Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Google

Google Reveals Its Servers All Contain Custom Security Silicon (theregister.co.uk) 108

Google has published an Infrastructure Security Design Overview that explains how it secures the cloud it uses for its own operations and for public cloud services. From a report on The Register: The document outlines six layers of security and reveals some interesting factoids about the Alphabet subsidiary's operations, none more so than the disclosure that: "We also design custom chips, including a hardware security chip that is currently being deployed on both servers and peripherals. These chips allow us to securely identify and authenticate legitimate Google devices at the hardware level." That silicon works alongside cryptographic signatures employed "over low-level components like the BIOS, bootloader, kernel, and base operating system image." "These signatures can be validated during each boot or update," the document says, adding that "the components are all Google-controlled, built, and hardened. With each new generation of hardware we strive to continually improve security: for example, depending on the generation of server design, we root the trust of the boot chain in either a lockable firmware chip, a microcontroller running Google-written security code, or the above mentioned Google-designed security chip."
Privacy

Hackers Corrupt Data For Cloud-Based Medical Marijuana System (bostonglobe.com) 138

Long-time Slashdot reader t0qer writes: I'm the IT director at a medical marijuana dispensary. Last week the point of sales system we were using was hacked... What scares me about this breach is, I have about 30,000 patients in my database alone. If this company has 1,000 more customers like me, even half of that is still 15 million people on a list of people that "Smoke pot"...
" No patient, consumer, or client data was ever extracted or viewed," the company's data directory has said. "The forensic analysis proves that. The data was encrypted -- so it couldn't have been viewed -- and it was never extracted, so nobody has it and could attempt decryption." They're saying it was a "targeted" attack meant to corrupt the data rather than retrieve it, and they're "reconstructing historical data" from backups, though their web site adds that their backup sites were also targeted.

"In response to this attack, all client sites have been migrated to a new, more secure environment," the company's CEO announced on YouTube Saturday, adding that "Keeping our client's data secure has always been our top priority." Last week one industry publication had reported that the outage "has sent 1,000 marijuana retailers in 23 states scrambling to handle everything from sales and inventory management to regulatory compliance issues."
Earth

Amazon Still Lags Behind Apple, Google in Greenpeace Renewable Energy Report (greenpeace.org) 84

Amazon's cloud-computing unit says that one day it will rely solely on renewable power. But Greenpeace reports that a ramp-up in data-center construction in Virginia, where electricity comes mostly from coal and nuclear plants, makes that goal elusive. From the report: Apple, Google, Facebook, and newcomer Switch are taking some of the greatest strides towards 100% renewable energy, while companies such as Netflix, Amazon Web Services, and Samsung are lagging. The findings in Greenpeace USA's report outlines the energy footprints of large data center operators and nearly 70 of the most popular websites and applications. "Amazon continues to talk a good game on renewables but is keeping its customers in the dark on its energy decisions. This is concerning, particularly as Amazon expands into markets served by dirty energy," said Greenpeace USA Senior IT Analyst, Gary Cook. "Like Apple, Facebook, and Google, Netflix is one of the biggest drivers of the online world and has a critical say in how it is powered. Netflix must embrace the responsibility to make sure its growth is powered by renewables, not fossil fuels and it must show its leadership here," continued Cook.
IBM

IBM Is First Company To Get 8,000 US Patents In One Year, Breaking Record (silicon.co.uk) 94

Reader Mickeycaskill writes: For the 24th year in a row, IBM received the most patents of any company in the US. But for the first time it got more than 8,000 -- the first firm in any industry to do so. In total, its inventors were granted 8,088 patents in 2016, covering areas as diverse as artificial intelligence (AI), cognitive computing, cloud, health and cyber security.
That's equal to more than 22 patents a day generated by its researchers, engineers and designers, with more than a third of the patents relating to AI, cognitive computing and cloud computing alone. IBM is betting big on cloud and other services, having spun off its hardware units like servers and PCs to Lenovo. The other nine companies in the top ten list of 2016 US patent recipients consist of: Samsung electronics (with 5,518 patents), Canon (3,665), Qualcomm (2,897), Google (2,835), Intel (2,784), LG Electronics (2,428), Microsoft (2,398), Taiwan Semiconductor Manufacturing Co. (2,288) and Sony (2,181).

