News Rundown

EU Lowers Its Privacy Shield | Gestalt IT Rundown: July 22, 2020

The EU Court of Justice invalidates the EU-US Privacy Shield framework, Tom Hollingsworth and Rich Stroffolino discuss the implications for SMBs. Plus Dell confirms its investigating a spinoff for VMware, and Windows 10X gets a lot more boring. All this and the rest of the IT news of the week on the Gestalt IT Rundown!

This week on the Rundown:

Microsoft’s Dataflex

Microsoft launched a new service called Dataflex, designed to let business developers create, deploy, and manage Power Platform apps and chatbots without leaving Microsoft Teams. Its a low code data platform provides relational data storage, rich data types, enterprise grade governance, and one-click deployment, all built on top of the Power Platform’s Common Data Service. Dataflex also comes with some basic AI automation features, supporting category classification, entity extraction, key phrase extraction, language detection, sentiment analysis, and prediction across structured and unstructred data. Essentially the pitch here is your business data is already connected with teams, and assigned to specific rolls and groups, so build the apps where the data lives.

Nokia’s 5G Stands Alone

This week Nokia announced the commercial availability of 5G “standalone” private wireless networking solutions for the enterprise. These devices wouldn’t reply on existing 4G infrastructure, and use 5G for down and uplinks. Currently 3GPP standards have non-stnadalone 5G using 4G for uplinks. Customers can deploy these networks using either Nokia Digital Automation Cloud platform or the Nokia Modular Private Wireless solution. The former is a plug and play option using a small service with the application platform build in, while the latter offers more customization.

No-Log VPNs: Now With Logs!

Earlier this month, security researcher Bob Diachenko and a team at VPNmentor seperately discovered an unsecured Elasticsearch cluster used by seven Hong-Kong-based VPN providers, which included over 1 billion log entries, including IP addresses, VPN server connection info, VPN Session tokens, and plain text passwords. The effected services, UFO VPN, FAST VPN, Free VPN, Super VPN, Flash VPN, Secure VPN, and Rabbit VPN, all share a common entity that provides white-label VPN service, and each claim to not record any user activity. Dianchenko alerted UFO VPN on July 1st, and reached out to UFO’s hosting provider about the data on July 14. The bucket was removed on July 15th, but was available on the search engine Shodan for 18 days. UFO said staffing disruptions due to COVID-19 had impacted its network security, and said the logs were kept for traffic-performance monitoring only.

CISA Windows Patch

July 16 the US Cybersecurity and Infrastructure Agency issued an emergency order giving federal agencies 24 hours to patch Windows servers used for domain name system purposes or apply another mitigation. Others have until July 24. Microsoft issued a patch for a workable Windows Domain Name System server vulnerability on Tuesday. If unpatched it could let attackers execute arbitrary code, intercept network traffic and more. CheckPoint discovered the vulnerability which it calls “SigRed.”

GitHub on Film

On February 2nd, GitHub took a snapshot of all public repositories to create an archive of the projects it hosted. Working with the archivers at Piql, the company wrote 21TB of archives to 186 digital photosensitive archival film reels. These were then transported to Svalbard in Norway, to be stored in a decommissioned coal mine, with the GitHub Arctic Code Vault predicted to last 1000 years.

Dell Exploring VMware Spinoff

After a reports came out a few weeks ago that Dell plans to do… something with VMware, the company announced it is exploring a potential spinoff of VMware at some point after September 2021. Dell currently holds an 81% stake in VMware. If a spinoff does occur, Dell says it will maintain “the mutually beneficial strategic relationship currently in place.” The September 2021 date is purely to avoid a tax hit. We had speculated that investors were motivating a potential spinoff to more clearly show the value of Dell outside of the highly profitable VMware. On a technical level Tom, what benefits are there for either companies to spinoff from each other?

Windows 10X Is Boring

Back in May Microsoft announced Windows 10X, aka Lite/Santorini, would show up first on single-screen devices. ZDNet’s Mary Jo Foley now reports that Microsoft will target business and education devices in Spring 2021 with wider uses and dual screen devices coming in Spring 2022. Foley’s sources also backs up a Windows Central report that the initial release of Windows 10x won’t support running Win32 apps in containers as originally planned and may instead rely on Cloud PC virtualization or Win32 apps. Foley says Microsoft is now aiming Win32 apps on Windows 10 X for 2022. Foley’s sources also say Microsoft is considering changing release rhythm to be Windows 10 X in the spring and Windows 10 just once a year in the autumn.

EU-US Privacy Shield Is Down

Last week the European Court of Justice strck down the EU-US Privacy Shield framework, that governed how US companies handle bulk data collection from European citizens. The court found that the primacy of US survelience law and inadequate ability for EU citizens to register complaints did not meet the standards of EU law. Currently 5,384 companies relied on that frameowkr, and will now have to readjust their privacy policies for European data collection. According to the Computer and Communications Industry Association, 70% of those businesses certified under the framework are SMBs. Many larger companies use shorter “standard contractual clauses,” to govern data collection, and can more easily shift to European based servers. News or Nah here Tom?

The Gestalt IT Rundown is a live weekly look at the IT news of the week. It broadcasts live on YouTube every Wednesday at 12:30pm ET. Be sure to subscribe to Gestalt IT on YouTube for the show each week.

About the author

Rich Stroffolino

Rich has been a tech enthusiast since he first used the speech simulator on a Magnavox Odyssey². Current areas of interest include ZFS, the false hopes of memristors, and the oral history of Transmeta.

Leave a Comment