Page 250«..1020..249250251252..260270..»

Fujitsu and Oracle Collaborate to Deliver Sovereign Cloud and AI Capabilities in Japan – PR Newswire

Fujitsu to deploy Oracle Alloy as part of its hybrid IT solutions

KAWASAKI, Japan and TOKYO, April 18, 2024 /PRNewswire/ -- Fujitsu Limited and Oracle are collaborating to deliver sovereign cloud and AI capabilities that help address the digital sovereignty requirements of Japanese businesses and the public sector. With Oracle Alloy, Fujitsu will expand its Hybrid IT offerings for FujitsuUvance,which helps customers grow their businesses and solve societal issues. Fujitsu will be able to operate Oracle Alloy independently in its data centers in Japan with additional control over its operations.

Fujitsuwill deploy Oracle Alloy, a cloud infrastructure platform that provides more than 100 Oracle Cloud Infrastructure(OCI) services, including generative AI, as part of its Fujitsu Uvance Hybrid ITportfolio, which supports customers with on-premises and cloud-based infrastructure. This will enable businesses and the public sector to utilize sovereign cloud infrastructure and sovereign AI directly from data centers operated by Fujitsu in Japan.Oracle is a leading hyperscaler capable of delivering AI and a full suite of 100+ cloud services locally, anywhere.Based on the knowledge accumulated through use cases in the Japanese market, Fujitsu will actively consider expanding Oracle Alloy to other markets.

Kazushi Koga, SEVP, Fujitsu Ltd., said,"Fujitsu has been working with partners who have strengths in their respective fields to solve customers' challenges as part of its Fujitsu Uvance Hybrid IT offerings. Our collaboration with Oracle positions us to deliver a sovereign cloud offering that enables hyperscale functionality and digital sovereignty capabilities while ensuring operational governance by Fujitsu."

Scott Twaddle, senior vice president, Product and Industries, Oracle Cloud Infrastructure,said, "With Oracle Alloy we will be bringing our best cloud technologies to help Fujitsu's customers transform and modernize their businesses and society. Fujitsu's sovereign cloud approach in Japan is a testament to their forward-looking technology strategy. We look forward to continuing to partner with Fujitsu to bring cloud services to more customers around the world."

Toshimitsu Misawa, member of the board, corporate executive officer and president, Oracle Japan, said, "This strategic collaboration with Fujitsu is an important step forward in delivering a cloud that addresses the digital sovereignty requirements of Japanese businesses and the public sector. Fujitsu and Oracle will continue to promote the use of cutting-edge cloud technologies, including sovereign AI, to help customers improve the resilience of their mission-critical operations."

The collaboration will:

About FujitsuFujitsu's purpose is to make the world more sustainable by building trust in society through innovation. As the digital transformation partner of choice for customers in over 100 countries, our 124,000 employees work to resolve some of the greatest challenges facing humanity. Our range of services and solutions draw on five key technologies: Computing, Networks, AI, Data & Security, and Converging Technologies, which we bring together to deliver sustainability transformation. Fujitsu Limited (TSE:6702) reported consolidated revenues of 3.7 trillion yen (US$28 billion) for the fiscal year ended March 31, 2023 and remains the top digital services company in Japan by market share. Find out more: http://www.fujitsu.com.

About OracleOracle offers integrated suites of applications plus secure, autonomous infrastructure in the Oracle Cloud. For more information about Oracle (NYSE: ORCL), please visit us at http://www.oracle.com.

TrademarksOracle, Java, MySQL and NetSuite are registered trademarks of Oracle Corporation. NetSuite was the first cloud companyushering in the new era of cloud computing.

SOURCE Oracle

Continued here:
Fujitsu and Oracle Collaborate to Deliver Sovereign Cloud and AI Capabilities in Japan - PR Newswire

Read More..

Alleged cryptojacking scheme consumed $3.5M of stolen computing to make just $1M – Ars Technica

Getty Images

Federal prosecutors indicted a Nebraska man on charges he perpetrated a cryptojacking scheme that defrauded two cloud providersone based in Seattle and the other in Redmond, Washingtonout of $3.5 million.

The indictment, filed in US District Court for the Eastern District of New York and unsealed on Monday, charges Charles O. Parks III45 of Omaha, Nebraskawith wire fraud, money laundering, and engaging in unlawful monetary transactions in connection with the scheme. Parks has yet to enter a plea and is scheduled to make an initial appearance in federal court in Omaha on Tuesday. Parks was arrested last Friday.

Prosecutors allege that Parks defrauded two well-known providers of cloud computing services of more than $3.5 million in computing resources to mine cryptocurrency. The indictment says the activity was in furtherance of a cryptojacking scheme, a term for crimes that generate digital coin through the acquisition of computing resources and electricity of others through fraud, hacking, or other illegal means.

Details laid out in the indictment underscore the failed economics involved in the mining of most cryptocurrencies. The $3.5 million of computing resources yielded roughly $1 million worth of cryptocurrency. In the process, massive amounts of energy were consumed.

Parks scheme allegedly used a variety of personal and business identities to register numerous accounts with the two cloud providers and in the process acquiring vast amounts of computing processing power and storage that he never paid for. Prosecutors said he tricked the providers into allotting him elevated levels of services and deferred billing accommodations and deflected the providers inquiries regarding questionable data usage in unpaid bills. He allegedly then used those resources to mine Ether, Litecoin, and Monero digital currencies.

The defendant then allegedly laundered the proceeds through cryptocurrency exchanges, an NFT marketplace, an online payment provider, and traditional bank accounts in an attempt to disguise the illegal scheme. Once proceeds had been converted to dollars, Parks allegedly bought a Mercedes-Benz, jewelry, first-class hotel and travel accommodations, and other luxury goods and services.

