Somehow Amazon’s Open Source Fork of ElasticSearch Has Succeeded

Long-time open source advocate Matt Asay writes in InfoWorld:

OpenSearch shouldn’t exist. The open source alternative to Elasticsearch started off as Amazon Web Services’ (AWS) answer to getting outflanked by Elastic’s change in Elasticsearch’s license, which was in turn sparked by AWS building a successful Elasticsearch service but contributing little back. In 2019 when AWS launched its then Open Distro for Elasticsearch, I thought its reasons rang hollow and, frankly, sounded sanctimonious. This was, after all, a company that used more open source than it contributed. Two years later, AWS opted to fork Elasticsearch to create OpenSearch, committing to a “long-term investment” in OpenSearch.

I worked at AWS at the time. Privately, I didn’t think it would work.

Rather, I didn’t feel that AWS really understood just how much work was involved in running a successful open source project, and the company would fail to invest the time and resources necessary to make OpenSearch a viable competitor to Elasticsearch. I was wrong. Although OpenSearch has a long way to go before it can credibly claim to have replaced Elasticsearch in the minds and workloads of developers, it has rocketed up the search engine popularity charts, with an increasingly diverse contributor population. In turn, the OpenSearch experience is adding a new tool to AWS’ arsenal of open source strengths….

As part of the AWS OpenSearch team, David Tippett and Eli Fisher laid out a few key indicators of OpenSearch’s success as they gave their 2022 year in review. They topped more than 100 million downloads and gathered 8,760 pull requests from 496 contributors, a number of whom don’t work for AWS. Not stated were other success factors, such as Adobe’s earlier decision to replace Elasticsearch with OpenSearch in its Adobe Commerce suite, or its increasingly open governance with third-party maintainers for the project. Nor did they tout its lightning-fast ascent up the DB-Engines database popularity rankings, hitting the Top 50 databases for the first time.

OpenSearch, in short, is a bonafide open source success story. More surprisingly, it’s an AWS open source success story. For many who have been committed to the “AWS strip mines open source” narrative, such success stories aren’t supposed to exist. Reality bites.
The article notes that OpenSearch’s success “doesn’t seem to be blunting Elastic’s income statement.” But it also points out that Amazon now has many employees actively contributing to open source projects, including PostgreSQL and MariaDB. (Although “If AWS were to turn forking projects into standard operating procedure, that might get uncomfortable.”)

“Fortunately, not only has AWS learned how to build more open source, it has also learned how to partner with open source companies.”

Read more of this story at Slashdot.

Cloudflare CTO Predicts Coding AIs Will Bring More Productivity, Urges ‘Data Fluidity’

Serverless JavaScript is hosted in an edge network or by an HTTP caching service (and only runs when requested), explains Cloudflare. “Developers can write and deploy JavaScript functions that process HTTP requests before they travel all the way to the origin server.”

Their platform for serverless JavaScript will soon have built-in AI features, Cloudflare’s CTO announced today, “so that developers have a rich toolset at their disposal.
A developer platform without AI isn’t going to be much use. It’ll be a bit like a developer platform that can’t do floating point arithmetic, or handle a list of data. We’re going to see every developer platform have AI capability built in because these capabilities will allow developers to make richer experiences for users…

As I look back at 40 years of my programming life, I haven’t been this excited about a new technology… ever. That’s because AI is going to be a pervasive change to how programs get written, who writes programs and how all of us interact with software… I think it’ll make us more productive and make more people programmers.

But in addition, developers on the platform will also be able to train and upload their own models to run on Cloudflare’s global network:
Unlike a database where data might largely be stored and accessed infrequently, AI systems are alive with moving data. To accommodate that, platforms need to stop treating data as something to lock in developers with. Data needs to be free to move from system to system, from platform to platform, without transfer fees, egress or other nonsense. If we want a world of AI, we need a world of data fluidity.

Read more of this story at Slashdot.

Only Cloud Providers Get Security Right. Can IT Vendors Catch Up?

