Enlarge (credit: Darrell Gulin | The Image Bank)

After more than a year as an exclusive invite-only social media platform, Bluesky is now open to the public, so anyone can join without needing a once-coveted invite code.

In a blog, Bluesky said that requiring invite codes helped Bluesky "manage growth" while building features that allow users to control what content they see on the social platform.

When Bluesky debuted, many viewed it as a potential Twitter killer, but limited access to Bluesky may have weakened momentum. As of January 2024, Bluesky has more than 3 million users. That's significantly less than X (formerly Twitter), which estimates suggest currently boasts more than 400 million global users.

Enlarge / A photo of David L. Mills taken by Raul654 on April 27, 2005. (credit: Raul654 / Benj Edwards / Getty Images)

On Thursday, Internet pioneer Vint Cerf announced that Dr. David L. Mills, the inventor of Network Time Protocol (NTP), died peacefully at age 85 on January 17, 2024. The announcement came in a post on the Internet Society mailing list after Cerf was informed of David's death by Mills' daughter, Leigh.

"He was such an iconic element of the early Internet," wrote Cerf.

Dr. Mills created the Network Time Protocol (NTP) in 1985 to address a crucial challenge in the online world: the synchronization of time across different computer systems and networks. In a digital environment where computers and servers are located all over the world, each with its own internal clock, there's a significant need for a standardized and accurate timekeeping system.

Enlarge (credit: Getty Images)

Orange España, Spain’s second-biggest mobile operator, suffered a major outage on Wednesday after an unknown party obtained a “ridiculously weak” password and used it to access an account for managing the global routing table that controls which networks deliver the company's Internet traffic, researchers said.

The hijacking began around 9:28 Coordinated Universal Time (about 2:28 Pacific time) when the party logged into Orange’s RIPE NCC account using the password “ripeadmin” (minus the quotation marks). The RIPE Network Coordination Center is one of five Regional Internet Registries, which are responsible for managing and allocating IP addresses to Internet service providers, telecommunication organizations, and companies that manage their own network infrastructure. RIPE serves 75 countries in Europe, the Middle East, and Central Asia.

“Things got ugly”

The password came to light after the party, using the moniker Snow, posted an image to social media that showed the orange.es email address associated with the RIPE account. RIPE said it's working on ways to beef up account security.

Enlarge (credit: Getty Images)

Roughly 11 million Internet-exposed servers remain susceptible to a recently discovered vulnerability that allows attackers with a foothold inside affected networks. Once they're in, attackers compromise the integrity of SSH sessions that form the lynchpin for admins to securely connect to computers inside the cloud and other sensitive environments.

Terrapin, as the vulnerability has been named, came to light two weeks ago in a research paper published by academic researchers. Tracked as CVE-2023-48795, the attack the researchers devised works when attackers have an adversary-in-the-middle attack (also abbreviated as AitM and known as man-in-the-middle or MitM), such as when they’re positioned on the same local network and can secretly intercept communications and assume the identity of both the recipient and the sender.

In those instances, Terrapin allows attackers to alter or corrupt information transmitted in the SSH data stream during the handshake—the earliest connection stage, when the two parties negotiate the encryption parameters they will use to establish a secure connection. As such, Terrapin represents the first practical cryptographic attack targeting the integrity of the SSH protocol itself. It works by targeting BPP (Binary Packet Protocol), which is designed to ensure AitMs can’t add or drop messages exchanged during the handshake. This prefix truncation attack works when implementations support either the "ChaCha20-Poly1305" or "CBC with Encrypt-then-MAC," cipher modes, which, at the time the paper was published, was found in 77 percent of SSH servers.

Enlarge / Dr. Charles H. Townes, inventor of the maser, a key component of atomic clocks, illustrates the differences between it and a standard clock. (credit: Getty Images)

One of the leading thinkers on how humans track time has a big, if simple, proposal for dealing with leap seconds: Don't worry about them. Do leap minutes instead, maybe one every half-century or so.

"We all need to relax a little bit," said Judah Levine, leader of the Network Synchronization Project in the Time and Frequency Division at the National Institute of Standards and Technology (NIST), to The New York Times. Leap seconds—when coordinated, near-impeccable atomic time is halted for one second to synchronize with the Earth's comparatively erratic movements—are a big headache, especially to computer technology.

The International Bureau of Weights and Measures (IBWM) has already voted to eliminate leap seconds entirely by 2035, or at least how they are currently implemented. Levine plans to submit a paper outlining a "leap minute," timed to the next World Radiocommunications Conference held by the International Telecommunication Union (ITU). Starting November 20 in Dubai, United Arab Emirates, the world's radio and communications policymakers will debate various measures and standards. The Times suggests Levine's paper may be published after the conference, but awareness of it—including the Times story itself—should make it a point of contention.