Tech News

The US Justice Department has charged a North Korean hacker, Park Jin Hyok for the devastating cyberattacks that hacked Sony Pictures Entertainment and unleashed the WannaCry ransomware virus in 2017. The US alleges that Mr. Park worked as a computer programmer for Chosun Expo Joint Venture,a wing of the North Korean military. Hyok is charged with extortion, wire fraud, and various hacking crimes that could potentially carry a prison term up to 25 years. The criminal complaint against Hyok was filed in Los Angeles federal court in June, and unsealed this Thursday. It alleges that Mr. Park and the Joint Venture sought to “conduct multiple destructive cyber attacks around the world” in support of the North Korean government. Timeline of Cybercrimes committed by Hyok In 2017, the Wannacry ransomware attack affected more than 230,000 computers and caused hundreds of millions of dollars in damages around the world. One of the main targets affected was the UK’s National Health System, which was forced to cancel thousands of appointments after its systems were infected. The Justice Department asserts that the North Korean hacking team both developed the ransomware and propagated the attacks. Mr. Park is also charged in connection with an $81 million (£62 million) theft from a bank in Bangladesh in 2016. He is further accused of aiding the 2014 hack into Sony Pictures Entertainment, in which data was destroyed and internal documents were made publicly available online for anyone to download. The attack came shortly after Sony produced a comedy film ‘The Interview’, about an attempted assassination on a man who, was made to look like North Korean leader Kim Jong-un indirectly mocking him. According to the Justice Department, Mr. Park is also charged for “numerous other attacks or intrusions on the entertainment, financial services, defence, technology, and virtual currency industries, academia, and electric utilities”. The charges were filed four days before President Donald Trump’s meeting with North Korea’s leader, Kim Jong-n, to discuss ending hostility between the two countries. Prosecutors confirm that said the complaint wasn’t sealed to prevent derailing their meet in Singapore. Head over to cnet for more insights to this news. Microsoft claims it halted Russian spearphishing cyberattacks Bloomberg says Google, Mastercard covertly track customers’ offline retail habits via a secret million dollar ad deal New cybersecurity threats posed by artificial intelligence

A research done by China's Netlab 360 revealed thousands of routers manufactured by the Latvian company MikroTik to be compromised by a malware attacking the Winbox, a Windows GUI application. This vulnerability allows gaining access to an unsecured router. The Winbox vulnerability was revealed in April this year and MicroTik had also posted a software update for the same. However, researchers found that more than 370,000 MikroTik devices they identified on the Internet were still vulnerable. According to a report by Netlab 360's Genshen Ye, “More than 7,500 of them are actively being spied on by attackers, who are actively forwarding full captures of their network traffic to a number of remote servers. Additionally, 239,000 of the devices have been turned into SOCKS 4 proxies accessible from a single, small Internet address block.” Prior to the MicroTik attack, WikiLeaks revealed a vulnerability from the CIA's ‘Vault7’ toolkit. According to WikiLeaks, the CIA Vault7 hacking tool Chimay Red involves 2 exploits, including Winbox Any Directory File Read (CVE-2018-14847) and Webfig Remote Code Execution Vulnerability. Attacks discovered on the MicroTik routers Previously, researchers at Trustwave also had discovered two malware campaigns against MikroTik routers based on an exploit reverse-engineered from a tool in the Vault7 leak. #1 Attack targeting routers with CoinHive Malware The first attack targeted routers in Brazil with CoinHive malware. The attack injected the CoinHive JavaScript into an error page presented by the routers' Web proxy server. It further redirected all Web requests from the network to that error page. However, in routers affected by this type of malware found by the Netlab 360 team, all the external web resources, including those from coinhive.com necessary for web mining, are blocked by the proxy ACLs (access control lists) set by attackers themselves. #2 Attack that turns affected routers into a malicious proxy network The other attack, discovered by the Netlab 360 team, has turned affected routers into a malicious proxy network. This was done by using the SOCKS4 protocol over a very non-standard TCP port (4153).  Ye said that “Very interestingly, the Socks4 proxy config only allows access from one single net-block, 95.154.216.128/25.” Most of the traffic is said to be going to 95.154.216.167, an address associated with a hosting service in the United Kingdom. This attack includes the addition of a scheduled task to report the router's IP address back to the attacker to help maintain the persistence of the SOCKS proxy if the router is rebooted. Eavesdropping on routers NetLab 360 researchers also discovered that more than 7,500+ victims are being actively eavesdropped and were largely streaming network traffic. This includes FTP and emails focused traffic, as well as some traffic associated with network management. Majority of the streams, almost 5,164 of them, were being sent to an address associated with an ISP in Belize. Attackers have leveraged MikroTik's built-in packet-sniffing capabilities for eavesdropping over the network. Here, the sniffer, which uses the TZSP protocol, can send a stream of packets to a remote system using Wireshark or other packet capture tools. To know more about this news in detail, visit the Netlab 360 blog. Google’s Protect your Election program: Security policies to defend against state-sponsored phishing attacks, and influence campaigns Homebrew’s Github repo got hacked in 30 mins. How can open source projects fight supply chain attacks? Apache Struts faces code execution flaw risking enterprises to attacks

