Tech News

Last week, AdaCore announced that they are now a member of the RISC-V Foundation. The Risc-V Foundation is a non-profit organization, which provides the free and open-source instruction set architecture (ISA) called RISC-V. RISC-V was created by the Computer Science Division, EECS Department at the University of California in Berkeley with their foundation is supported by over 200 members. The ISA in RISC-V can be implemented via either open-source or proprietary architectures. This allows chip designers to use an assembly language that is designed with clarity. By becoming a part of the RISC-V Foundation, AdaCore’s Ada and SPARK languages are made available to RISC-V developers. This offers them an environment where they can develop applications where safety and security are critical. The first few product offerings from AdaCore—GNAT Pro Ada and GNAT Pro C—are made for bare metal RISC-V 32- and 64-bit architectures. They can also be used for the GNAT Community edition for bare metal RISC-V 32-bit configurations. Rick O’Connor, executive director of the RISC-V Foundation said: “We’re happy to see Ada joining the front row of the languages available to the RISC-V ecosystem. This will create an extremely appealing option for RISC-V users with the most stringent reliability requirements.” Quentin Ochem, the lead of Business Development at AdaCore said: “As we’re seeing the growth of Ada in new projects and markets, RISC-V has rapidly emerged as an indispensable ecosystem to be part of. We are fascinated by the opportunities it creates both at the technical and business levels, and we look forward to becoming an active member of the community.” To know more about AdaCore, visit the AdaCore website. Western Digital RISC-V SweRV Core is now on GitHub A libre GPU effort based on RISC-V, Rust, LLVM and Vulkan by the developer of an earth-friendly computer LLVM officially migrating to GitHub from Apache SVN

GitHub introduced ‘Hub’ that extends git command-line with extra functionality to enable developers complete their everyday GitHub tasks right from the terminal. Hub does not have any dependencies, but as it is designed to wrap git, it is recommended to have at least git 1.7.3 or newer.  Hub provides both new and some extended version of commands that already exist in git. Here are some of them: hub-am: Used to replicate commits locally from a GitHub pull request.  hub-cherry-pick: Allows cherry-picking a commit from a fork on GitHub. hub-alias: Used to show shell instructions for wrapping git.  hub-browse: Used to open a GitHub repository in a web browser. hub-create: Used to create a new repository on GitHub and add a git remote for it. hub-fork: Allows forking the current repository on GitHub and adds a git remote for it. You can see the entire list of commands on the Hub Man Page. Most of these commands are expected to be run in a context of an existing local git repository. What are the advantages of using Hub Contributing to open source: This tool makes contributing to open source much easier by providing features for fetching repositories, navigating project pages, forking repos, and even submitting pull requests, all from the command-line. Script your workflows: You can easily script your workflows and set priorities by listing and creating issues, pull requests, and GitHub releases. Easily maintain projects: It allows you to easily fetch from other forks, review pull requests, and cherry-pick URLs. Use GitHub for work: It saves your time by allowing you to open pull requests for code reviews and push to multiple remotes at once. It also supports GitHub Enterprise, however, it needs to be whitelisted.  Hub is not the only tool of its kind, there are tools like Magit Forge and Lab. Though developers think that it is convenient, some feel that it increases GitHub lock-in. "While it is pretty cool, using such tool increases general lock-in to GitHub, in terms of both habits and potential use of it for automation of processes," a user expressed its opinion on Hacker News.  Another Hacker News user suggested, “I wish there was an open standard for operations that hub allows to do and all major Git forges, including open source ones, such as Gogs/Gitea and GitLab, supported it. In that case having a command-line tool that, like Git itself, is not tied to a particular vendor, but allows to do what hub does, could have been indispensable.” To know more in detail, check out Hub’s GitHub repository. Pull Panda is now a part of GitHub; code review workflows now get better! Github Sponsors: Could corporate strategy eat FOSS culture for dinner?

