Tech News

A ransomware strain named Lilocked or Lilu has been affecting thousands of Linux-based servers all over the world since mid-July and the attacks got intensified by the end of August, ZDNet reports.  Lilocked ransomware’s first case got noticed when Micheal Gillespie, a malware researcher uploaded a ransomware note on the website, ID Ransomware. This website is used for identifying the name of ransomware from the ransomware note or from the demand specified in the attack. It is still unknown as to how the servers have been breached. https://twitter.com/demonslay335/status/1152593459225739265 According to a thread on a Russian-speaking forum, attackers might be targeting those systems that are running outdated Exim (email) software. The forum also mentions that the ransomware managed to get root access to servers by “unknown means”. Read Also: Exim patches a major security bug found in all versions that left millions of Exim servers vulnerable to security attacks Lilocked doesn't encrypt system files, but it encrypts a small subset of file extensions, such as JS, CSS, HTML, SHTML, PHP, INI, and other image file formats so the infected servers are running normally. As per the French security researcher, Benkow, Lilocked has encrypted more than 6,700 servers, out of which many have been indexed and cached in Google search results. However, the number of affected servers is much higher. “Not all Linux systems run web servers, and there are many other infected systems that haven't been indexed in Google search results,” ZDNet reports. It is easy to identify the servers that have been affected by the ransomware as most of their files are encrypted and they sport a new ".lilocked" file extension. Image Source: ZDNet Read Also: Exim patches a major security bug found in all versions that left millions of Exim servers vulnerable to security attacks The victims are first redirected to a portal on the dark web, where they are asked to enter a key from the ransom note and later are notified that their data has been encrypted. The victims are then asked to transfer 0.03 bitcoin, which is around $325. https://twitter.com/dulenkp/status/1170091139510218752 https://twitter.com/Zanket_com/status/1171089344460972032 To know more about the Lilocked ransomware in detail, head over to ZDNet. Other interesting news in security Intel’s DDIO and RDMA enabled microprocessors vulnerable to new NetCAT attack Endpoint protection, hardening, and containment strategies for ransomware attack protection: CISA recommended FireEye report Highlights StackRox App integrates into the Sumo Logic Dashboard  for improved Kubernetes security

Yesterday, Apple announced that Safari Technology Preview 91 now supports the beta version of the new WebGPU graphics API and its shading language, Web Shading Language (WSL). You can enable the WebGPU beta support by selecting Experimental Features > WebGPU in the Developer menu. The WebGPU JavaScript API WebGPU is a new graphics API for the web that aims to provide "modern 3D graphics and computation capabilities.” It is a successor to WebGL, a JavaScript API that enables 3D and 2D graphics rendering within any compatible browser without the need for a plug-in. It is being developed in the W3C GPU for the Web Community Group with engineers from Apple, Mozilla, Microsoft, Google, and others. Read also: WebGL 2.0: What you need to know Comparing WebGPU and WebGL WebGPU is different from WebGL in the respect that it is not a direct port of any existing native API, but a similarity between the two is that they both are accessed through JavaScript. However, the team does have plans to make it accessible through WebAssembly as well in the future. In WebGL, rendering a single object requires writing a series of state-changing calls. On the other hand, WebGPU combines all the state-changing calls into a single object named pipeline state object. It validates the state after the pipeline is created to prevent expensive state analysis inside the draw call. Also, wrapping an entire pipeline state in a single function call reduces the number of exchanges between Javascript and WebKit’s C++ browser engine. Similarly, resources in WebGL are bound one-by-one, while WebGPU batches them up into bind groups. The team explains, “In both of these examples, multiple objects are gathered up together and baked into a hardware-dependent format, which is when the browser performs validation. Being able to separate object validation from object use means the application author has more control over when expensive operations occur in the lifecycle of their application.” The main focus area of WebGPU is to provide improved performance and ease of use as compared to WebGL. The team compared the performance of the two using the 2D graphics benchmark, MotionMark. The performance test they wrote measured how many triangles each with different properties were rendered while maintaining 60 frames per second. Each triangle was rendered with a different draw call and bind group. WebGPU showed a substantially better performance than WebGL: Source: Apple WHLSL is now renamed to WSL In November last year, Apple proposed a new shading language for WebGPU named Web High-Level Shading Language (WHLSL), which was source-compatible with HLSL. After receiving the community feedback, they updated the language to be compatible with OpenGL Shading Language (GLSL), which is a pretty commonly used language among the web developers. Apple renamed this version of the language to Web Shading Language (WSL) and describes it as “simple, low-level, and fast to compile.” Read also: Introducing Web High Level Shading Language (WHLSL): A graphics shading language for WebGPU “There are many Web developers using GLSL today in WebGL, so a potential browser accepting a different high-level language, like HLSL, wouldn’t suit their needs well. In addition, a high-level language such as HLSL can’t be executed faithfully on every platform and graphics API that WebGPU is designed to execute on,” the team wrote. Check out the official announcement by Apple to know more in detail. Other news in web Firefox 69 allows default blocking of third-party tracking cookies and cryptomining for all users New memory usage optimizations implemented in V8 Lite can also benefit V8 Laravel 6.0 releases with Laravel vapor compatibility, LazyCollection, improved authorization response and more  

