CloudLinux announced as part of its TuxCare security services the launch of QEMUCare Live Patching Service for Linux systems running as virtualization hosts through QEMU, the open source emulator and hardware virtualization platform.
“Patching virtualization host systems is a challenge faced by IT security and operations teams because of the impact on performance and availability for the virtual machines running on those systems,” said Jim Jackson, president and chief revenue officer, CloudLinux. “Also, it’s very easy to accidentally disrupt a running virtual machine, and the whole process is very complex to orchestrate properly across multiple systems. At the same time, it is fairly urgent to apply security patches as soon as possible to be safe from exploits.”
QEMUCare eliminates the complexity of the process, by removing the need for migrating virtual machines away from the systems being updated. This saves considerable time and makes bandwidth available to update the whole infrastructure. Also, security updates are deployed almost immediately as they are made available, reducing the system exposure time to security vulnerabilities.
QEMUCare Live Patching operates through a similar mechanism to other TuxCare live patching services, like KernelCare Enterprise and LibraryCare, where updates are applied without any disruption to the running processes. Virtual machines running on the updated systems will not be paused, migrated or in any way affected by the process.
This is a faster, less resource intensive and a less disruptive approach than current industry best practices, which require live migration of the virtual machines to other systems while the hosts are updated.
To qualify for a free proof-of-concept, the minimum requirement is 100 Linux servers.
TuxCare services are the umbrella offering of the CloudLinux family of enterprise support services which include live patching for critical components in the Linux stack, from the kernel all the way to widely-used shared libraries.
This eliminates the need for lengthy and costly service disruptions while servers or services are restarted to install the latest security patches, and no longer require a disruptive maintenance window.
Also, with TuxCare Linux Support Services, regular patches and updates are delivered for all components of enterprise Linux systems, as well as 24/7 incident support — even when systems are past their End-of-Life (EOL).
RtBrick has announced a new Management API for its disaggregated routing software that simplifies the integration with existing OSS and BSS systems. It dramatically reduces the amount of time and effort required to make disaggregated networks operational by using widely adopted industry tools and programming languages.
Many of the world’s largest carriers are now looking to disaggregate their networks using independent hardware and software to bring them greater vendor choice, service flexibility and cost-savings. But, while disaggregation delivers many benefits, it also brings some new challenges.
In particular, integration can be more complex when using traditional vendor-driven tools. Analysis Mason has recognized OSS and BSS integration as one of the major industry barriers to adopting network disaggregation, for example.
“Network disaggregation is one of the most significant trends we are seeing in the telecoms industry right now,” said Gorkem Yigit, Principal Analyst, at Analysis Mason. “It promises to deliver more openness and flexibility to operators, as well as lower capital costs. However, one of the major hurdles to adoption is the complexity of integrating disaggregated networks into existing operational systems, which is why any move to solve this challenge is a significant step forward for carriers.”
Unlike previous approaches, RtBrick’s API is ‘consumer-driven’ – which means that integration with carriers’ systems isn’t restricted by the details of vendors’ internal implementations. They can also use the API formats and languages of their choice, rather than have them imposed by each vendor.
Now, a carrier can choose to create their client in Python, Go or Java, as they prefer. And they are all specified using the Open API language, which is a widely understood tool used by developers.
“The Management API will abstract everything a carrier needs to run their disaggregated IP network: software container lifecycles, network and service configuration, operational state, metrics, events and logs,” said Hannes Gredler, founder and chief technology officer at RtBrick. “But, more importantly, it will be simple to integrate into any carrier’s existing OSS and BSS systems because we won’t be dictating the language they need to adopt on their side.”
The new Management API builds on existing open APIs that already allow direct interaction with any attribute inside the RtBrick system, accessing a single database that includes everything from forwarding table information to the temperature of the chips in the underlying hardware. The new Management API abstracts these interactions into a simpler-to-use interface.
Users of secure credential technologies increasingly want more choices so they can meet the specific needs of a growing variety of applications. Continuing its commitment to providing these options, HID Global announced the implementation of the latest MIFARE DESFire EV3 credential.
“Our credential based on NXP MIFARE DESFire EV3 delivers this technology’s full range of advanced security and privacy capabilities and reinforces them with HID’s powerful model for identity data protection,” said Harm Radstaak, Senior Vice President and Head of Physical Access Control Solutions with HID Global.
“This latest addition to our portfolio underscores HID’s commitment to continually expand our credential offering with solutions that are easy to customize, deploy and maintain. It helps organizations further streamline security through a simple framework that supports multiple form factors and communication protocols.”
HID’s credential based on MIFARE DESFire EV3 implements the technology’s full range of capabilities including AES128 encryption, a secure channel for protecting card data from man-in-the-middle attacks, and a random unique identifier (UID) for protecting user privacy. The credential works with readers based on MIFARE DESFire EV1 and EV2 products and is interoperable with HID Signo, iCLASS SE, and multiCLASS SE readers.
In addition to choosing standard or custom security profiles to meet their specific needs, users can take advantage of HID’s Secure Identity Object (SIO) model that protects a credential’s identity data through key diversification, authentication signatures, and encryption.
Users can create multi-technology cards with HID’s credential based on NXP MIFARE DESFire EV3 to provide a smooth migration path from vulnerable legacy, low-frequency 125 kHz-based systems to modern and secure credential technology.
“The MIFARE DESFire EV3, with its enhanced feature set and multi-application support, reflects NXP’s continued commitment to secure, connected and convenient contactless smart city services.” said Philippe Dubois, Vice President and General Manager Secure Edge Identification at NXP. “We are happy to provide faster and secure contactless access solutions together with HID.”
About HID’s high-frequency credential portfolio
HID’s credential option based on MIFARE DESFire EV3 joins the company’s Seos credential to provide robust high-frequency technology choices. Seos credential technology enables the first and only finished physical access control card certified by independent security laboratory TÜV Informationstechnik (TÜViT) and supports the broadest range of migration scenarios.
Both credential technologies are based on peer-reviewed global standards and offer essential security features like secure messaging, mutual authentication and calculating card-specific keys which are bound to specific applications. Seos also enables form factors including mobile and wearable options and power applications beyond traditional access control, from secure printing and cashless vending to network logins and time and attendance.
Availability
HID’s credentials based on NXP MIFARE DESFire EV3 and MIFARE DESFire EV3 + Prox multi-technology are available now. The company also supports users with read/write identification using 125 kHz contactless technology to enable simplified, cost-effective migration from legacy to high-frequency credential technologies.
The migration process includes extensive support and options for pre-programmed hardware, field programming, or at-scale card data provisioning spanning key management as well as card formatting and card number tracking that adheres to the highest standards of data protection and governance.
Open Cybersecurity Alliance (OCA) announced it has accepted IBM’s contribution of Kestrel, an open-source programming language for threat hunting that is used by Security Operations Center (SOC) analysts and other cybersecurity professionals. Kestrel streamlines cyber reasoning and threat discovery, which can help analysts complete this process more quickly and effectively.
IBM Research and IBM Security jointly developed Kestrel to enable threat hunters to express hunts in an open, composable threat hunting language. Kestrel leverages automation to execute tedious hunting tasks, allowing threat hunters to focus on higher priority tasks. Its combination of human ingenuity coupled with machine-based automation helps accelerate threat hunting.
The composable hunting flows enable the reuse of best practices and helps reduce the time to create new hunts. Because IBM Security has open-sourced this project, threat hunters across the globe are now able to collaborate, share and use the knowledge curated continuously by threat hunters using Kestrel.
This contribution from IBM marks a major milestone in OCA’s mission to drive greater interoperability across the security industry. The work of the OCA connects the fragmented cybersecurity landscape and enables disparate security products to freely exchange information, out of the box, using mutually agreed upon technologies, standards, and procedures that make it possible for companies to “integrate once, reuse everywhere.”
“Kestrel is designed to take advantage of the collective learned experience of the threat hunting community – and enable that to be combined with the power of machine learning and automation to speed response to threats,” said Jason Keirstead, CTO of Threat Management for IBM Security and Co-Chair – Open Cybersecurity Alliance. “By sharing new threat hunting patterns as they emerge via code that can be easily customized, Kestrel lets threat hunters devote more time to figuring out what to hunt, as opposed to how to hunt.”
“This is a really exciting contribution from IBM, a founding member of the Open Cybersecurity Alliance. Kestrel is a fully open-source threat hunting language that leverages the federated data service capabilities of STIX Shifter which were previously contributed to the OCA by IBM. I cannot wait to see how OCA member organizations and the community of like-minded people, pursuing open interoperability of security solutions, leverage these tools to further enhance their security operations across heterogeneous solutions,” said Mark Mastrangeli, Lead Architect, McAfee, and Co-Chair – Open Cybersecurity Alliance.
“The future of cybersecurity automation is in analyst augmentation and platform interoperability. Kestrel embodies both of these traits, enabling SOC analysts to hunt threats at scale using a standardized language. Cydarm is pleased to see this project included as an OCA capability,” said Dr. Vaughan Shanks, CEO, Cydarm Technologies.
