Tech News

Researchers Michael Schwarz, Samuel Weiser, and Daniel Gruss from Graz University of Technology  have published a research paper that demonstrates how the Intel SGX currently poses as a security threat. The SGX (Software Guard eXtensions) allows malicious code to run on a system, which cannot be identified or analyzed by an antivirus software. SGX allows programs to establish protected enclaves for code and data, where none of the programs on the system can spy on it or tamper with it. The contents of an enclave are encrypted when written to RAM and decrypted upon being read. The processor does not allow code from outside the enclave to access the enclave’s memory. Researchers have used this model to understand what happens if the code inside the enclave itself is malicious. The SGX is designed in such a way that antimalware software will not be able to detect the malware, thus making these enclaves the perfect spot for planting malicious code. The researchers used an SGX-ROP attack that depicts the above, by including the the Transactional Synchronization eXtension(TSK)-based memory disclosure primitive as part of the process. The TSK was also a part of the Meltdown attacks launched on Intel processors. How does the attack take place? According to the researchers, since code in an enclave is quite restricted, it cannot make operating system calls, open files, read data from disk, or write to disk.  All of these attacks have to be performed from outside the enclave and only the encryption operation would occur within the enclave. That being said, the enclave code has the ability to read and write anywhere in the unencrypted process memory. To work with this model the TSX was used which provides a constrained form of transactional memory where a thread can modify different memory locations and then publish those modifications in one single atomic update. The enclave makes use of this functionality and scans the memory of the host process to find the components for its ROP payload and somewhere to write that payload. It  then redirects the processor to run that payload which can mark a section of memory as being executable, for the malware to put its own set of supporting functions someplace  it can access. What's more? The critical encryption will take place inside the enclave, making it impossible to extract the encryption key or even analyze the malware to find out what algorithm it's using to encrypt the data. Another thing to note is that malware isn't constrained by the enclave and it can subvert the host application to access operating system APIs, making way for attacks such as ransomware-style encryption of a victim's files. This is what an Intel spokesperson has replied to ZDNet in an email: “Intel is aware of this research which is based upon assumptions that are outside the threat model for Intel® SGX. The value of Intel SGX is to execute code in a protected enclave; however, Intel SGX does not guarantee that the code executed in the enclave is from a trusted source. In all cases, we recommend utilizing programs, files, apps, and plugins from trusted sources. Protecting customers continues to be a critical priority for us, and we would like to thank Michael Schwarz, Samuel Weiser, and Daniel Gruss for their ongoing research and for working with Intel on coordinated vulnerability disclosure”. The research paper outlines 4 simple steps required to perform the attack: The malicious enclave scans the host application for usable ROP gadgets using the read primitive The enclave identifies writable memory caves through the write primitive and injects the arbitrary malicious payload into those caves. The enclave uses the gadgets identified in step 1 to construct a ROP chain and injects it into the application stack. The enclave returns execution to the host application. Once the application hits the ROP chain on the stack, the actual exploitation starts. The ROP chain runs with host privileges and then the attacker can issue arbitrary system calls to hack into the system. You can head over to the Research paper to know more about the methodology followed by the researchers for this attack. Linux 4.20 kernel slower than its previous stable releases, Spectre flaw to be blamed, according to Phoronix Seven new Spectre and Meltdown attacks found Intel announces 9th Gen Core CPUs with Spectre and Meltdown Hardware Protection amongst other upgrades

The upcoming major version of Bootstrap, version 5, will no longer have jQuery as a dependency and will be replaced with vanilla JavaScript. In 2017, the Bootstrap team opened a pull request with the aim to remove jQuery entirely from the Bootstrap source and it is now near completion. Under this pull request, the team has removed jQuery from 11 plugins including Util, Alert, Button, Carousel, and more. Using ‘Data’ and ‘EventHandler’ in unit tests is no longer supported. Additionally, Internet Explorer will not be compatible with this version. Despite these updates, developers will be able to use this version both with or without jQuery. Since this will be a major release, users can expect a few breaking changes. Not only just Bootstrap but many other companies have been thinking of decoupling from jQuery. For example, last year, GitHub incrementally removed jQuery from their frontend mainly because of the rapid evolution of web standards and jQuery losing its relevancy over time. This news triggered a discussion on Hacker News, and many users were happy about this development. One user commented, “I think the reason is that many of the problems jQuery was designed to solve (DOM manipulation, cross-browser compatibility issues, AJAX, cool effects) have now been implemented as standards, either in Javascript or CSS and many developers consider the 55k minified download not worth it.” Another user added, “The general argument now is that 95%+ of jQuery is now native in browsers (with arguably the remaining 5% being odd overly backward compatible quirks worth ignoring), so adding a JS dependency for them is "silly" and/or a waste of bandwidth.” Read more in detail, check out Bootstrap’s GitHub repository. jQuery File Upload plugin exploited by hackers over 8 years, reports Akamai’s SIRT researcher GitHub parts ways with JQuery, adopts Vanilla JS for its frontend Will putting limits on how much JavaScript is loaded by a website help prevent user resource abuse?

