Tech News

Facebook has launched a 6-part video series dedicated to providing practical tips about how to apply machine-learning capabilities to real-world problems. The Facebook Field Guide to Machine Learning is developed by the Facebook ads machine learning team. The development process of an ML model Source: Facebook research The video series will cover how the entire development process works. This includes what happens during the training of machine learning models and what happens before and after the training process in each step. Each video also includes examples and stories of non-obvious things that can be important in an applied setting. The video series breaks down the machine learning process into six steps: Problem definition It is necessary to have the right set up before you go about choosing an algorithm. The first video, Problem definition, talks about how to best define your machine learning problem before going into the actual process. You save almost a week’s worth of time by spending just a few hours at the definition stage. Data This tutorial teaches developers how to prepare the training data. The training data is a powerful variable to create high-quality machine learning systems. Evaluation The third lesson talks about the steps to evaluate the performance of your machine learning model. Features The fourth tutorial explains examples of various features such as categorical, continuous and derived features. It also describes how to choose the right feature for the right model. The video also talks about changing features, feature breakage, leakage, and coverage. Model The next lesson describes how to choose the right machine learning model for your data and find the algorithm to implement and train that model. It also offers tips and tricks for picking, tuning and comparing models. Experimentation The final tutorial covers experimentation, which is about making your experiments actionable. A large part of the tutorial is dedicated to the difference between offline and online experimentation. The entire video series is available on the Facebook blog for you to watch. Microsoft start AI School to teach Machine Learning and Artificial Intelligence Soft skills every data scientist should teach their child Google introduces Machine Learning courses for AI beginners

Facebook open-sourced a new library Fizz (a TLS 1.3 library) for securing websites against cyberattacks and improving its focus on safe data traversal across the internet. TLS  1.3 is now taking good shape, as Facebook has claimed that it’s secured and running more than 50% of its web traffic via TLS1.3 and Fizz. Since the Facebook infrastructure is so widespread, a protocol like the TLS is of much importance. Solving the SSL issues of both latency and data exposure, the TLS protocol also uses a stronger encryption for messages to maintain the privacy of certificates and redesigns the way secret keys are derived while using a zero round-trip connection setup to accelerate requests. Thus, TLS overcomes the shortcomings of the previously used SSL protocol. What problem does Fizz solve for Facebook? Assisting the Internet Engineering Task Force’s efforts to improve the TLS protocol, Fizz will now play its own part. One of the major issues faced by the engineers at Facebook was writing data to huge chunks of memory. This led to an increase in resource overhead and reduced the servers’ speed. To combat this issue, Fizz will divide the data into smaller chunks and then move it into memory while encrypting it in place. This simple technique called as “Scatter/gather I/O” processes data much more efficiently.   Scatter/Gather I/O Source: code.fb.com The next big thing that Fizz aims to do is replace the previously deployed Zero protocol with TLS 1.3. The zero protocol enabled Facebook to experiment with the 0-RTT secure connections. The 0-RTT reduced the latency of requests and the overhead needed to deploy TLS. Fizz has now taken over the zero protocol by providing zero copy encryption and decryption, tight integration with other parts of the infrastructure while reducing usage of memory and CPU. This improves user experience, particularly on app startup when there are no existing connections to reuse. All this is done at the same speed as the zero protocol but provides a 10-percent higher throughput. In today’s world, servers are scattered everywhere! Keeping in mind that these servers usually want to be able to make calls to services in other locations in the middle of a handshake, asynchronous IO becomes very important.  Fizz, therefore, provides a simple async application programming interface (API).  Any callback from Fizz can return an asynchronous response without blocking the service from processing other handshakes. It is also very easy to add new asynchronous callbacks to Fizz for other use cases. Fizz also provides developers with easy-to-use API’s to send “early data” immediately after the TCP connection is established. Early data reduces the latency of requests. Fizz is comprised of secure abstractions. This helps catch bugs during compile time rather than at runtime, thereby preventing mistakes. This open source provision from Facebook aims to be better than its SSL predecessor at preventing attacks. It would be interesting to see how the crowd takes advantage of the  library! Head over to the official FB documentation to know more about this robust library. Facebook is investigating data analytics firm Crimson Hexagon over misuse of data Facebook plans to use Bloomsbury AI to fight fake news Time for Facebook, Twitter and other social media to take responsibility or face regulation    