“We are proud to support the continued refinement of this standard language. It further builds confidence with the threat intelligence community and enables a true collective defense,” said Avkash Kathiriya, Vice President of Research and Innovation at Cyware. “As a part of the community, Cyware understands how valuable the standard is, which is just one of the reasons we use it as a backbone for intel sharing and automation.”
“It’s good to see additional capabilities being built upon STIX. The Kestrel project is a great example of how the community can develop normalised methods, in this case, a threat hunting language, to easily interact with the growing security technology landscape,“ said Tyler Oliver, XDR Product Manager at EclecticIQ.
“Robust threat hunting is a function of data correlation and contextual analysis. For transforming threat discoveries into actionable threat intelligence at-scale, the organizations need a powerful language to communicate the threat hunting tasks and operations, and we believe that Kestrel is an answer to that,” said Renuka Nadkarni, VP and CTO Security, F5 Inc.
“To meet today’s increasing threats requires tools to help defenders share both between people/organizations and between products. OCA helps with vendor-agnostic, machine-speed cyber-defense automation. The new Kestrel project is a welcome addition to that toolset to assist with sharing in threat hunting,” said Duncan Sparrell, Chief Cyber Curmudgeon, sFractal Consulting.
“ThreatQuotient is pleased to continue its partnership with the Open Cybersecurity Alliance to help drive standards to encourage interoperability between security vendors to benefit network defenders,” said Haig Colter, Director of Alliances. “Our continued participation in the OCA demonstrates our commitment to follow established standards that encourage the communication of security information in ways that benefit a broader audience.”
The OCA is led by organizations committed to solving the costly problem of siloed cyber tools and products that create integration nightmares for cybersecurity professionals in every environment. CyberNB, Rapid7, SafeBreach, and Tenable have recently joined the governing board working alongside Center for Internet Security (CIS), Cybereason, Cydarm, Cyware, EclecticIQ, EPRI, F5, IBM Security, McAfee, NewContext, S-Fractal Consulting, SAIC, ThreatQuotient, Tripwire, and TruSTAR.
“Kestrel is about to change the way we approach threat hunting, instead of continuously rebuilding our analysis Kestrel allows us to ask what patterns or what behaviours are present during an investigation. Instead of dissecting indicators of compromise, we will be dissecting playbooks of entire hunt logic and across data sources. As adoption of the language continues to roll out, our collective hunt teams will be able to collaborate and approach cyber investigations differently – as a leader in bringing cyber collectives together to solve problems CyberNB welcomes the innovative thinking of IBM Security,” said Sheldon Shaw, Vice President, Innovation & Infrastructure, CyberNB.
“For threat hunting, Kestrel fills a critical need of a common language to express data and share insights. Combining Kestrel with predictive data sources will make threat hunting far more powerful and empower security teams to drive down the risks that matter. SafeBreach is excited to be the first predictive data source that will enable querying future threats,” said Valeriy Leykin, Director Product Management at SafeBreach.
LoginID announced additional SDK options for developers. These SDKs empower developers to integrate FIDO strong authentication into their websites or apps.
A recent PYMNTS report has referenced the importance of strong authentication methods such as biometrics possibly reducing fraud up to 90%, and according to Juniper, an expected growth to 1.4B biometric payments users by 2025.
The new SDKs can be found on PYPI for Python developers, NPM for Javascript developers, and available at LoginID for Java developers. “LoginID is focused on taking a very developer focused API approach in our products and these three releases reflect our commitment to improving speed in integration with our authentication solutions. FIDO by way of its industry support has become a de facto standard for strong authentication, with wide acceptance in the technology community. ” says Pasan Hapuarachchi, CTO of LoginID. Developers are encouraged to review LoginID’s documentation for other integration options.
The announcement comes on the heels of LoginID releasing their WordPress plugin, enabling WordPress developers to integrate FIDO in as little as 5 clicks.
Further supporting its commitment to the FIDO Alliance, LoginID is a sponsor of the FIDO developer challenge, a competition that provides developers an opportunity to showcase their technical and creative skills around the implementation of the FIDO standard.
NETGEAR announced the availability of the fourth member in its Insight Managed WiFi 6 Access Points, the Insight Managed WiFi 6 AX6000 Tri-band Multi-gig Access Point (WAX630), designed to provide the ultimate WiFi performance for small and medium businesses.
This new tri-band access point brings next-generation premium WiFi 6 (802.11ax) performance to small and medium businesses (SMBs), delivering up to 40% higher1 speeds to each connected device as compared to WiFi 5 (802.11ac). WAX630 interoperates with other NETGEAR Insight Managed Access Points, including the existing WiFi 5 (WAC510, WAC540) and WiFi 6 (WAX610, WAX610Y, WAX620) models.
Additionally, WAX630 allows access points to be connected to each other using Instant Mesh2 – a NETGEAR wireless backhaul technology. The WAX 630 comes equipped with two Ethernet ports – one Gigabit Ethernet port and a Power-over-Ethernet (PoE++) 2.5 Gigabit Ethernet port.
WAX630 is ideally suited for environments with open spaces where there is a need to provide WiFi connectivity to a large number of concurrent users. Schools, community colleges, mid-sized manufacturing facilities, warehouses and office premises of mid-sized companies will each find value in the capabilities of this new Insight Managed WiFi 6 Tri-band Multi-gig Access Point.
This powerful access point interoperates with existing NETGEAR WiFi 5 and WiFi 6 Access Points, thus protecting a customer’s investment in NETGEAR technology while allowing them to maximize the performance of their WiFi network.
WAX630 also supports 12-streams (4×4 on each band) with each unit capable of delivering up to 6.0 Gbps of aggregate data throughput with all three bands supporting WiFi 6. Specifically designed for high-density deployments, the industry unique tri-band solution enables either one dedicated band for wireless backhaul with two front-haul bands for client devices, or a 2.5GbE wired backhaul with three front-haul bands for client device connection – thus making WAX630 amongst the most versatile and high-performance access points in the industry.
NETGEAR Insight enables management of WAX630 and other devices from the Insight App or a connected browser. With Insight, resellers and Managed Service Providers (MSPs) can remotely set up, monitor and maintain a customer’s network without requiring a technician to go on-site.
“Whether it be better overall throughput or faster speeds for individually connected devices, SMBs are always demanding more from their WiFi network. The WAX630 delivers industry leading network performance based on its unique WiFi 6 12-stream tri-band architecture. Together with WAX610 and WAX620, a common Insight management platform, the new WAX630 offers SMB customers an unprecedented array of price-performance options, each with the same rich feature set, security and quality,” said Doug Cheung, senior product line manager of SMB Wireless at NETGEAR.
The WAX630 provides robust enterprise-grade WiFi network security with WPA3 128-bit to 192-bit encryption and the capability to set up VLANs and up to sixteen different SSIDs. With the tri-band WiFi 6 technology of the WAX630, businesses can now be confident that they are making an investment in the ultimate WiFi solution.
Availability
The NETGEAR Insight Managed WiFi 6 AX6000 Tri-band Multi-gig Access Point is available and shipping now in North America and EMEA.
Apricorn released 20TB Aegis Fortress L3 SSD. The 20TB Aegis Fortress L3 brings the innovation, speed, security and high performance, with an unprecedented level of storage capacity in an encrypted portable drive.
The recent breaches within government organizations and essential infrastructure have amplified the need for data encryption, and online/offline back-ups in government, utilities and enterprises across all sectors. The 20TB Fortress L3 is designed to be an essential part of any IT security framework to ensure data security and cyber resiliency.
The highly-secure drive is the first of its size brought to market and features the NIST‘s highest level of FIPS validation attainable for portable devices – 140-2 level 3. The 20TB Aegis Fortress L3 was designed for large enterprises and regulated industries that deal with large amounts of data, including finance, government, power and energy, legal and healthcare. Its massive storage capacity is comparable to saving over 4,000 feature-length films/MPEG files.
“Our devices have never been simply about providing storage capabilities, but about enabling secure storage of huge amounts of data across multiple scenarios, and in a portable manner. These devices protect against business interruption, whether it be caused by natural disaster, malware/ransomware, 3rd party risk or cloud breakdown,” said Jon Fielding, Managing Director, EMEA Apricorn.
“The 20TB Aegis Fortress L3’s mass storage capabilities enable fast response, restoration, and recovery in the event of a disaster, reducing downtime and minimising financial and reputational damage. This is critical for businesses looking to build resilience at a time when ransomware attacks, in particular, are becoming an almost daily occurrence.”
Like every secure Apricorn device, the 20TB Aegis Fortress L3 includes AegisWare, Apricorn’s patent-protected firmware. The security features go beyond the encryption module to include all of the electronics, the drive, the entire internal structure and the enclosure’s fasteners.
