An anonymous reader quotes a report from CRN: Broadcom has agreed to purchase Symantec's enterprise business in a massive $10.7 billion deal that will break up the world's largest pure-play cybersecurity vendor. The San Jose, Calif.-based semiconductor manufacturer said the monster acquisition is expected to drive $2 billion of revenue and $1.3 billion of EBITDA (earning before interest, taxation, depreciation, and amortization), as well as upwards of $1 billion of cost synergies in the year following close. The Symantec name will be sold to Broadcom as part of the transaction. The deal will bring Symantec's $2.5 billion enterprise unit together with the software capabilities inherited last year through its $19 billion acquisition of CA Technologies. Symantec's enterprise business includes its traditional strength around anti-virus and endpoint protection as well as the cloud security capabilities inherited through the 2016 acquisition of Blue Coat Systems. "Meanwhile, Symantec's consumer business -- which includes its legacy Norton anti-virus capabilities as well as its more recent acquisition of LifeLock -- will become a standalone company," the report adds. "Interim Symantec President and CEO Rick Hill said the remaining consumer business contributed 90 percent of the company's total operating income, and the company expects to be able to continue to grow revenue for its Norton LifeLock business in the mid-single digits going forward."

Advanced Micro Devices on Wednesday released the second generation of its processor chip for data centers and said that it had landed Alphabet's Google and Twitter as customers. From a report: AMD competes against Intel to supply chips for data centers that power internet-based services. Both firms have come to rely on data center chips for growth because personal computer sales have stagnated as users shifted to mobile devices. AMD's newest generation of server chip, called EPYC, uses a new chip-making technology from its contract manufacturers that helps the chips have better performance while consuming less power. Intel, which makes chips in its own factories instead of relying on contractors, is behind schedule delivering chips made with its own newer manufacturing process. It plans to release them next year.

phalse phace writes: Broadcom's on-again, off-again talks to buy Symantec are on again, but this time Broadcom is just interested in Symantec's Enterprise Business.

According to the Wall Street Journal: "Broadcom is nearing a deal to buy Symantec's enterprise business after its attempted purchase of the entire cybersecurity firm fell apart. A deal for the Symantec business could be announced as early as Thursday, when Symantec reports its results, according to people familiar with the matter. The deal could value the Symantec division at around $10 billion, one of the people said. Broadcom had previously been in late-stage discussions to buy all of Symantec before the talks collapsed last month. Since then, the two sides have restarted discussions, with Broadcom zeroing in on the Symantec business that serves businesses and accounts for roughly half its $5 billion in annual revenue. The consumer segment accounts for the rest. The deal would be big for Symantec. Its entire market value is about $12.6 billion -- it has more than $2 billion of net debt -- compared with about $107.6 billion for Broadcom." UPDATE: It's official, Broadcom is acquiring Symantec's Enterprise Business for $10.7 billion.

The last RHEL release, RHEL 7.7, is now available for current Red Hat Enterprise Linux subscribers via the Red Hat Customer Portal. ZDNet reports on what's new: RHEL 7.7's most important updates are support for the latest generation of enterprise hardware and remediation for the recently disclosed ZombieLoad vulnerabilities. The latest RHEL 7 also includes network stack performance enhancements. With this release, you can offload virtual switching operations to network interface card (NIC) hardware. What that means for you is, if you're using virtual switching and network function virtualization (NFV), you'll see better network performance on cloud and container platforms such as Red Hat OpenStack Platform and Red Hat OpenShift.

RHEL 7.7 users can also use Red Hat's new predictive problem shooter: Red Hat Insights. This uses a software-as-a-service (SaaS)-based predictive analytics approach to spot, assess, and mitigate potential problems to their systems before they can cause trouble. For developers, RHEL 7.7 comes with Python 3.6 interpreter, and the pip and setup tools utilities. Previously, Python 3 versions were available only as a part of Red Hat Software Collections. Moving on to the cloud, RHEL 7.7 Red Hat Image Builder is now supported. This feature, which is also in RHEL 8, enables you to easily create custom RHEL system images for cloud and virtualization platforms such as Amazon Web Services (AWS), VMware vSphere, and OpenStack. To help cloud-native developers, RHEL 7.7 includes full support for Red Hat's distributed-container toolkit -- buildah, podman, and skopeo -- on RHEL workstations. After building on the desktop, programmers can use Red Hat Universal Base Image to build, run, and manage containerized applications across the hybrid cloud.