The newest version of V8 is now out in its beta form and is expected to go fully live with the Chrome 69 Stable in a couple of weeks time. Considering that there is a new branch of V8 created every 6 weeks, this newly released version of the JavaScript Engine has multiple features that will have developers on the lookout for its full and proper release. Here are some of the features that are expected to improve the previously released versions. Embedded built-ins saving memory The newly released version supports a host of built-in functions. Examples are methods on built-in objects such as Array.prototype.sort and RegExp.prototype.exec, but also a wide range of internal functionality. Built--in functions cause a huge overhead as they are complied at build-time. They are then serialized into a snapshot and finally deserialized at runtime to create the initial JS heap state. In the entire process, they consume around 700KB in each Isolate (an Isolate roughly corresponds to a browser tab in Chrome). To combat this issue, V8 V6.4 included lazy deserialization which meant that that each Isolate only paid only for the built-ins that it actually needs (but each Isolate still had its own copy). Embedded built-ins take this feature a notch higher. This is shared by all Isolates, and embedded into the binary itself instead of copied onto the JavaScript heap. This means that built-ins exist in memory only once regardless of how many Isolates are running. This has led to a 9% reduction of the V8 heap size over the top 10k websites on x64. Of these sites, 50% save at least 1.2 MB, 30% save at least 2.1 MB, and 10% save 3.7 MB or more. Improved performance Liftoff, WebAssembly’s new baseline compiler, helps complex websites that use big WebAssmbly modules to start up faster. Depending on the hardware, there is more than 10x increase in the speed of the system when the latest V8 is used. Faster DataView operations DataView methods have been revamped in V6.9. As compared to previous versions, where calling C++ was costly, this new version has reduced the same. Moreover, using DataViews is now proving to be efficient thanks to the inline calls to DataView methods when compiling JavaScript code in TurboFan. This has resulted in better peak performance for hot code. Faster processing of WeakMaps during garbage collection V8 v6.9 also looks at improving WeakMap processing. It reduces Mark-Compact garbage collection pause times thus leading to faster operations. Concurrent and incremental marking can now process WeakMaps. Previously all this work was done in the final atomic pause of Mark-Compact GC. Since moving all of the work outside the pause isn’t suitable, the GC now also does more work in parallel to further reduce pause times. These optimizations essentially halved the average pause time for Mark-Compact GCs in the Web Tooling Benchmark. WeakMap processing uses a fixed-point iteration algorithm. This can degrade to quadratic runtime behavior in certain cases. The new release is now able to switch to another algorithm that is guaranteed to finish in linear time if the GC does not finish within a certain number of iterations. Previously, the GC took a few seconds to finish even with a relatively small heap, while the linear algorithm finishes the processing within a few milliseconds. Head over to the github page for more information on V8. You can also visit the official blog of the V8 javaScript engine for more clarity on the release. 5 JavaScript machine learning libraries you need to know HTML5 and the rise of modern JavaScript browser APIs [Tutorial] JavaScript async programming using Promises [Tutorial]

Chances are that you have already noticed the changes in your everyday Google apps like Gmail, Google News, Google Chrome. This change is a part of the bigger overhaul in Google’s design strategy. They are calling it the material redesign. This video shows in great detail the fluidic design implemented by Google in its latest update. The real question is where is it leading us? Is it just a superficial update or is there a larger motive behind it? Material design was first launched by Google back in 2014. The basic principle was based on two factors: Unification: A Visual language which works across the platform. Intuition: Core principle of Material Design is how “Material / Surface” behaves. This makes it almost obvious to the user what will happen on the interaction. Although Google aimed at removing design inconsistencies across different devices and manufacturers, the material design became more of a constraint rather than a guiding light. The apps which failed to imbibe the material design principles in them, seemed messy. There was a lot of flack aimed at Google for this high handed behavior. The main complaint was that the apps looked bland, and that they all looked similar with similar buttons and themes. Google have been since then trying to create a better version of its flagship project. The motivation for this is however something bigger. It’s almost impossible to bring Android under one common umbrella because there has been so many other instances of it running on different devices. This experiment on material design is their way of trying out the new display and UI system before they launch their new project Fuchsia which has been under development for some time. The reason why Google has given a new look to all its current apps is to change the way GUIs (Graphical User Interface) work and function. We are somewhat still using the same GUI based systems developed almost a decade ago. Google is trying to bring a change in that aspect. With the new material design update, Google has given the developers the freedom to choose from designs and themes without messing up their app. So you can now customize your app and the way it looks, have a brighter color palette and yet have it follow the Material Design paradigm. This also tries is to make interacting with apps much easier, without having a full app launch. That’s how, you can use the new Gmail from the notification window and even add pictures in it from there. All of these changes, point towards a movement away from the traditional GUI based system. At the heart of it is the Google Assistant and the Google AI. The vision is really interesting. You won’t have to look at your phone and manually navigate between apps. Your voice command will do it for you, smart assistant will find out the answers of your queries from the web. The Google AI system will filter the best results curated for you and won’t just aggregate them and dump it at your screen. All of this will be done from a UI that will be something similar to the present day material design UI. Google’s Smart Display – A push towards the new OS, Fuchsia Google Fuchsia: What’s all the fuss about? Introducing Android 9 Pie, filled with machine learning and baked-in UI features Android P new features: artificial intelligence, digital wellbeing, and simplicity