JetBrains announced on Wednesday that they’re starting an Early Access Program (EAP) for their popular IDE IntelliJ IDEA 2018.3. The IntelliJ IDEA 2018.3 EAP explores features such as better IDE navigation, revamped plugin preferences page, Run Anything, and multiline TODO comments among others. You can download the IntelliJ IDEA 2019.3 EAP with the help of Toolbox App. Let’s discuss the key features in IntelliJ IDEA 2018.3 EAP. Better IDE navigation The IntelliJ IDEA 2018.3 offers better IDE navigation with an all-new Search Everywhere dialog. The new search dialog has an enhanced UI which is resizable and movable. It comprises of Go to class, Go to file, Go to symbol, and Find action. This new feature has made the search process faster. Run Anything dialog There’s a new Run Anything action in IntelliJ IDEA 2018.3. Run Anything lets you run a command in the IDE, launch any run configuration, and run any terminal commands. This dialog allows you to select a recent command, a preconfigured run configuration and reopen recent projects. With the Run Anything dialog, you can hold down the Shift key to switch to the Debug Anything mode, which allows you to run a debug configuration. Multiline TODO comments There’s an added support for multiline TODO comments in IntelliJ IDEA 2018.3 EAP. Earlier, only the first line of a multiline TODO comment was handled as a todo comment. Now, the first line along with all the other todo comment lines can be highlighted in the editor and listed in the TODO Tool Window. Plugins page Now there’s a new Plugins page in Preferences/Settings, making it easier to manage, install, uninstall, and update plugins. You can now search for plugins by name or tags, and sort the results by downloads, name, rating, featured, or updates. Additionally, you can also view the new and updated plugins, top downloaded plugins, as well as top-rated plugins. Installed Tab allows you to check all the downloaded and bundled plugins in different areas.  You can view all the plugins that need to be updated in the Updates tab. Structural Search There’s a new simplified Structural Search & Replace dialogs in IntelliJ IDEA 2018.3. Structural Search comes with a drop-down menu under the search icon to display the search history. There’s also a Scope configuration which is easier and more flexible. Editing variables/filters is possible with the help of Structural Search & Replace dialogs. The Edit Variables dialog is replaced by a Filters panel. JVM Debugger IntelliJ IDEA 2018.3 comes packed with various debugger improvements. You can now see all the available processes for attaching in the “Attach with Java Debugger To” action list. Now, there’s a new Auto restart option for the remote debug configurations so the IDE can automatically restart a configuration while debugging a remote process. Maven You can now delegate all your build and run actions to Maven in IntelliJ IDEA 2018.3. To enable the new option, delegate the IDE build/run actions to maven, by going to Preferences / Settings | Build, Execution, Deployment | Build Tools | Maven | Runner. Editor There’s now a way to configure the default indent in projects on the Tabs and Indents tab in Preferences / Settings | Editor | Code Style | Java. There’s also a newly added status bar indicator which points out if the current file indentation differs from the project’s default. To choose actions that control the current indentation, there’s a status bar popup. Java There are a lot of new Java inspections and quick-fixes in the IntelliJ IDEA 2018.3 EAP. The inspection support for Java Stream API has been improved.  IntelliJ IDEA is now capable of detecting cases where redundant sorted calls are made before the subsequent min call. You can quickly remove the unnecessary sorted call with the new IDE. You can convert streams into loops when the downstream collector is collection-based (toSet/toList/toMap/toCollection/groupingBy) and can be processed by itself. Also, to completely remove static import, use * and add qualifiers to the usages in the code instead. Run Configurations There’s an added support for macros in run configurations. Currently, the IDE supports only the “Application” and “npm” run configurations. You can use text/log file as input by enabling the Redirect input in the Run/Debug Configurations dialog, After this, simply specify the path to the file which has the input data. Version Control Earlier, the IDE only showed file history up to the selected commit. With InteliJ IDEA 2018.3 EAP, it can now display the full history. You simply need to switch “Show All Branches” on the toolbar. This step is particularly useful in case the file gets deleted later. Other than that, you can now ignore the whitespace changes while merging with a new ignore Whitespaces option. It also comes with a new Ignore drop-down menu with options to hide or trim whitespace changes that occur on merge. You can also copy a file easily from one Git branch to another. For more information, check out the official IntelliJ IDEA 2018.3 EAP documentation. Reading Next What’s new in IntelliJ IDEA 2018.2 How to set up the Scala Plugin in IntelliJ IDE [Tutorial] How to work with the Selenium IntelliJ IDEA plugin

Stack Overflow launched an update to the Stack Overflow Salary Calculator. It is a tool that allows both developers and employers to find typical salaries for the software industry. You can input experience level, location, education, and up to five specific technologies to get salaries in three percentile ranges. For 2018 they’ve added support for eight new countries. The salary calculator is based on the comprehensive data from the Stack Overflow Developer Survey and a high number of responses contributed to the accuracy of the calculator. The inputs to the salary calculator are location, education, years of professional coding experience, job role, and technologies you know (up to 5). One of the biggest factors influencing the salary is location. Source: Stack Overflow According to 2018 survey, the salaries have increased overall, with median salaries being 25% higher than 2017 in London and San Francisco. This does not mean all developers got raises everywhere, it shows that developer salaries are increasing in all locations. The comprehensive responses have added eight new countries—Australia, Brazil, India, Netherlands, Poland, Russia, Spain, and Sweden. The job role also affects the salary. Source: Stack Overflow DevOps specialists earn the most in all the countries presented. The model accounts all characteristics like location, education, and role, same role in different locations etc are considered. The end result is that some developer roles like DevOps are associated with higher salaries while some developer roles like QA are associated with lower salaries. Many of them do not see any change from baseline, that is, the typical developer salary in a country. The technologies used by the developers also had an impact on salary. In this year’s survey, the high paying technologies include Go, Scala, Redis, and React. Some technologies like PHP correlate to lower salaries, while some technologies like JavaScript so ubiquitous they do not affect salary scale. For more details visit the StackOverflow website, you can also try the salary calculator yourself. Stack Overflow revamps its Code of Conduct to explain what ‘Be nice’ means – kindness, collaboration, and mutual respect 4 surprising things from Stack Overflow’s 2018 survey 10 predictable findings from Stack Overflow’s 2018 survey

