Microsoft: Linux Is the Top Operating System on Azure Today

Azure used to be a cloud platform dedicated to Windows. Now, it’s the most widely used operating system on Microsoft Azure. The New Stack’s Joab Jackson writes: These days, Microsoft expends considerable effort that Linux runs as smoothly as possible on Azure, according to a talk given earlier this year at the Linux Foundation Open Source Summit given by two Microsoft Azure Linux Platforms Group program managers, Jack Aboutboul, and Krum Kashan. “Linux is the #1 operating system in Azure today,” Aboutoul said. And all must be supported in a way that Microsoft users have come to expects. Hence, the need for the Microsoft’s Linux Platforms Group, which provides support Linux to both the internal customers and to Azure customers. These days, the duo of engineers explained, Microsoft knows about as much as anyone about how to operate Linux at hyperscale. […]

As of today, there are hundreds of Azure and Azure-based services running on Linux, including the Azure Kubernetes Service (AKS), OpenAI, HDInsight, and many of the other database services. “A lot of the infrastructure powering everything else is running on Linux,” Aboutoul said. “They’re different flavors of Linux running all over the place,” Aboutoul said. To run these services, Microsoft maintains its own kernel, Azure Linux, and in 2023 the company released its own version of Linux, Azure Linux. But Azure Linux is just a small portion of all the other flavors of Linux running on Azure, all of which Microsoft must work with to support.

Overall, there are about 20,000 third-party Software as a Service (SaaS) packages in the Azure marketplace that rely on some Linux distribution. And when things go wrong, it is the Azure service engineers who get the help tickets. The company keeps a set of endorsed Linux distributions, which include Red Hat Enterprise Linux, Debian, Flatcar, Suse, Canonical, and Oracle Linux and CentOS (as managed by OpenLogic, not Red Hat). […] Overall, the company gets about 1,000 images a month from these endorsed partners alone. Many of the distributions have multiple images (Suse has a regular one, and another one for high-performance computing, for instance).

Read more of this story at Slashdot.

Could We Lower The Carbon Footprint of Data Centers By Launching Them Into Space?

The Wall Street Journal reports that a European initiative studying the feasibility data centers in space “has found that the project could be economically viable” — while reducing the data center’s carbon footprint.

And they add that according to coordinator Thales Alenia Space, the project “could also generate a return on investment of several billion euros between now and 2050.”

The study — dubbed Ascend, short for Advanced Space Cloud for European Net zero emission and Data sovereignty — was funded by the European Union and sought to compare the environmental impacts of space-based and Earth-based data centers, the company said. Moving forward, the company plans to consolidate and optimize its results. Space data centers would be powered by solar energy outside the Earth’s atmosphere, aiming to contribute to the European Union’s goal of achieving carbon neutrality by 2050, the project coordinator said… Space data centers wouldn’t require water to cool them, the company said.
The 16-month study came to a “very encouraging” conclusion, project manager Damien Dumestier told CNBC. With some caveats…

The facilities that the study explored launching into space would orbit at an altitude of around 1,400 kilometers (869.9 miles) — about three times the altitude of the International Space Station. Dumestier explained that ASCEND would aim to deploy 13 space data center building blocks with a total capacity of 10 megawatts in 2036, in order to achieve the starting point for cloud service commercialization… The study found that, in order to significantly reduce CO2 emissions, a new type of launcher that is 10 times less emissive would need to be developed. ArianeGroup, one of the 12 companies participating in the study, is working to speed up the development of such reusable and eco-friendly launchers. The target is to have the first eco-launcher ready by 2035 and then to allow for 15 years of deployment in order to have the huge capacity required to make the project feasible, said Dumestier…

Michael Winterson, managing director of the European Data Centre Association, acknowledges that a space data center would benefit from increased efficiency from solar power without the interruption of weather patterns — but the center would require significant amounts of rocket fuel to keep it in orbit. Winterson estimates that even a small 1 megawatt center in low earth orbit would need around 280,000 kilograms of rocket fuel per year at a cost of around $140 million in 2030 — a calculation based on a significant decrease in launch costs, which has yet to take place. “There will be specialist services that will be suited to this idea, but it will in no way be a market replacement,” said Winterson. “Applications that might be well served would be very specific, such as military/surveillance, broadcasting, telecommunications and financial trading services. All other services would not competitively run from space,” he added in emailed comments.

[Merima Dzanic, head of strategy and operations at the Danish Data Center Industry Association] also signaled some skepticism around security risks, noting, “Space is being increasingly politicised and weaponized amongst the different countries. So obviously, there is a security implications on what type of data you send out there.”