Slashdot reader storagedude writes: If cloud service providers are the only ones who can get security right, will everyone eventually move to the cloud? That’s one of the questions longtime IT systems architect Henry Newman asks in a new article on eSecurity Planet. “The concept of zero trust has been around since 2010, when Forrester Research analyst John Kindervag created the zero trust security model. Yet two years after the devastating Colonial Pipeline attack and strong advocacy from the U.S. government and others, we are still no closer to seeing zero trust architecture widely adopted,” Newman writes. “The only exception, it seems, has been cloud service providers, who boast an enviable record when it comes to cybersecurity, thanks to rigorous security practices like Google’s continuous patching.” “As security breaches continue to happen hourly, sooner or later zero trust requirements are going to be forced upon all organizations, given the impact and cost to society. The Biden Administration is already pushing ambitious cybersecurity legislation, but it’s unlikely to get very far in the current Congress. I am very surprised that the cyber insurance industry has not required zero trust architecture already, but perhaps the $1.4 billion Merck judgment that went against the industry last week will begin to change that.

“The central question is, can any organization implement a full zero trust stack, buy hardware and software from various vendors and put it together, or will we all have to move to cloud service providers (CSPs) to get zero trust security?

“Old arguments that cloud profit margins will eventually make on-premises IT infrastructure seem like the cheaper alternative failed to anticipate an era when security became so difficult that only cloud service providers could get it right.” Cloud service providers have one key advantage when it comes to security, Newman notes: They control, write and build much of their software and hardware stacks.

Newman concludes: “I am somewhat surprised that cloud service providers don’t tout their security advantages more than they do, and I am equally surprised that the commercial off-the-shelf vendors do not band together faster than they have been to work on zero trust. But what surprises me the most is the lack of pressure on everyone to move to zero trust and get a leg or two up on the current attack techniques and make the attack plane much smaller than it is.”

Read more of this story at Slashdot.

Lithium-Ion Battery Fires on Aircraft are Happening ‘Much More Frequently’

As smoke began filling the cabin, an airplane passenger saw sparks and fire bursting from a bag in the seat directly behind her — which turned out to be a “smoky flashing lithium battery, which had begun smoldering in a carry-on bag,” according to CBS News.

The flight crew contained the situation, and “Airport fire trucks met the plane on the runway and everyone evacuated safely.” But a CBS News Investigation “has discovered similar incidents have been happening much more frequently in the skies over the United States.”

The FAA verifies the number of lithium-Ion battery fires jumped more 42% in the last five years. A CBS News analysis of the FAA’s data found that since 2021 there’s been at least one lithium battery incident on a passenger plane somewhere in the U.S., on average, once every week…

Some airlines are taking action to control the growing number of fires. They are using specialized “thermal containment” bags designed for flight crews to use if a lithium battery starts heating up to the point where it’s smoking or burning. Mechanical engineers at the University of Texas at Austin say the bags can effectively contain fire and keep it from spreading, but don’t extinguish it.
In a video accompanying the article, an engineering professor at the university’s Fire Research Group even showed a lithium-ion battery fire that continued burning undewater. “You can’t put it out. It’s a fire within the cell. So, you’ve got fuel, oxygen, heat in the cell, all.” (The article also notes a startup called Pure Lithium is working on a new kind of non-flammable battery using lithium metal cells instead of lithium ion).

Guidelines from America’s Federal Aviation Administration require spare lithium-ion batteries be kept with passengers (and not checked) — and prohibits passengers from bringing onboard damaged or recalled batteries and battery-powered devices.
Thanks to long-time Slashdot reader khb for sharing the article.

Read more of this story at Slashdot.

US Focuses on Invigorating ‘Chiplet’ Production in the US

More than a decade ago engineers at AMD “began toying with a radical idea,” remembers the New York Times. Instead of designing one big microprocessor, they “conceived of creating one from smaller chips that would be packaged tightly together to work like one electronic brain.”