Additional features include:
Onboard wear-resistant keypad for authentication
Real-time 256-bit AES-XTS hardware encryption
Software-free operation
Separate administrator and user modes
Forced-enrolment / user forced enrolment
Programmable minimum PIN length
Tamper resistant enclosure made with 6061 aircraft-grade aluminium alloy
Advanced configurations for enhanced security
Interchangeable type-A and type-C connector cables
For the highest compatibility, the 20TB Aegis Fortress L3 is OS agnostic and is compatible with any USB port and operating system including Windows, Mac, Linux, Android. It is also compatible with embedded systems and equipment in possession of a powered USB port and storage file system but no keyboard and/or screen. The Fortress L3 is small enough to go in a pocket or briefcase, yet large enough to carry up to 20TB of data, empowering anyone to easily and securely carry large amounts of sensitive data anywhere.
Thales is playing a key role in the end-to-end cloud-native mobile network, operated by Rakuten Mobile, a dynamic entrant into the Japanese market.
This agile mobile network operator is utilizing Thales’ comprehensive portfolio of eSIM, SIM and remote connectivity management solutions, to enable a rapid digital onboarding journey for consumers. Thales’ eSIM technology also plays a key role in the development of Rakuten Mobile’s innovative 4G and 5G smartphones.
By supporting cloud activation of eSIM-capable devices, Thales’ solutions enhance Rakuten Mobile’s digital onboarding procedures for its subscribers. Remote management of subscriptions over the device’s lifetime is similarly straightforward for users. As well as digitalising the customer experience, this digital-first strategy increases Rakuten Mobile’s operational efficiency.
Thales’ space-saving eSIM is particularly valuable for 5G devices, which currently require large antennas and batteries leaving little space for new functionality. Rakuten Mobile is using Thales’ eSIMs in its 4G & 5G smartphones: the Rakuten Mini, the Rakuten Hand and the 5G compatible Rakuten BIG.
Reflecting these benefits, the GSMA predicts there will be 2.4 billion eSIM smartphone connections worldwide by 2025. In the same year, more than 130 million 5G connections are expected in Japan alone.
“Rakuten Mobile has embarked on a journey of innovation to create a new generation of cloud-based mobile services. Thales’ innovative eSIM solutions enable us to offer a quicker, smoother onboarding process to our customers and deliver a fully digitised but secure user experience,” said Tareq Amin, Representative Director, Executive Vice President and CTO, Rakuten Mobile.
“Rakuten Mobile’s strategy is focused on offering the convenience of a self-service onboarding for their customers. We are thrilled that our eSIM management solutions are helping Rakuten Mobile improve their customer experience with a secure digital enrolment and out of the box subscription delivery. This new 5G era boosted by Thales eSIM also addresses promising new consumer IoT use cases,” said Emmanuel Unguran, Thales SVP for Mobile Connectivity Solutions.
Fujitsu is collaborating with the Telecom Infra Project (TIP) OpenRAN Project Group to accelerate adoption of open radio access network infrastructure, helping service providers speed new 5G services to market at reduced costs.
With commercial 5G deployments gaining momentum worldwide, an increasing number of network service providers are embracing Open RAN technologies to take advantage of greater component choice, reduced costs and improved network performance. The TIP OpenRAN Project Group strives to create a robust and sustainable ecosystem for open infrastructure compliant with 3GPP and O-RAN ALLIANCE specifications.
As a pioneer in the development of open, disaggregated technology, Fujitsu is contributing 5G multi-band O-RAN compliant radios to the TIP OpenRAN project group. The dual-band and tri-band radios are certified by Fujitsu and listed on the TIP Exchange marketplace, allowing service providers to quickly find interoperable solutions and reference designs for 4G and 5G networks.
The multi-band Fujitsu radios feature an open interface radio unit (RU) and world-class power efficiency. The radios also feature a new algorithm for wideband operation with digital pre-distortion compensation (DPD), and a new amplifier technology optimized for wideband signal transmission.
“Availability of Open RAN-compliant radios is key to enabling service providers to quickly and efficiently build out tomorrow’s 5G networks,” said Dr. Femi Adeyemi, head of the wireless business unit at Fujitsu Network Communications, Inc. “As a longstanding proponent of open networking, Fujitsu is committed to helping advance the adoption of Open RAN infrastructure through our innovative O-RAN radio technology.”
“The development of a vibrant ecosystem will allow mobile network operators to select best-of-breed components from an increasing number of suppliers,” said David Hutton, chief engineer, TIP. “Fujitsu’s contributions to the TIP OpenRAN project group and its commitment to self-certification of its products according to the requirements of operators within the Project Group are an important part of our efforts to continually improve performance of the RAN through innovation, automation and competition.”
The Telecom Infra Project (TIP) is a global community of companies and organizations working together to accelerate development and deployment of open, disaggregated and standards-based technology solutions that deliver the high quality connectivity that the world needs – now and in the decades to come.
Microsoft and SES, in partnership with GovSat and UK-based solutions provider GRC, came together to demonstrate how Microsoft Azure Machine Learning (ML) and Artificial Intelligence (AI) capabilities can be brought directly to end-users deployed globally in a highly secure, reliable way while maintaining network sovereignty – allowing users to exploit key Azure workloads regardless of location and drastically boosting the efficiency of critical missions.
In these demonstrations the Azure Stack Mini R device was connected to a quick deployable tactical satcom terminal from GRC through the secure SATCOM connection on GovSat-1 satellite, and sent directly to Azure UK via the SES Cloud Direct service, giving connected and disconnected access to Azure services.
The first demonstrations of its kind highlighted how this technology could be used in a number of scenarios such as a remote disaster relief operation, collecting information for analysis, at any given classification, allowing AI and ML models to be used to categorise and assess the information locally before using the available SATCOM to update the overall situational awareness picture and, if required, updating the AI and ML models via hyperscale Azure DevOps processes.
“SES’s high-performance satellite network enables an important demonstration of secure cloud computing at the edge,” said Tom Keane, Corporate Vice President, Azure Global, Microsoft. “Together with our technology partners, Microsoft is bringing mission-driven customers the latest services they require in a secure and reliable way, regardless of the infrastructure available. This approach empowers mission owners and operators in both connected and disconnected environments, while giving governments total flexibility and control over their data.”
“Governments are looking to accelerate cloud adoption and extend it to the edge bringing its advantages to the end-users anywhere. We are proud that through our partnerships with Microsoft and GovSat, we have managed to demonstrate the security and performance of the network, alongside the required high degree of flexibility for the government customers,” said JP Hemingway, CEO of SES Networks. “Similarly, the same secure high-performance cloud communications services can be achieved on our MEO satellites, independent of the internet and other publicly accessible networks.”
“Utilising single-hop secure cloud communication between the headquarters and deployed teams, which is closed to publicly accessible ground stations and internet touchpoints, opens multiple opportunities for governments. The GRC’s solution together with the Microsoft Azure cloud service and SES’s secure resilient satellite networked connectivity makes the future of cloud-enabled government communications a reality already today,” said Steve Slater, Managing Director at GRC.
The demo is highly scalable thanks to the Azure Edge capability, as well as the wide array of SES’s satellite communications capabilities, including next-generation O3b mPOWER system that is capable of providing from Mbps to multiple Gbps connectivity for land, air and maritime government missions.
The first demonstration showcased one-hop connectivity that enables cloud workloads to run at the edge and seamlessly connect back to hyperscale Azure in both connected and disconnected modes via the Azure Stack Edge Mini R.
For this demonstration, the companies leveraged multiple satellite terminals from GRC’s 6-SAT solution, GovSat’s dedicated Military Ka-band beam onboard its satellite and GovSat’s secure Mission Operations Centre in Luxembourg.
The second demonstration was performed with GRC’s deployable Satellite Ground Station (SGS), showcasing in-theatre connectivity as well as backhaul of data from in-theatre headquarters to the home country with no public internet touchpoints.
The first satellite link was securely connecting a deployed terminal with the in-theatre headquarters terminal, and anchored directly to the deployable, private SGS hub. The second satellite link connecting the deployable SGS hub was anchored in the GovSat Mission Operations Centre, demonstrating backhauling to a home country.
The SES Cloud Direct service was delivered via a dedicated Microsoft ExpressRoute connection directly from the end-users to Azure data centres, enabling the cloud agility and performance via a dedicated MilSatCom GEO capability.
For low-latency applications, SES can also bring the data from the edge to the cloud in a safe, secure and efficient way through its high-throughput low-latency O3b satellite network and its upcoming next-generation cloud-scale O3b mPOWER system, both operating in medium earth orbit (MEO).
DataTribe announced a $2.5M seed investment in Ntrinsec. Ntrinsec is the moving-target defense start-up that is solving the secrets sprawl that exists in enterprises of all sizes today.
“We are excited to announce DataTribe’s latest investment. Ntrinsec really embodies our thesis of looking over the horizon to the next wave of innovation needed to stay ahead of tomorrow’s threats,” said John Funge, Managing Director, DataTribe. “Ntrinsec has a phenomenal combination of technology and team that is perfectly positioned to solve the data protection conundrum of data exfiltration due to key compromise of data platforms.”
Ntrinsec uniquely marries automated comprehensive key discovery, machine identity management, and orchestration of safe, automated remediation through synthetic testing and other simulations to massively simplify key management in today’s increasingly complex environments.
