Tech News

Google Employees who helped organize the worldwide Google Walkout are now facing troubles for doing so. Per a report by Wired, roles of two Google employees, Claire Stapleton, YouTube Marketing Manager and Meredith Whittaker the head of Google’s Open Research were changed dramatically several months after the Walkout including calls to abandon AI ethics work, demotion, and more. Both employees posted about their retaliation in a letter shared internally with co-workers on Monday. In November last year, 20,000 Google employees along with Temps, Vendors, and Contractors walked out to protest the discrimination, racism, and sexual harassment that they encountered at Google’s workplace. The Walkout was planned after The New York Times brought to light the shocking allegations against Andy Rubin’s (creator of Android) sexual misconduct at Google. Meredith Whittaker leads Google's Open Research Group and the Google Measurement Lab. She is also the co-founder of the AI Now Institute, and a renowned figure working to eliminate AI bias and discrimination and incorporate workplace diversity. In the letter, Meredith says, that after the announcement of Google disbanding it’s AI Ethics council, she was informed that to remain at the company she will have to abandon her work on AI ethics and the AI Now Institute. Claire Stapleton, another walkout organizer was told she would be demoted from her role as marketing manager at YouTube. After escalating the issue to human resources, she said she faced further retaliation. “My manager started ignoring me, my work was given to other people, and I was told to go on medical leave, even though I’m not sick,” Stapleton wrote in the letter which was seen by Wired. Her demotion was only reversed after she hired a lawyer, and the company conducted an investigation. She adds, “While my work has been restored, the environment remains hostile and I consider quitting nearly every day.” “More than 300 other employees have shared stories of retaliation since the walkout,” Ms. Stapleton and Ms. Whittaker wrote in their letter. Google has a long history of retaliation, particularly to silence women, people of color, and gender minorities. The suffering that these people face include but not limited to icy conversations, gaslighting, project cancellations, transition rejections, and demotions. Ms. Stapleton and Ms. Whittaker wrote in the letter, “On reading the 350 collected stories after the walkout, a sad pattern emerges: People who stand up and report discrimination, abuse, and unethical conduct are punished, sidelined, and pushed out. Perpetrators often go unimpeded or are even rewarded (Andy, Amit, “I reported, he got promoted”).” They urge Google to end retaliation against the people who speak honestly about these problems in order to foster a culture free of discrimination, harassment, and unethical decision making. In regards to this, both women plan to host a Retaliation Town Hall to share their stories and strategize on Friday. They will also be live-streaming the meeting. The ladies also urge people to share their stories if they have been retaliated against. Google put up another ignorant statement in response to this letter. A Google spokesperson told Wired, "We prohibit retaliation in the workplace and investigate all allegations. Employees and teams are regularly and commonly given new assignments, or reorganized, to keep pace with evolving business needs. There has been no retaliation here.” It is worth noting that Googlers had a special place in Google’s S-1 filing made almost 16 years ago on April 29, 2004, which states: “Our employees, who have named themselves Googlers, are everything. Google is organized around the ability to attract and leverage the talent of exceptional technologists and business people. We have been lucky to recruit many creative, principled and hard-working stars. We hope to recruit many more in the future. We will reward and treat them well.” On Twitter, people blasted Google’s response. https://twitter.com/VidaVakil/status/1120413344245211138 https://twitter.com/stautistic/status/1120412909849513987 https://twitter.com/technologypoet/status/1120573594843484160 https://twitter.com/bcmerchant/status/1120429588293804040 https://twitter.com/morungos/status/1120489987705905152 They have also spoken in solidarity with Ms. Stapleton and Ms. Whittaker and condemned Google saying the company only wants to mint money instead of taking care of its employees. https://twitter.com/roeldobbe/status/1120401885666607105 https://twitter.com/profcarroll/status/1120398118732935175 https://twitter.com/tomwarren/status/1120422864979730435 https://twitter.com/AMZNforClimate/status/1120548259964039170 François Chollet, who heads Deep learning at Google and is the creator of Keras, neural networks library, also spoke in favor of Meredith. https://twitter.com/fchollet/status/1120513875554775041 Meredith Whittaker also took to Twitter to thank people for supporting her. “Google's retaliation isn't about me, or Claire. It's about silencing dissent & making us afraid to speak honestly about tech & power.” https://twitter.com/mer__edith/status/1120482231858999298 Google dissolves its Advanced Technology External Advisory Council in a week after repeat criticism on the selection of members. Google employees filed a petition to remove anti-trans, anti-LGBTQ and anti-immigrant Kay Coles James from the AI council Google employees ‘Walkout for Real Change’ today. These are their demands.