From January to August 2021, prosecutors allege, Parks created five accounts with the Seattle-based on-demand cloud computing platform using different names, email addresses, and corporate affiliations. He then allegedly tricked and defrauded employees of the platform into providing elevated levels of service, deferring billing payments, and failing to discover the activity.

During this time, Parks repeatedly requested that the provider provide him access to powerful and expensive instances that included graphics processing units used for cryptocurrency mining and launched tens of thousands of these instances to mine cryptocurrency, employing mining software applications to facilitate the mining of tokens including ETH, LTC and XMR in various mining pools, and employing tools that allowed him to maximize cloud computing power and monitor which instances were actively mining on each mining pool, prosecutors wrote in the indictment.

Within a day of having one account suspended for nonpayment and fraudulent activity, Parks allegedly used a new account with the provider. In all, Parks allegedly consumed more than $2.5 million of the Seattle-based providers services.

The prosecutors went on to allege that Parks used similar tactics to defraud the Redmond provider of more than $969,000 in cloud computing and related services.

Prosecutors didnt say precisely how Parks was able to trick the providers into giving him elevated services, deferring unpaid payments, or failing to discover the allegedly fraudulent behavior. They also didnt identify either of the cloud providers by name. Based on the details, however, they are almost certainly Amazon Web Services and Microsoft Azure. Representatives from both providers didnt immediately return emails seeking confirmation.

If convicted on all charges, Parks faces as much as 30 years in prison.

The rest is here:
Alleged cryptojacking scheme consumed $3.5M of stolen computing to make just $1M - Ars Technica

Read More..

Google Fires 28 Staffers Involved in Office Protests Over Israel Contract – TheWrap

Google fired the 28 employees who protested against the Alphabet divisions $1.2 billion cloud-computing contract with the Israeli government, just days after they staged sit-ins at offices around the nation.

The protests took place Tuesday at offices in New York City, Sunnyvale, California, Seattle and elsewhere. The group in Sunnyvale occupied the office of Google Cloud CEO Thomas Kurian and livestreamed the sit-in on a Twitch channel called notech4apartheid.

On the stream, they said New York staffers had been arrested after they sat down in a common space in the office and opened up a banner reading, No Tech for Genocide. They were released several hours later.

The protest focused on Project Nimbus, the cloud computing service Google provides Israeli government agencies in partnership with Amazon as part of a contract worth $1.2 billion.

The group also has a website, NoTechForAparteid.com, which encourages visitors to petition both Google and Amazon to stop doing business with Israel.

While the contract has long been an issue for some of Googles staffers, the tensions surrounding it have escalated since the start of Israel-Gaza war in October, The New York Times reported.

Google Vice President for Global Security Chris Rackow said in a company-wide email that the staffers were let go after they took over our office spaces, defaced our property and physically impeded the work of other Googlers..

Their behavior was unacceptable, extremely disruptive, and made co-workers feel threatened, said the memo, which CNBC posted.

Rackow said the 28 were fired after an investigation. We will continue to investigate and take action as needed, he wrote. Behavior like this has no place in our workplace and we will not tolerate it.

The overwhelming majority of our employees do the right thing, Rackow continued. If youre one of the few who are tempted to think were going to overlook conduct that violates our policies, think again.

No Tech for Apartheid said in a statement that the comapny indiscriminately engaged in wholesale firings, including of some workers who did not take part in the protests through a dragnet of in-office surveillance and denied damaging property or threatening colleagues.

This flagrant act of retaliation is a clear indication that Google values its $1.2 billion contract with the genocidal Israeli government and military more than its own workers, the statement said. In the three years that we have been organizing against Project Nimbus, we have yet to hear from a single executive about our concerns. Google workers have the right to peacefully protest about terms and conditions of our labor. These firings were clearly retaliatory.

These mass, illegal firings will not stop us, the statement continued. On the contrary, they only serve as further fuel for the growth of this movement. Make no mistake, we will continue organizing until the company drops Project Nimbus and stops powering this genocide.

See the original post here:
Google Fires 28 Staffers Involved in Office Protests Over Israel Contract - TheWrap

Read More..

Exploring Cloud Native Application Protection Platforms: Enhancing Security – Appinventiv

Cloud computing, at the back of its wide-ranged benefits spanning across scalability, high mobility, easy data recovery, high performance, and quick deployment, has come at a stage where the market is set to reach $676 billion in 2024.

While on one side, the idea of having on-cloud presence is becoming mainstream, the other side one which needs clear assurances is directing questions around business data safety towards cloud providers. And for fair reasons.

Even with the promise of strict security measures being diligently embedded in their systems, there have been instances where 80% of companies have experienced one serious cloud security incident in the past few years. Additionally, 24% of the companies reported experiencing a security incident related to public cloud usage. The most common types of incidents were misconfigurations, account compromises, and exploited vulnerabilities.

Reports also mention that more than 45% of data breaches are cloud-based. In addition to this, more than 96% of organizations face significant challenges while implementing their cloud strategies. Among the challenges, 35% of IT decision-makers struggle with data privacy and security issues while 34% face a lack of cloud security skills and expertise.

The transition to cloud has introduced a range of new security gaps. For example, the growth in ephemeral and dynamic environments operating inside the cloud ecosystem have increased operational complexities and birthed unique unpredictable interactions.

Also earlier, most of the cloud security tooling was focused on enabling teams to understand their infrastructure security. However, its not enough anymore. Security toolset should now ask, Is my cloud application secure?

As an industry response, cloud-native applications security has come into picture through CNAPP.

A cloud-native application protection platform is a cloud security model which follows a highly integrated lifecycle approach that protects both workloads and hosts in the cloud-native application development environments. Environments that come with their own unique demands and issues.