Continuous integration and delivery automation, micro services, and multi-cloud architectures have revolutionized the speed and efficiency of organizations to digitize their operations, but these trends have also caused significant secret sprawl and poor secrets hygiene. Now, with Ntrinsec’s platform, secrets management can be automated with the same level of speed and efficiency.
Asset sprawl and poor asset management are both contributing to stale or orphaned systems, providing unwanted toe-holds for bad actors. Key hygiene issues like key-reuse, local wallets, etc. are the next-step weaknesses bad actors exploit in the data exfiltration playbook.
This attack vector is increasingly a problem for enterprises of all sizes, driving the need for a platform like Ntrinsec’s. Ntrinsec enables DevOps teams to more easily adopt quality secrets hygiene practices and to provide CISOs and their security teams better insights into the enterprise’s security and regulatory compliance posture.
“Partnering with DataTribe sets Ntrinsec on the path to success with the seed funding, mentorship, and resources we receive from the firm,” said Cam Williams, CEO of Ntrinsec. “As we accelerate into this next phase of growth, focusing on innovation, customer acquisition and go-to-market, we are confident in our ability to move the cybersecurity industry needle.”
Extreme Networks announced it is one of the fastest growing cloud-managed network service providers and is the second-ranking brand in the industry as reported in 650 Group’s June 2021 Cloud-Managed Network Services Report.
Extreme is significantly outpacing the market, including the market leader, and holds more market share than the third and fourth ranked vendors combined.
Key Facts
According to 650 Group, the cloud-managed network services market experienced 38% growth year-over-year from 2020 to 2021, while Extreme delivered 101% growth during that same period. Extreme was ranked as the second leading vendor in the cloud-managed network services market.
The 650 Group anticipates additional growth in the cloud-managed network services market over the next five years as vendors bring further innovation to the market such as artificial intelligence (AI), analytics, and locationing. The report shows that Wi-Fi 6 market revenues have doubled year-over-year and forecasts that the highest growth access point (AP) types in 2022 will be Wi-Fi 6 and Wi-Fi 6E systems. Wi-Fi 6 ensures networks can support the bandwidth demands of the rapidly increasing number of internal and external IoT devices that flood every organization today.
ExtremeCloud IQ is a machine learning and AI-driven cloud management platform that simplifies onboarding, configuration, monitoring, managing, troubleshooting, alerting, and reporting for network infrastructure devices. The platform is trusted to manage nearly 1.6 million network devices each day and counting.
All ExtremeCloud IQ Pilot subscribers have automatic access to CoPilot, a new subscription level available within the platform that delivers explainable AI insights for IT network administrators, enabling them to more easily monitor highly distributed network environments.
ExtremeCloud IQ holds multiple industry-first designations. It is the only cloud-agnostic network management solution available on Amazon Web Services, Google Cloud Platform, and Microsoft Azure; it offers public, private, or distributed cloud deployment options; and it is the only cloud platform with unlimited data retention as well as 90-day data retention.
To support compliance requirements, ExtremeCloud IQ is the only cloud network management platform that is currently ISO 27001, ISO 27017, and ISO 27701 certified. The platform complies with Global Data Privacy Regulation (GDPR) and all ExtremeCloud IQ customers retain the ability to delete any of their data at any time. ExtremeCloud IQ has also attained Level 1 status in the Cloud Security Alliance (CSA) Security Trust Assurance and Risk (STAR) program. The platform has unmatched data sovereignty, with 17 Regional Data Centers (RDCs) around the world and a cloud footprint spanning 5 continents in 13 countries.
“Over the past year we have seen rapid growth in the cloud-managed network services market as an expanding number of enterprises adopt cloud services. Cloud and wireless technology are critical for today’s working world and are a necessity for enterprises looking to succeed in the flexible, distributed environment that exists today. This is a rapidly growing market where Extreme is punching above its weight, and we anticipate the market will continue to expand as leading vendors like Extreme further their cloud offerings,” said Chris DePuy, Founder and Technology Analyst, 650 Group.
“The value of cloud services for today’s enterprise cannot be overstated and is reflected in the fact that cloud is the fastest growing segment of the networking industry. Extreme’s strong position in this market was established through unsurpassed network automation capabilities, insights, and performance assurance. We work relentlessly so our customers can stay ahead of the curve by innovating next generation networking solutions powered by the cloud. Extreme is proud of this industry recognition and we look forward to continuing to expand our cloud offerings, which will enable us continue to earn the trust of present and future customers,” said Wes Durow, Chief Marketing Officer, Extreme Networks.
The board of directors of EfficientIP named Norman Girard as its new Chief Executive Officer, effective June 28, 2021.
He will also become a member of the board of directors. Girard, a customer-focused and energetic business leader, brings more than 20 years of experience in cybersecurity, networking, driving revenue growth, and scaling organizations at an international level; he aims to continue building EfficientIP as a leader in the secure DDI (DNS-DHCP-IPAM) space. He succeeds David Williamson, who has retired.
“I am very happy with the arrival of Norman, who should enable EfficientIP to accelerate its strategic development and technological leadership,” says Thierry Drilhon, Chairman of the Board. “His knowledge of the market, his operational experience and his leadership are all assets in creating value for the benefit of customers, employees, partners, and shareholders.”
Girard comes to the role from thirteen years at Varonis, a company focused on cybersecurity and data protection. Beginning first as a Managing Director for Southern Europe, Girard’s strong sense of urgency and attention to detail led him to launch operations for a continental sales team. As Vice President and General Manager for Continental Europe, he built an $80M business and attracted over 2,000 new customers.
“It is an honor for me to join EfficientIP, and I want to thank the board of directors for their trust,” Girard says. “I especially want to applaud the hard work of the team led by David Williamson, who was able to build the foundation for a sustainable, profitable business and create an international leader in the DDI space. I will do my best to maintain the amazing culture that has been established, and to lead the management, the strategic direction and execution of the EfficientIP vision.”
Prior to Varonis, Girard was the Sales Director and General Manager for EMEA of Blue Lane Technologies (later acquired by VMWare). He also served as Technical Product Manager for Qualys, the Vulnerability Management Leader, and helped the company grow from ten customers to more than 2,500.
Girard comes to EfficientIP at an auspicious time. The company posted one of its strongest years on record in 2020, with 69% overall global growth for the year and nearly doubling its 2020 Q4 numbers from 2019 Q4. In 2021 so far, Q1 has shown a 39% increase in bookings from the same period in 2020.
Girard succeeds David Williamson, who had been the CEO of EfficientIP for twelve years. “I am very confident handing the role of CEO over to Norman,” Williamson says. “It has been a fantastic journey! With great dedication and commitment from all teams, we managed to develop EfficientIP into a first-class player in the DDI market. I want to thank all members of the EfficientIP family for their hard work and contribution, and I am confident that Norman will lead EfficientIP to its next success.”
Girard holds a Bachelor of Science and a Master of Science from the University of Paris.
The first public beta for watchOS 8 is now available, giving users a chance to try out all the new features coming to Apple Watch Series 3, 4, 5, 6, and SE devices later this year. This early version of watchOS 8 includes the respiratory sleep tracking, new workout modes and multi-timer support, and tons of new changes to various Apple Watch apps including:
Photos: Support for memories and highlights, and images can be shared through iMessages and Mail.
FindMy: AirTag tracking support.
Apple Music: You can now share music via Messages.
Weather: Precipitation notifications if rain is expected in the next hour.
There are tons of other small tweaks in watchOS 8, all of which you can check out right now—but only if you have an iPhone running the iOS 15 beta. We can help you install the iOS 15 beta, but we strongly recommend you do not install either iOS 15 or watchOS 8 betas on your primary devices. Bugs and performance issues could make them unusable, and you cannot roll back to watchOS 7 once the watchOS 8 beta is installed. It’s better to wait a few more months for the stable versions to arrive.
With those warnings aside, here’s how to enroll your Apple Watch into Apple’s beta program so you can install watchOS 8 public beta now.
Make sure your iPhone and Apple Watch are charged, paired, and near each other.
Click “Get started,” sign in with your Apple ID and agree to the terms to enroll your account in the program.
Go to the “watchOS” tab and tap “Download profile.” Allow the download, if prompted.
Select “Install” then follow the on-screen instructions.
Tap to restart your Apple Watch when prompted.
After the Apple Watch reboots, it will be ready to download the watchOS 8 update. There are two ways to start the download:
On your Apple Watch, go to Settings > General > Software Update and select “Download and Install.”
In the Apple Watch app on your iPhone, go to General > Software Update, then tap “Download and Install.”
G/O Media may get a commission
Follow the on-screen instructions. Once the installation is complete, you’ll be prompted to restart your Apple Watch one last time. After it reboots, it will be running the watchOS 8 public beta.
Becoming financially literate takes some work, but it doesn’t have to be a chore. And in 2021, one of the easiest ways to source practical advice on budgeting, managing debt and investing is listening to personal finance podcasts while you’re making dinner, out walking the dog, or commuting to work. To help you choose the ones that are worth your valuable time, we’ve waded through a seemingly endless supply of excellent (and not-so-excellent) examples of the form and selected our top 10 for 2021.