Earlier this month, Dirk Lewandowski, Professor of Information Research & Information Retrieval  at Hamburg University of Applied Sciences, Germany, published a proposal for building an index of the Web. His proposal aims to separate the infrastructure part of search engine from the services part. Search engines are our way to the web, which makes them an integral part of the Web’s infrastructure. While there are a significant number of search engines present in the market, there are only a few relevant search engines that have their own index, for example, Google, Bing, Yandex and Baidu. Other search engines that pull results from these search engines, for instance, Yahoo, cannot really be considered search engines in the true sense. The US search engine market is split between Google and Bing with roughly two thirds to one-third, respectively, In most European countries, Google covers the 90% of the market share. Highlighting the implications of Google’s dominance in the current search engine market, the report reads, “As this situation has been stable over at least the last few years, there have been discussions about how much power Google has over what users get to see from the Web, as well as about anti-competitive business practices, most notably in the context of the European Commission's competitive investigation into the search giant.” The proposal aims to bring plurality in the search engine market, not only in terms of the numbers of search engine providers but also in the number of search results users get to see when using search engines. The idea is to implement the “missing part of the Web’s infrastructure” called searchable index. The author proposes to separate the infrastructure part of the search engine from services part. This will allow multitude of services, whether existing as search engines or otherwise to be run on a shared infrastructure. The following figure shows how the public infrastructure crawls the web for indexing its content and provides an interface to the services that are built on top of the index. The indexing stage is split into basic indexing and advanced indexing. Basic indexing is responsible for providing the data in a form that services built on top of the index can easily and rapidly process the data. Though services are allowed to do their further indexing to prepare the documents, the open infrastructure also provides some advanced indexing. This provides additional information to the indexed documents, for example, semantic annotations. This advanced indexing requires an extensive infrastructure for data mining and processing. Services will be able to decide for themselves to what extent they want to rely on the pre-processing infrastructure provided by the Open Web Index. A common design principle can be adopted is allowing services a maximum of flexibility. Credits: arXiv Many users are supporting this idea. One Redditor said, “I have been wanting this for years...If you look at the original Yahoo Page when Yahoo first started out it attempted to solve this problem.I believe this index could be regionally or language based.” Some others do believe that implementing an open web index will come with its own challenges. “One of the challenges of creating a "web index" is first creating indexes of each website. "Crawling" to discover every page of a website, as well as all links to external sites, is labour-intensive and relatively inefficient. Part of that is because there is no 100% reliable way to know, before we begin accessing a website, each and every URL for each and every page of the site. There are inconsistent efforts such "site index" pages or the "sitemap" protocol (introduced by Google), but we cannot rely on all websites to create a comprehensive list of pages and to share it,” adds another Redditor. To read more in detail, check out the paper titled: The Web is missing an essential part of infrastructure: an Open Web Index. Tim Berners-Lee plans to decentralize the web with ‘Solid’, an open-source project for “personal empowerment through data” Google Cloud Next’19 day 1: open-source partnerships, hybrid-cloud platform, Cloud Run, and more Dark Web Phishing Kits: Cheap, plentiful and ready to trick you  

Last week, Fastly Inc., a provider of an edge cloud platform announced that it has filed its proposed initial public offering (ipo) with the US Securities and Exchange Commission. Last year in July, in its last round of financing before a public offering,  the company raised $40 million investment. The book-running managers for the proposed offering are BofA Merrill Lynch, Citigroup, and Credit Suisse. William Blair, Raymond James, Baird, Oppenheimer & Co., Stifel, Craig-Hallum Capital Group and D.A. Davidson & Co. are co-managers for the proposed offering. Founded by Artur Bergman in 2011, Fastly is an American cloud computing services provider. Its edge cloud platform provides a content delivery network, Internet security services, load balancing, and video & streaming services. The edge cloud platform is designed from the ground up to be programmable and to support agile software development. This programmable edge cloud platform gives developers real-time visibility and control by stream logging data. So, developers are able to instantly see the impact of new code in production, troubleshoot issues as they occur, and rapidly identify suspicious traffic. Fastly boasts of catering to customers like The New York Times, Reddit, GitHub, Stripe, Ticketmaster and Pinterest. The company, in the unfinished prospectus shared how it has grown over the years, the risks of investing in the company, what are its plans for the future, and more. The company shows a steady growth in its revenue, while in December 2017 it was $104.9 million, it increased to $144.6 million, by the end of 2018. Its loss has also shown some decline from $32.5 million in December 2017 to $30.9 million in December 2018. Predicting its future market value, the prospectus says, “When incorporating these additional offerings, we estimate a total market opportunity of approximately $18.0 billion in 2019, based on expected growth from 2017, to $35.8 billion in 2022, growing with an expected CAGR of 25.6%.“ Fastly has not yet determined the number of shares to offered and the price range for the proposed offering. Currently, the company’s public filing has a placeholder amount of $100 million. However, looking at the amount of funding the company has received, TechCrunch predicts that it is more likely to get closer to $1 billion when it finally prices its shares. Fastly has two classes of authorized common stock: Class A and Class B. The rights of both the common stockholders are identical, except with respect to voting and conversion. Each Class A share is entitled to one vote per share and each Class B share is entitled to 10 votes per share. Class B shares are convertible into one shares of Class A common stock. The Class A common stock will be listed on The New York Stock Exchange under the symbol “FSLY.” To read more in detail, check out the ipo filing by Fastly. Fastly open sources Lucet, a native WebAssembly compiler and runtime Cloudflare raises $150M with Franklin Templeton leading the latest round of funding Dark Web Phishing Kits: Cheap, plentiful and ready to trick you  

