Tech News

The world's first trillion-dollar public company- Apple, had its servers hacked. By a Melbourne based teenage schoolboy aged 16. Yes, Read that again. That’s how safe your data is at Apple, the most privacy-conscious of the FAANG tech giants. The student, whose name cannot be publicly revealed due to his age and reputation in the hacking community, reportedly pleaded guilty to his actions in an Australian Children's Court this week. “Dream of working at Apple” leads teen to hack into its servers The accused juvenile, not new to cybercrime, is well known in the international hacking community. His ability to develop computerized tunnels and online bypassing systems to hide his identity served him well until a raid on his family home last year exposed hacking files and instructions all saved in a folder interestingly named “hacky hack hack”. Reportedly fascinated with the tech giant, the 16-year old confessed that the hacking took shape as someday he had plans to work for Apple, a Melbourne court reported. He hacked into Apple’s mainframe, downloaded internal files and accessed customer accounts. The teen managed to obtain customers’ authorized keys – that could grant access to user accounts to anybody. Which, by the way, are considered to be extremely secure. What is surprising is that, he hasn’t hacked into Apple just once but multiple times over the course of the past year. In spite of downloading 90GB of secure files and accessing customer accounts, Apple has denied that customers were affected in real time. The company testified that it identified the security breach and notified the FBI, which in turn referred the matter to the Australian federal police. A prosecutor further threw some light on the incident by acknowledging that "Two Apple laptops were seized and the serial numbers matched the serial numbers of the devices which accessed the internal systems" He further added that, "A mobile phone and hard drive were also seized whose IP address matched those detected in the breaches." A company guardian tried to provide solace to its customers by releasing a statement saying that they vigilantly protect their networks and have dedicated teams of information security professionals that work to detect and respond to threats. He added, “In this case, our teams discovered the unauthorized access, contained it, and reported the incident to law enforcement. We regard the data security of our users as one of our greatest responsibilities and want to assure our customers that at no point during this incident was their personal data compromised.” The boy’s audacity is further highlighted by the fact that he shared details of his hacking with members of a WhatsApp group. He pleaded guilty and will return to the court for sentencing in September. However, the magistrate has decided to announce the sentence conferred, by next week because of the complexities involved in the case. Head over to fossbytes for a detailed coverage of the case. Apple stocks soar just shy of $1 Trillion market cap as revenue hits $53.3 Billion in Q3 earnings 2018 Twitter’s trying to shed its skin to combat fake news and data scandals, says Jack Dorsey Timehop suffers data breach; 21 million users’ data compromised    

The Department of Housing and Urban Development (HUD) filed a complaint against Facebook on Friday (17 August), alleging the platform is selling ads that discriminate against users based on race, religion and sexuality. This is a problem that Facebook has been struggling to deal with for at least 2 years and suggests a lack of seriousness on the part of Facebook's product teams responsible. It also suggests that the solutions Facebook have tried to employ - a mixture of policy and algorithms - have failed to make a real impact. Facebook's discriminatory housing ads: a timeline All the way back in November 2016, Erin Egan, Chief Privacy Officer at Facebook, published this post, saying: "Recently, policymakers and civil rights leaders have expressed concerns that advertisers could misuse some aspects of our affinity marketing segments. Specifically, they’ve raised the possibility that some advertisers might use these segments to run ads that discriminate against people, particularly in areas where certain groups have historically faced discrimination — housing, employment and the extension of credit." Since then, the issue has failed to go away. In February 2017, Facebook had claimed to put in place a number of measures that would once and for all deal with the issue, updating its policies and offering new tools. However, in November 2017, an investigation by ProPublica found that those measures that Facebook had claimed it was putting in place were having no impact whatsoever. The website purchased "dozens of rental housing ads on Facebook, but asked that they not be shown to certain categories of users." The HUD told ProPublica at the time that it was satisfied with the inquiry it had done with Facebook on discriminatory ads, but that now seems to have changed. HUD's case against Facebook In a statement, Anna Maria Faras,  Assistant Secretary for Fair Housing and Equal Opportunity explained that "the Fair Housing Act prohibits housing discrimination including those who might limit or deny housing options with a click of a mouse...When Facebook uses the vast amount of personal data it collects to help advertisers to discriminate, it’s the same as slamming the door in someone’s face." Facebook did respond to the complaint, offering a comment to the Washington Post. "Over the past year we’ve strengthened our systems to further protect against misuse. We’re aware of the statement of interest filed and will respond in court; we’ll continue working directly with HUD to address their concerns." It's clear that Facebook's "systems" are struggling. There are certainly important questions to be answered about algorithmic problem solving, and it's likely to be some time before we see the conclusion of this story. Perhaps it might just require a little more human intervention.  Read next Four 2018 Facebook patents to battle fake news and improve news feed Facebook, Apple, Spotify pull Alex Jones content Time for Facebook, Twitter and other social media to take responsibility or face regulation