Red Hat Software

Interviews: Ask Red Hat CEO Jim Whitehurst A Question (redhat.com) 165

Jim Whitehurst joined Red Hat in 2008, as its valuation rose past $10 billion and the company entered the S&P 500. He believes that leaders should engage people, and then provide context for self-organizing, and in 2015 even published The Open Organization: Igniting Passion and Performance (donating all proceeds to the Electronic Frontier Foundation). The book describes a post-bureaucratic world of community-centric companies led with transparency and collaboration, with chapters on igniting passion, building engagement, and choosing meritocracy over democracy.

Jim's argued that Red Hat exemplifies "digital disruption," and recently predicted a world of open source infrastructure running proprietary business software. Fortune has already called Red Hat "one of the geekiest firms in the business," and their open source cloud computing platform OpenStack now competes directly with Amazon Web Services. Red Hat also sponsors the Fedora Project and works with the One Laptop Per Child initiative.

So leave your best questions in the comments. (Ask as many questions as you'd like, but please, one per comment.) We'll pick out the very best questions, and then forward them on for answers from Red Hat CEO Jim Whitehurst.
Businesses

Uber Gives Cities Free Travel-Time Data (usatoday.com) 26

Uber is now "leveraging anonymous GPS information from hundreds of thousands of online Uber vehicles" using a new tool called Uber Movement. An anonymous reader quotes USA Today: Uber is going to make urban traffic and mobility data gleaned from its millions of drivers and riders using the Uber app freely available to all. The data, which shows anonymized travel times between points in cities, will be available on a public website called Uber Movement. Uber says it will first invite planning agencies and researchers to access the information and then make the website free to the public... The San Francisco-based company decided to release the data when it realized it had "this very valuable but untapped resource for understanding a city's transportation infrastructure," said Andrew Salzberg, Uber's head of transportation policy...

Pegged to a transportation conference in DC on Sunday, the release is also likely is a bid to gain some goodwill with cities, with which Uber has often had bare-knuckled fights over regulation... Uber Movement doesn't map individuals rides, but rather segments of rides, focusing on travel time between specific points... The Uber data will give cities a low-cost way to do high-resolution travel time analysis

Boston's chief information officer says the new tool "gives people tools to ask us questions. That's really powerful."
Debian

Linux.com Announces The Best Linux Distros for 2017 (linux.com) 224

Friday Linux.com published their list of "what might well be the best Linux distributions to be found from the ever-expanding crop of possibilities... according to task." Here's their winners (as chosen by Jack Wallen), along with a short excerpt of his analysis.
  • Best distro for sysadmins : Parrot Linux. "Based on Debian and offers nearly every penetration testing tool you could possibly want. You will also find tools for cryptography, cloud, anonymity, digital forensics, programming, and even productivity."
  • Best lightweight distribution: LXLE. "Manages to combine a perfect blend of small footprint with large productivity."
  • Best desktop distribution: Elementary OS "I'm certain Elementary OS Loki will do the impossible and usurp Linux Mint from the coveted 'best desktop distribution' for 2017."
  • Best Linux for IoT: Snappy Ubuntu Core "Can already be found in the likes of various hacker boards (such as the Raspberry Pi) as well as Erle-Copter drones, Dell Edge Gateways, Nextcloud Box, and LimeSDR."
  • Best non-enterprise server distribution: CentOS. "Since 2004, CentOS has enjoyed a massive community-driven support system."
  • Best enterprise server distribution: SUSE. "Don't be surprised if, by the end of 2017, SUSE further chips away at the current Red Hat market share."

Wallen also chose Gentoo for "Best distribution for those with something to prove," saying "This is for those who know Linux better than most and want a distribution built specifically to their needs... a source-based Linux distribution that starts out as a live instance and requires you to then build everything you need from source." And surprisingly, he didn't mention his own favorite Linux distro, Bodhi Linux, which he describes elsewhere as "a melding of Ubuntu and Enlightenment".