These cloud-native security solutions offer powerful automation abilities, which when calibrated rightly improves cloud admins efficiency. As a result, all the siloed solutions of application security gets unified and raises the expectations that businesses have with next-gen application security solutions.

The true essence of cloud application protection platform, however, can be best understood by looking into the extent of cloud security challenges it solves.

The absence of CNAP security opens several security loopholes in application development and deployment, leaving software prone to hacks and breach vulnerabilities. But that is not all. Here are some other reasons that make cloud-native network security exploration a must-have.

Getting visibility in agile-run development projects can be challenging. The teams tend to be extremely self-organizing, which leads to a situation where they use multiple methods to organize and track themselves across sprints and teams. This, while helps things move swiftly, makes the development efforts opaque to stakeholders.

CNAP cybersecurity platform increases visibility across multiple stages and components in the software lifecycle. It gives a microscopic context to all the information present in the system along with actionable data, which, in turn, makes it easy for the developers to mitigate security issues like misconfigurations with their existing toolsets. This increased visibility also becomes beneficial when it comes to creating and prioritizing alerts on the basis of the risk levels.

Increased collaboration tends to be the biggest benefit of cloud-native applications; several teams are able to work on different parts of the project without ever interfering with each others tasks. While it definitely expedites the go-to-market time, expansion of sources can create a wider surface area for vulnerabilities to emerge.

A cloud-native security software addresses this by shifting the security element closer to the development stage. The system creates a model where components are scanned for security vulnerabilities before they are processed, ensuring at-risk components, misconfigurations in files such as infrastructure-as-code templates get identified before deployment. In the highly collaborative work environment, avoidance of misconfigured file sharing tends to save a lot of development resources time.

Another challenge that cloud adoption presents is the utilization of different independent security tools at multiple developmental stages. Managing the configuration of these tasks can be difficult, leading to businesses forgoing security across the end-to-end software spectrum. Some businesses even tend to deploy monitoring tools which end up duplicating tasks, adding to the security woes.

CNAP cybersecurity resolves these challenges by allowing businesses to safeguard the development production processes and infrastructure across the full software spectrum. This gives them a holistic security view right from when development components are received to when the software gets into production. Having a comprehensive view of the ongoing processes ultimately helps with real-time monitoring of infrastructure and applications, while powering speedy issues resolution.

CI/CD is the base of modern software development. The popular agile method depends heavily on the full-cycle automation of delivery processes. This comprises building process automation, testing, and releasing it. Even though the process makes software development easy and fast, if a misconfiguration or issue isnt picked up early, it can show up in the released version.

CNAPP solutions can be seamlessly embedded in the CI/CD and modern development tools. This helps businesses monitor build phase scanning and keep integrity in check.

One of the prominent issues of SecOps is the time manual scans take to verify vulnerabilities. Managing a toolset tends to become its own workstream, taking up resources. This especially happens because in a cloud environment components dont share information with each other.

A cloud-native network security service solves this through a unified monitoring system. Businesses can conduct tests on the components from the platform, which can help plan out the overall security approach for the remaining part of the project. This saves developers a lot of time, ensuring they can focus on other tasks that add value to the software.

Also Read: Why DevSecOps is crucial for tackling cloud security challenges

Now that we have looked into the benefits of CNAPP through the point of view of an unsafe cloud environment, let us look into the elements that make this possible.

Several components merge to form a high security-focused cloud native application protection platform.

CSPM solution identifies and resolves threats in the cloud environment. With functions comprising incident response, security risk assessment, and DevOps integration, the component utilizes automation for handling security risks swiftly, while working in sync with the IT security and development teams.

Now although CSPM parts of cloud-native network security service are compatible with both containerized and hybrid environments, they tend to be most efficient in multi-cloud environments as they can offer complete visibility into the cloud assets.

A CWPP solution comes with the capability to handle heavy workloads deployed on a companys cloud platform. Another great thing about the component is that development units can easily integrate it in the automated processes of their CI/CD flow, which is usually as a part of the build journey.

Additionally, CWPP doesnt just integrate with parts of the enterprise SecOps infrastructure seamlessly, it also powers up the offerings of the security operations center (SOC), helping it find and analyze complex-level cloud-based cyber attacks efficiently.

A CIEM solution focuses on cloud access risk management. It uses admin-time controls for handling data governance in the multi-cloud IaaS architectures. In the cloud-native application protection platform setup, it helps with handling identity governance for dynamic cloud environments, usually on a model where the entities and users access only what they need.

Container security is a practice followed for the implementation of processes and mechanics to safeguard containerized workloads and applications. In the current time, it has become crucial to have complete visibility of elements such as container-host location, identification of operating or stopped containers, identifying non CIS compliant container hosts, and having regular vulnerability checks.

Keeping this into consideration, it is advised to implement container security at an early stage of the CI/CD pipeline, since it would expose application risks and eliminate friction in the development process.

Infrastructure as code (IaC) is where codes are leveraged for the provisioning of the infrastructure resources that the cloud-driven software needs. Developers can easily utilize this reproducible approach for writing, testing, and releasing code which would build the infrastructure on which the application will run. However, it is important to note that securing the process is necessary at a very early phase, since if done later, there can be instances of vulnerabilities or misconfigurations, which can then be exploited by hackers.

Now that we have looked into the different components of a cloud native application protection platform, you must be wondering how they translate into the actual working.

CNAPP security combines essential security functions and tools to ensure complete application protection from code to cloud. It merges security tools like CSPM, CIEM, and CWPP for identifying high-priority security risks.

Once identified, an automated remediation process is initiated for the mitigation of vulnerabilities and misconfigurations and while maintaining industry compliance. The cloud application protection platform also adds in certain guardrails which guarantees zero malicious attempts on the cloud ecosystem.