BBC is set to embrace the AI revolution with open arms. Last week, it announced a new BBC 4.1 AI TV. This aims to bring “two nights of experimental programming” featuring the new and classic programmes that explore AI. The programme will launch on BBC four on two nights: 4-5 September with Dr. Hannah Fry as the presenter. It will also feature a “virtual co-presenter". BBC 4.1 AI TV promo ‘BBC 4.1 AI TV’ will feature 'Made by Machine: When AI met The Archive', an experimental programme partly made by artificial intelligence, trained to show information dating back to 1953 from well over 250,000 TV programmes. This approach manually would have been impractical as it would take hundreds of hours. But, with the help of latest AI technology from BBC Research & Development, it provided BBC four with a more manageable selection of shows. “The AI learnt what BBC Four audiences might like, based on the channel’s previous schedules and programme attributes, and then ranked programmes it thought were most relevant,” says BBC. It will be broadcasting a selection of programmes that haven’t been seen in years. The programme on BBC 4.1 AI TV features four sections of archive clips edited together that follows the sequence as mentioned below: In the first segment, the AI learns to detect different attributes of the scene such as what a scene consists of, the type of landscape, the objects present, whether people are featured and people’s apparel. This helps the people learn about how a compilation is created with each scene following up from the last. For the second segment, the subtitles or archive programmes are scanned to put together a footage by looking for links between words, topics and themes. The third segment consists of AI analyzing the activity levels on screen ( whether they are high or not ). It then attempts to create a compilation that moves back and forth between high energy and low energy scenes. The fourth sequence combines all its learned to create an altogether new piece of content. According to Cassian Harrison, Channel Editor, BBC Four, “ In collaboration with the BBC's world-beating R&D department, AI TV will explore -- and demonstrate just how AI and machine learning might inform and influence programme-making and scheduling, while also resurfacing some gems from the BBC Four archive along the way”. Also, “Helping BBC Four scour BBC’s vast archives more efficiently is exactly why we’re developing this kind of AI --  and has massive benefits for BBC programme makers and audiences -- Made By Machine: When AI Met The Archive gives people an unprecedented look under the hood” says George Wright, Head of Internet Research and Future Services, BBC R&D. For more coverage on this news, check out the official BBC announcement. Baidu announces ClariNet, a neural network for text-to-speech synthesis Nvidia and AI researchers create AI agent Noise2Noise that can denoise images How Amazon is reinventing Speech Recognition and Machine Translation with AI  

The Microsoft research team announced a new key-value store named FASTER at SIGMOD 2018, in June. FASTER offers support for fast and frequent lookups of data. It also helps with updating large volumes of state information which poses a problem for cloud applications today. Let’s consider IoT as a scenario. Here billions of devices report and update state like per-device performance counters. This leads to applications underutilizing resources such as storage and networking on the machine. FASTER helps solve this problem as it makes use of the temporal locality in these applications for controlling the in-memory footprint of the system. According to Microsoft, “FASTER is a single-node shared memory key-value store library”. A key-value store is a NoSQL database which makes use of simple key/value method for data storage. It consists of two important innovations: A cache-friendly, concurrent and latch-free hash index. It maintains logical pointers to records in a log. The FASTER hash index refers to an array of cache-line-sized hash buckets, each with 8-byte entries to hold hash tags. It also consists of logical pointers to records that have been stored separately. A new concurrent and hybrid log record allocator. This helps in backing the index which includes fast storage (such as cloud storage and SSD) and main memory. What makes FASTER different? The traditional key-value stores make use of log-structured record organizations. But, FASTER is different as it has a hybrid log that combines log-structuring with read-copy-updates (good for external storage) and in-place updates (good for in-memory performance). So, the hybrid log head which lies in storage uses a read-copy-update whereas the hybrid log tail part in main memory uses in-place updates. There is a read-only region in memory that lies between these two regions. It provides the core records another chance to be copied back to the tail. This captures temporary location of the updates and allows a natural clustering of hot records in memory. As a result, FASTER is capable of outperforming even pure in-memory data structures like the Intel TBB hash map. It also performs far better than today’s popular key-value stores and caching systems like the RocksDB and Redis, says Microsoft. Other than that, FASTER also provides support for failure recovery as it consists of a recovery strategy in place which helps bring back the system to a recent consistent state at low cost. This is different than the recovery mechanism in traditional database systems as it does not involve blocking or creating a separate “write-ahead log”. For more information, check out the official research paper. Google, Microsoft, Twitter, and Facebook team up for Data Transfer Project Microsoft Azure’s new governance DApp: An enterprise blockchain without mining Microsoft announces the general availability of Azure SQL Data Sync  

