Tech News

After the release of Meteor 1.7 in June this year, the Meteor community released Meteor 1.8 yesterday. This version eliminates many of the performance problems in Meteor 1.7. They have addressed the technical debt of compiling an additional client bundle which had led to slow build times in Meteor 1.7. Here’s what all has been added and improved in this latest release. Improved build time In addition to the web.browser and web.cordova bundles, Meteor 1.7 introduced a new client bundle called web.browser.legacy. This addition of an extra bundle resulted in increased client build and rebuild times. Usually, developers spend most of their time testing the bundle in development and the legacy bundle provides a safe fallback in production. Meteor 1.8 takes advantage of this fact and cleverly postpones building the legacy bundle until just after the development server restarts. Development can continue as soon as the modern bundle has finished building. As the legacy build happens during a time when the build process would otherwise be completely idle, the impact of the legacy build on server performance is minimal. Still, the legacy bundle gets rebuilt regularly, so any legacy build errors will be surfaced in a timely fashion. A new mechanism for compiling unused files Meteor’s compiler plugins compile every file they receive, regardless of whether the file will ever actually be imported. To avoid this unnecessary compilation of unused files Meteor 1.8 has finally introduced a simple mechanism. Expensive compilation work will now be delayed by the compiler plugins that call inputFile.addJavaScript or inputFile.addStylesheet. This will be done by passing partial options ({ path, hash }) as the first argument, followed by a callback function as the second argument. This callback function will be called by the build system once it knows the module will be included in the bundle. Though the compiler plugin will process every possible file, any unused files will now be ignored by the build system, and their uncalled callbacks will be discarded after the bundle is built. Create Meteor apps with a simple command You can now easily create new Meteor apps with React instead of Blaze using the following command: meteor create --react new-react-app Overriding problematic version constraints from packages A new syntax is introduced for the .meteor/packages file for overriding problematic version constraints from packages you do not control. If a top-level package version constraint in .meteor/packages ends with a  ‘!’ character, any other (non-!) constraints on that package elsewhere in the application will be weakened. Which means, any version of the package that is not less than the constraint will be accepted, regardless of whether the major/minor versions actually match. For instance, using both CoffeeScript 2 and practicalmeteor:mocha used to be difficult because of the api.versionsFrom("1.3") statement. This statement constrained the coffeescript package to version 1.x. In Meteor 1.8, if you want to update coffeescript to 2.x, you can relax the practicalmeteor:mocha constraint by putting coffeescript@2.2.1_1! in the .meteor/packages file. Dependency upgrades Upgraded to Babel 7 You can get the benefits of non-beta Babel 7 by updating to Meteor 1.8. Install the latest version of @babel/runtime by running the following command: meteor npm install @babel/runtime@latest Upgraded to Mongo 4 Meteor 1.8 comes with MongoDB 4.0.2, a major upgrade from version 3.6.4 in Meteor 1.7. Your local development database will now use version 4.0, though the mongodb@3.1.6 driver will connect to production databases going all the way back to Mongo 2.6. The major advantage of MongoDB 4.0 is its support for multi-document transactions, which are now supported by Meteor’s oplog tailing system. Node.js 8.11.4 for now Although Node 8.12.0 has been released, Meteor 1.8 still supports Node 8.11.4, due to concerns about excessive garbage collection and CPU usage in production. If you want to start using Node.js 8.12.0, you can contribute to the Meteor 1.8.1 pre-release process. In order to update to Meteor 1.8.1, run the following command: meteor update --release 1.8.1-beta.n Read the full change list on Meteor’s GitHub repository and also read the release announcement on Medium. Meteor 1.7 released with modern and legacy browser support Building a real-time dashboard with Meteor and Vue.js The Ember project announces version 3.4 of Ember.js, Ember Data, and Ember CLI

The BlazingDB team announced a new and free version of BlazingDB’s query execution engine for RAPIDS open-source software by NVIDIA, called BlazingSQL, yesterday. BlazingSQL provides query datasets from enterprise Data Lakes directly into GPU memory as a GPU DataFrame (GDF). GPU DataFrame (GDF) is a project that offers support for interoperability between GPU applications. It also defines a common GPU in-memory data layer. To provide this data lake integration, and to enable SQL queries on the software, critical open-source libraries were built inside the RAPIDS open-source software. These libraries were then layered on a series of modules from BlazingDB. GDF provides users with PyGDF or Dask_GDF that offers a simple interface similar to the Pandas DataFrame.               BlazingSQL BlazingSQL also allows Python developers to execute SQL queries directly on the flat files that exist inside the distributed file systems. Moreover, it comes with cuML and cuDNN that comprises GPU-accelerated machine learning and deep learning libraries using GDFs. The GPU DataFrame offers developers the ability to run complete machine learning workloads inside the GPU memory. This reduces the cost of data exchange between different tools, as well as the transfer overhead over the PCIe bus. The BlazingDB team has given a demo and binary roadmap for the upcoming BlazingSQL releases. BlazingSQL 0.1 uses PyBlazing connection to execute SQL queries on GDFs loaded by the PyGDF API. It will be releasing in the next couple of weeks before 25th October. BlazingSQL 0.2 involves the integration of BlazingDB’s FileSystem API. This adds the ability to directly query flat files inside the existing distributed file systems. This will be releasing sometime between 25th October to 8th November. BlazingSQL 0.3 comprises the integration of the distributed scheduler so SQL queries are fanned out across multiple GPUs and servers. This will be releasing between 8th November and 30th November.  Finally, the BlazingSQL 0.4 will have Integration of the distributed, multi-layered cache. The release date for BlazingSQL 0.4 hasn’t been assigned but it is expected to release in 2018. For more information, check out the official BlazingDB blog post. Introducing Watermelon DB: A new relational database to make your React and React Native apps highly scalable MariaDB acquires Clustrix to give database customers ‘freedom from Oracle lock-in’ RxDB 8.0.0, a reactive, offline-first, multiplatform database for JavaScript released!