Game publisher Activision-Blizzard announced that it will lay off 8% of its staff of 9,600 employees. This announcement was made during the company’s fourth-quarter earnings call on Tuesday. A total of nearly 800 employees, that will be laid off will mostly belong to non-game development and administrative areas of the company. CEO of Activision-Blizzard Bobby Kotick said, “The move is being made in an effort at de-prioritizing initiatives that are not meeting expectations and reducing certain non-development and administrative-related costs across the business." The company is undergoing restructuring because of missed expectations for 2018 and lowered expectations for 2019. It will boost up the numbers of employees in the development team of its franchises like Call of Duty and Diablo. In a note to its staff obtained by Kotaku, Blizzard, president J. Allen Brack said, “Currently staffing levels on some teams are out of proportion with our current release slate. This means we need to scale down some areas of our organization. I’m sorry to share that we will be parting ways with some of our colleagues in the U.S. today.” The letter also promised “a comprehensive severance package”, says Kotaku. It will include continued health benefits, career coaching, and job placement assistance as well as profit-sharing bonuses for the previous year to those who are being laid off at Blizzard. In the official press release on Blizzard's website, Brack said Blizzard is dedicated to bringing their unannounced projects to life. They will focus heavily on Esports and the Overwatch League, which is their biggest esports brand. Twitterati is highly disappointed with this news and is sympathetic towards dismissed employees. https://twitter.com/jasonschreier/status/1095374774728048640 https://twitter.com/hitstreak/status/1095456359594610689 https://twitter.com/day9tv/status/1095390958584131584 Other organizations are also offering job opportunities to those in need. https://twitter.com/ScottLowe/status/1094052545297711104   https://twitter.com/MitchyD/status/1094061851804078082 Instacart changes its “tips stealing” policy after facing workers backlash Per the new GDC 2019 report, nearly 50% of game developers think game industry workers should unionize Tech Workers Coalition volunteers talk unionization and solidarity in Silicon Valley

Yesterday, many customers of the British commercial Bank, Lloyds, faced a lot of problems leaving them unable to login into their accounts on the bank’s website. According to Lloyds, it only affected Lloyd’s customers and not the group’s Halifax and Bank of Scotland brands, and has also not affected app logins. Unhappy with the glitch, the customers started complaining on social media on Sunday evening, “Is your banking app/website down for maintenance? My internet is fine but I cannot access my bank on any device.” https://twitter.com/StuartJAMJ/status/1094642514429206528 Addressing to one of the user issues on Twitter, a Lloyds Banking Group spokesperson said, “We are currently aware that some customers may be experiencing intermittent issues when trying to access their online banking service this morning.” https://twitter.com/rachel_bassy/status/1094887320476663808 https://twitter.com/AskLloydsBank/status/1094905886672384000 According to the Lloyds website, its internet banking platform was undergoing maintenance between midnight and 6 am on Sunday but a spokeswoman was unable to confirm whether there was any link to the later outage. Kevin Beaumont, a cybersecurity writer, tweeted that “the Lloyd's Bank have invalid DNSSEC setup and invalid serials. Also, Google's DNS servers (8.8.8.8 etc), widely used by people, reject the lookups as a result.” https://twitter.com/GossiTheDog/status/1094916766680137733 The bank replied to Beaumont neither confirming nor denying his views by saying, “We're aware that some of our customers are experiencing problems accessing our online services. We're working to resolve the issue as quickly as possible, and apologise for any inconvenience caused.” https://twitter.com/AskLloydsBank/status/1094918360909918209 https://twitter.com/GossiTheDog/status/1094940073773142016 The bank has been replying to other customers on Twitter and apologizing for the inconvenience. They have also assured the customers that the issue will be resolved soon. https://twitter.com/SarahLJx/status/1094886710952030208 https://twitter.com/AskLloydsBank/status/1094906298775285760 According to the latest update, Lloyds bank tweeted that “the intermittent issues some customers experienced yesterday with our Internet Banking service has been resolved.” https://twitter.com/AskLloydsBank/status/1095243108734906368 To know more about this news, visit Lloyds Bank’s Twitter thread. Wells Fargo’s online and mobile banking operations suffer a major outage Mandrill email API outage unresolved; leaving users frustrated Microsoft Cloud services’ DNS outage results in deleting several Microsoft Azure database records  

