside others like Rec Room and VRChat. As an independent startup Altspace ran out of money, but in 2017 Microsoft acquired it and continued the effort. Microsoft says it is shifting "our focus to support immersive experiences powered by Microsoft Mesh." We tried out Mesh on HoloLens 2 back in 2021 and were pretty impressed by its functionality, with the company saying it'll be officially launching the service as "a new platform for connection and collaboration, starting by enabling workplaces around the world."

Microsoft posted instructions for creators on how to download content before the March 10, 2023 shutdown date, while noting "AltspaceVR Worlds are not able to be downloaded in full or ported directly to another platform because AltspaceVR is a mix of Worlds made up of a collection of assets owned by a variety of different entities." "While you cannot download them in full, you are able to download items from your Worlds data, which we call meta-data," Microsoft explains, providing people files with references noted as comma-separated values.
Here's an excerpt from Microsoft's "sunset" update on altvr.com: "The decision has not been an easy one as this is a platform many have come to love, providing a place for people to explore their identities, express themselves, and find community. It has been a privilege to help unlock passions among users, from educational opportunities for personal growth to the development of unique and wonderful events, groundbreaking art, and immersive experiences -- enabling this community to achieve more. With Mesh, we aspire to build a platform that offers the widest opportunity to all involved, including creators, partners and customers."
Apple

App Store Developers Have Earned $320 Billion To Date, Says Apple (techcrunch.com) 43

Apple today shared an update on its subscription businesses and global App Store, noting that the tech company has now paid out a record $320 billion to app developers since 2008 -- a number that reflects the revenue apps have generated, minus Apple's commission. From a report: In addition, the tech giant said it now has more than 900 million paid subscriptions across Apple services, with subscriptions on the App Store driving a "significant" part of that figure. [...] The company noted that more than 650 million visitors from 175 regions worldwide visit the App Store every week and it's still delivering new experiences. Among the highlights was the launch of Apex Legends on mobile earlier this year, and the growing popularity of a new form of social networking with BeReal, Apple's "app of the year."
Facebook

Meta's New Year Kicks Off With Over $410 Million in Fresh EU Privacy Fines (techcrunch.com) 21

Meta is kicking off the New Year with more privacy fines and corrective orders hitting its business in Europe. The latest swathe of enforcement relates to EU's General Data Protection Regulation (GDPR) complaints over the legal basis it claims to run behavioral ads. From a report: The Facebook owner's lead data protection watchdog in the region, the Irish Data Protection Commission (DPC), announced today that it's adopted final decisions on two of these long-running enquiries -- against Meta owned social networking site, Facebook, and social photo sharing service, Instagram. The DPC's press release today announces financial penalties of ~$223 million for Facebook and ~$191 million for Instagram -- and confirms the European Data Protection Board (EDPB)'s binding decision last month on these complaints that contractual necessity is not an appropriate basis for processing personal data for behavioral ads.

These new sanctions add to a pile of privacy fines for Meta in Europe last year -- including a $281 million penalty for a Facebook data-scraping breach; $429 million for an Instagram violation of children's privacy; $18 million for several historical Facebook data breaches; and a $63.6 million penalty over Facebook cookie consent violations -- making for a total of $792 million in (publicly disclosed) EU data protection and privacy fines handed down to the adtech giant in 2022. But now, in the first few days of 2023, Meta has landed financial penalties worth more than half last year's regional total -- and more sanctions could be coming shortly.

