"Microsoft confirmed that a memory leak introduced with the March 2024 Windows Server security updates is behind a widespread issue causing Windows domain controllers to crash," BleepingComputer reported Thursday.

Friday Microsoft wrote that the issue "was resolved in the out-of-band update KB5037422," only available via the Microsoft Update Catalog. (The update "is not available from Windows Update and will not install automatically.")

BleepingComputer reported the leak only affected "enterprise systems using the impacted Windows Server platform," and home users were not affected. But Microsoft confirmed it impacted all domain controller servers with the latest Windows Server 2012 R2, 2016, 2019, and 2022 updates: As BleepingComputer first reported on Wednesday and as many admins have warned over the last week, affected servers are freezing and restarting unexpectedly due to a Local Security Authority Subsystem Service (LSASS) process memory leak introduced with this month's cumulative updates.

"Since installation of the March updates (Exchange as well as regular Windows Server updates) most of our DCs show constantly increasing lsass memory usage (until they die)," one admin said.

"Our symptoms were ballooning memory usage on the lsass.exe process after installing KB5035855 (Server 2016) and KB5035857 (Server 2022) to the point that all physical and virtual memory was consumed and the machine hung," another Windows admin told BleepingComputer.
The leak "is observed when on-premises and cloud-based Active Directory Domain Controllers service Kerberos authentication requests," Microsoft wrote. "Extreme memory leaks may cause LSASS to crash, which triggers an unscheduled reboot of underlying domain controllers..."

"We strongly recommend you do not apply the March 2024 security update on DCs and install KB5037422 instead..."

Longtime Slashdot reader jgulla shares an announcement from Redis: Beginning today, all future versions of Redis will be released with source-available licenses. Starting with Redis 7.4, Redis will be dual-licensed under the Redis Source Available License (RSALv2) and Server Side Public License (SSPLv1). Consequently, Redis will no longer be distributed under the three-clause Berkeley Software Distribution (BSD). The new source-available licenses allow us to sustainably provide permissive use of our source code.

We're leading Redis into its next phase of development as a real-time data platform with a unified set of clients, tools, and core Redis product offerings. The Redis source code will continue to be freely available to developers, customers, and partners through Redis Community Edition. Future Redis source-available releases will unify core Redis with Redis Stack, including search, JSON, vector, probabilistic, and time-series data models in one free, easy-to-use package as downloadable software. This will allow anyone to easily use Redis across a variety of contexts, including as a high-performance key/value and document store, a powerful query engine, and a low-latency vector database powering generative AI applications. [...]

Under the new license, cloud service providers hosting Redis offerings will no longer be permitted to use the source code of Redis free of charge. For example, cloud service providers will be able to deliver Redis 7.4 only after agreeing to licensing terms with Redis, the maintainers of the Redis code. These agreements will underpin support for existing integrated solutions and provide full access to forthcoming Redis innovations. In practice, nothing changes for the Redis developer community who will continue to enjoy permissive licensing under the dual license. At the same time, all the Redis client libraries under the responsibility of Redis will remain open source licensed. Redis will continue to support its vast partner ecosystem -- including managed service providers and system integrators -- with exclusive access to all future releases, updates, and features developed and delivered by Redis through its Partner Program. There is no change for existing Redis Enterprise customers.

couchslug shares a report from ITPro: A European cloud trade body has called for an investigation into Broadcom amid concerns over changes it has made to VMware licensing structures. The Cloud Infrastructure Service Providers in Europe (CISPE) consortium called on regulatory and legislative bodies across Europe to investigate the changes Broadcom has made to the VMware operating model, which it says will "decimate" the region's cloud infrastructure. "CISPE calls upon regulators, legislators and courts across Europe to swiftly scrutinize the actions of Broadcom in unilaterally canceling license terms for essential virtualization software," the trade body said in a statement. Since acquiring VMware in November 2023, Broadcom has embarked on a comprehensive overhaul of software licensing at the firm, which has drawn widespread criticism from customers. Broadcom stated it would continue to support customers under a perpetual licensing agreement for the period defined in the contract, but following this customers would need to exchange any remaining licenses for subscription-based products. This has left both cloud service vendors and customers in limbo, according to CISPE, without any solid information on how, when, or if they will be able to license VMware products essential for their operations from April 2024. Moreover, even if they are able to relicense the VMware software, a number of customers reported dramatic price hikes of as much as 12 times.

