Tech News

Andrea Stewart-Cousins, majority leader of the New York State Senate, and the senate democrats, nominated the New York State Senator, Michael Gianaris of Queens to serve on the five-member Public Authorities Control Board (PACB), yesterday. The news, first reported by the NY Times, has stirred up a worry among those who support Amazon’s HQ2 proposal to build a 25,000-person office in New York City (announced last year in November).  This is because Gianaris has been a vocal opponent of Amazon HQ2, and if selected, can veto the state actions on the project. “My position on the Amazon deal is clear and unambiguous and is not changing. It’s hard for me to say what I would do when I don’t know what it is I would be asked to opine on”, said Gianaris. The Amazon HQ2 deal for Long Island City was negotiated by Gov. Andrew Cuomo back in November 2018. “With Amazon committing to expand its headquarters in Long Island City, New York can proudly say that we have attracted one of the largest, most competitive economic development investments in U.S. history,” said Cuomo. He now has a final say over whether to refuse or approve the Senate’s selection. The day after Amazon announced its plans to build its 1.5 million square foot corporate headquarters in Long Island City, Queens, New York City, Gianaris started a protest against Amazon. Gianaris was joined by other New Yorkers who protested against the company’s plan, asking it to be abandoned.   https://twitter.com/SenGianaris/status/1062787029761753088 https://twitter.com/SenGianaris/status/1062693588457394176 Amazon’s new campus is supposed to be located along Long Island City’s waterfront, across the East River from Manhattan’s Midtown East neighborhood. Amazon has promised 50,000 jobs and will take in 25,000 employees with an average wage of $150,000 a year. Moreover, the company will receive at least $2.8 billion in incentives from the state and city and if it passes the goal of 25,000 workers in Long Island City, it could also receive state tax breaks. Gianaris does not approve of this as he believes that spending $2.8 billion in state and city incentives to Amazon is a “bad deal”. https://twitter.com/SenGianaris/status/1063066018694737920 He even went ahead to call it a ‘#Scamazon deal’. https://twitter.com/SenGianaris/status/1090632342719381504 Many people are in favor of Gianaris. According to Stuart Applebaum, President, Retail, Wholesale, and Department Store Union, Gianaris, has “proven himself to be a champion of workers’ rights”: https://twitter.com/RWDSU/status/1092536178073653248 Dani Lever, a spokeswoman for Cuomo, said that the recommendation of Gianaris “puts the self-interest of a flip-flopping opponent of the Amazon project above the state’s economic growth. Every Democratic Senator will now be called on to defend their opposition to the greatest economic growth potential this state has seen in over 50 years”. Amazon launches TLS Termination support for Network Load Balancer Sally Hubbard on why tech monopolies are bad for everyone: Amazon, Google, and Facebook in focus Rights groups pressure Google, Amazon, and Microsoft to stop selling facial surveillance tech to government

Yesterday, a Massachusetts senator filed a consumer privacy bill enabling consumers to sue for privacy invasions. The bill touted to be similar to Californians for consumer privacy (CCPA).  It allows for a private right of action and statutory damages for any violation of the law (not just breaches) and does not require a demonstration of a loss of money or property. Here’s what the bill proposes: Businesses provide consumers with a notice At/Before Collection Right to Delete: A consumer shall have the right to request that a business delete any personal information about the consumer which the business has collected from the consumer. Right to Opt-out of Third Party Disclosure:  A consumer shall have the right, at any time, to demand that a business not disclose the consumer’s personal information to third parties. No Penalty for Exercise of Rights: A business shall not discriminate against a consumer because the consumer exercised any of the consumer’s rights under the bill Private Right of Action: A consumer who has suffered a violation of this bill may bring a lawsuit against the business or service provider that violated this bill. The bill says that “Consumers need not to suffer a loss of money or property as a result of the violation in order to bring an action for a violation." People on Twitter generally had positive sentiments. https://twitter.com/natashanyt/status/1090328524865576961 https://twitter.com/ashk4n/status/1092452492175175680 https://twitter.com/gabrielazanfir/status/1092524077854670851 Last month, Sen. Ben Sasse introduced a bill, “Malicious Deep Fake Prohibition Act” to criminalize the malicious creation and distribution of deepfakes, which are increasingly being used for promoting harassment and illegal activities. Under the bill, it would be illegal for individuals to: (1) Create, with the intent to distribute, a deep fake with the intent that the distribution of the deep fake would facilitate criminal or tortious conduct under Federal, State, local, or Tribal law; or (2) Distribute an audiovisual record with— (A) actual knowledge that the audiovisual record is a deep fake; and (B) the intent that the distribution of the audiovisual record would facilitate criminal or tortious conduct under Federal, State, local, or Tribal law. However, this bill was widely criticized for its loopholes. A statement in the bill states, “Deep fake means an audiovisual record created or altered in a manner that the record would falsely appear to a reasonable observer to be an authentic record of the actual speech or conduct of an individual.” A hacker news user said that this, limits the scope of the act to prohibiting deep fakes that are not explicitly labeled as such. Another user said, “If that's the case, any sort of creative editing, even just quick cuts, could fall under this (see: any primetime or cable news, any TV campaign ad, the quick cuts of Obama where it looks like he's singing Never Gonna Give You Up, etc). A law like this could also be weaponized against political foes—basically, label everything you don't like as "fake news" and prosecute it under this law.” Orin Kerr in a blog post comments, “The Sasse bill also has a potential problem of not distinguishing between devices and files. Reading the bill, it prohibits the distribution of an audiovisual record with the intent that the distribution would facilitate tortious conduct.” It is promising to see the lawmakers sincerely taking measures to enable building strict privacy standards. Only time will tell if this new legislation will continue to protect consumer data than the businesses that profit from it. Machine generated videos like Deepfakes – Trick or Treat? Privacy experts urge the Senate Commerce Committee for a strong federal privacy bill “that sets a floor, not a ceiling” Biometric Information Privacy Act: It is now illegal for Amazon, Facebook or Apple to collect your biometric data without consent in Illinois