V8 Lite was released in late 2018 in V8 version 7.3 to dramatically reduce V8’s memory usage. V8 is Google’s open-source JavaScript and WebAssembly engine, written in C++. V8 Lite provides a 22% reduction in typical web page heap size compared to V8 version 7.1 by disabling code optimization, not allocating feedback vectors and performed aging of seldom executed bytecode. Initially, this project was envisioned as a separate Lite mode of V8. However, the team realized that many of the memory optimizations could be used in regular V8 thereby benefiting all users of V8. The team realized that most of the memory savings of Lite mode with none of the performance impact can be achieved by making V8 lazier. They performed Lazy feedback allocation, Lazy source positions, and Bytecode flushing to bring V8 Lite memory optimizations to regular V8. Read also: LLVM WebAssembly backend will soon become Emscripten default backend, V8 announces Lazy allocation of Feedback Vectors The team lazily allocated feedback vectors after a function executes a certain amount of bytecode (currently 1KB). Since most functions aren’t executed very often, they avoid feedback vector allocation in most cases but quickly allocate them where needed, to avoid performance regressions and still allow code to be optimized. One hitch was that lazy allocation of feedback vectors did not allow feedback vectors to form a tree. To address this, they created a new ClosureFeedbackCellArray to maintain this tree, then swap out a function’s ClosureFeedbackCellArray with a full FeedbackVector when it becomes hot. The team says that they, “have enabled lazy feedback allocation in all builds of V8, including Lite mode where the slight regression in memory compared to their original no-feedback allocation approach is more than compensated by the improvement in real-world performance.” Compiling bytecode without collecting source positions Source position tables are generated when compiling bytecode from JavaScript. However, this information is only needed when symbolizing exceptions or performing developer tasks such as debugging. To avoid this waste, bytecode is now compiled without collecting source positions. The source positions are only collected when a stack trace is actually generated. They have also fixed bytecode mismatches and added checks and a stress mode to ensure that eager and lazy compilation of a function always produces consistent outputs. Flush compiled bytecode from functions not executed recently Bytecode compiled from JavaScript source takes up a significant chunk of V8 heap space. Therefore, now compiled bytecode is flushed from functions during garbage collection if they haven’t been executed recently. They also flush feedback vectors associated with the flushed functions. To keep track of the age of a function’s bytecode, they have incremented the age after every major garbage collection, and reset it to zero when the function is executed. Additional memory optimizations Reduce the size of FunctionTemplateInfo objects. The FunctionTemplateInfo object is split such that the rare fields are stored in a side-table which is only allocated on demand if required. The TurboFan optimized code is now deoptimized such that deopt points in optimized code load the deopt id directly before calling into the runtime. Read also: V8 7.5 Beta is now out with WebAssembly implicit caching, bulk memory operations, and more. Result comparison for V8 Lite and V8 Source: V8 blog People on Hacker News appreciated the work done by the team being V8. A comment reads, “Great engineering stuff. I am consistently amazed by the work of V8 team. I hope V8 v7.8 makes it to Node v12 before its LTS release in coming October.” Another says, “At the beginning of the article, they are talking about building a "v8 light" for embedded application purposes, which was pretty exciting to me, then they diverged and focused on memory optimization that's useful for all v8. This is great work, no doubt, but as the most popular and well-tested JavaScript engine, I'd love to see a focus on ease of building and embedding.” https://twitter.com/vpodk/status/1172320685634420737 More details are available on the V8 blog. Other interesting news in Tech Google releases Flutter 1.9 at GDD (Google Developer Days) conference Intel’s DDIO and RDMA enabled microprocessors vulnerable to new NetCAT attack Apple’s September 2019 Event: iPhone 11 Pro and Pro Max, Watch Series 5, new iPad, and more.

Last week, the team behind Flutter made an announcement at Google Developer Days about the stable release of Flutter 1.9. Flutter 1.9 has received more than 1,500 PRs (Pull Requests) from more than 100 contributors. It comes with support for macOS Catalina and iOS 13, improved tooling support, new Dart language features, new Material widgets and much more. The team also announced the successful integration of Flutter’s web support into the main Flutter repository that will allow developers to write for desktop, mobile as well as web with the same codebase. Tencent, the well-known internet brand also uses Flutter in their mobile apps. https://twitter.com/Appinventiv/status/1171689785733173248 https://twitter.com/ZoeyFan723/status/1171566234892210176   What’s new in Flutter 1.9 Support for macOS Catalina and iOS 13 Since Apple is planning to release Catalina, the latest version of macOS, the team  at Flutter has updated the end-to-end tooling experience so that it works properly with Catalina and Xcode 11. Support has been added for the new Xcode build system that enables 64-bit support throughout the toolchain and simplifies platform dependencies. This release also includes an implementation of the iOS 13 draggable toolbar, along with support for vibration feedback, long-press and drag-from-right. The team is also working on iOS dark mode that has a number of pull requests already merged. Flutter users can now turn on experimental support for Bitcode that is Apple’s platform-independent intermediate representation of a compiled program. Material components in Flutter 1.9 The Material design components and features have been updated in Flutter 1.9. This release comes with new widgets that include ToggleButtons and ColorFiltered. Dart 2.5  As a part of the Flutter 1.9 release, the team is also releasing Dart 2.5 that includes support for pre-release of Foreign Function Interface (FFI). New projects default to Swift and Kotlin in Flutter 1.9 With this release, new projects default to Swift and Kotlin instead of Objective-C and Java for iOS and Android respectively. Since a lot of packages are written in Swift, making it as a default language would remove the manual work for adding those packages. Flutter on the web The team also announced that the flutter_web repository has been deprecated and web support has been merged into the main flutter repository. It seems users are quite excited about this news. https://twitter.com/max_myracle/status/1171530782340304899 https://twitter.com/annnoo96/status/1171442355875938304 To know more about this news, check out the official post. Other interesting news in mobile Apple Music is now available on your web browser Android 10 releases with gesture navigation, dark theme, smart reply, live captioning, privacy improvements and updates to security Is Apple’s ‘Independent Repair Provider Program’ a bid to avoid the ‘Right To Repair’ bill?  