Clark Howard, a longtime consumer advocate and former nationally syndicated radio host, is a go-to source for practical, plainspoken advice on a variety of listener-selected topics within a given episode, which could cover everything from saving for retirement, to picking a TV streaming service, to scoring cheap prescriptions at Costco. The show includes an amusing “Clark Stinks!” segment in which Howard reads out complaints about his advice from previous shows.
G/O Media may get a commission
DIY Money is a personal finance podcast hosted by two finance professionals, Quint Tatro and Daniel Czulno. The show mostly covers investing strategies, with topics ranging from broad (“Bitcoin as an investment strategy”) to wonky (“Roth Conversion rules”). It’s a chatty podcast, with an atmosphere similar to what you’d find on a morning radio show, and usually includes a segment that answers listener questions. Expect a lot of goofy audio clips and banter, as the energetic hosts sometimes work a little too hard to keep your attention.
The Personal Finance Podcast is hosted by Andrew Giancola, a property investor and writer for the Dollar After Dollar blog, and he tackles pretty much any topic as it relates to building wealth, whether that’s real estate investing, choosing stocks, building a business strategy, or managing a budget. Giancola has a hard-charging style that keeps things moving (it sounds like he edits out the pauses between his sentences, a trick borrowed from Youtube) and he crams a lot of information into each 30-minute show.
The Stacking Benjamins Show is a rollicking 70-90 minute podcast led by former financial adviser Joe Saul-Sehy, along with his anonymous co-host known as “OG” (which stands for the “Other Guy”). The jocular pair cover money-saving tips, investments, and other financial goals three times a week, with a wide variety of guest interviews. It’s more “live” than other podcasts (i.e., largely unedited), so it sounds more like a laid back radio show.
Jill on Money is a no-nonsense financial advice podcast hosted by Jill Schlesinger, a business analyst for CBS News and a certified financial planner. The episodes are bite-sized (less than 20 minutes), and usually deal with specific questions (“Should I pay down my mortgage or invest?”) submitted by listeners, who often appear on the show. Schlesinger is a charming, gifted interviewer, and the best episodes are often the ones with guests, which is not usually the case with many podcasts.
WSJ Your Money Briefing, hosted J.R. Whalen, leverages the reporting staff of the Wall Street Journal to provide concise explainers on financial topics of the day, whether that’s car prices, Bitcoin, or new tax credits. Each episode is less than 10 minutes long, and new ones publish every weekday, making it a go-to source for quick explainers on topics trending in the news.
So Money host Farnoosh Torabi covers a wide range of money-related topics, from interviews with business authors and influencers to delivering her own advice on raising a family, paying off debt, and navigating a successful career. Every Friday, she answers listener questions—and offers a private, one-on-one money-coaching session to those whose questions she selects to cover on the show. Although much of her content is geared toward women, anyone can dive into her library of more than 1,200 episodes (and counting!) and come away with something useful. —Meghan Walbert
Dave Ramsey, the grand poo-bah of personal finance advice, is a polarizing figure best known for his near-zero tolerance for debt. His podcast is a slick production that features two hours of call-in questions from listeners running the gamut of personal finance topics, and Ramsey isn’t shy about doling out blunt advice. While his Judge Judy-esque lack of patience with his callers can be off-putting, it keeps the show moving at an entertainingly fast clip, and the guidance he provides is clear, succinct, and practical.
Odd Lots, a Bloomberg-produced podcast hosted by Joe Weisenthal and Tracy Alloway, always seems to have the earliest coverage of investing topics (stock movements, commodities, inflation), even as they pop up in the news. The episodes are usually under an hour, and the show doesn’t shy away from complicated topics like DeFi or Quant investing. The guests are consistently informative, too.
Until very recently, I avoided the world of barbecue. Getting up early? Being outside? Asking men for advice? None of this sounded all that appealing, but here I am, showing you pictures of some pulled pork I smoked for my family, and I fully “get it.” Getting up early mean you get a little bit of peace and quiet, and smoking gives you an activity that needs your attention—you can fiddle and futz with it throughout the day without being too stressed out. I get why dads love smoking meats, is what I’m saying.
There are a lot of fancy smokers out there, but we’re going to be focusing on a simple charcoal setup using a Weber Kettle (or similar grill) equipped with an external digital thermometer. Other than that, you’ll need some briquettes, some wood chips, a drip pan, and a bone-in pork shoulder (also called a “butt”).
My first piece of advice? Don’t be intimidated. Though smoking can seem kind of complicated at first, smoking a pork shoulder is one of the easier large-format meat projects you can take on, even on a simple charcoal grill. It’s a forgiving cut that’s hard to dry out, thanks to a large amount of intramuscular fat. I’m sure you could dry it out if you completely ignored the next 2ooo or so words, but you’re not going to do that. You’re going to do just fine.
Buy a dual-probed thermometer
Sorry, but there is no way around it. You must buy an external temperature-taking device, and it should have at least two probes—one for taking the temp of the meat, and one for taking the temp of the air inside your grill. As I have mentioned several times, the little thermometer that sits on the dome of your grill is wildly inaccurate, and it’s impossible to control the temperature if you don’t know the temperature. There are many fancy-boy thermometers with bluetooth capabilities and such, but a $30 model will work just fine. (I have an older model of this one.)
Start small(ish) and give yourself plenty of time
Pork shoulders can get kind of big. The bigger the shoulder, the longer it will take to smoke and reach the end point. This seems obvious, but trust me when I say that you’ll be tempted by larger shoulders at the grocery store. All of the shoulders I’ve smoked were nearly eight pounds, and all took at least 11 hours, and burned through a lot of charcoal. (I had to add a little extra at the end of my first one, and it was a pain in my butt!) Each shoulder is different in terms of fat and moisture content, but you’ll want to allow 1-1 1/2 hours of cook time for each pound.
Five is an excellent size for a beginner. You’ll get plenty of meat off the thing, and you’ll have to get up early, but not so early that it’s unbearable. To calculate how early you should get up, multiply the poundage by 1.5, then add an hour and count back from your meal time, keeping in mind that dinner still might be a little late. Pork will not be rushed, but it is worth the wait.
Trim some fat
The intramuscular fat that lives within the muscle will melt and moisten your pork, but that big fat cap on the end isn’t all that helpful. Not only does it hang out on the outside, never making its way into flesh, it has the audacity to sit there and prevent both your salt and your rub from permeating and flavoring the meat, and the meat is what you’re going to be eating. To get rid of it, slide a thin, sharp knife under a thick corner of fat to create little “fat tab,” then pull on that tab as you slice fat away, so you can see the pink flesh. (Don’t get obsessive; a little bit is fine.)
Salt before you rub
Salt is a small molecule, and it permeates the meat with ease. Most of the flavor molecules in a rub, however, are much larger, and they cannot penetrate deep into the meat. (According to AmazingRibs.com, most rub ingredients only make it around an 1/8th of an inch below the surface.) That’s fine. In fact, that’s exactly what you want a rub to do—sit on the surface and create a beautiful bark of complementary flavors, but it does mean you should treat salting and rubbing as two different flavoring steps. Add salt 12-24 hours beforehand to give it time to draw out moisture, dissolve, and make its way into the muscle; then apply your (salt-free) rub right before you start smoking.
If you are using a salt with a small crystal structure—and I’ve been using Morton Natural Sea Salt, which is the size of table salt but iodine-free—you’ll want to aim for at least 1/4 teaspoon per pound, though I usually end up sprinkling out a little less than 1/2 a teaspoon per pound. (I used a full 3 teaspoons on my most recent 7 3/4-pound pork shoulder, and it was perfect.) If you’re using something with a larger crystal, you can use a larger volume of salt—Meathead Goldwyn uses a ratio of 1/2 teaspoon of Morton coarse kosher salt per pound, and it seems to serve him well.
Snake your charcoal
“The Snake” is a charcoal stacking method where you literally snake your briquettes around the outside of your grill, then light one end and let the coals slowly burn throughout the day. (Yes, you could “just get a Slow ‘n’ Sear,” but I think knowing how to do this without that particular attachment is valuable knowledge.) There are a few variations on this theme, but I found that a rough 24 briquette-long snake of coals, stacked two high and two wide, with some single coals along the top of the snake, was just—and I mean just—enough to fully cook my nearly eight-pound pork shoulder. I will probably add a little more next time—there were no unburnt coals remaining when I opened my grill, and that last bit of cooking was done with the pure residual heat.
In addition to charcoal, you’ll also need some wood chips. I used applewood, and placed 3-4 smallish chips in between the coals on top of the snake, with the majority of the wood at the beginning of the snake, and more space between wood piles towards the end.
Once your snake is all settled, fill your chimney about 1/3 of the way full with charcoal, and get those babies going with a lighter cube or some newspaper. (If you need a refresh or primer on the chimney, give this a peep.) Once the coals are mostly ashed over, dump them at the beginning of the snake (the side with more wood chips), then set a drip pan in the center of your snake, and fill it about halfway with boiling water.