CISPE's characterisation of the move was far less charitable, arguing Broadcom is using VMware's market dominance, controlling almost 45% of the virtualization market, to charge exorbitant rents from cloud providers. Several CISPE members admitted that without the ability to license VMware products they will be unable to operate and will go bankrupt, with some stating that over 75% of their revenue depends on VMware virtualization tech. Members added that they often received termination notices late, if at all, with short notice periods that spanned just a few weeks. In addition, CISPE also complained about the decision to remove hundreds of products without any notice, and re-bundle the outstanding products under new prohibitive contract terms, despite there being no changes to the products themselves. Francisco Mingorance, secretary general of CISPE, said the changes will hurt both European customers and cloud service providers by increasing costs and reducing choice. At a time when our members are moving to support the requirements for switching and portability between cloud services outlined in the Data Act, Broadcom is holding the sector to ransom by leveraging VMware's dominance of the virtualization sector to enforce unfair license terms and extract unfair rents from European cloud customers," Mingorance said.

CISPE noted that for some cloud sector applications that require certifications by software or service providers, VMware products are the only viable option. As such, the association called for Broadcom to be recognized as a designated gatekeeper under the terms of the Digital Markets Act (DMA) that came into force on March 7, 2024. Mingorance argued Broadcom's moves will only further restrict an already limited set of options for cloud providers in Europe, warning that Broadcom has a dangerous degree of control over the region's digital ecosystems. "As well as inflicting financial damage on the European digital economy, these actions will decimate Europe's independent cloud infrastructure sector and further reduce the diversity of choice for customers," he explained. "Dominant software providers, in any sector from productivity software to virtualization, must not be allowed to wield life or death power over Europe's digital ecosystems."

An anonymous reader shares a report: Even if you decide to stop offering free editions, you don't get to stop providing the source code to FOSS, users of JasperReports Server are complaining. Cloud Software Group -- the post-merger offspring of Citrix and Tibco -- has decided to withdraw the community edition of its JasperReports Server. Now all you can get is the commercial edition, with a 30-day free trial. Effectively, this seems like a similar tactic to Red Hat's unpopular changes to the way that the RHEL source code is distributed. Some of the JasperReports source code is still on Github, but not everything. The JasperSoft community website has the grumbling of unhappy users -- as does Reddit.

One user on the community website commented: "Are you aware Jasper Server CE was under the Affero GPL, and you can't delete everything? "You cannot just change the license of the previous versions and call it a day. I mean, we the users, have the right to fork it using the same license or a compatible one," the user protested. JasperSoft has been developing its reporting tools in the open for well over a decade -- the Reg was reporting on it nearly twenty years ago. Tibco acquired the company for some $185 million in 2014. We're not certain that things are going very well for the new outfit. Early last year, the merger was followed by a round of job losses, and the company has also more recently doubled its prices on some offerings.

An anonymous reader quotes a report from Ars Technica: Starting in early 2023, Williams team principal James Vowles and chief technical officer Pat Fry started reworking the F1 team's systems for designing and building its car. It would be painful, but the pain would keep the team from falling even further behind. As they started figuring out new processes and systems, they encountered what they considered a core issue: Microsoft Excel. The Williams car build workbook, with roughly 20,000 individual parts, was "a joke," Vowles recently told The Race. "Impossible to navigate and impossible to update." This colossal Excel file lacked information on how much each of those parts cost and the time it took to produce them, along with whether the parts were already on order. Prioritizing one car section over another, from manufacture through inspection, was impossible, Vowles suggested.

"When you start tracking now hundreds of thousands of components through your organization moving around, an Excel spreadsheet is useless," Vowles told The Race. Because of the multiple states each part could be in -- ordered, backordered, inspected, returned -- humans are often left to work out the details. "And once you start putting that level of complexity in, which is where modern Formula 1 is, the Excel spreadsheet falls over, and humans fall over. And that's exactly where we are." The consequences of this row/column chaos, and the resulting hiccups, were many. Williams missed early pre-season testing in 2019. Workers sometimes had to physically search the team's factory for parts. The wrong parts got priority, other parts came late, and some piled up. And yet transitioning to a modern tracking system was "viciously expensive," Fry told The Race, and making up for the painful process required "humans pushing themselves to the absolute limits and breaking."

