News Rundown

GitHub Acquires npm | Gestalt IT Rundown: March 18, 2020

March 18, 2020
Add Comment
by Rich Stroffolino

GitHub acquires npm to better secure the open source software supply chain, FireEye sees human triggered ransomware increase over 800%, a wormable SMB flaw is published, and Amazon might use the Linux Foundation’s Dent project to open source cashierless tech. All this and more on this week’s Gestalt IT Rundown. Rich Stroffolino and Tom Hollingsworth break down the IT news of the week.

This week on the Rundown:

GitHub Mobile

Github released their iOS and Android apps out of beta. The app allows developers to swipe to finish tasks or save notifications for later, respond to comments on a project, as well as merge and mark pull requests. The iOS beta was just released in November, so the full release happened pretty fast.

Return of the JEDI

The US Department of Defense is now asking a judge in the U.S. Court of Federal Claims to allow it to reconsider parts of its $10 billion JEDI cloud infrastructure contract. The filing says it will focus on reviewing pricing, specifically re-evaluate parts of the bidders’ price proposals and online marketplaces.

Bill Gates Leaves Microsoft Board

Microsoft announced that co-founder and former CEO Bill Gates is stepping down from its Board of Directors. Gates plans to spend more time on philanthropic activities, and will continue to serve as Technology Advisor to CEO Satya Nadella. He served as Microsoft CEO until 2000, board chairman from 2000 to 2014, and stepped away from day to day operations in 2008.

Atlassian Jira Automation

Atlassian rolled out new no-code automation features for all Jira Cloud users. This appears to be based on the Automation for Jira tool the company acquired when it bought Code Barrel a few months ago. The new features will let customer automatically task, or send high priority notifications, using a drag and drop policy and workflow tool, think IFTTT for Jira. This also integrates with third-party integration like Gitlab, GitHub, CircleCI, Jenkins, MS Teams, Slack, and Twilio.

Amazon Dent

In December, Amazon announced it would contribute code to a new networking operating system designed for switches called Dent, a project maintained by the Linux Foundation. Now the Wall Street Journal reports that Amazon plans to use Dent to open source parts of its “Just Walk Out” cashierless technology, according to sources. Amazon also reportedly met with Target and Walmart to discuss the technology, but neither has plans to test the technology currently.

Ransomware Strikes in the Night

According to a new report by FireEye, 76% of enterprise ransomware attacks occur outside of working hours, with 49% occuring overnight and 27% over the weekend, with an average of three days from when a network is compromised to actually launching the attack. This study looked specifically at human-operated attacks, which don’t just trigger automatically when breaching a network. Since 2017, Fireeye says human-operated attacks increased 860%. More sophisticated ransomware seems to be a theme in the last 6 months.

GitHub Acquires npm

GitHub signed an agreement to acquire npm, the prominent JavaScript package manager. The company committed to making sure npm remains freely available, and promises to invest in registry infrastructure development, working with the open source community to improve the core experience, and to stay engaged with the community. Paying customers will continue to be supported. According to GitHub head Nat Friedman, the move was made to help ensure the continued security of the open source software supply chain.

SMBv3 Exploit

Microsoft released an emergency patch to fix a flaw in the Server Message block protocol, which could allow for specially crafted packets to execute code on client or server machines with “wormable” attacks that would allow it to spread quickly. The flaw was limited to SMBv3.1.1, and only effected 32- and 64-bit Windows 10 versions 1903 and 1909. Microsoft recommends Windows 10 machines update as soon as possible. If unable to patch right away, Microsoft recommends turning off SMB compression and blocking port 445 as a mitigation.

The Gestalt IT Rundown is a live weekly look at the IT news of the week. It broadcasts live on YouTube every Wednesday at 12:30pm ET. Be sure to subscribe to Gestalt IT on YouTube for the show each week.

About the author

Rich Stroffolino

Rich has been a tech enthusiast since he first used the speech simulator on a Magnavox Odyssey². Current areas of interest include ZFS, the false hopes of memristors, and the oral history of Transmeta.

View all posts

Leave a Comment