Last year, the steering council model was elected for Python governance. Now the results for the steering council election, January 2019 are out in PEP 8100. First some background about the steering council model: “Authored by Nathaniel J. Smith, and Donald Stufft, this proposal involves a model for Python governance based on a steering council. The council has vast authority, which they intend to use as rarely as possible, instead, they plan to use this power to establish standard processes. The steering council committee consists of five people. A general philosophy is followed—it’s better to split up large changes into a series of small changes to be reviewed independently. As opposed to trying to do everything in one PEP, the focus is on providing a minimal and solid foundation for future governance decisions. This PEP was accepted on December 17, 2018.” The goals of the model are to be: Boring, stick to the basics and not experiment Simplistic enough for a minimum viable product Comprehensive to avoid confusion Flexible and light-weight Of the 96 eligible voters, only 69 had cast ballots. The nomination period for the election was from January 7, 2019 to January 20, 2019. The voting period was from January 21, 2019 to February 4, 2019. The results are in and the top five candidates are: Barry Warsaw Brett Cannon Carol Willing Guido van Rossum Nick Coghlan Now, these five individuals are a part of the steering council for Python governance. The council will make decisions on PEPs. They will also work on maintaining the stability, quality of the Python language and interpreter. Python governance vote results are here: The steering council model is the winner NYU and AWS introduce Deep Graph Library (DGL), a python package to build neural network graphs Introducing RustPython, a Python 3 interpreter written in Rust

On the eve of Vue’s fifth anniversary yesterday, its creator, Evan You, announced the release of Vue 2.6. This version, which goes by the name “Marcoss”, comes with a new syntax for slots usage and also few performance improvements,  internal changes, and more. Following are some of the highlights in Vue 2.6: A new syntax for slots usage Vue provides the slots feature to enable flexible component composition. Vue 2.6 introduces a new unified syntax for named and scoped slots usage. The new directive v-slot combines slot and slot-scope, which are now deprecated, in a single directive syntax. This update is fully backward compatible. According to the RFC, slot-scope will be soft-deprecated. This means that it will be marked deprecated in the docs and developers will be encouraged to use the new syntax, but no deprecation messages will be shown for now. The team is planning to eventually remove slot-scope in Vue 3.0. Performance improvements in slots The rendering of normal slots happens during the parent’s render cycle, hence, when the dependency of a slot changes, it causes both the parent and child components to re-render. This version comes with an optimization to avoid this re-rendering and ensure that the parent scope dependency mutations only affect the parent. Now, the child component will not be forced to update if it uses scoped slots. If you use the new v-slot syntax, then the slots will be compiled into scoped slots. This essentially means that all slots will get the performance advantage that comes with scoped slots. Normal slots are now exposed on this.$scopedSlots as functions. Developers using the render functions instead of templates can now always use this.$scopedSlots, without having to worry about the type of slots being passed in. Async error handling in Vue Vue’s error handling mechanism, which includes in-component errorCaptured hook and the global errorHandler hook, now also capture errors inside v-on handlers. Additionally, if any of your life cycle hooks or event handlers perform asynchronous operations, you can now return a Promise from the function. This will ensure that any uncaught error from that Promise chain is also sent to your error handlers. Data pre-fetching during server-side rendering This version comes with a new serverPrefetch hook that enables any component, except route-level components, to pre-fetch data during server-side rendering. This is introduced to allow more flexible usage and reduce the coupling between data fetching and the router. Dynamic Directive Arguments Earlier, users had to use argument-less object binding in order to leverage dynamic keys as the directive arguments were static. Dynamic JavaScript expressions are now supported in directive arguments. To read more in detail, check out Evan You’s official announcement on Medium. Learning Vue in 2019 with Anthony Gore’s developer knowledge map Evan You shares Vue 3.0 updates at VueConf Toronto 2018 Vue.js 3.0 is ditching JavaScript for TypeScript. What else is new?