Oracle owned Java will no longer provide free public updates of Java SE 8 for commercial use after January 2019. This move is a part of their long term support (LTS) plan. However, for individual personal use the public updates for Oracle Java SE 8 will be available at least till December 2020. Borrowing ideas from Linux releases, Oracle Java releases will now follow LTS. The bi yearly updates will now have minor updates. One of the releases being termed as LTS and Oracle will provide long term support for it (3 years). Other releases will cease getting support when the next version is released. If you are using Java for personal use individually, you will have the same access to Oracle Java SE 8 updates till end of 2020. In most cases, the Java-based applications run on your PCs are licensed by a company other than Oracle. For example, games developed by gaming companies. You won’t have access to public updates beyond the date mentioned, it depends on the gaming company on how they plan to provide application support. Developers are recommended to view Oracle’s release roadmap for Java SE 8 and other versions. Accordingly, you can take action to support your applications. The next LTS version, Java 11 is set to roll out in September 2018. Here is the Oracle Java SE Support Roadmap. Release GA Date Premier Support Until Notification Extended Support Until Sustaining Support 6 December 2006 December 2015 December 2018 Indefinite 7 July 2011 July 2019 July 2022 Indefinite 8 March 2014 March 2022 March 2025 Indefinite 9 (non‑LTS) September 2017 March 2018 Not Available Indefinite 10 (18.3^)(non‑LTS) March 2018 September 2018 Not Available Indefinite 11 (18.9^ LTS) September 2018 September 2023 September 2026 Indefinite 12 (19.3^ non‑LTS) March 2019 September 2019 Not Available Indefinite The roadmap for web deployment and Java FX is different and is listed on their website. This video explains the LTS release model for Java, for more information, visit the official update. Mark Reinhold on the evolution of Java platform and OpenJDK Build Java EE containers using Docker [Tutorial] 5 Things you need to know about Java 10

Google in collaboration with DeepMind is giving the control of cooling several of its data centers completely to an AI algorithm. Since 2016, they have been using an AI-powered recommendation system (developed by Google and DeepMind) to improve the energy efficiency of Google’s data centers. This system made recommendations to data center managers, leading to energy savings of around 40 percent in those cooling systems. Now, Google is completely handing the control over to cloud-based AI systems. https://twitter.com/mustafasuleymn/status/1030442412861218817 How Google’s safety-first AI system works Google’s previous AI engine required too much operator effort and supervision to implement the recommendations. So they explored a new system that could give similar energy savings without manual implementation. Here’s how the algorithm does it. A large number of sensors are embedded in the cooling center. The cloud-based AI system monitors the data centers and every five minutes pulls a snapshot of the data center. It then feeds this snapshot into deep neural networks, which predict how different combinations of potential actions will affect future energy consumption. The AI system then identifies which actions will minimize the energy consumption while satisfying safety constraints. Those actions are sent back to the data center, where the actions are verified by the local control system and then implemented. To ensure safety and reliability, the system uses eight different mechanisms to ensure it behaves as intended at all times and improve energy savings. The system is already delivering consistent energy savings of around 30 percent on average, with further expected improvements. Source: DeepMind Blog In the long term, Google wants to apply this technology in other industrial settings, and help tackle climate change on an even grander scale. You can read more about their Safety-first AI on DeepMind’s Blog. DeepMind Artificial Intelligence can spot over 50 sight-threatening eye diseases with expert accuracy. Why DeepMind made Sonnet open source. How Google’s DeepMind is creating images with artificial intelligence.