On Tuesday, Netlify, a San Francisco based company announced that it has raised $30 million in a series B round of funding for a new platform named as ‘Application Delivery Network’ designed specifically to assist web developers in building newer applications. The funding was led by Kleiner Perkins’ Mamoon Hamid with Andreessen Horowitz and the founders of Slack, Yelp, GitHub and Figma participating. Founded in 2015, Netlify provides all-in-one workflow to build, deploy, and manage modern web projects. This new platform for the web, will enable all content and applications to be created directly on a global network, thus, bypassing the need to ever setup or manage servers. Vision behind the global ‘Application Delivery Network’ Netlify has assisted a lot of organizations to dump web servers with no requirement of infrastructure. It also replaced a need for CDN and thus a lot of servers. In order to implement the new architecture, Netlify provides developers with a git-centric workflow that supports APIs and microservices. Netlify’s Application Delivery Network removes the last dependency on origin infrastructure, allowing companies to host the entire application globally using APIs and microservices. Mathias Biilmann, Netlify Founder and CEO, said that more amount of devices brings additional complications. He further adds, “Customers have come to us with AWS environments that have dozens or even hundreds of them for a single application. Our goal is to remove the requirement for those servers completely. We’re not trying to make managing infrastructure easy. We want to make it totally unnecessary.” Investor’s take Talking about the investment in Netlify, Mamoon Hamid, Managing Member and General Partner at the venture capital firm Kleiner Perkins, said, “In a sense, they are completely rethinking how the modern web works. But the response to what they are doing has been overwhelming. Most of the top projects in this developer space have already migrated their sites: React, Vue, Gatsby, Docker, and Kubernetes are all Netlify powered. The early traction really shows they hit a nerve with the developer community.” To top it up as an icing on the cake, Chris Coyier, CSS expert and co-founder of Codepen says, “This is where the web is going. Netlify is just bringing it to us all a lot faster. With all the innovation in the space, this is an exciting time to be a developer.” What users say about Netlify In a discussion thread on Hacker News, users absolutely love how Netlify provides a helping hand to all the web developers in their day-to-day web application based tasks. Some of the features mentioned by users include: Netlify provides users with forms, lambdas and very easy testing by just pushing to another git branch It provides the ability to publish using a simple `git push` and does all the rest of the work including assets minification and bundling. Netlify connects to GitHub and rebuilds your site automatically when a change is made in the master branch. Users just have to connect their GitHub account with their UI. To know more about this news in detail, read Netlify’s official announcement. How to build a real-time data pipeline for web developers – Part 1 [Tutorial] How to build a real-time data pipeline for web developers – Part 2 [Tutorial] Google wants web developers to embrace AMP. Great news for users, more work for developers