Security Researchers have discovered a new backdoor trojan, dubbed as ‘SpeakUp’ which exploits known vulnerabilities in six different Linux distributions and has the ability to infect MacOS. This trojan discovered by Check Point Research, is being utilised in a crypto mining campaign that has targeted more than 70,000 servers worldwide so far. Attackers have been using SpeakUp in a campaign to deploy Monero cryptocurrency miners on infected servers thus earning around 107 Monero coins (around $4,500). Last month, the backdoor was spotted for the first time and researchers discovered a built-in Python script that allowed the trojan to spread through the local network, laterally. The virus remains undetected, has complex propagation tactics, and the threat surface contains servers that run the top sites on the internet. What can this trojan do? Vulnerable systems that have been affected by this trojan allow the hackers to perform a host of  illicit activities like modification of the local cron utility to gain boot persistence, take control over shell commands, execute files downloaded from a remote command and control (C&C) server, and update or uninstall itself. According to the researchers, SpeakUp has already been spotted exploiting the Linux servers that run more than 90 percent of the top 1 million domains in the U.S. The hackers behind SpeakUp are using an exploit for the ThinkPHP framework to infect servers and the researchers have not  seen the attackers targeting anything except ThinkPHP. The trojan has been crafted with complexity and can scan local networks for open ports, use a list of pre-defined usernames and passwords to brute-force nearby systems and take over unpatched systems using one of these seven exploits: CVE-2012-0874: JBoss Enterprise Application Platform Multiple Security Bypass Vulnerabilities CVE-2010-1871: JBoss Seam Framework remote code execution JBoss AS 3/4/5/6: Remote Command Execution CVE-2017-10271: Oracle WebLogic wls-wsat Component Deserialization RCE CVE-2018-2894: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware. Hadoop YARN ResourceManager - Command Execution CVE-2016-3088: Apache ActiveMQ Fileserver File Upload Remote Code Execution Vulnerability. Security researchers have also pointed out to the fact that the SpeakUp’s authors have the ability to download any code they want to the servers. “SpeakUp’s obfuscated payloads and propagation technique is beyond any doubt the work of a bigger threat in the making. It is hard to imagine anyone would build such a compound array of payloads just to deploy few miners. The threat actor behind this campaign can at any given time deploy additional payloads, potentially more intrusive and offensive. It has the ability to scan the surrounding network of an infected server and distribute the malware.” According to Threatpost, Oded Vanunu, head of products vulnerability research for Check Point, said that “the scope of this attack includes all servers running ThinkPHP, Hadoop Yarn, Oracle WebLogic, Apache ActiveMQ and Red Hat JBoss. Since these software can be deployed on virtual servers, all cloud infrastructure are also prone to be affected.” According to the analysis by Check Point Research, the malware is currently distributed to Linux servers mainly located in China. Lotem Finkelstein, one of the Check Point researchers told ZDNet that “the infections in non-Chinese countries comes from SpeakUp using its second-stage exploits to infect companies' internal networks, which resulted in the trojan spreading outside the normal geographical area of a Chinese-only PHP framework.” You can head over to Check Point Research official post for a break down of how this trojan works as well as an analysis of its impact. Git-bug: A new distributed bug tracker embedded in git Fortnite just fixed a bug that let attackers to fully access user accounts, impersonate real players and buy V-Buck 35-year-old vulnerabilities in SCP client discovered by F-Secure researcher