Microsoft Azure Cloud was experiencing problems that left users unable to access its cloud services. The outage has taken several Azure Cloud services offline for U.S. users since yesterday. The reason for the outage was stated as “severe weather”. A cooling system is vital for data centers nowadays with thousands of servers that generate heat, aligned closely. If the cooling systems do not work, then the servers will simply overheat, damaging the machines. Therefore, on cooling failure, procedures are set in place to shutdown the servers when the temperature rises above a certain level. It is important to prevent machines from getting damaged and causing losses. The severe weather conditions in Texas may be coming from Gordon, a cat 1 tropical storm that was near the Texas coast at the time of the outage. The outage affected many of Azure cloud services for its South Central US data center including App service, backup, cloud services, Office 365, and others. You can find an update on the Azure status page. The outage affected developers who use Microsoft's Visual Studio Team Services. They have been unable to access their accounts. The Microsoft developer Blog states: “Users located in South Central US will be unable to access their account until the underlying issue is resolved.” Microsoft stated on their Azure status page: “A severe weather event, including lightning strikes, occurred near one of the South Central US datacenters. This resulted in a power voltage increase that impacted cooling systems. Automated datacenter procedures to ensure data and hardware integrity went into effect and critical hardware entered a structured power down process.” As of now, services are partially recovered. The latest update at the time of writing on Microsoft’s blog says: “Mitigation efforts continue, as we work on getting the Azure resources in South Central US online. For more details about the issue please refer Azure Status Dashboard : https://status.azure.com” You can visit the Azure page for status updates. Microsoft Azure’s new governance DApp: An enterprise blockchain without mining Microsoft Azure now supports NVIDIA GPU Cloud (NGC) Automate tasks using Azure PowerShell and Azure CLI [Tutorial]

Yesterday, the team at Gitlab released GitLab 11.7, an application for the DevOps lifecycle that helps the developer teams work together efficiently to secure their code. GitLab 11.7 comes with features like multi-level child epics, API integration with Kubernetes, cross-project pipeline and more. What’s new in GitLab 11.7 Managing releases with GitLab 11.7 This version of GitLab eliminates the need for manual collection of source code, build output, or metadata associated with a released version of the source code. GitLab 11.7 comes with releases in GitLab Core which helps users to have release snapshots that include the source code and related artifacts. Multi-level child epics for work breakdown structures This release comes with multi-level child epics in GitLab portfolio management which allow users to create multi-level work breakdown structures. It also helps in managing complex projects and work plans. This structure builds a direct connection between planning and actionable issues. Users can now have an epic containing both issues and epics. Streamlining JavaScript development with NPM registries This release also delivers NPM registries in GitLab Premium that provides a standard and secure way to share and version control NPM packages across projects. Users can then share a package-naming convention for utilizing libraries in any Node.js project and NPM. Remediating vulnerabilities GitLab 11.7 helps users to remediate vulnerabilities in the apps and suggest a solution for Node.js projects managed with Yarn. Users can download a patch file, and apply it to their repo using the git apply command. They can then push changes back to their repository and the security dashboard will then confirm if the vulnerability is gone. This process is easy and reduces the time required to deploy a solution. API integration with Kubernetes This release comes with API support to Kubernetes integration. All the actions that are available in the GUI currently, such as listing, adding, and deleting a Kubernetes cluster are now accessible with the help of the API. Developers can use this feature to fold in cluster creation as part of their workflow. Cross-project pipeline With this release, it is now possible to expand upstream or downstream cross-project pipelines from the pipeline view. Users can view the pipelines across projects. Search filter box for issue board navigation This release comes with a search filter that makes navigation much easier. Users can simply type a few characters in the search filter box to narrow down to the issue board they are interested in. Project list redesign Project list UI is redesigned in GitLab 11.7 and mainly focuses on readability and summary of the project’s activity. Import issues CSV This release makes transitions easier. Users can now import issues into GitLab while managing their existing work. This feature works with Jira or any other issue tracking system that can generate a CSV export. Support catch-all email mailboxes This release supports sub-addressing and catch-all email mailboxes with a new email format that allows more email servers to be used with GitLab, including Microsoft Exchange and Google Groups. Include CI/CD files from other projects and templates With this release, users can now include their snippets of configuration from other projects and predefined templates. This release also includes snippets for specific jobs, like sast or dependency_scanning, so users can use them instead of copying and pasting the current definition. GitLab Runner 11.7 The team at GitLab also released GitLab Runner 11.7 yesterday. It is an open source project that is used to run CI/CD jobs and send the results back to GitLab. Major improvements In GitLab 11.7, the performance of viewing merge requests has been improved by caching syntax highlighted discussion diffs. Push performance has been improved by skipping pre-commit validations that have passed on other branches. Redundant counts in snippets search have been removed. This release comes with Mattermost 5.6, an open source Slack-alternative that includes interactive message dialogs, new admin tools, Ukrainian language support, etc. Users are generally happy with GitLab 11.7 release. One of the users who has been using GitLab for quite some time now is waiting for MR[0]. They commented on Hacker News, “I'm impatiently waiting for this MR [0] that will allow dependant containers to also talk to each other. It's the last missing piece for my ideal CI setup.” To which, GitLab’s product manager for Verify (CI) replied, “Thanks for bringing this up I hadn't seen your contribution! I think this is a great idea. I know the technical team has been overwhelmed with community contributions as of late - which is a good problem to have but one that we're still solving. I'm going to try and shepherd this one along myself.” Some users think if GitLab can pull off the npm registry well, then this might prove to be the beginning of a universal package management server built into Gitlab. One of the comments reads, “Gitlab API is amazingly simple and flexible, can be used efficiently from the terminal to list CI jobs, your issues, edit them.” Users are also comparing GitLab with GitHub, where some users are supporting GitHub. One user commented, “GitLab’s current homepage hides their actual site (the repositories) and makes it hard as a developer to actually get started compared to Github.” Another user commented, “We've started using Gitlab where I work and it's so much better than GitHub.” Users are also facing issues with memory optimization. One of the comments reads, “I like GitLab but noticed my Docker container running it is steadily requiring more memory to run smoothly. It’s sitting at 12GB right now, which is a little too high for my taste. I wish there were ways to reduce this.” Introducing GitLab Serverless to deploy cloud-agnostic serverless functions and applications GitLab 11.5 released with group security and operations-focused dashboard, control access to GitLab pages GitLab 11.4 is here with merge request reviews and many more features