Two days ago, Intel disclosed a vulnerability in their 2011 released line of micro processors with  Data Direct I/O Technology (DDIO) and Remote Direct Memory Access (RDMA) technologies. The vulnerability was found by a group of researchers from the Vrije Universiteit Amsterdam and ETH Zurich. The researchers have presented a detailed security analysis of the attack in their paper, NetCAT: Practical Cache Attacks from the Network. The analysis has been implemented by reverse engineering the behavior of Data-Direct I/O (DDIO), also called as Direct Cache Access (DCA) on recent Intel processors. The security analysis resulted in the discovery of the first network-based PRIME+PROBE Cache attack, named NetCAT. The NetCAT attack enables attacks in cooperative and general adversarial settings. The cooperative setting can enable an attacker to build a covert channel between a network client and a sandboxed server process without network. In the general adversarial settings, an attacker can enable disclosure of network timing-based sensitive information. On June 23, 2019, the researchers coordinated the disclosure process with Intel and NCSC (the Dutch national CERT). Intel acknowledged the vulnerability with a bounty and have assigned CVE-2019-11184 to track the issue. What is a NetCAT attack? The threat model implemented in the paper targets victim servers with DDIO equipped Intel processors, which are mostly enabled in all Intel server-grade processors, by default since 2012. The launched cache attack is conducted over a network to a target server, such that secret information can be leaked from the connection between the server and a different client. The researchers say that there are many potential ways to exploit DDIO. The paper states, “For instance, an attacker with physical access to the victim machine could install a malicious PCIe device to directly access the LLC’s DDIO region. Our aim in this paper is to show that a similar attack is feasible even for an attacker with only remote (unprivileged) network access to the victim machine, without the need for any malicious PCIe devices.”  The threat model uses the RDMA in modern NICs to bypass the operating system at the data plane. This provides the remote machines with direct read and write access to a previously specified memory region. The below figure illustrates the model’s target topology, which is also common in data centers. Image Source: NetCAT: Practical Cache Attacks from the Network In order to launch the remote PRIME+PROBE attack, the researchers have used the remote read/write primitives provided by the PCIe device’s DDIO capabilities to remotely measure the cache activity. The paper explains two cooperative DDIO-based attacks. In the first scenario, a covert channel between two clients that are not on the same network is used and in the second scenario a covert channel between a client and a sandboxed process on a server is used. In both scenarios, it was found that the transmission rounds are loosely synchronized with a predefined time window. An attacker can control the machine with an RDMA link to an application server by using the remote PRIME+PROBE to detect network activity in the LLC as shown in the above figure. The user then opens an interactive SSH session to the application server from a different machine. In an interactive SSH session, each keystroke is sent in a separate packet. The attacker is able to recover the inter-packet times from the cache using the ring buffer location and map them to keystrokes. The security analysis successfully explored the implications of the NetCAT attack, and proved that the DDIO feature on modern Intel CPUs does exposes the system to cache attacks over the network. The researchers believe that “We have merely scratched the surface of possibilities for network-based cache attacks, and we expect similar attacks based on NetCAT in the future. We hope that our efforts caution processor vendors against exposing microarchitectural elements to peripherals without a thorough security design to prevent abuse.” A video demonstrating the NetCAT attack is shown below: https://www.youtube.com/watch?v=QXut1XBymAk In the paper, various other NetCAT-like attacks like the PCIe to CPU attacks have been discussed which may be generalized beyond the given proof-of-concept scenarios. The researchers have also explained various possible mitigations like disabling DDIO, LLC partitioning, and DDIO improvement against these last-level cache side-channel attacks from PCIe devices. With repeated vulnerabilities being found in Intel, many are beginning to distrust Intel. Some are even considering moving away to other alternatives. A Redditor comments, “Another one? Come on man, my i7 2600k already works like crap, and now another vulnerability that surely will affect performance via patches appeared? It is settled, next month I'm ditching Intel.” Another comment read, “Soooo the moral of the story is, never buy Intel chips.” For more information about the attack, interested readers can head over to the NetCAT: Practical Cache Attacks from the Network paper for more information. Other Intel news Intel discloses four new vulnerabilities labeled MDS attacks affecting Intel chips Intel unveils the first 3D Logic Chip packaging technology, ‘Foveros’, powering its new 10nm chips, ‘Sunny Cove’ IBM open-sources Power ISA and other chips; brings OpenPOWER foundation under the Linux Foundation