"Firewalls can be notoriously and fiendishly difficult to configure correctly, and often present a target-rich environment for successful attacks," writes long-time Slashdot reader Lauren Weinstein.

"The thing is, firewall vulnerabilities are not headline news -- they're an old story, and better solutions to providing network security already exist." In particular, Google's "BeyondCorp" approach is something that every enterprise involved in computing should make itself familiar with. Right now! BeyondCorp techniques are how Google protects its own internal networks and systems from attack, with enormous success.

In a nutshell, BeyondCorp is a set of practices that effectively puts "zero trust" in the networks themselves, moving access control and other authentication elements to individual devices and users. This eliminates traditional firewalls (and in nearly all instances, VPNs) because there is no longer any need for such devices or systems that, once breached, give an attacker access to internal goodies.

If Capital One had been following BeyondCorp principles, there'd likely be 100+ million fewer potentially panicky people today.

After a developer based in the Crimea region of Ukraine was blocked from GitHub this week, the Microsoft-owned software development platform said it has started restricting accounts in countries facing U.S. trade sanctions. GitHub lists Crimea, Cuba, Iran, North Korea, and Syris as countries facing U.S. sanctions. ZDNet reports: As the developer reports, his website https://tkashkin.tk, which is hosted on GitHub, now returns a 404 error. He also can't create new private GitHub repositories or access them. While his website could easily be moved to another hosting provider, the block does pose a challenge for his work on GameHub, which has an established audience on GitHub.

GitHub does offer developers an appeal form to dispute restrictions but [the developer] told ZDNet that, at this point, there's nothing to gain by appealing the restriction. "It is just pointless. My account is flagged as restricted and, in order to unflag it, I have to provide a proof that I don't live in Crimea. I am in fact a Russian citizen with Crimean registration, I am physically in Crimea, and I am living in Crimea my entire life," he said. "For individual users, who are not otherwise restricted by U.S. economic sanctions, GitHub currently offers limited restricted services to users in these countries and territories. This includes limited access to GitHub public repository services for personal communications only," it says.

GitHub notes on its page about U.S. trade controls that its paid-for on-premise software -- aimed to enterprise users -- may be an option for users in those circumstances. "Users are responsible for ensuring that the content they develop and share on GitHub.com complies with the U.S. export control laws, including the EAR (Export Administration Regulations) and the U.S. International Traffic in Arms Regulations (ITAR)," GitHub says. "The cloud-hosted service offering available at Github.com has not been designed to host data subject to the ITAR and does not currently offer the ability to restrict repository access by country. If you are looking to collaborate on ITAR- or other export-controlled data, we recommend you consider GitHub Enterprise Server, GitHub's on-premises offering."

It's exactly one half century from that moment in time when men first walked on the moon, writes NASA administrator Jim Bridenstine.

"Today, on the golden anniversary of the Apollo 11 moon landing, NASA looks back with heartfelt gratitude for the Apollo generation's trailblazing courage as we -- the Artemis generation -- prepare to take humanity's next giant leap to Mars." The lethargic lull of scientific fatalism afflicted portions of America then as it sometimes does today. There is nothing inevitable about scientific discovery nor is there a predetermined path of cutting-edge innovation. Long hours of arduous study and experimentation are required merely to glimpse a flicker of enlightenment that can lead to greater heights of human achievement...

The Apollo program hastened ground-breaking technological advancements that continue to bestow benefits to modern civilization today. Flame resistant textiles, water purification systems, cordless tools, more effective dialysis machines and improvements to food preservation and medicine are just some of the innovative wonders generated during that era. Furthermore, NASA's utilization of integrated circuits on silicon chips aboard the lunar module's computer unit helped jumpstart the budding computer industry into the massive enterprise it is today. Perhaps the most enduring legacy of the Apollo missions was their ability to inspire young Americans across the country to join science, technology, engineering and math related fields of study...