Yesterday, the first alpha of Python 3.8.0 was announced in a Python blog post. The most important change in this version is the addition of Assignment Expressions. This is the first alpha, three more are yet to be released. Keep in mind that the features are raw and not meant for production use. Some changes in Python 3.8.0 alpha 1: Security changes When spawning child processes, the command line option -I to run Python in isolated mode is now copied by the multiprocessing and distutils modules as well OpenSSL is updated to OpenSSL 1.1.0i for Windows builds The thread safety of error handling is fixed in _ssl A small fix to prevent buffer overrun in os.symlink for Windows Changes in core and builtins PEP 572: This introduces a new way which assigns values to variables in an expression by using the NAME := expr notation Parenthesis are made optional for named expressions in a while statement. Python initialization is reorganized to get exceptions and sys.stderr early. A small memory leak is fixed in pymain_parse_cmdline_impl. For unbalanced parentheses in f-string, the syntax messages are better. End line and end column position information are added to the Python AST nodes During the Python initialization, the Python filesystem encoding is read faster Library changes Shared memory submodule is added to multiprocessing in order to avoid serialization between processes The KeyError exception when using enums and compile is now fixed help() on metaclasses is fixed The raise(signum) is now exposed as raise_signal Building enums by value are now faster These were a select few changes in Python 3.8.0 alpha 1. For a complete list of changes, you may go through the changelog. Introducing RustPython, a Python 3 interpreter written in Rust EuroPython Society announces the ‘Guido van Rossum Core Developer Grant’ program to honor Python core developers pandas will drop support for Python 2 this month with pandas 0.24

A leading fact-checking agency, Snopes, announced last week that it’s terminating its partnership with Facebook and will no longer aid in reducing the spread of misinformation and fake news on the platform. “We are evaluating the ramifications and costs of providing third-party fact-checking services, and we want to determine with certainty that our efforts to aid any particular platform are a net positive for our online community, publication, and staff”, reads the statement by David Mikkelson, CEO, Snopes, and Vinny Green, VP operations, Snopes. Facebook had decided to partner up with 3rd party fact checking firms at the end of 2016, to get help in combating false news on its platform following the 2016 US elections. One such firm to partner up with Facebook was Snopes, who contributed to Facebook for two years. Snopes team mentions that when they contributed to Facebook’s initial fact-checking effort in December 2016, there were no financial benefits (payment offer) involved. However, Facebook did offer a lump $100,000 payment for their work in 2017. Other than that, Green told Poynter that part of the reason why Snopes withdrew its partnership with Facebook is that third-party fact-checking for Facebook didn’t seem practical to the publishers within Snopes. He mentions that fact checkers had to manually enter false news post on Facebook that they flag into the dashboard, which in turn, requires a lot of time and is not possible for a team that has only 16 people. “It doesn’t seem like we’re striving to make third-party fact-checking more practical for publishers — it seems like we’re striving to make it easier for Facebook. The work that fact-checkers are doing doesn’t need to be just for Facebook — we can build things for fact-checkers that benefit the whole web, and that can also help Facebook”, Green told Poynter. Offering Fact-checking services for Facebook has been under a lot of controversy within Snopes, as Guardian recently quoted Brooke Binkowski, Snopes’ former managing editor, and Kim LaCapria, a former fact-checker in a report published in December last year. As per the reports, the former Snopes employees mentioned that Facebook ‘didn’t care’ about the fact-checking firms. “They’ve essentially used us for crisis PR. They’re not taking anything seriously. They are more interested in making themselves look good and passing the buck … They clearly don’t care,” said Binkowski. Regarding the current news, a Facebook spokesperson told Poynter that, despite Snopes’ pulling out of the partnership, Facebook will continue to improve its platform and work with fact-checkers around the world. Another agency, named, Associated Press (AP) is also currently making negotiations over its role as a fact-checking agency on Facebook. AP spokesperson told TechCrunch it’s not doing any fact-checking work for Facebook currently and is in an ongoing discussion with Facebook about opportunities related to doing more important fact-checking work on Facebook. AP doesn’t plan on leaving Facebook but is in talks with the company and hopes to start the fact-checking work soon, as reported by TechCrunch. Snopes team also mentioned that they've not entirely ruled out working with Facebook and are willing to have an open dialogue and discussion with Facebook over its approaches to fighting misinformation. “We will continue to be pioneers in a challenging digital media landscape, forever looking for opportunities to cultivate our publication and increase our impact. Our extremely talented and dedicated staff stands ready for the challenges ahead”, states the Snopes team. Facebook faces multiple data-protection investigations in Ireland Facebook pays users $20/month to install a ‘Facebook Research’ VPN that spies on their phone and web activities, TechCrunch reports Facebook hires top EEF lawyer and Facebook critic as Whatsapp privacy policy manager