Danish politician, Margrethe Vestager, who has been behind several tough enforcement decisions in the EU against the tech behemoths, was reappointed for a second five-year term as European Competition Commissioner on Tuesday. With this unprecedented second-time appointment, Margrethe Vestager will also be taking up the “Executive Vice-President for a Europe fit for the Digital Age” role. In this role, she will be responsible for overseeing the EU’s digital innovation and leadership efforts, including artificial intelligence. Margrethe Vestager’s appointment was announced by the incoming European Commission president, Ursula von der Leyen as she revealed her new team of commissioners. She said in a press conference, "Margrethe Vestager will coordinate the whole agenda and be the commissioner for competition. She will work together with the internal market, innovation and youth, transport, health, and justice." Margrethe Vestager has been a driving force behind several major steps taken by the EU against the tech industry’s abuse of market power, underpayment of corporate taxes, and violations of user privacy. She was instrumental in making Google pay a settlement of €8.25 billion ($9.1 billion) for its non-competitive practices in the advertising market that it dominates, in antitrust cases regarding its online shopping service, its Android software and Adsense ad service. She ordered Apple to pay back up to €13 billion ($15 billion) in taxes to Ireland saying, “Tax rulings that artificially reduce a company’s tax burden are not in line with EU state aid rules.” In July this year, the EU fined US chipmaker Qualcomm $271 million for selling its 3G baseband chipsets below the cost of production to force startup Icera out of the market almost a decade ago. She has also opened a formal investigation against Amazon to find out whether it is using data from independent retailers to gain an unfair advantage over third-party merchants. Read also: EU Commission opens an antitrust case against Amazon on grounds of violating EU competition rules Margrethe Verstager’s efforts may have also inspired the US authorities who recently opened several antitrust investigations against tech giants. On Tuesday, Texas state attorney general, Ken Paxton and a gathering of attorneys general said that they are opening an antitrust investigation against Google that will focus on its advertising practices. Margrethe Verstager’s responsibilities in the new role A number of priorities are listed in the President’s mission letter to Margrethe Vestager. She will be responsible for formulating a new long-term strategy for Europe’s industrial future. She will ensure that “cross-fertilisation between civil, defence and space industries" is improved.  The president has also asked her to coordinate work on a European approach to AI, within the first 100 days of her appointment. The priorities set with regards to Margrethe Vestager's Competition Commissioner mandate are quite broad. Her tasks will include strengthening competition enforcement in all sectors, coming up with tools and policies to better tackle the market abuse by big companies, sharing any relevant market knowledge within the Commission, especially regarding the digital sector. In a statement, the Computer and Communications Industry Association (CCIA), an international non-profit advocacy organization with members including Google, Facebook and Amazon, responded, “We encourage the new Commissioners to assess the impact of all the recent EU tech regulation to ensure that future legislation will be evidence-based, proportionate and beneficial.” The 27 commissioners that Ursula von der Leyen has appointed includes 13 women and 14 men from every EU member state except the UK. They will take up their mandates on 1st November after the approval of the EU parliament. Other news in data Google is circumventing GDPR, reveals Brave’s investigation for the Authorized Buyers ad business case Google faces multiple scrutiny from the Irish DPC, FTC, and an antitrust probe by US state attorneys over its data collection and advertising practices Google, Facebook and Twitter submit reports to EU Commission on progress to fight disinformation

Today, StackRox, a company providing threat protection for containers and Kubernetes, announced the availability of the StackRox App for the Sumo Logic Continuous Intelligence Platform. The StackRox App for Sumo Logic provides customers with critical insights into misconfigurations and security events for their container and Kubernetes environments directly within their Sumo Logic Dashboard. Using this app, different security teams can view StackRox data regarding vulnerabilities, misconfigurations, runtime threats, and other policy violations within Sumo Logic and streamline their remediation efforts. John Coyle, vice president of business development for Sumo Logic, said, "We're excited to launch our Kubernetes security integration with StackRox since it will enable customers to gain unparalleled insights and operational metrics in a single dashboard to ensure their cloud-native environments are continuously protected.” "The StackRox Kubernetes-native container security platform provides unique context on misconfigurations, risk profiling, and runtime incidents that will enable our joint customers to more quickly identify and address security issues," Coyle further added. The StackRox App for Sumo Logic provides several key metrics such as vulnerabilities, runtime threats, and compliance violations across container and Kubernetes environments through the following dashboards: StackRox Overview:  This offers a snapshot of key metrics about an organization’s overall Kubernetes and container security posture StackRox Image Violations: These display information from StackRox’s image scanning and vulnerability management capabilities and prioritizes security issues in container images based on rich context derived from Kubernetes StackRox Kubernetes Violations: These highlight prioritized list of misconfigurations of Kubernetes components based on more than 70 DevOps and Security best practices StackRox Runtime Violations: These provide insights into threats and other suspicious activity at runtime based on continuous monitoring of every single container within Kubernetes environments Richard Reinders, manager of security operations for Looker, a joint StackRox and Sumo Logic customer said, “StackRox gives us a Kubernetes-centric single pane of glass view into the security posture of our multi-cloud infrastructure. Having StackRox’s unique Kubernetes security insights available directly on our Sumo Logic Dashboard provides us with a single place to view security and compliance details alongside our operational analytics for our cloud-native infrastructure. This integration also allows us to use a single, consistent, security event detection and response pipeline.” To more about the StackRox App for Sumo Logic head over to its official website. Other interesting news in security CNCF-led open-source Kubernetes security audit reveals 37 flaws in Kubernetes cluster; recommendations proposed Over 47K Supermicro servers’ BMCs are prone to USBAnywhere, a remote virtual media vulnerability Espressif IoT devices susceptible to WiFi vulnerabilities can allow hijackers to crash devices connected to enterprise networks

Similar to the npm registry, RubyGems, and Docker Hub, GitHub also introduced its own package management service called GitHub Package Registry in May this year. After gathering community feedback, the team yesterday announced that the service now has proxy support for the primary npm registry. Also, the feature that created a release whenever you published a package is now removed. GitHub Package Registry and its features GitHub Package Registry allows you to host packages publicly or privately and code in one place. It provides you an end-to-end DevOps workflow consisting of your code, Continuous Integration (CI), and deployment solutions by integrating with GitHub APIs, GitHub Actions, and Webhooks. There are a number of features that GitHub Package Registry comes with. It inherits the permissions and visibility associated with the repository. This unified permissions management relieves organizations from maintaining a separate package registry and mirror permissions across systems. GitHub Package Registry gives you an insight into packages by providing data such as download statistics, version history, and more. It also supports multi-format packages so you can host multiple software package types in one registry. Read also: GitHub announces the beta version of GitHub Package Registry, its new package management service Proxy support for the primary npm registry With the npm.js proxy support, developers will be able to set the GitHub Package Registry as the source of their organization’s npm packages and the proxied source of packages from npm. To use this feature you just need to change OWNER to your GitHub organization or username in your project’s ‘.npmrc’ file. This will instruct npm to redirect all package requests to GitHub Package Registry, which will then serve any requests for a package in your account. In the future, the team plans to expand this feature to support other npm sources as well and add proxy support for other package types including Maven, NuGet, and Ruby. In order to prevent outages, they also plan to build a permanent cache on top of the proxy service. Another update is that the feature that automatically created releases when you published a package, is now removed. Explaining the reason, the team wrote in the announcement, “Many customers expressed that automatically creating a release for every package published was unexpected and undesirable and that it led to conflicts for repositories that were managing their releases closely already. As of today, publishing a package will no longer create an accompanying release.” The service is currently available in a limited public beta. GitHub is planning to make the service generally available via GitHub Universe later this year. Till then, it seeks for your feedback through the GitHub Package Registry survey. You can read the official announcement to know more in detail. Other news in programming Core Python team confirms sunsetting Python 2 on January 1, 2020 Developers from the Swift for TensorFlow project propose adding first-class differentiable programming to Swift Go 1.13 releases with error wrapping, TLS 1.3 enabled by default, improved number literals, and more