OpenFaaS announced on the 5th of September 2018 that they have released support for stateless microservices in OpenFaaS 0.9.0. They assert that managing FaaS functions and microservices will now be easier. A stateless microservice can be deployed as if it were a FaaS Function and managed by a FaaS framework or Platform such as OpenFaaS. Hence, no special routes, flags or filters are needed in the OpenFaaS CLI, Gateway API or UI. Source: OpenFaaS The upgrade came as a follow-up to two requests from the microservices community. One of the users at Wireline.io raised a feature request to enhance the HTTP route functionality of functions and write functions to run on both, AWS Lambda and on OpenFaaS, without any additional changes. Then came the request from the CEO of GitLab, Sid Sijbrandi who wanted to learn more about Serverless and how it could benefit Gitlab. He was apprehensive whether OpenFaaS could be used to manage both, FaaS Functions and the microservices his team was more familiar (eg. Sinatra apps). He wanted to know more about scaling to zero when idle. To address these requests, the OpenFaaS blog has given its viewers an example of deploying a Ruby and Sinatra guestbook backed by MySQL deployed to OpenFaaS with Kubernetes. This is how the task can be done- Users have to start of by creating the Sinatra stateless microservices. They can then go on to create a hello-world service by supplying their own Dockerfile and executing the following commands $ mkdir -p sinatra-for-OpenFaaS/ \  && cd sinatra-for-OpenFaaS/ $ faas-cli new --prefix=alexellis2 --lang dockerfile frank-says They need to replace alexellis2 with their Docker Hub account or another Docker registry. This has to be followed by creating a Gemfile and the main.rb file: ./frank-says/main.rb: require 'sinatra' set :port, 8080 set :bind, '0.0.0.0' open('/tmp/.lock', 'w') { |f|  f.puts "Service started" } get '/' do  'Frank has entered the building' end get '/logout' do  'Frank has left the building' End   Things to note on OpenFaaS workloads while doing this- Bind to TCP port 8080 Write a file /tmp/.lock when ready to receive traffic The Dockerfile will add a non-root user, add the Ruby source and Gemfile then installs the Sinatra gem. Finally, it will add a healthcheck on a 5-second interval and set the start-up command. Users can now deploy the example using the OpenFaaS CLI. Login with account details $ docker login Run the up command which is an alias for build, push and deploy. $ faas-cli up --yaml frank-says.yml Deploying: frank-says. Deployed. 200 OK. URL: http://127.0.0.1:8080/function/frank-says To Deploy the Sinatra guestbook with MySQL, they need to execute- $ git clone https://github.com/OpenFaaS-incubator/OpenFaaS-sinatra-guestbook \  && cd OpenFaaS-sinatra-guestbook Configure MySQL database details in ./sql.yml. $ cp sql.example.yml sql.yml Finally deploy the guestbook: $ faas-cli up http://127.0.0.1:8080/function/guestbook The  URL given by the command above should be used to access the microservice. Now, Sign the guest book using the UI and then reset the MySQL table at any time by posting to /function/guestbook/reset. Source: OpenFaaS The guestbook code stores its state in a MySQL table. A key property of FaaS functions and stateless microservices is that it can be restarted at any time without losing data. For a detailed implementation of the guestbook example, head over to the OpenFaaS Blog post How to Enable Zero-Scale? To enable scaling to zero simply follow the documentation Next, users have to add a label to their stack.yml file to tell OpenFaaS that your function is eligible for zero-scaling: labels:      com.OpenFaaS.scale.zero: true Finally, redeploy the guestbook with faas-cli up. The faas-idler will now scale the function to zero replicas as soon as it is detected as idle. The default idle period is set at 5 minutes, which can be configured at deployment time. OpenFaaS has also deployed a stateless microservice written in Ruby that will scale to zero when idle and back again in time to serve traffic. It can be managed in exactly the same way as OpenFaaS existing FaaS functions. Thus, we have seen how the support for stateless microservices has made it easier for users to manage their microservices easily. Head over to the OpenFaaS blog for a detailed explanation of deploying a simple hello-world Sinatra service and to gain more insights about the upgrade. 6 Ways to blow up your Microservices! Google, IBM, RedHat and others launch Istio 1.0 service mesh for microservices Welcome Express Gateway 1.11.0, a microservices API Gateway on Express.js

Google has launched Dataset Search, a search engine for finding datasets on the internet. This search engine will be a companion of sorts to Google Scholar, the company’s popular search engine for academic studies and reports. Google Dataset Search will allow users to search through datasets across thousands of repositories on the Web whether it be on a publisher's site, a digital library, or an author's personal web page. Google’s Dataset Search scrapes government databases, public sources, digital libraries, and personal websites to track down the datasets. It also supports multiple languages and will add support for even more soon. The initial release of Dataset Search will cover the environmental and social sciences, government data, and datasets from news organizations like ProPublica. It may soon expand to include more sources. Google has developed certain guidelines for dataset providers to describe their data in a way that Google can better understand the content of their pages. Anybody who publishes data structured using schema.org markup or similar equivalents described by the W3C, will be traversed by this search engine. Google also mentioned that Data Search will improve as long as data publishers are willing to provide good metadata. If publishers use the open standards to describe their data, more users will find the data that they are looking for. Natasha Noy, a research scientist at Google AI who helped create Dataset Search, says that “the aim is to unify the tens of thousands of different repositories for datasets online. We want to make that data discoverable, but keep it where it is.” Ed Kearns, Chief Data Officer at NOAA, is a strong supporter of this project and helped NOAA make many of their datasets searchable in this tool. “This type of search has long been the dream for many researchers in the open data and science communities” he said. Try out Google’s new Dataset Search here. 25 Datasets for Deep Learning in IoT. Datasets and deep learning methodologies to extend image-based applications to videos. Google-Landmarks, a novel dataset for instance-level image recognition.