CNAP can work both through an agent or without one. Usually, the agent cloud-native security platform calls for a sensor to provide visibility into the system information. On the other hand, agentless CNAPP is built on APIs that cloud providers offer, on the basis of which businesses get a complete visibility into the operations.

Using these and a range of other use-case based components like identity and access management, encryption, network segmentation, and threat detection, our team has worked on some cloud-native applications security platforms.

Lets give you a high-level walkthrough of the projects we are working on for them as their cloud solution services and cloud-native security services provider.

We recently worked with two businesses, providing cloud-native security solutions for their products. The CNAPP feature sets that we helped them build or integrate into their application included

For both the projects, the end goals for the business and in turn us, had been the same building a CNAPP solution that brings all the cloud resources in one place, offers a full view of the cloud ecosystem and risks, brings multi-cloud infrastructure together, and ensures compliance-readiness.

While both the products are at a beta stage of their launch, we are continuously working with them to establish seamless integration with the DevOps and CI/CD cycles while keeping their systems running.

Although the demand for CNAPP security solutions is becoming evident every passing day, the platform, when not well-strategized, can pose some challenges as well. One of the most common ones (specially for new cloud-native application protection platform owners) is to scale the solution to seamlessly integrate with different cloud adoption use cases and their unique APIs, third party integrations. This, when added to the growing competition in the domain, can make it difficult for new players to enter the market.

The solution to avoid or ace these situations lies in a partnership a partnership between cloud native security platform owners and a cloud-focused development team. Appinventiv can be the people you need. Get in touch with our cloud experts today.

Q. What is CNAPP all about?

A. CNAPP stands for cloud native application protection platform. It is a comprehensive solution designed to secure cloud-native applications. The platform provides advanced security capabilities tailored specifically for cloud-native architectures, including microservices, containers, and serverless computing.

They also come with features such as vulnerability scanning, runtime protection, access control, encryption, and compliance monitoring to safeguard applications and data in cloud environments.

Q. What problems does CNAPP solve?

A. A Cloud Native Application Protection Platform (CNAPP) solves several key challenges related to securing cloud-native applications:

Q. How does cloud-native application protection platforms work?

A. A cloud-native application protection platform operates by seamlessly integrating various security capabilities that are tailored for cloud-native environments. It begins by offering visibility into the applications components, including microservices, containers, serverless functions, and their interdependencies.

The platform conducts comprehensive vulnerability assessments, scanning container images and application components for known vulnerabilities, outdated libraries, and configuration errors, which are then remediated.

Additionally, CNAPPs facilitate encryption of data at rest and in transit, manage encryption keys securely, and enable real-time monitoring, alerting, and incident response to ensure a robust security posture for cloud-native applications.

THE AUTHOR

Sudeep Srivastava

Originally posted here:
Exploring Cloud Native Application Protection Platforms: Enhancing Security - Appinventiv

Read More..

EY launches new blockchain solution to manage business contracts on Ethereum – TradingView

EY has launched a new blockchain-based contract management tool, EY OpsChain Contract Manager (OCM), on the Ethereum public chain. The OCM is designed to help businesses execute complex agreements securely, efficiently, and at a lower cost, the company shared in a press release on Wednesday.

As noted, the OCM uses smart contracts on the Ethereum public blockchain to automate contract execution and enforce agreed-upon terms. It also uses zero-knowledge proofs (ZKPs) to keep confidential data private.

With the new solution, EY aims to eliminate the challenge of managing business agreements across numerous operational and technological divisions within and outside organizations. Traditionally, managing complex contracts across different parties and systems can be slow, expensive, and error-prone.

By utilizing EY OCM, companies can synchronize data with business partners and uniformly enforce key business terms, such as standardized pricing and volume discounts, the company noted. The solution is expected to create a secure and transparent environment for all parties involved.

According to the team, EY's solution can integrate with existing enterprise systems via a standardized API, supporting a wide range of business contract types.

In other words, enterprises of all sizes can use OCM to manage various types of business contracts. Early adopters are currently testing the system with complex Power Purchasing Agreements that incorporate market prices and strike prices.

Paul Brody, EY Global Blockchain Leader, highlights the efficiency of contract automation. He stated:

"Weve identified from past client work that contract automation can improve accuracy while cutting cycle times by more than 90%, and overall contract administration costs by nearly 40%. With our zero-knowledge privacy technology, we have industrialized this capability, and we can now get these benefits at a fraction of the up-front cost. Deploying on a public blockchain is not only cheaper, but also much more scalable, helping enable many-to-many integrations on an open platform with no one company having an unfair advantage by controlling the network.

The latest move follows EY's debut of a beta version of Nightfall in September 2021 in collaboration with Polygon. Nightfall is a privacy protocol that employs an Optimistic Zero-Knowledge Roll-Up to facilitate private transactions on Ethereum.

Nightfall concentrates on enabling private transactions for enterprises on Ethereum, addressing concerns like network congestion and high transaction costs. Its primary use is safeguarding transaction privacy while benefiting from the public Ethereum blockchain's security features.

See the rest here:

EY launches new blockchain solution to manage business contracts on Ethereum - TradingView

Read More..

What is Ethereum Pectra? Bringing smart contract functionality wallets – OKX

What if managing your Ethereum wallet could be as easy and secure as sending an email? The Ethereum network has introduced a big change that aims to deliver this kind of simplicity to users, called the Pectra hard fork. The update is expected to make transactions safer, bring added stability to the network, and introduce a host of new features.

EIP-3074 is a key part of the Pectra upgrade. It'll change how transactions are handled, making the network more accessible and bring smart contract functionality to wallets. How will these modifications affect the blockchain community? Read on as we explore the Pectra hard fork and what it means for users of the Ethereum network.

Pioneering change: The Ethereum Pectra hard fork aims to change how people use their wallets and make the network more efficient.