Earlier this week it was reported that Microsoft is ditching EdgeHTML for Chromium in the Windows 10 default browser, Edge. Now Microsoft has confirmed this officially yesterday in a blog post. The blog post by Joe Belfiore, VP of Windows stated: “we intend to adopt the Chromium open source project in the development of Microsoft Edge on the desktop to create better web compatibility for our customers and less fragmentation of the web for all web developers.” What does this shift to Chromium mean? Gradually, over the course of 2019, Edge will have under the hood changes. These changes will be developed in open source and the key aspects are: The development of Microsoft Edge will move to a Chromium-compatible web platform for the desktop version. They intend to align Microsoft Edge simultaneously with web standards and also with other Chromium-based browsers. This improves compatibility for everyone and make testing easier for developers. Working on an open-source engine like Chromium allows Microsoft to deliver more frequent updates to Edge. Microsoft Edge is currently available on Windows, this shift can get Edge running on other OSes like Linux and macOS. Microsoft also intends to contribute more to the open-source engine Chromium to make Chromium-based browsers better on Windows devices. A user doesn't have to worry much about this change. If anything this might bring Chrome-like extensions to Edge. If you’re a web developer, you can go to the Microsoft Insider website to try preview builds and contribute. Currently, Chrome holds arguably most of the market share in the browser space. Microsoft had problems working with EdgeHTML and building a browser that would be widely adopted. Perhaps basing Edge on Chromium will actually make people want to use Chrome. Now two tech behemoths will use the same engine to create their browser. This could mean more competition within the Chromium ecosystem. Where does this leave Mozilla Firefox that uses the Gecko engine and Opera that uses Blink? For more details about the engine shift, visit the Microsoft website. Microsoft reportedly ditching EdgeHTML for Chromium in the Windows 10 default browser Firefox Reality 1.0, a browser for mixed reality, is now available on Viveport, Oculus, and Daydream Microsoft becomes the world’s most valuable public company, moves ahead of Apple

Kent Overstreet announced Bcachefs as “the COW filesystem for Linux that won't eat your data" in 2015. Since then the system has undergone numerous updates and patches to get to be where it is today. On the 1st of December, Overstreet published an update on the problems and improvements that are currently being worked upon in Bcachefs. Status update on Bcachefs After the last update, Overstreet has focussed on two major areas of improvement- atomicity of filesystem operations and non-persistence of allocation information (per bucket sector counts). The filesystem operations that had anything to do with i_nlink were not atomic. On startup, the system would have to scan and recalculate i_nlink and also delete no longer referenced inodes. Also, because of non-persistence of allocation information, on startup, the system would have to recalculate all the accounting disk space. The team has now been able to get everything to be fully atomic except for fallocate/fcollapse/etc. After an unclean shutdown, the only thing to be done is scan the inodes btree for inodes that have been deleted. Erasure coding is about 80% done now in Bcachefs. Overstreet is now focussed on persistent allocation information. This will then allow him to focus on ‘reflink’ which in turn will be useful to the company that's funding bcachefs development. This is because the reflinked extent refcounts will be much too big to keep in memory and hence will l have to be kept in a btree and updated whenever doing extent updates. The infrastructure needed to make that happen also depends on making disk space accounting persistent. After all of these updates, he claims bcachefs will have fast mounts (including after unclean shutdown). He is also working on some improvements to disk space accounting for multi-device filesystems which will lead up to fast mounts after clean Shutdowns. To know if a user can safely mount in degraded mode, they will have to store a list of all the combinations of disks that have data replicated across them (or are in an erasure coded stripe) - without any kind of fixed layout, like regular RAID does. Why should you choose Bcachefs? Overstreet announced that Bcachefs is stable, fast, and has a small and clean code-base, along with  the necessary features to be a modern Linux file-system. It has a long list of features, completed or in progress: Copy on write (COW) - like zfs or btrfs Full data and metadata checksumming Caching Compression Encryption Snapshots Scalable Bcachefs prioritizes robustness and reliability According to Kent, Bcachefs ensures that customers won't lose their data. The Bcachefs is an extension of bcache where the bcache was designed as a caching layer to improve block I/O performance. It uses a solid-state drive as a cache for a (slower, larger) underlying storage device. Mainline bcache is not a typical filesystem but looks like a special kind of block device. It handles the movement of blocks of data between fast and slow storage, ensuring that the most frequently used data is kept on the faster device. bcache manages data in a way that yields high performance while ensuring that no data is ever lost, even when an unclean shutdown takes place. You can head over to LKML.org for more information on this announcement. Google Project Zero discovers a cache invalidation bug in Linux memory management, Ubuntu and Debian remain vulnerable Linux 4.20 kernel slower than its previous stable releases, Spectre flaw to be blamed, according to Phoronix The Ceph Foundation has been launched by the Linux Foundation to support the open source storage project  