Uber released a new, open source Deep Learning toolbox called Ludwig, yesterday, to make training and testing of the deep learning models easier for non-experts. “By using Ludwig, experts and researchers can simplify the prototyping process and streamline data processing so that they can focus on developing deep learning architectures rather than data wrangling”, states the Uber team. Uber had been working on developing Ludwig for the past two years to simplify the use of Deep Learning models in projects. Uber has used the toolkit for several of its own projects such as its Customer Obsession Ticket Assistant (COTA), information extraction from driver licenses, food delivery time prediction, etc. Ludwig comes with a set of model architectures that can be combined to develop an end-to-end model for a given use case. Main highlights of Ludwig No need to write code: With Ludwig, you don’t need any coding skills in order to train a model and use it for obtaining predictions. Generality: Ludwig makes use of a new data type-based approach for the deep learning model design making the tool available for a variety of use cases. Flexibility: Ludwig offers extensive control to its users over model building and training, making it very user-friendly, especially for the beginners. Extensibility: Easy to add new model architecture and new feature data types. Understandability: There are standard visualizations offered in Ludwig to helps users understand the performance of their deep learning models and compare their predictions. Apart from being flexible and accessible, Ludwig comes with additional benefits for non-programmers including a set of command line utilities for training, testing models, and obtaining predictions. It also offers a programmatic API, allowing users to train and use a model with only a few lines of code. Moreover, Ludwig comprises other tools that help with evaluating models, comparing the performance and predictions of these models via visualizations as well as extracting model weights and activations from them. To help its users train a deep learning model, Ludwig provides a tabular file (like CSV) that contains the data and a YAML (YAML Ain't Markup Language) configuration file (specifies columns of the tabular file as input features and output target variables). The simplicity of this configuration file helps with faster prototyping and considerably brings down the hours of coding to just a few minutes. Users can also visualize their training results in Ludwig. A result directory consisting of the trained model with its hyperparameters, as well as summary statistics of the training process, are created in Ludwig. Users can further visualize these results with the help of several visualization options from the visualization tool. “We decided to open source Ludwig because we believe that it can be a useful tool for non-expert machine learning practitioners and experienced deep learning developers and researchers alike”, states the Uber team. For more information, check out the official Ludwig blog post. Uber releases AresDB, a new GPU-powered real-time Analytics Engine Uber to restart its autonomous vehicle testing, nine months after the fatal Arizona accident Uber manager warned the leadership team of the inadequacy of safety procedures in their prototype robo-taxis early March, reports The Information