The idea that a modern Formula 1 team, building some of the most fantastically advanced and efficient machines on Earth, would be using Excel to build those machines might strike you as odd. F1 cars cost an estimated $12-$16 million each, with resource cap of about $145 million. But none of this really matters, and it actually makes sense, if you've ever worked IT at nearly any decent-sized organization. Then again, it's not even uncommon in Formula 1. When Sebastian Anthony embedded with the Renault team, he reported back for Ars in 2017 that Renault Sport Formula One's Excel design and build spreadsheet was 77,000 lines long -- more than three times as large as the Williams setup that spurred an internal revolution in 2023.

Every F1 team has its own software setup, Anthony wrote, but they have to integrate with a lot of other systems: Computational Fluid Dynamics (CFD) and wind tunnel results, rapid prototyping and manufacturing, and inventory. This leaves F1 teams "susceptible to the plague of legacy software," Anthony wrote, though he noted that Renault had moved on to a more dynamic cloud-based system that year. (Renault was also "a big Microsoft shop" in other areas, like email and file sharing, at the time.) One year prior to Anthony's excavation, Adam Banks wrote for Ars about the benefits of adopting cloud-based tools for enterprise resource planning (ERP). You adopt a cloud-based business management software to go "Beyond Excel." "If PowerPoint is the universal language businesses use to talk to one another, their internal monologue is Excel," Banks wrote. The issue is that all the systems and processes a business touches are complex and generate all kinds of data, but Excel is totally cool with taking in all of it. Or at least 1,048,576 rows of it. Banks cited Tim Worstall's 2013 contention that Excel could be "the most dangerous software on the planet." Back then, international investment bankers were found manually copying and pasting Excel between Excel sheets to do their work, and it raised alarm.

NVIDIA has been working on adding generative AI to non-playable characters (NPCs) for a while now. The company is hoping a newly-announced partnership with Ubisoft will accelerate development of this technology and, ultimately, bring these AI-driven NPCs to modern games. From a report: Ubisoft helped build new "NEO NPCs" by using NVIDIA's Avatar Cloud Engine (ACE) technology, with an assist from dynamic NPC experts Inworld AI. The end result? Characters that don't repeat the same phrase over and over, while ignoring the surrounding violent mayhem. These NEO NPCs are said to interact in real time with players, the environment and other in-game characters. NVIDIA says this opens up "new possibilities for emergent storytelling." To that end, Ubisoft's narrative team built complete backgrounds, knowledge bases and conversational styles for two NPCs as a proof of concept.

An anonymous reader quotes a report from TorrentFreak: Back in 2004, in the pre-Web 2.0 era, research indicated that BitTorrent was responsible for an impressive 35% of all Internet traffic. At the time, file-sharing via peer-to-peer networks was the main traffic driver as no other services consumed large amounts of bandwidth. Fast-forward two decades and these statistics are ancient history. With the growth of video streaming, including services such as YouTube, Netflix, and TikTok, file-sharing traffic is nothing more than a drop in today's data pool. [...]

This week, Canadian broadband management company Sandvine released its latest Global Internet Phenomena Report which makes it clear that BitTorrent no longer leads any charts. The latest data show that video and social media are the leading drivers of downstream traffic, accounting for more than half of all fixed access and mobile data worldwide. Needless to say, BitTorrent is nowhere to be found in the list of 'top apps'. Looking at upstream traffic, BitTorrent still has some relevance on fixed access networks where it accounts for 4% of the bandwidth. However, it's been surpassed by cloud storage apps, FaceTime, Google, and YouTube. On mobile connections, BitTorrent no longer makes it into the top ten. The average of 46 MB upstream traffic per subscriber shouldn't impress any file-sharer. However, since only a small percentage of all subscribers use BitTorrent, the upstream traffic per user is of course much higher.

Databricks CTO Matei Zaharia "said that Databricks had to keep track of scheduling a million things," remembers adjunct MIT professor Michael Stonebraker. " He said that this can't be done with traditional operating system scheduling, and so this was done out of a Postgres database. And then he started to whine that Postgres was too slow, and I told him we can do better than that...."

This resulted in DBOS — short for "database operating system" — which they teamed up to build with teams Stanford and MIT, according to The Next Platform: They founded a company to commercialize the idea in April 2023 and secured $8.5 million initial seed funding to start building the real DBOS. Engine Ventures and Construct Capital led the funding, along with Sinewave and GutBrain Ventures...