Security

NSA Says Chinese Hackers Are Exploiting a Zero-Day Bug in Popular Networking Gear (techcrunch.com) 19

The U.S. National Security Agency is warning that Chinese government-backed hackers are exploiting a zero-day vulnerability in two widely used Citrix networking products to gain access to targeted networks. From a report: The flaw, tracked as CVE-2022-27518, affects Citrix ADC, an application delivery controller, and Citrix Gateway, a remote access tool, and are both popular in enterprise networks. The critical-rated vulnerability allows an unauthenticated attacker to remotely run malicious code on vulnerable devices -- no passwords needed. Citrix also says the flaw is being actively exploited by threat actors. "We are aware of a small number of targeted attacks in the wild using this vulnerability," Peter Lefkowitz, chief security and trust officer at Citrix, said in a blog post. "Limited exploits of this vulnerability have been reported." Citrix hasn't specified which industries the targeted organizations are in or how many have been compromised.
Privacy

FBI's Vetted Info Sharing Network 'InfraGard' Hacked (krebsonsecurity.com) 21

An anonymous reader quotes a report from KrebsOnSecurity: On Dec. 10, 2022, the relatively new cybercrime forum Breached featured a bombshell new sales thread: The user database for InfraGard, including names and contact information for tens of thousands of InfraGard members. The FBI's InfraGard program is supposed to be a vetted Who's Who of key people in private sector roles involving both cyber and physical security at companies that manage most of the nation's critical infrastructures -- including drinking water and power utilities, communications and financial services firms, transportation and manufacturing companies, healthcare providers, and nuclear energy firms. "InfraGard connects critical infrastructure owners, operators, and stakeholders with the FBI to provide education, networking, and information-sharing on security threats and risks," the FBI's InfraGard fact sheet reads.

KrebsOnSecurity contacted the seller of the InfraGard database, a Breached forum member who uses the handle "USDoD" and whose avatar is the seal of the U.S. Department of Defense. USDoD said they gained access to the FBI's InfraGard system by applying for a new account using the name, Social Security Number, date of birth and other personal details of a chief executive officer at a company that was highly likely to be granted InfraGard membership. The CEO in question -- currently the head of a major U.S. financial corporation that has a direct impact on the creditworthiness of most Americans -- did not respond to requests for comment. USDoD told KrebsOnSecurity their phony application was submitted in November in the CEO's name, and that the application included a contact email address that they controlled -- but also the CEO's real mobile phone number. "When you register they said that to be approved can take at least three months," USDoD said. "I wasn't expected to be approve[d]." But USDoD said that in early December, their email address in the name of the CEO received a reply saying the application had been approved. While the FBI's InfraGard system requires multi-factor authentication by default, users can choose between receiving a one-time code via SMS or email. "If it was only the phone I will be in [a] bad situation," USDoD said. "Because I used the person['s] phone that I'm impersonating."

USDoD said the InfraGard user data was made easily available via an Application Programming Interface (API) that is built into several key components of the website that help InfraGard members connect and communicate with each other. USDoD said after their InfraGard membership was approved, they asked a friend to code a script in Python to query that API and retrieve all available InfraGard user data. "InfraGard is a social media intelligence hub for high profile persons," USDoD said. "They even got [a] forum to discuss things." USDoD acknowledged that their $50,000 asking price for the InfraGard database may be a tad high, given that it is a fairly basic list of people who are already very security-conscious. Also, only about half of the user accounts contain an email address, and most of the other database fields -- like Social Security Number and Date of Birth -- are completely empty. [...] While the data exposed by the infiltration at InfraGard may be minimal, the user data might not have been the true end game for the intruders. USDoD said they were hoping the imposter account would last long enough for them to finish sending direct messages as the CEO to other executives using the InfraGuard messaging portal.

Businesses

Cisco Faces Resistance To Software Bundles from Cost-Conscious Companies 27

For years, Cisco has relied on a widely used tactic to drive sales: The enterprise tech giant pitches customers on large bundles of products that include everything from its core networking products to more peripheral offerings from its sprawling portfolio, such as security software and its Webex videoconferencing app. But now customers are starting to resist buying the company's bundles, The Information reported Wednesday, citing current and former Cisco employees. From the report: Corporate IT departments, under pressure to save money, are picking through their Cisco enterprise agreements with a fine-toothed comb to cut out products they don't use as much, the people said. Industry executives say a similar trend is happening across the enterprise software industry, which spells problems for big firms such as Microsoft and Oracle that also encourage customers to buy a wide array of products in suites. Cisco's customers are balking at offers to renew contracts that include software licenses for tools the companies don't feel they use enough to justify, employees say. That has contributed to a slowing in sales of some of its subscription-based software, including Webex, AppDynamics and certain security products, employees say.
Social Networks