EIP-3074 introduction: The proposal allows regular digital wallets to use smart contracts, enabling you to make more complicated transactions that are also safer.

Streamlined transactions: Grouped transactions and paying fees to third parties aim to make usability easier.

Social recovery feature: The update introduces a new way to regain lost funds, using trusted contacts instead of traditional seed phrases.

Community impact: Greater simplicity and safety from Ethereum and its wallets can help increase people's trust in and use of decentralized applications.

The upcoming Ethereum Pectra hard fork is a major milestone in Ethereum's history. It aims to improve wallet capabilities and the overall efficiency of the network. The update, which introduces numerous Ethereum Improvement Proposals (EIPs) and notably EIP-3074 is scheduled for launch in late 2024 or early 2025.

This proposal is designed to change the way Ethereum handles transactions by allowing digital wallets to use smart contracts. EIP-3074 includes capabilities such as grouped transactions, which let users sign a transaction once regardless of how many tasks it contains. The proposal also allows for endorsed transactions, which enable someone other than the asset owner to pay for transaction fees.

These improvements are intended to simplify a user's interactions with the Ethereum network, greatly enhancing the overall experience by removing transaction complexities and expenses. Meanwhile, EIP-3074 comes with a new "social recovery" feature. The feature lets you regain access to your assets without needing the usual seed phrases.

Impressive, but it doesn't end there. These latest upgrades are part of a wider plan to future-proof the Ethereum network and strengthen its status as one of the leading platforms for decentralized applications (DApps) and smart contracts.

While EIP-3074 helps to make Ethereum more secure and easier to use, it's important to be aware of some security implications brought by the proposal's introduction. For example, the AUTH and AUTHCALL opcodes allow for more flexible transaction management but do introduce potential new vulnerabilities.

Formal audits and verification: EIP-3074 went through security audits to ensure safety. Audits are essential for finding and fixing vulnerabilities before they're exploited.

Enhanced user control and recovery: With EIP-3074, you can use digital signatures to give control of your Ethereum accounts to a smart contract. This makes it easier to get your assets back or manage them without risking the safety of your private keys.

Potential for misuse of invoker contracts: One of the main risks associated with EIP-3074 is the potential misuse of invoker contracts. If these contracts aren't implemented securely, they could be exploited to perform unauthorized transactions or access funds without the user's consent.

Need for trusted invokers: Building on the point above, transactions made with EIP-3074 need invoker contracts that can be trusted. Developers should use measures like whitelists to allow only confirmed safe entities to be involved in transactions.

Complexity in transaction authorization: Using more complex ways to approve transactions can make new and old contracts easy to attack. Greater complexity occurs because the AUTH opcode changes who's seen as the "sender" in transactions. Vulnerabilities can arise if this process isn't managed carefully, putting users at risk of attack.

Comprehensive auditing: Regular checks of the EIP-3074 implementation and the invoker contracts are important to protect users. These checks can help identify and fix vulnerabilities before they're exploited.

Strict validation of commits: To avoid issues like unauthorized access or replay attacks, commits must include ways to make sure each transaction is authorized correctly and can't be misused. One way to do this is by using unique identifiers or nonces.

The social recovery feature brought by EIP-3074 is one of the most noteworthy updates coming to the network. Let's explore how it works in more depth.

Digital signature for asset control: First, you give control of your assets to a special contract by using a secure digital signature. This step is important because it lets the contract manage the assets, but you can still get them back if needed.

Invoker contract: When the assets move to the new contract, that contract will handle all future actions for you. This setup lowers the chance of losing access to your assets if you forget your private keys.

Operational codes - AUTH and AUTHCALL:

AUTH: This code checks that your digital signature and transaction details match your original instructions.

AUTHCALL: After checking, this command lets the contract send crypto. It also allows others to know you've sent assets, so people can see the link between you and the contract's actions.

Security and asset recovery: The digital signature contains a unique code that guarantees you can retrieve your assets if you lose or forget your seed phrase, making it an invaluable feature.

Enhanced security measures: Despite the new features, there are risks of dangerous invoker contracts. To protect against losing assets without permission, the update includes ways to use invoker contracts that have been officially checked and reviewed.

EIP-3074 will alter the processes involved in Ethereum transactions by adding new features that bring welcome simplicity.

Batch transactions: EIP-3074 lets you combine multiple transactions into a single one. This should make transactions more efficient and may lower fees by distributing costs across multiple actions within the same transaction.

Sponsored transactions: Sponsored transactions are a new feature with EIP-3074. Here, a third party can pay the transaction fees instead of the asset holder. This could incentivize the use of DApps as asset holders no longer need to pay gas fees.

Smart contract-like capabilities in EOAs: Now, regular user accounts can do some of the same things as smart contracts. They can give permission to smart contracts to perform actions autonomously.

Alongside reducing the complexity of transactions made through the Ethereum network, the Pectra hard fork also introduces new ways for developers to make disruptive and easy-to-use apps.

Various other proposals are set to be introduced as part of the Pectra hard fork, each bringing additional functionality to the network.

EIP-7610: This proposal is designed to make the system more secure by only letting addresses with storage space create smart contracts. In theory, this change will make it easier to upgrade the system in the future, especially via Verkle trees.

EIP-7523: EIP-7523 focuses on making the Ethereum network more efficient. With the proposal, empty accounts will be removed from the Ethereum state. This helps reduce the state's size, making the network faster and easier to use.

EIP-7251 (Maxeb): This addition aims to make the network more scalable by simplifying the management of validators. This is achieved by increasing the maximum effective balance for validators from 32 ETH to 2,048 ETH. Doing so reduces the need to manage multiple validators, which reduces complexity.

EIP-2537: The EIP-2537 update brings new pre-built functions to the BLS12-381 curve. These functions help make cryptography processes more efficient. Better cryptography means better security and verification on the network.