"The state that the operating system has to keep track of — memory, files, messages, and so on — is approximately linear to the resources you have got," says Stonebraker. "So without me saying another word, keeping track of operating system state is a database problem not addressed by current operating system schedulers. Moreover, OLTP [Online Transaction Processing] database performance has gone up dramatically, and that is why we thought instead of running the database system in user space on top of the operating system, why don't we invert our thinking 180 degrees and run the operating system on top of the database, with all of the operating services are coded in SQL...?"

For now, DBOS can give the same kind of performance as that full blown Linux operating system, and thanks to the distributed database underpinnings of its kernel, it can do things that a Linux kernel just cannot do... One is provide reliable execution, which means that if a program running atop DBOS is ever interrupted, it starts where it left off and does not have to redo its work from some arbitrary earlier point and does not crash and have to start from the beginning. And because every little bit of the state of the operating system — and therefore the applications that run atop it — is preserved, you can go backwards in time in the system and restart the operating system if it experiences some sort of anomaly, such as a bad piece of application software running or a hack attack. You can use this "time travel" feature, as Stonebraker calls it, to reproduce what are called heisenbugs — ones that are very hard to reproduce precisely because there is no shared state in the distributed Linux and Kubernetes environment and that are increasingly prevalent in a world of microservices.

The other benefit of the DBOS is that it presents a smaller attack surface for hackers, which boosts security, and that you analyze the metrics of the operating system in place since they are already in a NoSQL database that can be queried rather than aggregating a bunch of log files from up and down the software stack to try to figure out what is going on...

There is also a custom tier for DBOS, which we presume costs money, that can use other databases and datastores for user application data, stores more than three days of log data, can have multiple users per account, that adds email and Slack support with DBOS techies, and that is available on other clouds as well as AWS.
The operating system kernel/scheduler "is itself largely a database," with services written in TypeScript, according to the article. The first iteration used the FoundationDB distributed key-value store for its scheduling core (open sourced by Apple in 2018), according to the article — "a blazingly fast NoSQL database... Stonebraker says there is no reason to believe that DBOS can't scale across 1 million cores or more and support Java, Python, and other application languages as they are needed by customers..."

And the article speculates they could take things even further. "There is no reason why DBOS cannot complete the circle and not only have a database as an operating system kernel, but also have a relational database as the file system for applications."

Pi was calculated to 100 trillion decimal places in 2022 by a Google team lead by cloud developer advocate Emma Haruka Iwao.

But 2024's "pi day" saw a new announcement... After successfully breaking the speed record for calculating pi to 100 trillion digits last year, the team at StorageReview has taken it up a notch, revealing all the numbers of Pi up to 105 trillion digits! Spoiler: the 105 trillionth digit of Pi is 6!

Owner and Editor-in-Chief Brian Beeler led the team that used 36 Solidigm SSDs (nearly a petabyte) for their unprecedented capacity and reliability required to store the calculated digits of Pi. Although there is no practical application for this many digits, the exercise underscores the astounding capabilities of modern hardware and an achievement in computational and storage technology...

For an undertaking of this size, which took 75 days, the role of storage cannot be understated. "For the Pi computation, we're entirely restricted by storage, says Beeler. "Faster CPUs will help accelerate the math, but the limiting factor to many new world records is the amount of local storage in the box. For this run, we're again leveraging Solidigm D5-P5316 30.72TB SSDs to help us get a little over 1P flash in the system.

"These SSDs are the only reason we could break through the prior records and hit 105 trillion Pi digits."
"Leveraging a combination of open-source and proprietary software, the team at StorageReview optimized the algorithmic process to fully exploit the hardware's capabilities, reducing computational time and enhancing efficiency," Beeler says in the announcement.

There's a video on YouTube where the team discusses their effort.

According to Bloomberg, Apple has acquired Canada-based AI startup DarwinAI for an undisclosed sum. Macworld reports: Apple has reportedly folded the DarwinAI staff into its own AI team, including DarwinAI co-founder Alexander Wong, an AI researcher at the University of Waterloo who "has published over 600 refereed journal and conference papers, as well as patents, in various fields such as computational imaging, artificial intelligence, computer vision, and multimedia systems."