Blockchain is an open decentralized database. It's the underlying technology for the popular cryptocurrency, Bitcoin. Now, banks and other financial institutions want to apply it to financial transactions. The recently launched IBM Blockchain platform, LedgerConnect is aimed at the financial industry and banking sectors. What is IBM blockchain? IBM, with CLS, a foreign exchange financial group, launched LedgerConnect a week ago. It is a proof of concept blockchain platform designed for companies that provide financial services. Its aim is to apply blockchain technology to a number of challenge areas that are currently not that fast. They also have challenges like tracking a paperwork trail, know your customer (KYC) processes, collateral management, and trades. So far, nine financial companies, including banks like Barclays and Citi, are involved in the trials. With everything being online, delays will likely be reduced by a large margin. According to an IBM report: “With IBM Blockchain, banks can create secure, low-cost and high volume cross-border payments without sacrificing margins.” Why is it important? The IBM website states that 91% of banks are investing in blockchain solutions by 2018. Also, 66% of institutions expect to be in production and running at scale with blockchain. All the transactions being on the same network makes everything much easier. An added advantage is that blockchain is known to be tamper-proof. So the overall security and speed will increase a lot. While the blockchain used in Bitcoin is public, the one used in large companies would be private. Makes sense as you wouldn’t want everyone’s banking and transaction info publically available everywhere. To further understand why blockchains are great for banking applications, read our article, 15 ways to make Blockchains scalable, secure and safe!. Impact of blockchain in banking and finance In the current day, banks work with manual transactions and a considerable amount of paperwork. So transactions like trades and loans take a lot of time, amounting to delays. Cross-border payments are costly and time-consuming. Moreover, making customers provide identification frequently is tedious and decreases customer satisfaction. IBM blockchain aims to address all these pain areas. As the platform is online, blockchain based smart-contracts automatically store information about the transactions in real-time. As a result, there won’t be discrepancies in the data shown in different locations. Transactions on blockchain are identified uniquely with a hash. KYC info will also be more secure since it will be stored in the blockchain that is known for being tamper-proof. Source: IBM infographic Source: IBM infographic LedgerConnect tries to create a network of multiple providers that can provide their applications to be deployed on this platform. Large banks and organizations can come and use those applications creating an app store like ecosystem. The applications in the LedgerConnect “store” are built on Hyperledger Fabric. This project is expected to launch in early 2019 but needs approvals from central banks. To know more about Hyperledger, take a look at our article Hyperledger: The Enterprise-ready Blockchain Implementing blockchain in finance and banking will enable simplicity and operational efficiency while also enhancing the end customer experience. Many of the current challenges can be solved and the time involved can be brought down to minutes from hours. To know more visit the IBM website. Read next: Google Cloud Launches Blockchain Toolkit to help developers build apps easily Oracle makes its Blockchain cloud service generally available Blockchain can solve tech’s trust issues – Imran Bashir

We recently asked whether Dart programming was dead, but news of its death might well have been exaggerated. Version 2 of the programming language has just been released, with a range of updates and changes that should cement its popularity with admirers and win new users too. With Dart playing a big part in Google's much-anticipated Flutter and Fuchsia projects, there's a possibility that version 2.0 represents a brand new chapter in Dart's life. News of a Dart 'reboot' first emerged in February 2018. Anders Thorhauge Sandholm said at the time that “with Dart 2, we’ve dramatically strengthened and streamlined the type system, cleaned up the syntax, and rebuilt much of the developer tool chain from the ground up to make mobile and web development more enjoyable and productive.” It would appear that six months later the team have finally delivered on their promise. They'll be hoping it makes a positive impact on the language's wider adoption. What's new in Dart 2.0? There's a whole host of changes that Dart developers will love, all of which can be found in the changelog on GitHub. Most notable is a stronger typed system, which includes runtime checks that will capture errors more effectively, and, for those developers working on Flutter, you can now create an instance of a class without using the "new" keyword. Among other updates, other key changes to Dart include: "Functions marked async now run synchronously until the first await statement. Previously, they would return to the event loop once at the top of the function body before any code runs." "Constants in the core libraries have been renamed from SCREAMING_CAPS to lowerCamelCase." "...New methods have been added to core library classes. If you implement the interfaces of these classes, you will need to implement the new methods." All the changes you'll find in Dart 2.0 amount to the same thing: improving the developer experience and making the code more readable. The obvious context to all this 'reboot' is that Google is betting on the growth of Flutter and Fuchsia over the next few years. With these improvements, it's possible that we'll begin to see Dart's fortunes changing. CodeMentor may have called Dart the 'worst programming language to learn in 2018' at the start of the year, but it will be interesting to see if it's popularity has grown by the time we hit 2019. You can download Dart 2.0.0 for Windows, Mac, and Linux here.