Two days earlier, InfluxData launched InfluxDB Cloud 2.0, its new serverless time-series cloud database platform. The new product includes a free rate-limited tier, transparent usage-based pricing and advanced analytic capabilities that allow customers to convert data into actionable information. It is also the first specialized time-series database cloud service which is serverless. The design direction of the 2.0 platform is to make it more visual and, in some cases, codeless. The company’s goal is to change the APIs and query language to unify the entire stack behind a single, common set of APIs. “Time series data is becoming increasingly important across a range of applications, notably operational and IoT analytics. Cloud and web developers today expect convenient access to specialist data engines,” said James Governor, analyst, and co-founder at RedMonk. “InfluxDB Cloud 2.0 is designed for developer experience, to make time-series data easier to work with.” Features of InfluxDB Cloud 2.0 It collects, stores, queries, processes and visualizes raw, high-precision, time-stamped data. InfluxDB Cloud 2.0 can outperform non-specialized time series solutions by up to 100x. It provides customers real-time observability into their systems and supports a wide range of customer applications. InfluxDB Cloud 2.0 also features Flux, a new data scripting, and query language. Flux can extract more complex and valuable insights from data, better detect anomalies and enable real-time action with alerts and notifications. The new user interface includes native client library collections and pre-built dashboards and scripts for common monitoring projects, such as Docker, Kubernetes, Nginx, Redis and more. InfluxDB Cloud 2.0 will also be available as an integrated solution on the Google Cloud Platform later this year. You can get started with InfluxDB Cloud here. Next up in Data FaunaDB brings its serverless database to Netlify to help developers create apps Different types of NoSQL databases and when to use them Google open sources their differential privacy library to help protect user’s private data

ClubHouse, a popular project management platform has announced a free plan for smaller teams and a new collaborative documentation tool called ‘ClubHouse Write’. What is interesting is that although there are a number of competitors in the project management space, including the popular Atlassian Jira, few if any are offering it for free. ClubHouse provides a ‘Free plan’ for smaller teams of up to 10 users This no-cost option allows teams of up to 10 users to get unlimited access to ClubHouse core features such as core features Stories, Epics, Milestones for free.  These features show how everyday tasks of a team contribute towards a larger company goal. Additional features for support and additional security are available in Standard and Enterprise Plans for larger teams. All current small plan customers with 10 users or less, will be automatically transitioned over to the Free Plan. Organizations that previously paid an annual fee and have 10 or fewer users will be refunded the difference in price. Once a team adds the 11th user, they will transition to the current Standard Plan. Although Free Plan does not support Observers, if teams have Observers on a current Small Plan, they will be allowed to keep existing Observers. Users were quite excited about this new Free Plan, commenting about it on social media platforms. “You guys rock! One less expense to worry about it until I hit my stride. I'll gladly be paying for 11+ members when I can reach my goals,” reads a comment. Another says, “Thanks! I LOVE CLUBHOUSE! I would still gladly pay $10/mth maybe you should have made free for teams up to 5, but then kept small for 5-10 :)” ClubHouse Write, a collaborative documentation tool Along with today’s Free Plan announcement, Clubhouse has introduced Write, a real-time collaborative documentation tool. This product is currently in beta and will “make it easier for your software team to document, collaborate, and ideate together.” Software development teams will be able to collaborate, organize and comment on project documentation in real-time, for inter-team communication. Development teams can organize their Docs in multiple Collections. They can also choose to keep a Doc private or publish to the whole Workspace. Users will also be notified when there are new comments on followed Docs. In an interview with TechCrunch, Clubhouse discussed how the offerings will provide key competitive positioning against competitors such as Atlassian’s project management tool “Jira,”. Clubhouse Write, will compete head-on with Atlassian’s team collaboration product “Confluence.” Twitteratis were also quite excited about this new development. https://twitter.com/kkukshtel/status/1171829400951824384 https://twitter.com/kieranmoolchan/status/1171450725877997568 Other interesting news in Tech The Eclipse Foundation releases Jakarta EE 8, the first truly open-source, vendor-neutral Java EE. The Continuous Intelligence report by Sumo Logic highlights the rise of Multi-Cloud adoption and open source technologies like Kubernetes. Apple’s September 2019 Event: iPhone 11 Pro and Pro Max, Watch Series 5, Apple TV+, iPad, and more.