Yesterday, the Mozilla IoT team announced that ‘Project Things’ is now out from its early experimental phase with a new name, ‘WebThings’. Mozilla WebThings is an open platform that allows you to monitor and control devices over the web. This project by Mozilla is an open source implementation of Web of Things, which defines software architectural styles and programming patterns that allow real-world objects to be a part of the World Wide Web. The idea here is to create a decentralized Internet of Things by providing “things”, URLs on the web to make them linkable and discoverable. Mozilla WebThings comprises of two components: WebThings Gateway WebThings Gateway is privacy and security-focused software distribution built for smart home gateways. It enables you to directly monitor and control your smart home gateways over the web, without relying on a middleman. Mozilla further announced that WebThings Gateway 0.8 is now available for download. This release comes with a feature that allows users to privately log data from their smart home devices. This logged data can also be visualized with interactive graphs. “This feature is still experimental, but viewing these logs will help you understand the kinds of data your smart home devices are collecting and think about how much of that data you are comfortable sharing with others via third-party services,” said Ben Francis, a Software Engineer at Mozilla. This release also brings in new alarms capabilities for devices like smoke, carbon monoxide, and motion detectors. With this new feature, users can configure rules to alert them when an alarm is triggered while they are away or check whether an alarm is currently active. The team has also started working on a new version of WebThings Gateway for OpenWrt, a Linux operating system targeting embedded devices. This version will be designed to act as a WiFi access point itself, instead of just connecting to an existing wireless network as a client. WebThings Framework WebThings Framework is a suite of reusable software components using which you can build your own web things, which directly expose the Web Thing API. This makes them easily discoverable by a Web of Things gateway or client. It can then automatically detect the device’s capabilities and monitor and control it over the web. These components are implemented in a range of languages including Node.js, Python, Java, Rust, and C++ (for Arduino). To know more in detail, check out the official announcement by Mozilla. Mozilla introduces Pyodide, a Python data science stack compiled to WebAssembly Mozilla developers have built BugBug which uses machine learning to triage Firefox bugs Mozilla adds protection against fingerprinting and Cryptomining scripts in Firefox Nightly and Beta  

Unity has announced a video game challenge, the Obstacle tower challenge which will test the vision, control, planning, and generalization capabilities of AI software. The Obstacle Tower Challenge will use a game-like environment of platform-style gameplay with puzzles and planning problems inside a tower setting maneuvering almost 100 floors. The challenge will examine how an AI software performs in computer vision, locomotion skills, and high-level planning. The challenge will begin on Monday, February 11 and will run through Friday, May 24. As the challenge opens, participants can review all the rules and regulations, download the Starter Kit and begin training their agents. Round 1, which will run from February 11 to March 31, will have participants playing up to Floor 25 of the Obstacle Tower. The winners will proceed to round 2 which will have 100 floors, post which the winners will be announced June 14. The participants will have the opportunity to win prizes in the form of cash, travel vouchers, and Google Cloud Platform credits, valued at over $100,000. “Each of the Tower floors are procedurally-generated, which means an AI agent must not only be able to solve a single version of the Tower but any arbitrary version as well. In this way, we’re testing the generalization ability of agents, a key capability that has not often been analyzed by benchmarks in the past.” said Danny Lange, Vice President of AI and Machine Learning, Unity Technologies. The end goal of this challenge is to bring up new AI research and solve new problems in reinforcement learning.” AI has been making great progress in conquering high-profile games. Recently, Google DeepMind’s AI AlphaStar defeated StarCraft II pros TLO and MaNa and won 10-1 against the gamers. Unity updates its TOS, developers can now use any third party service that integrate into Unity. Improbable says Unity blocked SpatialOS; Unity responds saying it has shut down Improbable and not SpatialOS. Unity and Baidu collaborate for simulating the development of autonomous vehicles