According to its LinkedIn profile, DarwinAI is "a rapidly growing visual quality inspection company providing manufacturers an end-to-end solution to improve product quality and increase production efficiency." In layman's terms, that means Apple is likely interested in DarwinAI to streamline its manufacturing to be more efficient. That's something that could save Apple a ton of money in annual costs.

Far more interesting to our consumer devices, however, is Bloomberg's report that DarwinAI's tech can be used to make AI models more efficient in general. Apple has been said to want any generative AI features to run on the device rather than the cloud, so models will need to be as small as possible and DarwinAI could definitely help there. Last month, Apple CEO Tim Cook said the iPhone maker sees "incredible breakthrough potential for generative AI, which is why we're currently investing significantly in this area. We believe that will unlock transformative opportunities for users when it comes to productivity, problem solving and more."

In a blog post Thursday, Broadcom CEO and President Hock Tan acknowledged the discomfort VMware customers and partners have experienced after the sweeping changes that Broadcom has instituted since it acquired the company nearly four months ago. "Of course, we recognize that this level of change has understandably created some unease among our customers and partners," writes Tan. "But all of these moves have been with the goals of innovating faster, meeting our customers' needs more effectively, and making it easier to do business with us." Ars Technica reports: Tan believes that the changes will ultimately "provide greater profitability and improved market opportunities" for channel partners. However, many IT solution provider businesses that were working with VMware have already been disrupted. For example, after buying VMware, Broadcom took over the top 2,000 VMware accounts from VMware channel partners. In a March earnings call, Tan said that Broadcom has been focused on upselling those customers. He also said Broadcom expects VMware revenue to grow double-digits quarter over quarter for the rest of the fiscal year. [...]

In his blog post, Tan defended the subscription-only licensing model, calling it "the industry standard." He said VMware started accelerating its transition to this strategy in 2019, (which is before Broadcom bought VMware). He also linked to a February blog post from VMware's Prashanth Shenoy, VP of product and technical marketing for the Cloud, Infrastructure, Platforms, and Solutions group at VMware, that also noted acquisition-related "concerns" but claimed the evolution would be fiscally prudent.

Microsoft has eliminated egress fees for customers removing data from its Azure cloud, joining Amazon Web Services and Google in this move. The decision comes as the European Data Act's provisions targeting lock-in terms are set to take effect in 2025. Microsoft adds: Azure already offers the first 100GB/month of egressed data for free to all customers in all Azure regions around the world. If you need to egress more than 100GB/month, please follow these steps to claim your credit. Contact Azure Support for details on how to start the data transfer-out process. Please comply with the instructions to be eligible for the credit. Azure Support will apply the credit when the data transfer process is complete and all Azure subscriptions associated to the account have been canceled. The exemption on data transfer out to the internet fees also aligns with the European Data Act and is accessible to all Azure customers globally and from any Azure region.

An anonymous reader shares an excerpt from a Wired article: The U.S. economy is showing remarkable health, but in the tech industry, layoffs keep coming. For those out of work, finding a new position can become a full-time job. And in tech -- a sector notoriously always looking for the next hot, new thing -- some people whose days as fresh-faced coders are long gone say that having decades of experience can feel like a disadvantage. Ageism is a longtime problem in the tech industry. Database startup RelevantDB went viral in 2021 after it posted a job listing bragging, "We hire old people," which played off industry stereotypes. In 2020, the US Equal Employment Opportunity Commission found that IBMhad engaged in age discrimination, pushing out older workers to make room for younger ones. (The company has denied engaging in "systemic age discrimination.") A recent LinkedIn ad that shows an older woman unfamiliar with tech jargon saying her son sells invisible clouds triggered a backlash from people who say it unfairly portrayed older people as out of touch. In response, Jim Habig, LinkedIn's vice president of marketing, says: "This ad didn't meet our goal to create experiences where all professionals feel welcomed and valued, and we are working to replace the spot." [...]

Tech companies have laid off more than 400,000 workers over the past two years, according to Layoffs.fyi, which tracks job cuts in the industry. To older workers, the purge is both a reminder of the dotcom bust, and a new frontier. The industry's generally consistent growth in recent decades as the economy has become more tech-centric means that many more senior workers -- which in tech can sometimes be considered to mean over 35 but includes people in their late forties, fifties, or sixties -- may have less experience with job hunting. For decades, tech workers could easily hop between jobs in their networks, often poached by recruiters. And as tech companies boomed during the Covid-19 pandemic's early days, increased demand for skills gave workers leverage. Now the power has shifted to the employers as companies seek to become efficient and correct that over hiring phase, and applicants are hitting walls. Workers have to network, stay active on LinkedIn, join message boards, and stand out. With four generations now clocking in to work, things can feel crowded.

