Tech News of the Week for 3/5/2024 [MTG030]

Posted on Tuesday, Mar 5, 2024 | Series: Moar Tech Garbage
NIST double security with version 2.0, Fifteen Year Path to Profitability for Nutanix, White House declares war on C and C++, and more!

Transcript

[00:00:01.450] Announcer: Welcome to Tech news of the Week with your host that critical patch bundle that you’re totally going to get installed next week.

[00:00:09.730] Ned: Welcome to terrestrial news on the weekend. This is our weekly tech news podcast where we go over four stories that caught our eye. Chris, why don’t you kick us off. With something about NIST?

[00:00:23.650] Chris: Something about NIST th oh, sorry, I thought we were doing the repeat game. NIST releases cybersecurity Framework 2.0 now with double the security.Get it?

[00:00:36.520] Chris: Because it’s 2.0 and the last one was 1.0. So, like, when you take the one and you multiply it by two, you get two, which is. That’s twice as many.

[00:00:49.810] Chris: Jokes are always better if you explain them. I think Gallagher said that. Anyway, the cybersecurity framework, or CSF as the cool kids call it, is a model framework for companies to build a cybersecurity program around. The 1.0 version came out all the way back in 2014, which makes it approximately 1000 years old in the Internet age for comparison.

[00:01:17.620] Chris: Rick rolling only started in 2007, but I bet you thought it happened in the Clinton administration.

[00:01:24.890] Chris: The CSF was designed to help, quote, critical infrastructure in five key areas around defense of cyberattacks. Those areas were identify, protect, detect, respond, and recover.

[00:01:42.130] Chris: Now, this 2.0 update expands the reach beyond just critical infrastructure to all business and government realms, including brand new sections devoted to small businesses.

[00:01:54.150] Chris: This 2.0 also adds the govern pillar to the original five, highlighting the boring but essential role policy plays in keeping it resources secured. NIST also released a swath of free online resources to help implement the CSF, which will be a great boon to many companies looking to improve their security posture. The new goal of the CSF, according to NIST director Laurie Lamasquillo, took a shot at it is, quote, not just about the one document, it is about a suite of resources that can be customized and used individually or in combination over time as an organization’s cybersecurity needs change and its capabilities evolve unquote. And did I mention free?

[00:02:39.570] Chris: In conclusion, just click the link Leonard. You need to read this stuff.

[00:02:45.190] Ned: 15 year path to profitability for Nutanix hyperconverged. Software vendor Nutanix has published a net profit with their Q2 2024 results. This is the first time in their 15 year history that they’ve been profitable.

[00:03:03.590] Chris: Yay. We did it.

[00:03:06.360] Ned: That’s not to say that they haven’t had decent revenues over the years, but they’ve never quite been able to spend less than they bring in. Must be all those booth babes on Ferris wheels.

[00:03:18.010] Chris: I am not clicking that link. I don’t want to get on another list.

[00:03:22.130] Ned: One of many reasons that I’ve never really liked Nutanix as a company.

[00:03:26.930] Ned: Although their CEO, Rajiv Ramaswami, didn’t directly say it, the blockbuster quarter was certainly fueled by the absorption of VMware by Broadcom and the co commitment price hikes that followed.

[00:03:41.130] Ned: I would expect the tailwinds of the acquisition to continue to fill the sails of many VMware competitors, including Nutanix, Scale Computing, and Red Hat.

[00:03:50.820] Ned: Nutanix also has a partnership with Cisco’s Hyperflex HCI, which makes me wonder how soon an acquisition might be coming for Nutanix by Cisco. That was on my prediction sheet, after all.

[00:04:02.910] Ned: And finally, having a profitable quarter might just be the sign to Cisco or other possible suitors that it’s time to put a ring on it.

[00:04:11.490] Chris: The White House declares war on C and C++ yep, you heard me. What a world we live in.

[00:04:22.210] Chris: We go from the release of CSF 2.0, an unambiguously good thing, to Biden’s White House saying that C and C++ are bad because cybersecurity dumb thing. TLDR, ostensibly, the reason for this announcement is because of de facto security concerns that these bedrock languages have, particularly around buffer overflows (everybody drink) and memory management. Now I’m going to leave jokes about Biden and memory to the side. If you like unfunny things, you can always go back to Twitter. The idea here is simple.

[00:05:01.780] Chris: The way C and C handle data in memory is not secure. There are other languages that do it securely. You should use those languages to quote the document itself. Programmers writing lines of code do not do so without consequence. The way they do their work is of critical importance to the national interest. In order to reduce memory safety vulnerabilities at scale, creators of software and hardware can use secure building blocks of cyberspace unquote ignoring the fact that that sentence sounded like it was written by AI. The report does not name the languages which should be used, instead, of course says that they should just be quote memory safe.