Businesses

Microsoft Plans Big Reorganization Of Partner and Services Groups Starting Feb 1 (geekwire.com) 34

Microsoft is planning to consolidate many of its partner and services teams in a reorganization, as well as add a new digital team focused on the cloud. From a report: Microsoft confirmed that the shift will take effect Feb. 1, and the goal is to unify teams across its Worldwide Commercial Business group. Microsoft has been working to break down barriers between teams to better serve partners and customers for years, going back to CEO Steve Ballmer's 2013 One Microsoft plan. Microsoft said in a statement that no layoffs will occur as a direct result of the reorganization, which is being announced internally today. Microsoft added that "like all companies, Microsoft reviews its resources and investments on an ongoing basis." As part of the move, Microsoft says it will bring together its enterprise and partner group and public sector, small and mid-market solutions, and partners teams. A new group called Microsoft Digital will push Microsoft's current customers and partners to use the company's cloud programs.
Google

Department of Labor Sues Google Over Compensation Data (cnn.com) 346

An anonymous reader quotes a report from CNNMoney: The Department of Labor filed a lawsuit against Google on Wednesday to get the Internet company to turn over compensation data on its employees. The data request is part of a routine audit into Google's equal opportunity hiring practices, which is required because of the company's role as a federal contractor. Google provides cloud computing services to various federal agencies and the military. Google is obligated to let the government access records that show its hiring doesn't discriminate based on race, religion, sexual orientation, gender and more. According to the lawsuit, Google has repeatedly refused to provide names, contact information, job history and salary history details that the government has requested for its employees. The Labor Department is now requesting that a judge order all of Google's federal contracts canceled unless it complies with the data request. "Despite many opportunities to produce this information voluntarily, Google has refused to do so," Thomas M. Dowd, acting director for the Office of Federal Contract Compliance Programs, said in a statement. "We filed this lawsuit so we can obtain the information we need to complete our evaluation."
Businesses

Amazon's Robot Workforce Grows By 50 Percent In Just One Year (siliconrepublic.com) 49

Amazon hires a lot of people. But the expansion of its army of orange-wheeled robots is more than keeping pace. An anonymous reader writes: E-commerce and cloud giant Amazon has revealed that it now has 45,000 robots across 20 fulfilment centres around the world. This is a 50 percent increase on the same time last year, when the company said that it employed 30,000 robots alongside its 306,000 people. Amazon uses the robots to automate the picking and packing process at large warehouses. The robots are 16in tall and weigh 145kg. They can travel at 5mph and can carry packages that weigh 317kg. The robots became part of the company's workforce when Amazon acquired Kiva Systems in 2012 for $775m.
IT

CloudFlare Was Hit By Leap Second, Causing Its RRDNS Software To 'Panic' (silicon.co.uk) 119

Reader Mickeycaskill writes: The extra leap second added on to the end of 2016 may not have had an effect on most people, but it did catch out a few web companies who failed to factor it in. Web services and security firm CloudFlare was one such example. A small number of its servers went down at midnight UTC on New Year's Day due to an error in its RRDNS software, a domain name service (DNS) proxy that was written to help scale CloudFlare's DNS infrastructure, which limited web access for some of its customers. As CloudFlare explained, a number went negative in the software when it should have been zero, causing RRDNS to "panic" and affect the DNS resolutions to some websites. The issue was confirmed by the company's engineers at 00:34 UTC on New Year's Day and the fix -- which involved patching the clock source to ensure it normalises if time ever skips backwards -- was rolled out to the majority of the affected data centres by 02:50 UTC. Cloudflare said the outage only hit customers who use CNAME DNS records with its service. Google works around leap seconds with a so-called "smearing" technique -- running clocks slightly slower than usual on its Network Time Protocol servers.
Electronic Frontier Foundation

2016 Saw A Massive Increase In Encrypted Web Traffic (eff.org) 91

EFF's "Deeplinks" blog has published nearly two dozen "2016 in Review" posts over the last nine days, one of which applauds 2016 as "a great year for adoption of HTTPS encryption for secure connections to websites." An anonymous reader writes: In 2016 most pages viewed on the web were encrypted. And over 21 million web sites obtained security certificates -- often for the first time -- through Let's Encrypt. But "a sizeable part of the growth in HTTPS came from very large hosting providers that decided to make HTTPS a default for sites that they host, including OVH, Wordpress.com, Shopify, Tumblr, Squarespace, and many others," EFF writes. Other factors included the support of Transport Layer Security (TLS) 1.3 by Firefox, Chrome, and Opera.
Other "2016 in Review" posts from EFF include Protecting Net Neutrality and the Open Internet and DRM vs. Civil Liberties. Click through for a complete list of all EFF "2016 in Review" posts.
Facebook

Facebook Buys Data From Third-Party Brokers To Fill In User Profiles (ibtimes.com) 116