After more than 50 years, the benefits of human space exploration to humanity are clear. By proud example, the Apollo program taught us we cannot venture aimlessly into the uncharted territory of future discovery merely hoping to happen upon greater advancement. Technological progress is a deliberate choice made by investing in missions that will expand our limits of understanding and capability...

NASA is preparing to use the lunar surface as a proving ground to perfect our scientific and technological knowledge and utilize international partnerships, as well as the growing commercial space industry.

This time when we go back to the moon we are going to stay...

A ransomware attack in New York City's Monroe College has shut down the college's computer systems at campuses located in Manhattan, New Rochelle and St. Lucia. The attackers are seeking 170 bitcoins or approximately $2 million dollars in order to decrypt the entire college's network. Bleeping Computer reports: According to the Daily News, Monroe College was hacked on Wednesday at 6:45 AM and ransomware was installed throughout the college's network. It is not known at this time what ransomware was installed on the system, but it is likely to be Ryuk, IEncrypt, or Sodinokibi, which are known to target enterprise networks. The college has not indicated at this time whether they will be paying the ransom or restoring from backups while gradually bringing their network back online. "The good news is that the college was founded in 1933, so we know how to teach and educate without these tools," Monroe College spokesperson Jackie Ruegger told the Daily News. "Right now we are finding workarounds for our students taking online classes so they have their assignments."

New submitter popcornfan679 shares a report: Through a public record request, Motherboard has obtained a user manual that gives unprecedented insight into Palantir Gotham (Palantir's other services, Palantir Foundry, is an enterprise data platform), which is used by law enforcement agencies like the Northern California Regional Intelligence Center. (Palantir is one of the most significant and secretive companies in big data analysis.) The NCRIC serves around 300 communities in northern California and is what is known as a "fusion center," a Department of Homeland Security intelligence center that aggregates and investigates information from state, local, and federal agencies, as well as some private entities, into large databases that can be searched using software like Palantir. Fusion centers have become a target of civil liberties groups in part because they collect and aggregate data from so many different public and private entities.

The guide doesn't just show how Gotham works. It also shows how police are instructed to use the software. This guide seems to be specifically made by Palantir for the California law enforcement because it includes examples specific to California. We don't know exactly what information is excluded, or what changes have been made since the document was first created. The first eight pages that we received in response to our request is undated, but the remaining twenty-one pages were copyrighted in 2016. (Palantir did not respond to multiple requests for comment.) The Palantir user guide shows that police can start with almost no information about a person of interest and instantly know extremely intimate details about their lives.

Last week, Microsoft quietly published information to its partner web site which made it clear that one of its program's main benefits -- internal use rights (IURs) -- would be axed in July 2020. Since then, Microsoft's been attempting to do damage control, including by holding a webcast that meant to shed more light on the reasoning behind the move. But most partners seem unconvinced about Microsoft's stated reasons, with more than a few saying they might go so far as to quit the partner program as a result. ZDNet: In a 20-minute recorded Ask Me Anything (AMA) entitled "Partner Transformation and Partner Business Investments" recorded on July 10, Microsoft execs talked about the priorities and trade-offs the company is making in regard to its partner program in fiscal 2020 and beyond. More than 230 partners attended the presentation live. (Note: It looks like Microsoft has removed the video of the AMA from YouTube.) Erez Wohl, General Manager of Business Strategy and Partner Investments in the One Commercial Partner organization, told partners that Microsoft "has the richest incentive portfolio in the industry," and that it would spend $400 million more on its partner program in fiscal 2020 (starting July 1, 2019) than it did in the previous year. He and his colleague Toby Richards, General Manager of Go-To-Market & Programs in the Microsoft One Commercial Partner organization, talked up some of the advanced specializations, new commerce capabilities and other new partner benefits that would be coming to the program this year.

But webcast attendees were largely there for one reason: To dispute Microsoft's plan to eliminate internal use rights. Yet Microsoft officials held fast to their stance, saying the company had to make some trade-offs in order to deliver on other priorities, such as making it easier for partners to connect with more users, partners and sellers. [...] For what it's worth, someone I know at Microsoft said Microsoft is currently incurring about $200 million in costs annually (and growing) resulting from its services being used by partners via IUR products. Update Microsoft capitulates and agrees to undo planned partner product-licensing changes.