On Monday, the US president signed an executive order that introduces a program named “American AI Initiative”. With this initiative, the US government joins the list of governments that have issued a broad AI strategy including China, France, Canada, and South Korea. What is the aim of this American AI Initiative? Though no specific details have been revealed, officials said a more detailed plan will be shared over the next six months. A fact sheet issued by the White House listed the following key aspects the federal agencies will be responsible for to boost the position of US in the AI industry: Providing funds, programs, and data to support AI research and commercialization. Agencies in areas such as health and transportation will be urged to share data while maintaining privacy, that could be used in AI research. Taking steps towards preparing US workers to adjust to jobs that have been automated by AI or will be automated in the future. Under this initiative, the federal agencies will need to prioritize AI when allocating their R&D projects. Federal agencies will also require to develop a set of national regulatory standards for AI, which will address the various ethical issues caused by AI. Trump in a statement said, "Continued American leadership in Artificial Intelligence is of paramount importance to maintaining the economic and national security of the United States.” Many speculate that this national AI strategy is the result of the bitter trade war between the US and China and also due to the concerns around people losing their jobs because of the advancements in AI. Lynne Parker, the Assistant Director of AI at the White House Office of Science and Technology Policy, stated, “AI has really become a transformative technology that’s changing industries, markets, and society. There are a number of actions that are needed to help us harness AI for the good of the American people.” How AI experts, tech companies, and others are reacting to this initiative? This initiative saw mixed reactions from the public, industry leaders, AI experts, and policymakers. Roger Wicker, the Senate Commerce Committee Chairman, stated, “Artificial Intelligence has great potential to benefit the American people while enhancing our nation’s security and growing our economy. Today’s executive order will ensure that the United States remains a leader in emerging technologies and scientific development.” Tech companies think that this is definitely a step forward to a comprehensive national strategy on AI. In a statement to The Hill, IBM said, “Today’s order is a critical step in the launch of America’s national AI strategy. We commend and welcome the order’s emphasis on specific priorities that IBM had recommended, such as the ethical advancement of AI, expanding 21st-century apprenticeship opportunities to build an AI-ready workforce, leveraging government data to accelerate AI development that can deliver shared prosperity, and prioritizing AI in federal research and development.” One of the Hacker News users said, “I hope it's an incredibly significant amount of money considering how important of an issue this is. Out of everything else that's going on, AI will have the greatest impact on the future.” While others think that this is just a PR by the Trump administration, “It won't mean anything unless it is backed by piles and piles money for research funds, which I highly doubt. I think this is more a PR show by trump to make it appear as if the US is countering China.” Kate Crawford, co-director of AI Now research institute, told the Science, “The White House’s latest executive order correctly highlights AI as a major priority for U.S. policymaking.” But she is concerned about the fact that the executive order is mainly focused on industry and lacks input from academia and civic leaders. Erik Brynjolfsson, Director of the MIT Center for Digital Business, said along with driving AI research and development, US policymakers must also take into account the values and how the technology is implemented. He said, “If we want Western values to thrive, we need to play a role in maintaining and even extending the technological strength we’ve long had.” Read more in detail about the American AI Initiative in the fact sheet shared by the White House. EU legislators agree to meet this week to finalize on the Copyright Directive The US to invest over $1B in quantum computing, President Trump signs a law Google slams Trump’s accusations, asserts its search engine algorithms do not favor any political ideology

Yesterday, PyPy 7.0 was announced in a blog post. It is a triple release for different Python versions. PyPy is a compliant Python interpreter which can be considered a replacement for CPython 2.7, 3.5, and 3.6. It’s faster due to the integrated tracing JIT compiler. The release supports x86 machines with common OSes, PPC64, and s390x running Linux. Since the ARM buildbots are out of service currently, binaries for ARM architecture will not be released. PyPy 7.0 includes the following interpreters. PyPy2.7 is an interpreter with support for syntax and features of Python 2.7 which will lose official support next year. PyPy3.5, supports the stable Python 3.5 PyPy3.6-alpha which is the first official PyPy release supporting 3.6 features. All of the three interpreters share a similar codebase allowing this triple release. Until packages can be distributed downstream, wheel (whl) packages are available for some common packages. GC hooks has been improved. It’s now possible to manage the GC by using a combination of gc.disable and gc.collect_step manually. The cffi module included in PyPy has been updated to version 1.12. The cppyy backend is also updated to version 1.4. For a JIT friendly experience, use the new versions to wrap your C and C++ code. PyPy 7.0 is fully compatible with the previous version. Several issues and bugs raised by the PyPy community have been addressed. PyPy3 and Windows PyPy3.5 releases are not yet up to quality to be used in production. There are open issues and the compatibility is not complete. The utf8 branch to change the internal representation of unicode to utf8 will be added in one of the future releases. Python Software foundation and JetBrains’ Python Developers Survey 2018 Python steering council election results are out for January 2019 Introducing RustPython, a Python 3 interpreter written in Rust