Set the grill grate over the snake, apply your rub to your meat, and set the pork shoulder over the drip pan in the center of the grill. Stick one thermometer probe in the thickest part of pork that’s at least an inch away from the bone, and another on near—but not touching—the shoulder (your thermometer should come with a little probe clip that keeps it off of the grates). Close it up, with the exhaust vent opposite from the hottest coals, and start smoking.
Control the air
As you probably know, there are no temperature control dials on a charcoal grill, which is one of the first things you have to get used to when grilling with charcoal. A lot of people have a lot of opinions on exactly where you should set your intake and exhaust dampeners, but it doesn’t really matter, as long as you find a setup that keeps your internal grill temperature between 225℉ and 250℉.
I like to start with the intake dampener (the one on the bottom) completely open, with the exhaust dampener (on the top of the lid), about halfway open, then close it to just a sliver once the ambient temperature inside the grill breaks 200℉.
This is where my exhaust went was when the temp stabilized around 240℉.Photo: Claire Lower
You’ll probably have to fiddle a little more than that, but try not to fiddle too much, and wait 30 minutes in between adjustments. About halfway through the cook, you may be tempted to open the grill and take a peek to see “how things are going.” Don’t do this! You’ll release a bunch of heat and moisture. Remember: If you’re looking, you’re not cooking.
Clean as you go (the ash trap, that is)
Your charcoal will turn to ash as it burns, and that ash will accumulate, blocking the flow of air and suffocating your coals. This will result in a drop in temperature, which you do not want.
Luckily, the solution is simple. A few quick back-and-forth swipes of the little cleaning blades—the same ones that control the air flow through the bottom vents—is all it takes to clear out the ash and get you back on track. (Just remember where you had them set so you can put them back where they were after cleaning.)
About the stall
If you’ve read anything about smoking meats, you have heard of “the stall.” The meat hits a temp of around 150℉, and refuses to climb anymore for hours. According to AmazingRibs.com, the culprit is water, and there are a few tactics you can take to combat the stall:
That’s [the stall] because the moisture evaporating from the surface is cooling the meat at the same rate as the hot air is warming it, and the internal temperature stalls. You can just ride it out, or you can bust through the stall by cranking the heat to about 300°F or by wrapping the meat tightly in foil.
I don’t know why, but I have never encountered a major stall. I certainly saw a slow, but my pork never got stuck at one temp for more than an hour and a half. If you encounter such a dreadful pause, I recommend just waiting it out or, if you’re in a time crunch, opening up the vents and letting the heat rise to the aforementioned 300℉. I would not recommend wrapping your shoulder in foil, as that can fuck up your beautiful bark, and the stall actually helps create that bark.
Let’s cook the thing.
Now that you’ve read all that, it is time to cook. To smoke your very first pulled pork on a charcoal grill, you will need:
A bone-in pork shoulder in the 5-6 pound range
Salt, 1/4-1/2 teaspoon per pound, depending on the crystal size (Use a larger volume of salt if the crystals are large.)
Salt-free rub of your choice. (I have been using Rocky’s Rub because the people at SnS sent it to me for free, but any nearly all of these will work if you omit the salt.)
The day before you plan to smoke your shoulder, take it out of the fridge and trim the fat as described above. Salt the pork on all sides, set in pan, and return to the fridge for 12-24 hours.
Remove the pork from the fridge and start setting up your grill. Arrange your charcoal in the snake formation as shown above. Your snake should be at least 24 briquettes-long, stacked two high and two wide, with some single coals along the top of the snake. Add your wood chips, a few every couple of briquettes, with most of them towards the beginning of the snake, and fewer on the latter half. Fill your chimney about 1/3 of the way full with charcoal, and light a lighter cube or some newspaper underneath the coals. Once the coals are mostly ashed over, dump them at the beginning of the snake (the side with more wood chips), set a drip pan in the center of your snake, and fill it about halfway with boiling water.
Set the grill grate over the snake, apply your rub to your meat, and set the pork shoulder over the drip pan in the center of the grill. Stick one thermometer probe in the thickest part of pork that’s at least an inch away from the bone, and another one near—but not touching—the shoulder. Close it up with the exhaust vent opposite from the hottest coals, open the intake dampener fully, and the exhaust dampener halfway.
Once your grill temperature reaches around 200℉, adjust your exhaust dampeners so they’re opened just a sliver. Let the temp stabilize, and adjust more if needed. If you need your temperature to rise, open the top vents a little more; if you need it to fall, close the bottom vents a bit (as you probably cannot close the top anymore with closing them completely). Keep an eye on the temp and make small adjustments as needed to keep things between 225℉ and 25o℉.
Smoke until your pork reaches an internal temperature of at least 194℉, rotating the lid every once in a while to keep the exhaust vent on the opposite side from the burning coals. (You won’t be able to see exactly where the coals are burning, so just move it a couple of inches every hour and a half or so.) Temp-wise, I know some people like to go higher, but none of my shoulders have ever broken 200℉, and all have been incredibly tender, juicy, and delicious. As long as that bone feels loose, you’re good.
Once your pork is done, remove it from the grill with a big spatula or meat claws and get it on a cutting board or in a pan. It will look burnt, but it is not. It is smoked, and that black exterior is your delicious bark. Remove the bone, and shred the meat with two forks (or BBQ claws). I like to shred the meat as I go, rather than shred it all at once, but either way is fine. Serve with buns, coleslaw, your favorite BBQ sauce, and maybe some pickles, and be prepared to receive many compliments. You did it, and I am so very proud of you.
Adobe recently announced Photoshop Sketch and Illustrator Draw, two great free drawing apps available on iPad, will be removed from the Apple App Store (and Google Play) on July 19. Luckily, the apps are getting a free replacement in Adobe Fresco, which combines the features of Photoshop Sketch and Illustrator Draw into a single app—but there might be a better choice for you out there, and it’s the perfect time to find out.
You don’t have to make a change, as existing users can continue using Photoshop Sketch and Illustrator Draw as long as the programs are installed on their devices by July 19, but the apps will only receive limited support until they’re fully discontinued on Jan. 10, 2022.
That said, Adobe Fresco is frankly a much better app than Photoshop Sketch or Illustrator Draw ever were. (Adobe also offers iPad versions of Photoshop and Illustrator, but they’re locked behind a Creative Cloud subscription and are missing many features of the desktop versions.)
The best other drawing apps for iPad Pro artists
And if you don’t like Adobe’s iPad apps and are looking to make a change, there are many other worthwhile drawing programs available for iPad Pro—maybe too many. To help you find one that fits your artistic needs, we’ve assembled a shortlist of the best drawing apps for iPad Pro artists at any level. There are free and paid apps on this list (though the former are affordable options, we promise), but each one offers its own unique features and capabilities—whether that be precise vector art, bold line work, or digital painting.
G/O Media may get a commission
Screenshot: Brendan Hesse
Procreate is a powerful app designed specifically for iPad and Apple Pencil. Its interface is streamlined and easy to navigate, and it’s packed with professional-grade features like custom brushes, layer blending modes, perspective grids, gradient maps, and more.
Procreate lacks some bells and whistles you’ll find in full-featured desktop programs (I desperately wish it had Photoshop’s layer effects, like “inner glow” and “outline”), and its one of the few apps on this list that isn’t available on other devices, but it links to iCloud and Google Drive and supports PSD, PDF, PNG, TIFF, JPEG, and its own .procreate file types, among many others, so you can easily export Procreate images to other programs.
In fact, Procreate has been my go-to drawing and painting app for years—I use it more than any other app on this list, and it quickly replaced Photoshop when I discovered it a few years ago. It’s a paid app, but dropping $10 for a one-time purchase grants you lifetime access and all future feature updates, which is a much better deal than paying for a monthly fee for a subscription-based app.
Sketchbook used to be a paid app, but Autodesk now offers the full version for free on the Apple App Store. It doesn’t have quite the same feature depth as Procreate or Clip Studio Pro, but important functions like custom brushes, layers, and gradient maps are included, and Sketchbook’s myriad perspective grids and drawing guides are great for creating technical drawings and doing design work. It will also convert pictures of hand-drawn sketches into images using your iPad’s camera. There are free Mac and Windows versions of Sketchbook available as well, which is helpful for those who want to use a single program with a consistent interface and feature set across multiple devices.
Screenshot: Brendan Hesse
Clip Studio Paint is popular among comic and manga artists who work digitally. It has robust brush customization settings and comes with built-in comic page layout templates, animation tools, and even a library of 3D reference models—a great addition for anyone learning anatomy (and no, using them is not “cheating”).
Clip Studio Paint is available on iPad, Android, and desktop, and comes in two versions: the $50 Clip Studio Paint Pro that includes all the features mentioned above, and the $219 Clip Studio Pro EX, which offers advanced manga and animation features. Luckily, there’s a three-month free trial available for all platforms so you can test it out before buying, and monthly usage plans if you don’t want to pay full price all at once.
Affinity’s digital art apps on iPad are closer to professional desktop programs than streamlined mobile apps.
