FOXTROT/ALFA: Red Hat Doesn’t Participate in IBM Culture, Musk Calls Stay at Home Rules “Fascist”, Boeing Cuts 10% of Its Workforce
Hello, everyone! This is issue 111 of FOXTROT/ALFA for Thursday, 30 April 2020. I’m very sorry to have left you hanging unexpectedly yesterday but I simply didn’t have the time to write a newsletter. It was a very busy day and I was busy literally until the last ten minutes of the day recording and releasing a podcast episode. I’m back today, though. Here’s the news from the last two days.
Adobe Security Updates
It’s time to patch. Isn’t it always?
hose who rely on Adobe Illustrator version 24.0.2 for Windows, or earlier builds, will want to make sure they install APSB20-20, the latest round of security fixes for the drawing tool. “This update resolves critical vulnerabilities that could lead to arbitrary code execution in the context of current user,” Adobe says of the patch.
While the Illustrator fixes are going to be the more important of the patches, just due to the size of the user base, those running Adobe Bridge (a file management tool described as “Media Asset Management”) will also want to look for APSB 20-19, an update that addresses a whopping 17 CVE-listed vulnerabilities. Users will be able to get the Bridge fixes by updating their copies of Creative Cloud on both Windows and macOS machines. Those flaws range from buffer and heap overflow errors to memory corruption bugs, out of bounds read and write errors, and use-after-free() vulnerabilities. Fourteen of the 17 flaws can be exploited to achieve remote code execution. The other three would lead to information disclosure.
Salt Vulnerabilities
Running the server config tool Salt? You better check if you’ve gotten an update recently. Otherwise, it’s possible for bad guys to execute commands as root from the web.
The Salt configuration tool has patched two vulnerabilities whose combined effect was to expose Salt installations to complete control by an attacker. A patch for the issues was released last night, but systems that are not set to auto-update may still be vulnerable. The vulnerabilities were discovered by security company F-Secure and assigned CVE numbers CVE-2020-11651 and CVE-2020-11652. They are patched in Salt 3000.2 and, for the previous stable release, 2019.2.4. Older releases will have to be fixed manually.
Salt is a tool from SaltStack which has both commercial and open source editions. It lets you define system components and applications in text as a “salt state” and then apply them to remote systems in a data centre or on a public cloud.
Google Now Legally a Publisher (in Australia)
Australia is all about going hard after Google these days…
An Australian court has declared that Google is a “publisher” and awarded an aggrieved lawyer £20,000 after searches on his name returned criminal allegations from his past. Today the Australian state of Victoria’s highest court ruled that Google was legally liable for publishing an excerpt from a 2004 report in its search results pages.
George Defteros, described as having represented numerous gangland figures in criminal trials, sued the adtech monolith in the Victoria Supreme Court. Google searches for his name returned a news story by local newspaper The Age, reporting that in 2004 he had been charged with conspiracy to murder. The charges were dropped in 2005 and an exonerated Defteros continued his legal career.
Google has had a torrid time while claiming not to be responsible for search results on its webpages. Earlier this month, French authorities told it to start paying news organisations for publishing snippets of stories, on the grounds that Google’s practices were “likely to constitute an abuse of a dominant position.” Back Down Under, the Aussie federal government made a similar demand – and went one step further by asking Google to also reveal details of its search ranking algorithms, the company’s secret sauce. That echoes a recent London High Court ruling telling the American firm to either withdraw key evidence from a lawsuit or let an SEO expert read those same algorithms.
Red Hat CEO: “We Don’t Participate in IBM Culture”
Well, you certainly can’t blame Red Hat’s new CEO for not being feisty enough.
Red Hat’s new CEO is feeling confident. It’s a pretty good time to be the head of a company whose entire business is virtual: virtual machines, hybrid cloud, operating system support, Kubernetes containers. These are boom times.
If there’s a downside for Paul Cormier, it’s that after nearly 20 years with the company he wasn’t able to celebrate taking the top job on stage in front of his staff at Red Hat’s annual summit this week. Instead, he’s communicating via webcam from his home office; the conference has gone online-only mid-pandemic. But, just as with the world outside, there is a lot of flux within Red Hat. Cormier took over from Jim Whitehurst on April 6; Whitehurst is now president of IBM following Big Blue’s purchase of Red Hat for $34bn, a deal completed in July.