Yesterday, Google announced the general availability of a new API for Google Docs that will help developers to automate their tasks that users manually do in the company’s online office suite. This API lets users read and write documents programmatically so that users can integrate data from various sources. Since Google Cloud Next 2018, this API has been in developer preview and is now available to all developers. This API lets users automate processes, create documentation in bulk and generate invoices or contracts. With this API, developers can set up processes that manipulate documents. It gives the ability to insert, move, delete, merge and format text, insert inline images and work with lists. Zapier, Netflix, Mailchimp and Final Draft are some of the companies that built solutions based on the new API during the preview period. Zapier integrated the Docs API into its workflow automation tool for helping users to create offer letters based on a template. Netflix used it to build an internal tool that allows its engineers to gather data and automate its documentation workflow. This API will help the users to regularly create similar documents with changing order numbers and line items based on information from third-party systems. The API’s import/export abilities help users for using the Docs for internal content management systems. Few users are happy with this news and excited to use the API. One of the users commented on HackerNews, “That is such great work. Getting the job done with the tools already around is just such a good feeling.” Whereas, few others think that it will take some time for Google to reach where Microsoft is now. Another comment reads, “They will have a lot of catchup to do to get where Office is now. I'm frankly amazed by how good Microsoft Flow has been.” Another user commented, “Microsoft Flow is a really powerful - in terms of advanced capabilities it offers.” To know more about this news, check out Google’s official post. Apple and Google slammed by Human Rights groups for hosting Absher, a Saudi app that tracks women Youtube promises to reduce recommendations of ‘conspiracy theory’. Ex-googler explains why this is a ‘historic victory’ Google’s Adiantum, a new encryption standard for lower-end phones and other smart devices

After Facebook, Twitter and Instagram,  Microsoft’s LinkedIn is getting into the league of video live streaming service by launching ‘LinkedIn Live’, this week, as reported by TechCrunch. This feature will allow people and organizations to broadcast real-time video to selected groups or the entire LinkedIn audience. Though, it’s still not clear when will LinkedIn make it possible for everyone to create LinkedIn live videos. LinkedIn Live will be rolled out to selected U.S. users via invite-only for the initial beta phase. Eventually, LinkedIn will also post a contact form for the users who want to apply for accessing this service. The initial live content that LinkedIn hopes to broadcast would include conferences, product announcements, Q&As and other events led by mentors and influencers, earnings calls, graduation and awards ceremonies, and more. LinkedIn is partnering with several third-party developers of live broadcasting streaming services including, Wirecast, Switcher Studio, Wowza Media Systems and more for creating and posting more polished live video on LinkedIn. Microsoft’s Azure cloud media product will be handling the encoding services for LinkedIn Live. The reason behind bringing LinkedIn Live LinkedIn introduced its first native video features in 2017 and within 17 months, LinkedIn has seen a boost in traffic and revenues from videos on its platform. Pete Davies, the director of product management at LinkedIn, said, “Video is the fastest growing format on our platform right now, and the one most likely to get people talking. Live video has been a big request—not least, I’d wager, because it is such a prominent part of how video is being used on other social platforms like YouTube, Facebook, and Twitter, putting the functionality front of mind.” Other than user requests, there might be more reasons to add this feature. The reasons could possibly be engagement and revenue generation. LinkedIn has generated revenue around videos via video advertising so far. During Microsoft’s last quarterly earnings, the company reported that revenues at LinkedIn were up 29 percent, with a reference to growing its ads business specifically. In a statement to TechCrunch, LinkedIn said, “Video ads earn 30 percent more comments per impression than non-video ads and that LinkedIn members spend almost three times more time watching video ads compared to time spent with static Sponsored Content.” As content is in the priority of LinkedIn Live, there are chances that the company might explore other ways of monetizing the content beyond ads. For instance, the company could charge viewers for unique experiences like conferences or for making certain Live events. It could also charge users for broadcasting content. LinkedIn might even launch Stories feature soon Last year, the company planned to work on implementing stories feature for the platform. The company plans to start off with “Student Voices” for university students in the U.S. This would allow students to post short videos to their Campus Playlist, which includes short 30-45 seconds videos made by college students. LinkedIn is possibly moving in the direction of rich content, with live streaming videos and stories the company might see a major benefit in terms of revenue and data. These live streaming videos will create an impact on the reach of the platform and also might help the platform’s premium subscription in near future. Tech jobs dominate LinkedIn’s most promising jobs in 2019 LinkedIn used email addresses of 18M non-members to buy targeted ads on Facebook, reveals a report by DPC, Ireland Creator-Side Optimization: How LinkedIn’s new feed model helps small creators    