Affinity Designer is a vector graphics program, making it a solid alternative to Adobe’s Illustrator apps. It includes common vector graphics tools like curves and precise shape creation, and good matches for Adobe Illustrator’s well-known pen and pencil tools. Affinity Photo, on the other hand, is more like Photoshop, and focuses on digital painting and photo editing tools. Both programs are well regarded for their smooth, speedy performance on iPad (though their exact performance will depend on your iPad model), and their support for Apple Pencil.
Both apps are $50, making them two of the most expensive choices on this list, but you only have to pay for them once—which is still better than paying for a monthly subscription to Adobe’s software. You can also purchase Mac and Windows versions of each app.
Screenshot: Apple App Store
Our last highlighted pick is Linea Sketch, another entirely free app. Compared to our other free pick, Sketchbook, Linea Sketch isn’t as robust, but its simplicity is part of its appeal.
Linea Sketch is a straightforward drawing and painting app, and unlike many of the cross-platform apps above, it’s built specifically around iPad and the Apple Pencil. It’s a great beginner program too, thanks to its helpful color selection tips that offer up a selection of complementary colors.
Other standard digital art features like line assist, transform tools, perspective grids, built-in page layouts, and multi-layer support are also included (though I should note the app maxes out at just five layers per drawing). If you decide you want to work on your Linea Sketch drawings in other programs, you can export them as a PSD, PNG, or JPEG.
And plenty more
Like I said before, this list only covers a fraction of the truly useful drawing apps available on iPad. I focused primarily on apps I use (or used to use), so there’s probably a few missing that other digital creators swear by. If your favorite isn’t on the list, drop a suggestion in the comments. If any prove to be super popular, I’ll add ‘em to the list in a future update.
Socrates didn’t fear death. Even though he met a gruesome demise (he was executed by the state for the alleged crime of corrupting Athenian youth), Socrates didn’t flee or plead before his executioner. If we are to take his beliefs and teachings—that death is an inevitability that might be good, actually—to heart, we may also find a greater acceptance in the unknown.
How did Socrates view death?
Socrates lived during a period of untold barbarism, where death, war, and disease defined the experiences of the living. But his familiarity with death was strong, even for the brutish standards of the era. He was a solider—and even something of a war hero; he rescued the future Athenian leader Alcibiades during a siege on the city of Potidaea in 432 B.C.—so he was far more accustomed to the inevitability of mortality than most people living in the 21st century.
Ancient Greek society thought of death as a spiritual transition to a netherworld of ghosts, crystallized by the spirit leaving the body in the form of a culminating exhale. Socrates was less mystical in his interpretation of death, and wrote about it in distinctly realist, if not skeptical, terms. When the philosopher was on trial at the Athenian court in 399 B.C., Socrates spoke before a jury of 500 male citizens, and delivered a speech that enshrined his musings on death on the most appropriate stage imaginable.
Let us consider also in the following way that there is much hope that being dead is something good. For to be dead is one of two things: either it is like being nothing and the dead person does not have any perception of anything, or, as they say, it is some kind of change, namely relocation, of the soul from here to another place. And if it is indeed a complete absence of perception, like the sleep of someone who does not even dream at all, death would be a remarkable gain.
G/O Media may get a commission
Socrates had a devoted follower in a young Plato, who was in attendance that day at the trial. Speaking of his mentor’s demeanor prior to his execution, Plato noted that Socrates “appeared both happy in manner and words as he died nobly and without fear.” It’s an attitude that buoyed Socrates’ spirits as he drank from the executioner’s cup filled with poisonous hemlock.
How Socrates can teach you to tame your anxiety about death
Socrates was, in many ways, a precursor to the stoic school of ancient Greek philosophy, which sought to eschew negative emotions and replace them with an unwavering inner-resolve. It isn’t necessarily a good thing to deny one’s emotions about death, but accepting its eventuality can do much to tame your anxiety about meeting the unknown.
It’s a scary concept to be sure, but science hasn’t really discovered what it feels like to die, beyond the experiences detailed by people who have been pronounced dead and later resuscitated. As far as research has determined, there are the harrowing moments of mental and physical decline, but also hallucinatory reunions with deceased loved ones, cinematic moments of your life that flash before your eyes, a rapt state of contentedness, and other blissful sensations.
The takeaway from the meditations of Socrates, is that there’s nothing to fear in the unknown. Moreover, the possibility of leading a virtuous life, combined with the pursuit of knowledge and wisdom, should open the doors to fulfillment while you’re alive. Standing before the jury, prior to his execution, Socrates delivered what may stand as his most prescient and enduring statement: “The unexamined life is not worth living for human beings.” What one should do to clamp down on any fear of death, is to examine themselves in the present, the philosopher suggested.
Using the philosopher’s outlook as a guidepost—that humans should seek out beauty, strength, and health, tempered with a pursuit of knowledge—will help ground you in the present. Hopefully, it will imbue you with a state of contentedness, so that death isn’t so much a morbid specter that haunts you, but an inconsequential aspect of the life you’re living.
Vacuum cleaners can clog by things getting stuck in the hose or from an over-full canister, but most clogs are easily solved by just regularly emptying your vacuum. Hair and string, though, tend to wrap around the vacuum brush and can restrict its movement, causing a slow death until it stops spinning altogether, rendering your vacuum useless. At first glance, it might look complicated to get in there and untangle the mess, but depending on the vacuum, it’s probably easier than you think.
How to remove a vacuum brush
The best way to clean a vacuum brush is to remove it. Unfortunately, there isn’t a universal vacuum, so removing the brush depends on the vacuum brand. Some require removing the bottom grate surrounding the brush; others have a convenient lever to pull or a button that pops open a compartment on the side to remove the brush for cleaning. Most modern vacuum cleaners have this capability.
How to clean a tangled vacuum cleaner
Once you remove the brush, cleaning is rather simple, as TikTok user @vaneamaro91 highlights. Take a good pair of scissors and cut along the length of the brush, minding the bristles so that you don’t accidentally cut off pieces of it. Once the hair and tangled particles are loosened, use your hands to pull apart the pieces and clear the brush of debris. (Can can wear gloves if you’re grossed out.)
G/O Media may get a commission
For deeper cleaning, you can grab a cleaning brush, detergent, and some white vinegar. After removing as much hair and dirt as possible, submerge the brush in warm water mixed with detergent, and use a cleaning brush to get in the small areas to break up any stubborn dirt. Once you’re done, wipe it down with diluted white vinegar, which will help disinfect the brush and remove dirt still stuck on the bristles. Wipe it dry with a microfiber cloth, and make sure the brush is completely dry before reattaching. Congratulations, your vacuum will spin like new.
I held out on purchasing a salad spinner for years, because I’m a stubborn idiot. Drying lettuces on towels is for chumps. It takes far too long, takes up too much counter space, and never gets the leaves fully dry, resulting in soggy salads (boo).
When I started growing my own lettuces, I knew it was time. Pre-washed, bagged salad just does not last as long or taste as good, but there is dirt on the lettuce in my garden, and it must be washed off, which means it must be dried. If you’re worried about space, I have great news: Prepworks makes one that collapses for easy storage. (It’s also fantastic for drying mushrooms.)” —Claire Lower, senior food editor
Putting a cat on a diet is hard. The pitiful eyes, the constant yowling, the nonstop paw taps asking for food, not to mention all the times they wake you up at 2 a.m., in the hopes your guard will be down just enough that you’ll feed them. Add in a second cat with different dietary needs and it can seem impossible to make it work.
Lately, I’ve been in this predicament: Like many of us, my cat Cement has put on a few pounds in the last year, going from an already cement-esque 17 pounds to a mega-chonking 21 pounds, probably because his only exercise consists of stealing our smaller cat’s food. Something needs to change before he starts developing health problems or our smaller cat decides he’s had enough of all the food-stealing and finds a better family.
So if one of your cats is looking a little bit too thick, what do you do?
Implement strict meal-times
One answer is to structure their food intake with designated meal-times, with your cats either eating in separate rooms or at different times, in a setup that prevents the other cat from accessing the “dining room” during that time. For example, one cat could eat their meals in the bedroom, while the other cat eats in the home office at the same time. If your home is on the smaller side, meal times could be at separate times, but using the same room; just keep the door closed while one cat eats and the other stands outside, yelling to be let in. The important thing is to create a physical separation that will keep them from eating each other’s food.
If you go with set meal-times, the problem will be getting your cats to adjust to the new feeding schedule. If they are used to nibbling all day, it will be hard in the beginning. To soften the shock, keep the meal-times run on the longer side, allowing them more time to graze, and give them smaller meals more frequently, gradually reducing the number of times a day you give them food.
If you are switching to a diet food at the same time, it’s important to remember that whenever you introduce your cats to a new type of food, you need to do so slowly, or they can experience digestive issues. For the sake of your litter box (or your couch, carpet, or rug), start by mixing a little bit of new food with their regular food, adding a little more of the new stuff each day.
G/O Media may get a commission
Distract them with puzzle feeders
One possible solution for distracting your hangry cat is to get some puzzle feeders, which are toys that you can load with a few pieces of dry food. To get at the food, the cat has to figure out the puzzle. Assuming your cat doesn’t give you the death stare for treating them like a rat in a maze, this can help them adjust to the new feeding schedule and deal with boredom.