Yesterday, the Eclipse Foundation announced the release of the Jakarta EE 8 full platform, web profile specifications, and related Technology Compatibility Kits (TCKs). This marks the completion of Java EE’s transition to an open and vendor-neutral evolution process. Explaining the vision behind this release, Mike Milinkovich, executive director of the Eclipse Foundation said, “There are tens of thousands of companies with strategic investments in Java EE and over 10 million Java developers globally. The finalization of the Jakarta EE 8 specifications means that the transition of Java EE to our new open, vendor-neutral, and community-based process has been completed, and paves the way for an entirely new era in Java innovation for enterprise and cloud workloads.” Back in 1999, Sun Microsystems developed Java EE under the name Java 2 Enterprise Edition (J2EE), which was rebranded as Java Platform, Enterprise Edition (Java EE) in 2006. When in 2010 Oracle acquired Sun Microsystems, Java EE’s governance and oversight also moved to Oracle. The development of Java EE’s technical specifications was managed under the Java Community Process (JCP), which was tightly vendor-led effort. In order to make Java EE more open, Oracle made the Eclipse Foundation the new steward of enterprise Java. Read also: Eclipse foundation releases updates on its Jakarta EE Rights to Java trademarks Updates in Jakarta EE 8 Jakarta EE 8 has shipped with the same set of technical specifications as Java EE 8, which means developers are not required to make any changes to their Java EE 8 applications or their use of existing APIs. In this release, the team has focused on updating the process used to determine new specs for Jakarta EE that will replace JCP. This new process is called the Jakarta EE Specification Process (JESP), which will be used by the Jakarta EE Working Group for further development of Jakarta EE. It is based on the Eclipse Foundation Specification Process (EFSP) with a few changes. Rhuan Rocha, a Java EE developer, wrote in the announcement, “The goals of JESP is being a process as lightweight as possible, with a design closer to open source development and with code-first development in mind. With this, this process promotes a new culture that focuses on experimentation to evolve these specification based on experiences gained with experimentation.” A key change in this process is that there is no Spec Lead now who had special intellectual property rights under the JCP. In an interview with JAXenter, Milinkovich explained how this process differs from JCP, “The Jakarta EE Specification Process is a level playing field in which all parties are equal, and collaboration is a must. Some of the other significant differences include a code-first approach, rather than a focus on specifications as the starting point. You can also expect a more fully open, collaborative approach to generating specifications, with every decision made collectively by the community.” Along with the release of Jakarta EE 8 specifications, the Eclipse Foundation also announced the certification of Eclipse GlassFish 5.1 as an open-source compatible implementation of the Jakarta EE 8 Platform. To know more in detail, check out the official announcement by the Eclipse Foundation. Other news in programming Is Scala 3.0 a new language altogether? Martin Odersky, its designer, says “yes and no” Core Python team confirms sunsetting Python 2 on January 1, 2020 Go 1.13 releases with error wrapping, TLS 1.3 enabled by default, improved number literals, and more

Yesterday, Mozilla relaunched its Test Pilot Program for the second time, alongside the release of Firefox Private Network Beta. The Test Pilot Program provides Firefox users with a way to try out its newest features and share their feedback with Mozilla. Mozilla first introduced the Test Pilot Program as an add-on for Firefox 3.5 in 2009 and relaunched it in 2016. However, in January this year, it decided to close this program in the process of evolving its “approach to experimentation even further.” While the name is the same, the difference is that the features you will get to try now will be much more stable. Explaining the difference between this iteration of Test Pilot Program and the previous ones, the team wrote in the announcement, “The difference with the newly relaunched Test Pilot program is that these products and services may be outside the Firefox browser, and will be far more polished, and just one step shy of general public release.” Firefox Private Network Beta The first project available for beta testing under this iteration of the Test Pilot Program is Firefox Private Network. It is currently free and available to Firefox for desktop users in the United States only. Firefox Private Network is an opt-in, privacy-focused feature that gives users access to a private network when they are connected to a free and open Wi-Fi. It will encrypt the web addresses you visit and the data you share. Your data will be sent through a proxy service by Mozilla’s partner, Cloudflare. It will also mask your IP address to protect you from third-party trackers around the web. Source: Mozilla Read also: Firefox 69 allows default blocking of third-party tracking cookies and cryptomining for all users Users have already started testing the feature. A user on Hacker News shared, “I just got done testing this, it assigns a U.S. IPv6 address and uses the Cloudflare Warp network. My tests showed a very stable download speed of 150.3 Mbps and an upload speed of 13.8 Mbps with a latency of 31ms.” Another user commented, “I quite like the fact that once this goes mainstream, it'd help limit surveillance and bypass censorship on the web in one fell swoop without having to install or trust 3p other than the implicit trust in Mozilla and its partners (in this case, Cloudflare). Knowing Cloudflare, I'm sure this proxy is as much abt speed and latency as privacy and security.” Some users were also skeptical about the use of Cloudflare in this feature. “As much as I like the idea of baking better privacy tools into the browser, it's hard for me to get enthusiastic about the idea of making Cloudflare even more of an official man-in-the-middle for all network traffic than they already are,” a user added. Others also recommended to try Tor proxy instead, “I'd like to point out though, that, one could run a Tor proxy (it also has a VPN mode) on their phones [0] today to work around censorship and surveillance; anonymity is a bit tricky over tor-as-a-proxy. The speeds over Tor are decent and nothing you can't tolerate whilst casual web browsing. It is probably going to be free forever unlike Firefox's private network.” Read also: The Tor Project on browser fingerprinting and how it is taking a stand against it Read Mozilla’s official announcement to know more in detail. Other news in web development Laravel 6.0 releases with Laravel vapor compatibility, LazyCollection, improved authorization response and more GitHub updates to Rails 6.0 with an incremental approach Wasmer’s first Postgres extension to run WebAssembly is here!