Switzerland’s national postal service, Swiss Post, says that it has developed a fully verifiable system that can make e-voting widely available in the country. Yesterday, Swiss Post announced that it is launching a bug bounty program, in which hackers from all over the globe can participate to conduct penetration testing on both the frontend and backend of the e-voting system. The program, called as Public Intrusion test (PIT), will be conducted between February 25 and March 24. White hat hackers can sign up on onlinevote-pit.ch to participate. The security of the e-voting system has already been pen-tested and certified under the legal framework of the Swiss Confederation. Hackers who discover vulnerabilities that can be exploited to manipulate votes--without being detected by voters and auditors--will be rewarded between $30,000 and $50,000. Server-side loopholes that give an attacker the information of who voted and what they voted will be rewarded up to $10,000. Vote corruption issues are worth $5,000 and $100 will be paid out for server configuration weaknesses. Source code vulnerabilities must be reported by the ethical hackers separately if they cannot be exploited against the test system. All-in-all, out of the total $250,000 allocated for this project by the government, $100,000 will go to the Swiss cybersecurity firm that helps run the bug bounty program, and the rest could go to the researchers who find vulnerabilities. After finding the vulnerability, participants can then go ahead and make their findings public. The bug bounty program is open to anyone and the e-voting system is only available in German, French, Italian and Romansh – there is no English version. Researchers who take part in the PIT project will also be given voting cards for testing purposes, but they will be sent electronically. You can head over to E-Voting PIT to know more about the terms of this program. EuroPython Society announces the ‘Guido van Rossum Core Developer Grant’ program to honor Python core developers Microsoft announces Azure DevOps bounty program Hyatt Hotels launches public bug bounty program with HackerOne

Yesterday, Reddit raised $300 million in new Series D funding from investors led by China’s Tencent. The company now values at $3 billion, in the lines of tech giants like Google and Facebook. Until now, Reddit has received $550 million in total funding. Other investors include Sequoia, Fidelity, Andreessen Horowitz, Quiet Capital, VY and Snoop Dogg. Reddit CEO Steve Huffman, in an interview with CNBC said, "One of the things that's been very important to us is that we can now assure advertisers that you are going to have a positive experience on Reddit and potentially even a new experience, a new way of connecting with customers." The investment makes sense because video game is one of the more popular categories at Reddit, and Tencent invests a lot in video game makers. Currently, Tencent owns 40 percent of "Fortnite" creator Epic Games. "They are investors in lots of video games companies," Huffman said. "And video games are one category that's really popular on Reddit." With this investment round, Huffman said he hopes to compete in online advertising with Facebook and Google. "When we are talking about competing for ad dollars, of course, we are talking about Facebook and Google, who take up the vast majority of ad spend." Not all is good however, as some Redditors are already protesting the funding by Tencent, considering it is Chinese, and Reddit is blocked in China, for allowing users to have a free, unedited speech. People are also speculating how China might have a chance to take over the US in the cold war. A comment on Hacker news reads, “Tencent, a Chinese firm has meaningful ownership of American youth. 12% Snap 7.5% Spotify 40% Epic Games 100% Riot Games 100% Supercell 5% Reddit. Hollywood has also been moving in this direction, with a lot of Chinese investment in the studios, and blockbusters adding special scenes with Chinese actors and locations. What does it mean for America when it's no longer the owner or creator of culture? It's historically one of our largest (and most important) exports. I'm not sure if that claim to fame is a net positive for the world, but the changing of this guard will certainly have a local impact.” Some other users expressed concerns, if this move may slowly start to repress anti-China content on Reddit. “The only issue I can see from ownership is if they start to censor the platform. I doubt they'll do any overt censoring (eg. "no talking about what happened at Tiananmen Square in 1989), but I wouldn't be surprised if they do subtle manipulation like silently deemphasizing anti-China content, or emphasizing anti-western content (eg. infighting, failure of western democracy). The latter probably would even be good for the site (in terms of engagement) as outrage drive clicks.”, reads a comment on Hacker News. Reddit posts an update to the FireEye’s report on suspected Iranian influence operation Reddit takes stands against the EU copyright directives; greets EU redditors with ‘warning box’ What the US-China tech and AI arms race means for the world – Frederick Kempe at Davos 2019.