Last week, the National Cyber Security Centre (NCSC) reported that they are investigating the exploitation, by Advanced Persistent Threat (APT) actors, of known vulnerabilities in VPN products. These VPN products are from vendors like Pulse secure, Palo Alto and Fortinet. It is an ongoing activity, targeted to the UK and other international organizations. According to NCSC, affected sectors include government, military, academic, business and healthcare. Vulnerabilities exist in several SSL VPN products As per the report, vulnerabilities exist in several SSL VPN products that can allow an attacker to retrieve arbitrary files containing authentication credentials. An attacker can use these stolen credentials to connect to the VPN and change configuration settings or connect to further internal infrastructure. The report also highlights that unauthorized connection to a VPN can provide the attacker with the privileges needed to run secondary exploits aimed at accessing a root shell. Read Also: MITRE’s 2019 CWE Top 25 most dangerous software errors list released Top Vulnerabilities in VPN exploited by APTs The highest-impact vulnerabilities known to be exploited by APTs are listed below: Pulse Connect Secure: CVE-2019-11510: Pre-auth arbitrary file reading CVE-2019-11539: Post-auth command injection Fortinet: CVE-2018-13379: Pre-auth arbitrary file reading CVE-2018-13382: Allows an unauthenticated attacker to change the password of an SSL VPN web portal user CVE-2018-13383: Post-auth heap overflow. This allows an attacker to gain a shell running on the router Palo Alto: CVE-2019-1579: Palo Alto Networks GlobalProtect Portal NCSC suggests that users of these VPN products should investigate their logs for evidence of compromise, especially if the security patches were not applied immediately after their release. Additionally, administrators should look for evidence of compromised accounts in active use, such as anomalous IP locations or times. The report also covers product-specific advice to detect exploitation in VPN connections. Steps to mitigate the vulnerabilities in VPN NCSC provides essential steps to be taken to mitigate the risk of these vulnerabilities. They suggest that owners of vulnerable products should take two steps promptly: Apply the latest security patches released by vendors Reset authentication credentials associated with affected VPNs and accounts connecting through them The most effective way to mitigate the risk of actors exploiting these vulnerabilities is to ensure that the affected products are patched with the latest security updates. Pulse secure, Palo Alto and Fortinet have released patches for these vulnerabilities. NCSC also emphasizes on reporting any current activity related to these threats at incidents@ncsc.gov.uk where they will offer help and guidance. On Hacker News, this report has gained significant traction and users are discussing the nature of various VPN products and services. One of them commented, “Commercial enterprise VPN products are an open sewer, and there aren't any, from any vendor, that I trust. I don't like OpenVPN or strongSwan, but you'd be better off with either of them than you would be with a commercial VPN appliance. The gold standard, as ever, is Wireguard.” To know more about this report, check out the official NCSC website. An unpatched security issue in the Kubernetes API is vulnerable to a “billion laughs” attack Google Project Zero discloses a zero-day Android exploit in Pixel, Huawei, Xiaomi and Samsung devices 10 times ethical hackers spotted a software vulnerability and averted a crisis A Cargo vulnerability in Rust 1.25 and prior makes it ignore the package key and download a wrong dependency VLC media player affected by a major vulnerability in a 3rd library, libebml; updating to the latest version may help

