Watch two rocket launches live, including a Space Station supply flight and a mission to study the Sun

There are two – that’s right two – launches happening this Sunday, and both are set to broadcast live on NASA’s official stream above. The first is a NASA International Space Station resupply mission, with a Norhtrop Grumman Cygnus spacecraft launching aboard an Antares rocket from Wallops Island in Virginia at 5:39 PM EST (2:39 PM PST). The second is the launch of the Solar Orbiter spacecraft, a joint scientific mission by NASA and the European Space Agency (ESA) that’s set to take off aboard a United Launch Alliance (ULA) Atlas V rocket from Cape Canaveral, Florida at 11:03 PM EST (8:03 PM PST).

The ISS resupply mission is the 13th operated by Northrop Grumman, and will carry around 8,000 lbs of experiment materials, supplies for the STation’s astronaut crew, and additional cargo including various cargo. If all goes to plan, the Cygnus spacecraft will get to the Space Station on Tuesday at around 4:30 AM EST, where astronauts on board will capture the spacecraft with the station’s robotic arm for docking.

The NASA/ESA Solar Orbiter mission is a bit more of an event, since it’s a launch of a very special payload with a dedicated mission to study the Sun, launching aboard a brand new custom configuration of ULA’s Atlas V rocket tailor-made for the Orbiter. The Orbiter has a mass of nearly 4,000 lbs, and a wingspan of nearly 60 feet, and is carrying a complement of 10 instruments for gathering data from our Solar System’s central player.

Solar Orbiter will take the first ever direct images of the Sun’s poles once it arrives at our star, but it first has to get there, using the gravitational force of both Earth and Venus to help propel it along its path. Already, the planned launch of Solar Orbiter has been delayed by a few days – and timing is key to making sure those gravitational forces can work as designed to get it to tis goal, so here’s hoping today’s launch goes off as planned.

As its name implies, Solar Orbiter is designed to orbit the Sun – and it’ll do so from a relatively close distance of around 26 million miles away. That’s closer than Mercury, the planet in our solar system closest to the Sun, and at that distance it’ll still face max temperatures of around 520 degrees Celsius (968 degrees Fahrenheit). To endure those temps, the spacecraft is protected by a titanium heat shield that will always be oriented towards the star, and even its solar panels will actually have to tilt away from the Sun during the spacecraft’s closest approach to make sure they don’t get too hot while powering the satellite.

Solar Orbiter will study the Sun’s polar regions, as mentioned, and shed some light on how its magnetic field and emissions of particles from the star affect its surrounding cosmic environment, including the region of space that we inhabit here on Earth. After launch, Orbiter should make its way to Venus for a flyby this December, then cost paths with Earth for a planned approach in November, 2021, before making its first close approach to the Sun in 2022.

Check back above for live views of both launches, with the stream for the first mission kicking off shortly after 5 PM EST (2PM PST).

via Click on the link for the full article

The war against space hackers: how the JPL works to secure its missions from nation-state adversaries

NASA’s Jet Propulsion Laboratory designs, builds, and operates billion-dollar spacecraft. That makes it a target. What the infosec world calls Advanced Persistent Threats — meaning, generally, nation-state adversaries — hover outside its online borders, constantly seeking access to its “ground data systems,” its networks on Earth, which in turn connect to the ground relay stations through which those spacecraft are operated.

Their presumptive goal is to exfiltrate secret data and proprietary technology, but the risk of sabotage of a billion-dollar mission also exists. Over the last few years, in the wake of multiple security breaches which included APTs infiltrating their systems for months on end, the JPL has begun to invest heavily in cybersecurity.

I talked to Arun Viswanathan, a key NASA cyber security researcher, about that work, which is a fascinating mix of “totally representative of infosec today” and “unique to the JPL’s highly unusual concerns.” The key message is firmly in the former category, though: information security has to be proactive, not reactive.

Each mission at JPL is like its own semi-independent startup, but their technical constraints tend to be very unlike those of Valley startups. For instance, mission software is usually homegrown/innovative, because their software requirements are so much more stringent: for instance, you absolutely cannot have software going rogue and consuming 100% of CPU on a space probe.