IBM also got a new CEO this month, Arvind Krishna, and the first thing he did was tell the world that the tech behemoth’s main focus from now on would be the hybrid cloud; the very department and technology Cormier sits atop. And so the culture clash between the buttoned-up, bureaucratic Big Blue that lives on consultancies, services, and hardware, and the employee-empowered Red Hat that moves fast and thrives on open-source software – a clash many have warned about since IBM’s purchase was announced in October 2018 – looks as though it is about to hit fast-forward.
Cormier’s position, however, is that there is no culture clash because: We don’t participate in their culture. It’s that simple.
LOL. I mean… you can say that, yeah. But at the end of the day, IBM bought you. Which means they are now your boss. Which means you have to do what they say. We’ve heard very similar talk from the heads of companies that got acquired in the past. And when push comes to shove, it’s always just words. You’ve sold your freedom. IBM owns you now. You’ll better get used to that.
Musk Calls California’s Shelter in Place “Fascist”
If you’d told me a few months ago that one day I’d be agreeing with Elon Musk, I’d have laughed at you. But… I kinda agree with Elon Musk on this one…
Musk commented on California’s shelter-in-place order during Tesla’s earnings call, saying Tesla is worried about production at its Bay Area car factory, where the electric vehicle manufacturer builds the majority of its vehicles. He likened the coronavirus restrictions implemented by the state to “forcibly imprisoning people in their homes.”
“It’s breaking people’s freedoms in ways that are horrible and wrong and not why they came to America or built this country,” Musk said.
“If somebody wants to stay in their house that’s great, they should be allowed to stay in their house, they should not be compelled to leave, but to say that they cannot leave their house and they will be arrested if they do, this is fascist,” Musk added. “This is not Democratic. This is not freedom. Give people back their goddamn freedom.”
Webex Maker Cisco Ordered to Use Zoom for Court Video Conference
Cisco has had a video conferencing solution for ages. It’s called Webex. In fact, the guy who started Zoom used to be an engineer on Webex. So this story must be one of the worst insults you could conceive if you work for Cisco.
A judge has ordered Cisco to use arch-rival Zoom rather than its own video-conference offering Webex to virtually attend a patent-infringement trial. Virginia District Court Judge Henry Morgan this month dismissed Switchzilla’s request to appear via its own software for a bench trial due to start May 6. Physical courtroom hearings have been abandoned in the US state due to the COVID-19 coronavirus outbreak, with proceedings held via Zoom.
The judge rejected Cisco’s arguments that Zoom posed a security threat to Cisco by risking exposure of commercially confidential material to the wider world.
Boeing Layoffs
To say that Boeing has been hit hard recently would be a major understatement. In light of that, it may even be surprising that they’re only laying off 10% of their employees amid the COVID-19(84) scare.
Boeing released its financial results for the first quarter of 2020, and as one might expect for a company that manufactures aircraft amid the COVID-19 pandemic, the numbers were not good. The company reported revenues of $16.9 billion, down from $22.9 billion in the first quarter of 2019, and Boeing’s operating cash flow was a negative $4.3 billion. Boeing officials attributed the losses to the dual whammy of the effects of the global pandemic and the 737 Max aircraft grounding after two fatal accidents. US passenger volumes are down 95 percent compared to this time in 2019.
Boeing has also taken other “aggressive” steps to ensure its financial stability, Calhoun said, including drawing down on loans, suspending dividend payments, ending share repurchasing, and deferring spending. Significantly, Calhoun said Boeing will reduce its workforce of 160,000 people by 10 percent through layoffs and attrition by the end of 2020. Cuts will be deeper in its commercial airlines division and less so in defense and space, where the company’s financial numbers were less dire. The company’s stock value rose Wednesday after the announcement.
Also Noteworthy
A number of other stories I also read today:
- Couchbase goes cuckoo for Kubernetes with v2.0 release of Autonomous Operator
- Assassin’s Creed Valhalla burns down England in today’s debut trailer
- Academics demand answers from NHS over potential data timebomb ticking inside new UK contact-tracing app
- Resistance is futile: Some Cisco security appliances are ticking time bombs of fail thanks to faulty resistors
- Half of Americans won’t trust contact-tracing apps, new poll finds
- Spelunky 2 is now expected to launch this year
This is an archived issue of my daily newsletter FOXTROT/ALFA. You can find more information about it, including how to subscribe via email, on this page.