[00:05:43.310] Chris: This, I guess, ignores the fact that it is totally possible to write memory safe C and C++ code. So I don’t know. I get that being secure, especially in programming, means taking sometimes some not so obvious routes, but this whole thing really has a warning do not drink sticker on the Draino bottle vibe to it.

[00:06:05.670] Chris: To me, one would have hoped that everyone knew this already, but I suppose there is always a small percentage that don’t. And if you’re one of them, just use rust.

[00:06:16.820] Ned: I guess. Why not?

[00:06:19.240] Chris: But don’t tell Bjorn you’re doing it. That dude gets real mad when you talk shit about C++.

[00:06:27.850] Ned: I didn’t even get into it on the main show up and coming, but that was one of the recommendations of the secure by design was to use memory safe languages, and they specifically called out C and C++ as being insecure. Fun.

[00:06:43.090] Ned: New Zealand is Gaslit on leap day. Self service gas pumps in New Zealand suddenly stopped being able to process credit card transactions on Thursday.

[00:06:51.930] Ned: The cause? Leap day. Apparently the code running on the Invenco supplied terminals was unable to properly handle the date and just stop processing credit card transactions. Other forms of payment continued to work and it appears that the issue was constrained to only Invenco terminals in New Zealand.

[00:07:13.370] Ned: Worldline, who supplied the original code for the credit card processing, reported that all their other customers had no issues, so it would appear to be something specific to Invenco’s implementation.

[00:07:25.800] Ned: The outage lasted for about 10 hours until a software fix could be rolled out to resolve the issue. Let’s hope the patch remembers to also account for leap hours, leap minutes, and leap seconds, all of which are real things, because our solar system is a random collection of unplanned matter and physics slowly sliding into inevitable entropy. Also, time is a flat circle.

[00:07:47.740] Chris: I mean, I’ve been saying this for years. Leap day only comes around once every four years, right? It should just be a holiday.

[00:07:56.740] Ned: Yes.

[00:07:57.520] Chris: So that’s what the gas pumps were doing.

[00:08:00.160] Chris: They were trying to help us out.

[00:08:01.900] Ned: They were on holiday. All right, that’s it. We’re done. Goodbye, everybody. Go away.

Show Notes

Moar Tech Garbage

Episode: 030 Published: 3/5/2024

Tech News of the Week for 3/5/2024

NIST double security with version 2.0, Fifteen Year Path to Profitability for Nutanix, White House declares war on C and C++, and more!

Intro and outro music by Ned Bellavance copyright 2022

Hosts

Chris Hayner

Chris Hayner (He/Him)

Our story starts with a young Chris growing up in the agrarian community of Central New Jersey. Son of an eccentric sheep herder, Chris’ early life was that of toil and misery. When he wasn’t pressing cheese for his father’s failing upscale Fromage emporium, he languished on a meager diet of Dinty Moore and boiled socks. His teenage years introduced new wrinkles in an already beleaguered existence with the arrival of an Atari 2600. While at first it seemed a blessed distraction from milking ornery sheep, Chris fell victim to an obsession with achieving the perfect Pitfall game. Hours spent in the grips of Indiana Jones-esque adventure warped poor Chris’ mind and brought him to the maw of madness. It was at that moment he met our hero, Ned Bellavance, who shepherded him along a path of freedom out of his feverish, vine-filled hellscape. To this day Chris is haunted by visions of alligator jaws snapping shut, but with the help of Ned, he freed himself from the confines of Atari obsession to become a somewhat productive member of society. You can find Chris at coin operated laundromats, lecturing ironing boards for being itinerant. And as the cohost on the Chaos Lever podcast.

Ned Bellavance

Ned Bellavance (He/Him)

Ned is an industry veteran with piercing blue eyes, an indomitable spirit, and the thick hair of someone half his age. He is the founder and sole employee of the ludicrously successful Ned in the Cloud LLC, which has rocked the tech world with its meteoric rise in power and prestige. You can find Ned and his company at the most lavish and exclusive tech events, or at least in theory you could, since you wouldn’t actually be allowed into such hallowed circles. When Ned isn’t sailing on his 500 ft. yacht with Sir Richard Branson or volunteering at a local youth steeplechase charity, you can find him doing charity work of another kind, cohosting the Chaos Lever podcast with Chris Hayner. Really, he’s doing Chris a huge favor by even showing up. You should feel grateful Chris. Oaths of fealty, acts of contrition, and tokens of appreciation may be sent via carrier pigeon to his palatial estate on the Isle of Man.