Its not the only study looking at the potential of orbital data centers, notes CNBC. “Microsoft, which has previously trialed the use of a subsea data center that was positioned 117 feet deep on the seafloor, is collaborating with companies such as Loft Orbital to explore the challenges in executing AI and computing in space.”

The article also points out that the total global electricity consumption from data centers could exceed 1,000 terawatt-hours in 2026. “That’s roughly equivalent to the electricity consumption of Japan, according to the International Energy Agency.”

Read more of this story at Slashdot.

WSJ: Broadcom’s VMware Overhaul ‘Draws Attention of CIOs’

The Wall Street Journal reports:

Moves by Broadcom to shore up its $69 billion VMware acquisition, completed in November, include a streamlining of product bundles and new billing models — efforts in line with the chip giant’s past acquisitions, but not necessarily welcomed by all of VMware’s customers… Broadcom has also recently laid off at least hundreds of VMware workers, disclosures from the Worker Adjustment and Retraining Notification show….

VMware has approximately 330,000 customers, according to the company. Chief information officers say they are closely monitoring what comes next.

“Any CIO that’s not taking stock of what they have and mentally considering alternatives and monitoring what else is out there is probably not doing their job,” said Jay Ferro, executive vice president and chief information, technology and product officer at clinical research data-management company Clario. All these changes, plus past remarks by Broadcom that its go-to-market strategy is to focus completely on the needs and priorities of its top 600 customers, has left some CIOs rethinking the relationship. Price increases and degrading levels of support are among their biggest concerns. “I’m not one of their top, probably 600 customers, so they’ve been very clear to me where I fit in that pecking order,” said Todd Florence, CIO of trucking company Estes Express Lines. Florence said he’s started looking into alternatives. “It certainly doesn’t make you feel good, like you’re going to get lots of support going forward….”

Goya Foods CIO Suvajit Basu said he is thinking about how to reduce the food company’s reliance on VMware as the sole and longtime dominant provider of virtualization for the data center. “They’re going to increase their prices or change their licensing so the customer pays more,” he said. “And I think this is starting to hit us right now….” Forrester estimates that in 2024, 20% of VMware customers will begin the process of exiting VMware in favor of alternatives.

On the other hand, a group VP at market researcher IDC tells the Journal that on the upside, now VMware and Broadcom will have to engage more actively with customers on the value of new produces included in their bundles…

Read more of this story at Slashdot.

Only Cloud Providers Get Security Right. Can IT Vendors Catch Up?

Slashdot reader storagedude writes: If cloud service providers are the only ones who can get security right, will everyone eventually move to the cloud? That’s one of the questions longtime IT systems architect Henry Newman asks in a new article on eSecurity Planet. “The concept of zero trust has been around since 2010, when Forrester Research analyst John Kindervag created the zero trust security model. Yet two years after the devastating Colonial Pipeline attack and strong advocacy from the U.S. government and others, we are still no closer to seeing zero trust architecture widely adopted,” Newman writes. “The only exception, it seems, has been cloud service providers, who boast an enviable record when it comes to cybersecurity, thanks to rigorous security practices like Google’s continuous patching.” “As security breaches continue to happen hourly, sooner or later zero trust requirements are going to be forced upon all organizations, given the impact and cost to society. The Biden Administration is already pushing ambitious cybersecurity legislation, but it’s unlikely to get very far in the current Congress. I am very surprised that the cyber insurance industry has not required zero trust architecture already, but perhaps the $1.4 billion Merck judgment that went against the industry last week will begin to change that.

“The central question is, can any organization implement a full zero trust stack, buy hardware and software from various vendors and put it together, or will we all have to move to cloud service providers (CSPs) to get zero trust security?

“Old arguments that cloud profit margins will eventually make on-premises IT infrastructure seem like the cheaper alternative failed to anticipate an era when security became so difficult that only cloud service providers could get it right.” Cloud service providers have one key advantage when it comes to security, Newman notes: They control, write and build much of their software and hardware stacks.

Newman concludes: “I am somewhat surprised that cloud service providers don’t tout their security advantages more than they do, and I am equally surprised that the commercial off-the-shelf vendors do not band together faster than they have been to work on zero trust. But what surprises me the most is the lack of pressure on everyone to move to zero trust and get a leg or two up on the current attack techniques and make the attack plane much smaller than it is.”

Read more of this story at Slashdot.