Last week, two lawsuits were filed in Seattle that allege that Amazon is recording voiceprints of children using its Alexa devices without their consent. This is in violation of laws governing recordings in at least eight states, including Washington. The complaint was filed on behalf of a 10-year-old Massachusetts girl on Tuesday in federal court in Seattle. Another nearly identical suit was filed the same day in California Superior Court in Los Angeles, on behalf of an 8-year-old boy. What was the complaint? Per the complaint, “Alexa routinely records and voiceprints millions of children without their consent or the consent of their parents.” The complaint notes that Alexa devices record and transmit any speech captured after a “wake word” activates the device. This is regardless of the speaker and whether that person purchased the device or installed the associated app. It alleges that Amazon saves a permanent recording of the user’s voice instead of deleting the recordings after storing them for a short time or not at all. In both cases, the children had interacted with Echo Dot speakers in their homes, and in both cases the parents claimed they had never agreed for their child's voice to be recorded. The lawsuit alleges that Amazon’s failure to obtain consent, violates the laws of Florida, Illinois, Michigan, Maryland, Massachusetts, New Hampshire, Pennsylvania and Washington, which require consent of all parties to a recording, regardless of age. Aside from “the unique privacy interest” involved in recording someone’s voice, the lawsuit says, “It takes no great leap of imagination to be concerned that Amazon is developing voiceprints for millions of children that could allow the company (and potentially governments) to track a child’s use of Alexa-enabled devices in multiple locations and match those uses with a vast level of detail about the child’s life, ranging from private questions they have asked Alexa to the products they have used in their home.” What does the lawsuit suggest Amazon should do? The plaintiffs suggest that more could be done to ensure children and others were aware of what was going on. The lawsuit claims that Amazon should inform users who had not previously consented that they were being recorded and ask for consent. It should also deactivate permanent recording for users who had not consented. The complaints also suggest that Alexa devices should be designed to only send a digital query rather than a voice recording to Amazon's servers. Alternatively, Amazon could automatically overwrite the recordings shortly after they have been processed. What is Amazon’s response? When Vox reporters asked Amazon for a comment, they wrote to them in an email, “Amazon has a longstanding commitment to preserving the trust of our customers, and we have strict measures and protocols in place to protect their security and privacy.” They also pointed to a company blog post about the FreeTime parental controls on Alexa. Per their FreeTime parental control policy, parents can review and delete their offspring's voice recordings at any time via an app or the firm's website. In addition, it says, they can contact the firm and request the deletion of their child's voice profile and any personal information associated with it. However, these same requirements do not apply to a child’s use of Alexa outside of the FreeTime service and children’s Alexa skills. Amazon’s Alexa terms of use notes, “if you do not accept the terms of this agreement, then you may not use Alexa.” However, according to Andrew Schapiro, an attorney with Quinn Emanuel Urquhart & Sullivan, one of two law firms representing the plaintiffs. “There is nothing in that agreement that would suggest that “you” means a marital community, family or household. I doubt you could even design terms of service that bind ‘everyone in your household.’” This could also mean that Alexa is storing details of everyone, and not just children. A comment on Hacker News reads, “Important to note that if this allegation is true, it means Alexa is recording everyone and storing it indefinitely, not just children. The lawsuit just says children because children have more privacy protections than adults so it's easier to win a case when children's rights are being violated.” Others also share similar opinions: https://twitter.com/_FamilyInsights/status/1140490515240165377 https://twitter.com/lewiskamb/status/1138895472351883265   However, a few don’t agree: https://twitter.com/shellypalmer/status/1139545654567559169 https://twitter.com/CarolannJacobs/status/1139165270524780554   The suit asks a judge to certify the class action and rule that Amazon violated state laws, require it to delete all recordings of class members, and prevent further recording without prior consent. It seeks damages to be determined at trial. The Seattle case seeks damages up to $100 a day and the California case wants damages of $5,000 per violation. Google Home and Amazon Alexa can no longer invade your privacy; thanks to Project Alias! US regulators plan to probe Google on anti-trust issues; Facebook, Amazon & Apple also under legal scrutiny. Amazon shareholders reject proposals to ban sale of facial recognition tech to govt and to conduct an independent review of its human and civil rights impact.

Last week, the AMD team released v-2019.Q1.2 version of AMD Open Source for Vulkan (AMDVLK). This release comes with fairly small updates including a DXVK fix, one new Vulkan extension, and some more updates. What’s new in v-2019.Q1.2 The XGL code exposes YUV planes directly to allow applications to implement their own color conversion. Symbols are now not included when building the driver in its release confirmation, which could help with performance. The default WgpMode is updated from wgp to cu The performance regression introduced by the updates that added support for the LOAD_INDEX path for handling pipeline binds is now fixed. AMDVLK architecture: The following diagram shows its architecture: Souce: GitHub AMD open-sourced AMDVLK in 2017, which was earlier the part of AMDGPU-PRO driver. It is a Vulkan driver for Radeon graphics adapters on Linux and is built on top of AMD’s Platform Abstraction Library (PAL). PAL provides hardware and OS abstractions for Radeon (GCN+) user-mode 3D graphics drivers. It also provides users with a consistent experience across platforms, including support for recently released GPUs and compatibility with AMD developer tools. As PAL does not come with a shader compiler, clients are expected to use an external compiler library that targets PAL's Pipeline ABI to produce compatible shader binaries. Shaders compile a VkPipeline object as a single entity by shaders using the LLVM-Based Pipeline Compiler (LLPC) library. LLPC is built on the existing shader compilation infrastructure of LLVM for AMD GPUs to generate code objects that are compatible with PAL’s pipeline ABI. To know more in detail about AMDVLK, you can check out its GitHub repository. AMD ROCm GPUs now support TensorFlow v1.8, a major milestone for AMD’s deep learning plans AMD open sources V-EZ, the Vulkan wrapper library AMD’s $293 million JV with Chinese chipmaker Hygon starts production of x86 CPUs