EIP-3074, 5806, and 7377: Account abstraction EIPs make it easier to process transactions. EIP-3074 adds new commands (AUTH and AUTHCALL) that allow for transaction contracts to be verified and executed autonomously once certain permissions are set. This helps with complicated tasks like combining multiple transactions into one or having someone else pay for a transaction.

EIP-5920 (PAY opcode): EIP-5920 provides an easier way to share ETH by sending tokens directly without activating the receiver's contract code.

Each EIP contributes to the broader goal of making Ethereum more scalable, secure, and user-friendly, laying the groundwork for future advancements in the blockchain space.

Further updates are planned following Pectra's release in late 2024 or early 2025, most notably the addition of Verkle trees.

After Pectra, Ethereum is planning more updates. One important step is adding Verkle trees, which upgrade Ethereum nodes to validate blocks without needing to store large amounts of state data. This upgrade is a significant step towards 'statelessness' for the network. A stateless client doesn't need to store a full state database to validate incoming blocks.

Verkle tress and progress towards statelessness complements Ethereum's wider ambitions to improve scalability through advanced technologies like sharding, which aims to increase the number of transactions the network can process at once. This scalability solution has been a major focus following the network's move to Proof of Stake with the 'Merge' event.

The upcoming Ethereum Pectra hard fork promises to permanently alter how users make transactions on the network and manage their wallets. Efficiency, safety, and uprated features are all key benefits set to be brought about by the development and the arrival of the EIP-3074 proposal.

Although this next phase of evolution for the network isn't without its challenges notably, concerns over potential security vulnerabilities it marks fresh change for Ethereum and added competitiveness for the network.

Read the original:

What is Ethereum Pectra? Bringing smart contract functionality wallets - OKX

Read More..

What is EigenLayer? Ethereum’s restaking protocol, explained – TradingView

EigenLayer, explained

EigenLayer aims to eliminate a critical barrier many new DApps face by providing developers with an established security framework.

Ethereum has come a long way since its launch in 2015. It has held its position as the most influential blockchain, successfully transitioned from proof-of-work (PoW) to proof-of-stake (PoS), and is the foundation for many innovative crypto projects.

One such project is EigenLayer, a decentralized Ethereum staking protocol that provides developers with an established security pool. This EigenLayer explanation details staking and other vital parts of the Ethereum staking protocol.

The EigenLayer protocol is an Ethereum-based project aiming to improve the networks PoS consensus through a process called Ethereum restaking. The EigenLayer team claims to solve many existing Ethereum security inefficiencies, such as requiring every protocol to manage its own security and scalability processes.

However, before discussing the EigenLayer restaking process, defining the traditional Ethereum staking process is essential.

What is staking?

Staking is one of cryptos most popular features, providing traders with a reliable passive income stream.

Staking involves locking ones cryptocurrency in a staking pool, exchange or smart contract. A user earns interest on their staked assets, and in turn, the network utilizes these assets to cultivate network security. The more funds a user stakes, the more passive income they make.

High-value stakeholders often become validators who participate in transaction validation and vote on upcoming or existing proposals to improve the network. The idea is that stakers are more invested in protecting the blockchain network and less likely to become bad actors. Staking incentivizes good behavior as well. Validator rewards on Ethereum are slashed if a validator fails to participate in the networks best interest.

Decentralized staking is seen as the more accessible form of transaction validation when compared to PoW. PoW has miners racing to be the first block validator to earn a reward. This process has miners spending thousands on computer equipment to increase their hash rates, meaning those who spend the most earn the most. As these users continue to amass tokens, it becomes even more difficult for new miners to get involved.

Staking on Ethereum is similar to holding a savings account in a traditional bank and requires much less effort from the user. Thanks to the advent of staking pools, even users without much money to spare can begin their staking journey.

What is restaking, and how does EigenLayer support it?

Restaking is EigenLayers take on traditional staking. It provides new ways for users to generate passive income while increasing network security.

Restaking, in the case of EigenLayer, is the act of taking staked Ethereum and repurposing it to increase security on other protocols essentially creating a pool of restaked assets from which other decentralized applications (DApps) can pull. Users can opt-in to EigenLayers restaking smart contract through their already staked Ether (ETH) or through a liquid staking token (LST).

When a user stakes funds on an Ethereum protocol, most projects offer liquid staking tokens to represent those staked assets a sort of receipt. These tokens allow one to keep using their funds in other ways, such as restaking them through EigenLayer via a process called LST restaking without unstaking their original assets.

Alternatively, users can allow EigenLayers smart contracts to work with their already-staked ETH. Restaking with already-staked ETH is called native restaking. If a user participates in native restaking, the network will add those assets to the protocols security pool. How safe is EigenLayer? Its about as secure as the size of its security pool.

Applications built on EigenLayer are called actively validated services (AVSs) and can be anything from a bridge to a DApp to an oracle. Developing on EigenLayer is cheaper and more efficient than developing on a separate protocol, as EigenLayer has an established trust network in place through restakers. Developing elsewhere requires building a trust network from scratch.

That said, AVSs arent randomly harnessing services from EigenLayer. Instead, theres an intermediary called a node operator, a volunteer opting to help manage the network. Much like an Ethereum validator, an operator can be a single user or an organization.

Operators can build their own AVSs or provide services to other existing AVSs while receiving rewards in return. However, operators are also subject to an AVSs slashing requirements should they fail to perform their duties.

Moreover, operators can be restakers, or restakers can choose to delegate their restaked assets to an operator. Either way, restakers have complete control over which services their assets go toward. As a result, EigenLayer creates a sort of free-market governance system. Developers build on EigenLayer to harness its established security, while operators and restakers earn rewards for managing and providing said security.