Many of you may remember GIMP from school if you weren’t using MS Paint instead. The open-source cross-platform image editor is free to use and to modify the source code. GIMP is associated with the non-profit GNOME, a Linux desktop environment. The $100K donation given to them is a part of the $400K donation made to GNOME by Handshake.org in early August. Now 25 percent of this donation will go to GIMP. After the release of GIMP 2.10.6, hopefully, this donation helps them to accomplish their next GTK3-ported GIMP 3.0 release. In May this year, an anonymous donor pledged $1M to the GNOME foundation over the course of next two years. This donation enabled them to put up job listings for four additional roles of Development Coordinator, Program Coordinator, DevOps/Sysadmin, and GTK+ core developer. Their website states “We thank both Handshake.org and GNOME Foundation for the generous donation and will use the money to do much overdue hardware upgrade for the core team members and organize the next hackfest to bring the team together, as well as sponsor the next instance of Libre Graphics Meeting.” Handshake.org was launched on August 2 this year. It is a decentralized certificate authority and peer-to-peer DNS service. Handshake.org is donating about $10 million to non-profits and free/open-source projects. Handshake’s purpose is not to replace the DNS protocol. But it aims at replacing the root zone file and root servers with a public commons. Their website states: “Handshake’s original incubators, Purse.io and Private Internet Access, provided enough support to build and launch the platform without additional funding. In the spirit of free software and radical gifting we’ve taken the validation value from this project and shared it with the world.” The details are posted on the official GIMP website. A Tour Around GIMP GNOME 3.30 released with improved Desktop performance, Screen Sharing, and more Creating a quick logo for a company with GIMP 2.6

The Tor Project team has released Tor Browser 8.0 today. The update comes with an upgraded language page, new onboarding experience for new users, additional language support and optimized bridge fetching technique. The Tor Browser, based on Mozilla's Extended Support Release version of the Firefox web browser, helps users anonymize their Internet connection. The browser is famous for bundling data into encrypted packets before passing them through the network, thus keeping user’s identity at bay. This new version powered by Firefox 60 ESR (Extended Support Release) is a level up from the previous Firefox 52 ESR. 3 major upgrades in Tor Browser 8.0 #1 A New Onboarding Experience It is now really easy for new users to understand what the Tor browser is and how to use it.  The welcome tour provides users with all the information needed to get started with the Tor browser. The ‘About’ section of the browser takes viewers through aspects that make Tor different than other commonly available browsers. Users are also taken through privacy and security settings to ensure that they have a smooth experience using the browser. Source: ghacks.net #2 Optimized Bridge Configuration Flow Bridge Fetching, has been optimized in the new version. In the previous versions, users had to send an email or visit a website to request new bridges for locations where Tor browser is blocked because of censorship related issues. With the Tor 8.0, users have to only  solve a captcha in Tor launcher toto request new bridges from within the browser directly. All that has to be done is- Activate the Tor button in the browser interface and select Tor Network Settings. Enable the "Tor is censored in my country" checkbox on the page that opens. Select "Request a bridge from torproject.org". Solve the captcha displayed. Source:ghacks.net #3 Improved Language Support Previous versions of Tor supported fewer languages, which meant that users were unable to use the browser in their native language. The Tor Browser 8.0 has introduced the support for nine languages - Catalan, Irish, Indonesian, Icelandic, Norwegian, Danish, Hebrew, Swedish, and Traditional Chinese. The browser has added Component and library upgrades to new versions while Blocking navigator.mozAddonManager so that websites can't see it. You can read the full release announcement for more information on the upgrades introduced in Tor 8.0. Ubuntu free Linux Mint Project, LMDE 3 ‘Cindy’ Cinnamon, released Baidu releases EZDL – a platform that lets you build AI and machine learning models without any coding knowledge Splinter 0.9.0, the popular web app testing tool, released!  

On the 4th of September 2018, Spotify labs announced that cstar- the Cassandra orchestration tool for the command line, will be made freely available to the public. In Cassandra, it is complicated to understand how to achieve the perfect performance, security, and data consistency. You need to run a specific set of shell commands on every node of a cluster, usually in some coordination to avoid the cluster being down. This task can be easy for small clusters, but can get tricky and time consuming for the big clusters. Imagine having to run those commands on all Cassandra nodes in the company! It would be time consuming and labor intensive. A scheduled upgrade of the entire Cassandra fleet at Spotify included a precise procedure that involved numerous steps. Since Spotify has clusters with hundreds of nodes, upgrading one node at a time is unrealistic. Upgrading all nodes at once also wasn't a probable option, since that would take down the whole cluster. In addition to the outlined performance problems, other complications while dealing with Cassandra involved: Temporary network failures, breaking SSH connections, among others Performance and availability can be affected if operations that are computation heavy or involve restarting the Cassandra process/node are not executed in a particular order Nodes can go down at any time, so the status of the cluster should be checked not just before running the task, but also before execution is started on a new node. This means there is no scope of parallelization. Spotify was in dire need of an efficient and robust method to counteract these performance issues on thousands of computers in a coordinated manner. Why was Ansible or Fabric not considered by Spotify? Ansible and Fabric are not topology-aware. They can be made to run commands in parallel on groups of machines. Some wrapper scripts and elbow grease, can help split a Cassandra cluster into multiple groups, and execute a script on all machines in one group in parallel. But on the downside, this solution doesn’t wait for Cassandra nodes to come back up before proceeding nor does it notice if random Cassandra nodes go down during execution. Enter cstar cstar  is based on paramiko-a Python (2.7, 3.4+) implementation of the SSHv2 protocol, and shares the same ssh/scp implementation that Fabric uses. Being a command line tool, it runs an arbitrary script on all hosts in a Cassandra cluster in “topology aware” fashion.     Example of cstar running on a 9 node cluster with replication factor of 3, with the assumption that the script brings down the Cassandra process. Notice how there are always 2 available replicas for each token range. Source: Spotify Labs cstar supports the following execution mechanisms: The script is run on exactly one node per data center at the time. If you have N data centers with M nodes each and replication factor of X, this effectively runs the script on M/X * N nodes at that time. The script run on all nodes at the same time, regardless of the topology. Installing cstar and running a command on a cluster is easy and can be done by following this quick example Source: Spotify Labs The concept of ‘Jobs’ Execution of a script on one or more clusters is a job. Job control in cstar works like in Unix shells. A user can pause running jobs and then resume them at a later point in time. It is also possible to configure cstar to pause a job after a certain number of nodes have completed. This helps users to: Run a cstar job on one node Manually validate if the job worked as expected Lastly, the user can resume the job. The features of Cstar has made it really easy for Spotify to work with Cassandra clusters. You can find more insights to this article on Spotify Labs. Mozilla releases Firefox 62.0 with better scrolling on Android, a dark theme on macOS, and more Baidu releases EZDL – a platform that lets you build AI and machine learning models without any coding knowledge PrimeTek releases PrimeReact 2.0.0 Beta 3 version