The Caps Lock, Num Lock, and Scroll Lock LEDs on a keyboard can be used to exfiltrate data from a secure air-gapped system, academics from an Israeli university have proved. From a report: The attack, which they named CTRL-ALT-LED, is nothing that regular users should worry about but is a danger for highly secure environments such as government networks that store top-secret documents or enterprise networks dedicated to storing non-public proprietary information. he attack requires some pre-requisites, such as the malicious actor finding a way to infect an air-gapped system with malware beforehand. CTRL-ALT-LED is only an exfiltration method. But once these prerequisites are met, the malware running on a system can make the LEDs of an USB-connected keyboard blink at rapid speeds, using a custom transmission protocol and modulation scheme to encode the transmitted data. A nearby attacker can record these tiny light flickers, which they can decode at a later point, using the same modulation scheme used to encode it.

Mozilla today launched Firefox 68 for Windows, Mac, Linux, Android, and iOS. Firefox 68 includes a darker reader view, recommended extensions, IT Pro customizations, and more. From a report: As part of this release, Mozilla has curated a list of recommended extensions "that have been thoroughly reviewed for security, usability, and usefulness." You can find the list on the Get Add-ons page in the Firefox Add-ons Manager (about:addons). While Firefox has had dark mode for months, the Reader View's dark contrast only covered the text area. Now, when you change the contrast to dark, all sections of the site (including sidebars and toolbars) will be immersed in dark mode.

With Firefox 60, Mozilla introduced an enterprise version of the browser that employers can customize. This let IT professionals configure Firefox for their organization, either using Group Policy on Windows or a JSON file that works across Windows, Mac, and Linux. With Firefox 68, Mozilla has added more enterprise policies -- to configure or remove the new tab page, turn off search suggestions, and so on.

IBM closed its $34 billion acquisition of Red Hat, the companies announced Tuesday. From a report: The deal was originally announced in October, when the companies said IBM would buy all shares in Red Hat for $190 each in cash. The acquisition of Red Hat, an open-source, enterprise software maker, marks the close of IBM's largest deal ever. It's one of the biggest in U.S. tech history. Excluding the AOL-Time Warner merger, it follows the $67 billion deal between Dell and EMC in 2016 and JDS Uniphase's $41 billion acquisition of optical-component supplier SDL in 2000. Under the deal, Red Hat will now be a unit of IBM's hybrid cloud division, according to the original announcement. The companies said Red Hat's CEO, Jim Whitehurst, would join IBM's senior management team and report to CEO Ginni Rometty. IBM previously said it hoped its acquisition of Red Hat will help it do more work in the cloud, one of its four key growth drivers, which are also social, mobile and analytics. The company lags behind Amazon and Microsoft in the cloud infrastructure business. IBM has seen three consecutive quarters of declining year-over-year revenue. But some analysts are hopeful about the Red Hat deal's opportunity to bring in new business.

A new study from International Data Corporation (IDC) found that of the organizations already using AI, only 25% have developed an "enterprise-wide" AI strategy, and it found that among those in the process of deploying AI, a substantial number of projects are doomed to fail. VentureBeat reports: IDC's Artificial Intelligence Global Adoption Trends & Strategies report, which was published today, summarizes the results of a May 2019 survey of 2,473 organizations using AI solutions in their operations. It chiefly focused on respondents' AI strategy, culture, and implementation challenges, as well as their AI data readiness initiatives and the production deployment trends expected to experience growth in the next two years. Firms blamed the cost of AI solutions, a lack of qualified workers, and biased data as the principal blockers impeding AI adoption internally. Respondents identified skills shortages and unrealistic expectations as the top two reasons for failure, in fact, with a full quarter reporting up to 50% failure rate.

However, that's not to suggest success stories are few in far between. More than 60% of companies reported changes in their business model in association with their AI adoption, and nearly 50% said they'd established a formal framework to encourage the ethical use, potential bias risks, and trust implications of AI, according to IDC. Moreover, 25% report having established a senior management position to ensure adherence.

Slashdot reader stevent1965 writes: The costs of running the International Space Station are a burden for NASA's budget. It has cost over $100 billion to construct and annual operating expenses run between $3 and $4 billion per year, representing a substantial percentage [about half] of NASA's manned space exploration budget. What to do, what to do?