Today, Sumo Logic revealed the fourth edition of their “Continuous Intelligence Report: The State of Modern Applications and DevSecOps in the Cloud.” The primary goal of this report is to present data-driven insights, best practices and the latest trends by analyzing technology adoption among Sumo Logic customers. The data in the report is derived from 2000+ Sumo Logic customers running applications on cloud platforms like AWS, Azure, Google Cloud Platform, as well as, on-premise environments. This year, the Continuous Intelligence report finds that, with an increase of 50% in enterprise adoption and deployments of multi-cloud, Multi-cloud is growing faster than any other modern infrastructure category. In a statement, Kalyan Ramanathan, vice president of product marketing for Sumo Logic says, “the increased adoption of services to enable and secure a multi-cloud strategy are adding more complexity and noise,  which current legacy analytics solutions can’t handle. To address this complexity, companies will need a continuous intelligence strategy that consolidates all of their data into a single pane of glass to close the intelligence gap. Sumo Logic provides this strategy as a cloud-native, continuous intelligence platform, delivered as a service.” Key findings of the Modern App Report 2019 Kubernetes highly prevalent in multi-cloud environments Kubernetes offers broad multi-cloud support and can be used by many organizations to run applications across cloud environments. The 2019 Modern App survey reveals that 1 in 5 AWS customers use Kubernetes. Image Source: The Continuous Intelligence Report The report states, “Enterprises are betting on Kubernetes to drive their multi-cloud strategies. It is imperative that enterprises deploy apps on Kubernetes to easily orchestrate/manage/scale apps and also retain the flexibility to port apps across different clouds.” Open source has disrupted the modern application stack Open source has disrupted the modern application stack with open source solutions for containers like orchestration, infrastructure and application services leading in majority. 4 out of 6 application infrastructure platforms are dominated by open source now. One of the open source solution called the orchestration technologies are used to not only automate the deployment and scaling of containers, but also to ensure reliability of applications and workloads which are running on containers. Image Source: The Continuous Intelligence Report Adoption of individual IaaS services suggests enterprises are trying to avoid vendor lock-in The Modern App 2019 survey finds that typical enterprises are only using 15 out of 150+ discrete services marketed and available for consumption in AWS. The adoption of AWS services demonstrates that basic compute, storage, database, network, and identity services are some of the top 10 adopted services in AWS. It is also found that services like management, tooling, and advanced security services are adopted at a lower rate than the core infrastructure services (50% or less). Image Source: The Continuous Intelligence Report Serverless technology mainly AWS Lambda continue to rise Serverless technologies like AWS Lambda continues to grow steeply as it is a cost-effective option to speed cloud and DevOps deployment automation. The Modern App Report 2019 reveals that AWS Lambda adoption grew to 36% in 2019, up 24% from 2017. It is also being used in several non-production use cases. AWS Lambda continues to increase their cloud migration and digital transformation efforts which makes it one of the top 10 AWS services by adoption. “Lambda usage for application or deployment automation technology should be considered for every production application,” reads the report. Image Source: The Continuous Intelligence Report The 2019 Continuous Intelligence Report is the first industry report to quantitatively define the state of the Modern Application Stack and its implication to the growing technology. Professionals like cloud architects, Site Reliability Engineers (SREs), data engineers, operations teams, DevOps and Chief Information Security Officers (CISOs) can learn how to build, run and secure modern applications and cloud infrastructures by leveraging information from this report. If you are interested to know more, you can check out the full report at the Sumo Logic blog. Other news in Cloud and Networking Containous introduces Maesh, a lightweight and simple Service Mesh to ease microservices adoption Amazon announces improved VPC networking for AWS Lambda functions Kubernetes releases etcd v3.4 with better backend storage, improved raft voting process, new raft non-voting member and more