But with “diminishing returns” from Moore’s Law, packaging smaller chips suddenly becomes more important. [Alternate URL here.] As much as 80% of microprocessors will be using these designs by 2027, according to an estimate from the market research firm Yole Group cited by the Times:

The concept, sometimes called chiplets, caught on in a big way, with AMD, Apple, Amazon, Tesla, IBM and Intel introducing such products. Chiplets rapidly gained traction because smaller chips are cheaper to make, while bundles of them can top the performance of any single slice of silicon. The strategy, based on advanced packaging technology, has since become an essential tool to enabling progress in semiconductors. And it represents one of the biggest shifts in years for an industry that drives innovations in fields like artificial intelligence, self-driving cars and military hardware. “Packaging is where the action is going to be,” said Subramanian Iyer, a professor of electrical and computer engineering at the University of California, Los Angeles, who helped pioneer the chiplet concept. “It’s happening because there is actually no other way.”

The catch is that such packaging, like making chips themselves, is overwhelmingly dominated by companies in Asia. Although the United States accounts for around 12 percent of global semiconductor production, American companies provide just 3 percent of chip packaging, according to IPC, a trade association. That issue has now landed chiplets in the middle of U.S. industrial policymaking. The CHIPS Act, a $52 billion subsidy package that passed last summer, was seen as President Biden’s move to reinvigorate domestic chip making by providing money to build more sophisticated factories called “fabs.” But part of it was also aimed at stoking advanced packaging factories in the United States to capture more of that essential process… The Commerce Department is now accepting applications for manufacturing grants from the CHIPS Act, including for chip packaging factories. It is also allocating funding to a research program specifically on advanced packaging…

Some chip packaging companies are moving quickly for the funding. One is Integra Technologies in Wichita, Kan., which announced plans for a $1.8 billion expansion there but said that was contingent on receiving federal subsidies. Amkor Technology, an Arizona packaging service that has most of its operations in Asia, also said it was talking to customers and government officials about a U.S. production presence… Packaging services still need others to supply the substrates that chiplets require to connect to circuit boards and one another… But the United States has no major makers of those substrates, which are primarily produced in Asia and evolved from technologies used in manufacturing circuit boards. Many U.S. companies have also left that business, another worry that industry groups hope will spur federal funding to help board suppliers start making substrates.

In March, Mr. Biden issued a determination that advanced packaging and domestic circuit board production were essential for national security, and announced $50 million in Defense Production Act funding for American and Canadian companies in those fields. Even with such subsidies, assembling all the elements required to reduce U.S. dependence on Asian companies “is a huge challenge,” said Andreas Olofsson, who ran a Defense Department research effort in the field before founding a packaging start-up called Zero ASIC. “You don’t have suppliers. You don’t have a work force. You don’t have equipment. You have to sort of start from scratch.”

Read more of this story at Slashdot.

Millions of Mobile Phones Come Pre-Infected With Malware, Say Researchers

Trend Micro researchers at Black Hat Asia are warning that millions of Android devices worldwide come pre-infected with malicious firmware before the devices leave their factories. “This hardware is mainly cheapo Android mobile devices, though smartwatches, TVs, and other things are caught up in it,” reports The Register. From the report: This insertion of malware began as the price of mobile phone firmware dropped, we’re told. Competition between firmware distributors became so furious that eventually the providers could not charge money for their product. “But of course there’s no free stuff,” said [Trend Micro researcher Fyodor Yarochkin], who explained that, as a result of this cut-throat situation, firmware started to come with an undesirable feature — silent plugins. The team analyzed dozens of firmware images looking for malicious software. They found over 80 different plugins, although many of those were not widely distributed. The plugins that were the most impactful were those that had a business model built around them, were sold on the underground, and marketed in the open on places like Facebook, blogs, and YouTube.

The objective of the malware is to steal info or make money from information collected or delivered. The malware turns the devices into proxies which are used to steal and sell SMS messages, take over social media and online messaging accounts, and used as monetization opportunities via adverts and click fraud. One type of plugin, proxy plugins, allow the criminal to rent out devices for up to around five minutes at a time. For example, those renting the control of the device could acquire data on keystrokes, geographical location, IP address and more. “The user of the proxy will be able to use someone else’s phone for a period of 1200 seconds as an exit node,” said Yarochkin. He also said the team found a Facebook cookie plugin that was used to harvest activity from the Facebook app.