Node.js v10.12.0 was released, yesterday, with notable changes to assert, cli, crypto, fs, and more. However, the Node.js API is still somewhat changing, and as it matures, certain parts are more reliable than others. Hence throughout the v10.12.0 documentation are indications of a section's stability. Let’s look at the notable changes which are stable. Assert module Changes have been made to assert. The assert module provides a simple set of assertion tests that can be used to test invariants. It comprises of a strict mode and a legacy mode, although it is recommended to only use strict mode. In Node.js v10.12.0, the diff output is now improved by sorting object properties when inspecting the values that are compared with each other. Changes to cli The command line interface in Node.js v10.12.0 has two improvements: The options parser now normalizes _ to - in all multi-word command-line flags, e.g. --no_warnings has the same effect as --no-warnings. It also includes bash completion for the node binary. Users can generate a bash completion script with run node --completion-bash. The output can be saved to a file which can be sourced to enable completion. Crypto Module The crypto module provides cryptographic functionality that includes a set of wrappers for OpenSSL's hash, HMAC, cipher, decipher, sign, and verify functions. In Node.js v10.12.0, crypto adds support for PEM-level encryption. It also supports API asymmetric key pair generation. The new methods crypto.generateKeyPair and crypto.generateKeyPairSync can be used to generate public and private key pairs. The API supports RSA, DSA and EC and a variety of key encodings (both PEM and DER). Improvements to file system The fs module provides an API for interacting with the file system in a manner closely modeled around standard POSIX functions. Node.js v10.12.0 adds a recursive option to fs.mkdir and fs.mkdirSync. On setting this option to true, non-existing parent folders will be automatically created. Updates to Http/2 The http2 module provides an implementation of the HTTP/2 protocol. The new node.js version adds support for a 'ping' event to Http2Session that is emitted whenever a non-ack PING is received. Support is also added for the ORIGIN frame.  Also, nghttp2 is updated to v1.34.0. This adds RFC 8441 extended connect protocol support to allow the use of WebSockets over HTTP/2. Changes in module In the Node.js module system, each file is treated as a separate module. Module has also been updated in v10.12.0. It adds module.createRequireFromPath(filename). This new method can be used to create a custom require function that will resolve modules relative to the filename path. Improvements to process The process object is a global that provides information about, and control over, the current Node.js process. Process adds a 'multipleResolves' process event that is emitted whenever a Promise is attempted to be resolved multiple times. Updates to url Node.js v10.12.0 adds url.fileURLToPath(url) and url.pathToFileURL(path). These methods can be used to correctly convert between file: URLs and absolute paths. Changes in Utilities The util module is primarily designed to support the needs of Node.js' own internal APIs. The changes in Node.js v10.12.0 include: A new sorted option is added to util.inspect(). If set to true, all properties of an object and Set and Map entries will be sorted in the returned string. If set to a function, it is used as a compare function. The util.instpect.custom symbol is now defined in the global symbol registry as Symbol.for('nodejs.util.inspect.custom'). Support for BigInt numbers in util.format() are also added. Improvements in V8 API The V8 module exposes APIs that are specific to the version of V8 built into the Node.js binary. A number of V8 C++ APIs in v10.12.0 have been marked as deprecated since they have been removed in the upstream repository. Replacement APIs are added where necessary. Changes in Windows The Windows msi installer now provides an option to automatically install the tools required to build native modules. You can find the list of full changes on the Node.js Blog. Node.js and JS Foundation announce intent to merge; developers have mixed feelings. Node.js announces security updates for all their active release lines for August 2018. Deploying Node.js apps on Google App Engine is now easy.

A decade ago, Microsoft typified the closed and aggressively protective technology company. Just a few years ago, the company was profiting heavily from the success of Android, so extensive was its patents. In 2013, for example, it's thought that Microsoft received a royalty payment from Samsung exceeding $1 billion. However, things are different now - by joining the Open Invention Network, as was revealed today, Microsoft is taking another big step towards embracing open source software and open source culture. With more than 2,000 OIN members, including Google, IBM, Sony, and Red Hat, Microsoft certainly isn't blazing a new trail. It's more a case of the company finally joining the club. What is the Open Invention Network? The Open Invention Network describes itself as "a shared defensive patent pool with the mission to protect Linux." In essence, it's an organization that was set up in 2005 to protect the open source world from increasing patents - a culture that, at the time, Microsoft would have been guilty of driving. Members of OIN have access to the patents of other members, royalty-free. This is what a 'patent non-aggression community' (a phrase the OIN likes to use) looks like in practice. Prior to Microsoft joining, the OIN owned more than 1,300 patents and licenses. Remarkably, Microsoft will add another 60,000 to that number. That should give you an indication of how important patents were to Microsoft over the last decade or so. Why has Microsoft joined the Open Invention Network? The news the Microsoft is joining the OIN is really just another step in a transformation of the company's culture and mission. From Steve Ballmer calling open source a 'cancer' back in 2001, to the acquisition of GitHub this year, the company seems to have done a complete u-turn when it comes to open source software. To further emphasize this trend you only have to look back  a couple of days, when Microsoft open sourced its machine learning framework Infer.NET. “Microsoft sees open source as a key innovation engine, and for the past several years we have increased our involvement in, and contributions to, the open source community,” said Microsoft's Corporate VP Erich Andersen in the OIN's press release. "The protection OIN offers the open source community helps increase global contributions to and adoption of open source technologies. We are honored to stand with OIN as an active participant in its program to protect against patent aggression in core Linux and other important OSS technologies."

