Tech News

VMware recently released its brand new Infrastructure-as-a-Service (IaaS) cloud, known as the VMware Integrated OpenStack (VIO) 5.0. This release, announced at the OpenStack Summit in Vancouver, Canada, is fully based on the new OpenStack Queens release. VIO provides customers with a fast and efficient solution to deploy and operate OpenStack clouds. These clouds are highly optimized for VMware's NFV and software-defined data center (SDDC) infrastructure, with advanced automation and onboarding. If one is already using VIO, they can use OpenStack's built-in upgrade capability to upgrade seamlessly to VIO 5.0. VMWare Integrated OpenStack(VIO)5.0 would be available in both Carrier and Data Center Editions.The VIO-Carrier Edition will addresses specific requirements of communication service providers (CSP). The improvements in this include: An Accelerated Data Plane Performance:  Support of NSX Managed Virtual Distributed Switch in Enhanced Data Path mode and DPDK provides customers with: Significant improvements in application response time, reduced network latencies breakthrough network performance optimized data plane techniques in VMware vSphere. Multi-Tenant Resource is now scalable: This will provide resource guarantee and resource isolation to each tenant. It will also support elastic resource scaling that allows CSPs to add new resources dynamically across different vSphere clusters to adapt to traffic conditions or transition from pilot phase to production in place. OpenStack for 5G and Edge Computing: Customers will have full control over the micro data centers and apps at the edge via automated API-driven orchestration and lifecycle management. The solution will help tackle enterprise use cases such as utilities, oil and gas drilling platforms, point-of-sale applications, security cameras, and manufacturing plants. Also, Telco oriented use-cases such Multi-Access Edge Computing (MEC), latency sensitivity VNF deployments, and operational support systems (OSS) would be addressed. VIO 5.0 also enables CSP and enterprise customers to utilize Queens advancements to support mission-critical workloads, across container and cloud-native application environments. Some new features include: High Scalability: One can run upto 500 hosts and 15,000 VMs in a single region using the VIO5.0. It will also introduce support for multiple regions at once with monitoring and metrics at scale. High Availability for Mission-Critical Workloads: Creating snapshots, clones, and backups of attached volumes to dramatically improve VM and application uptime via enhancements to the Cinder volume driver is now possible. Unified Virtualized Environment: Ability to deploy and run both VM and container workloads on a single virtualized infrastructure manager (VIM) and with a single network fabric based on VMware NSX-T Data Center. This architecture will enable customers to seamlessly deploy hybrid workloads where some components run in containers while others run in VMs. Advanced Security: Consolidate and simplify user and role management based on enhancements to Keystone, including the use of application credentials as well as system role assignment. VMware Integrated OpenStack 5.0 takes security to new levels with encryption of internal API traffic, Keystone to Keystone federation, and support for major identity management providers that includes VMware Identity Manager. Optimization and Standardization of DNS Services: Scalable, on-demand DNS as a service via Designate. Customers can auto-register any VM or Virtual Network Function (VNF) to a corporate approved DNS server instead of manually registering newly provisioned hosts through Designate. To know more about the other features in detail read VMWare’s official blog. How to create and configure an Azure Virtual Machine Introducing OpenStack Foundation’s Kata Containers 1.0 SDLC puts process at the center of software engineering

Last week, Atlassian software company released their updated ‘Atlassian Software License Agreement’ and their ‘Cloud Terms of Service’, which would be effective from the 1st of November, 2018. Just as any general agreement, this one too mentions the scope, the users authorized, use of software, and so on. However, it has set up certain restrictions based on the performance of its software. As per the new agreement, benchmarking of Atlassian software is forbidden. Restrictions on benchmarking As per the discussion on the Atlassian Developer Community, Andy Broker highlighted two clauses from the restriction section have been highlighted, which includes: (i) publicly disseminate information regarding the performance of the Software Andy Broker, a marketplace vendor explains this clause as, “This sounds very much like the nonsense clause that Intel were derided for, regarding the performance of their CPU’s. Intel backtracked after being lambasted by the world, I can’t really understand how these points got into new Atlassian terms, surely the terms have had a technical review? Just… why, given all the DC testing being done ongoing, this is an area where data we gathered may be interesting to prospective customers.” (j) encourage or assist any third party to do any of the foregoing. Andy Broker further adds, “So, we can’t guide/help a customer understand how to even measure performance to determine if they have a performance issue in the “Software”, e.g. generating a performance baseline before an ‘app’ is involved? The result of this would appear sub-optimal for Customer and Vendors alike, the “Software” performance just becomes 3rd party App performance that we cannot ‘explain’ or ‘show’ to customers.” Why Atlassian decided to forbid benchmarking? As per a discussion thread on Hacker News, many users have stated their views on why Atlassian planned to forbid benchmarking on its software. According to a comment, “If the company bans benchmarking, then the product is slow.” A user also stated that Atlassian software is slow, has annoying UX, and it is very inconsistent. This may be because most of its software is built using JIRA which has a Java backend and is not Node based. Jira cannot be rebuilt from scratch only slowly abstracted and broken up into smaller pieces. Also, around 3 years ago Atlassian forked behind the firewall for two distinct products, multi-tenant cloud and traditional to get into the cloud sector with a view to attracting more potential customers, thus increasing growth. A user also stated, “Cloud was full buy into AWS, taking a behind the firewall product and making it multi-tenanted cloud-based is a huge job. A monolith service now becomes highly distributed so latency's obviously mounted up due to the many services to service interactions.” The user further added, “some things which are heavily multi-threaded and built in statically compiled languages had to be built in single threaded Node.js because everyone is using Node.js and your language is now banned. It's not surprising there are noticeable performance differences.” Another user has suggested, “the better way for a company to handle this concern is to proactively run and release benchmarks including commentary on the results, together with everything necessary for anyone to reproduce their results.” The user added that they can even fund a trustworthy neutral third party to perform benchmarking with proper disclosure of the funding. To read the entire discussion in detail, head over to Hacker News. Atlassian acquires OpsGenie, launches Jira Ops to make incident response more powerful Atlassian sells Hipchat IP to Slack Atlassian open sources Escalator, a Kubernetes autoscaler project