Five months after Facebook founder Mark Zuckerberg appeared before Congress, the US government once again invited top tech executives from Facebook, Twitter, and Google to the fourth and final installment of the series of high profile hearings on social media’s role in US democratic proceedings. Facebook COO Sheryl Sandberg and Twitter CEO Jack Dorsey faced the Senate Select Intelligence Committee, for the purpose to discuss the National Security issues and foreign interference through social media platforms in US elections. Google was notably absent from the proceedings, after the firm failed to send a senior executive ‘at the right level’ to Washington. Google submitted a written testimony ahead of the hearing, which the Senate discarded. In place of a Google representative, the Senate committee left an empty chair. Opening Remarks from the Senate Chairman Richard Burr and the Vice Chairman Mark Warner Chairman of the Senate Richard Burr made his opening remarks welcoming Jack Dorsey CEO Twitter and Sheryl Sandberg COO Facebook. He started with some words from the recently passed John McCain. McCain's place at the hearing was marked with a single white rose on a black cloth. "He will be dearly missed," Chairman Burr says. He opened his speech discussing about social media in the last 18 months. He acknowledged its immense potential for good but highlighted how the recent past has show how vulnerable social media can be to corruption and misuse. He said the committee takes this issue very seriously and appreciates the fact that Facebook and Twitter have taken responsibility with an equivalent and appropriate measures of seriousness and unlike their peer Google, have shown up for the hearing with the ‘appropriate level of corporate representation’. He further added that the purpose of this hearing was to discuss the role social media plays into the execution of foreign influence operations. The Chairman precisely made a point that its important we be candid with our language because that is what the significance of this threat demands. He said, “We need to be precise about the foreign actors we talking about. We need to be precise about the consequences of not acting and we need to be candid about being responsible for solving this problem and where it lies.” Chairman Burr's said that "business as usual" for these tech firms is not good enough. "We've identified the problem, now we've got to find a solution," he added. He also adds a jibe at Google for failing to send the "right senior executive". His sentiments were echoed by Vice Chairman Mark Warner, who took over from Burr. He was "deeply disappointed" in Google for not taking the issues being discussed yesterday seriously enough. Vice Chairman Mark, also put forward some thoughts and open questions to Twitter and Facebook to improve their policies and systems: Users should have the right to know when they are interacting with bots or humans on the platform Isn't there a public interest in ensuring there is more anonymised data to help researchers and academics identify potential problems and misuse. Why are your terms of service so difficult to find and nearly impossible to read and understand Ideas like data portability, data immunization or first party consent should be adopted After encountering numerous situations of misuse, what kind of accountability should be implemented to the flawed advertising model Sheryls Sandberg’s defending comments The Facebook CEO Sheryl Sandberg smoothly projected the impression that the company is always doing something. Whether that’s on combating hate speech, hoaxes and “inauthentic” content, or IDing and blocking state-level disinformation campaigns — thereby shifting attention off the deeper question of whether Facebook is doing enough. Many of her answers courteously informed senators that Facebook would ‘follow up’ with answers and/or by providing some hazily non-specific ‘collaborative work’ at some undated future time — which is the most professional way to kick awkward questions. Sheryl started her opening remarks by thanking the committee for giving her the opportunity to talk in the Senate Hearing. Referring to her written testimony which goes into more detail and here few points Sandberg reiterated in the session. Russia used our platform to interfere in the US elections and Facebook was too slow to spot this and too slow to act and that is on us, she said She mentioned about taking collaborative efforts with government and law enforcement committees. She further stated that at Facebook they are investing in long term security, and have doubled the number of people working in safety and security. They are able to view security reports in 50 languages 24 hours a day. They use better ML and AI techniques to be more proactive in finding abuse. Their first line of defense is finding and taking down the fake accounts and pages. Blocking millions of attempts to make fake accounts. Making progress on fake news and limiting their distribution as well. They demark articles by third party fact checkers and warn people who give them or about to share them. They show them related articles with more facts for a more well rounded opinion. Strong steps taken to prevent abuse and increase transparency on their advertising platform. For political issue you can now see who paid for the ads, how much they paid and the demographics of the advertisers. Advertisers are also required to go through a long authorization process to confirm their authentic identity. Finally Sandberg concluded by saying these steps wont stop people who are trying to game the system but it will make it a lot harder. She emphasized on working more collaboratively with the government and law enforcement agencies. She continued that Facebook is more determined than its opponent and they are in a grey area working together to meet this challenge. Jack dorsey’s defence “We weren’t expecting any of this when we created Twitter over 12 years ago. We acknowledge the real-world negative consequences of what happened, and we take full responsibility to fix it.” Here's the opening to Jack Dorsey's prepared statement: “Thank you for the opportunity to appear before the Committee today so I may speak to you and the American people. Twitter’s purpose is to serve the public conversation. We are an American company that serves our global audience by focusing on the people who use our service, and we put them first in every step we take. Twitter is used as a global town square, where people from around the world come together in an open and free exchange of ideas. We must be a trusted and healthy place that supports free and open discussion. Twitter has publicly committed to improving the collective health, openness, and civility of public conversation on our platform. Twitter’s health is measured by how we help encourage more healthy debate, conversations, and critical thinking. Conversely, abuse, malicious automation, and manipulation detracts from the health of our platform. We are committed to hold ourselves publicly accountable towards progress of our health initiative. Today, I hope my testimony before the Committee will demonstrate the challenges that we are tackling as a global platform. Twitter is approaching these challenges with a simple question: How do we earn more trust from the people using our service? We know the way we earn more trust around is how we make decisions on our platform to be as transparent as possible. We want to communicate how our platform works in a clear and straightforward way.” Jack mentions, “Abuse, harassment, troll armies, propaganda through bots and human coordination, misinformation campaigns, and divisive filter bubbles…that‘s not a healthy public square. Worse, a relatively small number of bad-faith actors were able to game Twitter to have an outsized impact. We weren’t expecting any of this when we created Twitter over 12 years ago. We acknowledge the real-world negative consequences of what happened, and we take full responsibility to fix it. We’ve seen positive results from our work. We‘re now removing over 200% more accounts for violating our policies. We’re identifying and challenging 8-10 million suspicious accounts every week. And we’re thwarting over a half million accounts from logging in to Twitter every day. Today we‘re committing to the people, and this committee, to do that work, and do it openly. We‘re here to contribute to a healthy public square, not compete to have the only one.” Few Questions to the witnesses from the Senators in the committee Senator James E. Risch Questions on Hate Speech “Who sets the security standards or the descriptions of authority of manipulative content and if there is any kind of unanimity amongst them or are there any debates or hate speeches in the team” Sandberg said that language that leads to violence is not permitted on their platform and Twitter CEO Dorsey shares the same views. Risch asked whether there was any way for Facebook to find any distinction between US citizens and people from other countries. Sandberg responded saying Facebook asks people to declare where they are from. People are allowed to talk about any country, but are not allowed to talk about hate. They are not allowed to interfere or influence elections. Facebook is also looking to dive further into transparency reporting. Twitter is focusing on behavioural patterns. It tracks common patterns of behaviour and utilizes that information to find out the unauthentic content. They have built deep learning and machine learning technologies to recognize these patterns quickly and shut them before they spread in other areas. Senator Martin Heinrich on Threat to Elections “What is it that you have learned from the past elections since 2016 as the platforms have been used throughout the course of a number of elections around the world. And how you have informed your current posture in terms of how you are gaining transparency in this activity?” Sandberg said that Facebook is getting smarter at detecting and preventing threats to elections but warned that the opponents are getting smarter as well. Dorsey followed by mentioning how Twitter is working with AI tools to recognise patterns of behaviour that allow people to artificially amplify information. Senator Susan Collins on why Twitter doesn't intimate individuals “Once you’ve taken down accounts that are linked to Russia, these imposter accounts, what do you do to notify the followers of those accounts that they have been following or engaged in accounts that originated in Russia and are not what they appear to be.” “We simply haven’t done enough… we do believe transparency is a big part of where we need improvement... We need to meet people where they are... We are going to do our best to make sure that we catch everything via external partnership and other channels. We recognise we need to communicate more directly,” said Jack Dorsey. He also added, “We are looking to incentivise people not only based on the number of followers they have but also the way they share content online. By what kind of content they share. We are also looking to expand our transparency report and extend the same to the public.” How Can Facebook & Twitter Clean Their Systems? “We have been investing heavily in identifying bad actors in the system. Most of our takedown have been on our own, but we have coordinated with external parties to make this successful.” said Sandberg. Dorsey had his own response saying, “There are a number of short term risks involved but the only way we'll grow is by building the platform's health and we have strengthened our partnership with government agencies and law enforcement partners.” The stock prices of Twitter and Facebook don’t seem to be holding up to the questioning and have been dropping since the hearing began. Sandberg added, “the most important determinant is what people choose to follow. If you don’t want to follow someone we encourage that. We are going to do a contribution to investing in technology to figure out a solution to battle deep fake news.” “I encourage both of you to work closely with academia… I hope that you will commit to providing data that goes beyond a 3 year window to researchers who are looking into Russian influence on your platforms”, concluded Senator Collins Senator Harris on business incentive alignment and policy inconsistencies at Facebook “What metric are you using to calculate the revenue generated associated with those [inorganic] ads? And what is the dollar amount that is associated with that revenue?... What percentage of content on Facebook is inorganic?.. You must know.” Sandberg answered, “Ads don’t run with inorganic content on our service. So there is no way to firmly ascertain how much ads are attached to how much organic content and that’s not how we work.” Harris further asked “How can you reconcile an incentive to create and increase your user engagement when the content that generates a lot of engagement is often inflammatory in nature?” Sandberg gave a specific example of Facebook’s hate speech moderation failure, a financially incentivized policy and moral failure. She referenced a ProPublica report from June 2017, which revealed the company had told moderators to delete hate speech targeting white men but not black children as they were a protected class. She continued that it was a bad policy and they had fixed it. Harris questioned whether the policy was changed after the report? To which Sandberg uncomfortably responded about getting back to the committee on the specifics of when and what would have happened. Senator Blunt on liability implications and learning from attempts at improving the platforms this year “In the interest of transparency and public education…, are you willing to archive suspended accounts...?” Dorsey opened by saying, “As we think about our singular priority of improving the health of public conversations, we are not going to be able to do long term work unless we’re look at the incentives that our product is asking people to do everyday.” Dorsey agreed that archiving historical data is a great idea, but further understanding of the legal implications of such an action is needed. “The business implications, the liability implications of what we’re asking you to do are pretty grey,... what’s the challenge here?” asked Blunt. Tighter co-ordination helps, said Sandberg responded. We’d like regular cadence of meetings with our law enforcement partners, we’d love to understand the secular trends that they are aware of in our peer companies our other mediums or more broadly that would inform us on how to act faster. We’d appreciate consolidating to a single point of contact instead of bouncing between multiple agencies to do our work,” added Dorsey. Senator Lankford on Data of Suspended Accounts Both Twitter and Facebook keep records of the suspended accounts for later analysis and also for referrals by law and enforcement bodies. Sandberg was also questioned on the number of fake accounts on Facebook. Senator Manchin on Why Facebook & Twitter Don't Operate in China Both Facebook and Twitter do not operate in China because the Chinese government hasn’t allowed both these platforms in the country. Sandberg and Dorsey unanimously replied to the senator. US Senator Cotton on Why Wikileaks is Active on Facebook and Twitter WikiLeaks and Julian Asange remain active on Facebook & Twitter. Sandberg said that these accounts don’t violate any of Facebook's terms. Dorsey also supported the viewpoint and clarified that Twitter is open to inviting law and enforcement to investigate if needed. US Senate Vice Chairman Mark Warner Wraps It Up Warner thanked both Dorsey and Sandberg for their presence and urged both to make their platforms safer for users across the US. He also thanked them for taking down bad actors online and in helping fight against fake news. US Senate Chairman Richard Burr also thanked both the individuals for being present and addressing the senators’ questions. To watch the full coverage of the hearing visit the US Senate Select Intelligence official page. Google’s Senate testimony, “Combating disinformation campaigns requires efforts from across the industry.” Twitter’s CEO, Jack Dorsey’s Senate Testimony: On Twitter algorithms, platform health, role in elections and more Facebook, Twitter takes down hundreds of fake accounts with ties to Russia and Iran, suspected to influence the US midterm elections