The Ethereum team is working on Ethereum 2.0 whose development has reached the “software development slog” stage, said Vitalik Buterin, CEO, Ethereum, last week, at the ETHSanFrancisco, part of the ETHGlobal events.  ETHSanFrancisco Ethereum is an open source and public blockchain-based decentralized computing platform. It enables applications to run without any fraud, censorship or third-party interference. Ethereum 2.0 will be including features such as transferring to the Proof of Stake algorithm from the current Proof of work model, implementation of sharding, and a switch from EVM Ethereum Virtual Machine to eWASM (a restricted subset of WASM used for contracts in Ethereum). These features will also be accompanied by a variety of smaller changes and improvements for a revamped Ethereum blockchain design. Apart from that, Buterin said he’s optimistic about the research side of Ethereum as it has largely stabilized. It doesn’t have any theoretical problems left to be solved. There’s only checking and verification of certain details left. There are a variety of research topics on Ethereum that cover P2P communication, signature aggregation, light client support, etc. Researchers then streamline these topics to make Ethereum 2.0 work. Further, Buterin mentioned that Ethereum 2.0 development and protocol is progressing way faster than Ethereum 1.0. Buterin added that it is in the stage that Ethereum 1.0 was during the fall of 2014. Given that Ethereum 1.0 launched in July 2015, Ethereum 2.0 launch can be expected sometime around the mid of the next year. TestNets (prototypes to demo the capabilities of a project) are expected to be coming soon. Once the auditing and testing are done, it will lead to the mainnet (the actual “end product”) release. However, a timeframe for these releases hasn’t been announced yet. Ethereum Blockchain dataset now available in BigQuery for smart contract analytics Vitalik Buterin’s new consensus algorithm to make Ethereum 99% fault tolerant Will Ethereum eclipse Bitcoin?

“While we are saying it’s going to be six and nine months [to launch], the world is a very dynamic place” - Ben Gomes, Google’s search engine chief The past two months have been filled with controversies for Google after The Intercept revealed details about a censored search engine for China, code-named Dragonfly. The project was severely criticized by human rights groups, U.S. senators and Google employees- some of whom have resigned. Even Vice President Mike Pence last week, called on Google to "immediately end development of the Dragonfly app"  while accusing China to be "applying its power in more proactive ways than ever before, to exert influence and interfere in the domestic policy and politics of our country." Now, fresh reposts have emerged that according to a leaked transcript to The Intercept, Google is all set to launch the search engine in the coming months. This came as a stark contrast to the public comments released by many of its senior executives. On September 23, at an event celebrating Google’s 20th anniversary, Ben Gomes, Google’s search engine chief, was confronted by a BBC reporter on the controversial search engine. Gomes told the reporter that all the work done so far is "some exploration," "but since we don’t have any plans to launch something, there’s nothing much I can say about it." Following this incident, on Sept. 26, Keith Enright, Google’s chief privacy officer faced public questions on the censorship plan. He confirmed that Project Dragonfly did exist, but affirmed: "we are not close to launching a product in China." Looks like the plan was way over an "exploration," as highlighted by Google’s own employees in a memo posted on an internal messaging list set up for Google employees to raise ethical concerns. Google had desperately tried to suppress this information by scrubbing the memo from the list. Individuals who had opened or saved the document were contacted by Google’s human resources department to discuss the matter. The employees were also instructed against sharing the memo. The leaked transcript of Ben Gomes private meeting with employees working on Dragonfly (dated July 18, 2018) is not in sync with these publicly released comments. The transcript records Gomes saying that the project was "the biggest opportunity to serve more people that we have. And if you take our mission seriously, that’s where our key focus should be". He goes on to add that China is one of the "most interesting markets". He prepares them to look for the window of opportunity where the search engine could be launched given the uncertain political climate in the US, supposedly six-nine months down the line. It wouldn’t come as a surprise if the engine launches earlier than the said deadline, as Gomes himself states that "This is a world none of us have ever lived in before, so I feel like we shouldn’t put too much definite into the timeline." This search engine was specifically designed to block terms considered to be sensitive by the Chinese communist party regimen such as 'peaceful protest'. With citizens phone numbers, IP address and location tracking attached to their search queries, it would be very easy for the government to track their internet footprint. The fear is that Google could be directly contributing to, or becoming complicit in, human rights violations. You can head over to The Intercept for the complete transcript of this private meeting. Skepticism welcomes Germany’s DARPA-like cybersecurity agency – The federal agency tasked with creating cutting-edge defense technology Google’s ‘mistakenly deployed experiment’ covertly activated battery saving mode on multiple phones today Ex-googler who quit Google on moral grounds writes to Senate about company’s “Unethical” China censorship plan  