IBM has added yet another to achievement to its kitty by receiving a patent application grant for "Managing a Database Management System using a Blockchain Database." This patent was solely for the purpose of developing a database tampering detection system [DT-DS]. It’s no secret that IBM deals with huge amounts of data which are highly confidential and sensitive in nature due to the various services it provides its consumers. It is for this reason that the patent was filed on 22nd  December, 2017 (As per the records of U.S. Patent and Trademark Office (USPTO) ). What the Patent states The proposed system would detect data tampering of any kind stored in a central database. A partial copy of the same data is stored on the blockchain database. The patent states that, "Aspects of the disclosure include a method, system, and computer program product for managing a database management system (DBMS)," The patent further adds that, "A central database to include a set of central data may be structured with respect to the DBMS. A blockchain database which is linked with the central database may be constructed with respect to the DBMS. A set of blockchain data may be established in the blockchain database corresponding to the set of central data of the central database." The DBMS should receive an access request to enable the system to be accessed by the sender.  Once the DBMS receives the access request, both the central database and the blockchain database would be maintained simultaneously. This initiative on IBM’s part to leverage the blockchain technology depicts its growing interest in blockchains’ potentialities. The grassroots began with its contribution to  Fabric, a permission blockchain framework aimed at integration projects. IBM already offers IBM D2. This supports database management, operational database, data warehouse, data lake, and fast data. A step to append blockchain in existing systems would definitely assist IBM to resolve issues related to data inconsistencies and security loopholes. The internet is abuzz with the wonders of the blockchain technology and IBM seems to completely concur with the same. IBM has always trusted the blockchain to bring about a new generation of transactional applications that strengthen the trust, accountability, and transparency. We couldn’t agree more! Want to know more about the patent? Head over to cnn.com for a more in-depth coverage. Four IBM facial recognition patents in 2018, we found intriguing Four interesting Amazon patents in 2018 that use machine learning, AR, and robotics IBM’s DeepLocker: The Artificial Intelligence powered sneaky new breed of Malware

Researchers have been constantly putting their efforts into improving conversational AI to make them better understand human languages and their nuances. One such advancement in the conversational AI field is the introduction of Transformer-based models such as OpenAI’s GPT-2 and Google’s BERT. In a quest to make the training and deployment of these vastly large language models efficient, NVIDIA researchers recently conducted a study, the details of which they shared yesterday. https://twitter.com/ctnzr/status/1161277599793860618 NVIDIA’s Tensor core GPU took less than an hour to train the BERT model BERT, short for, Bidirectional Encoder Representations from Transformers, was introduced by a team of researchers at Google Language AI. It is capable of performing a wide variety of state-of-the-art NLP tasks including Q&A, sentiment analysis, and sentence classification. What makes BERT different from other language models is that it applies the bidirectional training of Transformer to language modelling. Transformer is an attention mechanism that learns contextual relations between words in a text. It is designed to pre-train deep bidirectional representations from the unlabeled text by using both left and right context in all layers. NVIDIA researchers chose BERT-LARGE, a version of BERT created with 340 million parameters for the study. NVIDIA’s DGX SuperPOD was able to train the model in a record-breaking time of 53 minutes. The Super POD was made up of 92 DGX-2H nodes and 1472 GPUs, which were running PyTorch with Automatic Mixed Precision. The following table shows the time taken to train BERT-Large for various numbers of GPUs: Source: NVIDIA Looking at these results, the team concluded, “The combination of GPUs with plenty of computing power and high-bandwidth access to lots of DRAM, and fast interconnect technologies, makes the NVIDIA data center platform optimal for dramatically accelerating complex networks like BERT.” In a conversation with reporters and analysts, Bryan Catarazano, Vice President of Applied Deep Learning Research at NVIDIA said, “Without this kind of technology, it can take weeks to train one of these large language models.” NVIDIA further said that it has achieved the fastest BERT inference time of 2.2 milliseconds by running it on a Tesla T4 GPU and TensorRT 5.1 optimized for datacenter inference. NVIDIA launches Project Megatron, under which it will research training transformer language models at scale Beginning this year, OpenAI introduced the 1.5 billion parameter GPT-2 language model that generates nearly coherent and meaningful texts. The NVIDIA Research team has built a scaled-up version of this model, called GPT-2 8B. As its name suggests, it is made up of 8.3 billion parameters, which makes it 24X the size of BERT-Large. To train this huge model the team used PyTorch with 8-way model parallelism and 64-way data parallelism on 512 GPUs. This experiment was part of a bigger project called Project Megatron, under which the team is trying to create a platform that facilitates the training of such “enormous billion-plus Transformer-based networks.” Here’s a graph showing the compute performance and scaling efficiency achieved: Source: NVIDIA With the increase in the number of parameters, there was also a noticeable improvement in accuracy as compared to smaller models. The model was able to achieve a wikitext perplexity of 17.41, which surpasses previous results on the wikitext test dataset by Transformer-XL. However, it does start to overfit after about six epochs of training that can be mitigated by using even larger scale problems and datasets. NVIDIA has open-sourced the code for reproducing the single-node training performance in its BERT GitHub repository. The NLP code on Project Megatron is also openly available in Megatron Language Model GitHub repository. To know more in detail, check out the official announcement by NVIDIA. Also, check out the following YouTube video: https://www.youtube.com/watch?v=Wxi_fbQxCM0 Baidu open sources ERNIE 2.0, a continual pre-training NLP model that outperforms BERT and XLNet on 16 NLP tasks CMU and Google researchers present XLNet: a new pre-training method for language modeling that outperforms BERT on 20 tasks ACLU (American Civil Liberties Union) file a complaint against the border control officers for violating the constitutional rights of an Apple employee