Yesterday, Chris Keane, the General Manager of OpenSky announced that OpenSky is now acquired by the Alibaba Group. OpenSky is a network of businesses that empower modern global trade for SMBs and help people discover, buy, and share unique goods that match their individual taste. OpenSky will join Alibaba Group in two capacities: One of OpenSky’s team will become a part of Alibaba.com in North America B2B to serve US based buyers and suppliers. The other team will become a wholly-owned subsidiary of Alibaba Group consisting of OpenSky’s marketplace and SaaS businesses. In 2015, Alibaba Group acquired a minority ownership on OpenSky. In 2017, they collaborated with Alibaba’s B2B leadership team to solve the challenges faced by small businesses. According to Chris, both the companies share a common interest, which is to help small businesses: “It was thrilling to discover that our counterparts at Alibaba share our obsession with helping SMBs. We’ve quickly aligned on a global vision to provide access to markets and resources for businesses and entrepreneurs, opening new doors and knocking down obstacles.” In this announcement Chris also mentioned that they will be coming up with powerful concepts to serve small businesses everywhere, in the near future. To know more, read the official announcement on LinkedIn. Alibaba Cloud partners with SAP to provide a versatile, one-stop cloud computing environment Digitizing the offline: How Alibaba’s FashionAI can revive the waning retail industry Why Alibaba cloud could be the dark horse in the public cloud race

