Marcel Brown:  October 21st, 1879. Thomas Edison perfects the first commercially practical incandescent light bulb using a filament of carbonized cotton thread. Edison’s successful design came only after he had tested over 6, 000 different vegetable fibers.

Edwin Kwan: Security researchers have discovered that IT administrators are using weak passwords to protect access to portals, providing easy access to attackers to enterprise networks. An analysis of over 1.8 million administrator accounts found that over 40,000 were using the password “admin”.

Hillary Coover: X’s Community Notes, originally designed to crowdsource fact-checking and combat disinformation, is facing scrutiny because of the vulnerabilities and ineffectiveness uncovered in a WIRED investigation. This investigation revealed that the tool may be manipulated by external groups and lacks transparency.

Olimpiu Pop: There is a lot of noise around open source. Legislation, growing cyber threats, weaponizing open source, and others. Should we put a lid on it? That’s something the HashiCorp CEO thinks. In August, the company changed the license to a closed sourced one, and last week, during the HashiConf, he underlined that the direction he took is a direction to success.

Shannon Lietz: The challenge that really came out of this is HashiCorp has had a pretty rocket fueled life, if you will. They’ve looked out and realized that they’ve put Terraform out there for a very long time. Any company who creates something has the right to fork and end their investment. All they’re saying is we’re no longer going to invest in the constant creation of this open source software.

 

The Stories Behind the Cybersecurity Headlines

 

Edwin Kwan
Top Password Used By IT Admins is ‘admin’

The password “admin” has been found to be the top password used by IT administrators.

This is Edwin Kwan from Sydney, Australia.

Security researchers have discovered that IT administrators are using weak passwords to protect access to portals, providing easy access to attackers to enterprise networks. An analysis of over 1.8 million administrator accounts found that over 40, 000 were using the password “admin”. This is the default password for most devices, systems, and applications. It is intended only for use during the initial setup and should be changed once the device is configured.

There’s been recent legislation in the UK and California banning the use of default passwords, so hopefully, we will see a decline in its usage.

The other top passwords used by IT administrators are 123456, 12345678, 1234, Password for capital P, 123, 12345, Admin123 for capital A, 123456789 and adminisp.

To address the issue IT administrators should avoid using default passwords and instead. create unique, long, strong passwords for each account, especially for accounts that have access to sensitive resources.

Resources
– Outpost 24: https://outpost24.com/blog/it-admins-weak-password-use/
– Dark Reading: https://www.darkreading.com/application-security/the-most-popular-it-admin-password-is-totally-depressing
– Bleeping Computer: https://www.bleepingcomputer.com/news/security/over-40-000-admin-portal-accounts-use-admin-as-a-password/

 

Hillary Coover
Is X’s Anti-Disinformation Tool Backfiring

Is X’s anti-disinformation tool backfiring?

Hi, this is Hillary Coover in Washington, D. C.

X’s Community Notes, originally designed to crowdsource fact-checking and combat disinformation, is facing scrutiny because of the vulnerabilities and ineffectiveness uncovered in a WIRED investigation. This investigation revealed that the tool may be manipulated by external groups and lacks transparency. Some X employees even claim that Community Notes actually exacerbates the disinformation problem.

But what’s the real risk of disinformation? Disinformation is the deliberate spread of false or misleading information, causing confusion, eroding trust, and distorting the truth, often with the intent to deceive or manipulate. It undermines informed decision-making and public trust.

A study by MIT researchers found that users often fact-check content aligning with their political views, prioritizing political content over other types. This raises concerns about the ability to debunk misinformation, especially in complex situations.

Former Twitter Trust and Safety Head, Yoel Roth, noted that Birdwatch, the predecessor to Community Notes, was meant to complement, not replace, other methods of misinformation and disinformation control. When X eliminated its curation team, worries about effective disinformation enforcement arose.

Community Notes may not fully replace the role of trust and safety staff. Despite X’s claims, the tool itself can sometimes actually spread mis and disinformation, as seen in the case involving Donald Trump Jr. ‘s video about the Hamas attack on Israel.

For more, check out 505updates.com for links to the original WIRED story.

Resources
– Wired: https://www.wired.com/story/x-community-notes-disinformation/

 

Marcel Brown
This Day, October 20-21, in Tech History

This is Marcel Brown with your technology history for October 20th and 21st.

October 20th, 1906. Dr. Lee DeForest announces his 3 element electrical vacuum tube, later known as a triode. The triode was able to produce a large voltage amplifying effect, which when used to amplify weak signals, will make long distance communication possible for the first time.

October 21st, 1879. Thomas Edison perfects the first commercially practical incandescent light bulb using a filament of carbonized cotton thread. His first attempt at this design results in a bulb that lasts about 13. 5 hours before burning out. He later extends the life of the bulb to 40 hours.