Activist groups including Human Rights Watch and Amnesty International have spoken out against Apple and Google, for hosting a Saudi Government app, called Absher, that permits the Saudi men to control and decide where the women can travel. As per the complaints of rights groups, Absher promotes discrimination against women and is enforcing ‘gender apartheid’ in Saudi Arabia. This is why they want Apple and Google to consider ‘rehosting’ the app, reports INSIDER. “We call on these companies to assess the risk of human rights abuses and mitigate the harm that these apps may have on women. This is another example of how the Saudi Arabian government has produced tools to limit women's freedoms”, said Dana Ahmed, Saudi Arabia researcher for Amnesty International. Absher app is based on Saudi “guardian” law, according to which, every woman has a legal "guardian" to whom she remains legally dependent for many aspects of life, irrespective of her age, education level or marital status. This male guardian could be her father, uncle, husband, brother, or son, who offers his consent to a variety of basic needs of a woman such as education, clothing, work, money, travel, marriage, etc.                                                                                                                  Absher app (Google Play store) Absher comes with a set of features aimed to restrict women’s travel to specific airports and routes, making sure that in case the woman decides to flee from the country without permission, she can get instantly caught. This is because it comes with an automatic SMS feature that is sent to a woman’s ‘guardian’ for times she crosses borders or makes airport check-ins without permission. 1,000 women try to flee away from Saudi Arabia each year, and text alerts make it very difficult for these women to flee with most of them getting caught by their family members.   The SMS alerts were made compulsory in 2012, however, it received a heavy backlash by the Saudis on social media. This later led to the Saudi Government suspending the SMS alerts in 2014, however, the rights groups believe that the system is still in function. According to Amnesty International, the automated SMS alerts are “another example of how the Saudi Arabian government has produced tools to limit women's freedoms”. Men can also specify the destinations that the women are allowed to travel along with time period for the travel on Absher. Although there are other basic and harmless features in Absher that allows you to pay parking fines, or renew a driver's license, it is mostly used to keep a tight leash on Saudi women.                                                    Absher features What’s even more distressing is the fact that Absher app has been downloaded more than 1 million times on Android devices. Rothna Begum, Middle East researcher for Human Rights Watch told INSIDER, that “Apple and Google have rules against apps that facilitate threats and harassment. Apps like this one can facilitate human rights abuses, including discrimination against women." Apple and Google haven’t responded to the news yet. Public reaction to this news is largely negative with the majority of the people condemning the app and its widespread use in Saudi Arabia: https://twitter.com/Shadow0pz/status/1095030573976961024 https://twitter.com/MustacheofDeath/status/1095186423471210496 https://twitter.com/JuliaFelly/status/1094928811509104642 https://twitter.com/SanctionSaudi/status/1095016257928265729 Read the full story on INSIDER. An AI startup now wants to monitor your kids’ activities to help them grow 'securly' Babysitters now must pass Perdictim’s AI assessment to be “perfect” to get the job Twitter blocks Predictim, an online babysitter-rating service, for violating its user privacy policies; Facebook may soon follow suit

Mozilla Foundation along with other organizations, wrote an open letter to Facebook this week. The letter urges Facebook to do its part against political advertisement disinformation in 2019. Over the recent years, there have been multiple hearings and Facebook has refused to disclose proper transparency in their operations. They have made promises to EU lawmakers about controlling disinformation in political advertisements but have not really followed through. Citizens have a right to know information about the people running the advertisement campaigns. But Facebook also blocked ad transparency tools last month. The letter states that by restricting ad transparency “you [Facebook] are undermining transparency, eliminating the choice of your users to install tools that help them analyse political ads, and wielding control over good faith researchers who try to review data on the platform.” The letter further mentions that just promises and press statements are not enough, real actions need to be taken by Facebook against such advertisements that affects voter choices. They have asked Facebook to implement certain measures by April 1, 2019 in order to provide developers with sufficient time to create transparency tools before the elections. The measures are: An open Ad Archive API for advanced research of tools that analyze political ads. Clear distinguishment of political ads from content. Include sponsor identity and amount spent in all EU countries. Stop harassing good researchers who are building tools for greater transparency in Facebook advertisements They also believe that Facebook and other similar platforms can play a positive role in enabling democracy. The letter is signed by companies like All Out, OpenMedia, Wikimedia UK, and many others. You can read the letter on the Mozilla Foundation website. Is Anti-trust regulation coming to Facebook following fake news inquiry made by a global panel in the House of Commons, UK? German regulators put a halt to Facebook’s data gathering activities and ad business Facebook faces multiple data-protection investigations in Ireland