Today, the team at Platform9, a company known for its SaaS-managed hybrid cloud, introduced a fully managed, enterprise-grade Kubernetes service that works on VMware with full SLA guarantee. It enables enterprises to deploy and run Kubernetes easily without the need of management overhead and advanced Kubernetes expertise. It features enterprise-grade capabilities including multi-cluster operations, zero-touch upgrades, high availability, monitoring, and more, which are handled automatically and backed by SLA. PMK is part of the Platform9’s hybrid cloud solution, which helps organizations in centrally managing VMs, containers and serverless functions on any environment. Enterprises can support Kubernetes at scale alongside their traditional VMs, legacy applications, and serverless functions. Features of Platform9 Managed Kubernetes Self Service, Cloud Experience IT Operations and VMware administrators can now help developers with simple, self-service provisioning and automated management experience. It is now possible to deploy multiple Kubernetes clusters with a click of a button that is operated under the strictest SLAs. Run Kubernetes anywhere PMK allows organizations to run Kubernetes instantly, anywhere. It also delivers centralized visibility and management across all Kubernetes environments including on-premises, public cloud, or at the Edge. This helps the organizations to drop shadow IT and VM/Container sprawl and ensure compliance. It improves utilization and reduces costs across all infrastructure. Speed Platform9 Managed Kubernetes (PMK) allows enterprises to run in less than an hour on VMware. It also eliminates the operational complexity of Kubernetes at scale. PMK helps enterprises to modernize their VMware environments without the need of any hardware or configuration changes. Open Ecosystem Enterprises can benefit from the open source community and all the Kubernetes-related services and applications by delivering open source Kubernetes on VMware without code forks. It ensures portability across environments. Sirish Raghuram, Co-founder, and CEO of Platform9 said, “Kubernetes is the #1 enabler for cloud-native applications and is critical to the competitive advantage for software-driven organizations today. VMware was never designed to run containerized workloads, and integrated offerings in the market today are extremely clunky, hard to implement and even harder to manage. We’re proud to take the pain out of Kubernetes on VMware, delivering a pure open source-based, Kubernetes-as-a-Service solution that is fully managed, just works out of the box, and with an SLA guarantee in your own environment.” To learn more about delivering Kubernetes on VMware, check out the demo video. Platform9 announces a new release of Fission.io, the open source, Kubernetes-native Serverless framework CNCF releases 9 security best practices for Kubernetes, to protect a customer’s infrastructure GitLab 11.7 releases with multi-level child epics, API integration with Kubernetes, search filter box and more

A lot of fake news has been spreading in recent times via social media channels such as Facebook, Twitter, Whatsapp, and so on. A group of researchers from the University of Southern California came up with a paper titled “Combating Fake News: A Survey on Identification and Mitigation Techniques” that discusses existing methods and techniques applicable to identification and mitigation of fake news. Microsoft Edge mobile browser also flags untrustworthy news sites with the help of a plugin named NewsGuard. But how far are we in combating the ‘Fake News”? This weekend, Destin Sandlin, an engineer who conducts an educational video series Smarter Every Day on YouTube, tweeted how Fake News is getting popular on YouTube by being literally engineered within our daily feeds by using sophisticated AI, destructive bots and so on. https://twitter.com/smartereveryday/status/1091833011262423040 He started off by tweeting about “weaponized bots, algorithm exploitation, countermeasures, and counter-countermeasures!” He mentioned seeing a YouTube video thumbnail with a picture of Donald Trump and Ruth Bader Ginsburg side by side. What caught his eye was, the video received 135,000 views making him feel it’s a legit video. He further explained that the video was simply a bot reading a script. He realized that these bots have come-up with ways to auto-make YouTube videos and upload them. “I recognize that this video is meant to manipulate me so I go to close the video.” https://twitter.com/smartereveryday/status/1091833831206866944 Sandlin highlighted another fact that these videos had a 2,400 to 143 like to dislike ratio. He believes that this was some sort of weaponized algorithm exploitation. Source: Twitter He said that in order to get maximum views on YouTube, all a video has to do is get onto the sidebar or in the suggested videos list. He also mentioned an example of a channel that appeared in his suggestion list, named "The Small Workshop", which managed to get 13 million views. https://twitter.com/smartereveryday/status/1091835106149453826 The Trump - Ginsburg video Sandlin searched the YouTube for "After trump sends note to Ginsburg" following which he got tons of different videos but with the same content. He said, “They all use the exact same script, but the computerized voices are different to not trip YouTube's audio detectors, the videos all use different footage to avoid any visual content ID match”. “This is an offensive AI at work, and it's built to avoid every countermeasure”, he added. Sandlin tweeted, “I think the strategy is simple… if you bot-create enough videos on the same topic and generate traffic to those artificially…many will fail, but eventually, the algorithm will suggest one of them above the others, and it will be promoted as “THE ONE”.” He further said that tech company engineers are tasked with developing countermeasures to these kinds of attacks. He is dubious of the attacking party he suspects, “Is there a building in a foreign country where soldiers go to work/battle every day to "comment, like, and subscribe?” or are these clever software developers building bots to automatically create videos and accounts to promote those videos? “I would assume they’re using AI to see what types of videos and comments are amplified the most.” He wonders, “How often Do TTPs (Techniques, Tactics, and Procedures) change?  When the small groups of engineers at YouTube, Facebook, Instagram or Twitter develop a countermeasure, how long until counter-countermeasures are developed and deployed?” According to a post at Resurgent, “Perhaps Sandlin’s suggestion, responding with an active unity, a countermeasure of forgiveness and grace, is the best answer. There’s no AI or algorithm that can defeat those weapons.” Read Destin Sandlin’s complete Tweet thread to know more. WhatsApp limits users to five text forwards to fight against fake news and misinformation Is Anti-trust regulation coming to Facebook following fake news inquiry made by a global panel in the House of Commons, UK? Fake news is a danger to democracy. These researchers are using deep learning to model fake news to understand its impact on elections