An anonymous reader quotes a report from International Business Times: According to a report from ProPublica, the world's largest social network knows far more about its users than just what they do online. What Facebook can't glean from a user's activity, it's getting from third-party data brokers. ProPublica found the social network is purchasing additional information including personal income, where a person eats out and how many credit cards they keep. That data all comes separate from the unique identifiers that Facebook generates for its users based on interests and online behavior. A separate investigation by ProPublica in which the publication asked users to report categories of interest Facebook assigned to them generated more than 52,000 attributes. The data Facebook pays for from other brokers to round out user profiles isn't disclosed by the company beyond a note that it gets information "from a few different sources." Those sources, according to ProPublica, come from commercial data brokers who have access to information about people that isn't linked directly to online behavior. The social network doesn't disclose those sources because the information isn't collected by Facebook and is publicly available. Facebook does provide a page in its help center that details how to get removed from the lists held by third-party data brokers. However, the process isn't particularly easy. In the case of the Oracle-owned Datalogix, users who want off the list have to send a written request and a copy of a government-issued identification in the mail to Oracle's chief privacy officer. Another data collecting service, Acxiom, requires users provide the last four digits of their social security number to see the information the company has gathered about them.
AI

Voice Is the Next Big Platform, But Amazon Already Owns It (backchannel.com) 229

Six million homes already have an Amazon device with it Alexa voice assistant -- about 5% of all households. But Backchannel argues that Amazon is already dominating the race to become the operating system for future voice-activated devices, with Forrester tech analyst James McQuivey pointing out that "having microphones in your environment is a lot more convenient than pulling out your phone." The Alexa-enabled Echo is a true unicorn, one of those rare products that arrives every few years and fundamentally changes the way we live... After years of false starts, voice interface will finally creep into the mainstream as more people purchase voice-enabled speakers and other gadgets, and as the tech that powers voice starts to improve.
Despite competition from Google Home, and a rumored "Home Hub" from Microsoft, Amazon "has a two-year jump on its competition, having first introduced the Echo speaker in November 2014," notes the article, adding that Amazon also "opened its platform early to third-party developers." (Alexa now has more than 5,000 "skills".) They argue that Amazon is already winning the war of the operating systems by familiarizing consumers with "a new computing interface -- a voice devoid of a screen -- that will eventually grow to be more ubiquitous and more useful than our smartphones... Soon, you'll speak your wants into the air -- anywhere -- and a woman's warm voice with a mid-Atlantic accent will talk back to you, ready to fulfill your commands."
Microsoft

Is Microsoft 'Reaping the Rewards' From Open-Sourcing Its .NET Core? (infoworld.com) 257

An anonymous reader quote InfoWorld: Two years ago Microsoft did the unthinkable: It declared it would open-source its .NET server-side cloud stack with the introduction of .NET Core... Thus far, the move has paid off. Microsoft has positioned .NET Core as a means for taking .NET beyond Windows. The cross-platform version extends .NET's reach to MacOS and Linux...

Developers are buying in, says Scott Hunter, Microsoft partner director program manager for .NET. "Forty percent of our .NET Core customers are brand-new developers to the platform, which is what we want with .NET Core," Hunter says. "We want to bring new people in." Thanks in considerable part to .NET Core, .NET has seen a 61% uptick in the number of developers engaged with the platform in the past year.

The article includes an interesting quote from Microsoft-watching analyst Rob Sanfilippo. "It could be argued that the technology generates indirect revenue by incenting the use of Azure services or Microsoft developer tools."
Google

Google Joins the Open Source Cloud Foundry Foundation (betanews.com) 6

BrianFagioli quotes a report from BetaNews: Today, Google announces that it has joined the Cloud Foundry Foundation as a gold member. This is yet another example of the search giant's open source focus. Google joins some other respected companies at this membership level, such as Verizon, GE Digital, and Huawei to name a few. For whatever reason, the search giant stopped short of committing as the highest-level platinum member, however. "From the beginning, our goal for Google Cloud Platform has been to build the most open cloud for all developers and businesses alike, and make it easy for them to build and run great software. A big part of this is being an active member of the open source community and working directly with developers where they are, whether they're at an emerging startup or a large enterprise. Today we're pleased to announce that Google has joined the Cloud Foundry Foundation as a Gold member to further our commitment to these goals", says Brian Stevens, Vice President, Google Cloud.
Microsoft