A potential solution is to turn over operations (if not ownership) to private enterprise (Elon, are you listening?) Commercialization of space exploration may be anathema to some, but there is ample precedent for the government ceding control of publicly-funded endeavors to private enterprises. The Internet is the obvious example.

Why not give corporations control of the ISS? Are there drawbacks? Benefits? Which will prevail? Let's hear your opinions.
Sunday NPR noted that a few weeks ago NASA held a press event at Nasdaq's MarketSite to announce and promote "the commercialization of low Earth orbit," with astronaut Christina Koch beaming down a video from space to say that the crew was "so excited" to be a part of NASA "as our home and laboratory in space transitions into being accessible to expanded commercial and marketing opportunities" (as well as to "private astronauts.")

But there are big logistical and financial hurdles. (Even NASA admits to NPR that revenue-generating opportunities first "need to be cultivated by the creative and entrepreneurial private sector.") So leave your own best thoughts in the comments -- the how, why, what if, or why not.

Should the International Space Station go commercial?

"Windows 10 continues to be a danger zone," writes Forbes senior contributor Gordon Kelly: Not only have problems been piling up in recent weeks, Microsoft has also been worryingly deceptive about the operation of key services. And now the company has warned millions about another problem. Spotted by the always excellent Windows Latest, Microsoft has told tens of millions of Windows 10 users that the latest KB4501375 update may break the platform's Remote Access Connection Manager (RASMAN). And this can have serious repercussions.

The big one is VPNs. RASMAN handles how Windows 10 connects to the internet and it is a core background task for VPN services to function normally. Given the astonishing growth in VPN usage for everything from online privacy and important work tasks to unlocking Netflix and YouTube libraries, this has the potential to impact heavily on how you use your computer. Interestingly, in detailing the issue Microsoft states that it only affects Windows 10 1903 - the latest version of the platform.

The problem is Windows 10 1903 accounts for a conservative total of at least 50M users.
Microsoft estimates they'll have a solution available "in late July," adding that the issue only occurs "when a VPN profile is configured as an Always On VPN (AOVPN) connection with or without device tunnel. This does not affect manual only VPN profiles or connections." That support page also offers a work-around which involves configuring the default telemetry settings in either the group policy settings or with a registry value.

UPDATE (7/7/2019): ZDNet is strongly criticizing Forbes' article, arguing that the issue affects only a small number of Windows users, "when the diagnostic data level setting is manually configured to the non-default setting of 0." For those who don't understand how unusual that configuration is, note that it applies only to Windows 10 Enterprise and that it can be set only using Group Policy on corporate networks or by manually editing the registry. You can't accidentally enable this setting. And you can't deliberately set it on a system running Windows 10 Home or Pro, because it is for Enterprise edition only.

One of the scientists who worked on the black hole picture is now pursuing an even more ambitious visualization, this time for the super-massive black hole at the center of our own galaxy.

Long-time Slashdot reader Esther Schindler shares this report from Hewlett Packard Enterprise's Insights blog: Lia Medeiros, a physicist, astrophysicist, and National Science Foundation fellow, is working to put together a movie of sorts of a black hole, using data from the Event Horizon Telescope, a global telescope array that gave scientists the data needed to capture that first black hole image. And she's going to do it using machine learning... Scientists basically will be pitting Einstein's theory of general relativity, which tells us what we know, or think we know, about gravity, against the most powerful gravitational forces in the universe. It's about comparing these new black hole observations with predictions based on our mathematical models of them. And if general relativity doesn't fully hold up at the event horizon, then the theory may need to be rethought.

Her work also could tell us more about how quantum mechanics, which is still quite mysterious to the best physicists, interacts with the theory of gravity... Having a black hole movie could be a scientific game changer because they are one of the only types of objects in the universe that scientists need both theories to explain. Black holes, simply put, live at the intersection of quantum and gravity. Movies of a black hole could give scientists the information they need to see if they behave the way we expect them to, helping them figure out the complicated intersection of two major scientific theories.