Yesterday was a big day for Apple. Apple’s September event featured a number of new replacements of Apple’s already popular products including the new iPhone 11 (with triple cameras), Watch Series 5, Apple TV+ and a new iPad. In case you missed seeing the live update, we’ve got you covered with everything Apple announced at the Apple event for September 2019. Apple is releasing iOS 13 on September 19 as a software update for iPhone 6s models and later. Apple also said additional features will be available on September 30 with iOS 13.1, including improvements to AirDrop. iPhone 11 succeeds iPhone XR;  iPhone 11 Pro and Pro Max comes with triple cameras No doubt the most anticipated launch of the event, iPhone 11 was portrayed as the successor of iPhone XR. iPhone 11 comes with iOS 13 integration and two high-definition cameras and Night mode for photos. The dual-camera system lets users easily zoom between each camera while Audio Zoom matches the audio to the video framing for more dynamic sound. Users can easily record videos without switching out of Photo mode with QuickTake by simply holding the shutter button to start recording. It is powered by the A13 Bionic chip with all-day battery life. A12. The A13 Bionic is built for machine learning, with a faster Neural Engine for real-time photo and video analysis, and new Machine Learning Accelerators that allow the CPU to deliver more than 1 trillion operations per second. It has a 6.1-inch all-screen Liquid Retina display. iPhone 11 is water-resistant and comes in six colors including red, black, white, yellow, green and purple. iPhone 11 will get an update for Deep Fusion, coming later this fall, which is a new image processing system enabled by the Neural Engine of A13 Bionic. https://www.youtube.com/watch?v=H4p6njjPV_o iPhone 11 will be available for pre-order beginning Friday, September 13 and in stores beginning Friday, September 20, starting at $699 in the US, Puerto Rico, the US Virgin Islands and more than 30 other countries and regions. The iPhone 11 Pro and Pro Max come with a triple-camera system which provides a pro-level camera experience with an Ultra-Wide, Wide and Telephoto camera. The triple-camera system enables Portrait mode with a wider field of view, great for taking portraits of multiple people. The Telephoto camera features a larger ƒ/2.0 aperture to capture 40 percent more light compared to iPhone Xs for better photos and videos. https://www.youtube.com/watch?v=cVEemOmHw9Y However, not many are impressed with the aesthetics of the camera placement. https://twitter.com/9GAG/status/1171623152562200576 https://twitter.com/lytearr_/status/1171608034105155585 https://twitter.com/shrekpepeboii/status/1171629182901600256 The iPhone 11 Pro has a 5.8-inch OLED, and the Pro Max has a 6.5-inch OLED. They have a Super Retina XDR display, a custom-designed OLED with up to 1,200 nits brightness. It also comes with the A13 Bionic chip with iPhone 11 Pro offering up to four more hours of battery life in a day than iPhone XS, and iPhone 11 Pro Max offering up to five hours more than iPhone XS Max. iPhone 11 Pro and iPhone 11 Pro Max will be available in 64GB, 256GB and 512GB models in midnight green, space gray, silver, and gold starting at $999 and $1,099, respectively. Apple is also launching a new line of iPhone cases that come in a wide range of colors. Apple Watch Series 5 now works just like… your normal watch The new series of Apple Watch supports looks much like last year’s model, except that it supports the always-on display function. The series 5 dims the brightness, but it retains all of the same visuals you’d normally see while using it. This is different from how most smartwatches turn off the display to extend battery life. Though it has the same 18-hour battery life as the Series 4. You also have international emergency calling for added personal safety. New health features include Cycle Tracking, Noise app, and Activity Trends. The Apple Watch Series 5, has the Compass app to see the heading, incline, latitude, longitude, and current elevation. https://www.youtube.com/watch?v=5bvcyIV4yzo In addition, Apple is launching three new health studies: one for women’s health, one for hearing, and one for heart health. It’s partnering with major research institutions on each, and Apple Watch users can enroll through a forthcoming Apple Research app. Apple Watch Series 5 (GPS) starts at $399 and Apple Watch Series 5 (GPS + Cellular) starts at $499. This is the first Apple Watch to release with ceramic and titanium finishes. Sales start beginning Friday, September 20 in the US, Puerto Rico and 20 other countries and regions. You can order it from apple.com and in the Apple Store app. New 7th-Gen iPad now has a 10.2-inch display Apple’s new 7th-gen iPad is now upgraded from standard 9.7-inch display size to 10.2 inches. It also features the A10 Bionic processor and a new Smart Connector. It also provides support for Apple Pencil and the full-size Smart Keyboard. iPad starts at $329 for the Wi-Fi model and $459 for the Wi-Fi + Cellular model. Apple Arcade game subscription service Apple’s game subscription service, Apple Arcade will finally launch on September 30 on iPadOS and tvOS 13 and in October on macOS Catalina. The service will initially feature over 100 new, exclusive games, all playable across iPhone, iPad, iPod touch, Mac and Apple TV. To give users maximum flexibility when playing, some games will support controllers, including Xbox Wireless Controllers with Bluetooth, PlayStation DualShock 4 and MFi game controllers, in addition to touch controls and Siri Remote. Apple TV+ launches November 1 at $4.99 per month Apple’s flagship all-original video subscription service, Apple TV+ will be available at $4.99 per month, starting November 1.  This puts Apple in direct competition with Disney, whose subscription service Disney+ is available for $7 a month. Apple TV+ will offer a lineup of shows, movies, and documentaries, focusing on original content produced exclusively for the service. Apple will also include a year-long subscription to Apple TV Plus for free if you buy a new Apple product, including new iPads, iPhones, laptops, or desktops. If you are in a hurry here’s a 2 min video of the Apple Event: https://youtu.be/ZA3MV2V--TU Keep checking this space for more Apple coverage More news for Apple Apple Music is now available on your web browser Is Apple’s ‘Independent Repair Provider Program’ a bid to avoid the ‘Right To Repair’ bill Apple announces ‘WebKit Tracking Prevention Policy’ that considers web tracking as a security vulnerability

After running the pre-release version of Rails 6.0 for months in production, the GitHub application was deployed to production on its official release last month. Yesterday, GitHub shared how its upgrade team was able to make the transition from Rails 5.2 to 6.0 smoothly just after 1.5 weeks of the release. Rails 6.0 was released with several amazing features including action mailbox, multiple database support, parallel testing, and more last month. GitHub is not only using it but has also made significant contributions to this release. It submitted over 100 pull requests for documentation improvements, bug fixes, performance improvements. Its contributions also included updates to the new features in the framework: parallel testing and multiple database support. “For many GitHub contributors, this was the first time sending changes to the Rails framework, demonstrating that upgrading Rails not only helps GitHub internally, but also improves our developer community as well,” GitHub wrote in the announcement. GitHub’s approach to this update was incremental. Instead of waiting for the final release, it upgraded every week by pulling in the latest changes from Rails master and running its tests against that new version. This enabled them to identify regressions quickly and early. The weekly updating process also made it easy to find these regressions because they were dealing with only a week’s worth of commits. GitHub now plans to use this co-development approach for future releases as well. It wrote, “Once our build for Rails 6.0 was green, we’d merge the pull request to master, and all new code that went into GitHub would need to pass in Rails 5.2 and the newest master build of Rails. Upgrading every week worked so well that we’ll continue using this process for upgrading from 6.0 to 6.1.” Following this approach has not only helped in improving the GitHub application in terms of security, performance, and new features but has also improved the working experience with the GitHub codebase for its engineers. This sparked a discussion on Hacker News were developers also recommended taking an incremental approach for upgrading one’s application. A user commented, “Incremental updates may require more time to complete, as an API may be refactored multiple times over many versions. However, the confidence in moving incrementally is well worth it IMHO. If you don't have an extensive enough test suite or poor/missing QA process (or both!), doing a big bang upgrade is going to both be extremely painful and very error-prone. It's worthwhile to keep up to date. It's probably not worthwhile to upgrade ASAP after a release, but you don't want to wait too long.” Another user added, “...they could have waited but if one has the developer resources, it's better to be proactive instead of waiting for an official release and all of a sudden try to upgrade and run into a lot of unforeseen issues.” Check out the official announcement to know more in detail. Other news in web development GitHub now supports two-factor authentication with security keys using the WebAuthn API The first release candidate of Rails 6.0.0 is now out! GitLab considers moving to a single Rails codebase by combining the two existing repositories