An anonymous reader quotes a report from Wired: Arkady Volozh, the billionaire cofounder of Russia's biggest internet company, was removed from the EU sanctions list today, clearing the way for his return to the world of international tech. On Tuesday a spokesperson for the European Council confirmed to WIRED that the Yandex cofounder was among three people whose sanctions were lifted this week. Volozh, 60, was initially included on the EU sanctions list in June 2023, following Russia's full-scale invasion of Ukraine in February 2022. "Volozh is a leading businessperson involved in economic sectors providing a substantial source of revenue to the Government of the Russian Federation," the blocsaidlast year to justify its decision. "As founder and CEO of Yandex, he is supporting, materially or financially, the Government of the Russian Federation." In response, Volozh stepped down from his position as Yandex CEO, calling the sanctions "misguided." [...]

The removal of sanctions affecting one of Russian tech's most prominent figures will be especially significant if Volozh goes on to build Yandex 2.0 inside Europe. The billionaire maintains strong ties to exiled Russian tech talent, with thousands of Yandex staff leaving the country after the start of the war. "These people are now out, and in a position to start something new, continuing to drive technological innovation," Volozh said in the same 2023 statement. "They will be a tremendous asset to the countries in which they land." Yandex is widely known as "Russia's Google" because it monopolizes the Russian search market and offers many other services, including Yandex Music for streaming, Yandex Navigator for maps, and Yandex Go for hailing a ride. "Over the past 18 months, [Dutch-based Yandex NV] has been involved in complex negotiations with the Kremlin, in an attempt to sell its Russian operations while carving out four Europe-based units, which include businesses focused on self-driving cars, cloud computing, data labeling, and education tech," reports Wired.

Last month, Yandex NV reached a "binding agreement" to sell its operations in the country for $5.2 billion -- a price that reflects a 50% discount that Moscow imposes on companies from "unfriendly" countries like the Netherlands as a condition of exiting business in Russia.

An anonymous reader quotes a report from TechCrunch: A lengthy investigation into the European Union's use of Microsoft 365 has found the Commission breached the bloc's data protection rules through its use of the cloud-based productivity software. Announcing its decision in a press release today, the European Data Protection Supervisor (EDPS) said the Commission infringed "several key data protection rules when using Microsoft 365." "The Commission did not sufficiently specify what types of personal data are to be collected and for which explicit and specified purposes when using Microsoft 365," the data supervisor, Wojciech Wiewiorowski, wrote, adding: "The Commission's infringements as data controller also relate to data processing, including transfers of personal data, carried out on its behalf." The EDPS has imposed corrective measures requiring the Commission to address the compliance problems it has identified by December 9 2024, assuming it continues to use Microsoft's cloud suite. The regulator, which oversees' EU institutions' compliance with data protection rules, opened a probe of the Commission's use of Microsoft 365 and other U.S. cloud services back in May 2021. [...]

The Commission confirmed receipt of the EDPB's decision and said it will need to analyze the reasoning "in detail" before taking any decision on how to proceed. In a series of statements during a press briefing, it expressed confidence that it complies with "the applicable data protection rules, both in fact and in law." It also said "various improvements" have been made to contracts, with the EDPS, during its investigation. "We have been cooperating fully with the EDPS since the start of the investigation, by providing all relevant documents and information to the EDPS and by following up on the issues that have been raised in the course of the investigation," it said. "The Commission has always been ready to implement, and grateful for receiving, any substantiated recommendation from the EDPS. Data protection is a top priority for the Commission."

"The Commission has always been fully committed to ensuring that its use of Microsoft M365 is compliant with the applicable data protection rules and will continue to do so. The same applies to all other software acquired by the Commission," it went on, further noting: "New data protection rules for the EU institutions and bodies came into force on 11 December 2018. The Commission is actively pursuing ambitious and safe adequacy frameworks with international partners. The Commission applies those rules in all its processes and contracts, including with individual companies such as Microsoft." While the Commission's public statements reiterated that it's committed to compliance with its legal obligations, it also claimed that "compliance with the EDPS decision unfortunately seems likely to undermine the current high level of mobile and integrated IT services." "This applies not only to Microsoft but potentially also to other commercial IT services. But we need to first analyze the decision's conclusions and the underlying reasons in detail. We cannot provide further comments until we have concluded the analysis," it added.