Tumblr To Add Support For ActivityPub, the Social Protocol Powering Mastodon and Other Apps (techcrunch.com) 36

An anonymous reader quotes a report from TechCrunch: Tumblr will add support for ActivityPub, the open, decentralized social networking protocol that's today powering social networking software like Twitter alternative Mastodon, the Instagram-like Pixelfed, video streaming service PeerTube, and others. The news was revealed in a response to a Twitter user's complaint about Mastodon's complexities. Automattic CEO Matt Mullenweg -- whose company acquired Tumblr from Verizon in 2019 -- suggested the user "come to Tumblr" as the site would soon "add activitypub for interconnect."

"Don't stress," he said, before clarifying that Tumblr first has to deal with the waves of new users coming in right now from Twitter, but that support for "interop and activitypub" were due to come "ASAP." In short, this announcement means Tumblr would move from being only a niche blogging platform to instead become a part of a larger, decentralized social network of sorts -- and one whose user base has grown in size in recent days as people flee Elon Musk's Twitter in search of new communities.

The ActivityPub protocol, its website explains, provides a client-to-server API for creating, updating, and deleting content as well as a federal server-to-server API for delivering notifications and subscribing to content. In practice, this means that Mastodon users can interact and follow users on other instances (independently run nodes), as well as with users on other social apps (like PeerTube), which also support the implementation of ActivityPub. It makes for a web of social networks where users can find and follow each other without having to set up new accounts on each new service. This is the opposite approach to today's "walled garden" social networks, where a post on one platform can't be viewed by those on others, unless you re-upload or repost the content directly or share a link to the other site where the content can be found.

Open Source

Thanks To Open Source, 5G Cracks 50% of the Telecom Market 25

An anonymous reader quotes a report from ZDNet: For years, 5G wasn't able to deliver on its high-speed, low-latency promises. Things have changed. Today, 5G is finally delivering on its performance promises. A big reason for that, proclaimed Arpit Joshipura, the Linux Foundation's general manager of Networking, Edge, and IoT at ONE Summit North America, a networking trade show, is 5G's open-source networking foundation. Joshipura said, "The industry has surpassed the tipping point when it comes to leveraging open source for enabling digital transformation. Leading organizations are using our projects' code -- which continues to evolve and mature -- in real-world deployments to scale."

How big a tipping point? According to Joshipura, 5G deployment is now over 50%. And according to some analysts, by 2030, 5G will reach $7 trillion -- that's trillion, not billion -- in economic value. Behind all this, Joshipura said, "is a radical shift toward open networks and frameworks. This continues irrespective of economic and political headwinds. Indeed, open source is probably the only area that hasn't been impacted because of its ability to cross borders and boundaries to do what needs doing."
The Linux Foundation is working on an End-to-End, 5G Super Blueprint to bring together a wide variety of open-source networking programs and projects.

"While still a work in progress, it maps out a way to bring together multiple open-source and cloud-native projects into a relatively simple 5G deployment map," adds ZDNet. "It's designed so that any telecom can put together a high-bandwidth, low-latency, scalable, and cost-effective digital networking infrastructure all the way from end-user devices to the edge to cloud applications."
Cloud

Microsoft, Nvidia Partner To Build a Massive AI Supercomputer in the Cloud (zdnet.com) 11

Nvidia and Microsoft announced Wednesday a multi-year collaboration to build an AI supercomputer in the cloud, adding tens of thousands of Nvidia GPUs to Microsoft Azure. ZDNet: The new agreement makes Azure the first public cloud to incorporate Nvidia's full AI stack -- its GPUs, networking, and AI software. By beefing up Azure's infrastructure with Nvidia's full AI suite, more enterprises will be able to train, deploy, and scale AI -- including large, state-of-the-art models. "AI technology advances as well as industry adoption are accelerating," Manuvir Das, Nvidia's VP of enterprise computing, said in a statement. "The breakthrough of foundation models has triggered a tidal wave of research, fostered new startups, and enabled new enterprise applications."
Communications