Yesterday, Mozilla announced the release of Firefox 68, which brings new updates like support for BigInts, Contrast Checks, dark mode in reader view, and a reimplemented URL bar. They have also added Enhanced Tracking Protection which blocks known “third-party tracking cookies” by default. Improved extension security and discovery Firefox 68 comes with a new reporting feature in ‘about:addons’ using which you can report any security and performance issues with extensions and themes. The team has also redesigned the extensions dashboard in ‘about:addons’ where you can find all the information about your extensions including data and settings access required by each extension. You can get high quality, secure extensions from Mozilla’s Recommended Extensions program present in ‘about:addons’. These recommended extensions are indicated by special badging on addons.mozilla.org (AMO): Source: Mozilla Additionally, to provide users improved protection from threats and annoyances on the web, Firefox 68 comes with cryptomining and fingerprinting protections added to strict content blocking settings in Privacy & Security preferences. Read also: Mozilla adds protection against fingerprinting and Cryptomining scripts in Firefox Nightly and Beta Support for JavaScript BigInt Firefox 68 comes with support for JavaScript’s new BigInt numeric type, which is currently in stage 3 of the ECMAScript specification. Previously, JavaScript only had the Number numeric type. As JavaScript considers numbers as floating-point, they can represent both integers and decimal fractions. Source: Mozilla However, the limitation is that 64-bits floats fail to reliably represent integers larger than 2 ** 53. To make working with large number easier, a new primitive is introduced, BigInt. It provides a way to represent whole numbers larger than 2 ** 53. Updates in DevTools In addition to enhancing the already smart debugging tools, Firefox 68 brings more improvements in DevTools: Accessibility checks in DevTools: This release ships with a new capability for DevTools that check for basic accessibility issues in your web pages. The Accessibility Inspector now comes with a new ‘Check’ that currently reports any color contrast issue with text on a page. The Firefox team plans to add a number of audit tools to highlight accessibility problems on your website in future releases. A way to emulate print media from DevTools: A button is added to the Page inspector using which you can enable “print media emulation”. This makes it easy to see what elements of a page will be visible when printed. Improved CSS warnings: The Web console will show you more information about CSS warnings and include a link to related nodes. A Web console filter: You can now filter content in the Web console using a valid regular expression. Here’s a video showing how this works: https://youtu.be/E6bGOe2fvW0 Web compatibility This release fixes a few web compatibility issues to ensure that every user will be able to access a website regardless of their choice of device or browser: Internet Explorer’s legacy rules property and addRule() and removeRule() CSS methods are added to the CSSStyleSheet interface. Safari’s ‘-webkit-line-clamp’ CSS property is also added. Support for CSS scroll snapping Firefox 68 comes with support for CSS scroll snapping that gives you a standardized way to control the behavior of scrolling inside a container. It works in a very similar fashion to how native apps work on phones and tablets. Now that this update has landed in Firefox, developers will have the same version of the specification as Chrome and Safari. Developers who have used the old Firefox implementation of the Scroll Snap specification are required to update their code, otherwise scroll snapping will no longer work in Firefox 68 and up. The reimplemented URL bar, QuantumBar Firefox’s URL bar, which is also known as the AwesomeBar, has been completely reimplemented using HTML, CSS, and JavaScript web technologies. This overhauled version is named ”QuantumBar”. Though not much will change appearance-wise, its updated architecture behind the scenes will make it easier to maintain and extend in the future. Access to cameras and other media devices now require HTTPS Starting from Firefox 68, camera and microphone will require an HTTPS connection to work. The getUserMedia method will throw NotAllowedError if you try to access the media devices from an insecure HTTP connection, similar to how Chrome works. Many developers are happy with this update. A user on Hacker News commented, “It's fantastic that it works with localhost (and I assume 127.0.0.1?), and it's fantastic that it doesn't work with anything else. This is the best middle ground.” However, some are also worried considering that this will affect the current working of their apps or websites. “This sucks, my community[1] has a local offline-first video/audio call app that we run on a physical mesh network. This will make it impossible for people to talk to each other, without first needing to be connected online to some certificate authority, or without some extraordinarily difficult pre-installation process, which is often not even possible on a phone. HTTPS was important, but now it's being used to shoehorn dependency on a centralized online-only authority. Perfectly ripe to censor anyone.”, wrote a Hacker News user To know more in detail, check out the official announcement by Mozilla. Mozilla launches Firefox Preview, an early version of a GeckoView-based Firefox for Android Firefox 67 enables AV1 video decoder ‘dav1d’, by default on all desktop platforms Mozilla makes Firefox 67 “faster than ever” by deprioritizing least commonly used features