Over the weekend, Liz Fong-Jones, a Developer Advocate at honeycomb.io posted her experience with the security hardening of honeycomb.io’s infrastructure. In her post, on GitHub, Liz explains how SSH keys, which provide authentication between hosts, can be vulnerable to different threats, which might be overlooked. Liz mentions that by adding passphrase encryption, the private keys become resistant to theft when at rest. However, when they are in use, the usability challenges of re-entering the passphrase on every connection means that “engineers began caching keys unencrypted in memory of their workstations, and worse yet, forwarding the agent to allow remote hosts to use the cached keys without further confirmation”. The Matrix breach, which took place on April 11 showcases an example of what happens when authenticated sessions are allowed to propagate without a middle-man. The intruder in the Matrix breach had access to the production databases, potentially giving them access to unencrypted message data, password hashes, and access tokens. Liz also mentions two primary ways of preventing an attacker from misusing credentials. Using a separate device that generates, using a shared secret, numerical codes that we can transfer over out of the band and enter alongside the key. Having a separate device perform all the cryptography only when physically authorized by the user. In her post, Liz asks, “What will work for a majority of developers who are used to simply loading their SSH key into the agent at the start of their login session and SSHing everywhere?” and also shares her work on how one can avoid such threats. Some pre-requisites to this that Liz mentions is, “I'm assuming that you have a publicly exposed bastion host for each environment that intermediates accesses to the rest of each environment's VPC, and use SSH keys to authenticate from laptops to the bastion and from the bastion to each VM/container in the VPC”. As a preliminary step, the user should start by enabling numerical time-based one-time password (TOTP) for SSH authentication. However, since a malicious host could impersonate the real bastion (if strict host checking isn't on), intercept the OTP, and then use it to authenticate to the real bastion, “ it's better than being wormed or compromised because you forgot to take basic measures against even a passive adversary”, Liz states. After the server and the client setup, the user needs to use Chef to populate /etc/2fa_token_keys with keys that are generated and stored securely. There are different setup methods including: Mac client setup Users with Touchbar Macs should use TouchID to authenticate logins, as they'll have their laptop and their fingers with them anyways. For instance, SeKey is an SSH Agent that allows users to authenticate to UNIX/Linux SSH servers using the Secure Enclave. Krypt.co setup for iOS and Android With the help of krypt.co, instead of generating OTPs and sending them over manually, the mobile devices can securely store our SSH keys and only remotely authorize usage (and send the signed challenge to the remote server) simply with a single click. This process is even more secure than a TOTP app so long as the user supplies appropriate parameters to force hardware coprocessor storage (NIST P-256 for iOS, and 3072-bit RSA for Android, on new enough devices). Make sure people use screen locks! Liz in her post also explores YubiKey hardware token & Linux/ChromeOS client setup. To know more about this and how to set up in detail, read Liz’s GitHub post. How to remotely monitor hosts over Telnet and SSH [Tutorial] OpenSSH, now a part of the Windows Server 2019 OpenSSH 7.9 released

Marcus Hutchins, who authors the popular blog MalwareTech, and a British security researcher has pleaded guilty today to writing malware in the years prior to his prodigious career as a malware researcher. Marcus posted a statement on his website and on his Twitter feed too, "I regret these actions and accept full responsibility for my mistakes. Having grown up, I've since been using the same skills that I misused several years ago for constructive purposes. I will continue to devote my time to keeping people safe from malware attacks." https://twitter.com/MalwareTechBlog/status/1119322882578866176 Marcus was virtually unknown to most in the security community until May 2017 when the UK media revealed him as the “accidental hero” who inadvertently halted the global spread of WannaCry, a ransomware contagion that had taken the world by storm just days before. In August 2017, Hutchins was arrested by FBI agents in Las Vegas on suspicion of authoring and/or selling “Kronos,” a strain of malware designed to steal online banking credentials. Hutchins has been barred from leaving the United States since he was arrested. The plea agreement of Marcus is here. “Attachment A” on page 15 outlines the case against Hutchins and an alleged co-conspirator. It further reads that in between July 2012 and Sept. 2015, Hutchins helped create and sell Kronos and a related piece of malware called UPAS Kit. Many of Hutchins’ supporters and readers had trouble believing the charges against him, and in response KrebsOnSecurity published a detailed investigation into activities tied to his various online personas over the years. As per the report, the clues suggested Hutchins began developing and selling malware in his mid-teens — only to later develop a change of heart and earnestly endeavor to leave that part of his life squarely in the rearview mirror. Nevertheless, there were a number of indications that Hutchins’ alleged malware activity continued into his adulthood. Upto 10 years in prison According to court documents obtained by ZDNet, Hutchins pleaded guilty to two counts, and the government agreed to drop the other eight. He pleaded guilty to entering a conspiracy to create and distribute malware, and in aiding and abetting its distribution. For each count, Hutchins will face up to five years in prison, $250,000 in fines, and one year of supervised release. According to ZDNet, Marcus was charged for working with a co-conspirator identified as "Vinny," "VinnyK," and "Aurora123"-- to advertise and sell the two malware strains online. This started somewhere in between July 2012 and September 2015, even before Hutchins was recognized as a talented security researcher. Further ZDNet explains that creating malware is a form of protected speech in the United States, but selling and disseminating is another matter. Orin Kerr, the law professor of University of Southern California gives a detailed explanation in the 2017 dissection of the government’s charges on the Washington Post website. The charges on Marcus are likely to be tempered by federal sentencing guidelines, and may take into account the already served detention time. It still remains unclear when he will be sentenced. After the arrest, Hutchins was released on bail and has been living in Los Angeles awaiting trial. He started sharing his malware analysis skills with the information security (infosec) community when he was prohibited from working for his employer. Hutchins is considered as one of the most talented security researchers and this news comes a huge loss for the infosec community. https://twitter.com/JRoosen/status/1119342458809331713 Update on 26th July from ZDNet ZDNet on Friday reported that the US legal case against Marcus Hutchins who helped stop WannaCry ransomware outbreak comes to an end. He is sentenced in the US to time served and one year of supervised release. The UK-born malware analyst avoids prison time in a case that the judge described as having "too many positives on other side of ledger" -- referring to Hutchins' role in the WannaCry ransomware outbreak and his work as a malware analyst. Read the full story on ZDNet blog post. Understanding the cost of a cybersecurity attack: The losses organizations face A security researcher reveals his discovery on 800+ Million leaked Emails available online RSA Conference 2019 Highlights: Top 5 cybersecurity products announced