Yesterday, Colin White, a Senior Android Engineer at Instacart, introduced Coroutine Image Loader (Coil). It is a fast, lightweight, and modern image loading library for Android backed by Kotlin. https://twitter.com/colinwhi/status/1160943333033648128 Currently, there are a number of image loading libraries for Android such as Glide, Fresco, Picasso, Mirage, among others. However, the Instacart team aims to introduce a new library that is “more modern and simpler” with Coil. Key features in Coil Backed by Kotlin Coil offers a “simple, elegant API” by leveraging the Kotlin language features like extension functions, inlining, lambda params, and sealed classes. It provides strong support for non-blocking asynchronous computation and work cancellation while ensuring maximum thread reuse with the help of Kotlin Coroutines. Leverages modern dependencies Coil relies on dependencies that are standard and recommended such as OkHttp, Okio, and AndroidX Lifecycles. Square’s OkHttp and Okio are by default efficient and enables Coil to avoid reimplementing things like disk caching and stream buffering. Likewise, AndroidX Lifecycles is a recommended way for tracking the lifecycle state. Lightweight Coil’s codebase consists of 8x fewer lines of code as compared to Glide. It adds approximately 1500 methods to your APK, which is comparable to Picasso and significantly less than Glide and Fresco. Supports extension The image pipeline of Coil consists of three main classes: Mappers, Fetchers, and Decoders. You can use these interfaces to augment or override the base behavior and add support for new file types in Coil. Supports dynamic image sampling Coil comes with a new feature, dynamic image sampling. Consider you want to load a 500x500 image into a 100x100 ImageView. The library will load the image into memory at 100x100. But, what if you want the quality to be as the 500x500 image? In this case, the 100x100 image is used as a placeholder while the 500x500 image is read. Coil will take care of this automatically for all BitmapDrawables. The placeholder is set synchronously on the main thread preventing white flashes where the ImageView is empty for one frame. It also creates a visual effect where the image detail appears to fade in with the help of the crossfade animation. To know more in detail about Coil, check out its official documentation and GitHub repository. 25 million Android devices infected with ‘Agent Smith’, a new mobile malware Mozilla launches Firefox Preview, an early version of a GeckoView-based Firefox for Android Facebook released Hermes, an open-source JavaScript engine to run React Native apps on Android  

Update: At WWDC 2019, GitHub added support for Swift packages to GitHub Package Registry. Swift packages make it easy to share your libraries and source code across projects and with the Swift community. Last Friday, GitHub announced a new package management service to allow developers and organizations to easily generate "packages" from their code. Called the GitHub Package Registry, this service allows developers to publish public or private packages next to their source code. https://twitter.com/github/status/1127261105963917312 “GitHub Package Registry is compatible with common package management clients, so you can publish packages with your choice of tools,” Simina Pasat, director of Product Management at GitHub, explains in the official announcement. The GitHub Package Registry is available in limited beta for now. However, it will always be free to use for open source. The new service is currently compatible with JavaScript (npm), Java (Maven), Ruby (RubyGems), .NET (NuGet) and Docker images, with support for other languages and tools to come. Packages hosted on GitHub will include detailed insights such as download statistics and project/package history. Developers can also publish multiple packages of different types for more complex repositories. They can also customize publishing and post-publishing workflows using webhooks and GitHub Actions. GitHub Package Registry has unified identity and permissions meaning packages on GitHub inherit the visibility and permissions associated with the repository. This means, organizations no longer need to maintain a separate package registry and mirror permissions across systems. They can use a single set of credentials across different systems for code and packages, and manage access permissions with the same tools. Developers are generally enthusiastic about the new GitHub Venture. Here are some positive comments from a thread on Hacker News. “This is really outstanding. GitHub Package Registry separates the registry from the artifact storage, which is the right way to do it. The registry should be quick to update because it's only a pointer. The artifact storage will be under my control. Credentials and security should be easier to deal with. I really hope this works out.” “This is pretty interesting. Github really is becoming the social network that MS never seemed to be able to create. We already use it as our portfolio of work for potential employers. We collaborate with fellow enthusiasts and maybe even make new friends. We host our websites from it. Abuse it to store binaries, too. And now, alongside, source code we can use it as a CDN of sorts to serve packages, for free, sounds pretty great.” “It's a really nice project overall, having a GitHub Package Registry that supports many different projects and run by a company that today is good, is always nice.” GitHub deprecates and then restores Network Graph after GitHub users share their disapproval Apache Software Foundation finally joins the GitHub open source community Introducing Gitpod, a one-click IDE for GitHub