Yesterday, Microsoft released an out-of-band patch for a vulnerability discovered in the Internet Explorer that attackers are actively exploiting on the Internet. The IE zero-day can allow an attacker to execute malicious code on a user's computer. The vulnerability has been assigned ID CVE-2018-8653 and the security update is released as KB4483187; titled "Cumulative security update for Internet Explorer: December 19, 2018". It is available for Internet Explorer 11 on Windows 10, Windows 8.1, and Windows 7 SP1, Internet Explorer 10 on Windows Server 2012, and Internet Explorer 9 on Windows Server 2008. Microsoft has acknowledged Clement Lecigne of Google’s Threat Analysis Group for reporting the exploitation of this Internet Explorer vulnerability. Apart from the security advisory released yesterday, neither Microsoft or Google has shared any details about the attacks involving the flaw. Vulnerability Details According to Microsoft's security advisory, the remote code execution vulnerability was found in IE’s memory handling in Jscript.dll.  An attacker could corrupt IE’s memory to allow code execution on the affected system. The attacker could convince a user to visit a malicious website, which could then exploit this vulnerability, executing code on the user’s local machine. After exploiting the vulnerability, the attackers would be able to perform commands on the victim's system such as downloading further malware, scripts, or executing any command that the currently logged in user has access to. The issue can also be exploited through applications that embed the IE scripting engine to render web-based content such as the apps part of the Office suite. According to Microsoft, the attacker will get code execution rights under the same privileges the victims have. If the victim is using an account with limited access, the damage can be contained to simple operations, however, in case of a user having administrator rights, the attacker can increase the scope of the damage done. Mitigations and Workarounds According to ZDNet, in the previous four months, Microsoft has patched four other zero-days. All these zero-days allow an "elevation of privilege". This means that if a victim has missed any of the previous four Windows Patch Tuesday patches, an attacker can chain the IE zero-day with one of the previous zero-days (CVE-2018-8611, CVE-2018-8589, CVE-2018-8453, CVE-2018-8440) to gain SYSTEM-level access, and take over a targeted computer. Microsoft has assured customers who have Windows Update enabled and have applied the latest security updates that they are automatically protected against exploits. They have advised users to install the update as soon as possible, even if they don't normally use IE to browse sites. For those who want to mitigate the vulnerability until the update is installed, they can do the same by removing privileges to the jscript.dll file for the Everyone group. According to Microsoft, using this mitigation will not cause problems with Internet Explorer 11,10, or 9 as they use the Jscript9.dll by default. There are no workarounds listed on the security advisory for this vulnerability. Read the full security advisory on Microsoft’s blog. Microsoft announces Windows DNS Server Heap Overflow Vulnerability, users dissatisfied with patch details Microsoft calls on governments to regulate Facial recognition tech now, before it is too late NYT says Facebook has been disclosing personal data to Amazon, Microsoft, Apple and other tech giants; Facebook denies claims with obfuscating press release  

This week, the team at Linkerd announced an updated version of the service mesh, Linkerd 2.3. In this release, the mTLS is out of experimental to a fully supported feature. Along with several important security primitives, the important update in Linkerd 2.3 is that it turns authenticated, confidential communication between meshed services on by default. Linkerd, a Cloud Native Computing Foundation (CNCF) project, is a service mesh, designed to give platform-wide observability, reliability, and security without requiring configuration or code changes. The team at Linkerd says, “Securing the communication between Kubernetes services is an important step towards adopting zero-trust networking. In the zero-trust approach, we discard assumptions about a datacenter security perimeter and instead push requirements around authentication, authorization, and confidentiality “down” to individual units. In Kubernetes terms, this means that services running on the cluster validate, authorize, and encrypt their own communication.” Linkerd 2.3 addresses challenges with the adoption of zero-trust networking as follows: The control plane ships with a certificate authority (called simply “identity”). The data plane proxies receive TLS certificates from this identity service, tied to the Kubernetes Service Account that the proxy belongs to, rotated every 24 hours. The data plane proxies automatically upgrade all communication between meshed services to authenticated, encrypted TLS connections using these certificates. Since the control plane also runs on the data plane, communication between control plane components is secured in the same way. All of these changes mentioned are enabled by default and requires no configuration. “This release represents a major step forward in Linkerd’s security roadmap. In an upcoming blog post, Linkerd creator Oliver Gould will be detailing the design tradeoffs in this approach, as well as covering Linkerd’s upcoming roadmap around certificate chaining, TLS enforcement, identity beyond service accounts, and authorization”, the Linkerd’s official blog mentions. These topics and all the other fun features in 2.3 will be further discussed in the upcoming Linkerd Online Community Meeting on Wednesday, April 24, 2019 at 10am PT. To know more about Linkerd 2.3 in detail, visit its official website. Pivotal and Heroku team up to create Cloud Native Buildpacks for Kubernetes Platform9 open sources Klusterkit to simplify the deployment and operations of Kubernetes clusters Kubernetes 1.14 releases with support for Windows nodes, Kustomize integration, and much more