Ahead of a consumer data privacy hearing, scheduled for today, Epic and eleven other consumer and privacy organizations submitted a data protection framework to the Senate Commerce Committee, yesterday. The Framework outlines issues that should be addressed to implement effective baseline privacy protections in the United States. “Core principles include: user control, transparency about business practices, collection and use limitations, data minimization and deletion, and security.“Personal data” should be broadly defined to include information that identifies, or could identify, a particular person” This hearing titled “Consumer Data Privacy: Examining Lessons From the European Union’s General Data Protection Regulation and the California Consumer Privacy Act,” will take place on Wednesday, October 10, 2018. It will be presided by U.S. Sen. John Thune, chairman of the Committee on Commerce, Science, and Transportation. This hearing will discuss the new privacy laws in Europe and California and ponder on the types of consumer protections to consider in future legislation. The Data protection framework proposed by the consumer protection organizations lays basic rules for the Congress to act on in the U.S. This includes: Enact baseline federal data protection legislation: “Baseline federal legislation should be based on familiar Fair Information Practices, such as the widely followed OECD Privacy Guidelines. This framework creates obligations for companies that collect personal data and rights for individuals whose personal data is collected.” Limit government access to personal data: “US companies should not disclose user data in bulk to the government agencies, particularly after the recent Carpenter ruling that established that individuals have a constitutional privacy interest in the personal data held by third parties.” Establish algorithmic transparency and end discriminatory profiling: “Algorithmic transparency, to promote fairness and to remove bias, is now a core element of modern privacy law and should be included in US privacy law.” Prohibit “take it or leave it” and other unfair terms: “Requiring individuals to pay more or providing them with lower quality goods or services if they do not agree to waive their privacy rights is unfair and discriminates against those with less means.” Ensure robust enforcement: “Companies should be required by law to implement and maintain robust security measures. Furthermore, consumers should be able to pursue a private right of action that produces meaningful penalties.” Promote privacy innovation: “Federal privacy law should make privacy innovation an affirmative obligation for all companies that collect and use personal data.” Establish a data protection: “The US needs a federal agency focused primarily on identifying emerging privacy challenges, ensuring compliance with data protection obligation and identifying emerging privacy challenges” Epic.org has also submitted a statement to the Committee regarding the recent security and data breaches at Google and Facebook. Their statement also highlights the Federal Trade Commission's failure to take necessary action on these incidents. Per their statement, “The FTC’s failure to enforce consumer privacy safeguards has led not only to diminished data protection in the United States but also to less innovation and less competition among Internet services. The FTC’s failure to enforce the original privacy rights of WhatsApp allowed Facebook to acquire user data and undermine one of the best messaging services. Even the founders of WhatsApp know this. But the FTC has said nothing.” Read the full proposed data protection framework, to know more. Google, Amazon, AT&T met the U.S Senate Committee to discuss consumer data privacy. Facebook, Twitter open up at Senate Intelligence hearing, the committee does ‘homework’ this time. Jack Dorsey to testify explaining Twitter algorithms before the House Energy and Commerce Committee.

With Google+ shutting down because of a data vulnerability, Google has been working towards providing users better security for their data. On Monday, it introduced new policies that aim to provide users a better security for their data. These new policies are focused on Gmail APIs and will go into effect on January 9, 2019. Furthermore, yesterday in its hardware event Google announced that they have integrated the Titan security chip to the newly launched Pixel 3, Pixel 3 XL, and Pixel Slate. What are the newly introduced security policies? The following policies will be applied to the apps accessing user data from consumer Google accounts: Application types allowed to access the covered APIs Only the following application types will be permitted to access these APIs: Source: Google Now users will get additional warnings if they are allowing applications to access their email without regular direct interaction. The applications will also need to re-consent to access user emails at regular intervals. The right use of user data According to this policy, third-party apps must access these APIs only to use the data in order to provide user-facing features. They should not transfer or sell the data for other purposes such as ads, market research, email campaign tracking, and other unrelated purposes. Applications are permitted to use data from a user’s email if they are using it for the direct benefit of a user and not for market research. Also, human review of email data must be strictly limited. Apps will have to pass assessments to ensure data security To reduce the risk of data breach, third-party apps handling Gmail data will have to meet minimum security standards. Apps will need to demonstrate secure data handling with a series of assessments. These assessments include: Application penetration testing External network penetration testing Account deletion verification Reviews of incident response plans Vulnerability disclosure programs Information security policies Accessing only the information you need Applications will be given limited API access to only the information necessary to implement the application. For instance, if an app does not need full or read access and only requires send capability, they will be allowed to only request narrower scopes so that the app only accesses data needed for its features. Applications that are accessing the covered Gmail APIs can submit an application beginning from January 9, 2019, and must submit a review by February 15, 2019. These applications will be reviewed for compliance with the policies described above. After that, developers need to complete a security assessment by a third party assessor for which they will be charged a fee ranging between $15,000 to $75,000. This fee is due whether or not the app passes the assessment. Titan Security chip comes to Pixel 3, Pixel 3 XL, and Pixel Slate Google announced in yesterday’s hardware event that they have integrated their in-house Titan Security chip into the newly launched Pixel 3, Pixel 3 XL, and Pixel Slate, making for a more secure experience for users. Google in a blog post said: “We’re committed to the security of our users. We need to offer simple, powerful ways to safeguard your devices. We’ve integrated Titan Security, the system we built for Google, into our new mobile devices. Titan Security protects your most sensitive on-device data by securing your lock screen and strengthening disk encryption.” The Titan Security system was first introduced last year for Google Cloud Platform. It is a low-power, phishing-resistant two-factor authentication (2FA) microchip. This chip is used to secure the lockscreen, strengthen disk encryption, and protect the integrity of the operating system. Rick Osterloh, senior vice president of hardware, said during the event: "By combining Titan Security both in the data center and on device, we've created a closed loop for your data across the Google ecosystem." To read the full list of policies, check out Google’s official announcement. Also read the announcement about their newly launched mobile devices: Pixel 3, Pixel 3 XL, and Pixel Slate. Google opts out of Pentagon’s $10 billion JEDI cloud computing contract, as it doesn’t align with its ethical use of AI principles Google reveals an undisclosed bug that left 500K Google+ accounts vulnerable in early 2018; plans to sunset Google+ consumer version Ex-googler who quit Google on moral grounds writes to Senate about company’s “Unethical” China censorship plan