LF Europe's Project Sylva Wants To Create an Open Source Telco Cloud Stack (techcrunch.com) 7

The Linux Foundation Europe (LF Europe) -- the recently launched European offshoot of the open source Linux Foundation -- today announced the launch of Project Sylva, which aims to create an open source telco cloud framework for European telcos and vendors. TechCrunch: This is the first project hosted by LF Europe and is a good example of what the organization is trying to achieve. The project aims to create a production-grade open source telco cloud stack and a common framework and reference implementation to "reduce fragmentation of the cloud infrastructure layer for telecommunication and edge services." Currently, five carriers (Telefonica, Telecom Italia, Orange, Vodafone and Deutsche Telekom) and two vendors (Ericsson and Nokia) are working on the project.

"There's a whole bunch of Linux Foundation networking projects already that have taken telecommunications into the open source era," Arpit Joshipura, the general manager for Networking, Edge and IoT at the Linux Foundation, told me. "All those projects are under what is called the [LF] Networking foundation. [â¦] So whatever that work is that is done by the telcos, Sylva is going to leverage and build on top of it with these European vendors to solve EU specific requirements. Those are security, energy, federated computing, edge and data trust." At the core of Sylva is a framework for a compute platform that can be agnostic to whether a workload is running on the telco access network, edge or in the core. The project aims to build a reference implementation, leveraging all of the work already being done by LF Networking, the Cloud Native Computing Foundation (the home of Kubernetes and other cloud-native infrastructure projects), LF Energy and others.

Education

Wharton, Berkeley, NYU Offering Online MBAs For the First Time (wsj.com) 22

An anonymous reader quotes a report from the Wall Street Journal: Starting next year, executive M.B.A. students at the Wharton School of the University of Pennsylvania can earn the $223,500 degree from their living rooms. After years of resistance, some of the country's top business schools are starting virtual M.B.A. programs that require only a few days of in-person instruction. Wharton and Georgetown University's McDonough School of Business said they would include options for executive and part-time M.B.A. students to take most coursework online in 2023. This fall, part-time M.B.A. students at New York University's Stern School of Business and the University of California, Berkeley's Haas School of Business were given an online option for most of their classes. All of the programs will charge online students the same tuition as those who attend in person, and those online students will get the same degree and credential as on-campus counterparts.

The move to give students flexible location options comes as demand for two-year, full-time traditional M.B.A. programs has been dropping amid a competitive job market and growing concern about the cost of college. Between 2009 and 2020 the number of online M.B.A.s at accredited business schools in the U.S.more than doubled, and schools added more fully online M.B.A. degrees over the past two years during the pandemic, according to the Association to Advance Collegiate Schools of Business. Recent announcements by Wharton and others mark a turning point for adoption of the degrees even at highly ranked campuses, school leaders say. For decades, part of the M.B.A.'s allure has been the face-to-face networking.But over the past two years, fully online M.B.A. programs in the U.S. enrolled more students than fully in-person programs, according to the association's survey of more than 150 business schools. A McDonough official said that part-time M.B.A. students tend to be less interested in the networking aspect of school.

China

Why Is My Cat Using Baidu? And Other IoT DNS Oddities (sans.edu) 49

Long-time Slashdot reader UnderAttack writes: IoT devices are often stitched together from various odd libraries and features. The SANS Internet Storm Center has a story about a cat feeder that not only appears to reach out to Baidu.com every five minutes but also uses a vulnerable DNS library that uses repeating query ids allowing for simple spoofing not seen since the early dark years of DNS
The article, by a SANS.edu dean of research, concludes that "Some networking libraries use 'baidu.com' for internet connectivity checks. Even if the DNS lookup succeeds, there is no actual outbound connection in this case. The device is happy as long as an IP address is returned."
Security

OpenSSL Warns of Critical Security Vulnerability With Upcoming Patch (zdnet.com) 31