Edison’s successful design came only after he had tested over 6, 000 different vegetable fibers during a span of over 18 months, running 1, 200 experiments, and spending $40, 000.

That’s your technology history for this week. For more, tune in next week and visit my website, ThisDayInTechHistory.com.

Resources
– https://thisdayintechhistory.com/09/20

 

This is Mark Miller, Executive Producer of It’s 5:05. In today’s Point-of-View Friday segment, we have Olimpiu Pop and Shannon Lietz taking opposing sides on the Hashicorp fork of Terraform and what that means for open source.

 

Olimpiu Pop
Is Open Source Reaching EOL? Maybe, according to Hashicorp

When I first managed the platform engineering department a couple of years back, I learned that HashiCorp was the solution to any problem. Whenever something went sideways, they recommended that we move towards HashiCorp. I bet some of my platform engineering colleagues named their kids Vault, Nomad, or Terraform.

And why wouldn’t they? The open source products were trendy, had a huge community behind them, and even a listed company. What could you ask for more? Stability is the first thing that pops into my mind.

Open source accelerated innovation and would improve cybersecurity if you paid more attention to what we download. And we should, given that 96 percent of software being operated uses open source libraries and components.

There is a lot of noise around open source. Legislation, growing cyber threats, weaponizing open source, and others. Should we put a lid on it? That’s something the HashiCorp CEO thinks.

In August, the company changed the license to a closed sourced one, and last week, during the HashiConf, he underlined that the direction he took is a direction to success.

Looking at the falling stock price, I wouldn’t say so. In the end, it’s about directions, decisions. I never thought I would say this, but Microsoft The Darth Vader of the early millenials embraced open source. GitHub, the haven of many open source projects, is now part of Microsoft and has extended its free offering.

So, I think, I will not panic when thinking about HashiCorp’s vision of an open source free Silicon Valley. 505updates. com is where you can find your daily dose of cybersecurity and open source bite sized news. Olimpiu Pop, reported from Transylvania, Romania.

Resources
– Hashicorp: https://www.hashicorp.com/blog/hashicorp-adopts-business-source-license
– The Stack: https://www.thestack.technology/hashicorp-ceo-predicts-oss-free-silicon-valley-unless-the-open-source-model-evolves/
– The Register: https://www.theregister.com/2023/10/19/hashicorp_ceo_license_changes/

 

Shannon Lietz
Is Hashicorp’s Move a Win, Lose, or Draw

What’s really interesting about the HashiCorp situation is effectively what HashiCorp did is they forked their own open source and decided that their investment is going to basically be to fuel their benefit of the future.

This is Shannon Lietz reporting from San Diego, California.

The challenge that really came out of this is HashiCorp has had a pretty rocket fueled life, if you will. They’ve gone from pretty small peanuts to really big company and what they have at their helm is a company that has shareholders. Ultimately that means that what they do, what they invest in is to support the interests of their shareholders, their customers.

They’ve looked out and realized that they’ve put Terraform out there for a very long time. What’s happening in the market is they’re getting, disruption, and actually they’re fueling their own disruption That’s the part of the mix that we really all have to understand.

Any company who creates something has the right to fork and end their investment. All they’re saying is we’re no longer going to invest in the constant creation of this open source software. Effectively what’s happening is now anybody who wants to continue evolving at the rate and speed of HashiCorp, is going to have to invest in either the existing Terraform or they’re going to have to fork it and create a new one. And we saw that. We saw that with the Linux Foundation and OpenTofu. Now OpenTofu is out there. There is a ability for the community to continue Terraform, but in a different form.

There’s definitely been a lot of challenge to this, but I think as we move forward, it does actually fuel the competition that creates innovation, and to me, that is going to maybe even lift and raise all boats.

I’m pro creator. So that’s a little bit of my bias, but in this case I don’t really see any losers. I think the challenge is HashiCorp has pulled back its investment, its intellectual capabilities to add to this product. That means that folks are going to have to come up to speed. But there’s some amazing programmers out there. It’s not like we won’t see more being drawn to this open source.

In fact, I think quite the opposite. We may see greater amounts of competition. So the win lose draw I don’t think there’s a draw right now. I don’t think this gets to a stalemate situation. Right now I feel like HashiCorp is trying to win. They were losing, I think, and that’s why they decided to make some changes and to fork their own repo with a business license that’s going to be more friendly to their environment.

I do think over time, we’ll see this play out, and I could be wrong, there may be a long term loser, and it actually could be one or multiple of these companies that see that, or even the foundation itself realizes that there’s so much effort to be put in. But where I see it, there’s the possibility of more winners than losers right now.

This is Shannon Leitz evaluating how we win, lose or draw.

Resources
– The Stack: https://www.thestack.technology/hashicorp-ceo-predicts-oss-free-silicon-valley-unless-the-open-source-model-evolves/