Last week, the Austrian government released plans to eliminate internet anonymity. Austrian users will now have to provide operators with their true identities or they might be fined in millions. This means that users from Austria can’t comment or post anonymously now. The law will get in force from 2020. Users will now have to provide their first name, last name and address to platform operators, as per the government's new draft law on Diligence and Responsibility on the Web. The operators will have to supply that information to government agencies or, in some cases, to private people in cases of insult or defamation for investigation purpose. Media Minister Gernot Blümel, of the center-right Austrian People's Party (ÖVP), said at a press conference, "The legal requirements that are valid in the analog world must also be valid in the digital world. That is why there is now an abundance of resolutions to make the correction." He further added, “The so-called digital anonymity ban is an additional step in that direction.” This law is applicable to platforms that either have more than 100,000 registered users; or who earn more than 500,000 euros in annual revenues; or the ones that receive government press subsidies of more than 50,000 euros. Per the draft law, the platforms would also have a responsibility to determine if the ID information provided by users is accurate. The process of how these platforms choose to do so is up to them. Though the draft law does mention the use of dual-factor authentication by way of the user's mobile number. All the SIM cards in Austria need to be registered with a photo ID by the beginning of the next year. Even the web platforms who would be responsible for making information about the platform are required to appoint a liaison in Austria. If the regulation is not followed, then the person will be fined up to 100,000 euros. The fines could even reach as high as 500,000 euros to a million euros depending upon the severity of the violation. The Austrian Communications Authority also known as KommAustria is responsible for enforcement of the law. This law exempts e-commerce platforms as they are the platforms that earn no revenues from their content or from advertising. Privacy and law experts condemn Austria’s new law Most IT and privacy experts are against Austria’s internet anonymity law. Markus Dörfler, an IT lawyer says, "In the real world, I don't demand to see an ID as a precautionary measure.” He believes this step is towards the establishment of censorship and the law could limit the freedom of expression. He also thinks that this law would work against the European Convention on Human Rights (ECHR), according to which any limitations on the freedom of expression can only be made if they are "necessary in a democratic society." According to him, it is unlikely that most of the foreign social media platforms will appoint a liaison in Austria and if the law will be applied to them. He further adds, "No Chinese network is going to start checking the identities of its users in order to comply with the law.” Dörfler is also unclear about whether the law is in parallel with the 2016 ruling by the European Court of Justice on data retention because as per the ruling, "general and indiscriminate retention of data is not allowed.” It also invades the right to privacy and the protection of personal data. Nikolaus Forgó, tech law expert also adds his views saying, "This path won't even come close to achieving the goal of internet discipline." He further adds that the law will lead to high costs such as paying the liaison which would damage Austria's "already weak" digital infrastructure. Also, it would be difficult to protect such a large amount of data which will give rise to data protection concerns. The platform operators will get this huge amount of data in their hands which could be risky. According to tech law expert, Lukas Feiler from the law firm Baker McKenzie, the draft law is a violation of the EU’s e-commerce directive. Feiler said, "The e-commerce directive protects the freedom to provide services for online platforms.” According to Mario Lindner, a diversity spokesman for the center-left Social Democratic Party of Austria (SPÖ), “the draft law overshoots its target.” Linder further added, “What the government has presented is not a solution to the challenges that are facing us in the digital space." To know more about this news, check out the post by Standard. IBM sued by former employees on violating age discrimination laws in workplace Are the lawmakers and media being really critical towards Facebook? Microsoft says tech companies are “not comfortable” storing their data in Australia thanks to the new anti-encryption law