The U.S Government Accountability Office (GAO) published a report on Tuesday, which highlights that the U.S. Department of Defense (DOD) can be easily hacked by adversaries. The report states that military weapon systems developed from 2012 to 2017 are vulnerable to cyber attacks. The GAO also said that the Pentagon was unaware of how easy it could be for an adversary to gain access to the computer brains and software of the weapons systems and operate inside them undetected. What were GAO’s findings? The GAO investigators assessed the Pentagon’s cybersecurity findings over a five-year period. The testers were asked to find vulnerabilities by hacking into the military weapon systems. To this, GAO reported, “testers were able to take control of systems and largely operate undetected, due in part, to basic issues such as poor password management and unencrypted communications.” The testers could shut down a system simply by scanning it. This is a typical first step in trying to carry out a digital attack. The testers could also manipulate what the soldiers operating the weapon were seeing on their computer screens. As described in the report, “weapons testers caused a pop-up message to appear on users’ terminals instructing them to insert two quarters to continue operating.” One of the reasons DOD systems are susceptible to the cyber attack could be their connectivity to various other systems, which can introduce vulnerabilities and make systems more difficult to defend. DOD systems are also more connected than ever before, which can introduce vulnerabilities and make systems more difficult to defend. The report further mentions, "These connections help facilitate information exchanges that benefit weapon systems and their operators in many ways—such as command and control of the weapons, communications, and battlespace awareness. If attackers can access one of those systems, they may be able to reach any of the others through the connecting networks." Pentagon spokesperson Maj. Audricia Harris told CNN, “We are continuously strengthening our defensive posture through network hardening, improved cybersecurity, and working with our international allies and partners and our defense Industrial Base and defense Critical Infrastructure partners to secure critical information." The fact that Pentagon weapon systems are vulnerable to cyber-attack raises brings in a lot of questions about the huge chunk of investments the US has done in its programs. Following the revelation of this vulnerability, the Department of Defense recently released its cyber strategy stating that the Pentagon is seeking to incorporate cyber-security awareness throughout the institutional culture of the department. The report claims that the DOD documented many of these "mission-critical cyber vulnerabilities," but Pentagon officials who met with GAO testers claimed their systems were secure, and "discounted some test results as unrealistic." GAO said, “all tests were performed on computerized weapons systems that are still under development. GAO officials also highlighted that hackers can't yet take control over current weapons systems and turn them against the U.S. But if these new weapons systems go live, the threat is more than real.” To know more about this in detail, head over to GAO’s report. Upgrade to Git 2.19.1 to avoid a Git submodule vulnerability that causes arbitrary code execution Implementing Web application vulnerability scanners with Kali Linux [Tutorial] Bitcoin Core escapes a collapse from a Denial-of-Service vulnerability  

MongoDB, Inc, a leading free, and open source general purpose database platform, announced, yesterday, that it is acquiring mLab, a San Francisco-based cloud database service. With this acquisition, MongoDB aims to deepen its relationships with other developer-centric startup communities. The mLab team has been very successful in maintaining these relationships with the startup communities in the past. “Over the years, mLab and MongoDB have explored ways to work more closely together. As we have gotten to know each other, we have found we share a similar vision and both believe in an engineering culture based on intellectual honesty, hard work, and respect. We were excited by the idea of working together, as part of one team”, said Will Shulman, CEO, mLab. The acquisition will be closing in the fourth quarter of MongoDB’s fiscal year which ends on January 31, 2019. This is subject to the satisfaction of customary closing conditions. Currently, mLab has one million databases hosted on its platform across both free and paid tiers. Shulman hopes that given the growing trend towards building software systems and deploying those systems in the cloud, there will be enormous market opportunities for global cloud databases. These opportunities will then be well powered by MongoDB in ways that other database technologies cannot. Another goal that MongoDB plans to achieve with this acquisition is the ability to scale MongoDB Atlas at an even faster pace. “mLab has been providing a compelling service to their customers for seven years and we are delighted to bring this talented team into the MongoDB family”, stated Dev Ittycheria, President & CEO, MongoDB. MongoDB Atlas is a leading general-purpose database that operates as an independent, global cloud service. Atlas is great handling all the complexities involved with deploying, managing, and scaling MongoDB on your preferred cloud provider such as Amazon Web Services, Microsoft Azure, etc. It also comes with built-in security practices and automation of the time-consuming administration tasks. “We are very excited to come together with MongoDB to modernize the way companies store and manage their most valuable asset -- their data”, said Shulman. For more information, check out the official MongoDB blog. MongoDB Sharding: Sharding clusters and choosing the right shard key [Tutorial] MongoDB 4.0 now generally available with support for multi-platform, mobile, ACID transactions and more MongoDB going relational with 4.0 release