“I’m excited to share some of the latest things we’re working on at Microsoft to help developers achieve more when building the applications of tomorrow, today.” -Scott Guthrie - Executive Vice President, Cloud and Enterprise Group, Microsoft On the 4th of December, at the Microsoft Connect(); 2018 Conference, the tech giant announced a series of updates in its Azure domain. With an aim to make it easy for operators and developers to adopt and use Kubernetes, Microsoft has announced the public preview of Azure Kubernetes Service virtual nodes and Azure Container Instances GPU support. They have also announced Azure Pipelines extension for Visual Studio Code, GitHub Releases, and much more! #1 Azure Kubernetes Service virtual nodes, Azure Container Instances GPU support enters public preview The Azure Kubernetes Service (AKS) is powered by the open source Virtual Kubelet technology. This release will enable customers to fully experience serverless Kubernetes. Customers will be able to extend the consistent, powerful Kubernetes API (provided by AKS) with the scalable, container-based compute capacity of ACI. With AKS virtual nodes, customers can precisely allocate the number of additional containers needed, rather than waiting for additional VM-based nodes to spin up. The ACI is billed by the second, based on the resources that a customer specifies, thus enabling them to match their costs to their workloads. This, in turn, will help the AP provided by Kubernetes to reap the benefits of serverless platforms without having to worry about managing any additional compute resources Adding GPU support to ACI will enable a new class of compute-intensive applications through AKS virtual nodes. The blog says that initially, ACI will support the K80, P100, and V100 GPUs from Nvidia and users can specify the type and number of GPUs that they would like for their container. #2 Azure Pipelines extension for Visual Studio Code The  Azure Pipelines extension for Visual Studio Code will enable developers use VS syntax highlighting and IntelliSense that will be aware of the Azure Pipelines YAML format. Traditionally, in Visual Studio Code, syntax highlighting required developers to remember exactly which keys are legal, causing them to flip back and forth to the documentation while keeping track of the location of the keys. Using this new functionality of Azure, they will now be alerted in red “ink” if they write “tasks:” instead of “task:”. They just need to press Ctrl-Space (or Cmd-Space on macOS) to see what’s accepted at that point in the file. #3 GitHub releases Developers can now seamlessly manage GitHub Releases using Azure Pipelines. This allows them to create new releases, modify drafts, or discard older drafts. The new GitHub Releases task supports actions like attaching binary files, publishing draft releases, and marking a release as pre-release and much more. #4 Azure IoT Edge support in the Azure DevOps project Azure DevOps Projects enables developers to set up a fully functional DevOps pipeline straight from the Azure portal which will be customized to the programming language and application platform they want to use, along with the Azure functionality they want to leverage and deploy to. The community showed a growing interest in using Azure DevOps to build and deploy IoT based solutions. The Azure portal for Azure IoT Edge in the Azure DevOps project workflow will make it easy for customers to achieve this goal. They can easily deploy IoT Edge modules written in Node.js, Python, Java, .NET Core, or C, helping users to develop, build, and deploy their IoT Edge application. This support will provide customers with: A Git code repository with a sample IoT Edge application written in Node.js, Python, Java, .NET Core, or C A build and a release pipeline setup for deployment to Azure Easy provisioning of all Azure resources required for Azure IoT Edge #5 ServiceNow integration with Azure Pipelines Azure has joined forces with ServiceNow, an organization that is focussed on automating routines activities, tasks, and processes at work. They help enterprises gain efficiencies and increase the productivity of their workforce. Developers can now automate the deployment process using Azure Pipelines, and use ServiceNow Change Management for risk assessment, scheduling, approvals, and oversight while updating production. You can head over to Microsoft’s official Blog to know more about these announcements. Microsoft and Mastercard partner to build a universally-recognized digital identity Microsoft open sources (SEAL) Simple Encrypted Arithmetic Library 3.1.0, with aims to standardize homomorphic encryption Microsoft reportedly ditching EdgeHTML for Chromium in the Windows 10 default browser  

On 12th February, RedHat announced its plans to drop MongoDB from its Satellite system management solution. Satellite will now support only a single database - PostgreSQL. The move was made after the development team decided that a relational database with rollback and transactions was necessary for the features needed in Pulp and Satellite. The team says that PostgreSQL is a better solution in terms of the types of data and usage that Satellite requires. They say that a single database backend will also help to simplify the overall architecture of Satellite along with supportability, backup, and disaster recovery. Users will not suffer any significant performance impact with the removal of MongoDB nor will any features of Satellite be impacted because of the same. The embedded version of MongoDB will continue to be supported in the Satellite versions that it has already been released in. The Satellite team will create a patch for any issue that a user faces. Newer versions of MongoDB that are licensed under SSPL will not be used by Satellite. According to Dev Class, the concept of the SSPL has not been received well by the open source community. The Server Side Public License was MongoDB’s helped cloud service providers take the community edition of the database and offer it as service to paying customers. But anyone doing so should share the source code underlying the service. Following this news, Red Hat had also dropped MongoDB from Red Hat Enterprise Linux (RHEL) 8. This is because according to Tom Callaway, University outreach Team lead, Red Hat, SSPL is “intentionally crafted to be aggressively discriminatory towards a specific class of users. To consider the SSPL to be “Free” or “Open Source” causes that shadow to be cast across all other licenses in the FOSS ecosystem, even though none of them carry that risk”. The specific timeline of the change has not been released by the team, but this announcement was made simply to make users aware of the change that is coming. Uses can check the Satellite Blog to know more about this news. 4 reasons IBM bought Red Hat for $34 billion Red Hat announces full support for Clang/LLVM, Go, and Rust Red Hat announces CodeReady Workspaces, the first Kubernetes-Native IDE for easy collaboration among developers

Yesterday, on Microsoft's Patch Tuesday the company released its monthly security patches that fixed 62 security flaws. These fixes also included a fix for a zero-day vulnerability that was under active exploitation before these patches were made available. Microsoft also announced the re-release of its Windows 10 version 1809 and Windows Server 2019. Zero-day vulnerability CVE-2018-8589 Microsoft credited Kaspersky Lab researchers for discovering this zero-day, which is also known as CVE-2018-8589 and impacts the Windows Win32k component. A Kaspersky spokesperson told ZDNet, “they discovered the zero-day being exploited by multiple cyber-espionage groups (APTs).” The zero-day had been used to elevate privileges on 32-bit Windows 7 versions. This is the second Windows elevation of privilege zero-day patched by Microsoft discovered by Kaspersky researchers. Last month, Microsoft patched CVE-2018-8453, another zero-day that had been used by a state-backed cyber-espionage group known as FruityArmor. However, in this month’s Patch Tuesday, Microsoft has not patched a zero-day that is affecting the Windows Data Sharing Service (dssvc.dll). This zero-day was disclosed on Twitter at the end of October. According to ZDNet, “Microsoft has published this month a security advisory to instruct users on how to properly configure BitLocker when used together with solid-state drives (SSDs).” Re-release of Windows 10 version 1809 and Windows Server 2019 As reported by Microsoft, the Windows 10 October 2018 update caused user’s data loss post updating. Due to this, the company decided to pause the update. However, yesterday, Microsoft announced that it is re-releasing Windows 10 version 1809. John Cable, the director of Program Management for Windows Servicing and Delivery at Microsoft said, “the data-destroying bug that triggered that unprecedented decision, as well as other quality issues that emerged during the unscheduled hiatus, have been thoroughly investigated and resolved." Microsoft also announced the re-release of Windows Server 2019, which was affected by the same issue. According to ZDNet, “The first step in the re-release is to restore the installation files to its Windows 10 Download page so that "seekers" (the Microsoft term for advanced users who go out of their way to install a new Windows version) can use the ISO files to upgrade PCs running older Windows 10 versions.” Michael Fortin, Windows Corporate Vice President, in a blog post, offered some context behind the recent issues and announced changes to the way the company approaches communications and also the transparency around their process. Per Fortin, "We obsess over these metrics as we strive to improve product quality, comparing current quality levels across a variety of metrics to historical trends and digging into any anomaly." To know more about this in detail, visit Microsoft’s official blog post. A Microsoft Windows bug deactivates Windows 10 Pro licenses and downgrades to Windows 10 Home, users report Microsoft announces .NET standard 2.1 Microsoft releases ProcDump for Linux, a Linux version of the ProcDump Sysinternals tool  