An anonymous reader quotes a report from ZDNet: Everyone depends on OpenSSL. You may not know it, but OpenSSL is what makes it possible to use secure Transport Layer Security (TLS) on Linux, Unix, Windows, and many other operating systems. It's also what is used to lock down pretty much every secure communications and networking application and device out there. So we should all be concerned that Mark Cox, a Red Hat Distinguished Software Engineer and the Apache Software Foundation (ASF)'s VP of Security, this week tweeted, "OpenSSL 3.0.7 update to fix Critical CVE out next Tuesday 1300-1700UTC." How bad is "Critical"? According to OpenSSL, an issue of critical severity affects common configurations and is also likely exploitable. It's likely to be abused to disclose server memory contents, and potentially reveal user details, and could be easily exploited remotely to compromise server private keys or execute code execute remotely. In other words, pretty much everything you don't want happening on your production systems.

The last time OpenSSL had a kick in its security teeth like this one was in 2016. That vulnerability could be used to crash and take over systems. Even years after it arrived, security company Check Point estimated it affected over 42% of organizations. This one could be worse. We can only hope it's not as bad as that all-time champion of OpenSSL's security holes, 2014's HeartBleed. [...] There is another little silver lining in this dark cloud. This new hole only affects OpenSSL versions 3.0.0 through 3.0.6. So, older operating systems and devices are likely to avoid these problems. For example, Red Hat Enterprise Linux (RHEL) 8.x and earlier and Ubuntu 20.04 won't be smacked by it. RHEL 9.x and Ubuntu 22.04, however, are a different story. They do use OpenSSL 3.x. [...] But, if you're using anything with OpenSSL 3.x in -- anything -- get ready to patch on Tuesday. This is likely to be a bad security hole, and exploits will soon follow. You'll want to make your systems safe as soon as possible.

Businesses

Meta's Profit Slides by More Than 50 Percent as Challenges Mount (nytimes.com) 84

The social networking company, which is trying to shift into the so-called metaverse, posted falling sales and said it was "making significant changes" to operate more efficiently. The New York Times reports: This year, Meta's earnings have been hit hard by its spending on the metaverse and its slowing growth in social networking and digital advertising. In July, the Silicon Valley company posted its first sales decline as a public company. Its stock has plunged more than 60 percent this year. On Wednesday, Meta continued that trajectory and indicated that the decline would not end anytime soon. It said it would be "making significant changes across the board to operate more efficiently," including by shrinking some teams and by hiring only in its areas of highest priority.

The company reported a 4 percent drop in revenue for its third quarter -- to $27.7 billion, down from $29 billion a year earlier. Net income was $4.4 billion, down 52 percent from a year earlier. Spending soared by 19 percent from a year earlier. The company's metaverse investments remained troubled. Meta said its Reality Labs division, which is responsible for the virtual reality and augmented reality efforts that are central to the metaverse, had lost $3.7 billion compared with $2.6 billion a year earlier. It said operating losses for the division would grow "significantly" next year. For the current quarter, Meta forecast revenue of between $30 billion and $32.5 billion, which would be down from a year ago. The company's shares fell more than 11 percent in after-hours trading.
In a statement, Mr. Zuckerberg, Meta's founder and chief executive, acknowledged "near-term challenges on revenue." But he added that "the fundamentals are there for a return to stronger revenue growth" and that he was "approaching 2023 with a focus on prioritization and efficiency."
Privacy

Nym's Plan to Boost Internet Privacy Through 'Mixnets' (quantamagazine.org) 22

Harry Halpin helped create uniform cryptography standards for the World Wide Web Consortium, reports Quanta magazine — but "he also wanted to protect the lower, foundational level: the network through which the information is transmitted.

"In 2018, he started Nym Technologies to take on this problem.... Halpin spoke with Quanta from Nym's headquarters in Neuchâtel, Switzerland." Halpin: The trickier problem is this: How do I communicate with you so that no one else knows I'm communicating with you, even if our messages are encrypted? You can get a sense of what people are saying from the pattern of communication: Who are you talking with, when are your conversations, how long do they last...?