In this era where technologies are advancing and innovation is booming, issues like racism, ageism sexism, patriarchy and misogyny still prevail. Tech industries have also been in light because of these reasons. In 2014, Microsoft CEO, Satya Nadella’s comments on women made news as he suggested that women shouldn’t be asking for a raise. In 2016 Microsoft came up with an AI chatbot called Tay, that got racist by learning from the negative conversations on Twitter. And recently one of the female employees at Microsoft complained about sexual harassment. They shared their frustrations about discrimination and sexual harassment, which was ranging from sexist comments during work trips to being told to sit on a coworker’s lap in front of a human resources leader. She mentioned that an employee from a partner company threatened to kill her if she did not perform implied sexual acts during a work trip.  “I raised immediate attention to HR and management.” She further added, “My male manager told me that ‘it sounded like he was just flirting’ and I should ‘get over it’. HR basically said that since there was no evidence, and this man worked for a partner company and not Microsoft, there was nothing they could do.” It’s disheartening how giant tech companies like Microsoft have a lot of things going on inside and women employees suffer due to baseless responses from the management. According to Microsoft's recent diversity report, 87% of Microsoft employees are white or Asian and more than 73% are men. Employees are questioning the company over its diversity and employee policies. They have now started discussing on Yammer, Microsoft’s internal message board. A female engineer asked, "Does Microsoft have any plans to end the current policy that financially incentivizes discriminatory hiring practices?" In the same post she added, "To be clear, I am referring to the fact that senior leadership is awarded more money if they discriminate against Asians and white men." Similar posts on Yammer related to discriminatory hiring which read, “Women are less suited for engineering roles” received more than 800 comments where few agreed to the statement and few criticized it. A female program Manager commented on the post, “I have an ever-increasing file of white male Microsoft employees who have faced outright and overt discrimination because they had the misfortune of being born both white and male. This is unacceptable.” According to Quartz, a member of Microsoft’s employee investigations team replied to a post related to discrimination, “The company does not tolerate discrimination of any kind.” Employees are not satisfied and they feel that there have been no steps taken so far in this regard. In a statement to Quartz, an employee said, “HR, Satya, all the leadership are sending out emails that they want to have an inclusive culture, but they’re not willing to take any action other than talk about it. They allow people to post these damaging, stereotypical things about women and minorities, and they do nothing about it.” With all sorts of discrimination and harassment at the workplace, it is high time that tech industries introduce major policy changes to encourage a fair, open and comfortable environment for the employees especially women. And for this few have already taken a stand against such issues and are coming together for a transition. https://twitter.com/aprilwensel/status/1119372644418068480 To know more about this news, check out the post by Quartz. Microsoft Bling introduces Fire: a Finite state machine and regular expression manipulation library Microsoft reveals certain Outlook.com user accounts were hacked for months Microsoft makes the first preview builds of Chromium-based Edge available for testing

Dr. Joe Armstrong, one of the creators of Erlang passed away over the weekend at the age of 68. Dr. Armstrong’s wife specified that he died from an infection of the lungs which occurred due to a quite recent diagnosis of pulmonary fibrosis. His lungs were donated to lung research. Francesco Cesarini, founder of Erlang solutions tweeted about Joe’s demise. https://twitter.com/FrancescoC/status/1119596234166218754 Robert Virding, co-creator of Erlang also payed his regards. https://twitter.com/rvirding/status/1119610591885307904 The developer community has also mourned the loss of Joe Armstrong with a large number of developers taking to various social media platforms to offer their condolences to Dr. Armstrong's family and paying their respects for him. Dr. Armstrong’s work with concurrency programming Dr. Armstrong was best known for helping lay foundations in the '70s and '80s to the most widely spread concurrency models as we know them today. In concurrent programming, multiple events, code snippets or programs are perceived to be executing at the same time. Unlike imperative languages, which uses routines or object-oriented languages, which use objects. Concurrency oriented languages use processes, actors, and agents as the main building blocks. Dr. Armstrong helped propel concurrency programming at a time when there was no IoT, web, massive multi-user online games, video streaming, and automated trading or online transactions. The Erlang programming language Erlang was co-created by Joe Armstrong alongside Robert Virding and Mike Williams in the 1980s at the Ericsson Computer Science Labs. While working there, Dr. Armstrong and his colleagues were looking for an approach to developing fault-tolerant and scalable systems. This resulted in the Erlang-style concurrency. He later received a Ph. D. in computer science from the Royal Institute of Technology in Stockholm, Sweden in 2003. He is also the author of a number of key books on the topic of Erlang including Concurrent Programming in Erlang, Programming Erlang: Software for a Concurrent World, and Coders At Work. Erlang was originally built for use only at Ericsson, as a proprietary language, to improve telephony applications. It was designed to be a fault-tolerant, distributed, real-time system that offered pattern matching and functional programming in one handy package. It was then open-sourced to the public in 1998. Since then, it has been responsible for business, big and small, to create reliable systems. Since then, Erlang has been one of the most popular open source languages with compelling features like concurrent processes, memory management, scheduling, distribution, networking, etc. WhatsApp, the most popular messaging platform’s server is almost completely implemented in Erlang. In 2018, Erlang celebrated 20 years of its open sourcing tracing its journey from Ericcson to Whatsapp. Erlang also inspired Elixir, a general-purpose programming language that runs on the Erlang virtual machine. Elixir is built on top of Erlang and shares the same abstractions for building distributed, fault-tolerant applications. Using Erlang modules in Elixir has helped in the creation of Nerves, which helps in building embedded software, and the web framework Phoenix. Remembering Dr. Joe Armstrong Many developers have shared their sentiments on Dr. Armstrong’s demise, with most of them describing him as a kind and compassionate developer who was more interested in teaching than his ego. Thomas Gebert, a software developer shared an email thread where he asked Joe Armstrong about concurrency. He states, “Dr. Armstrong’s enthusiasm about Erlang, distributed programming, and pretty much everything else about computers was really a good springboard for self-education.” Even though Thomas asked some serious noobie questions about concurrency, Dr. Armstrong responded back with an incredibly long, well-written email explaining a lot of the minutia of how Erlang avoids a lot of pitfalls and generic concurrency theory. Thomas adds, “He was really good about explaining things in a way simple-enough for me to understand, without coming off as patronizing or rude.” A lot of people also took to Twitter to share their experiences working with Dr. Armstrong. https://twitter.com/zxq9_notits/status/1119602063506206725 https://twitter.com/glv/status/1119706037689491456 https://twitter.com/ktosopl/status/1119612076190601217 https://twitter.com/jboner/status/1119651034933100544 “He and I discussed distributed storage. Well detailed response from him that sent me reading for days. I aspire to be like him.” reads a comment on Hacker News. Such was his popularity. Here are some of his memorable quotes on a varied set of topics of interest to him. “All significant energy gains in the last 50 odd years are the result of new hardware NOT software.” https://twitter.com/joeerl/status/1115988725111169025 Prediction: One day computers might become useful https://twitter.com/joeerl/status/1114558139217711104 “One on the disadvantages of having a PhD in computer science is that I get asked really difficult questions. Like - "In gmail on my iPhone I press archive - can I get my mail back?" and "Why have they changed the interface?" Why no easy questions like what's a monad?” https://twitter.com/joeerl/status/1113847695612022785 The Erlang Ecosystem Foundation launched at the Code BEAM SF conference Elixir 1.7, the programming language for Erlang virtual machine, releases Introducing Mint, a new HTTP client for Elixir