Programming languages are the foundations of all the existing technology that we are surrounded with. Developers, tech enthusiasts, and others keep themselves updated with the latest programming languages to be abreast with the advancements happening within each of it. Popular survey websites such as TIOBE, Redmonk, StackOverflow, IEEE spectrum, etc. help people to know about the trending top programming languages and where their favorite language stands. Out of these, the IEEE spectrum and StackOverflow showcase their ranking surveys annually. Whereas TIOBE does it every month and Redmonk does it semi-annually. From the two annual survey providers, Stack Overflow takes in surveys from 56,033 coders in 173 countries  whereas IEEE spectrum’s survey synthesizes rankings from 10 sources including Google search of “X programming” Google Trends Twitter GitHub StackOverflow Reddit Hacker News CareerBuilder Dice IEEE Xplore Digital Library The IEEE spectrum aggregates different kinds of statistical data with a view to generate the most reliable ranking. It also gives the most personalized ranking. The interactive interface allows readers to filter by search trends, job trends, or open source community trends. You can even modify the weighting of each dimension, enabling an extremely personalized ranking. Of the five popular language ranking surveys and our own Packt’s Skill Up survey 2018, the top 10 programming languages for this year include, Top 10 languages across popular surveys     Stack Overflow Redmonk TIOBE IEEE Spectrum Packt Skill Up Survey JavaScript JavaScript Java Python Java HTML Java C C++ JavaScript CSS Python C++ C Python SQL PHP Python Java C# Java C# Visual Basic C# SQL Bash/Shell C++ C# PHP C++ Python CSS PHP R C C# Ruby JavaScript JavaScript PHP PHP C SQL Go Swift C++ Swift Assembly Assembly Go Our Takeaways from IEEE survey What was obvious Python in the top 3: Python has been bagging the top position at the IEEE spectrum for two years in continuation now. It is the easiest programming language of all with an easy-going syntax. However, IEEE mentions the reason for Python to be at the zenith is because it is now listed as an embedded language. Go in the top 10 list: Google’s Go has risen from the 7th position last year to the 5th this year. Its speed, simplicity, reliability, cross-platform ability, native concurrency, easy deployment makes it the go-to cloud-native language for developers. Thus, making it the fastest growing programming language. Java, C++, C, C# in the top 5: These legendary languages are still in the top 5 due to its large scale industry-wide adoption and an established community. Also, many professional developers have been working on these languages since years and find it difficult to migrate to any new programming language making these stay at the top. R language drops down a notch: The language for statistics and big data, R has stepped down from its 6th position to a 7th position. R’s decline could be due to the popularity of Python due to the high-quality Python libraries for both statistics and machine learning. This makes statistics and big data more flexible to turn to Python than the more specialized R. What was surprising? Kotlin language not included in the list: The recently popular programming language for Android development is missing from IEEE’s survey list. Many developers use Kotlin instead of Python and Java for internal app development (console apps, OpenGL-apps, threaded socket servers, etc). Kotlin also eases porting of code from Python to Kotlin. Many promising languages missing from the IEEE list: Languages such as Typescript, Dart are missing. Typescript is the superset of JavaScript, which lacks a type system. The introduction of Typescript adds optional static typing to Javascript. Similarly, Dart is the also a useful language and can be used to program front-end applications. It is easy to use with a non-existent learning curve. Matlab and Assembly languages maintain their positions: Matlab is used for scientific computing and mathematical processing. First released in 1984, it is one of the oldest languages after Assembly still maintaining the 11th position in this list. It is widely used in Academics and research and hence is never outdated. Similarly, Assembly, the oldest form of programming, at the 10th position is still relevant to many developers. This is because it supports fast code with the absence of a compiler and is the best bet for machine level programming. Javascript not in the top 5: Being one of the dominant languages on the web front-end development, JavaScript is at the 8th position in IEEE’s list. This must be because other languages such as TypeScript and WebAssembly are providing an easy way to C/C++ developers What we are skeptical about/don’t agree with PHP might not be in the top 10: PHP is one of the most popular languages for server-side programming. Other programming languages such as Python and Ruby on Rails are competing with PHP by providing a much more simple, useful and powerful coding syntax and tools in the same domain as PHP. Ruby might drop down a few more notches: Although Ruby was the first full-stack language to be used on front and back-end development, it is difficult to learn. Integrating third-party libraries on ruby is also difficult which makes it non-flexible. As there are several options in the market today, I am skeptical Ruby will maintain its current position. Is Swift dropping from its position: Swift programming language was built by Apple Inc. for iOS, macOS, watchOS, and tvOS. Being an Apple-only development environment, developers are moving to multi-platform mobile apps such as Microsoft’s Xamarin, Apache Cordova, and Ionic. This may affect Swift’s user community. Limitations of the IEEE survey The IEEE Spectrum 2018 survey included 47 programming languages ranging from the most widely adopted to the least. However, not all the programming languages were a part of this list. Current popular languages such as Kotlin, Dart, TypeScript, WebAssembly and some others were missing from the list. As per some comments on the IEEE blog, IEEE uses the languages listed in Github. On Github, Visual basic is the common name used for both vb.net and Visual Basic. Also, some languages present in the other surveys are not present in the IEEE survey. For instance, the TIOBE index has PL/SQL at the 20th position. However, the IEEE survey has not mentioned about it. One more limitation it had was, it showed completely different results on different browsers, which Stephen Cass from IEEE spectrum said, “ I'd say it's due to variations in how JQuery/JavaScript is implemented in the different browsers: under the hood, the TPL uses a lot of floating point math, so what you are seeing could be due to differences in precision/rounding, et cetera. Ultimately, I suspect the solution will be to calculate the rankings completely server-side: the underlying code for the TPL is five years old, so we were thinking of overhauling it anyway, and this certainly puts some weight behind that.” Stephen further added, “I should add that we built the TPL primarily using Chrome, so our canonical version of the rankings is the one you see in that browser.” Read more about the other programming languages by IEEE Spectrum in the IEEE blog post Rust 1.28 is here with global allocators, nonZero types and more Racket v7.0 is out with overhauled internals, updates to DrRacket, TypedRacket among others Grain: A new functional programming language that compiles to Webassembly

Yesterday, Microsoft and Amazon announced a public preview of the integration of their intelligent digital assistants, Cortana and Alexa for US users. Both Cortana and Alexa allow each digital assistant to summon each other and access additional apps and services on their Windows 10 PCs and Harman Kardon Invoke speakers. This digital assistant integration was first announced on 30th August last year and was demonstrated at the Microsoft Build Developer Conference, 2018. https://www.youtube.com/watch?v=KxwjnuhNVIY Why did Microsoft and Amazon collaborate Cortana and Alexa? "I want them to have access to as many of those A.I.s as possible", said Jeff Bezos in an interview with The New York times, while putting forth his vision for users to communicate with AIs as they do with their friends while asking them recommendations about a good restaurant or a famous hiking place nearby, and so on. He further stated, "The world is big and so multifaceted. There are going to be multiple successful intelligent agents, each with access to different sets of data and with different specialized skill areas. Together, their strengths will complement each other and provide customers with a richer and even more helpful experience." Satya Nadella, CEO, Microsoft added,"Bringing Cortana's knowledge, Office 365 integration, commitments, and reminders to Alexa is a great step toward that goal". Cortana users can have another way of making their lives easier with a great shopping experience. For instance, if you’re at work but remember you have to get soft drinks for a dinner party in the evening and you’re using their Windows 10 PC, iPhone or Android phone, you can simply ask Alexa to order soft drinks using the preferred payment method for their Amazon account. “Alexa, open Cortana” “Hey Cortana, open Alexa” For trying out this exciting update for Alexa on Cortana, and vice versa, you can simply say “Hey Cortana, open Alexa” on a Windows 10 PC, or “Alexa, open Cortana” on an Echo device. https://twitter.com/tomwarren/status/1029722099789832200 As explained by Amazon in one of its recent posts, “The goal is to have two integrated digital assistants who can carry out tasks across different dimensions of daily life — at home or work, and on whatever device is most convenient. Currently, Cortana and Alexa can each be enabled as a skill on the other.” In Microsoft Office 365 users can simply ask Cortana to summon Alexa through a PC at work or can use Alexa to order groceries, adjust the thermostat before heading home for the day. Also before heading to work, one could enlist Cortana through an Echo device to preview a daily calendar, add an item to a to-do list or check for new emails while making breakfast in the kitchen. As a part of this latest public preview, users can freely offer their feedback on how they can help both the communities in improving the Alexa+Cortana experience. The feedback will be based on what the users like, what they did not, and what features they use the most. With customer feedback, the experience will keep getting better and more precise as more people use it and as changes are updated to the underlying algorithms. “Engineers will use feedback from the public preview to deepen the collaboration between Cortana and Alexa”, stated Jennifer Langston in Amazon’s official post. Read more about this collaboration in detail on the  Amazon blog and Microsoft blog. Amazon Alexa and AWS helping NASA improve their efficiency Amazon Echo vs Google Home: Next-gen IoT war Microsoft Azure’s new governance DApp: An enterprise blockchain without mining