Successful missions can last a very long time, so the JPL has many archaic systems, multiple decades old, which are no longer supported by anyone; they have to architect their security solutions around the limitations of that ancient software. Unlike most enterprises, they are open to the public, who tour the facilities by the hundred. Furthermore, they have many partners, such as other space agencies, with privileged access to their systems.

All that … while being very much the target of nation-state attackers. Theirs is, to say the last, an interesting threat model.

Viswanathan has focused largely on two key projects. One is the creation of a model of JPL’s ground data systems — all its heterogeneous networks, hosts, processes, applications, file servers, firewalls, etc. — and a reasoning engine on top of it. This then can be queried programmatically. (Interesting technical side note: the query language is Datalog, a non-Turing-complete offshoot of venerable Prolog which has had a resurgence of late.)

Previous to this model, no one person could confidently answer “what are the security risks of this ground data system?” As with many decades-old institutions, that knowledge was largely trapped in documents and brains.

With the model, ad hoc queries such as “could someone in the JPL cafeteria access mission-critical servers?” can be asked, and the reasoning engine will search out pathways, and itemize their services and configurations. Similarly, researchers can work backwards from attackers’ goals to construct “attack trees,” paths which attackers could use to conceivably reach their goal, and map those against the model, to identify mitigations to apply.

His other major project is to increase the JPL’s “cyber situational awareness” — in other words, instrumenting their systems to collect and analyze data, in real time, to detect attacks and other anomalous behavior. For instance, a spike in CPU usage might indicate a compromised server being used for cryptocurrency mining.

In the bad old days, security was reactive: if someone had a problem and couldn’t access their machine, they’d call, but that was the extent of their observability. Nowadays, they can watch for malicious and anomalous patterns which range from the simple, such as a brute-force attack indicated by many failed logins followed by a successful one, to the much more complex, e.g. machine-learning based detection of a command system operating outside its usual baseline parameters.

Of course, sometimes it’s just an anomaly, not an attack. Conversely, this new observability is also helping to identify system inefficiencies, memory leakage, etcetera, proactively rather than reactively.

This may all seem fairly basic if you’re accustomed to, say, your Digital Ocean dashboard and its panoply of server analygics. But re-engineering an installed base of heterogeneous complex legacy systems for observability at scale is another story entirely. Looking at the borders and interfaces isn’t enough; you have to observe all the behavior inside the perimeter too, especially in light of partners with privileged access, who might abuse that access if compromised. (This was the root cause of the infamous 2018 attack on the JPL.)

While the JPL’s threat model is fairly unique, Viswanathan’s work is quite representative of our brave new world of cyberwarfare. Whether you’re a space agency, a big company, or a growing startup, your information security nowadays needs to be proactive. Ongoing monitoring of anomalous behavior is key, as is thinking like an attacker; reacting after you find out something bad happened is not enough. May your organization learn this the easy way, rather than joining the seemingly endless of headlines telling us all of breach after breach.

via Click on the link for the full article

The war against space hackers: how the JPL works to secure its missions from nation-state adversaries

NASA’s Jet Propulsion Laboratory designs, builds, and operates billion-dollar spacecraft. That makes it a target. What the infosec world calls Advanced Persistent Threats — meaning, generally, nation-state adversaries — hover outside its online borders, constantly seeking access to its “ground data systems,” its networks on Earth, which in turn connect to the ground relay stations through which those spacecraft are operated.

Their presumptive goal is to exfiltrate secret data and proprietary technology, but the risk of sabotage of a billion-dollar mission also exists. Over the last few years, in the wake of multiple security breaches which included APTs infiltrating their systems for months on end, the JPL has begun to invest heavily in cybersecurity.

I talked to Arun Viswanathan, a key NASA cyber security researcher, about that work, which is a fascinating mix of “totally representative of infosec today” and “unique to the JPL’s highly unusual concerns.” The key message is firmly in the former category, though: information security has to be proactive, not reactive.