How do restakers manage their restaked assets?

EigenLayer streamlines asset management through its EigenPod solution.

Users must connect their wallet to the EigenLayer application and select the token they want to restake. First-time restakers must approve the process before depositing funds into EigenLayers restaking contract.

A restaker manages their restaked assets through an EigenPod, a smart contract created during the restakers initial restaking process. An EigenPod is essentially a hub for the restaker to manage restaking processes, withdrawals and more. There can only be one EigenPod per Ethereum wallet address.

Restakers can visualize their network contributions through EigenLayers restaked points. Users earn restaked points every time a block is validated from their restaking date onward. EigenLayer calculates a users restaked points through a proprietary formula that factors the amount of restaked assets and the time theyve been locked in. The formula views native restaked ETH and restaked LST equally.

Users can withdraw their staking rewards on EigenLayer through a partial or full withdrawal process. Restakers who want to withdraw their earned rewards but continue providing services go through a partial withdrawal process. Partial withdrawals require on-chain proofs, and their gas fees can be expensive. Restakers can request one partial withdrawal every four to five days, and withdrawn funds must go through an additional escrow period before appearing in the restakers wallet.

Full withdrawals are for restakers who no longer want to provide their services. Otherwise, the process is similar to a partial withdrawal, requiring on-chain proofs and an escrow period for withdrawn funds. If a restaker accidentally initiates a full withdrawal, they can redelegate their assets via EigenPods redeposit button. Restakers can initiate either withdrawal process through their EigenPods Unstake section.

Pros and cons of EigenLayer

EigenLayer features innovative solutions, though this Ethereum network upgrade also introduces its own problems.

EigenLayer hopes to innovate on Ethereums tried-and-true proof-of-stake feature. In some ways, it is doing just that. However, its innovations arent perfect and can lead to new problems.

Pros

Additional passive revenue

Since restakers can use their staked assets in additional ways, they have the potential to earn higher rewards than traditional staking methods.

Improving developer success rates

EigenLayers security pool eliminates a key barrier many new projects struggle to overcome. Now, developers can focus on providing valuable services without worrying about establishing trust.

By removing one of the most significant barriers that newer projects face, EigenLayer could lead to genuinely innovative layer-2 projects.

Cons

Higher barrier to entry

While EigenLayer benefits new DApps by providing them with established security, restaking to participate in the network may overwhelm some users. Many crypto exchanges offer staking as a built-in service, simplifying node setup and maintenance for users on the network. That accessibility comes at the cost of technical know-how. If less technical users are already comfortable with the staking process, they will unlikely be interested in restaking.

Increased risk

EigenLayer AVSs have slashing rules that are different from traditional staking. Since restakers hold assets in traditional staking and restaking avenues, theyre doubling their slashing risk should they fail to uphold their duties.

Not only this, but restakers are doubling their exposure to security risks. Stakers already trust Ethereums smart contract code when they stake assets, and restaking requires trust in EigenLayers development prowess. This isnt to mention the quality of EigenLayer AVSs.

Fortunately, both Ethereum and EigenLayers code is entirely open-source. Knowledgeable developers can assess this code before risking their assets.

Go here to read the rest:

What is EigenLayer? Ethereum's restaking protocol, explained - TradingView

Read More..

What is Ethereum Blockchain? – Blockchain Council

In the landscape of blockchain technology, Ethereum stands out as a pioneering platform that extends the capabilities of blockchain beyond simple transactions. Since its launch in 2015 by Vitalik Buterin and a team of developers, Ethereum has revolutionized the decentralized application (dApp) ecosystem, offering developers a platform to build a wide array of applications ranging from decentralized finance (DeFi) to non-fungible tokens (NFTs). In this comprehensive guide, we delve into the fundamentals of the Ethereum blockchain, its underlying technology, key features, applications, and future prospects.

At its core, Ethereum blockchain is a decentralized, open-source platform that enables the creation and execution of smart contracts and decentralized applications (dApps). Unlike Bitcoin, which primarily serves as a digital currency and payment system, Ethereums blockchain is designed to be a programmable platform, allowing developers to build and deploy smart contracts and dApps.

Despite its groundbreaking innovations, Ethereum faces several challenges and limitations:

Despite these challenges, the future outlook for Ethereum remains optimistic. The Ethereum community is actively working on solutions to address scalability, security, and sustainability concerns. Ethereum 2.0, a major upgrade to the Ethereum blockchain, aims to transition from proof-of-work to proof-of-stake consensus mechanism, thereby improving scalability and reducing energy consumption.

In conclusion, Ethereum blockchain represents a significant advancement in the realm of blockchain technology, offering developers and users a platform for building and deploying decentralized applications and smart contracts. From decentralized finance to non-fungible tokens and decentralized autonomous organizations, Ethereum has unlocked a world of possibilities for innovation and experimentation. While challenges remain, Ethereum continues to evolve and innovate, paving the way for a more decentralized, transparent, and inclusive future. As we embark on this journey of exploration and discovery, Ethereum remains at the forefront of the blockchain revolution, empowering individuals and communities to build a more equitable and decentralized world.

Read the original:

What is Ethereum Blockchain? - Blockchain Council

Read More..

Kraken-backed Nibiru Chain allocates $15m in NIBI tokens to boost developer activity – crypto.news

Smart contract platform Nibiru Chain has unveiled a $15 million initiative in NIBI tokens to fuel its developer ecosystem.

Nibiru Chain, a proof-of-stake blockchain backed by HashKey Capital and Kraken Ventures, has allocated $15 million in NIBI tokens as part of the so-called Nibiru Builder Grants initiative aimed at fueling its developer ecosystem. In a press release shared with crypto.news, the developers said the allocated sum is equivalent to ~2.5% of the token supply.