About a thousand Google employees frustrated with a series of controversies involving Google have signed a letter to demand transparency on building a censored search engine for China. The project named Dragonfly is a censored search engine for the Chinese market. In the letter employees mentioned, “Currently we do not have the information required to make ethically-informed decisions about our work, our projects, and our employment.” The letter published by the Buzzfeed news was circulated on Google’s internal communications system and is signed by about 1400 Googlers. The Dragonfly project will be Google’s return to China after 8 years of withdrawal from its decision to protest against censorship and government hacking. China has the world’s largest internet audience but has frustrated American tech giants with content restrictions or outright blockages of services including Facebook and Instagram. Crisis already hailing in Google This is not the first time Google’s outspoken workforce has been agitated by changes in strategy. In April, the internet company’s employees spoke out against its involvement in a Pentagon program that uses artificial intelligence to improve weaponry. Over 4,000 employees signed a petition asking the company to cancel it. A dozen engineers resigned in protest, and Google eventually promised not to renew the contract. Following that uproar, Google published AI ethics guidelines for the company. The letter about Dragonfly that's currently being circulated inside the company, argues that those guidelines are not enough and employees further added, "As a company and as individuals we have a responsibility to use this power to better the world, not to support social control, violence, and oppression," the letter reads. "What is clear is that Ethical Principles on paper are not enough to ensure ethical decision making. We need transparency, oversight, and accountability mechanisms sufficient to allow informed ethical choice and deliberation across the company." What does Google’s management say Allison Day, a program manager at Google is not shocked by this outrage and says to the Buzzfeed news, “I can see the bottom line for any corporation is growth, and [China] represented a gigantic market,” she said. “The ‘Don’t be Evil’ slogan or whatever is, you know… It’s not a farce. I wouldn’t go so far as to say that. But it is a giant corporation, and its bottom line is to make money.” Google CEO Sundar Pichai has repeatedly expressed interest in the company making a return to China, which it pulled out of for political reasons in 2010. Pichai’s apparent decision to return, which was not addressed companywide before Thursday, has caused some employees to consider leaving the company altogether. “There are questions about how [Dragonfly] is implemented that could make it less concerning, or much more concerning,” an anonymous Google employee said. “That will continue to be on my mind, and the mind of other Googlers deciding whether to stay.” The Dragonfly project secrecy Two Google employees who were working on Dragonfly were so disturbed by the secrecy that they quit the team over it. Developers who were working on the project had been asked to keep Dragonfly confidential — not just from the public, but also from their coworkers. Even more upsetting to some employees is the fact that the company has blocked off internal access to Dragonfly’s code. Managers also shut down access to certain documents pertaining to the project, according to the Intercept. Employees feel that this is a special kind of betrayal and erosion of trust because they talk and act like, “Once you’re at Google, you can look up the code anywhere in the code base and see for yourself.” “We pride ourselves on having an open and transparent culture,” said the anonymous Google developer. “There [are] definitely employees at the company who are very frustrated because that’s clearly not true.” Google has not responded to specific questions about Dragonfly from the Intercept, nor to Bloomberg, nor to BuzzFeed News, only saying in a statement, “We don’t comment on speculation about future plans.” An anonymous Google developer said, “Even though a lot of us have really good jobs, we can see that the difference between us and the leadership is still astronomical. The vision they have for the future is not our vision.” Google releases new political ads library as part of its transparency report Google is missing out $50 million because of Fortnite’s decision to bypass Play Store Google’s censored Chinese search engine is a stupid, stupid move, says former exec Lokman Tsui