Netflix in their tech blog announced that their popular cloud gateway Zuul 2 is now open-source. Zuul 2 was announced back in 2016 is Netflix's Java-based API gateway that handles all the request for Netflix's user base. Zuul 2 is the front door, acting as a filter to any request that comes into the Netflix's server. This gateway monitors the request and routes the request to the appropriate service to then act on the request. Zuul, in a way, is responsible for keeping Netflix standing strong and fulfilling your streaming requests. Netflix is known for open sourcing a lot of the tools developed in-house for the community. Zuul 2 is a battle-tested tool as it has been handling the massive Netflix infrastructure. Since its open sourcing, the developers have an option of a more resilient tool that can be used in their infrastructure architecture. Netflix promises to keep the security aspect intact for the open source Zuul 2. Also to add to this news, Netflix announced some more features for Zuul 2. Here are the feature additions: Server protocols: Zuul 2 has full support for HTTP/2 connections. Also, Mutual TLS will enhance Zuul's operation in secure infrastructure. Resiliency features: To increase the availability, Netflix will be adding a feature called Adaptive Retries that is used on Netflix. Also, it would be adding configurable concurrency limits for protecting the origins from getting overloaded and separating the other origins that run behind Zuul. Request Passport: This feature will enable the Zuul server to track all events that occur for each request. This will allow you to compute the asynchronous requests for better availability of your services. Status Categories: This feature helps you categorize the requests by extending the success and failure state in terms of HTTP status code. Request attempts: It tracks all the proxy attempts and provides you the status of each attempt. This really helps to identify the retries and to debug the routing. Zuul also has enhanced self-service routing, load balancing, anomaly detection, among other primary features that Netflix uses to keep the infrastructure secure and running. Netflix has released several other tools including Titus (container management), Conductor (microservice orchestration), Hystrix (cloud management), Vizceral (traffic management), among other efficient tools that can be used in large infrastructures. You can read Netflix's announcement blog to get more insights on the future development in Zuul 2. What software stack does Netflix use?

Facebook released a new “AI-powered rendering system”, called DeepFocus yesterday, that works with Half Dome, a special prototype headset that Facebook’s Reality Lab (FRL) team had been working on over the past three years. HalfDome is an example of a "varifocal" head-mounted display (HMD) that comprises eye-tracking camera systems, wide-field-of-view optics, and adjustable display lenses that move forward and backward to match your eye movements. This makes the VR experience a lot more comfortable, natural, and immersive. However, HalfDome needs software to work in its full potential, that is where DeepFocus comes into the picture. “Our eyes are like tiny cameras: When they focus on a given object, the parts of the scene that are at a different depth look blurry. Those blurry regions help our visual system make sense of the three-dimensional structure of the world and help us decide where to focus our eyes next. While varifocal VR headsets can deliver a crisp image anywhere the viewer looks, DeepFocus allows us to render the rest of the scene just the way it looks in the real world: naturally blurry,” mentions Marina Zannoli, a vision scientist at FRL. Facebook is also open-sourcing DeepFocus, making the system’s code and the data set used to train it available to help other VR researchers incorporate it into their work. “By making our DeepFocus source and training data available, we’ve provided a framework not just for engineers developing new VR systems, but also for vision scientists and other researchers studying long-standing perceptual questions,” say the researchers. https://www.youtube.com/watch?v=Xp6OlfJEmAo DeepFocus A research paper presented at SIGGRAPH Asia 2018 explains that DeepFocus is a unified rendering and optimization framework based on convolutional neural networks that solve a full range of computational tasks. It also helps with enabling real-time operation of accommodation-supporting HMDs. The CNN comprises “volume-preserving” interleaving layers that help it quickly figure out the high-level features within an image. For instance, the paper mentions, that it accurately synthesizes defocus blur, focal stacks, multilayer decompositions, and multiview imagery. Moreover, it makes use of only commonly available RGB-D images, that enable real-time, near-correct depictions of a retinal blur. Researchers explain that DeepFocus is  “tailored to support real-time image synthesis..and ..includes volume-preserving interleaving layers..to reduce the spatial dimensions of the input, while fully preserving image details, allowing for significantly improved runtimes”. This model is more efficient unlike the traditional AI systems used for deep learning based image analysis as DeepFocus can process the visuals while preserving the ultrasharp image resolutions that are necessary for delivering high-quality VR experience. The researchers mention that DeepFocus can also grasp complex image effects and relations that includes foreground and background defocusing. However, DeepFocus isn’t just limited to Oculus HMDs. Since DeepFocus supports high-quality image synthesis for multifocal and light-field display, it is applicable to a complete range of next-gen head-mounted display technologies. “DeepFocus may have provided the last piece of the puzzle for rendering real-time blur, but the cutting-edge research that our system will power is only just beginning”, say the researchers. For more information, check out the official Oculus Blog.  Magic Leap unveils Mica, a human-like AI in augmented reality MagicLeap acquires Computes Inc to enhance spatial computing Oculus Connect 5 2018: Day 1 highlights include Oculus Quest, Vader Immortal and more!