Laravel 5.7.0 has been released. The latest version of the PHP framework includes support for email verification, guest policies, dump-server, improved console testing, notification localization, and other changes. The versioning scheme in Laravel maintains the convention—paradigm.major.minor. Major releases are done every six months in February and August. The minor releases may be released every week without breaking any functionality. For LTS releases like Laravel 5.5, bug fixes are provided for two years and security fixes for three years. The LTS releases provide the longest support window. For general releases, bug fixes are done for 6 months and security fixes for a year. Laravel Nova Laravel Nova is a pleasant looking administration dashboard for Laravel applications. The primary feature of Nova is the ability to administer the underlying database records using Laravel Eloquent. Additionally, Nova supports filters, lenses, actions, queued actions, metrics, authorization, custom tools, custom cards, and custom fields. After the upgrade, when referencing the Laravel framework or its components from your application or package, always use a version constraint like 5.7.*, since major releases can have breaking changes. Email Verification Laravel 5.7 introduces an optional email verification for authenticating scaffolding included with the framework. To accommodate this feature, a column called email_verified_at timestamp has been added to the default users table migration that is included with the framework. Guest User Policies In the previous Laravel versions, authorization gates and policies automatically returned false for unauthenticated visitors to your application. Now you can allow guests to pass through authorization checks by declaring an "optional" type-hint or supplying a null default value for the user argument definition. Gate::define('update-post', function (?User $user, Post $post) {    // ... }); Symfony Dump Server Laravel 5.7 offers integration with the dump-server command via a package by Marcel Pociot. To get this started, first run the dump-server Artisan command: php artisan dump-server Once the server starts after this command, all calls to dump will be shown in the dump-server console window instead of your browser. This allows inspection of values without mangling your HTTP response output. Notification Localization Now you can send notifications in a locale other than the set current language. Laravel will even remember this locale if the notification is queued. Localization of many notifiable entries can also be achieved via the Notification facade. Console Testing Laravel 5.7 allows easy "mock" user input for console commands using the expectsQuestion method. Additionally, the exit code can be specified and the text that you expect to be the output via the console command using the assertExitCode and expectsOutput methods. These were some of the major changes covered in Laravel 5.7, for a complete list, visit the Laravel Release Notes. Building a Web Service with Laravel 5 Google App Engine standard environment (beta) now includes PHP 7.2 Perform CRUD operations on MongoDB with PHP