Identifying and authenticating users on the web is a cakewalk, thanks to the use of HTTP cookies. They allow website developers to store user’s website preferences or authentication tokens in the browsers. On the other hand, users can remain logged into a website without the need to re-enter their credentials again and again. Win-Win situation for everybody, right? Hold your horses. Due to the ever-evolving web, the way these cookies are implemented leave some space for hackers to perform intrusive attacks. Exploiting this domain, researchers at Belgium's Catholic University in Leuven bagged the Distinguished Paper prize this year at the Usenix Security Conference for their award-winning presentation on, “Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie Policies”. How did the team discover these web security loopholes? The authors managed to reveal an array of surprisingly devastating and never-seen-before tracking techniques. These techniques were to identify web-users who were using privacy tools that were supplied by browser-vendors and also third-party tracking-blocking tools. They tested a total of 7 browsers and 46 browser extensions. The tracking techniques used  Appcache API; "lesser-known HTML tags"; the Location response-header; various <meta> redirects; Javascript in PDF tables, Javascript's location.href property; and various service workers to track users across various sites. These techniques managed to bypass the privacy protection settings of the stock browser privacy protections. Apart from that, they also managed to fiddle with the latest privacy settings of Firefox. The techniques were advanced enough to work against popular cookie-blocking/ad-blocking/script-blocking browser extensions. Thankfully, there are no real-world concerns about these techniques being exploited. The researchers tipped off the browser vendors before they went public. This should stand as a lesson for browsers to be better equipped to defend against these tactics.  But until then, we're all vulnerable to websites using these tactics to track virtually everywhere! Here is a snapshot of the results that the team came across: Source: wholeftopenthecookiejar.eu Exploits and their Countermeasures as explored by the Researchers The team has not only come up with a list of 10 exploits but also have suggested measures to combat them. Here is the list, in brief, to give you a short gist- #1 Bypasses for the Opera AdBlocker discovered While the built-in ad blocker is enabled, the team discovered that requests to cross-site blacklisted domains can still be sent using various mechanisms in Opera. #2 Various bypasses discovered for the same-site cookie policy in Edge The same-site cookie policy implemented by Edge can be bypassed in multiple ways. #3 The option to block third-party cookies in Safari 10 does not exclude cookies set in the first-party context from future cross-site requests In Safari 10 when users enable "allow cookies from the current website only", cookies that are set in a first-party context are still included in cross-site requests. Safari blocks only the setting of cookies and not the sending of cookies. #4 Enabling the option to block third-party cookies in Edge has no effect Even when users enable the option to block third-party cookies in Edge, they are still included in all requests. #5 The option to block third-party cookies can be bypassed in Chromium through PDF files JavaScript embedded in PDF files can be used to send GET or POST requests to a cross-site domain. In Chromium, this bypasses the option to block third-party cookies. Affected Browsers are Chrome and Opera. #6 Cross-site requests initiated by PDF files bypass the WebExtentension API provided by Chromium Researchers found that extensions such as ad blockers or privacy extensions cannot intercept requests initiated by PDF files that are opened in Chrome or Opera through the WebExtension API. #7 Bypasses for the Firefox Tracking Protection discovered Firefox Tracking Protection can be bypassed easily by various mechanisms. Cross-site requests directed at blacklisted domains can be sent while this counter measurement is enabled. #8 Requests initiated by the AppCache API are not easily distinguished from requests initiated by browser background processes. Once again, in the Firefox browser, It is posing to be a difficult task for extension developers to distinguish requests initiated by the browsers background processes from requests initiated by websites. #9 Requests to fetch the favicon are not interceptable by Firefox extensions Looks like Firefox had a lot to fix in its extensions, as they were not able to intercept (cross-site) requests to fetch the favicon through the WebExtension API. But this stands fixed right on time. #10 Same-site cookie policy bypass discovered in Chromium Prerender functionality can be leveraged to initiate cross-site requests. This can be done including same-site cookies assigned the value strict. This bug was not detected anymore for multiple versions starting from Chrome 62, however, the bug returned in Chrome 66, 67 and 68. You can read the entire catalog to understand how your cookies are at stake (pun intended). The browser vendors have been made aware of these bugs and solutions have been proposed to rectify browser API’s and tools to deal with these exploits. Along with the aforementioned reports, wholeftopenthecookiejar.eu includes a breakdown of every test that researchers carried out against each of the 7 browsers, 46 extensions, and what version. You can read the paper presented by Gertjan Franken, Tom Van Goethem and Wouter Joosen for an inside view of why they won the award and we are sure you will agree with the same! 10 great tools to stay completely anonymous online Mozilla’s new Firefox DNS security updates spark privacy hue and cry Top 5 cybersecurity trends you should be aware of in 2018