RustPython is an open-source Python 3 interpreter written in Rust with the whole Python 3 implementation completely done in Rust. This interpreter is currently in the early stages and the documentation is also being developed. You need wasm-pack and npm to install it. You can test it by using the following code: $ git clone https://github.com/RustPython/RustPython $ cd RustPython $ cargo run demo.py Hello, RustPython! The code style used is rustfmt. You can also test with cargo on the interactive shell.You can run only basic examples as currently there is only preliminary support for WebAssembly. Using a memory safe language like Rust instead of C or C++ has benefits as pointed out by a Hacker new user: “At least 1/3 of Python's CVEs could have been prevented by using a memory safe language like Rust.” Another user said: “This is wonderful. This could become the best way to move Python projects to Rust: initially just run on the RustPython interpreter, but then optimize low-level routines in Rust. In 15 years I wouldn't be surprised if this or something like it surpasses CPython in popularity.” For more details and installation instructions visit the GitHub repository. Rust 1.32 released with a print debugger and other changes EuroPython Society announces the ‘Guido van Rossum Core Developer Grant’ program to honor Python core developers Python governance vote results are here: The steering council model is the winner

Last week, AdaCore announced that they are now a member of the RISC-V Foundation. The Risc-V Foundation is a non-profit organization, which provides the free and open-source instruction set architecture (ISA) called RISC-V. RISC-V was created by the Computer Science Division, EECS Department at the University of California in Berkeley with their foundation is supported by over 200 members. The ISA in RISC-V can be implemented via either open-source or proprietary architectures. This allows chip designers to use an assembly language that is designed with clarity. By becoming a part of the RISC-V Foundation, AdaCore’s Ada and SPARK languages are made available to RISC-V developers. This offers them an environment where they can develop applications where safety and security are critical. The first few product offerings from AdaCore—GNAT Pro Ada and GNAT Pro C—are made for bare metal RISC-V 32- and 64-bit architectures. They can also be used for the GNAT Community edition for bare metal RISC-V 32-bit configurations. Rick O’Connor, executive director of the RISC-V Foundation said: “We’re happy to see Ada joining the front row of the languages available to the RISC-V ecosystem. This will create an extremely appealing option for RISC-V users with the most stringent reliability requirements.” Quentin Ochem, the lead of Business Development at AdaCore said: “As we’re seeing the growth of Ada in new projects and markets, RISC-V has rapidly emerged as an indispensable ecosystem to be part of. We are fascinated by the opportunities it creates both at the technical and business levels, and we look forward to becoming an active member of the community.” To know more about AdaCore, visit the AdaCore website. Western Digital RISC-V SweRV Core is now on GitHub A libre GPU effort based on RISC-V, Rust, LLVM and Vulkan by the developer of an earth-friendly computer LLVM officially migrating to GitHub from Apache SVN