Microsoft Taps Here and TomTom To Expand Into Connected Data (thestack.com) 25

You can't build a good self-driving car without good maps. Microsoft seems to realize this, and it's teaming up with TomTom and Here to ensure the next generation of cars comes with some quality maps. From a report: Integrating the two companies' maps, traffic data and navigation software into Azure, Microsoft hopes to support developers looking to build and manage 'location aware' mobile, web and IoT applications. Speaking of the new deal, TomTom CEO Harold Goddijn noted how location services are rapidly becoming a critical component in a wide range of applications and enterprise-grade solutions. He said that the Microsoft partnership would help to extend the TomTom technology to a wider developer community, over a cloud platform they are already familiar working with. Peggy Johnson, EVP of Business Development at Microsoft added: 'Making TomTom's services available through the Microsoft Azure cloud platform will allow developers and our customers to make location a core part of their cloud-based applications..." Netherlands-based TomTom already supplies location services and real-time traffic data to many global tech companies. Notably, it has partnered with Apple Maps since 2012 and has also held a contract with Uber since the beginning of 2015.
Businesses

Another One Bites the Dust: Cisco Discontinues Its $1B Cloud Initiative as AWS, Azure and Others Expand (geekwire.com) 34

Cisco will abandon its InterCloud cloud-computing offering on March 31 and will move any InterCloud workloads to other, unnamed cloud providers, including "in some cases, public cloud." From a report on GeekWire: Cisco's pull-back from the cloud scene marks the latest example of smaller participants -- many of them hardware-makers -- bailing in the face of huge growth by Amazon Web Services and Microsoft Azure, and to some extent by Google Cloud, IBM and other, smaller public-cloud services. Hewlett-Packard in 2015 abandoned its efforts to be a public-cloud company. Then, Hewlett-Packard Enterprises essentially shut down its much-ballyhooed Helion cloud offering earlier this year. VMware still offers its vCloud Air hybrid-cloud service, though it has agreed to partner with AWS, which it once viewed as its arch-rival for cloud workloads. "We do not expect any material customer issues as a result of this transition," Cisco said in response to a request for comment. "For the last several months, we have been evolving our cloud strategy and our service provider partners are aware of this."
Businesses

IBM Promises To Hire 25,000 Americans As Tech Executives Set To Meet Trump (reuters.com) 244

IBM Chief Executive Ginni Rometty has pledged to "hire about 25,000 professionals in the next four years in the United States" as she and other technology executives prepared to meet with President-elect Donald Trump on Wednesday. Reuters reports: IBM had nearly 378,000 employees at the end of 2015, according to the company's annual report. While the firm does not break out staff numbers by country, a review of government filings suggests IBM's U.S. workforce declined in each of the five years through 2015. When asked why IBM planned to increase its U.S. workforce after those job cuts, company spokesman Ian Colley said in an email that Rometty had laid out the reasons in her USA Today piece. Her article did not acknowledge that IBM had cut its U.S. workforce, although it called on Congress to quickly update the Perkins Career and Technical Education Act that governs federal support for vocational education. "We are hiring because the nature of work is evolving," she said. "As industries from manufacturing to agriculture are reshaped by data science and cloud computing, jobs are being created that demand new skills -- which in turn requires new approaches to education, training and recruiting." She said IBM intended to invest $1 billion in the training and development of U.S. employees over the next four years. Pratt declined to say if that represented an increase over spending in the prior four years.
AMD

Researchers Point Out 'Theoretical' Security Flaws In AMD's Upcoming Zen CPU (bleepingcomputer.com) 57

An anonymous reader writes from a report via BleepingComputer: The security protocol that governs how virtual machines share data on a host system powered by AMD Zen processors has been found to be insecure, at least in theory, according to two German researchers. The technology, called Secure Encrypted Virtualization (SEV), is designed to encrypt parts of the memory shared by different virtual machines on cloud servers. AMD, who plans to ship SEV with its upcoming line of Zen processors, has published the technical documentation for the SEV technology this past April. The German researchers have analyzed the design of SEV, using this public documentation, and said they managed to identify three attack channels, which work, at least in theory.

[In a technical paper released over the past weekend, the researchers described their attacks:] "We show how a malicious hypervisor can force the guest to perform arbitrary read and write operations on protected memory. We describe how to completely disable any SEV memory protection configured by the tenant. We implement a replay attack that uses captured login data to gain access to the target system by solely exploiting resource management features of a hypervisor." AMD is scheduled to ship SEV with the Zen processor line in the first quarter of 2017.

Slashdot Top Deals