Golang team released Golang 1.11 rc1 version, earlier this week. The latest release explores features like web assembly (js/wasm ), preliminary support for modules and improved support for debuggers among others. Golang is currently one of the fastest growing programming languages in the software industry. Golang’s easy syntax, concurrency, and fast nature are few of the reasons for its popularity. It is a modern programming language, created by Google back in 2009 for the 21st-century application development. Let’s have a look at the key features that come with Golang 1.11 rc1. WebAssembly ( js/wasm) WebAssembly is different in the sense that it is not processed by a CPU directly, but instead, it is an intermediate representation which is compiled to actual machine code by the WebAssembly runtime environment. Now, Go 1.11 rc1 has added an experimental port to WebAssembly (js/wasm). Go programs used to compile to only one WebAssembly module. These modules include the Go runtime for goroutine scheduling, garbage collection, maps, etc. Because of this, the resulting size would be around 2 MB, or 500 KB compressed. Go programs can call into JavaScript with the help of new experimental syscall/js package. Now, with new GOOS value "js" and GOARCH value "wasm" added to the web assembly, Go files named *_js.go or *_wasm.go will now be ignored by Go tools except for cases when GOOS/GOARCH values are being used. The GOARCH name "wasm" is the official abbreviation of WebAssembly. The GOOS name "js" is due to the host environment that executes WebAssembly bytecode are web browsers and Node.js, both of which use JavaScript to embed WebAssembly. Preliminary support for modules Go 1.11 rc1 offers preliminary support for a new concept called “modules,” which is an alternative to GOPATH with integrated support for versioning and package distribution. With modules, developers are not limited to working inside GOPATH. Also, the version dependency information is explicit yet lightweight, and builds are more reliable. Improved support for debuggers The compiler in Go 1.11 rc1 now produces significantly accurate debug information for optimized binaries. This includes variable location information, line numbers, and breakpoint locations. Due to this, it is easier to debug binaries compiled without -N -l. There are still few limitations to the quality of the debug information which will improve with the future releases. DWARF sections have been compressed by default. This is due to the accurate debug information produced by the compiler. This is transparent to most ELF tools (like debuggers on Linux and *BSD) and is supported by the Delve debugger on all platforms.   Other changes Many direct system calls have been removed from the macOS runtime. Go 1.11 binaries are now less likely to break on upgrading macOS version because system calls are made through the proper channel (libc). Go 1.11 is expected to be released later this month. For more information, check out the official release notes. Writing test functions in Golang [Tutorial] How Concurrency and Parallelism works in Golang [Tutorial] GoMobile: GoLang’s Foray into the Mobile World

After acquiring Nervana, Mobileye, and Movidius, Intel has now bought Vertex.ai and is merging it with their artificial intelligence group. Vertex.ai is a Seattle based startup unicorn with the vision to develop deep learning for every platform with their PlaidML deep learning engine. The terms of the deal are undisclosed but the 7-person Vertex.ai team including founders Choong Ng, Jeremy Bruestle, and Brian Retford will become a part of Movidius in Intel’s Artificial Intelligence Products Group. Vertex.ai was founded in 2015 and initially funded by Curious Capital and Creative Destruction Lab, among others. Intel said in a statement "With this acquisition, Intel gained an experienced team and IP (intellectual property) to further enable flexible deep learning at the edge." The chipmaker does intend to continue developing PlaidML as an open source project. They will shortly transition it to the Apache 2.0 license from the existing AGPLv3 license. The priority for PlaidML will continue to be an engine that supports a variety of hardware with an Intel nGraph backend. “There’s a large gap between the capabilities neural networks show in research and the practical challenges in actually getting them to run on the platforms where most applications run,” Ng stated on Vertex.ai’s launch in 2016. “Making these algorithms work in your app requires fast enough hardware paired with precisely tuned software compatible with your platform and language. Efficient plus compatible plus portable is a huge challenge—we can help.” Intel is among many other giants in the tech industry making heavy investments in AI. Their AI chip business is currently at $1B a year. Their PC/chip business makes $8.8B while their data-centric business makes $7.2 billion. “After 50 years, this is the biggest opportunity for the company,” Navin Shenoy, executive vice president said at Intel’s 2018 Data Centric Innovation Summit this year. “We have 20 percent of this market today…Our strategy is to drive a new era of data center technology.” The official announcement is stated in the Vertex.ai website. Intel acquires eASIC, a custom chip (FPGA) maker for IoT, cloud and 5G environments Intel’s Spectre variant 4 patch impacts CPU performance SingularityNET and Mindfire unite talents to explore artificial intelligence

For a powerful, high quality mobile device experience, Google recently rolled out the Go edition of its AI packed Android 9.0 Pie version. The Go edition comes with additional storage of upto 500 MB, faster boot time, better security and more improvements for entry level phones. Source: Google Blog page Added Google Go features: A first time smartphone user will be able to experience a fully redesigned set of Google apps with the Go edition. Let us look at each in detail: Google Go will read aloud your webpages and highlight each word so you can follow along. YouTube Go will let you download videos and save it as in the Gallery mode using less data. Maps Go features navigation, making it possible for people with Go edition devices or unstable connections to use turn-by-turn directions whether you’re traveling by car, by bus, or on foot. Files Go, which has saved users ~90TB of space since launch, is now capable of transferring data peer-to-peer, without using mobile data, at speeds up to ~490Mbips. Assistant Go supports additional languages including Spanish, Brazilian Portuguese and Indonesian. It has expanded support for device actions like controlling Bluetooth, camera, flashlight and added reminders. Android Messages App for Android (Go edition) is now ~50 percent smaller in size and the Phone App includes caller ID and spam detection. "We welcomed our first wave of Android (Go edition) phones this April, and now there are more than 200 devices available in 120+ countries including India, South Africa, US, Nigeria and Brazil." says Sagar Kamdar, Director of Product Management, Google. Devices that participated in the P Beta programme include Sony Mobile, Xiaomi, HMD Global, Oppo, Vivo, OnePlus and all other qualifying Android One devices. To read the full coverage of the Go edition, visit the official Google blog page. Introducing Android 9 Pie, filled with machine learning and baked-in UI features Android 9 pie’s Smart Linkify: How Android’s new machine learning based feature works All new Android apps on Google Play must target API Level 26 (Android Oreo) or higher, to publish