Last week, the Fedora team announced that Swift will be available in Fedora 28.  Swift, Apple’s programming language, is built with a modern approach to safety and its addition to Fedora will facilitate Linux’s focus on the security aspect of its kernel. Why did the team opt for Swift? Swift’s applications are endless- right from systems programming to desktop applications leading right upto cloud services. This language was always focussed on being fast and safe. There is automatic memory management where arrays and integers are checked for overflow. Swift also supports a built-in mechanism for error handling. It is an efficient server-side programming language which performs fast iterations over collections of code. Additional features include: Closures with function pointers Tuples and multiple return values Generics Structs supporting methods, extensions, and protocols Functional programming patterns, like map and filter do, guard, defer, and repeat keywords provide an advanced control flow Swift is available in Fedora under the package name swift-lang. The flexible capabilities of Fedora coupled with the advantages offered by Swift make it an excellent choice for developers to work on. To know more about this news, head over to Fedora’s magazine. ABI stability may finally come in Swift 5.0 Swift 4.2 releases with language, library and package manager updates! Fedora 29 beta brings Modularity, GNOME 3.30 support and other changes

Yesterday, Google announced a series of consumer hardware products. This included two new variants of their flagship Pixel smartphones—Pixel 3 and Pixel 3 XL. Also launched was a high-performance tablet, the Pixel Slate and the Google Home Hub. Pixel 3 and Pixel 3 XL The new smartphones from Google, Pixel 3 and Pixel 3 XL come with artificial intelligence features. They can automatically answer calls, click powerful photos,  and provide an enhanced visual and audio experience while charging, powered by the Google Assistant. Source: Google Blog With an integration of Google Lens, Pixel 3, can scan and translate text, find similar styles of clothing, or identify popular plants and animals. It also supports Google’s Smart Compose which suggests phrases in emails to help them draft faster. Pixel 3’s on-device AI can also screen phone calls and avoid spam calls. This feature is first, starting out in English in the U.S. Pixel users in the U.S. will also get a taste of an experimental new Google Assistant feature, powered by Duplex technology. This feature will initially be available later this year in New York, Atlanta, Phoenix, and the San Francisco Bay Area and will roll out to other U.S. cities in the future. Pixel 3 also supports Digital Wellbeing, which is a suite of tools to help users limit the time they spent on their phones. Users can monitor the time spend time on phones and set time limits on specific apps. Digital Wellbeing also comes with a new Wind Down mode to transition display to a grayscale screen in the night. Google Pixel Slate The Google Pixel Slate is a new high-performance tablet in the likes of Google’s popular Pixelbook. Source: Google Blog This tablet is 7mm thin and weighs 1.6 lbs with rounded edges and curved 2.5D glass. It’s Molecular Display packs 293 pixels per inch for the sharpest picture. Pixel Slate includes 8MP cameras on both the rear and front and dual front-firing speakers. It comes with three months of YouTube TV subscription and up to 12 hours of battery life. It’s Pixel Imprint power button doubles as a fingerprint sensor. Pixel Slate is compatible with the Pixel Slate Keyboard, and the Pixelbook Pen. Pixel Slate starts at $599 with several configurations available. Pixel Slate Keyboard is $199, and Pixelbook Pen is $99. Google Home Hub Another addition to their Home series is the Google Home Hub. This home automation device has built-in Google Assistant to traverse Google’s products —Search, YouTube, Google Photos, Calendar, Maps and more. It’s 7” screen features a floating display to naturally fit on any surface. Purposely, Google didn’t put a camera for privacy. Other features include: An Ambient EQ light sensor which allows the screen to automatically adjust to match the lighting in the room. Connection with 10,000+ types of smart home devices from 1,000+ popular brands. With live albums, a new feature from Google Photos, users can view their recent photos even while Google Home Hub is not in use. Google Hub is available for $149 for pre-order from the Google Store. Google Home Hub will also be available by October 22 at Best Buy, Target, Walmart, and other retailers. In the light of their recent Google+ data breach, Google has also mentioned their guiding principle. Per their website, “We respect our users and put them first. We feel a deep responsibility to provide you with a helpful, personal Google experience, and that guides the work we do in three very specific ways: First, we want to provide you with an experience that is unique to you. Just like Google is organizing the world’s information, the combination of AI, software, and hardware can organize your information—and help out with the things you want to get done. The Google Assistant is the best expression of this, and it’s always available when, where, and however you need it. Second, we’re committed to the security of our users. We need to offer simple, powerful ways to safeguard your devices. We’ve integrated Titan™ Security, the system we built for Google, into our new mobile devices. Titan™ Security protects your most sensitive on-device data by securing your lock screen and strengthening disk encryption. Third, we want to make sure you’re in control of your digital wellbeing. From our research, 72 percent of our users are concerned about the amount of time people spend using tech. We take this very seriously and have developed new tools that make people’s lives easier and cut back on distractions.” Read more about the new products on Google Blog. Google announces new Artificial Intelligence features for Google Search on its 20th birthday. Google’s Stories to use artificial intelligence to create stories like Snapchat and Instagram. Google enhances Wear OS design, adds a Google Assistant feed and much more