The ongoing Mobile World Conference 2019 at Barcelona, has an interesting line-up of announcements, keynote speakers, summits, seminars and more. It is the largest mobile event in the world, that brings together the latest innovations and leading-edge technology from more than two thousand leading companies. The theme of this year’s conference is ‘Intelligent Connectivity’ which comprises of the combination of flexible, high-speed 5G networks, the Internet of Things (IoT), artificial intelligence (AI) and big data. Microsoft unveiled a host of new products along the same theme on the first day of the conference. Let’s have a look at some of them. #1 Microsoft HoloLens 2 AR announced! Microsoft unveiled the HoloLens 2 AR device at the Mobile World Congress (MWC). This $3,500 AR device is aimed for businesses, and not for the average person, yet. It is designed primarily for situations where field workers might need to work hands-free, such as manufacturing workers, industrial designers and those in the military, etc. This device is definitely an upgrade from Microsoft’s very first HoloLens that recognized basic tap and click gestures. The new headset recognizes 21 points of articulation per hand and accounts for improved and realistic hand motions. The device is less bulky and its eye tracking can measure eye movement and use it to interact with virtual objects. It is built to be a cloud- and edge-connected device. The HoloLens 2 field of view more than doubles the area covered by HoloLens 1. Microsoft said it has plans to announce a  follow-up to HoloLens 2 in the next year or two. According to Microsoft, this device will be even more comfortable and easier to use, and that it'll do more than the HoloLens 2. HoloLens 2 is available on preorder and will be shipping later this year. The device has already found itself in the midst of a controversy after the US Army invested $480 million in more than 100,000 headsets. The contract has stirred dissent amongst Microsoft workers. #2 Azure-powered Kinect camera for enterprise The Azure-powered Kinect camera is an “Intelligent edge device that doesn’t just see and hear but understands the people, the environment, the objects, and their actions,” according to Azure VP, Julia White. This AI-powered smart enterprise camera leverages Microsoft’s 3D imaging technology and can possibly serve as a companion hardware piece for HoloLens in the enterprise. The system has a 1-megapixel depth camera, a 12-megapixel camera and a seven-microphone array on board to help it work  with "a range of compute types, and leverage Microsoft’s Azure solutions to collect that data.” The system, priced at $399, is available for pre-order. #3 Azure Spatial Anchors Azure Spatial Anchors are launched as a part of the Azure mixed reality services. These services will help developers and business’ build cross-platform, contextual and enterprise-grade mixed reality applications. According to the Azure blog, these mixed reality apps can map, designate and recall precise points of interest which are accessible across HoloLens, iOS, and Android devices. Developers can integrate their solutions with IoT services and artificial intelligence, and protect their sensitive data using security from Azure. Users can easily infuse artificial intelligence (AI) and integrate IoT services to visualize data from IoT sensors as holograms. The Spatial Anchors will allow users to map their space and connect points of interest “to create wayfinding experiences, and place shareable, location-based holograms without any need for environmental setup or QR codes”. Users will also be able to manage identity, storage, security, and analytics with pre-built cloud integrations to accelerate their mixed reality projects. #4 Unreal Engine 4 Support for Microsoft HoloLens 2 During the  Mobile World Congress (MWC), Epic Games Founder and CEO, Tim Sweeney announced that support for Microsoft HoloLens 2 will be coming to Unreal Engine 4 in May 2019. Unreal Engine will fully support HoloLens 2 with streaming and native platform integration. Sweeney says that “AR is the platform of the future for work and entertainment, and Epic will continue to champion all efforts to advance open platforms for the hardware and software that will power our daily lives.” Unreal Engine 4 support for Microsoft HoloLens 2 will allow for "photorealistic" 3D in AR apps. Head over to Microsoft's official blog for an in-depth insight on all the products released. Unreal Engine 4.22 update: support added for Microsoft’s DirectX Raytracing (DXR) Microsoft acquires Citus Data with plans to create a ‘Best Postgres Experience’ Microsoft joins the OpenChain Project to help define standards for open source software compliance