Erick Pinos, ecosystem lead at Nibiru Chain, says the grant will supplement ongoing aid in partnership pairings and access to mentors, industry experts, and experienced developers. Commenting on the initiative, Jonathan Chang, COO of Nibiru, told crypto.news the firm wants to lower barriers to entry and create opportunities for those who may not have access to traditional VC funding.

Were expecting Nibirus grant program to propel further growth in tokenization of real-world assets (RWA) joining projects like Coded Estate which specialises in bringing homes and rentals on-chain, democratizing access to the real estate system; as well as on-chain gaming, where platforms like IntoTheVerse and Chess3 are already building on Nibiru. Jonathan Chang

Beyond the initiative, Nibiru also plans to host multiple hackathons with prize pools of up to $100,000 per event. Additionally, Nibiru wants to bring more developers into the ecosystem by introducing a reward mechanism that would allow blockchain creators to earn a portion of transaction fees every time their smart contracts are executed on the Nibiru Chain network.

Following the announcement of the initiative, Nibirus native token NIBI surged by over 4%, reaching $0.34, according to data from CoinGecko.

Founded in 2022, Nibiru Chain has secured millions of dollars in funding, propelling its valuation to around $100 million. The blockchain is backed by Tribe Capital, Kraken Ventures, HashKey Capital, Republic Capital, NGC Ventures, and Original Capital, among others.

Originally posted here:

Kraken-backed Nibiru Chain allocates $15m in NIBI tokens to boost developer activity - crypto.news

Read More..

3 Must-Know Facts About Ethereum, Before You Buy the Cryptocurrency – Yahoo Finance

With a current market cap (as of the afternoon of April 17) of $360 billion, Ethereum (CRYPTO: ETH) is the world's second most valuable cryptocurrency. It's behind only Bitcoin when it comes to market domination.

Just in the past five years, Ethereum's native token has skyrocketed nearly 1,700% in value. That would have turned an initial $1,000 investment into a jaw-dropping $18,000 balance today.

Ethereum has also been on a fantastic run since the start of 2023, benefiting from the broader crypto market's rally. But this digital asset remains 36% off its high. Before you rush to buy the dip, here are three things you should know about Ethereum.

Ethereum's key characteristic is that it allows for the functionality of smart contracts. These are computer programs that automatically execute once separate parties in a transaction satisfy their ends of the agreement. Think about an escrow account immediately releasing funds as soon as a home buyer meets certain conditions. In theory, Ethereum could handle this without human intervention, which could lower costs.

This feature is what makes this cryptocurrency much more useful when compared to Bitcoin, according to what Ethereum bulls believe. In fact, Ethereum has a sprawling ecosystem of decentralized applications (dApps), ranging from gaming and finance protocols to non-fungible tokens and the metaverse. Smart contracts enable these types of use cases, which could disrupt traditional industry structures.

Given this background knowledge, it's not surprising that Ethereum is often dubbed the "world's decentralized computer."

Like Bitcoin long has, Ethereum used to operate a proof-of-work consensus mechanism. This is an energy-intensive way to process transactions and secure the blockchain. Estimates point to how Bitcoin's network uses the same amount of energy as a small country.

Believing that this was harmful to the environment and not on a sustainable path, Ethereum's developers successfully transitioned the network to a proof-of-stake (PoS) system in September 2022. After the so-called Merge, in this setup, token owners who lock up their holdings have the right to validate transactions. According to Ethereum's website, the PoS consensus mechanism reduces energy usage by over 99%.

The other hope for the PoS transition is that it'll make Ethereum a much faster and cheaper network. It can only handle 14 transactions per second. And when demand is high, fees can soar. In order for Ethereum to one day usher in multiple new use cases, as many hope it can, the throughput needs to increase. There are other planned upgrades in the pipeline to one day make this a reality.

Story continues

Besides the Merge, Ethereum's developers have four main updates planned in the future. Each one focuses on a specific area of improvement. The end goal is to have a fully functioning Ethereum network that is good for the environment, fast, cheap, and able to have a vast dApp ecosystem operating on top of it.

Of all the cryptocurrencies in the world, Ethereum has the most developers working on it by far. This bodes well for its future because it means there are smart people focused on solving complex problems to keep progress going. I always say that I believe the ultimate success of a cryptocurrency depends on its ability to bring about real-world utility. Ethereum is trying to do this.

The issue, though, is that no matter how smart the upgrade pipeline looks on paper, it introduces immense technical risk. We can't forget that blockchain technology is still in the early innings. There is a lot that needs to be learned. Constantly tweaking and messing with the software means there will always be the possibility that something will break along the way.

If you are bullish on Ethereum, understanding these three key areas should help give you a better understanding before you put your money to work.

Before you buy stock in Ethereum, consider this:

The Motley Fool Stock Advisor analyst team just identified what they believe are the10 best stocks for investors to buy now and Ethereum wasnt one of them. The 10 stocks that made the cut could produce monster returns in the coming years.

Consider whenNvidia made this list on April 15, 2005... if you invested $1,000 at the time of our recommendation, youd have $466,882!*

Stock Advisor provides investors with an easy-to-follow blueprint for success, including guidance on building a portfolio, regular updates from analysts, and two new stock picks each month. TheStock Advisorservice has more than quadrupled the return of S&P 500 since 2002*.

See the 10 stocks

*Stock Advisor returns as of April 15, 2024

Neil Patel and his clients have no position in any of the stocks mentioned. The Motley Fool has positions in and recommends Bitcoin and Ethereum. The Motley Fool has a disclosure policy.

3 Must-Know Facts About Ethereum, Before You Buy the Cryptocurrency was originally published by The Motley Fool

Go here to see the original:

3 Must-Know Facts About Ethereum, Before You Buy the Cryptocurrency - Yahoo Finance

Read More..