Cloud Profits May Be Slowing at Microsoft and Amazon

“Once-booming demand for cloud-computing services is slowing…” reports Bloomberg. “When Microsoft and Amazon report results next week, analysts are anticipating the slowest revenue growth for their cloud-computing businesses since the firms started breaking out performance last decade.”

For years, demand for cloud-computing services has steadily driven growth at both Microsoft and Amazon… Microsoft’s Intelligent Cloud unit, which is home to its Azure cloud-services business, accounted for 38% of its revenue and 39% of operating income in 2022. Amazon Web Services was the fastest-growing of the Seattle-based company’s major businesses last year and generated $22.8 billion in operating income. The rest of Amazon’s businesses combined posted a $10.6 billion operating loss.

For both companies, cracks are starting to appear. In the first three months of 2023, growth for Microsoft’s Azure unit and Amazon Web Services is expected to fall to 31% and 14%, respectively, excluding currency fluctuations, according to the average of analyst estimates compiled by Bloomberg. A year ago, Azure sales expanded 49% and Amazon Web Services 37%.

In a shareholder letter released last week, Amazon said AWS “faces short-term head winds” related to the economic backdrop that will “soften” the growth rate. This echoed what it said in its most recent results. Microsoft also warned of a slowdown in cloud software sales last quarter. Wall Street has been getting more cautious. UBS lowered growth estimates for Azure last week, warning “customer efforts to optimize/trim their cloud spend will be deeper and last longer than most think….” Jefferies [financial services company] sees slowing cloud demand as “a key concern” for Amazon. Analyst Brent Thill said that because AWS generates so much of Amazon’s operating income, “a stabilization in cloud is crucial for shares to outperform.”

For Alec Young, chief investment strategist at MAPsignals, Microsoft and Amazon remain attractive despite the slowdown, which he expects to be a temporary pause before growth re-accelerates. “There’s still a lot of runway ahead for cloud computing, so I don’t think investors should obsess too much over the level of growth over a couple quarters,” he said.

Read more of this story at Slashdot.

Arlo’s Security Cameras Will Keep Free Cloud Storage For Existing Customers After All

Security camera company Arlo is reversing course on its controversial decision to apply a retroactive end-of-life policy to many of its popular home security cameras. The Verge reports: On Friday, Arlo CEO Matthew McRae posted a thread on Twitter, announcing that the company will not remove free storage of videos for existing customers and that it is extending the EOL dates for older cameras a further year to 2025. He also committed to sending security updates to these cameras until 2026. The end-of-life policy was due to go into effect January 1st, 2023, and removed a big selling point — seven-day free cloud storage — for many Arlo cams. McRae now says all users with the seven-day storage service will “continue to receive that service uninterrupted.” But he did note that “any future migrations will be handled in a seamless manner,” indicating there are changes coming still.

The thread did not provide details on specific models other than using the Arlo Pro 2 as an example of a camera that will now EOL in 2025 instead of 2024, as previously announced, with security updates continuing until 2026. There was also no update on the plans to remove other features, such as email notifications and E911 emergency calling, or whether “legacy video storage” will remain. The EOL policy applied to the following devices: Arlo Gen 3, Arlo Pro, Arlo Baby, Arlo Pro 2, Arlo Q, Arlo Q Plus, Arlo Lights, and Arlo Audio Doorbell.

Read more of this story at Slashdot.

LastPass: Hackers Stole Customer Vault Data In Cloud Storage Breach

LastPass revealed today that attackers stole customer vault data after breaching its cloud storage earlier this year using information stolen during an August 2022 incident. BleepingComputer reports: This follows a previous update issued last month when the company’s CEO, Karim Toubba, only said that the threat actor gained access to “certain elements” of customer information. Today, Toubba added that the cloud storage service is used by LastPass to store archived backups of production data. The attacker gained access to Lastpass’ cloud storage using “cloud storage access key and dual storage container decryption keys” stolen from its developer environment.

“The threat actor copied information from backup that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service,” Toubba said today. “The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data.”

Fortunately, the encrypted data is secured with 256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user’s master password. According to Toubba, the master password is never known to LastPass, it is not stored on Lastpass’ systems, and LastPass does not maintain it. Customers were also warned that the attackers might try to brute force their master passwords to gain access to the stolen encrypted vault data. However, this would be very difficult and time-consuming if you’ve been following password best practices recommended by LastPass. If you do, “it would take millions of years to guess your master password using generally-available password-cracking technology,” Toubba added. “Your sensitive vault data, such as usernames and passwords, secure notes, attachments, and form-fill fields, remain safely encrypted based on LastPass’ Zero Knowledge architecture.”

Read more of this story at Slashdot.