After releasing Next.js 7 in September last year, the team behind Next.js released the production-ready Next.js 8, yesterday. This release comes with a serverless mode, build-time memory usage reduction, prefetch performance improvements, security improvements, and more. Similar to previous releases, all the updates are backward compatible. The following are some of the updates Next.js 8 comes with: Serverless mode The serverless deployment comes with various benefits including more reliability, scalability, and separation of concerns by splitting an application into smaller parts. These smaller parts are also called as lambdas. To provide these benefits of serverless deployment to Next.js users, this version comes with a serverless mode in which each page in the ‘page’ directory will be treated as a lambda. It will also come with low-level APIs for implementing serverless deployment. Better build-time memory usage The Next.js team, with the Webpack team, has worked towards improving the build performance and resource utilization of Next.js and Webpack. This collaboration has resulted in up to 16 times better memory usage with no degradation in performance. This improvement ensures that memory gets released much more quickly and no processes crash under stress. Prefetch performance improvements Next.js supports prefetching pages for faster navigation. Earlier, users were required to inject a ‘script’ tag into the document ‘body’, which caused an overhead while opening pages. In Next.js 8, the ‘prefetch’ attribute uses link rel=”preload” instead of a 'script' tag. Now the prefetching start after onload to allow the browser to manage resources. In addition to removing the overhead, this version also disables prefetch on slower network connections by detecting 2G internet and navigator.connection.saveData mode. Security improvements In this version, a new ‘crossOrigin’ config option is introduced to ensure that all ‘script’ tags have the ‘cross-origin’ set. Also, with this new config option, you do not require ‘pages/_document.js’ to set up cross-origin in your application. Another security improvement includes removing the inline JavaScript. In previous versions, users were required to include script-src 'unsafe-inline' in their policy to enable Content Security Policy. This was done because Next.js was creating an inline ‘script’ tag to pass data. In this version, the inline script tag is changed to a JSON tag for safe transfer to the client. This essentially means Next.js no longer includes no inline scripts anymore. To read about other updates introduced in Next.js 8, check out its official announcement. Next.js 7, a framework for server-rendered React applications, releases with support for React context API and Webassembly 16 JavaScript frameworks developers should learn in 2019 Nuxt.js 2.0 released with a new scaffolding tool, Webpack 4 upgrade, and more!

Amazon has announced its plans of acquiring ‘Eero’, the startup that is focussed on mesh home routers.  Eero makes use of a mesh network to produce wireless routers and extenders that provide better coverage for home Wi-Fi networks and makes it easy to have fast and reliable Wi-Fi all over the house. Eero routers are designed to overcome coverage and dead zone issues encountered through traditional routers. Multiple access points are used to provide coverage to an entire home or apartment with a strong Wi-Fi signal. Amazon says that this deal will “help customers better connect smart home devices.” It will make it easier to set up Alexa-compatible gadgets if Amazon also controls the router technology. Amazon SVP Dave Limp said in a press release that “We are incredibly impressed with the Eero team and how quickly they invented a WiFi solution that makes connected devices just work. We have a shared vision that the smart home experience can get even easier, and we’re committed to continuing innovating on behalf of customers.” While the deal is good news for Amazon investors, many Eero users have expressed their disapproval of the deal. Amazon has faced criticism about how Alexa listens in people’s homes, and can be a threat to user privacy. Existing Eero users have voiced their concerns along the same lines: https://twitter.com/steveriggins/status/1095081742736605184 https://twitter.com/TimSchmitz/status/1095103321407397888 https://twitter.com/DerekWallace/status/1095088112554921984 Eero support has tried to put customers worry to rest with a tweet, saying, “Eero does not track customers’ internet activity and this policy will not change with the acquisition”. Eero is not the first router startup to be acquired by Amazon. Amazon has acquired startups like  Ring and Blink, in recent years, with a vision to launch its own in-house Alexa smart home ecosystem. Details of the deal have yet to be disclosed. Head over to Techcrunch for more insights on this news. “Amazon wants to make all the rules and weaken democracy in NYC”: Brad Lander on Amazon’s HQ2 deal Aurora, a self-driving startup, secures $530 million in funding from Amazon, Sequoia, and T. Rowe Price among others Amazon faces increasing public pressure as HQ2 plans go under the scanner in New York