Open Neural Network Exchange (ONNX) team released ONNX 1.3, last week. The latest release includes features such as experimental function concept, along with other related improvements. ONNX is an open ecosystem that allows Artificial Intelligence developers to select the right set of tools as their project evolves. ONNX provides an open source format for the deep learning models which allows machines to learn tasks without the need of being explicitly programmed. Deep learning models trained on one framework can easily be transferred to another with the help of the ONNX format. Let’s explore the changes in ONNX 1.3. ONNX 1.3 Key Updates The control flow operators in Operator Set 8 in ONNX 1.3 have evolved from the experimental phase. A new operator Expand has been added. Other operators such as Max, Min, Mean, and Sum have been added to support broadcasting. Other than that, there is added support for output indices in operator MaxPool. An experimental function concept is introduced in ONNX 1.3 for representing composed operators. MeanVarianceNormalization uses this feature. Shape inference in ONNX 1.3 has been enhanced with support added for Reshape operator with a constant new shape. There are more ONNX optimization passes available. In addition to that, there are more operator backend tests available now with newly added test coverage stat page. Opset Version Converter provides support for operators such as Add, Mul, Gemm, Relu, BatchNorm, Concat, Reshape, Sum, MaxPool, AveragePool, and Dropout. All the models in the model zoo have been covered, except tiny-yolo-v2. For more information, check out the official ONNX 1.3 release notes. Amazon, Facebook and Microsoft announce the general availability of ONNX v0.1 ONNX for MXNet: Interoperability across deep learning models made easy Baidu announces ClariNet, a neural network for text-to-speech synthesis

Wayve, a new U.K. self-driving car startup, trained a car to drive in its imagination using a model-based deep reinforcement learning system. This system helps the prediction model to learn from real-world data collected offline. The car observes the motion of other agents in the scene, predicts their direction, thereby, making an informed driving decision. Dreaming to drive The deep reinforcement learning system was trained using data collected during sunny weather in Cambridge, UK. The training process used World Models (Ha & Schmidhuber, 2018), with monocular camera input on an autonomous vehicle. Although the system has been trained for the sunny weather, it can still successfully drive in the rain. It does not get distracted by the reflections produced by puddles or the droplets of water on the camera lens. Dreaming to drive in the rain The underlying training process Firstly, the prediction model was trained on the collected data. A variational autoencoder was used to encode the images into a low dimensional state. After this, a probabilistic recurrent neural network was trained to develop a prediction model. This helps estimate the next probabilistic state based on the current state and action. Also, an encoder and prediction model is trained using the real-world data. Once that is done, a driving policy is initialized and its performance is assessed using the prediction model in simulated experiences. Similarly, many simulated sequences can be trained, by imagining experiences. These imagined sequences can also be visualized to observe the learned policy. “Using a prediction model, we can dream to drive on a massively parallel server, independent of the robotic vehicle. Furthermore, traditional simulation approaches require people to hand-engineer individual situations to cover a wide variety of driving scenarios. Learning a prediction model from data automates the process of scenario generation, taking the human engineer out of the loop” reads the Wayve blog post. Generally, there are differences in appearance and behavior between simulator solutions and the real world, making it challenging to leverage knowledge acquired in the simulation. Wayve's deep reinforcement learning system does not have this limitation as the system is trained directly using the real-world data. Hence, there is no major difference between the simulation and the real world. Finally, as the learned simulator is differentiable, it is easy to directly optimize a driving policy using gradient descent. “Wayve is committed to developing richer and more robust temporal prediction models and believe this is key to building intelligent and safe autonomous vehicles,” says the Wayve team. For more information, check out the official Wayve blog post. What we learned from CES 2018: Self-driving cars and AI chips are the rage! Tesla is building its own AI hardware for self-driving cars MIT’s Duckietown Kickstarter project aims to make learning how to program self-driving cars affordable

Yesterday, Sen. Bernie Sanders (I-Vt.) with Rep. Ro Khanna (D-Calif.) introduced a bill named, Stop Bad Employers by Zeroing Out Subsidies (BEZOS) Act. This bill states that huge companies such as Amazon and Walmart need to pay their employees a living wage. Else, they will have to pay to match the public assistance programs that their low-wage workers are forced to rely upon. According to a study from the University of California, Berkeley Labor Center, low wages cost taxpayers about $150 billion per year. Sanders in his announcement said: "Let us be very clear: We believe that the government has a moral responsibility to provide for the vulnerable – the children, the elderly, the sick and the disabled. But we do not believe that taxpayers should have to expend huge sums of money subsidizing profitable corporations owned by some of the wealthiest people in this country. That's what a rigged economy is about." The bill highlighted many top companies who are making huge profits but not paying their employees enough: Wages paid to Walmart’s associates are so low that they have to live on benefits costing U.S. taxpayers of an estimated $6.2 billion a year. 52 percent of all fast food workers rely upon public assistance programs to survive and low wages at McDonald's alone cost the federal government and U.S. taxpayers over $1.2 billion a year. 1 out 3 Amazon workers in Arizona and 2,400 in Pennsylvania and Ohio depend on food stamps as per The New Food Economy. This bill aims to solve this by employing a corporate welfare tax on large companies equal to the amount of benefits received by their low wage employees. It also makes asking employees whether or not they qualify for federal benefits unlawful for a large employer. Under this legislation, companies with more than 500 employees are considered large companies. Federal benefits include Supplemental Nutrition Assistance Program (SNAP), Medicaid, the school lunch program and Section 8 housing. Sanders and Amazon were having a back and forth argument from several months. Last week, Sanders issued a form for the current and former employees of Amazon to collect information regarding their working environment with the aim of issuing this legislation and finally, he has now taken a step forward. To know more on the BEZOS Act, check out Sanders’ official website. Amazon calls Senator Sanders’ claims about ‘poor working conditions’ as “inaccurate and misleading” Amazon hits $1 trillion market value milestone yesterday, joining Apple Inc Amazon is supporting research into conversational AI with Alexa fellowships