On Wednesday, ZDNet reported that hacker with the online name Lab Dookhtegan leaked a set of hacking tools belonging to Iran’s espionage groups, often identified as the APT34, Oilrig, or HelixKitten, on Telegram. The leaks started somewhere in the mid-March, and included sensitive information, mostly consisting of usernames and passwords. https://twitter.com/campuscodi/status/1118656431069302795 ZDNet got aware of this hack when a Twitter user DMed them some of the same files that were leaked on Telegram. Though this Twitter user claimed to have worked on the group’s DNSpionage campaign, ZDNet believes that it is also possible that he is a member of a foreign intelligence agency trying to hide their real identity. ZDNet’s assumption is that the Twitter user could be the Telegram Lab Dookhtegan persona. The hacker leaked the source code of six hacking tools: Glimpse, PoisonFrog, HyperShell, HighShell, Fox Panel, and Webmask. Many cyber-security experts including Chronicle, Alphabet's cyber-security division, confirmed the authenticity of these tools. Along with these tools, the hacker also leaked the content from several active backend panels, where victim data had been collected. Chronicle, Alphabet's cyber-security division, confirmed to ZDNet that the hacker has leaked data of 66 victims, mainly from countries in the Middle East. This data was collected from both government agencies and private companies. The hacker also leaked data from APT34’s past operations, sharing the IP addresses and domains where the group hosted web shells and other operational data. Besides leaking the data and source code of the hacking tools, the hacker also made public personal information of the Iranian Ministry of Intelligence officers who were involved with APT34 operations including phone numbers, images, and names. The hacker admitted on the Telegram channel that he has destroyed the control panels of APT34’s hacking tools and wiped their servers clean. So, now the Iranian espionage group has no choice other than starting over. Going by the leaked documents, it seems that Dookhtegan also had some grudge against the Iranian Ministry of Intelligence, which he called "cruel," "ruthless" and "criminal”. Source: ZDNet Now, several cyber-security firms are analyzing the leaked data. In an email to ZDNet, Brandon Levene, Head of Applied Intelligence at Chronicle, said, "It's likely this group will alter their toolset in order to maintain operational status. There may be some copycat activity derived from the leaked tools, but it is unlikely to see widespread use." To know about this story in detail, visit ZDNet. Brave Privacy Browser has a ‘backdoor’ to remotely inject headers in HTTP requests: HackerNews Hyatt Hotels launches public bug bounty program with HackerOne Black Hat hackers used IPMI cards to launch JungleSec Ransomware, affects most of the Linux servers  

Yesterday, the team at Crystal released Crystal 0.28.0, a new version of the general-purpose, object-oriented programming language. This release comes with improvements to language, library, networking and much more. What’s new in Crystal 0.28.0 Enums Enums are declared with one line per each member. In the previous versions, users could use spaces or commas, but in this version, users have to use a semicolon. The formatter will now migrate commas to a semicolon. Improved ranges Sometimes users don’t know where to start or finish, from this release users can now understand it better with the help of ranges as they have been categorized as begin-less and end-less ranges. Library lookup The team at Crystal has worked towards simplifying how some libraries and static libraries are looked up and therefore can be overridden in case it is needed. In this release, an env var CRYSTAL_LIBRARY_PATH is used in the process of determining the location of libraries to link to. Numbers now in human readable format In this release, numbers can now be printed in a human-readable form with the help of Number#humanize, Int#humanize_bytes and Number#format. Networking The team has improved HTTP and URI and have made it easy for users to migrate to the new setup. Issues in the URI implementation have been fixed. Collections The team has dropped Iterator#rewind. Users can implement #cycle by storing elements in an array. Bug fixes The issues in the compiler have now been fixed and even the errors in some code constructs have been handled. Issues related to method lookup have been fixed. Type inference has been improved. The team has worked on the error messages, they have been improved. To know more about this news, check out Crystal’s post. Crystal 0.27.0 released Qt Creator 4.9.0 released with language support, QML support, profiling and much more Redox OS 0.50 released with support for Cairo, Pixman, and other libraries and packages    