Researchers at Cado Security Labs received an alert about a honeypot using the Docker Engine API. "A Docker command was received..." they write, "that spawned a new container, based on Alpine Linux, and created a bind mount for the underlying honeypot server's root directory..." Typically, this is exploited to write out a job for the Cron scheduler to execute... In this particular campaign, the attacker exploits this exact method to write out an executable at the path /usr/bin/vurl, along with registering a Cron job to decode some base64-encoded shell commands and execute them on the fly by piping through bash.

The vurl executable consists solely of a simple shell script function, used to establish a TCP connection with the attacker's Command and Control (C2) infrastructure via the /dev/tcp device file. The Cron jobs mentioned above then utilise the vurl executable to retrieve the first stage payload from the C2 server... To provide redundancy in the event that the vurl payload retrieval method fails, the attackers write out an additional Cron job that attempts to use Python and the urllib2 library to retrieve another payload named t.sh
"Multiple user mode rootkits are deployed to hide malicious processes," they note. And one of the shell scripts "makes use of the shopt (shell options) built-in to prevent additional shell commands from the attacker's session from being appended to the history file... Not only are additional commands prevented from being written to the history file, but the shopt command itself doesn't appear in the shell history once a new session has been spawned."

The same script also inserts "an attacker-controlled SSH key to maintain access to the compromised host," according to the article, retrieves a miner for the Monero cryptocurrency and then "registers persistence in the form of systemd services" for both the miner and an open source Golang reverse shell utility named Platypus.

It also delivers "various utilities," according to the blog Security Week, "including 'masscan' for host discovery." Citing CADO's researchers, they write that the shell script also "weakens the machine by disabling SELinux and other functions and by uninstalling monitoring agents." The Golang payloads deployed in these attacks allow attackers to search for Docker images from the Ubuntu or Alpine repositories and delete them, and identify and exploit misconfigured or vulnerable Hadoop, Confluence, Docker, and Redis instances exposed to the internet... ["For the Docker compromise, the attackers spawn a container and escape from it onto the underlying host," the researchers writes.]

"This extensive attack demonstrates the variety in initial access techniques available to cloud and Linux malware developers," Cado notes. "It's clear that attackers are investing significant time into understanding the types of web-facing services deployed in cloud environments, keeping abreast of reported vulnerabilities in those services and using this knowledge to gain a foothold in target environments."

"A 20-year-old Trojan resurfaced recently," reports Dark Reading, "with new variants that target Linux and impersonate a trusted hosted domain to evade detection." Researchers from Palo Alto Networks spotted a new Linux variant of the Bifrost (aka Bifrose) malware that uses a deceptive practice known as typosquatting to mimic a legitimate VMware domain, which allows the malware to fly under the radar. Bifrost is a remote access Trojan (RAT) that's been active since 2004 and gathers sensitive information, such as hostname and IP address, from a compromised system.

There has been a worrying spike in Bifrost Linux variants during the past few months: Palo Alto Networks has detected more than 100 instances of Bifrost samples, which "raises concerns among security experts and organizations," researchers Anmol Murya and Siddharth Sharma wrote in the company's newly published findings.

Moreover, there is evidence that cyberattackers aim to expand Bifrost's attack surface even further, using a malicious IP address associated with a Linux variant hosting an ARM version of Bifrost as well, they said... "As ARM-based devices become more common, cybercriminals will likely change their tactics to include ARM-based malware, making their attacks stronger and able to reach more targets."

"2004 was already an eventful year for Linux," writes ZDNet's Jack Wallen. "As I reported at the time, SCO was trying to drive Linux out of business. Red Hat was abandoning Linux end-user fans for enterprise customers by closing down Red Hat Linux 9 and launching the business-friendly Red Hat Enterprise Linux (RHEL). Oh, and South African tech millionaire and astronaut Mark Shuttleworth [also a Debian Linux developer] launched Canonical, Ubuntu Linux's parent company.

"Little did I — or anyone else — suspect that Canonical would become one of the world's major Linux companies."