Put food where only one cat can access it
If the thought of trying to make your cats stick to specific meal-times still makes you twitch, another solution is to put the smaller cat’s food in an area the bigger cat can’t reach. For example, my friend Jon put the smaller cat’s food on top of the fridge, where his bigger cat couldn’t jump. There are also pet feeders that will only open for a designated pet based on their microchip, a fancier way to keep their food separate without having to resort to scheduled meal-times.
If one of your cats has specific dietary need, this is a good way to ensure your cats don’t sample one another’s food. Of course, there’s still nothing you can do about being woken up at 2 a.m. by a hungry cat. That’s a problem you’ll have to figure out on your own.
There is much to ponder in the infinite mysteries of outer space, but...what’s it smell like? It turns out that much, if not all, of the seeing the wonders of space would be accompanied by a distinct aroma—or stench. Space has a smell, but it’s only astronauts (and perhaps your odd corporate CEO with a thirst for interplanetary exploration) who’ll ever get to experience it.
Does space have a smell?
It’s worth noting that no astronaut actually smells space, but rather catches whiffs indirectly. There is no oxygen outside of one’s space suit, meaning an attempt to smell space like you might a scented candle is impossible because it would invariably result in death. Still, astronauts have long been pretty unanimous in their consensus of what they can detect wafting through the void: It smells like “gunpowder, seared steak, raspberries, and rum,” according to a group of NASA astronauts who created a space-themed fragrance last year.
As astronauts explained to the Australian Academy of Sciences, the smells they’ve encountered on space walks are a bit strange:
[A] rather pleasant metallic sensation ... [like] ... sweet-smelling welding fumes’, ‘burning metal’, ‘a distinct odour of ozone, an acrid smell’, ‘walnuts and brake pads’, ‘gunpowder’ and even ‘burnt almond cookie.’
G/O Media may get a commission
Or, to hear an actual astronaut tell of their experience, here’s Don Pettit describing space smells, courtesy of Live Science:
The best description I can come up with is metallic; a rather pleasant sweet metallic sensation. It reminded me of my college summers where I labored for many hours with an arc welding torch repairing heavy equipment for a small logging outfit. It reminded me of pleasant sweet smelling welding fumes.
Why does space smell like that?
There’s no unanimous determination, but researchers suspect it has something to do with a “chemical reaction which occurs within the spacecraft during re-pressurisation,” as the AAS writes. It’s surmised by researchers that atomic oxygen attaches to an astronaut’s space suit and enter the craft. When the spaceship re-pressurizes, these single atoms collide with oxygen and then become ozone, which might be the source of the strange smells.
Whatever the source actually is, researchers suspect that the collision of molecules from space with oxygen certain plays a role. One researcher told the Atlantic in 2012 that the smell is likely the product of: “high-energy vibrations in particles brought back inside which mix with the air.”
The Canadian astronaut Chris Hadfield posited a slightly similar guess last year, telling Wired that space is likely odorless in actuality. He suspects “the vacuum of space sucks trace chemicals out of the walls of a spacecraft,” creating the burning, sulphuric smell associated with space, NPR wrote, summarizing the interview. Whatever the true cause is, space will likely be associated with these bizarre odors for as long as humans are donning space suits and blasting off into the cosmos.
Red Hat announced Red Hat OpenShift 4.8, the latest version of the enterprise Kubernetes platform. Providing a powerful foundation to develop and connect diverse workloads across the hybrid cloud, Red Hat OpenShift 4.8 helps organizations accelerate the creation of new cloud-native applications without abandoning existing environments and IT investments.
As organizations grow application landscapes to meet evolving needs, Kubernetes-powered cloud platforms need to not only span all open hybrid cloud infrastructure footprints, but also the variety of workloads and applications running on this foundation.
A recent Red Hat-sponsored study conducted by Pulse further expands upon this need, with the survey highlighting evolving trends for application usage on Kubernetes. Respondents reported a wide variety of workloads deployed on containers and Kubernetes, including:
Databases or data cache
Data ingestion, cleansing, analytics
Logging and monitoring
Web and application servers
Artificial Intelligence and Machine Learning software
Custom apps based on Java and Microsoft .NET frameworks
As new customer goals continue to create room for market innovation, Red Hat OpenShift 4.8 provides organizations a common foundation to more consistently develop, deploy and run a hybrid mix of applications and services.
Organizations across the globe including AXA France, Bao-zun, Türkiye İş Bankası and WorldPay from FIS are turning to Red Hat OpenShift to run heterogeneous workloads, from modern data analytics and AI/ML to modernizing traditional applications built on Java and .NET frameworks. The latest release of Red Hat OpenShift helps to further accelerate developing and running a mix of applications across the entirety of the hybrid cloud.
Accelerated development and simplified management across workloads
Red Hat OpenShift 4.8, based on Kubernetes 1.21 and CRI-O 1.21 runtime interface, further simplifies the developer experience while helping expand the use cases and workload possibilities across industries. New features and enhancements include:
IPv6/IPv4 dual stack and IPv6 single stack support provides applications with interoperability and communications for environments using IPv6 in addition to IPv4 such as in Cloud-Native Network Functions for telecommunications, and government agencies globally that require IPv6 support. This capability helps provide additional security for applications, including regulatory compliance.
OpenShift Pipelines now allows users to declaratively define, version and track changes to their application delivery pipelines alongside their application source code in Git repositories. By doing so, developers can rely on the Git workflow to automate the deployment of their CI/CD pipelines, turning code into features at a faster and more secure pace for the business. Developers can rely on the Git workflow for managing their pipelines and leave an audit trail as Git commits as the pipelines are collaboratively updated throughout their lifecycle.
An enhanced developer experience within the OpenShift console, including the ability for Spring Boot developers to code and test locally before sharing the code more broadly. Additionally, to further improve development with Serverless, Red Hat OpenShift 4.8 enables advanced scaling options for the developer console.
OpenShift Serverless functions capability enables developers to create and run functions, on demand, on OpenShift. Available as a technology preview, OpenShift Serverless functions help to simplify, automate and speed up application development and operations, removing the burden of manual infrastructure provisioning and scaling.
OpenShift sandboxed containers, based on the Kata Containers open source project, provide a more secure container runtime using lightweight virtual machines. Available as a technology preview, this adds capabilities for specific workloads that require extremely stringent application-level security. While the vast majority of applications and services are well-served by the strong security features of Linux containers, sandboxed containers provide an additional layer of isolation ideal for highly-sensitive tasks, such as privileged workloads or running untrusted code.
Expanded partner ecosystem
Over the past several years, Red Hat has seen growth in the number of Independent Software Vendor (ISV) partner workloads running on Red Hat OpenShift. According to the survey by Pulse, 63% of respondents run either a mix of ISV and custom workloads, or just ISV workloads on containers and Kubernetes.
To provide even more choice for organizations, Red Hat has expanded Red Hat OpenShift Certification to support a broader range of workloads on the enterprise Kubernetes platform. Red Hat partners can now enable and certify software solutions on OpenShift through either Operators or Helm charts. With this enhanced certification, partners can more easily tap into Kubernetes-native technologies to manage and scale software deployments.
The certified OpenShift ecosystem with Kubernetes Operators and Helm certification, now includes over 150 partner solutions, with recently certified Operators including: Intel OpenVINO Model Server and OpenNESS, Ionir container-native data platform for Kubernetes, MinIO hybrid cloud object storage, MongoDB Atlas cloud database service and certified Helm charts for HashiCorp Vault. This integrated ecosystem helps empower organizations with solutions that work hand-in-hand with OpenShift and answer a broad spectrum of cloud-native needs, including databases, AI/ML tools, application runtimes, developer tools, storage, networking, security, monitoring and logging, and more.
Additionally, to further empower organizations, Red Hat Services provides application development expertise and proven field experience to help organizations navigate the complexities of building modern, scalable, hybrid applications.
Availability
Red Hat OpenShift 4.8 is expected to be generally available in July, including the ability to try it on the Developer Sandbox for Red Hat Openshift.
“Red Hat understands that no two applications are alike and each has unique needs. Red Hat OpenShift is designed to support organizations regardless of workload type or where an application lives across the hybrid cloud. With Red Hat OpenShift 4.8, we further that vision by making it even easier for organizations to run a diverse mix of workloads from data driven intelligent applications to the mission critical traditional applications that teams are working to modernize,” said Joe Fernandes, vice president and general manager, Cloud Platforms, Red Hat.
“We are using Red Hat OpenShift to deploy large AI/ML models that automate our contract subscription process, which was previously manual and error-prone. We use a PaaS service from AXA Group Operations called OpenPaaS, a superset of OpenShift, making it easier for us to consume OpenShift in compliance with AXA security rules. We are able to build AI/ML models that automatically scan and validate documents, and improve client satisfaction. Additionally, we use GitOps for automating deployment and it helps us carry out up to 10 deployments a day,” said Pierre-Henri Gache, cloud solution architect, AXA France.