Facebook is constantly making news around the spread of misinformation and data privacy concerns and has been in the bad books of the lawmakers and privacy experts. Recently, Facebook decided to partner with Daily Caller, American news and opinion website that has promoted misinformation and is known for its pro-Trump content. Facebook and Daily Caller are planning to work together on Facebook’s fact-checking program project. This week, Facebook even announced that it added CheckYourFact.com, a fact-checking news site, which is a part of the Daily Caller. The company faced backlash from the journalist community because of this initiative. Facebook lost one of its major US partners, Snopes the news website for working on the fact-checking program. Facebook even opened up about exposing millions of user passwords in a plain text, last month. And according to a recent report, the count of user passwords exposed is much higher than what was declared last month. In addition to this just on Wednesday, Facebook broke the news that it may have “unintentionally uploaded” the email contacts of 1.5 million new users on its site since May 2016, without their consent. After a series of scandals by the company, Mark Zuckerberg, CEO at Facebook, is now in a major fix as the Federal Regulators are discussing the history of Facebook scandals. And yesterday Washington Post reported that Federal Regulators are into a discussion regarding how to hold Zuckerberg personally accountable for the company's history of mismanaging users' private data. It’s been over a year since FTC (Federal Trade Commission) is in a discussion with Facebook over its data-handling practices. Roger McNamee, an early investor in the company and one of Zuckerberg's foremost critics, said, “The days of pretending this is an innocent platform are over, and citing Mark in a large scale enforcement action would drive that home in spades.” This initiative by FTC looks like a warning bell for other tech giants who are into misusing user information as the agency might hold individuals over their misdeed at their respective organizations. Justin Brookman, a former policy director for technology research at the Federal Trade Commission, said, “While the FTC can name individual company leaders if they directed, controlled and knew about any wrongdoing, they typically only use that authority in fraud-like cases, so far as I can tell." This isn’t the first time Federal Regulators are planning on an action against the company. Earlier this year, advocacy groups such as Open Market Institute, Color of Change, and the Electronic Privacy Information Center among others, wrote to the Federal Trade Commission, requesting the government to intervene into how Facebook operates. FTC even planned to impose a fine of over $22.5 billion on Facebook for privacy violations. But it seems this time it’s not going to be easy for Mark Zuckerberg as this time, FTC officers are interested to directly aim at Zuckerberg by putting him personally under the order and subjecting him to federal oversight. Facebook confessed another data breach; says it “unintentionally uploaded” 1.5 million email contacts without consent FTC officials plan to impose a fine of over $22.5 billion on Facebook for privacy violations, Washington Post reports Facebook shareholders back a proposal to oust Mark Zuckerberg as the board’s chairperson  

STAT reported yesterday that IBM is halting the sales of their “Watson for Drug Discovery” machine learning/AI tool, according to sources within the company. According to STAT report, IBM is giving up its efforts to develop and flog its Drug Discovery technology due to “sluggish sales,”. But no one seems to have told IBM’s website programming team, because the pages of the product information are still up on the IBM website. They’re worth taking a look as to how the product has been over-promised by IBM. Apparently, IBM Watson Health uses AI software to help companies reveal the connection and relationship among genes, drugs, diseases, and other entities by analyzing multiple sets of life sciences knowledge. But according to the IEEE Spectrum report, IBM’s entire foray into health care has been marked by the familiar combination of overpromising and under-delivery. However, the service isn’t completely shutting down. IBM spokesperson Ed Barbini told to The Register: “We are not discontinuing our Watson for Drug Discovery offering, and we remain committed to its continued success for our clients currently using the technology. We are focusing our resources within Watson Health to double down on the adjacent field of clinical development where we see an even greater market need for our data and AI capabilities.” In other words, it appears the product won’t be sold to any new customers, however, organizations that want to continue using the system will still be supported. “The offering is staying on the market, and we'll work with clients who want to team with IBM in this area. But our future efforts will be more focused on clinical trials – it's a much bigger market and better use of our technology and tools.”, according to IBM The Drug Discovery service is made up of lots of different products or "modules," such as a search engine that allows chemists to crawl scientific abstracts to find information on a specific gene or chemical compound. There’s also a knowledge network that describes relationships between drugs and diseases. IBM’s Health division has been crumbling for a while. IBM Watson Health’s Oncology AI software dished out incorrect and unsafe recommendations during beta testing. And to add to their worry, in October last year Deborah DiSanzo, IBM’s head of Watson Health, stepped down from her position too. IBM CEO, Ginni Rometty, on bringing HR evolution with AI and its predictive attrition AI IBM announces the launch of Blockchain World Wire, a global blockchain network for cross-border payments Diversity in Faces: IBM Research’s new dataset to help build facial recognition systems that are fair