The associate director of research at the Electronic Frontier Foundation published a new warning in the Opinion section of the New York Times this week, calling Slack the only unicorn going public this year "that has admitted it is at risk for nation-state attacks" and saying there's a simple way to minimize risk -- that Slack has so far refused to take:

Right now, Slack stores everything you do on its platform by default -- your username and password, every message you've sent, every lunch you've planned and every confidential decision you've made. That data is not end-to-end encrypted, which means Slack can read it, law enforcement can request it, and hackers -- including the nation-state actors highlighted in Slack's S-1 -- can break in and steal it...

Slack's paying enterprise customers do have a way to mitigate their security risk -- they can change their settings to set shorter retention periods and automatically delete old messages -- but it's not just big companies that are at risk... Free customer accounts don't allow for any changes to data retention. Instead, Slack retains all of your messages but makes only the most recent 10,000 visible to you. Everything beyond that 10,000-message limit remains on Slack's servers. So while those messages might seem out of sight and out of mind, they are all still indefinitely available to Slack, law enforcement and third-party hackers...

Slack should give everyone the same privacy protections available to its paying enterprise customers and let all of its users decide for themselves which messages they want to keep and which messages they want to delete. It's undeniably Slack's prerogative to charge for a more advanced product, but making users pay for basic privacy and security protections is the wrong call. It's time for Slack to step up, minimize the amount of sensitive data hanging around on its servers and give all its users retention controls.
The article notes that Slack's stock filings acknowledge that it faces threats from "sophisticated organized crime, nation-state, and nation-state supported actors."

The filings even specifically add that Slack's security measures "may not be sufficient to protect Slack and our internal systems and networks against certain attacks," and that completely eliminating the threat of a nation-state attack would be "virtually impossible."

An anonymous reader quotes a report from The Register: Ahead of its first day in a U.S. federal claims court in Washington DC, Oracle has outlined its position against the Pentagon's award of the Joint Enterprise Defense Infrastructure (JEDI) cloud contract to Amazon Web Services. Big Red's lengthy filing questions the basis of Uncle Sam's procurement procedure as well as Amazon's hiring of senior Department of Defense staff involved in that procurement process. Oracle's first day in court is set for 10 July. The JEDI deal could be worth up to $10 billion over 10 years. The Department of Defense handed the contract to AWS after deciding that only Amazon and Microsoft could meet the minimum security standards required in time.

Oracle's filing said that U.S. "warfighters and taxpayers have a vested interest in obtaining the best services through lawful, competitive means... Instead, DoD (with AWS's help) has delivered a conflict-ridden mess in which hundreds of contractors expressed an interest in JEDI, over 60 responded to requests for information, yet only the two largest global cloud providers can clear the qualification gates." The company said giving JEDI, with its "near constant technology refresh requirements", to just one company was in breach of procurement rules. It accused the DoD of gaming the metrics used in the process to restrict competition for the contract. Oracle also accused Amazon of breaking the rules by hiring two senior DoD staff, Deap Ubhi and Anthony DeMartino, who were involved in the JEDI procurement process. Ubhi is described as "lead PM." A third name is redacted in the publicly released filing. The DoD, which is expected to make an offer to settle the case in late August, said in a statement: "We anticipate a court decision prior to that time. The DoD will comply with the court's decision. While the acquisition and litigation processes are proceeding independently the JEDI implementation will be subject to the determination of the court."

The 50-page filing can be found here (PDF).

An anonymous reader shares a report: Three and a half years ago, Mark Russinovich, Azure CTO, Microsoft's cloud, said, "One in four [Azure] instances are Linux." Next, in 2017, Microsoft revealed that 40% of Azure virtual machines (VM) were Linux-based. Then in the fall of 2018, Scott Guthrie, Microsoft's executive VP of the cloud and enterprise group, told me in an exclusive interview, "About half Azure VMs are Linux". Now, Sasha Levin, Microsoft Linux kernel developer, in a request that Microsoft be allowed to join a Linux security list, revealed that "the Linux usage on our cloud has surpassed Windows." Shocking you say? Not really. Linux is largely what runs enterprise computing both on in-house servers and on the cloud. Windows Server has been declining for years. In the most recent IDC Worldwide Operating Systems and Subsystems Market Shares report covering 2017, Linux had 68% of the market. Its share has only increased since then.