Google with the aims of re-entering the Chinese market, is in talks with the top companies in China like Tencent Holdings Ltd. (the company which owns the popular social media site, WeChat) and Inspur Group. Its aim is to expand their cloud services in the second-largest economy. According to some people who are familiar with the ongoing discussion, the talks began in early 2018 and Google was able to narrow down to three firms in late March. But because of the US - China trade war there is an uncertainty, whether this will materialize or not. Why is Google interested in cloud partnerships with Chinese tech giants? In many countries, Google rents computing power and storage over the internet and sells the G Suite, which includes Gmail, Docs, Drive, Calendar, and more tools for business. These run on their data centers. It wants to collaborate with the domestic data center and server providers in China to run internet-based services as China requires the digital information to be stored in the country. This is the reason why they need to partner with the local players. A tie-up with large Chinese tech firms, like Tencent and Inspur will also give Google powerful allies as it attempts a second innings in China after its earlier exit from the country in 2010. A cloud partnership with China will help them compete with their rivals like Amazon and Microsoft. With Tencent by their side, it will be able to go up against the local competitors including Alibaba Group Holding Ltd. How Google has been making inroads to China in the recent past In December, Google launched its AI China Center, the first such center in Asia, at the Google Developer Days event in Shanghai. In January Google agreed to a patent licensing deal with Tencent Holdings Ltd. This agreement came with an understanding that the two companies would team up on developing future technologies. Google could host services on Tencent’s data centers and the company could also promote its services to their customers. Reportedly, to expand its boundaries to China, Google has agreed upon launching a search engine which will comply with the Chinese cybersecurity regulations. A project code-named Dragonfly has been underway since spring of 2017, and accelerated after the meeting between its CEO Sundar Pichai and top Chinese government official in December 2017. It has  launched a WeChat mini program and reportedly developing an news app for China. It’s building a cloud data center region in Hong Kong this year. Joining the recently launched Mumbai, Sydney, and Singapore regions, as well as Taiwan and Tokyo, this will be the sixth GCP region in Asia Pacific. With no official announcements, we can only wait and see what happens in the future. But from the above examples, we can definitely conclude that Google is trying to expand its boundaries to China, and that too in full speed. To know more about this recent Google’s partnership with China in detail, you can refer to the full coverage on the Bloomberg’s report. Google to launch a censored search engine in China, codenamed Dragonfly Google Cloud Launches Blockchain Toolkit to help developers build apps easily

Amazon is reportedly working towards shifting its business away from Oracle’s database software by 2020 as per the CNBC report last week. In fact, according to the CNBC report, Amazon has already started to transfer most of its infrastructure internally to Amazon Web services and will shift entirely by the first quarter of 2020. Both the organizations, Amazon and Oracle, have been fierce competitors for a really long time, comparing whose products and services are more superior. But, Amazon has also been Oracle’s major customer. It has been leveraging Oracle’s database software for many years to power its infrastructure for retail and cloud businesses. Oracle’s database has been a market standard for many since the 1990s. It is one of the most important products for many organizations across the globe as it provides these businesses with databases to run their operations on. Despite having started off its business with Oracle, Amazon launched AWS back in 2006, taking Oracle SQL based database head on and stealing away many of Oracle’s customers. This is not the first time news about Amazon making its shift from Oracle has stirred up. Amazon’s plans to move away from Oracle Technology came to light back in January this year. But, as per the statement issued to CNBC on August 1, a spokesperson for Oracle mentioned that Amazon had "spent hundreds of millions of dollars on Oracle technology" in the past many years. In fact, Larry Ellison, CEO at Oracle, mentioned during Oracle’s second quarter fiscal 2018 earnings call that “A company you’ve heard of just gave us another $50 million this quarter to buy Oracle database and other Oracle technology. That company is Amazon.” The recent news of Amazon’s migration has come at a time of substantial growth for AWS. AWS saw 49% growth rate in Q2 2018, while, Oracle’s business has remained stagnant for four years, thereby, putting more pressure on the company. There’s also been an increase in Amazon’s “backlog revenue” ( i.e. the total value of the company's future contract obligations) as it has reached $16 billion from $12.4 billion in May. In addition to this, AWS has been consistently appearing as “Leader” in the Gartner’s Magic Quadrant for Cloud Infrastructure as a Service (IAAS) since past six years. There have also been regular word wars between Larry Ellison and Andy Jassy, CEO AWS, over each other’s performance during conference keynotes and analyst calls. Andy Jassy, CEO at AWS took a shot at Oracle last year during his keynote at the AWS big tech conference. He said “Oracle overnight doubled the price of its software on AWS. Who does that to their customers? Someone who doesn't care about the customer but views them as a means to their financial ends”. Larry Ellison also slammed Amazon during Oracle OpenWorld conference last year saying, “Oracle’s services are just plain better than AWS” and how Amazon is “one of the biggest Oracle users on Planet Earth”. With all the other cloud services such as AWS, Microsoft, Google, Alibaba and IBM catching up, Oracle seems to be losing the database race. So, if Amazon does decide to phase out Oracle, then Oracle will have to step up its game big time to gain back the cloud market share. Oracle makes its Blockchain cloud service generally available Integrate applications with AWS services: Amazon DynamoDB & Amazon Kinesis [Tutorial] AWS Elastic Load Balancing: support added for Redirects and Fixed Responses in Application Load Balancer  