Each mission at JPL is like its own semi-independent startup, but their technical constraints tend to be very unlike those of Valley startups. For instance, mission software is usually homegrown/innovative, because their software requirements are so much more stringent: for instance, you absolutely cannot have software going rogue and consuming 100% of CPU on a space probe.

Successful missions can last a very long time, so the JPL has many archaic systems, multiple decades old, which are no longer supported by anyone; they have to architect their security solutions around the limitations of that ancient software. Unlike most enterprises, they are open to the public, who tour the facilities by the hundred. Furthermore, they have many partners, such as other space agencies, with privileged access to their systems.

All that … while being very much the target of nation-state attackers. Theirs is, to say the last, an interesting threat model.

Viswanathan has focused largely on two key projects. One is the creation of a model of JPL’s ground data systems — all its heterogeneous networks, hosts, processes, applications, file servers, firewalls, etc. — and a reasoning engine on top of it. This then can be queried programmatically. (Interesting technical side note: the query language is Datalog, a non-Turing-complete offshoot of venerable Prolog which has had a resurgence of late.)

Previous to this model, no one person could confidently answer “what are the security risks of this ground data system?” As with many decades-old institutions, that knowledge was largely trapped in documents and brains.

With the model, ad hoc queries such as “could someone in the JPL cafeteria access mission-critical servers?” can be asked, and the reasoning engine will search out pathways, and itemize their services and configurations. Similarly, researchers can work backwards from attackers’ goals to construct “attack trees,” paths which attackers could use to conceivably reach their goal, and map those against the model, to identify mitigations to apply.

His other major project is to increase the JPL’s “cyber situational awareness” — in other words, instrumenting their systems to collect and analyze data, in real time, to detect attacks and other anomalous behavior. For instance, a spike in CPU usage might indicate a compromised server being used for cryptocurrency mining.

In the bad old days, security was reactive: if someone had a problem and couldn’t access their machine, they’d call, but that was the extent of their observability. Nowadays, they can watch for malicious and anomalous patterns which range from the simple, such as a brute-force attack indicated by many failed logins followed by a successful one, to the much more complex, e.g. machine-learning based detection of a command system operating outside its usual baseline parameters.

Of course, sometimes it’s just an anomaly, not an attack. Conversely, this new observability is also helping to identify system inefficiencies, memory leakage, etcetera, proactively rather than reactively.

This may all seem fairly basic if you’re accustomed to, say, your Digital Ocean dashboard and its panoply of server analygics. But re-engineering an installed base of heterogeneous complex legacy systems for observability at scale is another story entirely. Looking at the borders and interfaces isn’t enough; you have to observe all the behavior inside the perimeter too, especially in light of partners with privileged access, who might abuse that access if compromised. (This was the root cause of the infamous 2018 attack on the JPL.)

While the JPL’s threat model is fairly unique, Viswanathan’s work is quite representative of our brave new world of cyberwarfare. Whether you’re a space agency, a big company, or a growing startup, your information security nowadays needs to be proactive. Ongoing monitoring of anomalous behavior is key, as is thinking like an attacker; reacting after you find out something bad happened is not enough. May your organization learn this the easy way, rather than joining the seemingly endless of headlines telling us all of breach after breach.

via Click on the link for the full article

The war against space hackers: how the JPL works to secure its missions from nation-state adversaries

NASA’s Jet Propulsion Laboratory designs, builds, and operates billion-dollar spacecraft. That makes it a target. What the infosec world calls Advanced Persistent Threats — meaning, generally, nation-state adversaries — hover outside its online borders, constantly seeking access to its “ground data systems,” its networks on Earth, which in turn connect to the ground relay stations through which those spacecraft are operated.

Their presumptive goal is to exfiltrate secret data and proprietary technology, but the risk of sabotage of a billion-dollar mission also exists. Over the last few years, in the wake of multiple security breaches which included APTs infiltrating their systems for months on end, the JPL has begun to invest heavily in cybersecurity.

I talked to Arun Viswanathan, a key NASA cyber security researcher, about that work, which is a fascinating mix of “totally representative of infosec today” and “unique to the JPL’s highly unusual concerns.” The key message is firmly in the former category, though: information security has to be proactive, not reactive.

