An anonymous reader quotes a report from The Register: In a Monday post, Broadcom CEO Hock Tan restated his belief that VMware's portfolio was too complex, and too poorly integrated, for the virtualization giant to represent true competition for hyperscale clouds. Broadcom's injection of R&D cash, he insisted, will see VMware's flagship Cloud Foundation suite evolve to become more powerful and easy to operate. He also admitted that customers aren't enjoying the ride. "As we roll out this strategy, we continue to learn from our customers on how best to prepare them for success by ensuring they always have the transition time and support they need," he wrote. "In particular, the subscription pricing model does involve a change in the timing of customers' expenditures and the balance of those expenditures between capital and operating spending." Customers also told Tan that "fast-moving change may require more time, so we have given support extensions to many customers who came up for renewal while these changes were rolling out." That's one of the changes -- Broadcom has previously not publicly suggested such extensions would be possible. "We have always been and remain ready to work with our customers on their specific concerns," Tan wrote. The other change is providing some ongoing security patches for VMware customers who persist with their perpetual licenses instead of shifting to Broadcom's subs. "We are announcing free access to zero-day security patches for supported versions of vSphere, and we'll add other VMware products over time," Tan wrote, describing the measure as aimed at ensuring that customers "whose maintenance and support contracts have expired and choose to not continue on one of our subscription offerings." The change means such customers "are able to use perpetual licenses in a safe and secure fashion."

Read more of this story at Slashdot.

Broadcom Throws VMware Customers On Perpetual Licenses a Lifeline

In discovering malicious code that endangered global networks in open-source software, Andres Freund exposed our reliance on insecure, volunteer-maintained tech

On Good Friday, a Microsoft engineer named Andres Freund noticed something peculiar. He was using a software tool called SSH for securely logging into remote computers on the internet, but the interactions with the distant machines were significantly slower than usual. So he did some digging and found malicious code embedded in a software package called XZ Utils that was running on his machine. This is a critical utility for compressing (and decompressing) data running on the Linux operating system, the OS that powers the vast majority of publicly accessible internet servers across the world. Which means that every such machine is running XZ Utils.

Freund’s digging revealed that the malicious code had arrived in his machine via two recent updates to XZ Utils, and he alerted the Open Source Security list to reveal that those updates were the result of someone intentionally planting a backdoor in the compression software. It was what is called a “supply-chain attack” (like the catastrophic SolarWinds one of 2020 ) – where malicious software is not directly injected into targeted machines, but distributed by infecting the regular software updates to which all computer users are wearily accustomed. If you want to get malware out there, infecting the supply chain is the smart way to do it.

Continue reading...

Read 19 remaining paragraphs | Comments

Exclusive: Whistleblower raised concerns about security of in-branch coin-counter software

The Bank of England is examining claims that the high street lender Metro Bank allegedly put customers’ data at risk by misusing software at the centre of a long-running legal dispute.

Last month, the central bank’s whistleblowing team was contacted by a person raising concerns about the integrity and security of software used to connect Metro Bank’s in-branch coin-counters – known as Magic Money Machines – to customer accounts.

Continue reading...

An investigation has revealed soaring numbers of unsolved vehicle crimes, with some inquiries into car thefts closed within 24 hours

Police failed to catch any criminals who stole a car in more than 100 neighbourhoods across England and Wales last year, analysis by the Observer has revealed.

A further 558 neighbourhoods with an average of at least one vehicle crime a week saw less than 2% solved, with a suspect caught and charged, according to figures published on data.police.uk , a site for open data on crime and policing.

Continue reading...

Lyle Smith reports via StorageReview.com: Proxmox has introduced a new import wizard for Proxmox Virtual Environment (VE), aiming to simplify the migration process for importing VMware ESXi VMs. This new feature comes at an important time in the industry, as it aims to ease the transition for these organizations looking to move away from VMware's vSphere due to high renewal costs. The new import wizard is integrated into Proxmox VE's existing storage plugin system, allowing for direct integration into the platform's API and web-based user interface. It offers users the ability to import VMware ESXi VMs in their entirety, translating most of the original VM's configuration settings to Proxmox VE's configuration model (all while minimizing downtime). Currently, the import wizard is in a technical preview state, having been added during the Proxmox VE 8.2 development cycle. Although it is still under active development, early reports suggest the wizard is stable and holds considerable promise for future enhancements, including the planned addition of support for other import sources like OVF/OVA files. [...] This tool represents Proxmox's commitment to providing accessible, open-source virtualization solutions. By leveraging the official ESXi API and implementing a user space filesystem with optimized read-ahead caching in Rust (a safe, fast, and modern programming language ideal for system-level tasks), Proxmox aims to ensure that this new feature can be integrated smoothly into its broader ecosystem.

Read more of this story at Slashdot.

Proxmox Import Wizard Makes for Easy VMware VM Migrations

Steven J. Vaughan-Nichols, writing for ComputerWorld: Essentially, all software is built using open source. By Synopsys' count, 96% of all codebases contain open-source software. Lately, though, there's been a very disturbing trend. A company will make its program using open source, make millions from it, and then -- and only then -- switch licenses, leaving their contributors, customers, and partners in the lurch as they try to grab billions. I'm sick of it. The latest IT melodrama baddie is Redis. Its program, which goes by the same name, is an extremely popular in-memory database. (Unless you're a developer, chances are you've never heard of it.) One recent valuation shows Redis to be worth about $2 billion -- even without an AI play! That, anyone can understand. What did it do? To quote Redis: "Beginning today, all future versions of Redis will be released with source-available licenses. Starting with Redis 7.4, Redis will be dual-licensed under the Redis Source Available License (RSALv2) and Server Side Public License (SSPLv1). Consequently, Redis will no longer be distributed under the three-clause Berkeley Software Distribution (BSD)." For those of you who aren't open-source licensing experts, this means developers can no longer use Redis' code. Sure, they can look at it, but they can't export, borrow from, or touch it. Redis pulled this same kind of trick in 2018 with some of its subsidiary code. Now it's done so with the company's crown jewels. Redis is far from the only company to make such a move. Last year, HashiCorp dumped its main program Terraform's Mozilla Public License (MPL) for the Business Source License (BSL) 1.1. Here, the name of the new license game is to prevent anyone from competing with Terraform. Would it surprise you to learn that not long after this, HashiCorp started shopping itself around for a buyer? Before this latest round of license changes, MongoDB and Elastic made similar shifts. Again, you might never have heard of these companies or their programs, but each is worth, at a minimum, hundreds of millions of dollars. And, while you might not know it, if your company uses cloud services behind the scenes, chances are you're using one or more of their programs,

Read more of this story at Slashdot.

'Software Vendors Dump Open Source, Go For the Cash Grab'

Read 14 remaining paragraphs | Comments

‘Britain’s Bill Gates’ could spend up to 25 years in jail if convicted of fraud in the 2011 sale of Autonomy to Hewlett-Packard

Mike Lynch, the technology tycoon, once dubbed Britain’s Bill Gates, has spent the past 10 months in San Francisco, with a GPS bracelet strapped to his ankle and two armed guards monitoring him around the clock. This week he heads to court to face a long, hard fight for his freedom.

It’s been 13 years since one of Silicon Valley’s most storied companies bought Lynch’s business in a blockbuster takeover that seemed to confirm his image as one of the UK’s most brilliant technologists. Now that deal is at the center of a criminal fraud trial. If convicted, Lynch could spend up to 25 years in jail.

Continue reading...