There are two key elements: One is the "mixnet," a technology invented by David Chaum in 1979 that my team has improved. It relies on the premise that you can't be anonymous by yourself; you can only be anonymous in a crowd. You start with a message and break it into smaller units, communications packets, that you can think of as playing cards. Next, you encrypt each card and randomly send it to a "mixnode" — a computer where it will be mixed with cards from other senders. This happens three separate times and at three separate mixnodes. Then each card is delivered to the intended recipient, where all the cards from the original message are decrypted and put back into the proper order. No person who oversees mixing at a single mixnode can know both the card's origin and its destination. In other words, no one can know who you are talking to.

Q: That was the original mixnet, so what improvements have you made?

Halpin: For one thing, we make use of the notion of entropy, a measure of randomness that was invented for this application by Claudia Diaz, a computer privacy professor at KU Leuven and Nym's chief scientist. Each packet you receive on the Nym network has a probability attached to it that tells you, for instance, the odds that it came from any given individual.... Our system uses a statistical process that allows you both to measure entropy and to maximize it — the greater the entropy, the greater the anonymity. There are no other systems out there today that can let users know how private their communications are.

Q: What's the second key element you referred to?

Halpin: Mixnets, as I said, have been around a long time. The reason they've never taken off has a lot to do with economics. Where do the people who are going to do the mixing come from, and how do you pay them? We think we have an answer. And the kernel of that idea came from a conversation I had in 2017 with Adam Back, a cryptographer who developed bitcoin's central "proof of work" algorithm. I asked him what he would do if he were to redesign bitcoin. He said it would be great if all the computer processing done to verify cryptocurrency transactions — by solving so-called Merkle puzzles that have no practical value outside of bitcoin — could instead be used to ensure privacy.

The computationally expensive part of privacy is the mixing, so it occurred to me that we could use a bitcoin-inspired system to incentivize people to do the mixing. We built our company around that idea....

A new paper that came out in June shows that this approach can lead to an economically sustainable mixnet....

We are not building a currency system or trying to replace the dollar. We just want to provide privacy to ordinary people.

Windows

Zeek Becoming Part of Microsoft Windows (corelight.com) 21

First released in 1998, the BSD-licensed software Zeek (originally named "Bro") is about to get more widely adopted, writes long-time Slashdot reader skinfaxi: Zeek, the open source network security monitoring platform, is being integrated into Windows and "is now deployed on more than one billion global endpoints," according to an announcement from Corelight.
From Corelight's press release: Corelight, the leader in open network detection and response, today announced the integration of Zeek, the world's most popular open source network security monitoring platform, as a component of Microsoft Windows and Defender for Endpoint. The integration will help security teams respond to the most challenging attacks by providing "richer signals for advanced threat hunting, complete and accurate discovery of IoT devices, and more powerful detection and response capabilities."

Originally created by Corelight co-founder and chief scientist Dr. Vern Paxson while at Lawrence Berkeley National Laboratory, Zeek transforms network traffic into compact and high-fidelity logs, file content, and behavioral analytics to accelerate security operations. Vital funding for Zeek came initially from the National Science Foundation and the US Department of Energy's Office of Science. As adoption increased, Corelight was founded to provide a financial model and corporate sponsor for the project....

"Microsoft is strongly committed to supporting open source projects and ecosystems," said Rob Lefferts, corporate vice president for Microsoft. "We're proud to be working with Zeek and are thrilled to bring this level of network intelligence and monitoring to our customers."

"This is an amazing development for Zeek and its community of contributors and users," said Paxson. "I never imagined that the tool I developed for network monitoring would find broader application in defending endpoints — but that's part of the creative magic of open source development.

"We are grateful for Microsoft's contributions and support, and we are excited that the project's impact, and that of the community of contributors, will increase so dramatically."