Each mission at JPL is like its own semi-independent startup, but their technical constraints tend to be very unlike those of Valley startups. For instance, mission software is usually homegrown/innovative, because their software requirements are so much more stringent: for instance, you absolutely cannot have software going rogue and consuming 100% of CPU on a space probe.

Successful missions can last a very long time, so the JPL has many archaic systems, multiple decades old, which are no longer supported by anyone; they have to architect their security solutions around the limitations of that ancient software. Unlike most enterprises, they are open to the public, who tour the facilities by the hundred. Furthermore, they have many partners, such as other space agencies, with privileged access to their systems.

All that … while being very much the target of nation-state attackers. Theirs is, to say the last, an interesting threat model.

Viswanathan has focused largely on two key projects. One is the creation of a model of JPL’s ground data systems — all its heterogeneous networks, hosts, processes, applications, file servers, firewalls, etc. — and a reasoning engine on top of it. This then can be queried programmatically. (Interesting technical side note: the query language is Datalog, a non-Turing-complete offshoot of venerable Prolog which has had a resurgence of late.)

Previous to this model, no one person could confidently answer “what are the security risks of this ground data system?” As with many decades-old institutions, that knowledge was largely trapped in documents and brains.

With the model, ad hoc queries such as “could someone in the JPL cafeteria access mission-critical servers?” can be asked, and the reasoning engine will search out pathways, and itemize their services and configurations. Similarly, researchers can work backwards from attackers’ goals to construct “attack trees,” paths which attackers could use to conceivably reach their goal, and map those against the model, to identify mitigations to apply.

His other major project is to increase the JPL’s “cyber situational awareness” — in other words, instrumenting their systems to collect and analyze data, in real time, to detect attacks and other anomalous behavior. For instance, a spike in CPU usage might indicate a compromised server being used for cryptocurrency mining.

In the bad old days, security was reactive: if someone had a problem and couldn’t access their machine, they’d call, but that was the extent of their observability. Nowadays, they can watch for malicious and anomalous patterns which range from the simple, such as a brute-force attack indicated by many failed logins followed by a successful one, to the much more complex, e.g. machine-learning based detection of a command system operating outside its usual baseline parameters.

Of course, sometimes it’s just an anomaly, not an attack. Conversely, this new observability is also helping to identify system inefficiencies, memory leakage, etcetera, proactively rather than reactively.

This may all seem fairly basic if you’re accustomed to, say, your Digital Ocean dashboard and its panoply of server analygics. But re-engineering an installed base of heterogeneous complex legacy systems for observability at scale is another story entirely. Looking at the borders and interfaces isn’t enough; you have to observe all the behavior inside the perimeter too, especially in light of partners with privileged access, who might abuse that access if compromised. (This was the root cause of the infamous 2018 attack on the JPL.)

While the JPL’s threat model is fairly unique, Viswanathan’s work is quite representative of our brave new world of cyberwarfare. Whether you’re a space agency, a big company, or a growing startup, your information security nowadays needs to be proactive. Ongoing monitoring of anomalous behavior is key, as is thinking like an attacker; reacting after you find out something bad happened is not enough. May your organization learn this the easy way, rather than joining the seemingly endless of headlines telling us all of breach after breach.

via Click on the link for the full article

Startups Weekly: Asana numbers likely to be what the market wants

[Editor’s note: Want to get this weekly review of news that startups can use? Just subscribe here.] 

Asana may get more attention than the average SaaS company due to the Facebook pedigrees and outspoken views of its founders, but in practice it’s a low-profile, cash-efficient machine. Today, the productivity toolmaker does not need to raise cash via a traditional IPO, as we explored this week following its filing for a direct listing, even though it hasn’t raised that much money compared to other unicorns.

Alex Wilhelm dug into public numbers on Extra Crunch to make an educated guess about its pricing prospects:

Let’s presume that Asana crossed the $100 million ARR mark as 2018 came to a close. And, for the sake of discussion, that its eight quarters of revenue growth acceleration left the company with a 60% expansion rate. Then, Asana would have closed up 2019 with $160 million in ARR. (You can easily change up the numbers by tweaking when the company reached the nine-figure ARR mark and its ensuing growth rate.). …

Asana is likely worth more than its final private valuation of $1.5 billion. Presuming it can get a bog-standard 12x multiple on its ARR, the company would be worth $1.8 billion. If it can do better, or is larger than that, the value of the firm quickly rises.