Kubernetes v1.12 now offers alpha support for volume snapshotting. This will allow users to create or delete volume snapshots, and natively create new volumes from a snapshot using the Kubernetes API. A snapshot represents a copy of a volume at that particular instant of time. This snapshot can be used to provision a new volume that can be pre-populated with the snapshot data or to restore the existing volume to a previous state. Importance of adding Snapshots to Kubernetes The main goal of the Kubernetes team is to create an abstraction layer between distributed systems applications and underlying clusters. The layer will ensure that application deployment requires no "cluster specific" knowledge. Snapshot operations are a critical functionality for many stateful workloads. For instance, a database administrator may want to snapshot a database volume before starting a database operation. By providing a standard way to trigger snapshot operations in the Kubernetes API, users don’t have to manually execute storage system specific operations around the Kubernetes API. They can instead incorporate snapshot operations in a cluster agnostic way into their tooling and policy assured that it will work against arbitrary Kubernetes clusters regardless of the underlying storage. These snapshot primitives help to develop advanced, enterprise-grade, storage administration features for Kubernetes which includes data protection, data replication, and data migration. 3 new API objects introduced by Kubernetes Volume Snapshots: #1 VolumeSnapshot The creation and deletion of this object depicts if a user wants to create or delete a cluster resource (a snapshot). It is used to request the creation of a snapshot for a specified volume. It gives the user information about snapshot operations like the timestamp at which the snapshot was taken and whether the snapshot is ready to use. #2 VolumeSnapshotContent This object is created by the CSI volume driver once a snapshot has been successfully created. It contains information about the snapshot including its ID. This object represents a provisioned resource on the cluster (a snapshot). Once a snapshot is created, the VolumeSnapshotContent object binds to the VolumeSnapshot- with a one to one mapping- for which it was created. #3 VolumeSnapshotClass This object created by cluster administrators describes how snapshots should be created. It includes the driver information, how to access the snapshot, etc. These Snapshot objects are defined as CustomResourceDefinitions (CRDs).  End users need to verify if a CSI driver that supports snapshots is deployed on their Kubernetes cluster. CSI Drivers that support snapshots will automatically install the required CRDs. Limitations of the alpha implementation of snapshots The alpha implementation does not support reverting an existing volume to an earlier state represented by a snapshot It does not support "in-place restore" of an existing PersistentVolumeClaim from a snapshot. Users can provision a new volume from a snapshot. However, updating an existing PVC to a new volume and reverting it back to an earlier state is not allowed. No snapshot consistency guarantees given beyond any of those provided by storage system An example of creating new snapshots and importing existing snapshots is explained well on the Kubernetes Blog. Head over to  the team's Concepts page or Github to find more official documentation of the snapshot feature. ‘AWS Service Operator’ for Kubernetes now available allowing the creation of AWS resources using kubectl Limited Availability of DigitalOcean Kubernetes announced! Google Cloud hands over Kubernetes project operations to CNCF, grants $9M in GCP credits

Project Valhalla is an OpenJDK project started in 2014 in an experimental stage. It is headed by Oracle Java language architect Brian Goetz and supported by the HotSpot group. The project was created for introducing value-based optimizations to JDK 10 and above. The goal of Project Valhalla is explore and support development of advanced Java VM and language features like, value types, generic specialization, and variable handles. The Project Valhalla members met last week at Burlington MA to discuss in detail about the current project status and future plans. Goetz notes that it was a very productive meeting with members either attending the venue in person or connecting via calls. After over four years of the project, the members decided to meet as it seemed like a good time to assess the project. Goetz states: “And, like all worthwhile projects, we hadn't realized quite how much we had bitten off.  (This is good, because if we had, we'd probably have given up.)” This meeting indicates the initiation of Phase III project Valhalla. Phase I focused on language and libraries. Trying to figure out what exactly a clean migration to value types and specialized generics would look like. This included steps to migrate core APIs like Collections and Streams, and understanding the limitations of the current VM. This enabled a vision for the VM that was needed. Phase I produced three prototypes, Models 1-3. The exploration areas of these models included specialization mechanics (M1), handling of wildcards (M2) and classfile representations for specialization and erasure (M3). At this point, the list of VM requirements became too long and they had to take a different approach. Phase II took on the problem from the VM up, with two additional rounds of prototypes namely MVT and LW1. LW1 was a risky experiment; sharing the L-carrier and a* bytecodes between references and values while not losing performance. If this could be achieved, many of the problems from Phase I could go away.  This was successful and now they have a richer base for further work. The next target is L2, which will capture the choices made so far, provide a useful testbed for doing library experiments, and set the stage for tackle remaining open questions between now and L10.  L10 is the target for a first preview, which eventually should support value types and erased generics over values. For more information, you can read the mail on Project Valhalla mailing list. JDK 12 is all set for public release in March 2019 State of OpenJDK: Past, Present and Future with Oracle No more free Java SE 8 updates for commercial use after January 2019