Jens "atom" Steube, the developer of the popular Hashcat password cracking tool recently developed a new technique to obtain user credentials over WPA/WPA2 security. Here, attackers can easily retrieve the Pairwise Master Key Identifier (PMKID) from a router. WPA/WPA2, the Wi-Fi security protocols, enable a wireless and secure connection between devices using encryption via a PSK(Pre-shared Key). The WPA2 protocol was considered as highly secure against attacks. However, a method known as KRACK attack discovered in October 2017 was successful in decrypting the data exchange between the devices, theoretically. Steube discovered the new method when looking for new ways to crack the WPA3 wireless security protocol. According to Steube, this method works against almost all routers utilizing 802.11i/p/q/r networks with roaming enabled. https://twitter.com/hashcat/status/1025786562666213377 How does this new WPA/WPA2 attack work? The new attack method works by extracting the RSN IE (Robust Security Network Information Element) from a single EAPOL frame. RSN IE is an optional field containing the PMKID generated by a router when a user tries to authenticate. Previously, for cracking user credentials, the attacker had to wait for a user to login to a wireless network. They could then capture the four-way handshake in order to crack the key. However, with the new method, an attacker has to simply attempt to authenticate to the wireless network in order to retrieve a single frame to get access to the PMKID. This can be then used to retrieve the Pre-Shared Key (PSK) of the wireless network. A boon for attackers? The new method makes it easier to access the hash containing the pre-shared key, which needs to be cracked. However, this process takes a long time depending on the complexity of the password. Most users don’t change their wireless password and simply use the PSK generated by their router. Steube, in his post on Hashcat, said,"Cracking PSKs is made easier by some manufacturers creating PSKs that follow an obvious pattern that can be mapped directly to the make of the routers. In addition, the AP mac address and the pattern of the ESSID  allows an attacker to know the AP manufacturer without having physical access to it." He also stated that attackers pre-collect the pattern used by the manufacturers and create generators for each of them, which can then be fed into Hashcat. Some manufacturers use patterns that are too large to search but others do not. The faster one’s hardware is, the faster one can search through such a keyspace. A typical manufacturer’s PSK of length 10 takes 8 days to crack (on a 4 GPU box). How can users safeguard their router’s passwords? Creating one’s own key rather than using the one generated by the router. The key should be long and complex by consisting of numbers, lower case letters, upper case letters, and symbols (&%$!) Steube personally uses a password manager and lets it generate truly random passwords of length 20 - 30. One can follow the researcher's footsteps in safeguarding their routers or use the tips he mentioned above. Read more about this new WiFi security attack on Hashcat forum. NetSpectre attack exploits data from CPU memory Cisco and Huawei Routers hacked via backdoor attacks and botnets Finishing the Attack: Report and Withdraw

Google has launched Android 9, the next in line Android Operating system. Named Android Pie, after Android’s convention of naming their OS on sweet treats, Android 9 comes with machine learning based interactive UI, security and privacy features, updates to connectivity and location, and more. With the filling of Machine Learning With Machine learning as its core, Android 9 helps a phone learn, by picking up on user preferences and adjusting automatically. Source: Android Developers Blog Google has partnered with DeepMind for Adaptive Battery that uses machine learning to prioritize system resources for the apps the user frequents the most. Android 9 Pie uses Slices, which are basically UI templates to display interactive content from an app from within other sources such as Google Search app or Google Assistant. It helps users perform tasks faster by engaging users outside of the fullscreen app experience. App Actions takes advantage of machine learning to bring an app to the user at just the right time. It is based on the app's semantic intents and the user's context. Another feature, the Smart Linkify lets users take advantage of the TextClassifier models through the Linkify API, providing options for quick follow-on user actions. Android 9 adds an updated version of the Neural networks API, to extend Android's support for accelerated on-device machine learning. Neural Networks 1.1 adds support for nine new ops. You can take advantage of the APIs through TensorFlow Lite. Baked in UI features Android 9 uses simpler and more approachable UI to help users find, use, and manage their apps. Source: Android Developers Blog There is a brand new system navigation for easily discoverable apps and to make Android's multitasking more approachable. Android 9 also has a display cutout support to take full advantage of the latest edge-to-edge screens. For immersive content, users can use the display cutout APIs to check the position and shape of the cutout and request full-screen layout around it. Messaging apps can take advantage of the new MessagingStyle APIs to show conversations, attach photos and stickers, and suggest smart replies. Android 9 will soon get the support of ML Kit to generate smart reply suggestions. Android 9 uses a Magnifier widget to improve the user experience of selecting text. The Magnifier widget can also provide a zoomed-in version of any view or surface. With the sprinkling of Security and privacy Major updates of Android 9 have been based on preserving the privacy and security of users’ data. Source: Android Developers Blog Android 9 uses the BiometricPrompt API to show the standard system dialog instead of building their own dialog. In addition to Fingerprint (including in-display sensors), the API supports Face and Iris authentication. The Android Protected Confirmation uses the Trusted Execution Environment (TEE) to guarantee that a given prompt string is shown and confirmed by the user. Only after successful user confirmation will the TEE then sign the prompt string, which the app can verify. StrongBox is added as a new KeyStore type, providing API support for devices that provide key storage in tamper-resistant hardware with isolated CPU, RAM, and secure flash. Android 9 adds built-in support for DNS over TLS, automatically upgrading DNS queries to TLS if a network's DNS server supports it. Android 9 restricts access to mic, camera, and all SensorManager sensors from apps that are idle. These are just a select few updates for the Android 9 operating system. The full list of features is available on the Android Developer Blog. Starting today, Android 9 Pie is rolling out to all Pixel users worldwide, and then to many other devices in the coming months. Android P Beta 4 is here, stable Android P expected in the coming weeks! Google updates biometric authentication for Android P, introduces BiometricPrompt API Android P new features: artificial intelligence, digital wellbeing, and simplicity