Unlike Casper’s struggles, and One Medical’s somewhat surprising consumery pop, Asana is a straightforward bet for a good public performance based on traditional SaaS metrics. Stay tuned for more next week.

GettyImages 926051128

VCs are still pouring money into open source

In this week’s investor survey, Arman Tabatabai talked to 18 of the most active and successful investors in open-source and devops software about the latest trends. The money going into the sector has grown by 10% CAGR over the last five years, and nobody he talked to plans to slow down — in fact, many said the market was under-heated, or just halfway there. Why? Every company is trying to become more of a software company, developers now get to make more adoption and purchasing decisions, and there are countless software problems yet to solve.

The investors in Part 1 of the survey on Extra Crunch:

  • Vas Natarajan, Accel
  • Stephanie Zhan, Sequoia Capital
  • Tomasz Tunguz, Redpoint Ventures
  • Deepak Jeevankumar, Dell Technologies Capital
  • Anna Khan, CRV
  • Peter Levine, Andreessen Horowitz
  • Ilya Kirnos, SignalFire
  • S. Somasegar, Madrona Venture Group

The investors in Part 2:

  • Gaurav Gupta, Lightspeed Venture Partners
  • Julia Schottenstein, New Enterprise Associates (NEA)
  • Peter Sonsini, New Enterprise Associates (NEA)
  • Salil Deshpande, Uncorrelated Ventures
  • Ethan Kurzweil, Bessemer Venture Partners
  • Sakib Dadi, Bessemer Venture Partners
  • Jenny Gao, Bessemer Venture Partners
  • Mike Droesch, Bessemer Venture Partners
  • Lonne Jaffe, Insight Partners
  • Jai Das, Sapphire Ventures

GettyImages 860704620

The latest startup funds are even more meta

It seems like everyone wants to invest in tech startups these days, including any large company or government body — and even tech startups. In the latest news on this long-running trend, cap table management unicorn Carta is starting its own fund to invest in companies. Given its in-house data and broad relationships in the industry, this seems like great positioning for some hot deals (as long as the clients on the platform don’t mind, of course).

Meanwhile, a couple of successful, currently active founders will also be ramping up their seed investments. Superhuman founder and CEO Rahul Vohra and Eventjoy founder Todd Goldberg are teaming up to create “The Todd & Rahul Angel Fund” which will put $7 million from an LP base of other founders and operators to work. The dollars involved may be small, but the signaling is likely to be very high.

Organized (tech) labor

Silicon Valley investors and founders have avoided unions for decades by giving employees a cut of the ownership directly. But is this arrangement changing? The rise of gig work, the questions about high valuations and future stock prices, the grind of life at many unicorn startups, and general concern about tech culture and ethics have combined to make some workers look harder at unions, as Megan Rose Dickey covered this week in an ongoing series.

Other workers, meanwhile, are striking out to form tech coops that share ownership from the start. She talked to a couple folks on this front as well, including one coop that is helping ride-share drivers to make more money.

Around the horn

Here’s why so many fintech startups are loaning to small businesses (EC)

Europe risks squandering its global advantage in deep tech innovation (TC)

What to expect when pitching European VCs (TC)

Dear Sophie: My H-1B was renewed, but I’m getting laid off (EC)

Latin America takes the global lead in VC directed to female co-founders (TC)

Why VCs are dumping money into insurance marketplaces (EC)

As a top manager leaves amid fundraising woes, SoftBank’s vision looks dimmer — and schadenfreude abounds (TC)

Why this VC thinks we’re heading for a cloud slowdown (EC)

#EquityPod

In this week’s episode, Alex and Danny sat down with Rick Yang of NEA, examined Casper and One Medical in more detail, and covered a few new funds and fundraises — including more thoughts on the Asana numbers. Check it out!

via Click on the link for the full article