Salesforce has open sourced TransmogrifAI, their end-to-end automated machine learning library for structured data. This library is currently used in production to help power Salesforce Einstein AI platform. TransmogrifAI enables data scientists at Salesforce to transform customer data into meaningful, actionable predictions.  Now, they have open-sourced this project to enable other developers and data scientists to build machine learning solutions at scale, fast. TransmogrifAI is built on Scala and SparkML that automates data cleansing, feature engineering, and model selection to arrive at a performant model. It encapsulates five main components of the machine learning process: Source: Salesforce Engineering Feature Inference: TransmogrifAI allows users to specify a schema for their data to automatically extract the raw predictor and response signals as “Features”. In addition to allowing for user-specified types, TransmogrifAI also does inference of its own. The strongly-typed features allow developers to catch a majority of errors at compile-time rather than run-time. Transmogrification or automated feature engineering: TransmogrifAI comes with a myriad of techniques for all the supported feature types ranging from phone numbers, email addresses, geo-location to text data. It also optimizes the transformations to make it easier for machine learning algorithms to learn from the data. Automated Feature Validation: TransgmogrifAI has algorithms that perform automatic feature validation to remove features with little to no predictive power. These algorithms are useful when working with high dimensional and unknown data. They apply statistical tests based on feature types, and additionally, make use of feature lineage to detect and discard bias. Automated Model Selection: The TransmogrifAI Model Selector runs several different machine learning algorithms on the data and uses the average validation error to automatically choose the best one. It also automatically deals with the problem of imbalanced data by appropriately sampling the data and recalibrating predictions to match true priors. Hyperparameter Optimization: It automatically tunes hyperparameters and offers advanced tuning techniques. This large-scale automation has brought down the total time taken to train models from weeks and months to a few hours with just a few lines of code. You can check out the project to get started with TransmogrifAI. For detailed information, read the Salesforce Engineering Blog. Salesforce Spring 18 – New features to be excited about in this release! How to secure data in Salesforce Einstein Analytics How to create and prepare your first dataset in Salesforce Einstein

Every C programmer has ideas about writing better C code. Comment first, agile, use this compiler etc. The Barr Group recently released a coding standards guideline for embedded C, which is also available as a freely downloadable ebook. The guidelines are grouped rules that fall under 8 broad categories (general, comments, white space, module, data type, procedure, variable and statements). Michael Barr is the CTO and co-founder of Barr Group. He has a Masters in electrical engineering, was an adjunct professor in electrical engineering/computer science and founded a company called Netrino and the Barr group for embedded systems consulting. He was also the Editor-in-Chief of the Embedded Systems Programming magazine. He has decades of experience so this should prove to be a great reference guide. What are these C guidelines about? C is pretty open-ended and leaves a lot of space of misuse. That is, a lot of bad code can be written in C. Any programming language can’t really prevent bad code, people have different approaches, some less efficient than the others. In the guidelines, Barr lists ways to change habits while coding. He states in his guideline book “The reliability, readability, efficiency, and sometimes portability of source code is more important than programmer convenience.” His also talks about MISRA C, the 20-year-old guideline created to promote more reliable programming. MISRA still is the gold standard for many embedded programmers. But MISRA avoids many issues of style, indentation, naming conventions, casings, and so on. But Barr does not shy away from any of that. It’s good to follow rules It isn’t uncommon for programmers to overlook the simple stuff. For example, they don’t bother with using braces for simple statements just because the language allows you to do so. Rule 1.3 states that all blocks however trivial should be enclosed in braces. The reasoning is “There is considerable risk associated with the presence of empty statements and single statements that are not surrounded by braces. Code constructs like this are often associated with bugs when nearby code is changed or commented out. This risk is entirely eliminated by the consistent use of braces. The placement of the left brace on the following line allows for easy visual checking for the corresponding right brace.” The employer owns the software/code you write. The employer would naturally expect you to follow the best known industry standards for the code to be least buggy and maintainable as possible. In addition, the C language is also not standard throughout, different compilers can produce different runtimes from the same code. This happens even if your code is clean and adhering to all ISO standards. Write legible code The code you write will most likely be used in the future. A short but dense code block can make you feel clever but will lack legibility. We are way past the times to bother about extra lines of code or comments taking up floppy disk space. Write for readability, comment generously, indent your loops and compound statements. Many seasoned programmers may already know or practice many of the rules stated in the book. But nonetheless it can serve as a really good reference guide for beginners and veterans alike. There are eight sections of rules with subsections in them. These were just some of the ideas presented in the guidelines, you can get the free PDF download or and if your prefer, the paperback version is available on Amazon. The 5 most popular programming languages in 2018 Polymorphism and type-pattern matching in Python [Tutorial] Qml.Net: A new C# library for cross-platform .NET GUI development