Mozilla just upped its security game by introducing two new features to their Firefox browser that they call "DNS over HTTPs" (DoH) and "Trusted Recursive Resolver" (TRR). According to Mozilla, this is an attempt on their part to enhance security. They want to make one of the oldest parts of the internet architecture- the DNS- more private and safe. This will be done by encrypting DNS queries and by testing a service that keeps DNS providers from collecting and sharing users browsing history. But internet security geeks far from agree to this claim made by Mozilla. DoH and TRR explained A DNS converts a computer’s domain name into an IP address. This means that when you enter the domain of a particular website in your browser, a request is automatically sent to the DNS server that you have configured. The DNS server then looks up this domain name and returns an IP address for your browser to connect to. However, this DNS traffic is unencrypted and shared with multiple parties, making data vulnerable to capture and spy on. Enter Mozilla with two new updates to save the day. The DNS over HTTPS (DoH) protocol encrypts DNS requests and responses.DNS requests sent to the DoH cloud server are encrypted while old style DNS requests are not protected. The next thing up Mozilla’s alley is building a default configuration for DoH servers that puts privacy first- also known as the  Trusted Recursive Resolver (TRR). With Trusted Recursive Resolver (TRR) turned on as default, any DNS changes that a Firefox user configured in the network will be overridden. Mozilla has partnered up with Cloudflare after agreeing to a very strong privacy policy that protects users data. Why security Geeks don’t prefer Mozilla’s DNS updates? Even though Mozilla has made an attempt to transport requests over https- thus encrypting the data- the main concern was that the DNS servers used are local and hence the parties that spy on you will, well, also be local! Adding to this, while browsing with Firefox, Cloudflare will can read everyone's DNS requests. This is because Mozilla has partnered up with Cloudflare, and will resolve the domain names from the application itself via a DNS server from Cloudflare based in the United States. Now this itself poses as a threat since Cloudflare is a third party bearer and we all know the consequences of having a third party interfere with our data and network. Despite the assurance that Cloudflare has signed a “pro-user privacy policy” that deletes all personally identifiable data within 24 hours, you can never say what will be done with your data. After the Cambridge analytica scandal- nothing virtual can be trusted. Here’s a small overview of what can go wrong because of the TRR. TRR  fully disables anonymity. Before Mozilla implemented this change, the DNS resolution was local and could be attacked. However, with Mozilla's change, all DNS requests are seen by Cloudflare and in turn also by any government agency that has legal right to request data from Cloudflare. So in short, any (US) government agency can basically trace you down if you have information to spill or benefit them. So to save everyone the trouble, let's explore what you can do with the situation. It's simple- turn TRR off! Hackernews users suggest the following workaround: Enter about:config in the address bar Search for network.trr Set network.trr.mode = 5 to completely disable it If you want to explore more about mode 5, head over to mozilla.org. You can Change network.trr.mode to 2 to enable DoH. This will try and use. DoH but will fallback to insecure DNS under some circumstances like captive portals.  (Use mode 5 to disable DoH under all circumstances.) The other modes are described on usejournal.com You may be surprised at how such a simple update can fuel so much discussion. It all comes down to the pitfalls of blind trusting a third party service or being your own boss and switching the TRR off. Whose side are you on? To know more about this update, head over to Mozilla's Blog. Firefox Nightly browser: Debugging your app is now fun with Mozilla’s new ‘time travel’ feature Mozilla is building a bridge between Rust and JavaScript Firefox has made a password manager for your iPhone    