Last month, Nathan Egge, a Senior Research Engineer at Mozilla explained technical details behind AV1 in depth at the Mile High Video Workshop in Denver. AV1 is a new open source royalty-free video codec that promises to help companies and individuals transmit high-quality video over the internet efficiently. AV1 is developed by the Alliance for Open Media (AOMedia), an association of firms from the semiconductor industry, video on demand providers, and web browser developers, founded in 2015. Mozilla joined AOMedia as a founding member. AV1 was created for a broad set of industry use cases such as video on demand/streaming, video conferencing, screen sharing, video game streaming, and broadcast. It is widely supported and adopted and gives at least 30% better than current generation video codecs. The alliance was able to hit a key milestone with the release of AV1 1.0.0 specification earlier this year in June. The codec has seen increasing interest from various companies, for instance, YouTube launched AV1 Beta Playlist in September. The following diagram shows the various stages in the working of a video codec: Source: YouTube We will cover the tools and algorithm used in some of these stages. Let’s see some of its technical details from Egge’s talk: AV1 Profiles Profiles specify the bit depth and subsampling formats supported. In AV1 there are three profiles: Main, High, and Professional which differ in terms of their bit-depth and chroma subsampling. The following table shows their bit-depth and chroma subsampling: Main High Professional Bit depth 8-bit and 10-bit 8-bit and 10-bit 8-bit, 10-bit, and 12-bit Chroma subsampling 4:0:0, 4:2:0 4:0:0, 4:2:0, and 4:4:4 4:0:0, 4:2:0, 4:2:2, and 4:4:4 High-level syntax In VP9 there is a concept of superframes that at some point becomes complicated. Superframes allows you to consolidate multiple coded frames into one single chunk. AV1 comes with high-level syntax that includes: sequence header, frame header, tile group, and tiles. Sequence header starts a video stream, frame headers are at the beginning of a frame, a tile group is an independent group of tiles, and finally, we have tiles which can be independently decoded. Source: YouTube Multi-symbol entropy coder Unlike VP9, which uses a tree-based boolean non-adaptive binary arithmetic encoder to encode all syntax elements, AV1 uses a symbol-to-symbol adaptive multi-symbol arithmetic coder. Each of its syntax element is a member of a specific alphabet of N elements, and a context is a set of N probabilities together with a count to facilitate fast early adaptation. Transform types In addition to DCT and ADST transform types, AV1 introduces two other transforms called flipped ADST and identity transform as extended transform types. Identity transform enables you to effectively code residual blocks with edges and lines. AV1 thus comes with the advantage of a total of sixteen horizontal and vertical transform type combinations. Intra prediction modes Along with the 8 main directional modes from VP9, up to 56 more directions are added but not all of them are available at smaller sizes. The following are some of the prediction modes introduced in AV1: Smooth H + V modes allow you to smoothly interpolate between values in the left column and last value in the above row. Palette mode is introduced to the intra coder as a general extra coding tool. It will be especially useful for artificial videos like screen capture and games, where blocks can be approximated by a small number of unique colors. The palette predictor for each plane of a block is depicted by: A color palette, with 2 to 8 colors Color indices for all pixels in the block Chroma from Luma (CfL) is a chroma-only intra predictor that models chroma pixels as a linear function of coincident reconstructed luma pixels. Source: YouTube First, the reconstructed luma pixels are subsampled into the chroma resolution, and then the DC component is removed to form the AC contribution. In order to approximate chroma AC component from the AC contribution, instead of requiring the decoder to imply scaling parameters, CfL determines the parameters based on the original chroma pixels and signals them in the bitstream. As a result, this reduces decoder complexity and yields more precise predictions. As for the DC prediction, it is computed using intra DC mode, which is sufficient for most chroma content and has mature fast implementations. Constrained Directional Enhancement Filter (CDEF) CDEF is a detail-preserving deringing filter, which is designed to be applied after deblocking. It works by estimating edge directions followed by applying a non-separable non-linear low-pass directional filter of size 5×5 with 12 non-zero weights. In order to avoid extra signaling, the decoder uses a normative fast search algorithm to compute the direction per 8×8 block that minimizes the quadratic error from a perfect directional pattern. Film Grain Synthesis In AV1, film grain synthesis is a normative post-processing applied outside of the encoding/decoding loop. Film grain is abundant in TV and movie content, which needs to be preserved while encoding. But, its random nature makes it difficult to compress with traditional coding tools. In film grain synthesis, the grain is removed from the content before compression, its parameters are estimated and then sent in the AV1 bitstream. The grain is then synthesized based on the received parameters and added to the reconstructed video. For grainy content, film grain synthesis significantly reduces the bitrate necessary to reconstruct the grain with sufficient quality. You can watch Into the Depths The Technical Details behind AV1 by Nathan Egge on YouTube: https://www.youtube.com/watch?v=On9VOnIBSEs&t=463s Presenting dav1d, a new lightweight AV1 decoder, by VideoLAN and FFmpeg YouTube starts testing AV1 video codec format, launches AV1 Beta Playlist Opus 1.3, a popular FOSS audio codec with machine learning and VR support, is now generally available

Google announced yesterday the release of a new version of its multi-language, cross-platform cryptographic library, named, Tink 1.2.0 to secure data. Earlier versions of Tink are already in use by Google to secure data of their products such as AdMob, Google Pay, Google Assistant, Firebase, the Android Search App, etc. Tink 1.2.0 is built on top of libraries such as BoringSSL, and Java Cryptography Architecture. It comprises cryptographic APIs that are secure, easy to use, and hard to misuse. With Tink 1.2.0, it is easy to perform cryptographic operations like data encryption, digital signatures, etc, as it requires only a few lines of code. It focuses on eliminating as many data misuses as possible. For instance, if the encryption mode needs nonces and reusing nonces would make the encryption mode less secure, then Tink does not allow the user to pass nonces. Tink 1.2.0 also indicates security properties (e.g., safe against chosen-ciphertext attacks) directly in interfaces. This enables security auditors and automated tools to quickly discover usages where security guarantees don’t align with the security requirements. It provides support for key management, which includes, key rotation and phasing out of deprecated ciphers. Other than that, Tink 1.2.0 is customizable. This means that it is easy to add a custom cryptographic scheme or an in-house key management system that can work seamlessly with other parts of Tink. All the parts of Tink are easily removable as well as compostable. The components in Tink 1.2.0 can be selected and assembled in various combinations. As an example, if only digital signatures are needed, then symmetric key encryption components can be excluded to reduce the code size in your application. For more information, check out the official Google blog. Say hello to Sequoia: a new Rust based OpenPGP library to secure your apps Google releases new political ads library as part of its transparency report Google slams Trump’s accusations, asserts its search engine algorithms do not favor any political ideology