Mark Shuttleworth answered questions from Slashdot reader in 2005 and again in 2012. And this year, Canonical celebrates its 20th anniversary. ZDNet reports: Canonical's purpose, from the beginning, was to support and share free software and open-source software... Then, as now, Ubuntu was based on Debian Linux. Unlike Debian, which never met a delivery deadline it couldn't miss, Ubuntu was set to be updated to the latest desktop, kernel, and infrastructure with a new release every six months. Canonical has kept to that cadence — except for the Ubuntu 6.06 release — for 20 years now...

Released in October 2004, Ubuntu Linux quickly became synonymous with ease of use, stability, and security, bridging the gap between the power of Linux and the usability demanded by end users. The early years of Canonical were marked by rapid innovation and community building. The Ubuntu community, a vibrant and passionate group of developers and users, became the heart and soul of the project. Forums, wikis, and IRC channels buzzed with activity as people from all over the world came together to contribute code, report bugs, write documentation, and support each other....

Canonical's influence extends beyond the desktop. Ubuntu Linux, for example, is the number one cloud operating system. Ubuntu started as a community desktop distribution, but it's become a major enterprise Linux power [also widely use as a server and Internet of Things operating system.]
The article notes Canonical's 2011 creation of the Unity desktop. ("While Ubuntu Unity still lives on — open-source projects have nine lives — it's now a sideline. Ubuntu renewed its commitment to the GNOME desktop...")

But the article also argues that "2016, on the other hand, saw the emergence of Ubuntu Snap, a containerized way to install software, which --along with its rival Red Hat's Flatpak — is helping Linux gain some desktop popularity."

Microsoft has abruptly pulled a feature from OneDrive that allows users to upload files to the cloud storage service directly from a URL. From a report: The feature turned up as a preview in 2021 and was intended for scenarios "where the file contents aren't available, or are expensive to transfer," according to Microsoft. It was particularly useful for mobile users, for whom uploading files directly through their apps could be costly. Much better to simply point OneDrive at a given URL and let it handle the upload itself.

However, the experimental feature never made it past the consumer version of OneDrive. It also didn't fit with Microsoft's "vision for OneDrive as a cloud storage service that syncs your files across devices." Indeed, the idea of hosing data into OneDrive from a remote source sits at odds with the file synchronization model being championed by Microsoft and conveniently available from macOS and Windows.

An anonymous reader quotes a report from Ars Technica: VMware is urging customers to patch critical vulnerabilities that make it possible for hackers to break out of sandbox and hypervisor protections in all versions, including out-of-support ones, of VMware ESXi, Workstation, Fusion, and Cloud Foundation products. A constellation of four vulnerabilities -- two carrying severity ratings of 9.3 out of a possible 10 -- are serious because they undermine the fundamental purpose of the VMware products, which is to run sensitive operations inside a virtual machine that's segmented from the host machine. VMware officials said that the prospect of a hypervisor escape warranted an immediate response under the company's IT Infrastructure Library, a process usually abbreviated as ITIL.

"In ITIL terms, this situation qualifies as an emergency change, necessitating prompt action from your organization," the officials wrote in a post. "However, the appropriate security response varies depending on specific circumstances." Among the specific circumstances, one concerns which vulnerable product a customer is using, and another is whether and how it may be positioned behind a firewall. A VMware advisory included the following matrix showing how the vulnerabilities -- tracked as CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255 -- affect each of the vulnerable products [...]. Three of the vulnerabilities affect the USB controller the products use to support peripheral devices such as keyboards and mice.

Broadcom, the VMware parent company, is urging customers to patch vulnerable products. As a workaround, users can remove USB controllers from vulnerable virtual machines, but Broadcom stressed that this measure could degrade virtual console functionality and should be viewed as only a temporary solution. In an article explaining how to remove a USB controller, officials wrote: "The workaround is to remove all USB controllers from the Virtual Machine. As a result, USB passthrough functionality will be unavailable. In addition, virtual/emulated USB devices, such as VMware virtual USB stick or dongle, will not be available for use by the virtual machine. In contrast, the default keyboard/mouse as input devices are not affected as they are, by default, not connected through USB protocol but have a driver that does software device emulation in the guest OS.

IMPORTANT:
Certain guest operating systems, including Mac OS, do not support using a PS/2 mouse and keyboard. These guest operating systems will be left without a mouse and keyboard without a USB controller."