Perlin Networks, a scalable DAG-based distributed ledger protocol, introduced a new cross-platform WebAssembly VM named Life. This WebAssembly VM is secure, fast, written in Go and is built specifically for decentralized applications. WebAssembly is a high-level instruction set which enables developers to easily design computationally heavy programs that can securely run on web browsers at an improved speed. Apart from designing programs for the browsers, this instruction set can also be used to train ML models, host databases, or even host blogs/online retail stores 24/7. This is the reason why Perlin networks used it in their project, Life. Projects can easily run WebAssembly code anywhere by simply integrating the Life tool into their applications. Features of Life Life is Fast It uses a wide range of optimization techniques and is faster than all other WebAssembly implementations tested (go-interpreter/wagon, paritytech/wasmi). Life is Correct It implements WebAssembly execution semantics and passes most of the official test suite. Life is Secure User code executed is fully sandboxed. A WebAssembly module's access to resources (instruction cycles, memory usage) may easily be controlled to the very finest detail. Life is Pure This VM does not rely on any native dependencies, and may easily be cross-compiled for running WebAssembly modules on practically any platform such as Windows, Linux, Mac, Android, iOS, and so on. Life is Practical One can make full use of the minimal nature of WebAssembly to write code once and run anywhere. With Life, one can completely customize how WebAssembly module imports are resolved and integrated. A complete control over the execution lifecycle of the WebAssembly modules is also possible. To know more about the WebAssembly based Life VM, visit its GitHub page. Grain: A new functional programming language that compiles to Webassembly WebAssembly comes to Qt. Now you can deploy your next Qt app in browser

Javalin is a web framework for Java and Kotlin which is simple, lightweight, interoperable, and flexible. With the major changes introduced in the codebase, the team has now announced the release of Javalin 2.0 RC3. Some of the updates include removal of some abstraction layers, using Set instead of List, removal of CookieBuilder, Javalin lambda replacing Javalin Jetty, and more. Updates in the Javalin 2.0 RC3 Package structure improvements The following table lists the packages whose structure have been updated in this release: Javalin 1.7 Javalin 2.0 RC3 io.javalin.embeddedserver.jetty.websocket io.javalin.websocket io.javalin.embeddedserver.Location io.javalin.staticfiles.Location io.javalin.translator.json.JavalinJsonPlugin io.javalin.json.JavalinJson io.javalin.translator.json.JavalinJacksonPlugin io.javalin.json.JavalinJackson io.javalin.translator.template.JavalinXyzPlugin io.javalin.rendering.JavalinXyz io.javalin.security.Role.roles io.javalin.security.SecurityUtil.roles io.javalin.ApiBuilder io.javalin.apibuilder.ApiBuilder io.javalin.ApiBuilder.EndpointGrooup io.javalin.apibuilder.EndpointGrooup Changes in the server defaults Earlier, when we wanted to customize our embedded server, we used to write the following: app.embeddedServer(new EmbeddedJettyFactory(() -> new Server())) // v1 Now with the removal of embedded server abstraction, we can directly write this: app.server(() -> new Server()) // v2 Since the static method Javalin.start(port) has been removed, use Javalin.create().start(0) instead. defaultCharset() method has been removed The following are enabled by default: Dynamic gzip, turn it off with disableDynamicGzip() Request-caching is now limited to 4kb Server now has a LowResourceMonitor attached URLs are now case-insensitive by default, meaning Javalin will treat /path and /Path as the same URL. This can be disabled with app.enableCaseSensitiveUrls(). Javalin lambda replaces Jetty WebSockets Since Jetty WebSockets have limited functionality, it is now replaced with the Javalin lambda WebSockets. AccessManager This is an interface used to set per-endpoint authentication and authorization. Use Set instead of List. It now runs for every single request, but the default-implementation does nothing. Context Context is the object, which provides you with everything needed to handle an http-request. The following updates are introduced in Context: ctx.uri() has been removed, it was a duplicate of ctx.path() ctx.param() is replaced with ctx.pathParam() ctx.xyzOrDefault("key") are changed to ctx.xyz("key", "default") ctx.next() has been removed ctx.request() is now ctx.req ctx.response() is now ctx.res All ctx.renderXyz methods are now just ctx.render(), since the correct engine is chosen based on extension ctx.charset(charset) has been removed You can use the Cookie class in place of CookieBuilder, as it is now removed Now List<T> is returned instead of Array<T> Things that used to return nullable collections now return empty collections instead Kotlin users can now do ctx.body<MyClass>() to deserialize json In this article we looked at some of the major updates in Javalin 2.0. To know more, head over to their GitHub repository. Kotlin 1.3 M1 arrives with coroutines, and new experimental features like unsigned integer types Top frameworks for building your Progressive Web Apps (PWA) Kotlin/Native 0.8 recently released with safer concurrent programming