Last week, a bug was reported to the VLC bug tracker that all the connections to the update server are still done in HTTP instead of HTTPS. One of the VLC developers replied back asking the bug reporter for a threat model, and when he did not submit it, the VLC developer closed the bug and marked it as “invalid”. This is not the first time this bug has been reported. In a bug reported in 2017, a user said, “It appears that VLC's updating mechanism downloads a new VLC executable over HTTP (ie, in clear-text). Please modify the update mechanism to happen over TLS (preferably with Forward Secrecy enabled).” What are some of the implications of using HTTP over HTTPS? One of the Hacker News users said, “As a trivial example, this is a privacy leak - anyone on the network path can see what version you're upgrading to. It doesn't sound like a huge deal but we are moving to a 100% encrypted world, and it is a one character change to fix the issue. If VLC wants to keep the update over plaintext then they should justify why they want to do that, not have users justify why it should be over https. Instead, it feels like the VLC devs are having a kneejerk defensive reaction.” Along with this, there are several security threats related to software that updates over HTTP, some of which are described here: An attacker can see the contents of software update requests. They can then modify these update requests or responses to change the update behavior or outcome. They can also intercept and redirect software update requests to a malicious server. Attackers can respond to the client request with a huge amount of data that will interfere with the client’s system resulting in endless data attacks. Clients can be prevented by the attackers from being aware of interference with receiving updates by responding to client requests so slowly that automated updates never complete resulting in endless data attacks. Attackers can trick a client into installing software that is older, which is known to have critical bugs. Why VideoLAN does not see it as a big problem? Jean-Baptiste Kempf, the President, and lead VLC developer, said that some of these attacks described above are the case for nearly all download systems, “I'm sorry, but some described attacks (Slow retrieval attacks, Endless data attacks) are issues that are the case for all download system like most Linux Distributions, and that will not be fixed. Mirrors are HTTP and will stay HTTP for a few obvious reasons. Moreover, they will install binaries, so there is no security issue. Moreover, downloads are never done automatically, without user intervention.” As Kempf said, this is not just the case with VLC. A Hacker News user said, “it seems to be a common practice for highly-loaded services to outsource as many cryptographies to clients as possible.” A general-purpose package manager like Pacman uses HTTP because there is not much value in using transport-level security when the payload is cryptographically signed. Even Tesla’s firmware updates are not encrypted in transit as their updates are cryptographically signed. Oracle also followed the same policy with VirtualBox distributions and that's been fine because they signed packages. You can read more in detail on the VLC bug tracker website. dav1d 0.1.0, the AV1 decoder by VideoLAN, is here Presenting dav1d, a new lightweight AV1 decoder, by VideoLAN and FFmpeg dav1d to release soon with all features of AV1, and better performance than libaom

Robert Kyncl, YouTube's Chief Business Officer, opened up on YouTube’s Creator Blog, on Tuesday. This was about  “Article 13” in the EU proposal, which is currently up for a vote in the European Parliament on September 12. According to Article 13, there is an “obligation on information society service providers storing and giving access to large amounts of works and other subject-matter uploaded by their users to take appropriate and proportionate measures to ensure the functioning of agreements concluded with right holders and to prevent the availability on their services of content identified by rightholders in cooperation with the service providers”. In a nutshell, any user-generated content on these online platforms that a copyright enforcement algorithm considers as copyrighted work would need to be censored by these platforms. This is a new revamped version that EU has come out with as the older version was rejected by the Parliament back in July. The older version also received heavy criticism from different policy experts and digital rights group on grounds of violating the fundamental rights of the internet users. “The "Article 13” potentially undermine this creative economy, discouraging or even prohibiting platforms from hosting user-generated content. This outcome would not only stifle your creative freedom, it could have severe, negative consequences for the fans, the communities and the revenue you have all worked so hard to create,” mentioned Kyncl. Kyncl also pointed out how the creators and artists on these platforms have built businesses “on the back” of this “openness”.  YouTube has a strong set of copyright management tools like Content ID and a Copyright Match Tool which are pretty efficient at managing the re-uploads of creators’ content. “Copyright holders have control over their content: they can use our tools to block or remove their works, or they can keep them on YouTube and earn advertising revenue. In over 90% of cases, they choose to leave the content up. Enabling this new form of creativity and engagement with fans can lead to mass global promotion and even more revenue for the artist.” reads the YouTube blog post. A good example given by Kyncl is that of a famous pop singer, Dua Lipa whose singing career started with covering songs of other Artists. Also, Alan Walker’s worldwide famous track “Fade”  was heavily used by other users in the YouTube community along with being used in video games. This resulted in a massive fanbase for him. YouTube is not the only one disapproving of the new proposal. Other organizations such as  European Digital Rights, the Internet Archive, Patreon, Wordpress, and Medium have all opened up about their disapprobation against the EU copyright policy. “This is the new creative economy in action. The Copyright Directive won’t just affect creators and artists on YouTube. It will also apply to many forms of user-generated content across the Internet” writes Kyncl. For more information, check out the official YouTube blog post. YouTube has a $25 million plan to counter fake news and misinformation Mozilla, Internet Society, and web foundation wants G20 to address “techlash” fuelled by security and privacy concerns Facebook COO, Sandberg’s Senate testimony: On combating foreign influence, fake news, and upholding election integrity