Last week the team at OpenWrt announced the second service release of the stable OpenWrt 18.06 series, OpenWrt 18.06.2. OpenWrt is a Linux operating system that targets embedded devices and provides a fully writable filesystem with optional package management. It is also considered to be a complete replacement for the vendor-supplied firmware of a wide range of wireless routers and non-network devices. What’s new in OpenWrt 18.06.2? OpenWrt 18.06.2 comes with bug fixes in the network and the build system and updates to the kernel and base packages. In OpenWrt 18.06.2, Linux kernel has been updated to versions 4.9.152/4.14.95 (from 4.9.120/4.14.63 in v18.06.1). GNU time dependency has been removed. This release comes with added support for bpf match. In this release, a blank line has been inserted after KernelPackage template to allow chaining calls. INSTALL_SUID macro has been added. This release comes with added support for enabling the rootfs/boot partition size option via tar. Building of artifacts has been introduced. Package URL has been updated. Un-initialized return value has been fixed. Major bug fixes The docbook2man error has been fixed. The issues with libressl build on x32 (amd64ilp32) host has been fixed. The build has been fixed without modifying Makefile.am. Fedora patch has been added for crashing git style patches. The syntax error has been fixed. Security fixes for the Linux kernel, GNU patch, Glibc, BZip2, Grub, OpenSSL, and MbedTLS. IPv6 and network service fixes. Few of the users are happy about this release and they think despite small teams and budgets, the team at OpenWrt has done a wonderful job by powering so many routers. One of the comment reads, “The new release still works fine on a TP-Link TL-WR1043N/ND v1 (32MB RAM, 8MB Flash). This is an old router I got from the local reuse center for $10 a few years ago. It can handle a 100 Mbps fiber connection fine and has 5 gigabit ports. Thanks Openwrt!” But the question is if cheap routers affect the internet speed. One of the users commented on HackerNews, “My internet is too fast (150 mbps) for a cheap router to effectively manage the connection, meaning that unless I pay 250€ for a router, I will just slow down my Internet needlessly.” Read more about this news on the OpenWrt’s official blog post. Mapzen, an open-source mapping platform, joins the Linux Foundation project Remote Code Execution Flaw in APT Linux Package Manager allows man-in-the-middle attack The Haiku operating system has released R1/beta1

Just a month after Homebrew 1.9.0 was released, Homebrew 2.0.0 was released last week with official support for Linux and Windows 10 (with Windows Subsystem for Linux), an automatic running of brew cleanup, removal of support for OS X Mountain Lion ( for versions10.8 and below), and much more. Features of Homebrew 2.0.0 Homebrew now offers official support for Linux and Windows 10 with Windows Subsystem for Linux (WSL). brew cleanup runs periodically (every 30 days) and is triggered automatically for individual formula cleanup on reinstall, install or upgrade. Homebrew has dropped its support for OS X Mountain Lion (10.8 and below). With this new version, Homebrew will now offer better performance, as its portable Ruby is now built on OS X Mavericks (10.9). Debugging git issues is now easier as brew update-reset resets all repositories and taps to their upstream versions. Homebrew reduces errors when formulae are built from source and also allows the removal of many workarounds for niche issues by filtering all user environment variables. The team is now attempting to migrate away from Jenkins to a suitable hosted CI provider after a security researcher, Eric Holmes,  identified a GitHub personal access token leak from Homebrew’s Jenkins in 2018. Homebrew Cask’s downloads are quarantined to provide the same level of security while manually downloading these tools. Homebrew uses a proper option parser so as to generate the man brew and --help. Users can now expect better feedback on inputting invalid options to formulae or commands. Thus making argument handling more simple and robust. To know about the other features in detail, head over to Hombrew’s official page. Conda 4.6.0 released with support for more shells, better interoperability among others Mozilla releases Firefox 65 with support for AV1, enhanced tracking protection, and more! Typescript 3.3 is finally released!  