Xenko, a game engine owned by Silicon Studios has officially released its third version on August 2. The major change in Xenko 3.0 is the transition to being open-source. It also comes with changes made to the project system and added support for videos as well as hair, and skin rendering. Open-source and support Although Xenko won’t be supported officially anymore by Silicon Studios, the members of the Xenko development team will continue contributing to it. Virgile Bello, Lead Developer at Xenko Game Engine stated that he will personally work on it fulltime for the next couple of months in the official blog. The new version is released under the MIT License on Github. It is well received by the open source community. The Xenko repository has already gained almost 700 stars and a couple of issues showing active involvement. Changes in the Xenko 3.0 game engine Other than the open-source transition, there are a few other changes in the engine itself. Xenko 3.0 has made the switch to the new C# project system, which makes your game csproj as simple as a PackageReference to Xenko. This makes package management more convenient. It is now also possible to add video to your games with the latest release. This feature is not completely tested on all platforms so you may run into issues while implementing it. Hair and skin rendering support are also added, but like videos, this feature may need some improvements and tuning. The package names have also been changed since the move to open-source. The SiliconStudio.Xenko package is now Xenko. Also the SiliconStudio.Core and SiliconStudio.* packages are now Xenko.Core. Your earlier projects should automatically be updated but a backup before the upgrade is recommended. Virgile has set up a Patreon page if you’d like to support the project financially. The release notes state that the future plan is to split Xenko further into separate packages such as Xenko.Graphics, Xenko.Physics and Xenko.Editor. These are only the major changes. For the complete changelog and other minor updates in Xenko 3.0, you can see the Release Notes. Think Silicon open sources GLOVE: An OpenGL ES over Vulkan middleware Working with shaders in C++ to create 3D games Unity assets to create interactive 2D games [Tutorial]

Social media platforms have come under considerable criticism for allowing controversial media outlets for as long as 'fake news' has been in the public lexicon. But over the past week, major actions against Alex Jones' content channels suggests that things might be changing. Apple has pulled 5 out of Jones 6 podcasts from iTunes (first reported by Buzzfeed News), while hours later on Monday 6 August Facebook announced it was removing four of Jones' pages for breaching the platform's content guidelines. Alongside Facebook's and Apple's actions, Spotify also made the decision to remove Jones' content from the streaming platform and revoke his ability to publish "due to repeated violations of Spotify's prohibited content policies" according to a Spotify spokesperson. This news comes just weeks after YouTube removed a number of Infowars videos over 'hate speech' and initiated a 90 day ban on Infowars broadcasting live via YouTube. Unsurprisingly, the move has come under attack from those who see the move as an example of censorship. Even people critical of Jones' politics have come out to voice their unease: https://twitter.com/realJoeBarnes/status/1026466888744947721 However, elsewhere, the move is viewed positively with commentators suggesting social media platforms are starting to take responsibility for the content published on their systems. https://twitter.com/shannoncoulter/status/1025401502033039362 One thing that can be agreed is that the situation is a little confusing at the moment. And although it's true that it's time for Facebook, and other platforms to take more responsibility for what they publish, there are still issues around governance and consistency that need to be worked through and resolved. Facebook's action against Alex Jones - a recent timeline On July 27, Alex Jones was hit with a 30 day suspension by Facebook after the company removed 4 videos from its site that contravened its content guidelines. However, as numerous outlets reported at the time, this ban only effected Jones personally. His channels (like The Alex Jones Channel and Infowars) weren't impacted. However, those pages that weren't hit by Jones' personal ban have now been removed by Facebook. In a post published August 6, Facebook explained: "...we removed four videos on four Facebook Pages for violating our hate speech and bullying policies. These pages were the Alex Jones Channel Page, the Alex Jones Page, the InfoWars Page and the Infowars Nightly News Page..." The post also asserts that the ban is about violation of community standards not 'false news'. "While much of the discussion around Infowars has been related to false news, which is a serious issue that we are working to address by demoting links marked wrong by fact checkers and suggesting additional content, none of the violations that spurred today’s removals were related to this." Apple's action against Alex Jones Apple's decision to remove 5 of Alex Jones podcasts is, according to Buzzfeed News, "one of the largest enforcement actions intended to curb conspiratorial news content by a technology company to date." Like Facebook, Apple's decision was based on the content's "hate speech" rather than anything to do with 'fake news'. An Apple spokesperson explained to Buzzfeed News: "Apple does not tolerate hate speech, and we have clear guidelines that creators and developers must follow to ensure we provide a safe environment for all of our users... Podcasts that violate these guidelines are removed from our directory making them no longer searchable or available for download or streaming. We believe in representing a wide range of views, so long as people are respectful to those with differing opinions.” Spotify's action against Alex Jones' podcasts Spotify removed all episodes of The Alex Jones Show podcast on Monday 6 August. This follows the music streaming platform pulling a number of individual episodes of Jones' podcast at the beginning of August. This appears to be a consequence of Spotify's new content guidelines, updated in May 2018, which prohibits "hate content." The takeaway: there's still considerable confusion over content What this debacle shows is that there's confusion about how social media platforms should deal with content that it effectively publishes. Clearly, the likes of Facebook are trying to walk a tightrope that's going to take some time to resolve. The broader question is not just do we want to police the platforms billions of people use, but how we do that as well. Arguably, social media is at the center of today's political struggles, with many of them unsure how to manage the levels of responsibility that have landed on on their algorithms. Read next Time for Facebook, Twitter and other social media to take responsibility or face regulation Why Wall Street unfriended Facebook: Stocks fell $120 billion in market value after Q2 2018 earnings call Spotify has “one of the most intricate uses of JavaScript in the world,” says former engineer