The big story this week is the continued fallout from Salt Typhoon. The US government is feeling the heat from the expsoure of so many telecom companies and they want answers. FCC Chairwoman Jessica Rosenworcel has announced a proposed set of rules that would require companies that participate in the Communications Assistance for Law Enforcement Act (CALEA) to have a yearly requirement to certify their cybersecurity risk management plans to prevent hackers from getting in. Senator Ron Wyden of Oregon has gone even further and proposed a draft bill to secure telecom networks with the FCC implementing specific requirements instead of simple certifications.
Apple Podcasts | Spotify | Overcast | Amazon Music | Audio | YouTube
1:21 – StormForge Rightsizes JVMs
StormForge has introduced a new feature for optimizing Java Virtual Machine (JVM) workloads on Kubernetes, focusing on rightsizing these workloads by leveraging JVM-specific metrics. Traditional tools often only consider container-level memory usage, but StormForge’s solution uses machine learning to analyze detailed Java metrics, including heap size requirements. This provides precise recommendations for heap sizing and Kubernetes resource allocations. The platform supports both manual and automated implementation of these recommendations, aiming to enhance resource efficiency, reduce costs, and optimize performance. Currently, this feature is available in limited access, with interested users invited to sign up.
Read More: StormForge Expands Rightsizing Capabilities With JVM Workload Optimization
4:11 – Cisco Switches Vulnerable to Verification Exploit
Cisco NX-OS has a new bug that you need to be aware of. The vulnerability could allow an attacker with physical access to the switch to bypass image signature verification for the operating system. The exploit does require physical access in order to bypass the bootloader because it is in the switch BIOS before the OS loads. Security patches have been released and upgrading is necessary to prevent the bug as no workarounds exist.
Read More: Hundreds of Cisco Switches impacted by Bootloader Flaw
7:29 – VMware by Broadcom Welcomes Partners Back to the Top
VMware by Broadcom has reveresed course on a decision to cut out partners for major accounts. The news comes as Broadcom announced that instead of taking the largest 2,000 customers direct they will instead only be taking the 500 biggest buyers private and will allow channel partners the opportunity to collaborate on deals with the remaining 1,500. The move is seen as a way to stem the flow of companies that are moving away from VMware solutions when license renewals come up by having local resources in partners that can leverage their relationships. While none of the largest VARs in the US have released any statements about the switch the community is generaly skeptical of this announcement and worried what might happen if Broadcom changes their mind again.
Read More: VMware by Broadcom Welcomes Partners Back to the Top
11:16 – Google Stabilizes Quantum Qubit for an Hour
Google released a paper this week that showed how far quantum computing has come in the past few years. The company was able to increase the number of hardware quantum bits, or qubits, dedicated to error correction in order to create a 105-qubit cluster that was stable for over an hour. Given the the life of the average qubit is less than a second under most condititions this feat was incredibly important. For more on what this means for the future of quantum computing let’s turn it over to our expert colleague, Dr. Bob Sutor.
Read More: Google gets an error-corrected quantum bit to be stable for an hour
16:49 – Open Source Flooded by Bad AI Bug Reports
The use of LLMs and GenAI in security is on the rise. However, one area that is seeing some pushback is in bug reporting. Security developers from the Python Software Foundation and the Curl project have noted a signifcant increase in the amount of bug reports that have been generated by AI tools. These reports look valid on the surface and take time to process, usually leading to no action being taken because they are hallucinations. The Curl mantainer specifically has said that he’s frustrated that people are using AI to send in bogus reports and clogging the system to the point where volunteer members are overwhelmed and may seek to stop helping the project.
Read More: Open Source Flooded by Bad AI Bug Reports
21:52 – Salt Typhoon Storms the Government
The big story this week is the continued fallout from Salt Typhoon. The US government is feeling the heat from the expsoure of so many telecom companies and they want answers. FCC Chairwoman Jessica Rosenworcel has announced a proposed set of rules that would require companies that participate in the Communications Assistance for Law Enforcement Act (CALEA) to have a yearly requirement to certify their cybersecurity risk management plans to prevent hackers from getting in. Senator Ron Wyden of Oregon has gone even further and proposed a draft bill to secure telecom networks with the FCC implementing specific requirements instead of simple certifications.
Read More: Salt Typhoon forces FCC’s hand on making telcos secure their networks
Read More: US Senator announces new bill to secure telecom companies in wake of Chinese hacks
The Weeks Ahead:
AI Field Day 6 – January 29 – 30
Cisco Live EMEA 2025 – February 9 – 14
Cloud Field Day 22 – February 19 – 20
Networking Field Day 37 – March 19 – 20
Gestalt IT and Tech Field Day are now part of The Futurum Group.
The Gestalt IT Rundown is your look at the IT news of the week. Be sure to subscribe to Gestalt IT on YouTube for even more weekly video content.