On the 1st of February, the Government of India modified the policy of Foreign Direct Investment (FDI). The rules mandate that foreign investors cannot use their own e-commerce platforms to control and market their own inventory. Their marketplace can only be used by others to sell goods to retail consumers. E-commerce entities will have to “maintain a level playing field” and refrain from directly/indirectly influencing the sale price of goods and services. [box type="shadow" align="" class="" width=""]Also Read: Last year, the EU opened an investigation against Amazon, to understand how the company uses the data it gathers through transactions. The purpose of the probe was to check whether the data collected legitimately, is also used to give Amazon a competitive advantage over the smaller merchants by allowing it to understand the kinds of things people want to buy.[/box] The new amendments to the policy set the following ground rules for online marketplace owners: Prohibit marketplace “owners” from selling products on their own marketplace through vendors in which they hold an equity interest. Prohibits marketplace owners from making deals to sell products exclusively on their platforms. All vendors on the e-commerce platform should be provided services in a “fair and non-discriminatory manner”, including fulfillment, logistics, warehousing, advertisement, and other services. This has sent two of India’s largest online retailers- Amazon.in and Walmart owned Flipkart.com into a frenzy, scrambling to adjust their e-commerce model to accommodate Indian rules. Amazon and Flipkart, both rely on foreign investment to operate in India. With the new rules in place, products have started to be pulled down from Amazon. Smartphones that were launched as “exclusive deals”, Amazon’s range of Echo speakers and other Amazon exclusive goods have disappeared from the site. According to BBC, Clothing from an Indian department store chain -Shopper’s Stop- is also unavailable now. This because Amazon owns 5% of the company. Users will now have to rely on resellers or offline stores for these products, which may have a far-reaching impact on India's e-commerce sector in the long run. Flipkart’s chief of corporate affairs Rajneesh Kumar said in a statement: "We believe that policy should be created in a consultative, market-driven manner and we will continue to work with the government to promote fair, pro-growth policies," What does this mean for small retailers, consumers? Small traders have been alleging that e-commerce giants create an unfair marketplace for them to work in. https://twitter.com/linamkhan/status/1091459166785490944 The Confederation of All India Traders has advised the government to go further by forming a new regulatory authority and a "special investigation team" that looks into the business models of major e-commerce players. https://twitter.com/praveendel/status/1090915891284533249   While traders may be completely in favor of these new rules, the public is abuzz with mixed sentiments. Some citizens have expressed their views on why the rule doesn't make sense https://twitter.com/ashwinmushran/status/1091943979162038272 Many citizens have accused Amazon of not being fair with their pricing structure and product listing policies. This particular user started an interesting thread, sharing his views on how Amazon could in fact help smaller retailers grow. https://twitter.com/AKG1593/status/1092012275119022081 Cloudtail India Pvt Ltd and WS Retail will be amongst the many suffering a huge setback because of this law.  Small retailers can now breathe a sigh of relief as the big guns step out of the picture. The US-India Strategic Partnership Forum (USISPF)  President and Chief Executive Officer (FPO) Mukesh Aghi stated that "it is not the government's business to micromanage businesses" and the rules are "regressive" that would harm consumers, create unpredictability and have a negative impact on the growth of online retail in India. It will be interesting to see how India’s e-commerce marketplace and its consumers cope up with the repercussions of this law. You can head over to BBC for more insights on this news. Biometric Information Privacy Act: It is now illegal for Amazon, Facebook or Apple to collect your biometric data without consent in Illinois Amazon open-sources SageMaker Neo to help developers optimize the training and deployment of machine learning models The future of net neutrality is being decided in court right now, as Mozilla takes on the FCC  

On January 29, Microsoft Cloud services including Microsoft Azure, Office 365, and Dynamics 365 suffered a major outage. This resulted in customers experiencing intermittent access to Office 365 and also deleting several database records. This comes just after a major outage that prevented Microsoft 365 users from accessing their emails for an entire day in Europe. https://twitter.com/AzureSupport/status/1090359445241061376 Users who were already logged into Microsoft services weren’t affected; however, those that were trying to log into new sessions were not able to do so. How did this Microsoft Azure outage happen? According to Microsoft, the preliminary reason behind this outage was a DNS issue with CenturyLink, an external DNS provider. Microsoft Azure’s status page read, “Engineers identified a DNS issue with an external DNS provider”. CenturyLink, in a statement, mentioned that their DNS services experienced disruption due to a software defect, which affected connectivity to a customer’s cloud resources. Along with authentication issues, this outage also caused the deletion of users’ live data stored in Transparent Data Encryption (TDE) databases in Microsoft Azure. TDE databases encrypt information dynamically and decrypt them when customers access it. As the data is stored in encrypted form, it prevents intruders from accessing the database. For encryption, many Azure users store their own encryption keys in Microsoft’s Key Vault encryption key management system. The deletion was triggered by a script that automatically drops TDE database tables when corresponding keys can no longer be accessed in the Key Vault. Microsoft was able to restore the tables from a five-minute snapshot backup. But, those transactions that customers had processed within five minutes of the table drop were expected to raise a support ticket asking for the database copy. Read more about Microsoft’s Azure outage in detail on ZDNet. Microsoft announces Internet Explorer 10 will reach end-of-life by January 2020 Outage in the Microsoft 365 and Gmail made users unable to log into their accounts Microsoft Office 365 now available on the Mac App Store