Through telemetry data, the researchers estimated that at least millions of infected devices exist globally, but are centralized in Southeast Asia and Eastern Europe. A statistic self-reported by the criminals themselves, said the researchers, was around 8.9 million. As for where the threats are coming from, the duo wouldn’t say specifically, although the word “China” showed up multiple times in the presentation, including in an origin story related to the development of the dodgy firmware. Yarochkin said the audience should consider where most of the world’s OEMs are located and make their own deductions.

The team confirmed the malware was found in the phones of at least 10 vendors, but that there was possibly around 40 more affected. For those seeking to avoid infected mobile phones, they could go some way of protecting themselves by going high end. That is to say, you’ll find this sort of bad firmware in the cheaper end of the Android ecosystem, and sticking to bigger brands is a good idea though not necessarily a guarantee of safety. “Big brands like Samsung, like Google took care of their supply chain security relatively well, but for threat actors, this is still a very lucrative market,” said Yarochkin.

Read more of this story at Slashdot.

Pure Storage: No More Hard Drives Will Be Sold After 2028

An anonymous reader shares a report: In the latest blast of the HDD vs SSD culture wars, a Pure Storage exec is predicting that no more hard disk drives will be sold after 2028 because of electricity costs and availability, as well as NAND $/TB declines. Shawn Rosemarin, VP R&D within the Customer Engineering unit at Pure, told B&F: “The ultimate trigger here is power. It’s just fundamentally coming down to the cost of electricity.” Not the declining cost of SSDs and Pure’s DFMs dropping below the cost of disks, although that plays a part. In his view: “Hard drive technology is 67 years old. We need to herald this technology that went from five megabytes the size of this room to where we are today. And even the latest HAMR technology, putting a laser on the top of the head in order to heat up the platters, is pretty remarkable … But we’re at the end of that era.”

HDD vendors sing a different tune, of course. Back in 2021, HDD vendor Seagate said the SSD most certainly would not kill disk drives. There’s a VAST vs Infinidat angle to it as well, with the former also stating disk drive IO limitations would cripple the use of larger disk drives in petabyte-scale data stores, with Infidat blasting back that it “must be joking.” Gartner has had a look in too, claiming that enterprise SSDs will hit 35 percent of HDD/SSD exabytes shipped by 2026 – though that would make Rosemarin’s 2028 cutoff unlikely. Pure recently stated SSDs would kill HDDs in a crossover event that would happen “soon.” Rosemarin, meanwhile, continued his argument: “Our CEO in many recent events has quoted that 3 percent of the world’s power is in datacenters. Roughly a third of that is storage. Almost all of that is spinning disk.

So if I can eliminate the spinning disk, and I can move to flash, and I can in essence reduce the power consumption by 80 or 90 percent while moving density by orders of magnitude in an environment where NAND pricing continues to fall, it’s all becoming evident that hard drives go away.” Are high electricity prices set to continue? “I think the UK’s power has gone up almost 5x recently. And here’s the thing … when they go up, they very seldom if ever come down … I’ve been asked many times do I think the cost of electricity will drop over time. And, frankly, while I wish it would and I do think there are technologies like nuclear that could help us over time. I think it’ll take us several years to get there. We’re already seeing countries putting quotas on electricity, and this is a really important one — we’ve already seen major hyperscalers such as one last summer who tried to enter Ireland [and] was told you can’t come here, we don’t have enough power for you. The next logical step from that is OK, so now if you’re a company and I start to say, well, we only have so much power, so I’m gonna give you X amount of kilowatts per X amount of employees, or I’m gonna give you X amount of kilowatts for X amount of revenue that you contribute to the GDP of the country or whatever metric is acceptable.”

Read more of this story at Slashdot.