Network

Brooklyn Quantum Network May Hold Key To an Untappable Internet (fastcompany.com) 47

tedlistens shares a report from Fast Company: Two corners of Brooklyn's historic Navy Yard will be connected by a small test bed for quantum networking, a first step toward a future "quantum internet" that promises to transform computing and make communications untappable. The effort, by a startup company called Qunnect, will join dozens of experiments around the U.S., Europe, and China, but would be the first commercial quantum network in the country, and the first to use only small, room-temperature devices. Such tools could make it easier to link quantum computers across the planet, opening the door to more practical uses of the technology in research, defense, finance, and other yet-to-be-determined applications.

"We can have these networks go all the way from here, coast to coast, and eventually global," says Dr. Noel Goddard, the CEO of Qunnect. In addition to testing a protocol for sharing quantum information across conventional fiber-optic lines, the 12-person startup will use the network to test a group of quantum networking hardware that can fit into the server racks of existing telecom buildings. Its flagship product, spun out of research at SUNY Stony Brook, is a type of device thought to be crucial to establishing the "magic" of quantum entanglement across a fiber line, called a quantum memory. The machines use rubidium vapor to briefly store photons' quantum information, with all of its weird uncertainty, so that the information can be repeated across a long-distance fiber network without disturbing it along the way. But unlike many quantum machines -- often sprawling tabletop contraptions that rely on cryogenic cooling, vacuums, and other delicate equipment -- Qunnect's memory machine operates at room temperature and fits inside a box the size of a large desk drawer.

Qunnect's sold just three of its memory machines so far, to Brookhaven National Lab and Stony Brook University, at a reported price of around $100,000 apiece. But a number of government and defense labs, along with big telecom and tech companies, from Amazon to Verizon, are paying close attention. The device has already received millions in backing from the Department of Energy and other federal and state agencies. And last week, Qunnect announced its largest endorsement yet: $8 million in funding, in a series A round led by Airbus Ventures and including The New York Ventures Fund, Impact Science Ventures, Motus Ventures, and SandboxAQ, a post-quantum security company Google spun off earlier this year. The new money will help build the test bed, which Qunnect plans to start operating by the middle of next year, when it will open it up to researchers and customers in government, finance, and telecom. These experiments will help the company learn more about a variety of proposals for building quantum networks, and, it hopes, position it as a device supplier for the whole quantum internet.

Google

Intel and Google Cloud Launch New Chip To Improve Data Center Performance (reuters.com) 17

Intel and Google Cloud on Tuesday said they have launched a co-designed chip that can make data centers more secure and efficient. From a report: The E2000 chip, code named Mount Evans, takes over the work of packaging data for networking from the expensive central processing units (CPU) that do the main computing. It also offers better security between different customers that may be sharing CPUs in the cloud, explained Google's vice president of engineering, Amin Vahdat. Chips are made up of basic processors called cores. There can be hundreds of cores on a chip and sometimes information can bleed between them. The E2000 creates secure routes to each core to prevent such a scenario. Companies are running increasingly complex algorithms, using progressively bigger data sets, at a time when the performance improvement of chips like CPUs is slowing down. Cloud companies are therefore looking for ways to make the data center itself more productive.
China

Suspected Chinese Hackers Tampered With Widely Used Canadian Chat Program, Researchers Say (reuters.com) 11

Suspected Chinese hackers tampered with widely used software distributed by a small Canadian customer service company, another example of a "supply chain compromise" made infamous by the hack on U.S. networking company SolarWinds. From a report: U.S. cybersecurity firm CrowdStrike will say in an upcoming blog post seen by Reuters that it had discovered malicious software being distributed by Vancouver-based Comm100, which provides customer service products, such as chat bots and social media management tools, to a range of clients around the globe. The scope and scale of the hack wasn't immediately clear. In a message, Comm100 said it had fixed its software earlier Thursday and that more details would soon be forthcoming. The company did not immediately respond to follow-up requests for information. CrowdStrike researchers believe the malicious software was in circulation for a couple of days but wouldn't say how many companies had been affected, divulging only that "entities across a range of industries" were hit.

Slashdot Top Deals