Theo de Raadt and the OpenBSD developers who maintain the OpenSSH, today released the latest version OpenSSH 8.0. OpenSSH 8.0 has an important security fix for a weakness in the scp(1) tool when you use scp for copying files to/from remote systems. Till now when copying files from remote systems to a local directory, SCP was not verifying the filenames of what was being sent from the server to client. This allowed a hostile server to create or clobber unexpected local files with attack-controlled data regardless of what file(s) were actually requested for copying from the remote server. OpenSSH 8.0 adds client-side checking that the filenames sent from the server match the command-line request. While this client-side checking added to SCP, the OpenSSH developers recommend against using it and instead use sftp, rsync, or other alternatives. "The scp protocol is outdated, inflexible and not readily fixed. We recommend the use of more modern protocols like sftp and rsync for file transfer instead.", mention OpenSSH developers. New to OpenSSH 8.0 meanwhile is support for ECDSA keys in PKCS#11 tokens, experimental quantum-computing resistant key exchange method. Also, the default RSA key size from ssh-keygen has been increased to 3072 bits and more SSH utilities supporting a "-v" flag for greater verbosity are added. It also comes with a wide range of fixes throughout including a number of portability fixes. More details on OpenSSH 8.0 is available on OpenSSH.com. OpenSSH, now a part of the Windows Server 2019 OpenSSH 7.8 released! OpenSSH 7.9 released

Yesterday, the Mozilla IoT team announced that ‘Project Things’ is now out from its early experimental phase with a new name, ‘WebThings’. Mozilla WebThings is an open platform that allows you to monitor and control devices over the web. This project by Mozilla is an open source implementation of Web of Things, which defines software architectural styles and programming patterns that allow real-world objects to be a part of the World Wide Web. The idea here is to create a decentralized Internet of Things by providing “things”, URLs on the web to make them linkable and discoverable. Mozilla WebThings comprises of two components: WebThings Gateway WebThings Gateway is privacy and security-focused software distribution built for smart home gateways. It enables you to directly monitor and control your smart home gateways over the web, without relying on a middleman. Mozilla further announced that WebThings Gateway 0.8 is now available for download. This release comes with a feature that allows users to privately log data from their smart home devices. This logged data can also be visualized with interactive graphs. “This feature is still experimental, but viewing these logs will help you understand the kinds of data your smart home devices are collecting and think about how much of that data you are comfortable sharing with others via third-party services,” said Ben Francis, a Software Engineer at Mozilla. This release also brings in new alarms capabilities for devices like smoke, carbon monoxide, and motion detectors. With this new feature, users can configure rules to alert them when an alarm is triggered while they are away or check whether an alarm is currently active. The team has also started working on a new version of WebThings Gateway for OpenWrt, a Linux operating system targeting embedded devices. This version will be designed to act as a WiFi access point itself, instead of just connecting to an existing wireless network as a client. WebThings Framework WebThings Framework is a suite of reusable software components using which you can build your own web things, which directly expose the Web Thing API. This makes them easily discoverable by a Web of Things gateway or client. It can then automatically detect the device’s capabilities and monitor and control it over the web. These components are implemented in a range of languages including Node.js, Python, Java, Rust, and C++ (for Arduino). To know more in detail, check out the official announcement by Mozilla. Mozilla introduces Pyodide, a Python data science stack compiled to WebAssembly Mozilla developers have built BugBug which uses machine learning to triage Firefox bugs Mozilla adds protection against fingerprinting and Cryptomining scripts in Firefox Nightly and Beta  

This week, the team at Linkerd announced an updated version of the service mesh, Linkerd 2.3. In this release, the mTLS is out of experimental to a fully supported feature. Along with several important security primitives, the important update in Linkerd 2.3 is that it turns authenticated, confidential communication between meshed services on by default. Linkerd, a Cloud Native Computing Foundation (CNCF) project, is a service mesh, designed to give platform-wide observability, reliability, and security without requiring configuration or code changes. The team at Linkerd says, “Securing the communication between Kubernetes services is an important step towards adopting zero-trust networking. In the zero-trust approach, we discard assumptions about a datacenter security perimeter and instead push requirements around authentication, authorization, and confidentiality “down” to individual units. In Kubernetes terms, this means that services running on the cluster validate, authorize, and encrypt their own communication.” Linkerd 2.3 addresses challenges with the adoption of zero-trust networking as follows: The control plane ships with a certificate authority (called simply “identity”). The data plane proxies receive TLS certificates from this identity service, tied to the Kubernetes Service Account that the proxy belongs to, rotated every 24 hours. The data plane proxies automatically upgrade all communication between meshed services to authenticated, encrypted TLS connections using these certificates. Since the control plane also runs on the data plane, communication between control plane components is secured in the same way. All of these changes mentioned are enabled by default and requires no configuration. “This release represents a major step forward in Linkerd’s security roadmap. In an upcoming blog post, Linkerd creator Oliver Gould will be detailing the design tradeoffs in this approach, as well as covering Linkerd’s upcoming roadmap around certificate chaining, TLS enforcement, identity beyond service accounts, and authorization”, the Linkerd’s official blog mentions. These topics and all the other fun features in 2.3 will be further discussed in the upcoming Linkerd Online Community Meeting on Wednesday, April 24, 2019 at 10am PT. To know more about Linkerd 2.3 in detail, visit its official website. Pivotal and Heroku team up to create Cloud Native Buildpacks for Kubernetes Platform9 open sources Klusterkit to simplify the deployment and operations of Kubernetes clusters Kubernetes 1.14 releases with support for Windows nodes, Kustomize integration, and much more